Hi
We have upgraded our UAG server to sp4 and are testing Export2Tspub in our RDS 2012 farm.
This is the command and output we get when running it from an elevated PS on a RDSH 2012 server. No .tspub file is generated.
PS C:\install> .\Export2Tspub.exePlease help anyone.
-Robert
I'm planning a multisite Direct Access 2012 deployment. I do not currently have IPv6 implemented on my network, do I have to implement IPv6 between sites that will have an entry point? If not, what are the advantages for Direct Access 2012 having IPv6 implemented between the sites?
This Question is for Direct Access 2012 R2
Using the Entry Point Wizard, on the Server GPO Settings page, which option should I select and why?
- Accept the default GPO for this Remote Access server
- Type the name of the GPO that you want Remote Access to create automatically
- Click Browse to locate the GPO for this server
hello
I have installed and configured Remote Access management. My Direct access is working fine on Client machine also i have run the DA troubleshooting tool all the test got executed successfully. But the thing is that I am getting error on my DA server. When i am opening Remote Access Management Console and going on Dashboard one of the error is on Configuration status "configuration cannot be retrieved from the domain Controller". I thought of it would be resolve after some time or i have an logon problem. But this wasn't an issue. the issue is something else. Can anyone help me out. the answer will be appreciable if it will help me out.
thanks.
Hello,
We are new to UAG and trying to get a handle on things.
We have a situation where we need to "restrict" 4 subdomains which are only accessible by users who are members of their OU group in AD.
For example:
Login example:
Can this be done and if so, how would we do it?
Thanks
Hi All
I have an Direct Access 2012 R2 installation which have some problems in the initial setup.
Setup:
-Edge with two public ip's
-Non ipv6 on intranett
-NLS server on DA server
-Suport for win and win8
-Using internal CA server for alle certificates
-publicly available CRL is ok (its hosted on the DA server)
The remote clients appear in DA server console as connected with IPHTTPS, but when I run get-DAConnectionstatus I recieve Error:NameResolutionFailed
I have rerun the Step 3 wizard and saw that the IPv6 adress that was automaticly entered changed to a correct ipv4 address for the internal DNS server.
I will attach the DCA logs as well.
RED: Corporate connectivity is not working.
Microsoft DirectAccess Connectivity Assistant is not properly configured. Please contact your administrator if this problem persists.
22/6/2015 12:42:23 (UTC)
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>ipconfig /all
Windows IP-konfigurasjon
Vertsnavn . . . . . . . . . . . : PB5236
Prim‘r DNS-suffiks . . . . . . . : hipad.no
Nodetype . . . . . . . . . . . . : Hybrid
IP-ruting aktivert . . . . . . . : Nei
WINS Proxy aktivert . . . . . . . : Nei
S›keliste for DNS-suffiks . . . . : hipad.no
Tr†dl›st LAN-kort Tr†dl›s nettverkstilkobling:
Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
Fysisk adresse . . . . . . . . . : A0-88-B4-5C-CD-44
DHCP aktivert . . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert : Ja
Koblingslokal IPv6-adresse. . . . : fe80::a885:813a:4294:43a0%12(Foretrukket)
IPv4-adresse. . . . . . . . . . . : 172.20.10.10(Foretrukket)
Nettverksmaske . . . . . . . . . .: 255.255.255.240
Leieavtale inng†tt. . . . . . . . : 22. juni 2015 14:41:34
Leieavtale utl›per. . . . . . . . : 23. juni 2015 14:27:14
Standard gateway . . . . . . . . .: 172.20.10.1
DHCP-server . . . . . . . . . . . : 172.20.10.1
DHCPv6-IAID . . . . . . . . . . . : 211847348
DHCPv6 klient-DUID. . . . . . . . : 00-01-00-01-1D-10-40-86-5C-26-0A-64-55-7E
DNS-servere . . . . . . . . . . . : 172.20.10.1
NetBIOS over Tcpip. . . . . . . . : Aktivert
Ethernet-kort Lokal tilkobling:
Medietilstand . . . . . . . . . . : Medium frakoblet
Tilkoblingsspesifikt DNS-suffiks : Hipad.no
Beskrivelse . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Fysisk adresse . . . . . . . . . : 5C-26-0A-64-55-7E
DHCP aktivert . . . . . . . . . . : Ja
Automatisk konfigurasjon aktivert : Ja
Tunnelkort iphttpsinterface:
Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : iphttpsinterface
Fysisk adresse . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktivert . . . . . . . . . . : Nei
Automatisk konfigurasjon aktivert : Ja
IPv6-adresse. . . . . . . . . . . : 2002:b91a:8207:1000:e5e6:6741:62f7:9527(Foretrukket)
Midlertidig IPv6-adresse. . . . . : 2002:b91a:8207:1000:d847:3e9c:f144:57dd(Foretrukket)
Koblingslokal IPv6-adresse. . . . : fe80::e5e6:6741:62f7:9527%13(Foretrukket)
Standard gateway . . . . . . . . .:
NetBIOS over Tcpip. . . . . . . . : Deaktivert
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh int teredo show state
Teredo-parametere
---------------------------------------------
Type : disabled
Servernavn : da.domain.com (Group Policy)
Oppdateringsintervall for klient : 30 sekunder
Klientport : unspecified
Tilstand : offline
Feil : ingen
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh int httpstunnel show interfaces
Grensesnitt IPHTTPSInterface (Group Policy) Parametere
------------------------------------------------------------
Rolle : client
URL : https://da.domain.com:443/IPHTTPS
Siste feilkode : 0x0
Grensesnittstatus : IPHTTPS-grensesnitt er aktivt
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh dns show state
Tabellalternativer for navnel›sningspolicy
--------------------------------------------------------------------
Virkem†te ved sp›rringsfeil : G† alltid tilbake til LLMNR og NetBIOS
hvis navnet ikke finnes i DNS eller
hvis DNS-serverne ikke kan n†s
n†r du er p† et privat nettverk
Virkem†te for sp›rringsl›sning : L›s bare IPv6-adresser for navn
Virkem†te for nettverksplassering : La nettverks-ID bestemme n†r innstillinger
for direkte tilgang skal brukes
Maskinplassering : Utenfor firmanettverket
Innstillinger for direkte tilgang : Konfigurert og aktivert
DNSSEC-innstillinger : Ikke konfigurert
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh name show policy
Tabellinnstillinger for DNS-navnel›singspolicy
Innstillinger for nls.domain.com
----------------------------------------------------------------------
Sertifiseringsmyndighet :
DNSSEC (validering) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS-servere) :
DirectAccess (IPsec) : disabled
DirectAccess (Proxy-innstillinger) : Bruk standard nettleserinnstillinger
Innstillinger for .hipad.no
----------------------------------------------------------------------
Sertifiseringsmyndighet :
DNSSEC (validering) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS-servere) : fd2d:5548:a18f:7777::ac13:30b
DirectAccess (IPsec) : disabled
DirectAccess (Proxy-innstillinger) : Omg† proxy
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh name show effective
Effektive tabellinnstillinger for DNS-navnel›singspolicy
Innstillinger for nls.domain.com
----------------------------------------------------------------------
Sertifiseringsmyndighet :
DNSSEC (validering) : disabled
IPsec-innstillinger : disabled
DirectAccess (DNS-servere) :
DirectAccess (Proxy-innstillinger) : Bruk standard nettleserinnstillinger
Innstillinger for .hipad.no
----------------------------------------------------------------------
Sertifiseringsmyndighet :
DNSSEC (validering) : disabled
IPsec-innstillinger : disabled
DirectAccess (DNS-servere) : fd2d:5548:a18f:7777::ac13:30b
DirectAccess (Proxy-innstillinger) : Omg† proxy
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh int ipv6 show int level=verbose
Grensesnitt Loopback Pseudo-Interface 1 Parametere
----------------------------------------------
IfLuid : loopback_0
IfIndex : 1
Tilstand : connected
Metrikk : 50
Koblings-MTU : 4294967295 byte
Tid for † n† m†let : 24000 ms
Grunntid for † n† m†let : 30000 ms
Omsendingsintervall : 1000 ms
DAD-sendinger : 0
Omr†deprefikslengde : 64
Omr†de-ID : 1
Videresending : disabled
Annonsering : disabled
Nabooppdagelse : disabled
Oppdagelse av naboutilgjengelighet : disabled
Ruters›k : enabled
Administrert adressekonfigurasjon : disabled
Annen tilstandsfull konfigurasjon : disabled
Svak vert-sendinger : disabled
Svak vert-mottak : disabled
Bruk automatisk metrikk : enabled
Ignorer standardruter : disabled
Annonsert ruterlevetid : 1800 sekunder
Annonsert standardrute : disabled
Gjeldende hoppgrense : 0
Tvungne ARPND-oppv†kningsm›nstre : disabled
Retningsstyrte MAC-oppv†kningsm›nstre : disabled
Grensesnitt Tr†dl›s nettverkstilkobling Parametere
----------------------------------------------
IfLuid : wireless_0
IfIndex : 12
Tilstand : connected
Metrikk : 25
Koblings-MTU : 1500 byte
Tid for † n† m†let : 23000 ms
Grunntid for † n† m†let : 30000 ms
Omsendingsintervall : 1000 ms
DAD-sendinger : 1
Omr†deprefikslengde : 64
Omr†de-ID : 1
Videresending : disabled
Annonsering : disabled
Nabooppdagelse : enabled
Oppdagelse av naboutilgjengelighet : enabled
Ruters›k : enabled
Administrert adressekonfigurasjon : enabled
Annen tilstandsfull konfigurasjon : enabled
Svak vert-sendinger : disabled
Svak vert-mottak : disabled
Bruk automatisk metrikk : enabled
Ignorer standardruter : disabled
Annonsert ruterlevetid : 1800 sekunder
Annonsert standardrute : disabled
Gjeldende hoppgrense : 0
Tvungne ARPND-oppv†kningsm›nstre : disabled
Retningsstyrte MAC-oppv†kningsm›nstre : disabled
Grensesnitt iphttpsinterface Parametere
----------------------------------------------
IfLuid : tunnel_5
IfIndex : 13
Tilstand : connected
Metrikk : 50
Koblings-MTU : 1280 byte
Tid for † n† m†let : 22500 ms
Grunntid for † n† m†let : 30000 ms
Omsendingsintervall : 1000 ms
DAD-sendinger : 1
Omr†deprefikslengde : 64
Omr†de-ID : 1
Videresending : disabled
Annonsering : disabled
Nabooppdagelse : enabled
Oppdagelse av naboutilgjengelighet : enabled
Ruters›k : enabled
Administrert adressekonfigurasjon : disabled
Annen tilstandsfull konfigurasjon : disabled
Svak vert-sendinger : disabled
Svak vert-mottak : disabled
Bruk automatisk metrikk : enabled
Ignorer standardruter : disabled
Annonsert ruterlevetid : 1800 sekunder
Annonsert standardrute : disabled
Gjeldende hoppgrense : 0
Tvungne ARPND-oppv†kningsm›nstre : disabled
Retningsstyrte MAC-oppv†kningsm›nstre : disabled
Grensesnitt Lokal tilkobling Parametere
----------------------------------------------
IfLuid : ethernet_6
IfIndex : 11
Tilstand : disconnected
Metrikk : 5
Koblings-MTU : 1500 byte
Tid for † n† m†let : 33000 ms
Grunntid for † n† m†let : 30000 ms
Omsendingsintervall : 1000 ms
DAD-sendinger : 1
Omr†deprefikslengde : 64
Omr†de-ID : 1
Videresending : disabled
Annonsering : disabled
Nabooppdagelse : enabled
Oppdagelse av naboutilgjengelighet : enabled
Ruters›k : enabled
Administrert adressekonfigurasjon : enabled
Annen tilstandsfull konfigurasjon : enabled
Svak vert-sendinger : disabled
Svak vert-mottak : disabled
Bruk automatisk metrikk : enabled
Ignorer standardruter : disabled
Annonsert ruterlevetid : 1800 sekunder
Annonsert standardrute : disabled
Gjeldende hoppgrense : 0
Tvungne ARPND-oppv†kningsm›nstre : disabled
Retningsstyrte MAC-oppv†kningsm›nstre : disabled
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh advf show currentprofile
Privat profil Innstillinger:
----------------------------------------------------------------------
Tilstand P
Brannmurpolicy BlockInbound,AllowOutbound
LocalFirewallRules I/T (bare GPO-lagre)
LocalConSecRules I/T (bare GPO-lagre)
InboundUserNotification Aktiver
RemoteManagement Deaktiver
UnicastResponseToMulticast Aktiver
Logging:
LogAllowedConnections Deaktiver
LogDroppedConnections Deaktiver
FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize 4096
OK.
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>netsh advfirewall monitor show consec
Global Innstillinger:
----------------------------------------------------------------------
IPsec:
StrongCRLCheck 0:Deaktivert
SAIdleTimeMin 5min
DefaultExemptions ICMP
IPsecThroughNAT Aldri
AuthzUserGrp Ingen
AuthzComputerGrp Ingen
StatefulFTP Aktiver
StatefulPPTP Aktiver
Hovedmodus:
KeyLifetime 480min,0sess
SecMethods DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1
ForceDH No
Kategorier:
BootTimeRuleCategory Windows-brannmur
FirewallRuleCategory Windows-brannmur
StealthRuleCategory Windows-brannmur
ConSecRuleRuleCategory Windows-brannmur
Hurtigmodus:
QuickModeSecMethods ESP:SHA1-Ingen+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb
QuickModePFS None
Sikkerhetstilordninger:
Hovedmodus SA ved 06/22/2015 14:42:24
----------------------------------------------------------------------
Lokal IP-adresse: 2002:b91a:8207:1000:d847:3e9c:f144:57dd
Ekstern IP-adresse: 2002:b91a:8208::b91a:8208
Auth1: ComputerCert
Auth2: UserNTLM
MM-tilbud: Ingen-AES128-SHA256
Informasjonskapselpar: 8ba81fbcc6aecb99:3e482c009ff50fc1
Helsesertifikat: Nei
Hurtigmodus SA ved 06/22/2015 14:42:24
----------------------------------------------------------------------
Lokal IP-adresse: 2002:b91a:8207:1000:d847:3e9c:f144:57dd
Ekstern IP-adresse: 2002:b91a:8208::b91a:8208
Lokal port: Hvilken som helst
Ekstern port: Hvilken som helst
Protokoll: Hvilken som helst
Retning: Begge
QM-tilbud: ESP:SHA1-AES192+60min+100000kb
PFS: Ingen
IPSec-statistikk
----------------
Aktive tilknytninger : 1
Avlast sikkerhetstilknytninger : 0
Ventende n›kkelop. : 0
N›kler lagt til : 9
N›kler slettet : 18
Omn›klinger : 0
Aktive tunneler : 1
Skadete SPI-pakker : 0
Pakker ikke dekryptert : 0
Pakker ikke godkjent : 0
Pakker med repetisjonsregistrering: 0
Sendte konfidensialitetsbyte: 20,384
Mottatte konfidensialitetsbyte : 46,248
Sendte godkjenningsbyte : 24,920
Mottatte godkjenningsbyte : 46,248
Overf›ringsbyte sendt : 0
Overf›ringsbyte mottatt : 0
Byte sendt i tunneler : 24,920
Byte mottatt i tunneler : 46,248
Avlastede byte sendt : 0
Avlastede byte mottatt : 0
OK.
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>Certutil -store my
my
================ Sertifikat 0 ================
Serienummer: 6c88b34e00000000741d
Utsteder: CN=Hipad Issuing Certification Authority, DC=hipad, DC=no
Ikke før: 22.06.2015 11:42
Ikke etter: 09.11.2016 14:22
Emne: TOM (DNS-navn=pb5236.hipad.no)
Ikke rotsertifikat
Mal: 1.3.6.1.4.1.311.21.8.13759381.10694260.3229619.8823333.5769967.38.14779166.12251370
Sertifikatnummer(sha1): 34 0b b9 03 4a bd ff 39 be 7c 2f fb ce d6 08 fe 04 de b1 ae
Nøkkelbeholder = cbb8cae85203e88ac2d0f8790008898b_f60ebb01-f4bf-4460-adf9-a78f090afffc
Enkelt beholdernavn: le-WirelessWindowsWorkstationAuthentication-3676b618-7d39-44ff-9a69-010b5e5bec3d
Leverandør = Microsoft RSA SChannel Cryptographic Provider
Privatnøkkel kan IKKE eksporteres
Krypteringstest godkjent
CertUtil: -store-kommandoen er utført.
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>Systeminfo
Vertsnavn: PB5236
OS-navn: Microsoft Windows 7 Enterprise
OS-versjon: 6.1.7601 Service Pack 1 Build 7601
OS-produsent: Microsoft Corporation
OS-konfigurasjon: Medlemsarbeidsstasjon
OS-buildtype: Multiprocessor Free
Registrert eier: Contoso
Registrert organisasjon: Contoso
Produkt-ID: 00392-918-5000002-85782
Opprinnelig installasjonsdato: 15.06.2015, 10:32:21
Oppstartstid for datamaskinen: 22.06.2015, 12:10:37
Systemprodusent: Dell Inc.
Systemmodell: Latitude E6420
Systemtype: x64-based PC
Prosessor(er): 1 prosessor(er) installert.
[01]: Intel64 Family 6 Model 42 Stepping 7 GenuineIntel ~2501 Mhz
BIOS-versjon: Dell Inc. A05, 24.05.2011
Windows-mappe: C:\Windows
Systemmappe: C:\Windows\system32
Oppstartsenhet: \Device\HarddiskVolume1
Nasjonal innstilling: no;Norsk (bokm†l)
Inndataspr†k: no;Norsk (bokm†l)
Tidssone: (UTC+01:00) Amsterdam, Berlin, Bern, Oslo, Roma, Wien
Totalt fysisk minne: 8ÿ073 MB
Tilgjengelig fysisk minne: 6ÿ767 MB
Virtuelt minne: Maksimal st›rrelse: 16ÿ144 MB
Virtuelt minne: Tilgjengelig: 14ÿ247 MB
Virtuelt minne: I bruk: 1ÿ897 MB
Plassering(er) av sidevekslingsfil: C:\pagefile.sys
Domene: hipad.no
P†loggingsserver: I/T
Hurtigreparasjon(er): 252 hurtigreparasjon(er) installert.
[01]: KB2849697
[02]: KB2849697
[03]: KB2849696
[04]: KB2849696
[05]: KB2841134
[06]: KB2841134
[07]: KB2670838
[08]: KB2592687
[09]: KB971033
[10]: KB2425227
[11]: KB2479943
[12]: KB2484033
[13]: KB2488113
[14]: KB2491683
[15]: KB2492386
[16]: KB2505438
[17]: KB2506014
[18]: KB2506212
[19]: KB2506928
[20]: KB2507618
[21]: KB2509553
[22]: KB2511250
[23]: KB2511455
[24]: KB2515325
[25]: KB2522422
[26]: KB2529073
[27]: KB2532531
[28]: KB2533552
[29]: KB2534111
[30]: KB2536275
[31]: KB2536276
[32]: KB2541014
[33]: KB2544893
[34]: KB2545698
[35]: KB2547666
[36]: KB2552343
[37]: KB2560656
[38]: KB2563227
[39]: KB2564958
[40]: KB2567680
[41]: KB2570947
[42]: KB2574819
[43]: KB2579686
[44]: KB2584146
[45]: KB2585542
[46]: KB2603229
[47]: KB2604115
[48]: KB2618451
[49]: KB2619339
[50]: KB2620704
[51]: KB2620712
[52]: KB2621440
[53]: KB2631813
[54]: KB2633952
[55]: KB2640148
[56]: KB2644615
[57]: KB2645640
[58]: KB2647753
[59]: KB2653956
[60]: KB2654428
[61]: KB2655992
[62]: KB2656356
[63]: KB2656373
[64]: KB2656411
[65]: KB2658846
[66]: KB2659262
[67]: KB2660075
[68]: KB2660649
[69]: KB2667402
[70]: KB2676562
[71]: KB2677070
[72]: KB2679255
[73]: KB2685811
[74]: KB2685813
[75]: KB2685939
[76]: KB2686831
[77]: KB2688338
[78]: KB2690533
[79]: KB2691442
[80]: KB2698365
[81]: KB2699779
[82]: KB2705219
[83]: KB2706045
[84]: KB2709630
[85]: KB2709715
[86]: KB2709981
[87]: KB2712808
[88]: KB2718704
[89]: KB2719857
[90]: KB2719985
[91]: KB2726535
[92]: KB2727528
[93]: KB2729094
[94]: KB2729452
[95]: KB2731771
[96]: KB2731847
[97]: KB2732059
[98]: KB2732487
[99]: KB2732500
[100]: KB2735855
[101]: KB2736233
[102]: KB2736422
[103]: KB2741355
[104]: KB2742599
[105]: KB2743555
[106]: KB2744842
[107]: KB2750841
[108]: KB2758857
[109]: KB2761217
[110]: KB2763523
[111]: KB2770660
[112]: KB2773072
[113]: KB2785220
[114]: KB2786081
[115]: KB2789645
[116]: KB2791765
[117]: KB2798162
[118]: KB2799926
[119]: KB2800095
[120]: KB2803821
[121]: KB2807986
[122]: KB2808679
[123]: KB2813347
[124]: KB2813430
[125]: KB2820331
[126]: KB2832414
[127]: KB2834140
[128]: KB2836942
[129]: KB2836943
[130]: KB2839894
[131]: KB2840149
[132]: KB2840631
[133]: KB2843630
[134]: KB2846960
[135]: KB2847077
[136]: KB2847311
[137]: KB2847927
[138]: KB2852386
[139]: KB2853952
[140]: KB2855844
[141]: KB2861191
[142]: KB2861698
[143]: KB2861855
[144]: KB2862152
[145]: KB2862330
[146]: KB2862335
[147]: KB2862966
[148]: KB2862973
[149]: KB2864058
[150]: KB2864202
[151]: KB2868038
[152]: KB2868116
[153]: KB2868626
[154]: KB2871997
[155]: KB2872339
[156]: KB2882822
[157]: KB2884256
[158]: KB2887069
[159]: KB2888049
[160]: KB2891804
[161]: KB2892074
[162]: KB2893294
[163]: KB2893519
[164]: KB2894844
[165]: KB2900986
[166]: KB2908783
[167]: KB2911501
[168]: KB2912390
[169]: KB2913152
[170]: KB2918077
[171]: KB2918614
[172]: KB2919469
[173]: KB2922229
[174]: KB2926765
[175]: KB2928562
[176]: KB2929437
[177]: KB2929733
[178]: KB2929755
[179]: KB2931356
[180]: KB2937610
[181]: KB2939576
[182]: KB2943357
[183]: KB2952664
[184]: KB2957189
[185]: KB2957503
[186]: KB2957509
[187]: KB2961072
[188]: KB2965788
[189]: KB2966583
[190]: KB2968294
[191]: KB2971850
[192]: KB2972100
[193]: KB2972211
[194]: KB2972280
[195]: KB2973112
[196]: KB2973201
[197]: KB2973337
[198]: KB2973351
[199]: KB2976627
[200]: KB2976897
[201]: KB2977629
[202]: KB2977728
[203]: KB2978092
[204]: KB2978120
[205]: KB2978668
[206]: KB2978742
[207]: KB2979570
[208]: KB2980245
[209]: KB2981580
[210]: KB2982378
[211]: KB2984972
[212]: KB2985461
[213]: KB2991963
[214]: KB2992611
[215]: KB2993651
[216]: KB3000483
[217]: KB3003743
[218]: KB3004361
[219]: KB3004375
[220]: KB3005607
[221]: KB3006226
[222]: KB3010788
[223]: KB3023215
[224]: KB3030377
[225]: KB3032323
[226]: KB3032655
[227]: KB3033889
[228]: KB3033890
[229]: KB3035126
[230]: KB3035132
[231]: KB3036493
[232]: KB3037574
[233]: KB3039066
[234]: KB3042553
[235]: KB3045171
[236]: KB3045685
[237]: KB3045999
[238]: KB3046002
[239]: KB3046269
[240]: KB3046306
[241]: KB3046482
[242]: KB3048070
[243]: KB3055642
[244]: KB3057839
[245]: KB3
Nettverkskort: 2 nettverkskort installert.
[01]: Intel(R) 82579LM Gigabit Network Connection
Navn p† tilkobling: Lokal tilkobling
Status: Media frakoblet
[02]: Intel(R) Centrino(R) Advanced-N 6205
Navn p† tilkobling: Tr†dl›s nettverkstilkobling
DHCP aktivert: Ja
DHCP-server: 172.20.10.1
IP-adresse(r)
[01]: 172.20.10.10
[02]: fe80::a885:813a:4294:43a0
C:\Windows\system32\LogSpace\{B99EDDED-02ED-4E74-8DCC-C02A0A688643}>whoami /groups
GRUPPEINFORMASJON
-----------------
Gruppenavn Type SID Attributter
============================================ =============== ============ ===========================================================
BUILTIN\Administratorer Alias S-1-5-32-544 Aktivert som standard, Aktivert gruppe, Gruppeeier
Alle Velkjent gruppe S-1-1-0 Obligatorisk gruppe, Aktivert som standard, Aktivert gruppe
NT-MYNDIGHET\Godkjente brukere Velkjent gruppe S-1-5-11 Obligatorisk gruppe, Aktivert som standard, Aktivert gruppe
Obligatorisk etikett\Obligatorisk systemniv† Etikett S-1-16-16384 Andre
I just purchased a new laptop to work from remotely using my company's remote access.
The laptop has Windows 8 and IE 11.
I go to the companies remote access portal domain and the installation begins automatically. I am promoted to confirm I wish to install the addon for MS UAG which I confirm and then the installation continues.
Then, all of a sudden and error message appears 'UAG Client Components failed to install'.
I have been trying for hours to get round this but have not succeeded. I have tried calling MS and have not got anywhere.
Can anyone help please.
Thanks,
Samuel Holmes
I am hoping someone could be of assistance.
Background:
We are currently attempting to deploy DirectAccess in our environment, which is configured with a single server, single site and successfully servicing Windows 8.1 Clients.
I now attempt to activate the use of Computer Certificates for Windows 7 Client connectivity using our internal CA to issue certificates. This whole solution has been tested in an isolated test environment prior to Live implementation.
When selecting the Root Certificate and applying the configuration change, I get the following error and the Wizard rolls back the changes:Element not found. (see picture)
This has led me to various forums, recommending to add Cifs/domain & Cifs/FQDN to the DC or to either disable the external NIC prior to applying the config, then enabling it shortly after. Neither of these actually helps.
Any advice would be greatly appreciated.
I am getting the error "Configuration for server cannot be retrieved from the domain controller" in the Operations status in the DirectAccess dashboard. I have verified that the GPO's have been created in Active Directory successfully. I did gpupdate from the Domain controller but still the issue persists.
Running the command 'gpresult /R' on the DirectAccess server shows the group policy was applied from the Domain controller successfully. But then I don't understand why the dashboard shows the error.
Please suggest what could be the cause for this error.
Thanks.
Hello,
I'm fairly new to DA and I was just trying to figure out if this is a normal occurrence.
I have DA 2012 R2 configured, load balanced, running without issues, clients connect through Win7 and Win 8.1 and access what they need. When I run the Reporting tool it's showing all my connections, as expected, but it's showing multiple sessions - and I'm talking over 1700 average sessions per day with a testing group of only 15 people. The majority of the sessions have no user name, just the host name of the users machine. All these connections range from 1 to 4 minutes and in/out bytes of 20,000 to 80,000.
Is this normal? It's both Win7 and Win8.1 connections doing this.
Any info would be appreciated, thanks.
Two DirectAccess Servers (Windows 2012 R2) has been setup with load balancing in a cluster using Windows NLB. Everything work perfectly. All our remote client computers are always connected.
This is probably noob question but I need to know what is going to happen to our remote clients if I temporarily disable NLB (within the DirectAccess management console)? I am guessing that all current active connections will be terminated. Will those remote clients reconnect back again? Or, we need to ask our clients to bring their laptops back to the office so they can get new AD group policy?Hi all, just set up DA on 2012R2, no VPN, working nicely so far, Win8.1 Clients.
Noticed though that if I on a Client click the DA-Connection and Select "Disconnect", the status "Connected" disappears on the Client, but I can still Access all internal resources, file, print, RDP... (This one was New to me, usually som struggle getting DA-clients Connect)
-Ray.
Hi all
We're using Forefront UAG 2010 SP4 to publish a website which is our PoC RDS (RemoteApp) 2012R2 deployment. We also have a VPN allowing network access to all RAPP servers.
We note that when the published apps' alias has a space within (%20), the apps' icon is replaced with a white cross on black background. Remote Applications embed a space within their alias when multiple apps are published pointing to the same .exe - this can be normal practice when publishing multiple instances of iexplore.exe and passing a unique URL making it easy for our users to navigate. Icons are displayed correctly when he internal URL to our RemoteApp Web server is accessed directly over the UAG VPN, only when users select the Web App icon on the UAG Home page do icons fails.
Also worthy of noting is that the RemoteApp still launches correctly, it's just the icon fails to display correctly.
A workaround is to either access the RemoteApp URL directly (traversing the UAG VPN) or ensure the RemoteApp alias doesn't contain a space, yet neither are particularly a resolution and will increase maintenance.
We have attempted to change various publishing settings on the UAG to exclude Web site URL symbol checking etc, but all to no avail.
We note also that when sites are published they are prepended with /uniquesig<long number>/uniquesig1/<original web site> and suspect a significant level or redirection is occurring.
1. Can someone recommend a setting in UAG which will allow sites using %20 (spaces) within their names?
2. Is there a way of publishing an IE icon on the UAG Home page which simply opens IE and passes the internal URL, rather than prepending (passing through) the UAG using /uniquesig etc ?
My concern is we enter a significant roll out and publish RemoteApp via the UAG Home page, only find out other anomolies in the future...
As you can see I'm not experienced in UAG but I am familiar with RemoteApp.
Your advice would be really appreciated.
Lea
Here's the RemoteApp site accessed through the UAG home page:
Note iExplore, iexploreBBC and iexploreRDS are all apps pointing to iexplorer.exe, but BBC and RDS have aliases post pended with space (1) and (2) respectively, therefore a %20 is used. These apps still fire up but their icons cannot be located.
Here's directly accessing the RemoteApp site through a browser (IE10) via UAG VPN.
Hello,
I redesigned the default login page to another design and the login works as it should.
In the page, we have a link/button which shows show login help content when a use clicks on it and and we are using the bootstrap modal to popup the dialog content from a page (or inline). However, nothing pops up in the foreground.
In our test mockup page of html, it works fine but when I try and put it on the Login.asp page and click on the link/button, nothing happens.
I put the scripts in the /Internal/scripts and /Internal/scripts/Customupdate folders also but nothing seems to work.
Is there a setting in UAG's URL set policies that is not allowing that sort of a popup.
The javascript:alert() works fine but not the bootstrap modal.
http://getbootstrap.com/javascript/#modals
I am new to UAG so I'm learning as I go.
Thanks!
Hello everyone,
after using DA with OTP for a while, today I ran into a problem. I don´t call it a bug, but more something which works as it is designed... but could use an improvement.
I can work with DA fine while I´m logged in with my personalized User and entered my OTP. The problem starts when I use the Run As command and start a process with another User Account. DA then normally will establish another User Tunnel for this particular User. But since we have OTP enabled, the tunnel cannot be stablished (I can see this via get-daconnectionstatus). Since there seems to be no way to enter an OTP again for this particular User, I´m stuck.
The only workaround I can use currently is, adding this second User to the DA OTP exemption group (which I don´t really want to use at all in a production environment).
It would be great to have a prompt in the Network settings or somewhere else as soon as you start a process with another User and another DA User Tunnel needs to be established and authenticated.
Kind regards,
René Büdinger
Hi all,
My client's scenario is a little bit odd. They have 2 networks. 1 for server LAN and 1 for user LAN. Both networks have no Internet connection. The networks are totally segregated. The domain-joined machines in user LAN can only connect to the server LAN via DirectAccess. This part should be fine.
However, the client has some special laptops which allow user to bring them home. They needs to dial into the user LAN with a special hardware VPN first, and then connect to server via DirectAccess. In this case, will DirectAccess still work? means DirectAccess over VPN. Will this work or will this be supported?
I suspect this will not work because once DA detect it is outside of server LAN, DA adapter will be active. Then routing changes and will affect VPN connection in the end. Then user totally cannot connect.
Thanks,
William
William Yang
Hello,
In our Exchange 2013 environment, there are two Forefront UAG servers which publish OWA, Outlook Anywhere to Internet.
The customer has a requirement, the abc security group can only visit mail at company. Out of company mail access is forbidden.
I found in the publish application, there is a Authentication tab. the currently setting is "All authenticated users" allowed.
Can I change the setting below to get the goal?
Authenticated users Allow
ABC group Deny
I think that should be fine, but I don't have test servers to have a test.
Any input will be highly appreciated.
Best regards,
Robert Li
Partner Online Technical Community
-----------------------------------------------------------------------------------------
We hope you get value from our new forums platform! Tell us what you think:
http://social.microsoft.com/Forums/en-US/partnerfdbk/threads
------------------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
Hi - hopefully this will be an easy question for you experts!
We have a UAG 2010 Gateway which we are using to posture check clients and provide a clientside VPN with RADIUS (two factor)
Users can login to UAG / Bring up the VPN and browse our internal network perfectly.
However - when the VPN Users try and get to the internet - it looks like the VPN Session isn't getting the clientside proxy server settings in IE - therefore it is failing.
We have also ran up some logging on the internal proxy server and can confirm that traffic isn't reaching it, and the outgoing Firewall confirms that clients are trying to access the internet directly.
Can some body tell me how I can force the clients to get the proxy settings from IE?
Cheers
Peace
I've seen this problem numerous times and was just able to replicate it this morning.
I was working to fix a offline files sync issue on this machine and configure DirectAccess on this desktop. Once I got the policy applying on the machine I tested DirectAccess and it was working properly by using my cell phones hotspot. Once I was satisfied it was working properly I disconnected from wireless and connected the machine back up to the Intranet via ethernet. After a few moments I had a network connection again. IPConfig reported that the machine was able to get an IP address via DHCP. The DCA agent however was red and reporting problems. I then noticed that under the adapter settings for the NIC it was stuck at "Identifying Network". When I ran wf.msc I could see the public profile was active. I could connect to the majority of Intranet resources I tested including our NLS site. I was however unable to kick off the offline files sync process (I suspect it will not start if it's using the public firewall profile). I was unable to change the profile in use to domain. The only way I could get the machine out of this state was to reboot the machine.
I tried to install this hotfix but it's already present on the system.
https://support.microsoft.com/en-us/kb/2680464
1) How MDA NRPT entries will work in NAT'ed scenarios and Force tunneling? How with the nrtp exception work on this case.
2) In VPN, how the proxy and proxy exceptions are dealt? As per our VPN traffic trace, proxy configured but the traffic is not going to the proxy but it's going to the internet. How the traffic should flow?
3) Google Chrome issue-- In Case of the force tunneling the client that is connected over direct access is not able to browse to any website using google chrome. They will be only able to connect when we manually add the proxy settings. Internet Explorer works right out of the box. Is it the correct behavior in case of google chrome or not?