Hi,
I'm having a hard time trying to understand what you mean. Are you having
replication problems between 2 DCs or between a computer with the ADC
installed on and Active Directory? Please provide more information
For starters you could look at:
Noah,
There are a couple of ways to do this, but essentially the
REAL (ie the physical NIC) in the physical serverhas the Virtual Server
NIC driver bound to it so that Virtual machines can have access to a REAL (ie
non-virtual) network.
Suppose you have a server with two physcial NICs in
1265 Errors can happen for a variety of reasons. How about sending the
results of a DCDIAG, NETDIAG, REPADMIN /SHOWREPS from each machine.
You might also look at trying some of the newer tools made available this
month. NETPRO's Directory Troubleshooter is really slick, and also Quest's
new AD
Last week I sent the below question to this thread. I
apologize for having to resend it but my mail server experience problems and I
am not sure if there were any replies to my question. If there were any posts
to my question, would someone please resubmit it to the list so that I can read
All I can add is putting our roaming profiles on DFS was a
nightmare and I have gone back to not having it on DFS. I now use
%variables% instead.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
EdwinSent: Wednesday, November 24, 2004 7:04 AMTo:
[EMAIL PROTECTED]Subject:
Edwin,
It is not recommended to store user
profiles on DFS volumes. The reason is because there could be a
replication issue that could corrupt the volume. Here are two good
articles that cover profiles. The last one has a best practice guide.
Hi,
See also
http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx
Here they also adviseagainst using roaming profiles with DFS. It is
also not supported
Regards,
Jorge
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman,
RussSent: woensdag 24
Return Receipt
Your RE: [ActiveDir] Roaming Profiles and DFS
document
:
Than you guys for your quick responses.
This list rocks!
I have noticed problems with DFS and
roaming profiles on the test domain that I have but I wasnt sure if it
was because of my lack of knowledge.
As of now, I am beginning to use RoboCopy
to where I will have the job run every 3
Title: Message
That is interesting. How do you create a
ADM, do you just open up the existing ADM in notepad and just copy and paste
into a new notepad file and save it with a ADM extension?
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
You want to use Robocopy to copy the
profiles to a DFS Share, or between the two DC and the file server?
Todd
From: Edwin
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 24, 2004
8:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Roaming
Profiles and DFS
Than
Robocopy is excellent, I've used it in many circumstances.
The only problem you might find with running it from a logoff script is the
extra time it will take the PC to shut down or log off. I'd run it regularly on
the server, making sure you're only mirroring newer
documents.
Greg
Is it possible to have the Windows Messenger client dynamically populate
thecontacts list from the Exchange GAL? Is there a way to do this manually?
Isaw an article on the MSDN site that says this can be done:http://msdn.microsoft.com/library/default.asp?url="">,however,
I am not a
Check out the following doc. Its a great overview of how to write your own ADMs:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
Essentially, yes, you would just copy and paste the relevant sections. However,
there are some tags that you
We
have not considered it because right now IM is not considered mission-critical.
Plus, we need to allocate our budget to other projects instead at this time.
Exchange 2000 and Windows Messenger is currently all we need, I am just
wondering if there is an easier way to manage the contacts.
I don't want to beat a dead horse,but can someone point me to a doc or resource
on configuring Win2k RRAS VPN server for L2TP/IPsec with WinXP clients using
Kerberos and NOT pre-shared keys or certs?
I have edited ipsec gpo's on both client and RRAS server and still I get a
need cert error.
Tom,
I do not think you can use L2TP/IPSEC without a certificate.
Regards,
Aric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, November 24, 2004 8:28 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] Hate to beg..
I don't want
Then why oh why is kerberos an option?
thanks
-Original Message-
From: Bernard, Aric [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 24, 2004 11:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
Tom,
I do not think you can use L2TP/IPSEC without a certificate.
I would agree. The whole point behind IPSec/L2TP is having that
certificate.
Sorry
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Wednesday, November 24, 2004 8:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
Hello All:
I know this is a little off topic, but I have Windows2003 Standard question.
Is there anyway to have a task scheduled to do an automatic compression on a
folder each month?Thanks for any help
Chris Pohlschneider
Network Administrator
Cenveo-Sidney
937-497-2136
[EMAIL
Can you clarify as to where you are seeing Kerberos as an option for
L2TP/IPSEC?
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, November 24, 2004 8:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
Kerberos is not supported at least on W2K.
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q248711
There were supposed to be some changes for W2K3, but those were for IPSEC
(such as startup changes etc). I had not heard if they made the changes for
this type of setup.
For 2K3 this
In secpol.msc under ip security policies on local machine. open up one of the
pre built policies and go to authentication. you have a choice of pre shared
key,cert and kerberos.
kerberos is checked off as the default.
Thanks
-Original Message-
From: Bernard, Aric [mailto:[EMAIL
Let me clarify a little. It's a rare occurrence when you could use kerb
auth for this. Not likely designed for what you are wanting to do.
Click the Authentication Methods tab, configure the authentication method
that you want (use preshared key for testing, and otherwise use
certificates).
Using certificate based authentication, an administrator can generate
the proper certificate for the machine and then ship the certificate,
physically or electronically, to the machine which is in need of the
certificate for VPN access.
In the case of Kerberos, there is no technical facility in
so is the option only there for peer to peer ipsec?
does win2k not support kerberos for ipsec with rras?
I just want to know why kerberos is the default option in the policy. i'm
confused.
thanks
-Original Message-
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November
Unfortunately this is not applicable to an L2TP connection; however it
works like a charm for basic machine to machine IPSEC.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, November 24, 2004 8:59 AM
To: [EMAIL PROTECTED]
all clients are in the same domain.
only the ip of the RRAS server would be public and visible.
If this is so rare why is it the default?
you'd figure it'd be some reg hack and not checked off in the gui of the ipsec
policy if its rarely used.
on another note,is it alot worse to use pptp
the clients are already at the remote site.
whats a good way to get the machines the cert?
thanks
-Original Message-
From: Bernard, Aric [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 24, 2004 12:05 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
Using certificate
Hi,
Use the COMPACT command in W2K3.
See the following: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url="">
For other commands in W2K3 see
the command-line reference - execute HH NTCMDS.CHM
Regards,
Jorge
From: [EMAIL PROTECTED]
So, you can use pure ipsec machine to machine but only L2TP/IPsec machine to
RRAS server?
and where is it that you can specify just IPsec and NOT L2TP?
Can you elaborate?
Thanks
-Original Message-
From: Salandra, Justin A. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 24, 2004
In the case of Kerberos, no that would be the exception...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salandra,
Justin A.
Sent: Wednesday, November 24, 2004 9:35 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
SO like client to
L2TP, or Layer 2 Tunneling Protocol, is a protocol designed to create
VPN tunnel between a client and a VPN endpoint or 2 VPN end-points. It
includes mutual authentication of the caller and the VPN host which
differs from PPTP. In addition, user credentials, in addition to the
machine
Tom-
You can use Public Key policy to push certs to machines already in the
domain.
Darren
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, November 24, 2004 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Hate to beg..
Any reason why you don't just set the folder properties to
compressed and just always have it compressed?
Am I missing something?
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pohlschneider,
ChrisSent: Wednesday, November 24, 2004 11:48 AMTo:
[EMAIL
Yes anything you move into the folder will be compressed
while in the folder.
joe
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pohlschneider,
ChrisSent: Wednesday, November 24, 2004 1:52 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir]
That
is probably what I will
In RRAS mmc there is nothing to set cert or kerberos auth.
there is an authentication tab which allows you to use ms-chap v2 or just
chap,etc in the remote access policy.
Also, a question- in the RRAS mmc,are you just setting L2TP propertites or
L2TP/IPsec propertites? Or do you just set the
Return Receipt
Your RE: [ActiveDir]
document:
Title: Message
- Original Message -
From:
Salandra,
Justin A.
To: [EMAIL PROTECTED]
Sent: Thursday, November 25, 2004 1:09
AM
Subject: RE: [ActiveDir] Configure "Check
for newer versions of stored pag es"
That is
interesting. How do you create a
Title: Message
Justin,
You can use Notepad... or a 3rd party tool.
:-)
Alan
CuthbertsonPolicy Management Software:- http://www.sysprosoft.com/index.php?ref=activedirf=pol_summary.shtml
ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedirf=adm_summary.shtml
Policy Log
Dan-
You can do
this programmatically with an LDAP search and that COM object in the MSDN
article. As I recall, Windows Messenger has some artificial limit of like 99
people on your buddy list. If you have a GAL smaller than 99 people would not
be an issue, but, if you have a few
Todd, I want to have Robocopy copy the
files from the single IDE drive found on the file server to the single IDE drive
found on each of the domain controllers.
Lara, I have never really had a use of
Robocopy until now. I tested it and it worked great! The fact that it copies
over ACLs
42 matches
Mail list logo
