Always On VPN and Windows Server 2019 NPS Bug

Richard M. Hicks Consulting, Inc.

When deploying a Windows Server 2019 Network Policy Server (NPS) to support a Windows 10 Always On VPN implementation, administrators may encounter the following error when attempting to establish a VPN connection on a remote Windows 10 client.

Can’t connect to [connection name].

The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

Always On VPN and Windows Server 2019 Network Policy Server Bug
In addition, an event ID 20227 from the RasClient will be recorded in the application event log with the following error message.

The user [username] dialed a connection named [connection name] which has failed. The error code returned on failure is 812.

Always On VPN and Windows Server 2019 Network Policy Server Bug

Common Causes

Always On VPN error code 812 indicates an authentication policy mismatch…

View original post 276 more words

Dynamic VLAN Assignment (Cisco and NPS)

Mike Pemberton's Blog

In an earlier post we used 802.1x to authenticate users into the network and assign them into a VLAN based on either a successful or unsuccessful authentication as well as a VLAN for clients who did not send an initial EAPOL message. While this can be quite useful, it can also be quite restrictive – what if we wanted different authenticated users into different VLANs rather than just the authenticated VLAN? This is entirely do-able. An example use case would be having be an office with several hot desks, used by various departments, but a compliance restriction that places heavy restrictions on network access into particular resources such as HR, finance and so on. It would be an administrative headache to keep logging into the switch each time to change the VLAN depending on who was sat at these hot desks for the day, so we can leverage 802.1x to do…

View original post 468 more words

Filter or LDAP filter

Richard Siddaway's Blog

Many of the Microsoft AD cmdlets have a –Filter and an –LDAPFilter parameter. So what’s the difference?

PS> Get-Help Get-ADUser -Parameter *Filter*

-Filter <String>
Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression
Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, see about_ActiveDirectory_Filter.

-LDAPFilter <String>
Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For more information, see the Filter parameter description and the about_ActiveDirectory_Filter.

This means you have two ways to approach a problem. Lets think about finding a…

View original post 171 more words

How to set up VMware ESXi, a Synology NFS NAS, and Failover Storage Networking

Frank's Tech Support

Hello, sandwich fans!  It’s been awhile since I’ve written, but I have some fresh deli meat for you today.  If you recall, last year I wrote a blog post about setting up VMware, Synology, and iSCSI MPIO.   It turns out to have been my most-read post so far, for which I thank you.  Since I’ve gotten such positive feedback, today I’m going to show you a similar setup, but this time I’m going to use NFS instead of iSCSI.

There are some pretty significant differences between iSCSI and NFS, both in terms of architecture and performance. One big difference is that NFS really doesn’t have support for multi-pathing (MPIO) in the way that iSCSI does.  It has a few work-arounds like using alternate subnets and so forth, but for today we’re going to rely on simple failover on the host side with LACP link bonding on the storage side.   …

View original post 1,485 more words

The EMP and DEPT tables in Oracle

oracle sample database for trainee

APEXPLAINED

I often use the EMP and DEPT tables for test and demonstration purposes. Both these tables are owned by the SCOTT user, together with two less frequently used tables: BONUS and SALGRADE. Execute the below code snippets to create and seed the EMP and DEPT tables in your own schema. The BONUS and SALGRADE tables are included as well, but are commented out. The DDL (data definition language) part creates the tables, the DML (data manipulation language) part inserts the data.

View original post 2 more words

EMC VNX – New Shutdown Options

David Ring

Note: Please ensure to reference official EMC documentation before proceeding and ensure your system health checks are passed before completing a shutdown.

A new feature with the release of VNX Rockies(Block OE 5.33 & File OE 8.1) was the ability to Shutdown the Entire Array using either a single command or via the ‘Power Off’ button in the Unisphere GUI. This feature is also available for first generation VNX storage system’s, from VNX OE code release 05.32.000.5.209 & 7.1.74.5 onwards.
These options are supported on Unified, Block and File systems.

Power Off via CLI
The new CLI option extends the nas_halt command to include a new switch to power down the entire system :
nas_halt –f –sp now
This will power off Control Stations, Data Movers and the Storage Processors.
usage: nas_halt [-f] [-sp] now
Perform a controlled halt of the Control Station(s) and Data Mover(s)
-f Force shutting…

View original post 84 more words

Server 2016 RDS via Azure AD Application Proxy end-to-end guide

gshaw0

remote_desktop_blueOne of our priorities for this year was to improve our remote access offering to staff to enable more flexible working whilst outside of college. Office 365 helps greatly and has already improved functionality in many ways but there’s still some legacy applications and classic file shares that need to be provided remotely too. If at all possible we prefer the files not to leave the network so some form of virtual desktop looked the way to go.

After discounting VMware and Citrix offerings on cost grounds the improvements to Microsoft’s RDS offering in Server 2016 seemed to come at a perfect time.

Even more so now we’ve implemented Azure AD Application Proxy (more on that shortly!) We’ve also recently decommissioned some services that freed up a bit of physical hardware resource to “play” with so away we went!

Server installation

The physical hardware for now is running on some…

View original post 1,520 more words

Publishing Remote Desktop Gateway through Web Application Proxy

murat senel blog

If you want to restrict access to your Remote Access Gateway and add pre-authentication for remote access, you can roll it out through Web Application Proxy. This is a really good way to make sure you have rich pre-authentication for RDG including MFA. Publishing without pre-authentication is also an option and provides a single point of entry into your systems.

How to publish an application in RDG using Web Application Proxy pass-through authentication

  1. Installation will be different depending on whether your RD Web Access (/rdweb) and RD Gateway (rpc) roles are on the same server or on different servers.

  2. If the RD Web Access and RD Gateway roles are hosted on the same RDG server, you can simply publish the root FQDN in Web Application Proxy such as, https://connect.abc.com/.

    You can also publish the two virtual directories individually e.g. https://connect.abc.com/rdweb/ and https://connect.abc.com/rpc/.

  3. If the RD Web Access and the…

View original post 137 more words

Install Remote Desktop Gateway on Windows 2016

GrumpySysAdmin Blog

Below is a step by step to getting a basic RDS gateway configured. There are additional steps and considerations that you may need to consider for your environment. In this example I am using port forwarding into my test lab, but you will want to consider where this server should be placed in your network and ensure proper firewalls are configured.

What is a Remote Desktop Gateway?

A RD Gateway allows remote users the ability to connect to internal network resources from outside the corporate network without utilizing a VPN. These internal resources can be on private or on a NAT network. The connectivity is achieved by transmitting RDP over a SSL tunnel using port 443. A RD Gateway server has a variety of authorization policies that allow you to control configuration for:

  • What groups of users can utilize the RD Gateway.
  • What computers or internal resources the authorized users…

View original post 446 more words