Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > Specific Hardware Topics > Business & Enterprise Computing

Notices

Reply
 
Thread Tools
Old 1st September 2017, 12:45 PM   #1666
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,113
Default

Quote:
Originally Posted by millsy_c View Post
Hmm okay, because I don't like that you have to configure clients with split tunnel VPN so S4B 'works' with it, that just sounds like an overtly shit idea.
Doc-of-FC seems to be super cluey on Windows-based VPN solutions - if you have a direct question, I'd probably pm him...
NSanity is online now   Reply With Quote
Old 4th September 2017, 3:54 PM   #1667
freaky_beeky
Member
 
freaky_beeky's Avatar
 
Join Date: Dec 2004
Location: Brisbane
Posts: 940
Default

Anyone knowledgeable enough with DirectAccess to give me a hand for a moment?

Having some definite DNS issues...

Configuration is Single NIC behind edge device.

I can connect with a client device to the DirectAccess server, but DNS does not function.

To make matters worse, the DirectAccess server registers a AAAA record in DNS, which means that I cannot access the server internally either, as IPv6 is disallowed internally. (thinking this is highly likely to be related). e.g.

Code:
Server:  globaldns.contoso.local
Address:  10.255.150.138

Name:    vw-dv-da-01.contoso.local
Address:  fd29:f2ef:21b0:1:0:5efe:10.0.70.1
Code:
C:\Users\contoso_user>ping vw-dv-da-01
Ping request could not find host vw-dv-da-01. Please check the name and try again.
It should (try) and fail back to the IPv4 (A record) I would have thought, but apparently not.

I tried setting the following
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters
DisabledComponents DWORD registry value 20 (Hexadecimal)
to try and prefer an IPv4 address, but no luck.

I haven't quite sussed out the full DNS config here (I'm finding more and more components as I keep looking, (no diagrams or KBs)), any hints, tips would be appreciated.

I should note, that as this is a PoC I've got Any rules configured in the relevant firewalls.
__________________
i own a pc
freaky_beeky is offline   Reply With Quote
Old 4th September 2017, 4:06 PM   #1668
cvidler
Member
 
cvidler's Avatar
 
Join Date: Jun 2001
Location: Canberra
Posts: 10,613
Default

have you tried ping -4 servername ?
(assuming recent windows-y environment)

the -4 will force IPv4.
__________________
We might eviscerate your arguments, but we won't hurt you. Honest! - Lucifers Mentor
⠠⠵
[#]
cvidler is offline   Reply With Quote
Old 4th September 2017, 4:10 PM   #1669
freaky_beeky
Member
 
freaky_beeky's Avatar
 
Join Date: Dec 2004
Location: Brisbane
Posts: 940
Default

Quote:
Originally Posted by cvidler View Post
have you tried ping -4 servername ?
(assuming recent windows-y environment)

the -4 will force IPv4.
I have, and unfortunately, it is the exact same result.
__________________
i own a pc
freaky_beeky is offline   Reply With Quote
Old 4th September 2017, 4:15 PM   #1670
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,113
Default

reads like dns search path problems to me...

try

Code:
ping vw-dv-da-01.contoso.local
NSanity is online now   Reply With Quote
Old 4th September 2017, 4:55 PM   #1671
freaky_beeky
Member
 
freaky_beeky's Avatar
 
Join Date: Dec 2004
Location: Brisbane
Posts: 940
Default

Quote:
Originally Posted by NSanity View Post
reads like dns search path problems to me...

try

Code:
ping vw-dv-da-01.contoso.local
Exactly the same (I have 'contoso.local' as my dns suffix).

I think this one has got me and I'll need to draw it properly (was just asked to 'quickly' knock a PoC up...)
__________________
i own a pc
freaky_beeky is offline   Reply With Quote
Old 5th September 2017, 8:16 AM   #1672
freaky_beeky
Member
 
freaky_beeky's Avatar
 
Join Date: Dec 2004
Location: Brisbane
Posts: 940
Default

Quote:
Originally Posted by freaky_beeky View Post
Exactly the same (I have 'contoso.local' as my dns suffix).

I think this one has got me and I'll need to draw it properly (was just asked to 'quickly' knock a PoC up...)
Well after going home and coming back in the morning, my direct access server has registered another IPv6 address in DNS as an AAAA record and now resolves and pings IPv4 fine...

The second address is an encapsulated version of the IPv4 address (is encapsulated the right word?, it's the same prefix as its other AAAA record but ends in the IPv4 address), but I have no idea why it didn't exist before and/or disappeared.

I'm going to have to get some more time associated to this so I can do it properly, 'cos this crazy is making me lose it.
__________________
i own a pc

Last edited by freaky_beeky; 5th September 2017 at 8:43 AM.
freaky_beeky is offline   Reply With Quote
Old 12th September 2017, 8:17 AM   #1673
QuakeDude
ooooh weeee ooooh
 
QuakeDude's Avatar
 
Join Date: Aug 2004
Location: Melbourne
Posts: 8,263
Default

Anyone here had much experience with Palo Altos TRAPS AV product? It doesn't look like its got an inbuilt firewall like the existing Symantec product we're using.. We've just kicked off a trial to evaluate it, but I'd be keen to hear from anyone who's actually using it.
QuakeDude is online now   Reply With Quote
Old 13th September 2017, 12:10 PM   #1674
mr626
Member
 
mr626's Avatar
 
Join Date: Jul 2011
Posts: 2,646
Default

Is there any reason why I can't run Active Directory Based Authentication services on the same server I'm running KMS services?

Edit: nevermind, appears the answer is yes

https://social.technet.microsoft.com...m=winservergen

Last edited by mr626; 13th September 2017 at 1:42 PM.
mr626 is offline   Reply With Quote
Old 14th September 2017, 2:41 PM   #1675
looktall Thread Starter
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 23,252
Default

i have an MS licensing question.

we are a global company.
we purchase our MS licenses in canada because we get better pricing.

there are w10 MAK licenses doing the round in the various regions but we're told by management that we can't use them in AU because they're not for our region.

is that how the licensing normally works?

i would have thought that it would be purchased for the company and could be used in any region as long as it's within the company.

EDIT: or is it a "well it depends" sort of thing?
looktall is offline   Reply With Quote
Old 14th September 2017, 2:48 PM   #1676
person
Member
 
person's Avatar
 
Join Date: Mar 2003
Location: Brisbane
Posts: 292
Default

Quote:
Originally Posted by looktall View Post
there are w10 MAK licenses doing the round in the various regions but we're told by management that we can't use them in AU because they're not for our region.

is that how the licensing normally works?
Unfortunately I believe this is correct - We have the same problem, I have to purchase licences in Australia, Canada, and South America as they are three different regions, for Volume Licences

See here https://www.microsoft.com/en-us/lice...-regional.aspx

Office365 on the other hand - you can purchase it in Canada and just assign it to "Australia" and that's valid. So the subscription model is likely to change this region thing.
person is offline   Reply With Quote
Old 14th September 2017, 3:08 PM   #1677
looktall Thread Starter
Working Class Hero
 
looktall's Avatar
 
Join Date: Sep 2001
Location: brabham.wa.au
Posts: 23,252
Default

Quote:
Originally Posted by person View Post
if i'm reading this correctly, licenses purchased for the asia pacific region are interchangeable between countries within that region?

eg. licenses purchased for malaysia can be used in australia.
looktall is offline   Reply With Quote
Old 14th September 2017, 3:16 PM   #1678
freaky_beeky
Member
 
freaky_beeky's Avatar
 
Join Date: Dec 2004
Location: Brisbane
Posts: 940
Default

Quote:
Originally Posted by looktall View Post
if i'm reading this correctly, licenses purchased for the asia pacific region are interchangeable between countries within that region?

eg. licenses purchased for malaysia can be used in australia.
Last time I dealt with this, this was the case, (excluding China), however I would definitely not make an assumption on this kind of thing. I suggest seeking out a MS Partner for advice, preferably multiple, as you'll unlikely get the same answer twice.
__________________
i own a pc
freaky_beeky is offline   Reply With Quote
Old 15th September 2017, 7:17 PM   #1679
7nothing
Member
 
7nothing's Avatar
 
Join Date: Feb 2002
Location: Brisbane
Posts: 1,370
Default Email for critical communications

I'm sure I've seen mention of how stupid users are for bringing this up, and I know the most appropriate answer is "hahaha, you're a f'ing idiot", but unfortunately I'm not in a position to give them such an honest response at this time. What I do have to do is respond to someone who has enough free time to fill out an internal non-compliance form cos Outlook (most likely) hit a bit of OST corruption and lost some emails stuck in outbox.

I'd like to explain why this is a moot point by giving some good evidence of how obvious it must be that email is not a system for critical communications, but, it's kinda hard to find anything o365 terms or SLA that makes that clear.

Exchange online terms (http://www.microsoftvolumelicensing....mentId=12702):

Emails
An end user will be able to send email messages, receive email messages that originate from within and outside of Customerís organization, and access the end userís mailbox.

Which has seriously far less caveats than I'd expect, so they must be somewhere else in the agreement. SLA has targets for delivery time after it hits o365, but not much else. Anyone know where I can find an official statement that explains "absolutely no guarantee of delivery is provided"?
__________________
blbk. My domain name expired.
7nothing is offline   Reply With Quote
Old 15th September 2017, 7:56 PM   #1680
NSanity
Member
 
NSanity's Avatar
 
Join Date: Mar 2002
Location: Canberra
Posts: 16,113
Default

outlook lies all the fucken time. OWA if you have to prove it.

Even then, there is no guarantee - given you don't own the whole path to the recipient in most cases - that it will be delivered.
NSanity is online now   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 8:00 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!