We have a client that not can get connection with the direct acces server.. i try evertying but i can find a solution.. the client is on the other side of the world so i can not reinstall the client.. can somuane please help me...
<big>DirectAccess Connectivity Assistant Logs</big>
RED: Corporate connectivity is not working.
Your computer has lost connectivity to some corporate resources. If the problem persists, contact your administrator.
13/6/2013 8:17:16 (UTC)
Probes List
FAIL - The server name resolved successfully, but failed to access PING: 2002:c1ac:7f6e::c1ac:7f6e
WARNING: Only PING is configured to verify connectivity to corporate resources defined in the DCA group policy configuration. At least one resource should be configured to use HTTP or FILE.
DTE List
FAIL - PING: 2002:c1ac:7f6e::c1ac:7f6e
FAIL - PING: 2002:c1ac:7f6d::c1ac:7f6d
One-time password (OTP) state
OTP authentication for DirectAccess is disabled.
DaOtpCredentialProvider.dll is not registered as a Windows Credential Provider.
<big>
ipconfig /all</big><textarea cols="100" rows="35">*************************************************************************** ipconfig /all ***************************************************************************
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : GBKLWL632
Primary Dns Suffix . . . . . . . : colbond.intra Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : colbond.intra colbond.local emn.colbond.intra obg.colbond.intra
ave.colbond.intra prs.colbond.intra dekleef.intra abd.colbond.intra dun.colbond.intra System Quarantine State . . . . . : Not Restricted Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific
DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205 Physical Address. . . . . . . . . : 8C-70-5A-11-16-C4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Home Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : D4-BE-D9-2B-7E-11 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local
IPv6 Address . . . . . : fe80::5c99:ccc2:6499:ed98%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, June 12, 2013 11:48:31 PM Lease Expires
. . . . . . . . . . : Thursday, June 20, 2013 12:54:57 AM Default Gateway . . . . . . . . . : fe80::218:e7ff:fec6:568c%11 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . .
. . . . : Enabled Tunnel adapter isatap.Home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft
Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{1C7F2E0A-C400-4C8A-A0EF-6CF25891CB83}: Media State . . . . . . . . .
. . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . .
: Yes Tunnel adapter iphttpsinterface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : iphttpsinterface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled.
. . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter
#3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix
. : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh int teredo show state</big><textarea cols="100" rows="35">*************************************************************************** netsh int teredo show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh int teredo show state Teredo Parameters --------------------------------------------- Type : client Server Name : 193.172.127.109 (Group Policy) Client Refresh Interval : 30 seconds Client Port : unspecified C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh int httpstunnel show interfaces</big><textarea cols="100" rows="35">*************************************************************************** netsh int httpstunnel show interfaces *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh int httpstunnel show interfaces The system cannot find the file specified. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh dns show state</big><textarea cols="100" rows="35">*************************************************************************** netsh dns show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh dns show state Name Resolution Policy Table Options -------------------------------------------------------------------- Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does not exist in DNS or if the DNS servers are unreachable when on a private network Query Resolution Behavior : Resolve only IPv6 addresses for names Network Location Behavior : Let Network ID determine when Direct Access settings are to be used Machine Location : Outside corporate network Direct Access Settings : Configured and Enabled DNSSEC Settings : Not Configured C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh name show policy</big><textarea cols="100" rows="35">*************************************************************************** netsh name show policy *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh name show policy DNS Name Resolution Policy Table Settings Settings for gbvlpuagssl.colbond.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for .lowandbonar.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy Settings for .bonar.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy Settings for .ad.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy Settings for .colbond.local ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy Settings for .colbond.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh name show effective</big><textarea cols="100" rows="35">*************************************************************************** netsh name show effective *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh name show effective DNS Effective Name Resolution Policy Table Settings Settings for gbvlpuagssl.colbond.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for .lowandbonar.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (Proxy Settings) : Bypass proxy Settings for .bonar.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (Proxy Settings) : Bypass proxy Settings for .ad.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (Proxy Settings) : Bypass proxy Settings for .colbond.local ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (Proxy Settings) : Bypass proxy Settings for .colbond.intra ---------------------------------------------------------------------- Certification authority : DC=intra, DC=colbond, CN=RootCA DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:c1ac:7f6e::c1ac:7f6e DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh adv mon show mmsa</big><textarea cols="100" rows="35">*************************************************************************** netsh adv mon show mmsa *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh adv mon show mmsa No SAs match the specified criteria. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh nap client show state</big><textarea cols="100" rows="35">*************************************************************************** netsh nap client show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh nap client show state Client state: ---------------------------------------------------- Name = Network Access Protection Client Description = Microsoft Network Access Protection Client Protocol version = 1.0 Status = Enabled Restriction state = Not restricted Troubleshooting URL = Restriction start time = Extended state = GroupPolicy = Not Configured Enforcement client state: ---------------------------------------------------- Id = 79617 Name = DHCP Quarantine Enforcement Client Description = Provides DHCP based enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79619 Name = IPsec Relying Party Description = Provides IPsec based enforcement for Network Access Protection Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79621 Name = RD Gateway Quarantine Enforcement Client Description = Provides RD Gateway enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79622 Name = Microsoft Forefront UAG Quarantine Enforcement Client Description = Reports client health status. Version = 4.0.3206.10100 Vendor name = Microsoft Corporation Registration date = 6/12/2013 7:03:00 AM Initialized = Yes Id = 79623 Name = EAP Quarantine Enforcement Client Description = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No System health agent (SHA) state: ---------------------------------------------------- Id = 79744 Name = Windows Security Health Agent Description = The Windows Security Health Agent monitors security settings on your computer. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (0) - Ok. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true</big><textarea cols="100" rows="35">*************************************************************************** wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true Event[0]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:48:48.727 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-06-13 06:48:48.727Z was sent to the enforcment client 79622. Event[1]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:48:48.727 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79622 successfully initialized. Event[2]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T23:48:37.448 Event ID: 1004 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent was uninitialized successfully. Event[3]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T23:48:37.432 Event ID: 1003 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent could not be initialized. Failure Code: 0x80070424 Event[4]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:48:37.401 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79871 successfully initialized. Event[5]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:48:37.058 Event ID: 26 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The NAP service has started. NAP has the following information for this computer: Computer name is GBKLWL632.colbond.intra. Domain status is: Domain Joined. The build number is: 7601. The OS SKU is: CLIENT. The service pack version is: 1.0. The processor type is: x64 (AMD or Intel). Event[6]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:47:34.321 Event ID: 10 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79871 successfully uninitialized. Event[7]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:47:31.903 Event ID: 10 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79622 successfully uninitialized. Event[8]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:23:30.115 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-06-13 06:23:30.115Z was sent to the enforcment client 79622. Event[9]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:23:30.099 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79622 successfully initialized. Event[10]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T23:23:21.535 Event ID: 1004 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent was uninitialized successfully. Event[11]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T23:23:21.535 Event ID: 1003 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent could not be initialized. Failure Code: 0x80070424 Event[12]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:23:21.503 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79871 successfully initialized. Event[13]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:23:21.316 Event ID: 26 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The NAP service has started. NAP has the following information for this computer: Computer name is GBKLWL632.colbond.intra. Domain status is: Domain Joined. The build number is: 7601. The OS SKU is: CLIENT. The service pack version is: 1.0. The processor type is: x64 (AMD or Intel). Event[14]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:21:47.192 Event ID: 10 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79871 successfully uninitialized. Event[15]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T23:21:44.868 Event ID: 10 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79622 successfully uninitialized. Event[16]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T08:24:21.458 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-06-12 15:24:21.458Z was sent to the enforcment client 79622. Event[17]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-06-12T08:24:21.458 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The enforcement client 79622 successfully initialized. Event[18]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T08:24:13.955 Event ID: 1004 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent was uninitialized successfully. Event[19]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-06-12T08:24:13.955 Event ID: 1003 Task: N/A Level: Error Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: GBKLWL632.colbond.intra Description: The Windows Security Health Agent could not be initialized. Failure Code: 0x80070424 C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh int ipv6 show int level=verbose</big><textarea cols="100" rows="35">*************************************************************************** netsh int ipv6 show int level=verbose *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh int ipv6 show int level=verbose Interface Loopback Pseudo-Interface 1 Parameters ---------------------------------------------- IfLuid : loopback_0 IfIndex : 1 State : connected Metric : 50 Link MTU : 4294967295 bytes Reachable Time : 16000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : disabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Wireless Network Connection Parameters ---------------------------------------------- IfLuid : wireless_0 IfIndex : 12 State : disconnected Metric : 25 Link MTU : 1500 bytes Reachable Time : 35500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : enabled Other Stateful Configuration : enabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface isatap.Home Parameters ---------------------------------------------- IfLuid : tunnel_4 IfIndex : 18 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 26000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Local Area Connection* 12 Parameters ---------------------------------------------- IfLuid : tunnel_5 IfIndex : 16 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 34000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : enabled Other Stateful Configuration : enabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Local Area Connection Parameters ---------------------------------------------- IfLuid : ethernet_6 IfIndex : 11 State : connected Metric : 20 Link MTU : 1500 bytes Reachable Time : 32000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 64 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface isatap.{1C7F2E0A-C400-4C8A-A0EF-6CF25891CB83} Parameters ---------------------------------------------- IfLuid : tunnel_6 IfIndex : 19 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 41000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface iphttpsinterface Parameters ---------------------------------------------- IfLuid : tunnel_7 IfIndex : 15 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 33000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Local Area Connection* 11 Parameters ---------------------------------------------- IfLuid : tunnel_8 IfIndex : 29 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 31000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface 6TO4 Adapter Parameters ---------------------------------------------- IfLuid : tunnel_9 IfIndex : 17 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 24500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : disabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh advf show currentprofile</big><textarea cols="100" rows="35">*************************************************************************** netsh advf show currentprofile *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh advf show currentprofile Private Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
netsh advfirewall monitor show consec</big><textarea cols="100" rows="35">*************************************************************************** netsh advfirewall monitor show consec *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>netsh advfirewall monitor show consec Global Settings: ---------------------------------------------------------------------- IPsec: StrongCRLCheck 0:Disabled SAIdleTimeMin 5min DefaultExemptions ICMP IPsecThroughNAT Never AuthzUserGrp None AuthzComputerGrp None StatefulFTP Enable StatefulPPTP Enable Main Mode: KeyLifetime 60min,0sess SecMethods DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1 ForceDH No Categories: BootTimeRuleCategory Windows Firewall FirewallRuleCategory Windows Firewall StealthRuleCategory Windows Firewall ConSecRuleRuleCategory Windows Firewall Quick Mode: QuickModeSecMethods ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb QuickModePFS None Security Associations: No SAs match the specified criteria. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
Certutil -store my</big><textarea cols="100" rows="35">*************************************************************************** Certutil -store my *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>Certutil -store my my ================ Certificate 0 ================ Archived! Serial Number: 490efe7d0001000006f8 Issuer: CN=RootCA, DC=colbond, DC=intra NotBefore: 6/14/2012 3:31 AM NotAfter: 6/14/2014 3:31 AM Subject: CN=GBKLWL632, OU=Laptops, OU=XF, OU=Arnheim, DC=colbond, DC=intra Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.16020454.5165684.5392808.860969.9122896.216.2647899.15478195 Cert Hash(sha1): dd 3a fc 8c 20 a5 35 28 5a 17 45 68 89 cb 4b 1e 7f 1d d9 35 Key Container = 9db314f5f1cbde6a6e7579cc89881106_d226e07c-fb91-48b1-acb1-e8e2ab553ab4 Simple container name: le-Colbond-Computer-f24e186b-74d5-4497-b19c-1c51881ef82a Provider = Microsoft RSA SChannel Cryptographic Provider Encryption test passed ================ Certificate 1 ================ Serial Number: 61c66c8200010000079c Issuer: CN=RootCA, DC=colbond, DC=intra NotBefore: 6/21/2012 7:53 AM NotAfter: 6/21/2014 8:03 AM Subject: CN=GBKLWL632.colbond.intra Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.16020454.5165684.5392808.860969.9122896.216.1.30 Cert Hash(sha1): 0b 17 e6 33 1e 7b 95 0d 8d 41 6b f9 fe cf a7 f2 e9 b9 b0 88 Key Container = c5bfaabb28c5538c3d1ba6da63025380_d226e07c-fb91-48b1-acb1-e8e2ab553ab4 Simple container name: le-Workstation-eade287c-3974-47b4-b4bd-5d1e5988205c Provider = Microsoft RSA SChannel Cryptographic Provider Encryption test passed ================ Certificate 2 ================ Archived! Serial Number: 490f01e80001000006f9 Issuer: CN=RootCA, DC=colbond, DC=intra NotBefore: 6/14/2012 3:31 AM NotAfter: 6/14/2013 3:31 AM Subject: CN=GBKLWL632.colbond.intra Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine Cert Hash(sha1): 08 b5 20 c8 98 4d 00 76 d6 69 85 1d 27 cc 4a 5f 6d de bd c6 Key Container = c8b04417678bc5fc5b5463ff12c198f3_d226e07c-fb91-48b1-acb1-e8e2ab553ab4 Simple container name: le-Machine-2fa16f31-5373-4f07-99be-5a70d99bc73a Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed CertUtil: -store command completed successfully. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
Systeminfo</big><textarea cols="100" rows="35">*************************************************************************** Systeminfo *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>Systeminfo Host Name: GBKLWL632 OS Name: Microsoft Windows 7 Enterprise OS Version: 6.1.7601 Service Pack 1 Build 7601 OS Manufacturer: Microsoft Corporation OS Configuration: Member Workstation OS Build Type: Multiprocessor Free Registered Owner: Colbond bv Registered Organization: Colbond bv Product ID: 00392-918-5000002-85181 Original Install Date: 6/14/2012, 3:40:57 AM System Boot Time: 6/12/2013, 11:48:16 PM System Manufacturer: Dell Inc. System Model: Latitude E6320 System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 42 Stepping 7 GenuineIntel ~2200 Mhz BIOS Version: Dell Inc. A08, 10/18/2011 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume2 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: (UTC-08:00) Pacific Time (US & Canada) Total Physical Memory: 3,977 MB Available Physical Memory: 2,320 MB Virtual Memory: Max Size: 7,952 MB Virtual Memory: Available: 6,099 MB Virtual Memory: In Use: 1,853 MB Page File Location(s): C:\pagefile.sys Domain: colbond.intra Logon Server: N/A Hotfix(s): 84 Hotfix(s) Installed. [01]: KB2666914 [02]: KB982861 [03]: KB982861 [04]: KB982861 [05]: 982861 [06]: KB971033 [07]: KB2425227 [08]: KB2479943 [09]: KB2484033 [10]: KB2488113 [11]: KB2491683 [12]: KB2492386 [13]: KB2505438 [14]: KB2506014 [15]: KB2506212 [16]: KB2506928 [17]: KB2507618 [18]: KB2509553 [19]: KB2510531 [20]: KB2511250 [21]: KB2511455 [22]: KB2515325 [23]: KB2522422 [24]: KB2529073 [25]: KB2532531 [26]: KB2533552 [27]: KB2534111 [28]: KB2536275 [29]: KB2536276 [30]: KB2541014 [31]: KB2544893 [32]: KB2545698 [33]: KB2547666 [34]: KB2552343 [35]: KB2560656 [36]: KB2563227 [37]: KB2564958 [38]: KB2567680 [39]: KB2570791 [40]: KB2570947 [41]: KB2579686 [42]: KB2584146 [43]: KB2585542 [44]: KB2603229 [45]: KB2604115 [46]: KB2607576 [47]: KB2618451 [48]: KB2619339 [49]: KB2620704 [50]: KB2620712 [51]: KB2621440 [52]: KB2631813 [53]: KB2633952 [54]: KB2640148 [55]: KB2644615 [56]: KB2645640 [57]: KB2653956 [58]: KB2654428 [59]: KB2656356 [60]: KB2656373 [61]: KB2656411 [62]: KB2658846 [63]: KB2659262 [64]: KB2660075 [65]: KB2660649 [66]: KB2667402 [67]: KB2676562 [68]: KB2677070 [69]: KB2679255 [70]: KB2685939 [71]: KB2686831 [72]: KB2688338 [73]: KB2690533 [74]: KB2695962 [75]: KB2699779 [76]: KB2699988 [77]: KB2709162 [78]: KB2709630 [79]: KB2709715 [80]: KB2709981 [81]: KB2718704 [82]: KB976002 [83]: KB976902 [84]: KB982018 Network Card(s): 2 NIC(s) Installed. [01]: Intel(R) 82579LM Gigabit Network Connection Connection Name: Local Area Connection DHCP Enabled: Yes DHCP Server: 192.168.0.1 IP address(es) [01]: 192.168.0.12 [02]: fe80::5c99:ccc2:6499:ed98 [02]: Intel(R) Centrino(R) Advanced-N 6205 Connection Name: Wireless Network Connection Status: Media disconnected C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>
<big>
whoami /groups</big><textarea cols="100" rows="35">*************************************************************************** whoami /groups *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}>whoami /groups GROUP INFORMATION ----------------- Group Name Type SID Attributes ====================================== ================ =========================================================== =============================================================== Mandatory Label\System Mandatory Level Label S-1-16-16384 Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\SERVICE Well-known group S-1-5-6 Mandatory group, Enabled by default, Enabled group CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group NT SERVICE\DcaSvc Well-known group S-1-5-80-4554842-3241807196-4121767921-3273767943-657238994 Enabled by default, Enabled group, Group owner LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group, Group owner BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group C:\Windows\system32\LogSpace\{D24EA447-69E2-4B03-A0B9-B35DFFF54AD8}></textarea>