gogi100

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 94 total)
  • Author
    Posts
  • Avatar
    gogi100
    Member
    in reply to: copying registry key #334989

    i have in outlook 2010 one account. i want to create in outlook 2010 one more account that is same like previous account with different pop3/smtp settings because i have backup mail server. i thinked that this work do over registry

    Avatar
    gogi100
    Member
    in reply to: problem with wds server #334988

    i set read filter on wds server but nothing. i receive same messages. maybe on mikrotik router option 67 is not set ok. my provider is set boot/x86/pxeboot.n12 maybe this option need to changing?

    Avatar
    gogi100
    Member
    in reply to: problem with wds server #334987

    in wds log i found

    [357059][WDSTFTP] [WDSTFTP][UDP][Ep:192.168.200.28:69] Recv From:192.168.0.161:2070 Len:994
    [2800] 15:05:48: [357059][WDSTFTP] -> CClientContext::FindSession
    [2800] 15:05:48: [357059][WDSTFTP] < – CClientContext::FindSession=2
    [2800] 15:05:48: [UDPPorts] Allocated dynamic port 50880.
    [2800] 15:05:48: CUdpHandler::OpenEndpoint: Dynamic Port=50880
    [2800] 15:05:48: [WDSTFTP][UDP][Ep=50880] Registered
    [2800] 15:05:48: UpdEndpoint::UdpEndpoint = 0000000002D2E930

    [2800] 15:05:48: [WDSTFTP][UDP][Ep=192.168.200.28:50880][0x0000000002D2E930] Created
    [2800] 15:05:48: [357059][WDSTFTP] TftpSession[0x0000000002D2DEF0:192.168.0.161:2070] – Initialized: Local=192.168.200.28:0
    [2800] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpsession.cpp:566] Expression: , Win32 Error=161
    [2800] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpsession.cpp:614] Expression: , Win32 Error=161
    [2800] 15:05:48: [357059][WDSTFTP] TFTPConstruct[ERROR]: Code=4(0x4), Desc=Illegal operation error.
    [2800] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpserver.cpp:592] Expression: , Win32 Error=161
    [2792] 15:05:48: [357059][WDSTFTP] [WDSTFTP][UDP][Ep:192.168.200.28:69] Sent To:192.168.0.161:2070 Len:29
    [2792] 15:05:48: [357059][WDSTFTP] [WDSTFTP][UDP][Ep:192.168.200.28:69] Recv From:192.168.0.161:2071 Len:999
    [2792] 15:05:48: [357059][WDSTFTP] -> CClientContext::FindSession
    [2792] 15:05:48: [357059][WDSTFTP] < – CClientContext::FindSession=2
    [2792] 15:05:48: [UDPPorts] Allocated dynamic port 58856.
    [2792] 15:05:48: CUdpHandler::OpenEndpoint: Dynamic Port=58856
    [2792] 15:05:48: [WDSTFTP][UDP][Ep=58856] Registered
    [2792] 15:05:48: UpdEndpoint::UdpEndpoint = 0000000002D2F8E0

    [2792] 15:05:48: [WDSTFTP][UDP][Ep=192.168.200.28:58856][0x0000000002D2F8E0] Created
    [2792] 15:05:48: [357059][WDSTFTP] TftpSession[0x0000000002D2EEA0:192.168.0.161:2071] – Initialized: Local=192.168.200.28:0
    [2792] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpsession.cpp:566] Expression: , Win32 Error=161
    [2792] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpsession.cpp:614] Expression: , Win32 Error=161
    [2792] 15:05:48: [357059][WDSTFTP] TFTPConstruct[ERROR]: Code=4(0x4), Desc=Illegal operation error.
    [2792] 15:05:48: [357059][WDSTFTP] [d:longhornbasentsetupopktoolswdstransportservertftptftpserver.cpp:592] Expression: , Win32 Error=161
    [2800] 15:05:48: [357059][WDSTFTP] [WDSTFTP][UDP][Ep:192.168.200.28:69] Sent To:192.168.0.161:2071 Len:29
    [2800] 15:05:48: [d:longhornbasentsetupopktoolswdswdssrvserversrcudpendpoint.cpp:811] Expression: , Win32 Error=5023
    ..
    [1288] 15:05:48: [WDSTFTP][UDP][Ep=192.168.200.28:50880] Deleted.
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2DEF0:192.168.0.161:2070] – Endpoint Removed. Killing session.
    [1288] 15:05:48: UpdEndpoint::~UdpEndpoint = 0000000002D2E930

    [1288] 15:05:48: [WDSTFTP][UDP][Ep=50880] Closed
    [1288] 15:05:48: [UdpPorts] Dynamic Port 50880 freed.
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2DEF0:192.168.0.161:2070] – Shutdown
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2DEF0:192.168.0.161:2070] – Shutdown
    [2792] 15:05:48: [d:longhornbasentsetupopktoolswdswdssrvserversrcudpendpoint.cpp:811] Expression: , Win32 Error=5023

    [1288] 15:05:48: [WDSTFTP][UDP][Ep=192.168.200.28:58856] Deleted.
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2EEA0:192.168.0.161:2071] – Endpoint Removed. Killing session.
    [1288] 15:05:48: UpdEndpoint::~UdpEndpoint = 0000000002D2F8E0

    [1288] 15:05:48: [WDSTFTP][UDP][Ep=58856] Closed
    [1288] 15:05:48: [UdpPorts] Dynamic Port 58856 freed.
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2EEA0:192.168.0.161:2071] – Shutdown
    [1288] 15:05:48: [357075][WDSTFTP] TftpSession[0x0000000002D2EEA0:192.168.0.161:2071] – Shutdown
    [1288] 15:05:51: BufferPoolSet[Trim]: AllocSize=4096, Min=512, Last=258, Current=514, Trim=2

    Avatar
    gogi100
    Member
    in reply to: problem with wds server #334986

    my provider reconfigured dhcp server but now i receive error

    pxe-t04 illegal operation error
    pxe-e36 error received from tftp server
    pxe-m0f eiting pxe rom

    i scanned with wireshark
    and i receive like on pictures

    Avatar
    gogi100
    Member
    in reply to: gpo for gadgets #334985

    Re: gpo for gadgets

    yes, but i cannot find option that show gadget on desktop

    Avatar
    gogi100
    Member
    in reply to: make multiple sessions without RDP #334984

    Re: make multiple sessions without RDP

    application does not use terminal. there’s is alternative for terminal?

    Avatar
    gogi100
    Member
    in reply to: problem with l2l vpn on asa 5505 #334983

    Re: problem with l2l vpn on asa 5505

    i used commands

    Result of the command: “show isakmp sa”

    There are no IKEv1 SAs

    IKEv2 SAs:

    Session-id:4, Status:UP-ACTIVE, IKE count:1, CHILD count:1

    Tunnel-id Local Remote Status Role
    1744962893 10.15.100.15/500 10.13.74.50/500 READY INITIATOR
    Encr: AES-CBC, keysize: 256, Hash: SHA96, DH Grp:5, Auth sign: PSK, Auth verify: PSK
    Life/Active Time: 86400/2831 sec
    Child sa: local selector 192.168.5.0/0 – 192.168.5.255/65535
    remote selector 192.168.0.0/0 – 192.168.0.255/65535
    ESP spi in/out: 0xef9aeee/0x6cbcf15b

    Result of the command: “show isakmp sa”

    There are no IKEv1 SAs

    IKEv2 SAs:

    Session-id:13, Status:UP-ACTIVE, IKE count:1, CHILD count:1

    Tunnel-id Local Remote Status Role
    588528855 10.13.74.50/500 10.15.100.15/500 READY RESPONDER
    Encr: AES-CBC, keysize: 256, Hash: SHA96, DH Grp:5, Auth sign: PSK, Auth verify: PSK
    Life/Active Time: 86400/2884 sec
    Child sa: local selector 192.168.0.0/0 – 192.168.0.255/65535
    remote selector 192.168.5.0/0 – 192.168.5.255/65535
    ESP spi in/out: 0x6cbcf15b/0xef9aeee

    Result of the command: “show ipsec sa”

    interface: outside
    Crypto map tag: outside_map, seq num: 1, local addr: 10.13.74.50

    access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
    local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
    current_peer: 10.15.100.15

    #pkts encaps: 214, #pkts encrypt: 214, #pkts digest: 214
    #pkts decaps: 1441, #pkts decrypt: 1441, #pkts verify: 1441
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 214, #pkts comp failed: 0, #pkts decomp failed: 0
    #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

    local crypto endpt.: 10.13.74.50/500, remote crypto endpt.: 10.15.100.15/500
    path mtu 1500, ipsec overhead 74, media mtu 1500
    current outbound spi: 0EF9AEEE
    current inbound spi : 6CBCF15B
    inbound esp sas:
    spi: 0x6CBCF15B (1824321883)
    transform: esp-aes-256 esp-sha-hmac no compression
    in use settings ={L2L, Tunnel, }
    slot: 0, conn_id: 102400, crypto-map: outside_map
    sa timing: remaining key lifetime (kB/sec): (4193137/25899)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
    spi: 0x0EF9AEEE (251244270)
    transform: esp-aes-256 esp-sha-hmac no compression
    in use settings ={L2L, Tunnel, }
    slot: 0, conn_id: 102400, crypto-map: outside_map
    sa timing: remaining key lifetime (kB/sec): (4239344/25899)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0x00000000 0x00000001

    esult of the command: “show ipsec sa”

    interface: outside
    Crypto map tag: outside_map, seq num: 1, local addr: 10.15.100.15

    access-list outside_cryptomap extended permit ip 192.168.5.0 255.255.255.0 192.168.0.0 255.255.255.0
    local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
    remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
    current_peer: 10.13.74.50
    #pkts encaps: 1472, #pkts encrypt: 1472, #pkts digest: 1472
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 1472, #pkts comp failed: 0, #pkts decomp failed: 0

    local crypto endpt.: 10.15.100.15/500, remote crypto endpt.: 10.13.74.50/500
    path mtu 1500, ipsec overhead 74, media mtu 1500
    current outbound spi: 6CBCF15B
    current inbound spi : 0EF9AEEE

    inbound esp sas:
    spi: 0x0EF9AEEE (251244270)
    transform: esp-aes-256 esp-sha-hmac no compression
    in use settings ={L2L, Tunnel, PFS Group 2, }
    slot: 0, conn_id: 110592, crypto-map: outside_map
    sa timing: remaining key lifetime (kB/sec): (3916800/25843)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0x00000000 0x00000001
    outbound esp sas:
    spi: 0x6CBCF15B (1824321883)
    transform: esp-aes-256 esp-sha-hmac no compression
    in use settings ={L2L, Tunnel, PFS Group 2, }
    slot: 0, conn_id: 110592, crypto-map: outside_map
    sa timing: remaining key lifetime (kB/sec): (4054895/25843)
    IV size: 16 bytes
    replay detection support: Y
    Anti replay bitmap:
    0x00000000 0x00000001

    all is tryed but nothing, plz help me

    where is mistake?

    then, tunnel is up, but traffic is not working

    Avatar
    gogi100
    Member
    in reply to: problem with credential caching on rodc #334982

    Re: problem with credential caching on rodc

    when i use command from rwdc to rodc ntfrsutl version rodc.my.domain

    Quote:
    C:Usersadministrator.my.domain>ntfrsutl version rodc.my.domain
    NtFrsApi Version Information
    NtFrsApi Major : 0
    NtFrsApi Minor : 0
    NtFrsApi Compiled on: Apr 10 2009 20:14:06
    ERROR – Cannot bind w/authentication to computer, rodc.my.domain; 000006ba (
    1722)
    ERROR – Cannot bind w/o authentication to computer, rodc.my.domain; 000006ba
    (1722)
    ERROR – Cannot RPC to computer, dri-dcro.dri.local; 000006ba (1722)

    this command works from rodc to rwdc.
    i enabled rpc traffic through my firewall.
    also when i start command on rodc net share i don’t see sysvol and netlogon. why?

    Avatar
    gogi100
    Member
    in reply to: problem with credential caching on rodc #334981

    Re: problem with credential caching on rodc

    when i start dcdiag /v on rodc i receive:

    Quote:
    Testing server: Default-First-Site-Namerodc

    Starting test: Advertising

    Warning: DsGetDcName returned information for \rwdcD.my.domain, when

    we were trying to reach rodc.

    SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

    ……………………. rodc failed test Advertising

    Test omitted by user request: CheckSecurityError

    Test omitted by user request: CutoffServers

    Starting test: FrsEvent

    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the

    SYSVOL has been shared. Failing SYSVOL replication problems may cause

    Group Policy problems.
    An Warning Event occurred. EventID: 0x800034C4

    Time Generated: 02/13/2013 23:59:50

    Event String:

    The File Replication Service is having trouble enabling replication from rwdc.my.domain to rodc for c:windowssysvoldomain using the DNS name rwdc.my.domain. FRS will keep retrying.

    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

    [2] FRS is not running on rwdc.my.domain.

    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    An Warning Event occurred. EventID: 0x800034C4

    Time Generated: 02/14/2013 00:07:50

    Event String:

    The File Replication Service is having trouble enabling replication from rwdc to rodc for c:windowssysvoldomain using the DNS name rwdc.my.domain. FRS will keep retrying.

    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name rwdc.my.domain from this computer.

    [2] FRS is not running on rwdc.my.domain.

    [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

    ……………………. rodc passed test FrsEvent
    Starting test: NetLogons

    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\rodcnetlogon)

    [rodc] An net use or LsaPolicy operation failed with error 67,

    The network name cannot be found..

    ……………………. rodc failed test NetLogons

    i found that netlogon and sysvol is not configured on rodc

    Avatar
    gogi100
    Member
    in reply to: problem with credential caching on rodc #334980

    Re: problem with credential caching on rodc

    when i go in rwdc active directory sites and services/default-first-site-name/servers/rodc and i click replication now i receive error

    Quote:
    the following error occured during the attempt to contact the domain controller rodc: the rpc server is unavailable. this condition may be caused by a dns lookup problem

    maybe this problem disable prepopulation password (caching credentials)?

    Avatar
    gogi100
    Member
    in reply to: problem with credential caching on rodc #334979

    Re: problem with credential caching on rodc

    when i try from client on subnet 192.168.3.0/24 command

    C:Windowssystem32>nltest /dsgetdc:my.domain /writable /TRY_NEXT_CLOSEST_SITE
    DC: [URL=”file://\rwdc.my.domain”]\rwdc.my.domain[/URL] Address: [URL=”file://\192.168.0.20″]\192.168.0.20[/URL]
    Dom Guid: d9ed3ceb-6068-4caf-9150-d37faf4981d8
    Dom Name: my.domain
    Forest Name: my.comain Dc Site Name: Default-First-Site-Name
    Our Site Name: Default-First-Site-Name
    Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE FULL_SECRET
    The command completed successfully

    what i do?

    Avatar
    gogi100
    Member
    in reply to: WSUS Server help…! #334978

    Re: WSUS Server help…!

    you also can use local group policy computer policy/aministrator template/windows components/windows update. you configure your windows update

    Avatar
    gogi100
    Member
    in reply to: access from high security level to low security level #334977

    Re: access from high security level to low security level

    thank’s very much

    Avatar
    gogi100
    Member
    in reply to: access from high security level to low security level #334976

    Re: access from high security level to low security level

    thank’s problem is solved. i remove acl on DMZ inbound. but how i enable that i can access from dmz to inside network?
    one more time thank’s

    Avatar
    gogi100
    Member
    in reply to: access from high security level to low security level #334975

    Re: access from high security level to low security level

    i made static nat 172.16.20.200 to x.x.x.180
    my show run nat

    Quote:
    nat (inside,outside) source static LAN-NETWORK LAN-NETWORK destination static VPN-POOL VPN-POOL
    !
    object network mail
    nat (DMZ,outside) static x.x.x.180

    my show run object

    Quote:
    object network VPN-POOL
    subnet 192.168.50.0 255.255.255.0
    description VPN Client pool
    object network LAN-NETWORK
    subnet 192.168.0.0 255.255.255.0
    description LAN Network
    object network NETWORK_OBJ_192.168.0.0_24
    subnet 192.168.0.0 255.255.255.0
    object network 192.168.0.10
    host 192.168.0.10
    object service ssl
    service tcp destination eq 465
    object service tls
    service tcp destination eq 995
    object network mail_server
    host 172.16.20.200
    object service StartTLS
    service tcp destination eq 587
    object service admin_port
    service tcp destination eq 444
    object service ODMR
    service tcp destination eq 366
    object service SSL-IMAP
    service tcp destination eq 993
    object network remote
    host 172.16.20.200
    object network test
    host 192.168.0.22
    object network mail
    host 172.16.20.200
    object network DMZ
    host 172.16.20.200
    object network Inside_DMZ
    host 192.168.0.20
    object service rdp
    service tcp destination eq 3389
    object service microsoft_dc
    service tcp destination eq 445
    Avatar
    gogi100
    Member
    in reply to: access from high security level to low security level #334974

    Re: access from high security level to low security level

    Quote:
    Unless there is an upstream device doing nat or your using public ip space on your lan, nat will be required as RFC1918 addresses are not routable

    my provider gave me scope of public ip addresses(5 addresses). when i make static nat on my mail server in DMZ to outside, again he cannot access to internet.

    Avatar
    gogi100
    Member
    in reply to: access from high security level to low security level #334973

    Re: access from high security level to low security level

    i think that users from inside or DMZ LAN can access internet without the rules or NAT’s, but they don’t it. why?
    When i put my mail server front of ASA5510 and my mail server have dns server like in DMZ zone x.x.x.177. my mail server have internet but when my mail server in dmz zone, he have not internet.

    Avatar
    gogi100
    Member
    in reply to: preoblem with DNS (A) records #334972

    Re: preoblem with DNS (A) records

    Quote:
    Generally you wouldn’t put mailservers in a DMZ too.

    why i don’t put mail servers in DMZ?

    Avatar
    gogi100
    Member
    in reply to: preoblem with DNS (A) records #334971

    Re: preoblem with DNS (A) records

    i want that my mail server receive and send mails. for that records i ask my provider that he put them in the zone?
    but in dns zone of my provider there’are not records for my mail server except mx record. dns server cannot resolve name of my server in ip address

    Avatar
    gogi100
    Member
    in reply to: preoblem with DNS (A) records #334970

    Re: preoblem with DNS (A) records

    which DNS records i need for my mail server that he work ok? is it A record, mx record, cname record? maybe just a record and mx record?
    thanks

    Avatar
    gogi100
    Member
    in reply to: problem with upgrading from win server 2003 to win 2008 #334969

    Re: problem with upgrading from win server 2003 to win 2008

    my windows 2008 is fresh installed.he point to the original DC as primary for DNS.the 2003 box marked as a GC,he hold all the FSMO roles correctly. in event logs, there’s errors which i puted in my posts

    Avatar
    gogi100
    Member
    in reply to: problem with upgrading from win server 2003 to win 2008 #334968

    Re: problem with upgrading from win server 2003 to win 2008

    i have dc with windows server 2003 sp2 and windows server 2008 enterprise(member of domain). i want upgrade active directory from win servr 2003 to windows server 2008. my dc work ok, i can reboot, but i don’t have backup of dc. my dns works ok. i have dc, which point just to itself

    Avatar
    gogi100
    Member
    in reply to: problem with upgrading from win server 2003 to win 2008 #334967

    Re: problem with upgrading from win server 2003 to win 2008

    when i started command dcdiag /test:kccevent, i received:

    Quote:
    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-NameDRI-NET
    Starting test: Connectivity
    ……………………. DRI-NET passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-NameDRI-NET
    Starting test: kccevent
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:14
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:18
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:19
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:52
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:52
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:53
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:46:53
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:47:36
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:49:27
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:49:27
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:50:21
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:50:22
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:50:22
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:50:23
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:50:23
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:51:57
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:51:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:51:59
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:52:11
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:52:58
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:24
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:33
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:33
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:33
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:33
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:38
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:53:42
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:54:01
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:54:04
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:56:20
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:56:20
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:56:25
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:56:42
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:56:42
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:57:36
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:57:36
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:58:04
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:58:12
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:59:02
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC00005C9
    Time Generated: 10/31/2012 14:59:05
    (Event String could not be retrieved)
    ……………………. DRI-NET failed test kccevent

    Running partition tests on : ForestDnsZones

    Running partition tests on : DomainDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running partition tests on : dri

    Running enterprise tests on : dri.local

    this is only error on this domain controller when i start dcdiag command. maybe it’s problem because i can’t make replication from windows server 2003 to windows server 2008. what i do?
    thanks?

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334966

    Re: site to site vpn with internet connection in same time

    again, nothing site to site vpn doesn’t work

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334965

    Re: site to site vpn with internet connection in same time

    i setted command

    Quote:
    crypto map outside_map 1 set ikev1 phase1-mode aggressive

    whether this is sufficient?

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334964

    Re: site to site vpn with internet connection in same time

    can you explain where i can find [TAG] and [SEQ#]?

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334963

    Re: site to site vpn with internet connection in same time

    can you explain how configure on asa 5505

    Quote:
    initiate aggressive mode on the device behind nat and then use fqdn’s as your IKE id.

    can i disable ikev2 on asdm from asa5505 and 5510

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334962

    Re: site to site vpn with internet connection in same time

    when i put
    sh crypto isa
    sh crypto isakmp sa

    i receive ‘There are no IKEv1 SAs’

    the tunneling must go in on ikev2 or ikev1?

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334961

    Re: site to site vpn with internet connection in same time

    therefore i must put those commands on asa5510

    Quote:
    tunnel-group 0.0.0.0 0.0.0.0 type ipsec-l2l
    pre-shared-key cisco

    crypto dynamic-map DYNAMIC set transform-set ” ” (Your transform-set)
    crypto dynamic-map DYNAMIC match address ” ” (Your Proxy ACL)
    crypto map VPN 65535 ipsec-isakmp dynamic DYNAMIC

    anything change on asa5505?

    I noticed the same thing that when i put
    sh crypto isa
    sh crypto isakmp sa

    i receive ‘There are no IKEv1 SAs’

    the tunneling must go in on ikev2 or ikev1

    Avatar
    gogi100
    Member
    in reply to: site to site vpn with internet connection in same time #334960

    Re: site to site vpn with internet connection in same time

    configuration from asa5505 is

    ASA Version 8.4(2)
    !
    object network obj_any
    subnet 192.168.5.0 255.255.255.0
    object network NETWORK_OBJ_192.168.0.0_24
    subnet 192.168.0.0 255.255.255.0
    object network NETWORK_OBJ_192.168.5.0_24
    subnet 192.168.5.0 255.255.255.0
    object-group service DM_INLINE_SERVICE_1
    service-object ip
    service-object tcp
    service-object icmp echo-reply
    object-group service DM_INLINE_SERVICE_2
    service-object ip
    service-object tcp
    service-object icmp echo-reply
    service-object udp
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any
    access-list outside_cryptomap extended permit ip 192.168.5.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list inside_to_outside extended permit ip 192.168.5.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list inside_to_outside extended permit object-group DM_INLINE_SERVICE_2 192.168.5.0 255.255.255.0 any
    access-list inside_to_outside extended deny ip any any
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 destination static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 no-proxy-arp route-lookup
    access-group inside_to_outside in interface inside
    route outside 0.0.0.0 0.0.0.0 10.15.100.1 1
    route inside 192.168.0.0 255.255.255.0 192.168.5.1 2
    route outside 192.168.0.0 255.255.255.0 10.15.100.1 3
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto map outside_map 1 match address outside_cryptomap
    crypto map outside_map 1 set peer x.x.133.178
    crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map interface outside
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable outside
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside vpnclient-wins-override
    dhcpd address 192.168.5.2-192.168.5.128 inside
    dhcpd auto_config outside interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy GroupPolicy_x.x.133.178 internal
    group-policy GroupPolicy_x.x.133.178 attributes
    vpn-tunnel-protocol ikev1 ikev2
    tunnel-group x.x.133.178
    type ipsec-l2l
    tunnel-group x.x.133.178 general-attributes
    default-group-policy GroupPolicy_x.x.133.178
    tunnel-group x.x.133.178 ipsec-attributes
    ikev1 pre-shared-key *****
    ikev2 remote-authentication pre-shared-key *****
    ikev2 local-authentication pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    configuration from asa 5510
    hostname asa5510
    object network NETWORK_OBJ_192.168.5.0_24
    subnet 192.168.5.0 255.255.255.0
    object network NETWORK_OBJ_192.168.0.0_24
    subnet 192.168.0.0 255.255.255.0
    object network 192.168.0.10
    host 192.168.0.10
    object-group network PAT-SOURCE-NETWORKS
    description Source networks for PAT
    network-object 192.168.0.0 255.255.255.0
    access-list INSIDE-IN remark Allow traffic from LAN
    access-list INSIDE-IN extended permit ip 192.168.0.0 255.255.255.0 any
    access-list Split_Tunnel_List extended permit ip 192.168.0.0 255.255.255.0 any
    access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
    ip local pool vpnadrese 192.168.50.1-192.168.50.100 mask 255.255.255.0
    nat (inside,outside) source static LAN-NETWORK LAN-NETWORK destination static VPN-POOL VPN-POOL

    nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 no-proxy-arp route-lookup

    nat (inside,outside) after-auto source dynamic PAT-SOURCE-NETWORKS interface

    access-group INSIDE-IN in interface inside

    route outside 0.0.0.0 0.0.0.0 178.254.133.177 1

    route inside 192.168.5.0 255.255.255.0 192.168.0.10 1
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

    crypto ipsec ikev2 ipsec-proposal DES

    protocol esp encryption des

    protocol esp integrity sha-1 md5

    crypto ipsec ikev2 ipsec-proposal 3DES

    protocol esp encryption 3des

    protocol esp integrity sha-1 md5

    crypto ipsec ikev2 ipsec-proposal AES

    protocol esp encryption aes

    protocol esp integrity sha-1 md5

    crypto ipsec ikev2 ipsec-proposal AES192

    protocol esp encryption aes-192

    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 match address outside_cryptomap
    crypto map outside_map 1 set peer 195.222.96.223
    crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

Viewing 30 posts - 1 through 30 (of 94 total)