Wednesday, January 26, 2011
Access Based Enumeration and DFS in Windows 2008 R2
Please read the following article from MS Technet Blogs
Sunday, January 23, 2011
How to use teredo protocol in Windows 7
In Windows 7 Microsoft have configured DNS so that the system will never resolve any name to an IPv6 address, as long as the system only has link-local and Teredo IPv6 addresses. The trick is to provide windows with a 6to4 address reducted from your private IPv4 address. Use the following link to create an IPv6 address from your IPv4 address and go to your LAN properties to give this IPv6 static address to your TCP/IPv6 component. In my case the address is 2002:c0a8:3709:: and the prefix is always 48. Do not assign a default gateway address.
Open an elevated command prompt and enter the command
netsh int ipv6 show route
to print the ipv6 routing table. You will see the index of the teredo tunneling interface. In my case the index is 16, so I enter the following command to create a default route through this interface:
netsh interface ipv6 add route ::/0 interface=16
Try to ping ipv6.google.com to see if it's working.
Enter this command to check if teredo is enabled
netsh int teredo show state
If state is offline then enter this command to activate teredo
netsh int teredo set state type=client
and then
netsh interface ipv6 delete route ::/0 interface=16
netsh interface ipv6 add route ::/0 interface=16
We assume here that the interface index is 16.
Windows 7 deactivates this route if there is no ipv6 traffic for a certain period of time. To disable this functionality use the local group policy:
Run gpedit.msc and navigate to Computer Configuration -> Administrative Templates -> Network -> TCPIP Settings -> IPv6 Transition Technologies
Double click the "Teredo Default Qualified" setting, change it from "Not Configured" to "Enabled", and click OK, then close gpedit.msc
From an elevated command prompt enter the command gpupdate /force to force a refresh of the group policy.
In a windows domain environment teredo is always disabled. You must use the command
netsh int teredo set state type=enterpriseclient
to bypass this restriction
You must also open in your router/firewall the IPv4 udp port 3544 to the traffic travelling from your internal network to the Internet because this port is used from teredo protocol
For more info take a look at http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/
Open an elevated command prompt and enter the command
netsh int ipv6 show route
to print the ipv6 routing table. You will see the index of the teredo tunneling interface. In my case the index is 16, so I enter the following command to create a default route through this interface:
netsh interface ipv6 add route ::/0 interface=16
Try to ping ipv6.google.com to see if it's working.
Enter this command to check if teredo is enabled
netsh int teredo show state
If state is offline then enter this command to activate teredo
netsh int teredo set state type=client
and then
netsh interface ipv6 delete route ::/0 interface=16
netsh interface ipv6 add route ::/0 interface=16
We assume here that the interface index is 16.
Windows 7 deactivates this route if there is no ipv6 traffic for a certain period of time. To disable this functionality use the local group policy:
Run gpedit.msc and navigate to Computer Configuration -> Administrative Templates -> Network -> TCPIP Settings -> IPv6 Transition Technologies
Double click the "Teredo Default Qualified" setting, change it from "Not Configured" to "Enabled", and click OK, then close gpedit.msc
From an elevated command prompt enter the command gpupdate /force to force a refresh of the group policy.
In a windows domain environment teredo is always disabled. You must use the command
netsh int teredo set state type=enterpriseclient
to bypass this restriction
You must also open in your router/firewall the IPv4 udp port 3544 to the traffic travelling from your internal network to the Internet because this port is used from teredo protocol
For more info take a look at http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/
Thursday, January 13, 2011
How to connect to a SMB share in a Windows Server using an alias name
According to this Microsoft article when a client computer connects to a Microsoft Windows 2000-based computer or a Microsoft Windows Server 2003-based computer by using an alias name, the client may receive the following error message:
System error 52 has occurred.
A duplicate name exists on the network.
This problem can occur when you try to connect to the server by using a CNAME alias that is created in the DNS zone. For example, this problem may occur with a command similar to the following sample command
net view \\alias.domain name.com
where alias is a CNAME record that is created for the server in the domain name.com zone. The server is not "listening" on the alias, and therefore is not accepting connections to that name.
To resolve this problem in Windows Server 2003, follow these steps:
1. Create the CNAME record for the file server on the appropriate DNS server, if the CNAME record is not already present.
2. Apply the following registry change to the file server. To do so, follow these steps:
1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
3. On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1
4. Quit Registry Editor.
3. Restart your computer.
You may also have to set the SPN (Service Principal Name) for the Alias Name:
setspn -a host/aliasname targetserver
setspn -a host/aliasname.contoso.com targetserver
The registry key that is mentioned is applicable only to SMB 1.0. To communicate over the SMB2.0 protocol, or CIFS (Common Internet File System), you do not have to set the registry key. SMB 2.0 allows for the functionality described in this article to work by default without additional configuration. Computers that run Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows 7 support both SMB 1.0 and SMB 2.0. Windows includes an SMB client component (Client for Microsoft Windows) and an SMB server component (File and Printer Sharing for Microsoft Windows). By default, SMB 2.0 is the file sharing protocol that is used when both client and server support it.
The SMB protocol revision to be used for file operations is decided during the negotiation phase. A Windows Vista or later client advertises to the server that it understands the new SMB 2.0 protocol. If the server understands SMB 2.0, SMB 2.0 is used for communication. Otherwise, the client and server use SMB 1.0. If SMB 1.0 is expected to be used, you can set the registry key that is mentioned above on Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7.
System error 52 has occurred.
A duplicate name exists on the network.
This problem can occur when you try to connect to the server by using a CNAME alias that is created in the DNS zone. For example, this problem may occur with a command similar to the following sample command
net view \\alias.domain name.com
where alias is a CNAME record that is created for the server in the domain name.com zone. The server is not "listening" on the alias, and therefore is not accepting connections to that name.
To resolve this problem in Windows Server 2003, follow these steps:
1. Create the CNAME record for the file server on the appropriate DNS server, if the CNAME record is not already present.
2. Apply the following registry change to the file server. To do so, follow these steps:
1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
3. On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableStrictNameChecking
Data type: REG_DWORD
Radix: Decimal
Value: 1
4. Quit Registry Editor.
3. Restart your computer.
You may also have to set the SPN (Service Principal Name) for the Alias Name:
setspn -a host/aliasname targetserver
setspn -a host/aliasname.contoso.com targetserver
The registry key that is mentioned is applicable only to SMB 1.0. To communicate over the SMB2.0 protocol, or CIFS (Common Internet File System), you do not have to set the registry key. SMB 2.0 allows for the functionality described in this article to work by default without additional configuration. Computers that run Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows 7 support both SMB 1.0 and SMB 2.0. Windows includes an SMB client component (Client for Microsoft Windows) and an SMB server component (File and Printer Sharing for Microsoft Windows). By default, SMB 2.0 is the file sharing protocol that is used when both client and server support it.
The SMB protocol revision to be used for file operations is decided during the negotiation phase. A Windows Vista or later client advertises to the server that it understands the new SMB 2.0 protocol. If the server understands SMB 2.0, SMB 2.0 is used for communication. Otherwise, the client and server use SMB 1.0. If SMB 1.0 is expected to be used, you can set the registry key that is mentioned above on Windows Server 2008, Windows Server 2008 R2, Windows Vista, or Windows 7.
Subscribe to:
Posts (Atom)