Windows 2008 DHCP

We setup a test VLAN using Windows Server 2008 as DHCP. Currently we have a Novell DHCP running on the production side. We also have Zen 7 that we use for imaging, etc. We can PXE boot just fine on the VLANs that are using the Novell DHCP. However the PXE boot will not work for the Windows 2008 Server.
We have Boot Server Host Name (IP of our imaging server) and Boot Filename (PXEClient) filled in on the Server 2008 DHCP settings. We get an IP just fine, however the PC can't see the imaging server. It gets to looking for TFTP and can't go on.
Can this be done? and if so what settings are we missing?
Thanks in advance.

Originally Posted by grimlock
jshawn wrote:
> We setup a test VLAN using Windows Server 2008 as DHCP. Currently we
> have a Novell DHCP running on the production side. We also have Zen 7
> that we use for imaging, etc. We can PXE boot just fine on the VLANs
> that are using the Novell DHCP. However the PXE boot will not work for
> the Windows 2008 Server.
>
> We have Boot Server Host Name (IP of our imaging server) and Boot
> Filename (PXEClient) filled in on the Server 2008 DHCP settings. We get
> an IP just fine, however the PC can't see the imaging server. It gets to
> looking for TFTP and can't go on.
>
> Can this be done? and if so what settings are we missing?
>
By any chance is your existing dhcp server running on the same box as
the Zen server?
No, they are running on different boxes.

Similar Messages

  • Windows 2008 DHCP Server Address Range and Exclusion Range

    Hi ,
    I have a couple of Doubts regarding DHCp windows 2008  server
    1) The DHCP server  is given a static Ip in a network series eg(192.168.1.x)  starting Ip is 192.168.1.1 to 192.168.1.254  , 
    and if the range is from 192.168.1.10 to 1.250 , 
    Should the DHCP server be not given an Ip in the DHCP range specified ?
    ie  the DHCP server static IP should not be in the 192.168.1.10-192.168.1.250 , ( I have given as 192.168.20.5)
    Even though the Exclusion range can be specified , Just want to know if this is best practice.
    2) And next setting up the range , should we give the entire network address as range ( eg 192.168.1.1 to 192.168.1.254) and set exclusion range 
    or  take a particular series  (eg 192.168.10-100) 
    Please advise
    Thanks in Advance
    Regards
    Anand M

    Your DHCP server range should update automatically to the 192.168.0.x  subnet when you change your "Local IP address" to 192.168.0.1.   Be sure to use a computer that is wired to your router when you do this.  Also, be sure to click on "Save Settings", then wait (3 to 60 seconds) for the screen to refresh.  You will likely be disconnected from the router when you do this.  Do not worry about this.  Power down the router and your computer.
    Next, wait 30 seconds, then reboot router and computer.  Your Local IP address and the DHCP server range should now have the same subnet.

  • Server 2008 DHCP is handing out the wrong DNS server.

    We have two new 2008 DC that handles, DNS, DHCP and WINS. Our DHCP scopes have been migrated to these servers. We are seeing some random issues where clients are using the new dhcp server but the old dns server information is listed for the some systems. We discover this by using network monitor on the old DC, DNS, DHCP server.  Once the client performs a ipconfig /renew, the problem is corrected. Any ideas?

    Hi BrianAuH20,
    Thank you for posting here.
    Based on your description, I understand that your Windows 2008 DHCP server hands out the wrong DNS server address.
    To troubleshoot this issue, please perform the follow steps to see whether the clients retrieve the right DNS server address.
    1.     Temporarily make the old DC, DNS, DHCP server offline.
    2.     Check the new 2008 DHCP server setting.
                          i.        In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options.
                         ii.        On the Advanced tab, verify that Default User Class is selected next to User class.
                        iii.        Select the 006 DNS Servers check box, in IP Address, under Data entry, type DNS Server IP address, and then click Add.
                        iv.        Select the 015 DNS Domain Name check box, in String value, under Data entry, type your domain's FQDN name, and then click OK.
    3.     Restart the DHCP service.
    For more information, you may refer to:
    http://technet.microsoft.com/en-us/library/ee404786(WS.10).aspx
    Hope this helps.
    Sincerely,
    Wilson Jia
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Windows 2008 R2 DHCP scope change - Netsh Exec not working

    OK, there seems to be a disconnect between Netsh documentation and how it actually works.  We are in the process of re-addressing ALL our DHCP scopes (joys of a buy-out) and using the steps outlined in numerous MS articles and Blogs etc... we should
    be able to use "Netsh dhcp server scope 192.168.1.0 dump > scope1.cfg"  then modify the cfg file with the new scope address (i.e. change all 192.168.1. to lets say 10.10.5.).  Then use netsh exec scope1.cfg (yes, the file modified) to
    create the new scope which would contain all the "stuff" the current scope has (reservations, options, etc).  
    Well, all we get is the response "The following command was not found:   |".  
    Environment is as follows:
    Account is a domain admin
    working on a RDP session on the DHCP server
    Server is Windows 2008 R2 (current functioning DHCP server)
    Using administrative CMD (elevated)
    have tried changing context into Netsh | DHCP | Server and default CMD - all "no go"
    supporting link from MS: http://technet.microsoft.com/en-us/library/cc772372(v=ws.10).aspx#BKMK_1
    There's a lot of discussions around this, but I haven't seen any response that says how to actually do it.  export/import won't work for us since we have to update the scope info.  With almost 100 scopes to update, we really need this functionality!
    (or similar method)
    Any assistance would be greatly appreciated.

    OK...  It seems the issue is with the dump file.  I actually got exec to run once with a dump file which wasn't modified.  The stupid part is it only ran one time, I could not duplicate it.   Since
    I've beat this thing to death and no one could offer any assistance (Hello MS?), I'm not wasting any more time on it.   Luckily, I was able to figure out an alternate method.  
    Looking at the dump file I realized all the lines are just a straight NetSh commands, which means all I needed to do is grab the lines and preface them with NetSh.  Like this...
    for /f "tokens=*" %a in ('type scope.cfg ^| find /i "dhcp"') do NetSh %a
    where scope.cfg is your dump file.   This runs perfect and seems to be the exact thing that exec should be doing.  I did flip the "SET STATE 1" to "0" so the scope was deactivated  (Don't forget to run it in an elevated
    prompt).
    Hope this helps someone else so they aren't spending days for nothing!

  • Address Leases not appeared in the scopes at DHCP Windows 2008 R2 ent

    Hi Friends,
    Recently couple of days ago we have migrated from DHCP Server ( Windows Server 2003 R2 32 ) to Windows Server 2008 R2 64 bit Virtual Machine.
    After migration, most of the scopes seem empty, no Address Leases appeared in the scopes even most of the reservations also not appeared from DHCP MMC but the client machines obtaining IPs and DHCP VM is working fine.
    After investigation I have found following event log errors.
    Are these event log errors related to this Issue and what will be problem. Please advise.
    ===============================================================================
    Log Name:      Application
    Source:        Microsoft-Windows-LoadPerf
    Date:          9/1/2014 10:01:28 AM
    Event ID:      3002
    Task Category: None
    Level:         Error
    Keywords:     
    User:          SYSTEM
    Computer:      SERVER-DHCP1.com
    Description:
    The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section
    contain the last valid index values.
    Event Xml:
    <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122EE297-BB47-41AE-B265-1CA8D1886D40}'/><EventID>3002</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated
    SystemTime='2014-09-01T07:01:28.858089200Z'/><EventRecordID>10800</EventRecordID><Correlation/><Execution ProcessID='3108' ThreadID='1628'/><Channel>Application</Channel><Computer>SERVER-DHCP1.Server.com.sa</Computer><Security
    UserID='S-1-5-18'/></System><UserData><EventXML xmlns:auto-ns2='http://schemas.microsoft.com/win/2004/08/events' xmlns='LoadPerf'><param1></param1><binaryDataSize>16</binaryDataSize><binaryData>000000006B1700006B170000980B0000</binaryData></EventXML></UserData></Event>
    Log Name:      System
    Source:        Service Control Manager
    Date:          9/1/2014 9:59:39 AM
    Event ID:      7023
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SERVER-DHCP1.com
    Description:
    The WMI Performance Adapter service terminated with the following error:
    %%-2147467259
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7023</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-09-01T06:59:39.967870200Z" />
        <EventRecordID>29732</EventRecordID>
        <Correlation />
        <Execution ProcessID="504" ThreadID="3080" />
        <Channel>System</Channel>
        <Computer>SERVER-DHCP1. com</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">WMI Performance Adapter</Data>
        <Data Name="param2">%%-2147467259</Data>
      </EventData>
    </Event>
    Thanks in Advanced.
    Regards,Ali

    Hi Ali,
    check this post: http://social.technet.microsoft.com/Forums/windowsserver/en-US/1b8cd762-3f95-4ff9-9d9e-75b04e067d2a/server-2008-dhcp-assigns-leases-but-never-displays-leases-in-the-gui?forum=winserverNIS
    Perform these steps from new W2K8 DHCP server:
    Open DHCP mmc
    Open Command prompt: cmd
    Type: netsh dhcp server export C:\dhcp.txt all in command prompt and press Enter
    Delete ALL scope information from within the DHCP mmc
    Type: netsh dhcp server import C:\dhcp.txt all in command prompt and press Enter
    Right-click server name within DHCP mmc and choose refresh

  • Windows 2008 R2 DHCP management pack

    i got the windows 2008 R2 DHCP management pack installed but one of my dhcp server is 2008. Will this mp monitor 2008 DHCp server? 
    one of my dhcp cluster went down and service was stopped but there was no alert .
    what is the problem?

    Different between true and false option of “Alert only if startup type is automatic " when DHCP service is stopped
    DHCP service   start up type
    “Alert only if   startup type is automatic "
    automatic
    not automatic
    Yes
    Generate Alert
    No Alert
    No
    Generate Alert
    Generate Alert
    Roger

  • DHCP Permission - Windows 2008

    Hi
    We have windows 2008 R2 DHCP server. I want to delegate the helpdesk to have access to DHCP with the below permission:
    Reservation : can delete, modify, and add
    DHCP Lease : Delete and View
    Because currenlty, I'll provide them administrator account and I'm afraid mabe they delete the scope and stop the services, and etc.... which NOT required for them
    Please advise

    Hi,
    When we install the DHCP Server service, two local groups are created: DHCP Users and DHCP Administrators. Especially, when we install DHCP Server service in a domain controller, two
    domain local groups are created: DHCP Users and DHCP Administrators.
    See,
    DHCP groups for details.
    Therefore, we can add the helpdesk users to the domain local DHCP Administrators group or the local DHCP Administrators group to give only DHCP Administrator permissions than domain or local server administrator permissions. However, I’m afraid that we cannot
    split the Administrator rights as you described.
    More information:
    More About DHCP Security Groups
    Add a user or group as a DHCP administrator at a member server
    Add a Group or User as a DHCP Administrator at a Domain Controller
    Hope this helps.
    Jeremy Wu
    TechNet Community Support

  • Windows 2008 DNS & DHCP configuration steps for 11gR2 GI install with GNS

    Hi,
    I have windows 2008 R2 server with DNS & DHCP services installed. I am planning to install 2 node RAC with GNS option.
    The problem is i could not find any document to setup the windows 2008 DNS server for the below steps.
    a. Configure GNS VIP : add a name resolution entry in a DNS for the GNS virtual IP address in the forward Lookup file.
    gns-server IN A <virtual_IP>
    where gns-server is the GNS virtual IP address given during grid installation.
    b. Configure the GNS sub-domain delegation: add an entry in the DNS to establish DNS Lookup that directs the DNS resolution of a GNS subdomain to the cluster.
    clusterdomain.example.com. NS gns-server.example.com.
    where clusterdomain.example.com is the GNS subdomain (provided during grid installation) that you
    delegate and gns-server.clustername.com resolves to GNS virtual IP address.
    I am aware that this configuration steps has to be taken care by the System administrator. Here is what he tried and the results.
    My SA was able to Configure GNS VIP in the DNS and the Nslookup works fine for this.
    When he Configures the GNS sub-domain delegation the nslookup fails when trying to resolve the SCAN name.
    Any step by step tutorial for this windows 2008 DNS & DHCP configuration for Oracle GNS setup would be highly appreciated.
    Thanks,
    Ashok Kumar.G

    Hi Guys,
    Any help on this request will be very helpful.
    Thanks,
    Ashok Kumar.G

  • IPV6 clients cannot ping each other while getting IP from DHCP server running in windows 2008

    I have two windows 7 clients and a windows 2008 server connected to a switch with static IP 172:16:5::1/64.
    DHCP server is configured with static IP 172:16:5::20/64
    when i statically assign IP to windows 7 clients like 172:16:5::21 & ::22, they can ping each other. if they get ip from DHCP server, they cannot ping each other.
    if i configure the gateway (172:16:5::1) in the clients manually, they can ping each other.
    is there any way we can make dhcp server to give gateway to the clients along with IP?

    From what I have gathered:
    IPv6 won't route because the DHCP server is setup in 'stateless' mode and the switches do not support IPv6. (
    "But if your routers are not IPv6 supported (yet), you can
    reconfigure DHCPv6 to Disable Stateless mode, and that'll issue IPv6 addresses that
    will eliminate the Ping problem." -
    http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html)
    So you must change to 'disable stateless' mode. Which the only way I can THINK to do this is to uninstall DHCP and reinstall DHCP and select 'disable stateless' during the installation (which I haven't confirmed). (In
    case, “Disable DHCPv6 stateless mode for this server” option was selected duringrole installation" -
    http://blogs.technet.com/b/teamdhcp/archive/2009/03/03/dhcpv6-understanding-of-address-configuration-in-automatic-mode-and-installation-of-dhcpv6-server.aspx)
    zz.. but my understanding of DHCP is fragmented, please take what I find with a grain of salt. I am off to reinstall DHCP :] .. fun.
    Mediocre Access 2010 | (Baby) Beginner C Sharp | OK at Active Directory (2012) | Fragmented understanding of DNS/DHCP | Laughable experience with Group Policy | Expert question asker on MSDN Forums

  • Slow transfer file speed in Windows 7 SP1, Windows 2008 R2

    We have Windows 7 SP 1 and Windows 2008 R2 in both Physical and Virtualization environment. Our network speed is 1 Gbps for Client and 10 Gbps for server infrastructure. We found this
    problem in all referred environment and here is the current situation.
    Transfer files from Windows 7 to Server 2008 (Slow < 10 MB/s)
    Transfer files from Windows 2008 to Server 7 (Slow < 10 MB/s)
    Transfer files from Windows 7 to Windows 7 (Slow < 10 MB/s)
    Transfer files from Windows 2003 to Server 7 (Normal up to 120 MB/s)
    Transfer files from Windows 2008 to Server 7 in Safe Mode with Network (Normal up to 120 MB/s)
    Copy File using 3rd software  (Normal up to 120 MB/s) but copy via windows explorer (Slow < 10 MB/s)
    We try to do some configuration but it still doesn’t work below.
    Command netsh int tcp set global
    Update NIC driver vmxnet3 (Virtualization) and Realtek (Physical)
    Disable Firewall
    Disable and Enable network card
    Apply hotfix in Kb2675785 and Kb2885974
    Apply all Update Windows using Windows update feature
    Finally we found strange solution to improve network speed which faster more than 10 times (60 - 150 Mbps) by using one of condition below
    Change UNC form using Hostname to IP Address
    Restart DHCP service
    Change some NIC hardware configuration or Check and uncheck IP V4 property in NIC configuration (No restart required)
    This is an temporary solution for No.1 but in No.2 and No.3 user need administrator right ans after computer is restarted the problem still existing. Do you have any Idea to fix this problem
    in long term? Thank you for you help.

    Hi,
    The difference should be Windows Server 2003 uses SMB 1.0 protocol:
    •SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
    •SMB 2.1 ((technically SMB2 version 2.1) – The version used in Windows 7 (or any SP) and Windows Server 2008 R2 (or any SP)
    Just for a test, disable the SMB v2 to check if it could make any difference:
    How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
    http://support.microsoft.com/kb/2696547
    If you have any feedback on our support, please click
    here
    Alex Zhao
    TechNet Community Support

  • Windows 2008 Server Configuration - Help

    Hello All,
    I am not an expert in configuring servers and I have just started to learn. Please forgive me if I am doing something funny!
    I have a router with static IP address and DHCP enabled on the router. The router had the following configuration as shown below and the clients were obtaining IP address from the router and using the internet without a problem.
    Router Configutaion:
    Basic Setting:
    IP Address : 122.165.60.160 (My Wan Static IP)
    IP Subnet Mask : 255.255.252.0
    Gateway IP: 122.165.60.1
    DNS Address:
    Primary DNS : 203.145.184.32
    Secondary DNS: 203.145.184.13
    Lan TCP/IP Setup:
    IP Address: 192.168.2.1 (Router IP)
    IP Subnet Mask: 255.255.255.0
    DHCP Enabled:
    Statring IP : 192.168.2.11 
    Ending IP: 192.168.2.100
    Now, I have installed Windows 2008 R2 Server with Active Directory, DNS and DHCP, IIS. I have created a few users and did nothing more than that in the server.
    Server IP Settings
    Server IP: 192.168.2.5
    Subnet : 255.255.255.0
    Gateway : 192.168.2.1
    DNS: 127.0.0.1
    And when I tried to join the domain i created... corp.globe.com the clients were not able to find the domain I therefore changed the following settings in the router.
    DNS Address:
    Primary DNS : 203.145.184.32
    Secondary DNS: 192.168.2.5 (Server IP)
    After this change the clients were able to join the domain and login as well. However the clients were getting the IP from the router. I am facing a lot of problems as listed below.
    1. I am not able to ping the clients using the computer name from the server.
    2. Clients cannot ping other clients or server using name. (Suppose if I try... PING SYS1 .... It looks like it is trying to ping some 92.x.x.xx IP address) even if SYS1 IP address is 192.168.2.13
    3. Clients can access Internet, but I cannot browse anything in the server.
    Please help me in the configuration, or point me to some guide which describes the same. I tried to set up and enable the DHCP server using Windows 2008 machine and I disabled it DHCP on the router, clients where able to get the IP address from Windows 2008
    server, but they were not able to use internet. Please advise.
    Thanks for your time.

    Hi,
    And you cannot ping the clients using the computer name from the server?
    Did you turn off the firewall on server and client?
    If you are having problems connecting to Active Directory and you have already successfully verified network connectivity, there might be a name resolution problem. For more and detail information, please refer to:
    http://technet.microsoft.com/en-us/library/cc961921.aspx
    Regards.
    Vivian Wang

  • Oracle 10g instalation on windows 2008 64 bit getting error

    Hi,
    I am trying to install Oracle 10g database(10204_vista_w2k8_x64_production_db) ON windows 2008 release 2 sevice pack1. i am getting following errors.
    please give me solution how to install.
    Checking operating system requirements ...
    Expected result: One of 5.0,5.1,5.2,6.0
    Actual Result: 6.1
    Check complete. The overall result of this check is: Failed <<<<
    Problem: Oracle Database 10g is not certified on the current operating system.
    Recommendation: Make sure you are installing the software on the correct platform.
    =======================================================================
    Checking service pack requirements ...
    Check complete. The overall result of this check is: Not executed <<<<
    OUI-18001: The operating system 'Windows Vista Version 6.1' is not supported.
    Recommendation: Install the recommended Service Pack.
    =======================================================================
    Checking physical memory requirements ...
    Expected result: 256MB
    Actual Result: 3956MB
    Check complete. The overall result of this check is: Passed
    =======================================================================
    Checking Network Configuration requirements ...
    Actual Result: :Native Library C:\Users\Administrator\AppData\Local\Temp\1\OraInstall2011-06-21_11-06-53AM\bin\win64\DHCPPrereq.dll already loaded in another classloader
    Check complete. The overall result of this check is: Not executed <<<<
    Recommendation: Oracle supports installations on systems with DHCP-assigned IP addresses; However, before you can do this, you must configure the Microsoft LoopBack Adapter to be the primary network adapter on the system. See the Installation Guide for more details on installing the software on systems configured with DHCP.
    =======================================================================
    Checking the length of PATH environment variable...
    Check complete. The overall result of this check is: Passed
    =======================================================================
    Validating ORACLE_BASE location (if set) ...
    Check complete. The overall result of this check is: Passed
    =======================================================================
    Checking Oracle Home path for spaces...
    Check complete. The overall result of this check is: Passed
    =======================================================================
    Checking Oracle Home path for location ...
    Check complete. The overall result of this check is: Passed
    =======================================================================
    Checking for proper system clean-up....
    Actual Result: :java.lang.UnsatisfiedLinkError:Native Library C:\Users\Administrator\AppData\Local\Temp\1\OraInstall2011-06-21_11-06-53AM\bin\win64\sidqueries.dll already loaded in another classloader
    Check complete. The overall result of this check is: Not executed <<<<
    Recommendation: You must completely remove the ASM instance by removing the ASM service from the Service Control Manager, or you must configure it properly by ensuring that the ASM service is associated with a valid Oracle Home where ASM is configured.
    =======================================================================
    Checking for Oracle Home incompatibilities ....
    Actual Result: NEW_HOME
    Check complete. The overall result of this check is: Passed
    =======================================================================

    10..2.0.4 not certified for Windows Server 2008 64bit, If you want install this software , you need to apply patch 10.2.0.5 patch
    10.2.0.4 is on certified for windows Server 2008 32bit (x86), so you can install the software without apply patch but If you want to install windows 7 , you need to apply patch.
    Read 4th steps
    http://www.oracle.com/technetwork/database/10204-winx64-vista-win2k8-082253.html

  • Not Able To Assign A Static IP Address To Windows 2008 64 bit Server

    Hello Experts,
    I've been trying to assign a static IP address to Windows 2008 R2 Server Virtual Box image. As soon as I assign static IP address to the image, either it hangs or says "Unidentified network".
    I'm 100% sure that I'm using correct IP address, Gateway, Subnet mask and DNS Server details. If I use same settings on other linux virtual box, it is able get that static ip address. The issue is only with Windows 2008 image.
    Here few more inputs that may help:
    - Windows 2008 image has "Bridge" adapter.
    - Host system is connected to corporate network via wired connection and NOT on VPN.
    - If I use "Obtain IP address automatically" setting, then it is able to get a dynamic IP address and internet is working fine.
    Questions:
    1. Has anyone seen this issue before ?
    2. Do I need to do any additional configuration on Windows 2008 server ?
    Thanks,
    GK

    Hi,
    Method 1: Uninstall and reinstall network drivers.
    Method 2: If you have any anti-virus software, disable them.
    You can also try set a static IP via neetsh commend.
     How to Use the NETSH Command to Change from Static IP Address to DHCP in Windows 2000
    http://support.microsoft.com/kb/257748
    Hope this helps.

  • Domain Controller upgrade windows 2008 r2 to windows 2012

    I currently have 3 windows 2008 r2 domain controllers. 1 physical and 2 virtual. I am looking to see what the best upgrade path would be. the physical is the primary and has dhcp and dns services
    Stonecold31666

    See this,
    http://social.technet.microsoft.com/wiki/contents/articles/16797.upgrade-to-active-directory-2012.aspx
    Regards
    Biswajit Biswas
    My
    Blogs|TechnetWiki
    Ninja
    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

  • Aironet 2702i Autonomous - Web-Authentication with Radius Window 2008

    Hi Guys,
    I have a problems with case, i have diagrams sample like then : AD(Win2008) - Radius(Win2008) - Aironet 2702i => Use methods Web-Auth for EndUser  
    This is my Configure file on Aironet 2702i
    Aironet2702i#show run
    Building configuration...
    Current configuration : 8547 bytes
    ! Last configuration change at 05:08:25 +0700 Fri Oct 31 2014 by admin
    version 15.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname Aironet2702i
    logging rate-limit console 9
    aaa new-model
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login default local
    aaa authentication login DTSGROUP group radius
    aaa authentication login webauth group radius
    aaa authentication login weblist group radius
    aaa authentication dot1x default group radius
    aaa authorization exec default local 
    aaa session-id common
    clock timezone +0700 7 0
    no ip source-route
    no ip cef 
    ip admission name webauth proxy http
    ip admission name webauth method-list authentication weblist 
    no ip domain lookup
    ip domain name dts.com.vn
    dot11 syslog
    dot11 activity-timeout unknown default 1000
    dot11 activity-timeout client default 1000
    dot11 activity-timeout repeater default 1000
    dot11 activity-timeout workgroup-bridge default 1000
    dot11 activity-timeout bridge default 1000
    dot11 vlan-name DTSGroup vlan 46
    dot11 vlan-name L6-Webauthen-test vlan 45
    dot11 vlan-name NetworkL7 vlan 43
    dot11 vlan-name SGCTT vlan 44
    dot11 ssid DTS-Group
       vlan 46
       authentication open eap DTSGROUP 
       authentication key-management wpa version 2
       mbssid guest-mode
    dot11 ssid DTS-Group-Floor7
       vlan 43
       authentication open 
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 013D03104C0414040D4D5B5E392559
    dot11 ssid L6-Webauthen-test
       vlan 45
       web-auth
       authentication open 
       dot1x eap profile DTSGROUP
       mbssid guest-mode
    dot11 ssid SaigonCTT-Public
       vlan 44
       authentication open 
       authentication key-management wpa version 2
       mbssid guest-mode
       wpa-psk ascii 7 04480A0F082E424D1D0D4B141D06421224
    dot11 arp-cache optional
    dot11 adjacent-ap age-timeout 3
    eap profile DTSGROUP
     description testwebauth-radius
     method peap
     method mschapv2
     method leap
    username TRIHM privilege 15 secret 5 $1$y1J9$3CeHRHUzbO.b6EPBmNlFZ/
    username ADMIN privilege 15 secret 5 $1$IvtF$EP6/9zsYgqthWqTyr.1FB0
    ip ssh version 2
    bridge irb
    interface Dot11Radio0
     no ip address
     encryption vlan 44 mode ciphers aes-ccm 
     encryption vlan 46 mode ciphers aes-ccm 
     encryption mode ciphers aes-ccm 
     encryption vlan 43 mode ciphers aes-ccm 
     encryption vlan 1 mode ciphers aes-ccm 
     ssid DTS-Group
     ssid DTS-Group-Floor7
     ssid L6-Webauthen-test
     ssid SaigonCTT-Public
     countermeasure tkip hold-time 0
     antenna gain 0
     stbc
     mbssid
     packet retries 128 drop-packet
     channel 2412
     station-role root
     rts threshold 2340
     rts retries 128
     ip admission webauth
    interface Dot11Radio0.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio0.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 subscriber-loop-control
     bridge-group 43 spanning-disabled
     bridge-group 43 block-unknown-source
     no bridge-group 43 source-learning
     no bridge-group 43 unicast-flooding
    interface Dot11Radio0.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 subscriber-loop-control
     bridge-group 44 spanning-disabled
     bridge-group 44 block-unknown-source
     no bridge-group 44 source-learning
     no bridge-group 44 unicast-flooding
     ip admission webauth
    interface Dot11Radio0.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 subscriber-loop-control
     bridge-group 45 spanning-disabled
     bridge-group 45 block-unknown-source
     no bridge-group 45 source-learning
     no bridge-group 45 unicast-flooding
     ip admission webauth
    interface Dot11Radio0.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 subscriber-loop-control
     bridge-group 46 spanning-disabled
     bridge-group 46 block-unknown-source
     no bridge-group 46 source-learning
     no bridge-group 46 unicast-flooding
    interface Dot11Radio1
     no ip address
     shutdown
     encryption vlan 46 mode ciphers aes-ccm 
     encryption vlan 44 mode ciphers aes-ccm 
     encryption vlan 1 mode ciphers aes-ccm 
     encryption vlan 43 mode ciphers aes-ccm 
     encryption vlan 45 mode ciphers ckip-cmic 
     ssid DTS-Group
     ssid DTS-Group-Floor7
     ssid SaigonCTT-Public
     countermeasure tkip hold-time 0
     antenna gain 0
     peakdetect
     dfs band 3 block
     stbc
     mbssid
     packet retries 128 drop-packet
     channel 5745
     station-role root
     rts threshold 2340
     rts retries 128
    interface Dot11Radio1.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 subscriber-loop-control
     bridge-group 1 spanning-disabled
     bridge-group 1 block-unknown-source
     no bridge-group 1 source-learning
     no bridge-group 1 unicast-flooding
    interface Dot11Radio1.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 subscriber-loop-control
     bridge-group 43 spanning-disabled
     bridge-group 43 block-unknown-source
     no bridge-group 43 source-learning
     no bridge-group 43 unicast-flooding
    interface Dot11Radio1.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 subscriber-loop-control
     bridge-group 44 spanning-disabled
     bridge-group 44 block-unknown-source
     no bridge-group 44 source-learning
     no bridge-group 44 unicast-flooding
     ip admission webauth
    interface Dot11Radio1.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 subscriber-loop-control
     bridge-group 45 spanning-disabled
     bridge-group 45 block-unknown-source
     no bridge-group 45 source-learning
     no bridge-group 45 unicast-flooding
     ip admission webauth
    interface Dot11Radio1.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 subscriber-loop-control
     bridge-group 46 spanning-disabled
     bridge-group 46 block-unknown-source
     no bridge-group 46 source-learning
     no bridge-group 46 unicast-flooding
    interface GigabitEthernet0
     no ip address
     duplex auto
     speed auto
     dot1x pae authenticator
     dot1x authenticator eap profile DTSGROUP
     dot1x supplicant eap profile DTSGROUP
    interface GigabitEthernet0.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface GigabitEthernet0.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 spanning-disabled
     no bridge-group 43 source-learning
    interface GigabitEthernet0.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 spanning-disabled
     no bridge-group 44 source-learning
    interface GigabitEthernet0.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 spanning-disabled
     no bridge-group 45 source-learning
    interface GigabitEthernet0.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 spanning-disabled
     no bridge-group 46 source-learning
    interface GigabitEthernet1
     no ip address
     shutdown
     duplex auto
     speed auto
    interface GigabitEthernet1.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface GigabitEthernet1.43
     encapsulation dot1Q 43
     bridge-group 43
     bridge-group 43 spanning-disabled
     no bridge-group 43 source-learning
    interface GigabitEthernet1.44
     encapsulation dot1Q 44
     bridge-group 44
     bridge-group 44 spanning-disabled
     no bridge-group 44 source-learning
    interface GigabitEthernet1.45
     encapsulation dot1Q 45
     bridge-group 45
     bridge-group 45 spanning-disabled
     no bridge-group 45 source-learning
    interface GigabitEthernet1.46
     encapsulation dot1Q 46
     bridge-group 46
     bridge-group 46 spanning-disabled
     no bridge-group 46 source-learning
    interface BVI1
     mac-address 58f3.9ce0.8038
     ip address 172.16.1.62 255.255.255.0
     ipv6 address dhcp
     ipv6 address autoconfig
     ipv6 enable
    ip forward-protocol nd
    ip http server
    ip http authentication aaa
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1 
    radius-server attribute 32 include-in-access-req format %h
    radius server 172.16.50.99
     address ipv4 172.16.50.99 auth-port 1645 acct-port 1646
     key 7 104A1D0A4B141D06421224
    bridge 1 route ip
    line con 0
     logging synchronous
    line vty 0 4
     exec-timeout 0 0
     privilege level 15
     logging synchronous
     transport input ssh
    line vty 5 15
     exec-timeout 0 0
     privilege level 15
     logging synchronous
     transport input ssh
    end
    This is My Logfile on Radius Win 2008 : 
    Network Policy Server denied access to a user.
    Contact the Network Policy Server administrator for more information.
    User:
    Security ID: S-1-5-21-858235673-3059293199-2272579369-1162
    Account Name: xxxxxxxxxxxxxxxx
    Account Domain: xxxxxxxxxxx
    Fully Qualified Account Name: xxxxxxxxxxxxxxxxxxx
    Client Machine:
    Security ID: S-1-0-0
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: -
    Calling Station Identifier: -
    NAS:
    NAS IPv4 Address: 172.16.1.62
    NAS IPv6 Address: -
    NAS Identifier: Aironet2702i
    NAS Port-Type: Async
    NAS Port: -
    RADIUS Client:
    Client Friendly Name: Aironet2702i
    Client IP Address: 172.16.1.62
    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: DTSWIRELESS
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxx
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
    So i will explain problems what i have seen:
    SSID: DTS-Group using authentication EAP with RADIUS and it working great (Authentication Type from Aironet to RADIUS is PEAP)
    SSID:L6-Webauthen-test using web-auth and i had try to compare with RADIUS but ROOT CAUSE is AUTHENTICATION TYPE from Aironet to RADIUS default is PAP. (Reason Code : 66)
    => I had trying to find how to change Authentication Type of Web-Auth on Cisco Aironet from PAP to PEAP or sometime like that for combine with RADIUS.
    Any idea or recommend for me ?
    Thanks for see my case  

    Hi Dhiresh Yadav,
    Many thanks for your reply me,
    I will explain again for clear my problems.
    At this case, i had setup complete SSID DTS-Group use authentication with security as PEAP combine Radius Server running on Window 2008.
    I had login SSID by Account create in AD =>  It's work okay with me. Done
    Problems occurs when i try to use Web-authentication on Vlan45 With SSID :
    dot11 ssid L6-Webauthen-test
       vlan 45
       web-auth
       authentication open 
       dot1x eap profile DTSGROUP
       mbssid guest-mode
    After configured on Aironet and Window Radius , i had try to login with Account create in AD by WebBrowser but it Fail ( i have see mini popup said: Authentication Fail" . So i go to Radius Server and search log on EventViewer.
    This is My Logfile on Radius Win 2008 : 
    Network Policy Server denied access to a user.
    NAS:
    NAS IPv4 Address: 172.16.1.62
    NAS IPv6 Address: -
    NAS Identifier: Aironet2702i
    NAS Port-Type: Async
    NAS Port: -
    RADIUS Client:
    Client Friendly Name: Aironet2702i
    Client IP Address: 172.16.1.62
    Authentication Details:
    Connection Request Policy Name: Use Windows authentication for all users
    Network Policy Name: DTSWIRELESS
    Authentication Provider: Windows
    Authentication Server: xxxxxxxxxxxxxx
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 66
    Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
    Im  think ROOT CAUSE is :
    PAP is the default authentication type for web-auth users on Aironet 2702i, so it can't combine with Radius Window 2008 because they just support PEAP (CHAPv1,CHAPv2....) => Please give me a tip how to change Authentication Type from PAP to PEAP for Web Authentication on Aironet

Maybe you are looking for

  • Sending an email with text Content using SMTP Adapter.

    I am trying to send an email Message with the .txt attachment using SMTP adapter. I am getting an XML input and I am mapping the input Schema to Flat File Schema. I am trying to Send this Flat File(.txt attachment) in the Email. But I am receiving it

  • Airplay is not working

    Hi, I have a macbook pro and iphone4, so I bought a Denon Ceol RCD N-7 that supports airplay. The system requires, that I upgrade the software on the receiver, which I have done. And I can confirm on the receiver, that I have installed the airplay on

  • Page break in script

    Moved to correct forum by moderator Hi all, We have a problem in script where we need to increase he main window size where it is being populated with items, when we increase the main window the footer is getting over written in main window,we need t

  • My apple mail flagged messages are not showing up in the flagged folder.

    my apple mail flagged messages not showing up in the flagged folder ?

  • Font Compatibility

    I recently noticed that documents created in Word on a PC would, when opened with my Macbook, revert to a different font. I think I previously had these fonts on my Macbook, but suddenly they're gone--is it possible that they disappeared, and is ther