Unable to generate reports from DirectAccess
Hi, I'm trying to generate a report from DirectAccess containing all the information in the Remote Access Reporting page of the Remote Access Mgmt Console but I can't seem to find a good way of doing this. I've used Get-RemoteAccessUserActivity and…
Can i assign 127.127.0.10 IP to an eth interace
HI, As I understand 127.0.0.1 is a loopback IP which is reserved to talk to localhost. However for one of my experiments, i want to assign 127.127.x.x IP to one of the eth interfaces in the system. When i tried to assign the IP thru powershell cmdlet…
Get group assignments for the user via the specified VSA
Hello, I want to get the group assignments for the logged in user via the specified VSA in the Radius Response. Can someone help me how to configure NPS policies to achieve this ?
Always On VPN Gateway server - client IP pools and default route
Hello all, we are in the process of creating the infrastructure for Always On VPN and I have a couple of questions but I'll just detail our setup first: 3 x Windows Server 2019 Network Policy (RADIUS) servers 3 x Windows Server 2019 RRAS VPN Gateway…
NPS server renewed machine certificate, broke AlwaysOn VPN Clients. Client can no longer validate Server.
A while back, I set up Always-On VPN has been working amazingly, up until October 7th, when the NPS server renewed it's machine certificate. Because the Windows 10 VPN clients are set up to verify the server, the new id it is presenting is different, so…
AOVPN Client IP assignment through DHCP Server
Hi, We are trying to configure IP allocation to AOVPN client through DHCP Server, somehow its not working. There are 2 NIC in VPN servers. ( 1 internal NIC facing towards internal Network and 1 External facing towards internet) Enabled DHCP…
DNS across multiple forests
Hi, We've been experiencing odd DNS behaviour for years and it's time to fix it up :) Could you please advise what you would change in regards to primary & secondary DNS and DNS forwarders, as below? The current config is: Domain A (has…
AlwaysON VPN EventID 4652 - Negotiation Timed Out
I am having a number of users recieve Error 809 intermittently when using AOVPN User & Device tunnel. The problem is intermittent and seems resolve itself after some time. I cannot see an issue in my network trace other that it just does not…
Windows Server 2016 - VPN clients can't talk to server on normal IP address
Hello everyone! I have Server 2016 setup to do VPN. I used to run it as SSTP but switched over to L2TP because of security issues with Macs. Anyway up until a few weeks ago, the server would give out addresses to VPN clients via DHCP and those clients…
Remotely manage Windows domain joined machine connected to VPN
Hello, Can Windows domain joined machine connected to VPN be remotely managed (via RDP) by IT/Network administrators located at internal corporate network just like DirectAccess? Please answer specifically with reference article.
AlwaysON VPN - Event 4654 General Processing Error
I am monitoring the security logs on my AOVPN server and I am seeing numerous logs with this information. Can anyone help me understand if this is just "noise" to be ignored or is there an issue with user connection or server? Any help towards…
Windows Service account functionalities
Hello, Couple of questions related with service accounts. Q1: Can traditional service account (standard user account in Active Directory) be used in multiple computers where same/different services are deployed? Q2: Can Group Managed service…
Sites and services automatic connection
I have four sites, all that already have existing domain controllers. I'm migrating my DC's to new hardware, so I stood up another DC at each site. When I promoted the new DC's at each location, the new DC's created a connection to the old/existing DC at…
Authorized DHCP server name and IP shows as IP only
we have RSAT configured in our environment. we connect all our authorized DHCP server remotely. while connecting server i can see both the value as IP address but not hostname under name. we have both reverse and forward record updated, …
Updating Dnssuffix in AOVPN xml
Hi Team We wanted to update multiple DNS names in AOVPN profile xml file to include in DNS Suffix but could not find any reference. We are trying with below currently but its not working …
How do I determine total number of Active Directory Forests in an enterprise?
I heard that theoretically we could port scan global network for TCP 3268 i.e identifying all Global Catalog Domain Controllers(DCs). So my questions are: How Global Catalog servers is correlated with total number of Active Directory Forests in an…
Two domain controllers on same subnet
Will it cause an issue if I have two domain controllers on the same subnet? I'm wanting to migrate my current domain controllers to new hardware and I'm wondering if I can just stand up another domain controller locally and then decommission the old…
Windows Server built-in iBGP with RRAS via S2S VPN connection
Hi, Comunity and Microsoft's engineers. This is a question, related to co-working of RRAS, S2S VPN, and BGP on MS Windows Server platform. It looks as is the built-in BGP component doesn't work properly with S2S VPN. At least - I can't configure it…
How do I migrate my domain conroller to new hardware with same name and IP?
I have 4 domain controllers in my environment that all have the domain controller role and file server role. I'd like to update the hardware on these four domain controllers and would like to use the same name and IP for the new domain controllers. Is…
get-spn syntax
Hi all i have created spn entries using the below syntax. is there any syntax like get-spn to validate if i have added correct entries rather than checking from AD attribute editor of the service account setspn -s HTTPS/server01.contoso.com…