Packet Filters..everywhere: Which to choose and when?
Hi, When we talk "packet filters" they are not in once place. You can find them in RRAS, Demand dial interface, NPS and even Direct Access...so which one to use and when? Thanks!
Windows Server 2019 with RAS-VPN (PPTP/L2tp) blocks some IP addresses
Hello, I have a server with Windows server 2019 and the Remote Access role with the features: 'DirectAccess and VPN' and 'Routing'. The server has two NIC's, one connected to the internal network and the other one, via a router, with the WAN. The VPN…
Windows DNS weird behaviour
Having a particularly odd issue with AD DNS where the Domain Controllers are resolving NETBIOS names and appending the wrong domain name. Issue: When I perform a DNS lookup using the NETBIOS name of a server the DNS server returns an FQDN for the…
Link Forest AD (childs domains)
Hello We want to make a design, in which you are going to put a forest with several child domains (by country) and you have to connect with India (parent domain), US and UK (child domains) My question is, what type of link would be advisable, if MPLS…
Problems on client after moving DHCP/DNS to another subnet with new IP
Hello there, I am very frustrated and exhausted so please don't spit on me if I offer lack of information. But I give it a try: Last weekend we moved servers to a new created VLAN...including two DCs which run DHCP and DNS roles (OS 2019, AD scheme…
nat access
Hi, We have a single server in a datacenter with a NIC that has a single public IP and there is no nat device in front of this device, just a simple firewall that we use to allow RDP access to this server from certine IP address. We have install…
NIC Teaming requires IPv4 to be enabled ... why?
Hi When we deploy a hyper-v server we commonly manage the host OS via one network adapter and user another for the Hyper-V virtual switch connectivity. Its nice to keep things separate. To avoid the Hyper-V host being discoverable via the NIC the…
How to change directaccess default port 443 (IP-HTTPS)
I deployed Directaccess service to a Chinese company and found that their port 443 was disabled by the telecom operator ,How to change directaccess default port 443 (IP-HTTPS)
NPS server with Azure MFA Extension
Hello, I have just installed a pair of NPS Servers to be able to use as a second factor auth, using the Azure MFA extension. I believe I cannot just use the Azure MFA Extension on its own, I need to authenticate to AD as well. All of our users are…
VPN Bandwith throttling
Hi, I was wondering how to "tame" VPN bandwith- what technologies are available out there? I can see one in NPS and BAP(not sure if you can use this with VPN) and so called GP "Policy- based QoS". Any ideas? Thanks
What are the pre-requisites and minimum software/hardware requirements to install NPS on Microsoft Server ?
I am working on setting up two NPS servers in active active state, one in each DC. I couldn't find in the documentation about the minimum server requirements to setup NPS on a Windows Server or any pre-requisites. Hence, can someone please advise on…
iOS14 Apple devices cannot connect Windows Server 2016 - RRAS - L2TP VPN - encryption issue
Hello, After updating our Apple devices with new IOS14, they cannot connect to MS RRAS - L2TP VPN. Older versions works fine. Apple supports statement says. "This will need to be resolved by the server administrator. We have upgraded the…
direct access help!
hello, I had 2 dc in site 1 both 10.5.5.x, took the backupserver dc2 to site 2 (10.5.6.x) set up direct access with everything green. but when i log into dc on site 1 in the server console i am getting an error about data retrieval has failed. here is…
NIC teaming and DHCP
When using NIC teaming in Windows Server 2016/2019 there is no way of determining which member interface becomes primary at boot. Because we cannot determine this, we do not know which member's MAC address will be used by the team. This makes DHCP…
network policy via netsh on nps, constant error
hello everyone, i have been trying the last couple of days to add via script to our nps server policies with netsh nps netsh nps add np name = "TEST" state = "enable" processingorder = "44" policysource = "0"…
Client communication with remote domain controller - Best Practice?
We have several remote sites all on a single domain. Through firewall policies, clients can not communicate with clients at other locations. We do allow DC's to talk to each other. One situation I realized is happening today is Clients can sometimes not…
Netlogon Error 5783 and 5816
For a few months now I have been experiencing random slow logons and issues with timeouts connecting to other domains within ADUC. The issues have coincided with the appearence of Netlogon Errors 5783 and 5816. The problem only seems to occur with some…
Data ceneter down (PKI Infra)
Guys our data center is down as well us the root & issuing servers how do i recover/restore PKI infra
forest trust
Hi, I have got below requirement. need guidance please: 1- Create a separate new forest 2- create trust with old forest 3- old forest polices should be applied to new forest 4- New forest users should not replicate to old forest need…
RRAS VPN with different subnet
Hello, i already readed: Configure the Way RRAS Assigns IP Addresses to VPN Clients My question is now if i chose DHCP on RRAS Server, how to continue? I got my DHCP and RRAS VPN(Same subnet) on same server, but i want to add over the DHCP…