Windows 2008 R2 RRAS VPN Issue

Similar Messages

• Windows 2008 R2 Failover Clustering Issue - The operation returned because the timeout period expired.

  I am trying to get a new Windows 2008 R2 cluster to work on two VMware servers (VMware ESXi 5.0.3) and am experiencing some form of timeout issue during the creation of the cluster according to the logs.
  All validation checks pass successfully, whether trying to create a single node or dual node cluster, but the same error message is seen when creating the cluster. I have tried various suggestions found but none of them have made a difference. In an effort
  to further diagnose the issue I enabled the following diagnostic logs:
   - FailoverClustering
   - FailoverClustering-Manager
   - FailoverClustering-Client
  The only useful error I can find is in the FailoverClustering-Client log which reports an error 'Couldn't resolve tcp binding to cluster' for each physical node to be part of the cluster.
  In order to further diagnose the cause of the issue, I am looking for any options for increasing logging when attempting to create the cluster. Is there a way to increase the logging to see what the actual timeout is occurring with?
  Alex.

  Sorry, I should have been more clear ...The servers I am attempting to create a cluster with are Virtual Servers running on a VMware ESXi (5.0.3). They have access to two shared disks (connected to each VM using a separate SCSI Controller from that for the
  disk used to install the OS) with Virtual SCSI Bus Sharing set within VMware.
  Each Virtual Server has two NICs configured (with static IPs) - one for internal (domain connectivity) and the other for heartbeat connectivity. The servers can ping each other via both interfaces, as expected, but only domain connectivity works via the
  internal NIC.
  I have tried creating a single node or dual node cluster and get the same error each time. When the cluster is attempting to be created I can see the new computer object is created in Active Directory (which is then deleted when the cluster creation fails)
  and I have also tried pre-creating the computer object and specifically setting permissions on it.
  When creating the cluster I have tried via the GUI and via PowerShell (both with and without the option to attach the shared storage) but always get the same type of timeout error message. I am hoping there are further debugging options that can be used
  to provide a better output as to what the timeout is occurring with.

• Windows 2008 R2 NFS setup issues...

  Hi all,
  Server is a domain controller and is the only server in it's domain.
  Windows 2008 Enterprise R2 fully updated and is a new install.
  I can only install NFS client not NFS server (only from CLI using Ocsetup, from Server Manager / Roles NFS does not install at all).
  Errors logged are:
  The Windows component "ServicesForNFS-ServerAndClient;ServerForNFS-Infrastructure;NFS-Administration;ClientForNFS-Infrastructure" could not be configured. 
  The component installer returned an error: 3017 "The requested operation failed. A system reboot is required to roll back changes made." (Command line: "Ocsetup 
  ServicesForNFS-ServerAndClient;ServerForNFS-Infrastructure;NFS-Administration;ClientForNFS-Infrastructure")
  AND:
  Update CoreFileServer of package FileServer-All failed to be turned on. Status: 0x80070bc9.
  Update ClientForNFS-Infrastructure of package NFS-Full failed to be turned on. Status: 0x80070bc9.
  Update NFS-Administration of package NFS-Full failed to be turned on. Status: 0x80070bc9.
  Update ServerForNFS-Infrastructure of package NFS-Full failed to be turned on. Status: 0x80070bc9.
  The component setup program encountered an error: 0x643. Fatal error during installation
  ... anyone had the same experience... really need NFS server installed to use User Name Mapping service!
  Thanks.

  Hi Lex,
  I will try to follow your setup steps and see if I can hit the same issue. Here is what I am going to try
  1) New Install of Windows 2008 Enterprise Edition R2
  2) Turn on automatic updating and install all updates
  3) Install AD Services and promote server to DC (new domain in new forest, functional level Windows 2003)
  4) Do you have DNS or any other selection besides this ?
  After this I will run
  Ocsetup 
  ServicesForNFS-ServerAndClient;ServerForNFS-Infrastructure;NFS-Administration;ClientForNFS-Infrastructure
  I see that you mentioned "really need NFS server installed to use User Name Mapping service!" Are you planning to run User Name Mapping Service on this machine ? User
  name mapping service is no longer shipped from Windows 2008 Server onwards.
  Thanks,
  Frank

• Windows 2008 R2 RDS Licensing Issue

  I have Citrix Presentation Server 4.5 farm (with all of the application servers running Windows 2003) and I have just migrated from using a Windows 2003 server for the terminal services licensing to a Windows 2008 R2 RDS server for the licensing. We have
  a number of thin-clients that connect to the Citrix farm and provide a kiosk for users. We have 85 per device licenses however we are only using 15 of those licenses (plans were made but never implemented to use the rest), so we have 70 available licenses.
  The licenses are configured per device and as Windows Server 2003 licenses.
  After the migration to 2008 R2, the thin-clients connected to the new licensing server without any trouble at all. As I monitored the licenses on the new server, each thin-client was given a temporary license first and then at the
  next connection they got a permanent license. All of this I have been able to confirm through the event logs on the server.
  However, what I get in the event logs of the new 2008 R2 licensing server an event with event ID 21 that says:
  The Remote Desktop license server "ServerName" does not have any remaining permanent Remote Desktop Services client access licenses (RDS CALs) of the type "Windows Server 2003 - TS Per Device CAL". As a result, the Remote Desktop license server cannot issue
  RDS CALs of the type "Windows Server 2003 - TS Per Device CAL" to the Remote Desktop Session Host server "vvv.xxx.yyy.zzz". To resolve this problem, verify that the Remote Desktop licensing mode configured on the RD Session Host server matches the type of
  RDS CALs installed on the Remote Desktop license server. If required, purchase and install additional RDS CALs as needed for this Remote Desktop license server.
  (Note I have removed the server name and IP address due to company policy.) I have confirmed that every server in my Citrix farm has its terminal services configuration set for "per device" licensing and I have also specified the name of the 2008
  R2 server rather than allow the servers to automatically find the licensing server. I have confirmed that my 2008 R2 server is configured for "per device" licensing.
  The IP addresses I have seen in the event log messages are the IP addresses of a Citrix server rather than one of the thin-clients, and so far every Citrix server we have has appeared in one of these event log messages. I have been able
  to determine that this event does not occur when a thin-client is connecting up nor does this event occur when I remotely log into the server.
  As I noted above we only have 15 thin-clients using the 85 licenses so we have 70 available licenses for the Citrix servers so why are we out of licenses? What is this message trying to tell me?
  Thanks
  Brent

  Hi Bent,
  According the Event ID 21, I think you might have the license connection issues with RDS CALs. I suggest you analyze some relative services and
  make sure your network without any misconfiguration.
  Hopefully, there is an article describes how to troubleshoot this license issue on the terminal server.
  Event ID 21 — Terminal Services Client Access License (TS CAL)
  http://technet.microsoft.com/en-US/library/A98D84AC-B824-4F00-BF58-3CFF23493BF9.aspx
  By the way, the license of Windows Server 2003 does not support to assign CAL to allow user to access the Windows Server 2008. You should buy a
  new Windows Server 2008 license to meet the requirement above if necessary.
  Hope this helps.

• Windows 2008 R2 Screen Lock Issue (GPO)

  Scenario: We will be deploying POS machines at our stores that will have Windows 2008 R2 as the preferred OS. The function of this POS machine is for POS administration and not for ringing up sales. The machines have been configured to autologin a specific
  user via GPO for POS functions. Also, a specific POS desktop environment shell has been configured to launch instead of Explorer (explorer.exe) shell environment at autologon.
  Everything seems to be working as expected except for the session of the user locking. Since the POS environment needs to be up at all times with the specific user profile, we do not want the OS to lock the user session. I've timed it and it seems to lock
  the screen (not log off) at approximately 15 minutes of inactivity, we do not want this.
  So far, these are the GPOs I have configured that have not fixed the issue:
  Computer Configuration>Policies>Windows Settings>Security Settings>Local Policies>Security Options>Microsoft Network Server: Amount of idle time required before suspending session = 99999 minutes
  Computer Configuration>Policies>Administrative Templates>System>Power Management>Sleep Settings>Allow applications to prevent automatic sleep (plugged in) = Enabled
  Computer Configuration>Policies>Administrative Templates>System>Power Management>Sleep Settings>Require a password when a computer wakes (plugged in) = Disabled
  Computer Configuration>Policies>Administrative Templates>System>Power Management>Sleep Settings>Turn off hybrid sleep (plugged in) = Enabled
  Computer Configuration>Policies>Administrative Templates>System>Power Management>Sleep Settings>Turn on the ability for applications to prevent sleep transitions (plugged in) = Enabled
  Computer Configuration>Policies>Administrative Templates>System>Power Management>Video and Display Settings>Turn off the display (plugged in) = Enabled = 99999 seconds
  User Configuration>Policies>Administrative Templates>Control Panel>Personalization>Enable screen saver = Disabled
  User Configuration>Policies>Administrative Templates>Control Panel>Personalization>Password protect the screen saver = Disabled
  User Configuration>Policies>Administrative Templates>System>Ctrl+Alt+Del Options>Remove Lock Computer = Enabled
  User Configuration>Preferences>Windows Settings>Registry>HKCU>Control Panel>Desktop>ScreenSaveActive = 0
  What are we doing wrong? How do I configure the OS to not lock the user session but keep it active at all times?
  As a side note: We have Windows 7 POS machines also that will be ringing up sales that we do not have the screen lock issue.

  Hi,
  >>Please see my setting indicated in my original post. We have Turn Off the Display set to 99999 seconds.
  I understand that we have set the Turn Off the Display for this amount of time. However, just for double check, we can go to the power plan we are using to check if the setting has been applied successfully. If the setting has been applied successfully,
  it should be grayed out. Or, we can run command gpresult/h gpreport.html
  with admin privileges to collect group policy result report to check this.
  Besides, do we use other third party software to protect our computer? We can try to clean boot the server to see if the situation persists.
  Regarding how to perform a clean boot, the following article can be referred to for more information.
  How to perform a clean boot in Windows
  http://support.microsoft.com/KB/929135
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• Windows 2008 and Tiger SMB Issues

  I've been pulling hair out all morning over this one.
  We have a new Windows 2008 server for file sharing. We are trying to connect to it via SMB on our network (with AD domain). Works great on PC, works on Leopard, does not work on Tiger.
  From connect I type “smb://xxxxxxxx” after a few minutes I get an error: “could not connect to the server because the name or password is not correct” which is odd because I haven’t entered any login credentials to begin with.
  I’ve been pouring over Google, Microsoft KB and anything else I can come across with no luck. Things I’ve tried.
  -Clearing keychain passwords for the server
  -Setting the digital signing on the server to disable (most cited fix, but no go for me)
  -Setting Sharing and Security model to “Classic – local users authenticate themselves”
  -Setting LAN Manager authentication to “Send LM & NTLM – use NTLMv2 session security if negotiated”
  -Editing the smb.conf file on the mac to no security
  -Created the nsmb.conf file on the mac with minauth=none.
  -Used Directory access on the mac to add the mac and bind it to the domain.
  -Many Many restarts of the server and clients (and running gpupdate.exe on the server)
  One thing that DOES work is a trial of ADmitmac… but this is not realistic for us if we have guest users needing to access the share.
  I’ve been able to use smb before with tiger and windows xp and windows 2003… but the mac is throwing a fit over the new windows 2008. Also, we can’t upgrade all of our machines to Leopard (which does work) because it will break Quark 6.5.

  Any relevant looking log messages if you browse in Console?
  - cfr

• F3507g mobile broadband driver - Windows 7 - and Cisco Vpn issue

  Hi All,
  After 3 days trying to install / update latest drivers on my X200/ Windows 7 / 32b, it seems now that my F3507g is now installed correctly…
  I can go the a connection over internet and ping some servers BUT when I initiate my Cisco Vpn, ( working perfectly with my Ethernet connection and my Wifi 5300 AGN ) the connection is ok but no incoming or outgoing traffic !!!
  Any idea on how to solve that issue ?

  Yes, this is a problem with the IPSEC VPN NDIS driver binding your Mobile Broadband driver. You need to read this article and it is explains why and how to work around this issue:
  http://www.customsoftwareframeworks.com/blog/fix-vpn-problems-cellular-win7
  Good luck 

• Windows 8 and IPSec VPN issues

  I have a number of customers that leverage the Cisco IPSec VPN. I can connect to the VPN without any problems but when I attempt to RDP, that fails. I have no RDP or ping or anything. Here are some more symptoms of the issues that I find odd:
  Anyconnect works just fine
  Fortinet VPN clients work fine
  Sonicwall VPN clients work fine
  Cisco IPSec VPN client is the only one affected
  Cisco IPSec VPN client worked fine for months then just decided it was no longer going to allow RDP or ping
  I have duplicated this issue on a half dozen or so laptops
  This is on a Windows 8 laptop but I believe I have also experienced this on Windows 7
  Just to clarify, the IPSec VPN does succesfully connect. But nothing else works after that. I do understand that AnyConnect is the direction that Cisco would like for people to move towards. Unfortunately, I have quite a few customers that are leveraging the IPSec VPN. I have been through a number of laptops in the last year and every single laptop had a working Cisco IPSec VPN for months....then one day it would just stop passing RDP.
  Please somebody tell me that there is a workaround for this. I have played with the IP settings for the Cisco Systems virtual adapter in my network and sharing center. I've modified the binding order. I've compared a routeprint from a working laptop to mine....I'm not sure what else to do. I've uninstalled ALL VPN software and only reinstalled the Cisco VPN. So far the ONLY fix I have found is a clean install of Windows and that solution sucks.

  Doing a little more homework on this and I noticed that the tunnel details show no bytes sent or recieved and no packets encrypted, decrypted, or discarded....everything is bypassed.  My coworker (who is on Windows 7) is able to launch this VPN and connect to the customer's servers without issues and the tunnel details show all of the appropriate data.

• 11gR2 Windows 2008 R2 node eviction issue

  Hi
  We are facing the cluster node eviction when the teamed network is down less than 5 seconds time. Is there any settings needs to be changed? Recently our network team is performing a firmware upgrade of all modules, they mentioned to us our HP blade servers and network is completely redundant. But still the node eviction happen to us, we tried with different scenarios by disabling the separate network cards. When ever we do disable and enable private teamed network even less than 2 seconds the node eviction is happening.
  After reading this CSS Timeout Computation in Oracle Clusterware [ID 294430.1] at least it should wait till 30 seconds time but it is not.
  I am attaching the log here this is node2 alert log..
  [ctssd(5264)]CRS-2409:The clock on host shadbtestrac02 is not synchronous with the mean cluster time. No action has been taken as the Cluster Time Synchronization Service is running in observer mode.
  2010-08-10 10:34:34.722
  [ctssd(5264)]CRS-2409:The clock on host shadbtestrac02 is not synchronous with the mean cluster time. No action has been taken as the Cluster Time Synchronization Service is running in observer mode.
  2010-08-10 10:35:15.485
  [cssd(5124)]CRS-1612:Network communication with node shadbtestrac01 (1) missing for 50% of timeout interval. Removal of this node from cluster in 14.743 seconds
  2010-08-10 10:35:23.331
  [cssd(5124)]CRS-1611:Network communication with node shadbtestrac01 (1) missing for 75% of timeout interval. Removal of this node from cluster in 6.896 seconds
  2010-08-10 10:35:27.387
  [cssd(5124)]CRS-1610:Network communication with node shadbtestrac01 (1) missing for 90% of timeout interval. Removal of this node from cluster in 2.840 seconds
  2010-08-10 10:35:30.242
  [cssd(5132)]CRS-1609:This node is unable to communicate with other nodes in the cluster and is going down to preserve cluster integrity; details at (:CSSNM00008:) in C:\OracleGI\11.2.0\log\shadbtestrac02\cssd\ocssd.log.
  2010-08-10 10:35:39.665
  [cssd(4724)]CRS-1608:This node was evicted by node 1, shadbtestrac01; details at (:CSSNM00005:) in C:\OracleGI\11.2.0\log\shadbtestrac02\cssd\ocssd.log.
  2010-08-10 10:35:39.665
  [cssd(4548)]CRS-1608:This node was evicted by node 1, shadbtestrac01; details at (:CSSNM00005:) in C:\OracleGI\11.2.0\log\shadbtestrac02\cssd\ocssd.log.
  2010-08-10 10:35:39.680
  [cssd(3808)]CRS-1608:This node was evicted by node 1, shadbtestrac01; details at (:CSSNM00005:) in C:\OracleGI\11.2.0\log\shadbtestrac02\cssd\ocssd.log.
  2010-08-10 10:35:39.712
  [ctssd(5268)]CRS-2402:The Cluster Time Synchronization Service aborted on host shadbtestrac02. Details at (:ctsselect_mmg5_1: in C:\OracleGI\11.2.0\log\shadbtestrac02\ctssd\octssd.log.
  2010-08-10 10:35:39.712
  [C:\OracleGI\11.2.0\bin\oraagent.exe(5984)]CRS-5822:Agent 'C:\OracleGI\11.2.0\bin\oraagent.exe_system' disconnected from server. Details at (:CRSAGF00117:) in C:\OracleGI\11.2.0\log\shadbtestrac02\agent\crsd\oraagent\oraagent.log.
  2010-08-10 10:35:39.712
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(5768)]CRS-5822:Agent 'C:\OracleGI\11.2.0\bin\orarootagent.exe_system' disconnected from server. Details at (:CRSAGF00117:) in C:\OracleGI\11.2.0\log\shadbtestrac02\agent\crsd\orarootagent\orarootagent.log.
  Node1 alert log..
  2010-08-10 09:13:28.642
  [C:\OracleGI\11.2.0\bin\oraagent.exe(5652)]CRS-5011:Check of resource "CPCSR" failed: details at "(:CLSN00007:)" in "C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log"
  2010-08-10 09:13:29.828
  [crsd(3104)]CRS-2765:Resource 'ora.cpcsr.db' has failed on server 'shadbtestrac01'.
  2010-08-10 09:13:31.700
  [crsd(3104)]CRS-2765:Resource 'ora.cpcsr.cpcsboa.dev.sha.svc' has failed on server 'shadbtestrac01'.
  2010-08-10 09:13:31.700
  [crsd(3104)]CRS-2771:Maximum restart attempts reached for resource 'ora.cpcsr.cpcsboa.dev.sha.svc'; will not restart.
  2010-08-10 09:13:44.102
  [crsd(3104)]CRS-2758:Resource 'ora.cpcsr.db' is in an unknown state.
  2010-08-10 10:35:18.777
  [cssd(4272)]CRS-1612:Network communication with node shadbtestrac02 (2) missing for 50% of timeout interval. Removal of this node from cluster in 14.697 seconds
  2010-08-10 10:35:26.437
  [cssd(4272)]CRS-1611:Network communication with node shadbtestrac02 (2) missing for 75% of timeout interval. Removal of this node from cluster in 7.037 seconds
  2010-08-10 10:35:30.493
  [cssd(4272)]CRS-1610:Network communication with node shadbtestrac02 (2) missing for 90% of timeout interval. Removal of this node from cluster in 2.981 seconds
  2010-08-10 10:35:33.488
  [cssd(4280)]CRS-1607:Node shadbtestrac02 is being evicted in cluster incarnation 173888169; details at (:CSSNM00007:) in C:\OracleGI\11.2.0\log\shadbtestrac01\cssd\ocssd.log.
  2010-08-10 10:35:40.009
  [ohasd(3320)]CRS-8011:reboot advisory message from host: shadbtestrac02, component: ag164619, with time stamp: L-2010-08-10-10:35:39.000
  [ohasd(3320)]CRS-8013:reboot advisory message text: clsnomon_status: need to reboot, unexpected failure 8 received from CSS
  2010-08-10 10:36:09.805
  [cssd(12776)]CRS-1601:CSSD Reconfiguration complete. Active nodes are shadbtestrac01 .
  2010-08-10 10:36:09.961
  [crsd(3104)]CRS-5504:Node down event reported for node 'shadbtestrac02'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'Generic'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.AHPSR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.AHPSR_AHPSBC.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.APPOHDR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.APPOITR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.APPOITR_OREMS.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CFSR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CFSR_CFS.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CFSTESTR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CFSTESTR_CFSADS.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CPCSR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.CPCSR_CPCSBOA.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTR_FAST.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTTRGR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTTRGR_FAST.TRNG.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTTSTR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.FASTTSTR_FAST.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.MAXIMOR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.MAXIMOR_MAXIMO.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.MAXIMOR_MAXIMO.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.SHAPMSR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.SHAPMSR_SHAPMS.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.TEPMSR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.TEPMSR_TEPMS.DEV.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WHAT1R'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WHAT1R_WHAT1ADS.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WHAT2R'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WHAT2R_WHAT2ADS.TEST.SHA'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WWWDBR'.
  2010-08-10 10:36:22.894
  [crsd(3104)]CRS-2773:Server 'shadbtestrac02' has been removed from pool 'ora.WWWDBR_PLC.DEV.SHA'.
  2010-08-10 10:37:48.802
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(5092)]CRS-5818:Aborted command 'check for resource: ora.shadbtestrac02.vip 1 1' for resource 'ora.shadbtestrac02.vip'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:37:49.722
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(4540)]CRS-5818:Aborted command 'check for resource: ora.net1.network shadbtestrac01 1' for resource 'ora.net1.network'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:37:49.722
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(9064)]CRS-5818:Aborted command 'check for resource: ora.shadbtestrac01.vip 1 1' for resource 'ora.shadbtestrac01.vip'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:37:49.738
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(9448)]CRS-5818:Aborted command 'check for resource: ora.scan2.vip 1 1' for resource 'ora.scan2.vip'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:37:50.284
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(10020)]CRS-5818:Aborted command 'check for resource: ora.scan1.vip 1 1' for resource 'ora.scan1.vip'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:38:06.788
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(5300)]CRS-5818:Aborted command 'check for resource: ora.scan3.vip 1 1' for resource 'ora.scan3.vip'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:41:03.721
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(5484)]CRS-5818:Aborted command 'check for resource: ora.net1.network shadbtestrac01 1' for resource 'ora.net1.network'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 10:41:57.323
  [crsd(3104)]CRS-2765:Resource 'ora.net1.network' has failed on server 'shadbtestrac01'.
  2010-08-10 14:57:31.510
  [C:\OracleGI\11.2.0\bin\oraagent.exe(5656)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 14:57:32.648
  [C:\OracleGI\11.2.0\bin\oraagent.exe(6416)]CRS-5014:Agent "C:\OracleGI\11.2.0\bin\oraagent.exe" timed out starting process "C:\OracleGI\11.2.0\bin\lsnrctl.exe" for action "check": details at "(:CLSN00009:)" in "C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log"
  2010-08-10 14:59:16.732
  [C:\OracleGI\11.2.0\bin\oraagent.exe(12912)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:00:57.289
  [C:\OracleGI\11.2.0\bin\oraagent.exe(12676)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:00:57.289
  [C:\OracleGI\11.2.0\bin\oraagent.exe(13848)]CRS-5818:Aborted command 'check for resource: ora.LISTENER_SCAN1.lsnr 1 1' for resource 'ora.LISTENER_SCAN1.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:02:55.802
  [C:\OracleGI\11.2.0\bin\oraagent.exe(12580)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:04:11.899
  [C:\OracleGI\11.2.0\bin\oraagent.exe(3588)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:05:23.207
  [C:\OracleGI\11.2.0\bin\oraagent.exe(13996)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:06:34.748
  [C:\OracleGI\11.2.0\bin\oraagent.exe(12388)]CRS-5818:Aborted command 'check for resource: ora.LISTENER.lsnr shadbtestrac01 1' for resource 'ora.LISTENER.lsnr'. Details at (:CRSAGF00113:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\oraagent\oraagent.log.
  2010-08-10 15:06:37.291
  [crsd(5112)]CRS-5831:Agent 'C:\OracleGI\11.2.0\bin\oraagent.exe' has exceeded maximum failures and has been disabled. Details at (:CRSAGF00129:) in C:\OracleGI\11.2.0\log\shadbtestrac01\crsd\crsd.log.
  2010-08-10 15:08:35.243
  [ohasd(3948)]CRS-2765:Resource 'ora.crsd' has failed on server 'shadbtestrac01'.
  2010-08-10 15:08:36.569
  [C:\OracleGI\11.2.0\bin\orarootagent.exe(5076)]CRS-5822:Agent 'C:\OracleGI\11.2.0\bin\orarootagent.exe_system' disconnected from server. Details at (:CRSAGF00117:) in C:\OracleGI\11.2.0\log\shadbtestrac01\agent\crsd\orarootagent\orarootagent.log.
  2010-08-10 15:08:53.744
  [crsd(4420)]CRS-1012:The OCR service started on node shadbtestrac01.
  2010-08-10 15:09:06.630
  [crsd(4420)]CRS-1201:CRSD started on node shadbtestrac01.
  If anyone facing similar issue. Please share your inputs.
  Thanks
  Rao

  Hi Rao,
  have you disabled Media Sense?
  http://support.microsoft.com/default.aspx?scid=kb;en-us;239924
  Because if media sense is not disabled, Windows will report a unplugged/unlinked network card. This will immediately tell the cluster that network is down. In this case, Oracle does not wait. Since the network is down a reboot is initiated (need need to wait for a heartbeat down).
  Sebastian

• Windows 2008 R2 TS VPN connection closed when another user logs in

  Hi.
  I have a W 2008 R2 Ent. server with TS
  I have VPN on the TS configured with a L2TP/Ipsec connection to connect to a customer site
  Users will remote into the server, and make a VPN connection (click on shortcut to start VPN) and access the customer's site. This has worked OK for 2 years often with several users logged into the TS via RDP.
  Recently users are encountering this problem: User A logs into the TS, makes VPN connection, accesses customer site. User B logs into the TS, user A's VPN connection is broken immediately. It seems to happen every time - not sporadic.
  Can I get some suggestions on how to troubleshoot this?
  Thanks!

  Hi,
  The error which you are facing is because of Event Id 20226 (RAS connection termination).
  Error 831 (ERROR_FAST_USER_SWITCH)
  The connection was terminated because user switch happened.
  There are multiple login sessions on the user's computer. The user switched from a login session with an active RAS connection to another session. This resulted in the termination of the connection.
  For this you can check that you can limit the connection and tried to switch back the original session and make all new connection again. Please refer “Event ID
  20226 — RAS Connection Termination” for more details.
  Hope it helps!
  Thanks.

• Windows Server 2008 R2 RRAS NAT Security Concerns

  Recently we are deploying Windows Server 2008 R2 as the NAT gateway of our private network. During the testing, we found that the RRAS was doing its job as the NAT gateway,
  however it seemed that hosts in the private network were allowed to access any listening port opened on the server side (2008 R2). In the normal scenario, the server side will have the process "wininit.exe" running and listening on the TCP port 49152.
  We confirmed that all hosts in the private network were be able to connect to TCP port 49152 opened on the server (connecting by using the NAT's public IP), which introduced lots of security concerns and made us nervous. Since the server is acting as a NAT,
  IP packets sent by hosts in the private network will be translated and forwarded as if it is generated by the NAT server itself. Thus, the windows firewall will not block the connection at all while dealing with "local" traffic, which actually is
  the traffic from the host in the private network.
  What we need is a mechanism that can block the hosts in the private network to access the TCP/UDP ports opened on the NAT server side. Since the NAT server has it IP on
  the public network assigned dynamically (DHCP), static IP filtering on the private NIC does not fit our needs (Or probably we may use some hidden but advanced filter settings?). Which policy or setting should be used in our case?

  Hi Daniel,
  I am aware of what you are suggesting. Actually I have active the windows firewall to protect the server.
  Suppose I have a network configuration as follows:
  Private Network: 192.168.149.0 / 255.255.255.0 (Private NIC on server side IP:192.168.149.1)
  --------------Windows 2008 R2 RRAS NAT--------------------
  Public Network: 10.1.0.0 / 255.255.255.0 (Public NIC on server side IP:10.1.0.100 )
  The problem is that while the windows firewall is effectively protecting my server by filtering inbound traffic from the public network, the windows firewall will not filter the traffic from
  192.168.149.0 /255.255.255.0  to  10.1.0.100 (NAT's public IP)
  The reason is that the TCP/UDP connection from the private network (192.168.149.0 / 255.255.255.0) to any other networks will be NATed. Suppose TCP connection from
  192.168.149.23:50000 -> 10.1.0.100:1023
  It will be translated by NAT and becomes
  192.168.149.23:50000 <-NAT-> 10.1.0.100:60100 -> 10.1.0.100:1023
  From the windows firewall's point of view, the connection is essentially a 'local' TCP connection and should be allowed regardless of any inbound filtering rules. So vulnerability is introduced. After some research, we are almost sure that the windows firewall
  does not filter local traffic. Also, we are not able to guarantee any firewalls on the client side to be installed, since the nature of a NAT server is to provide such network access ability to clients and should not require the client side to change its configuration.
  I do think it is a common security concern in lots of enterprise networks where Windows Servers are deployed as NAT servers. Would you mind help us address this issue and give us some advice about best-practices related?
  Thank you

• How to connect to Windows 2008 VPN server with certificate support

  Unfortunatelly if I select any Windows 2008 server compatible protocol (PPTP, L2TP) I cannot select PKI certificate, its only available for Cisco VPN. Yet my company has 1000 laptops and utilizing Windows 2008 Server for VPN (Cisco is too expensive and unnecessary because VPN is part of Windows Server). PKI certificate is required for connection security.
  Any plans to enable certificates for PPTP or L2TP in 2.1 firmware? Even better would be to add SSTP protocol with certificate support, because it takes only one standard TCP connection (https) per user (uses least possible NAT resources for heavy loaded NATed WiFi spots). Also in some public places https is the only option to connect as PPTP and L2TP are filtered.

  Hi Shahzad,
  >>how to connect sql server 2008 r2 sp2 with visual studio 2013 ultimate?
  Based on your issue, if you wan to connect the sql server 2008 r2 sp2 from VS2013 IDE. I suggest you can try the Ammar and darnold924's suggestion to check your issue.
  In addition, I suggest you can also refer the following steps to connect the sql server 2008 r2 sp2 with visual studio 2013 ultimate.
  Step1: I suggest you can go to VIEW->SQL Server Object Explorer->Right click SQL Server->Add SQL Server.
  Step2: After you connect the SQL Server 2008 r2 sp2 fine, I suggest you can go to VIEW->Server Explorer-> right click the Data Connection->Add Connection.
  And then you can create the connect string in the Add Connection dialog box.
  Hope it help you!
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Windows 2008 member server, repeating event 4625 in the security log

  Hello,
     I'm having an issue with a member server on our 2008 domain, security log is filling up with event 4625, here are the details:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          4/23/2014 2:04:42 PM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      my.member.server
  Description:
  An account failed to log on.
  Subject:
   Security ID:  NULL SID
   Account Name:  -
   Account Domain:  -
   Logon ID:  0x0
  Logon Type:   3
  Account For Which Logon Failed:
   Security ID:  NULL SID
   Account Name:  
   Account Domain:  
  Failure Information:
   Failure Reason:  Unknown user name or bad password.
   Status:   0xc000006d
   Sub Status:  0xc000006a
  Process Information:
   Caller Process ID: 0x0
   Caller Process Name: -
  Network Information:
   Workstation Name: -
   Source Network Address: 10.0.0.115
   Source Port:  51366
  Detailed Authentication Information:
   Logon Process:  Kerberos
   Authentication Package: Kerberos
   Transited Services: -
   Package Name (NTLM only): -
   Key Length:  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
      <EventID>4625</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>12544</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2014-04-23T18:04:42.197Z" />
      <EventRecordID>99893119</EventRecordID>
      <Correlation />
      <Execution ProcessID="744" ThreadID="844" />
      <Channel>Security</Channel>
      <Computer>KLINEWEB.kline.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="SubjectUserSid">S-1-0-0</Data>
      <Data Name="SubjectUserName">-</Data>
      <Data Name="SubjectDomainName">-</Data>
      <Data Name="SubjectLogonId">0x0</Data>
      <Data Name="TargetUserSid">S-1-0-0</Data>
      <Data Name="TargetUserName">
      </Data>
      <Data Name="TargetDomainName">
      </Data>
      <Data Name="Status">0xc000006d</Data>
      <Data Name="FailureReason">%%2313</Data>
      <Data Name="SubStatus">0xc000006a</Data>
      <Data Name="LogonType">3</Data>
      <Data Name="LogonProcessName">Kerberos</Data>
      <Data Name="AuthenticationPackageName">Kerberos</Data>
      <Data Name="WorkstationName">-</Data>
      <Data Name="TransmittedServices">-</Data>
      <Data Name="LmPackageName">-</Data>
      <Data Name="KeyLength">0</Data>
      <Data Name="ProcessId">0x0</Data>
      <Data Name="ProcessName">-</Data>
      <Data Name="IpAddress">10.0.0.115</Data>
      <Data Name="IpPort">51366</Data>
    </EventData>
  </Event>
  The IP address that appears in source network address all belong to VPN clients. And it looks like its only happening with 4-5 IPs, all of which are VPN clients. These clients shouldn't be connecting to anything on this server, which is why its puzzling.
  Our DC is Windows 2008 and the VPN server is another member server on the domain. I suspect the issue is at the client PCs since there are many other VPN clients connected that don't generate the event ID.
  Can anyone tell what the issue might be?
  Thanks.

  Hi Rayminette,
  There are multiple login sources that could possibly be generating the errors:
  FTP logins - check your FTP log to see if login failures are showing up at the same time.
  Logins via Basic Authentication over http or https (simple, but possibly dangerous, way to password-protect a web site).
  ASP scripts.
  This logon type 8 indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation
  I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous
  if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source
  code and thereby gain the password.
  Reference from:
  What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?
  I hope this helps.

• Can a Cisco 881 router create an L2TP/IPsec tunnel via NAT to Windows 2008?

  Hi
  Was anyone successfull in setting up an L2TP/IPsec tunnel through NAT-T against a Windows 2008/ R2 RRAS server? I am using an 881 router and the layout is someting like this:
  Client -> 881 -> NAT -> internet -> Windows 2008 RRAS
  The tunnel goes form the 881 to the Windows server (not from the client...).
  Thanks
  Roland

  Hi Federico
  Thanks for your help! Much appreciated.
  In my case this should be transparent to the client - I would like not to initiate the connection from the client.
  Does that makes sense? I am considering L2TP because Windows 2008 R2 doesn't support IPSec tunnels through NAT (2008 R2 being the responder and the Cisco router the initiator of the IPSec connection).
  Regards
  Roland

• Connect to SSTP Windows 2008 VPN

  How can we connect to a Windows 2008 Server SSTP based VPN? Is there an option in the Internet Connect builtin VPN setup or we need a third party client/tool?
  Thanks
  K.

  I am also having the same problem. All other clients can connect with the exception of my Android devices. The same devices connect immediately to our RRAS server running on Server 2003. Any info or help would be appreciated.