askvictor's questions

I have a VNet with some VMs in Azure. The VNet has a site-to-site VPN connection back to my premises. From on-prem clients, I can successfully connect to the private IP addresses of the VMs. However, on-prem clients cannot connect to the public IP address of a VM. On the other hand, if I try to connect to a VM from different internet connection (3g on phone, or from home), then I can connect to the public address without problems. There are no network ACLs on network equipment on-prem that could be blocking this traffic (in fact a traceroute to the public IP address cuts out at a ntwk.msn.net address). Any thoughts on what the issue might be?

UPDATE 2: I have spun up a new vnet on a seperate IP range, and a new VM with a public IP. Connecting to the public IP of this VM works fine. Something in the VPN/routing of the original VNET seems to be part of the problem, as without a VPN everything is fine.

UPDATE: I'm beginning to think this has to do with the NIC on the VM. Azure NICs have a private and public IP on the same NIC, but the VM doesn't see the public IP address. Now, the vNet that the NIC is on has certain routing rules that specify certain traffic should route to on-prem via our VPN. I'm thinking that a request from on-prem gets to the VM's public IP successfully via public internet, but the reply is sent from the private IP over the VPN, and the client discards it as it came from a different IP. Since the OS on the VM is unaware of the public IP address, I have no idea how to fix this.

UPDATE 3: I used Wireshark to sniff packets on the the VM, and found that when I connect to the external IP from on-prem, no packets are received by the VM. So the problem might lie in the VNet, the SNAT of the Public IP, or the routing on the VM itself.

I have a computer running linux with a wifi and an ethernet interface. I'd like to set up link aggregation (at least fail-over, but other modes would be nice too) between these two so that both this computer, and others on the network see only a single IP address - is this possible?

I'm looking for a way to serve desktop applications (RemoteApp style) to a Chromebook (or other web browser), but running on a Linux server. All of the systems I've come across thus far (XenApp, VMWare HorizonView) are for virtualising Windows apps.

I'm aware I could do this with VNC/RDP for entire desktops, but I'm wanting to only send a single application rather than the whole desktop.

Cheers,

I have an ubuntu server (serverA) which has a couple of IPv6 addresses. One of these is based on it's MAC address, and is known to the network, the other one I presume ubuntu created as a 'private' address which hides the MAC address.

I have another server (serverB) which hosts a database, and requires an incoming connection from serverA. serverB has a firewall, only allowing incoming connections from serverA. I've specified serverA's MAC-based IP address in serverB's firewall exceptions, but not knowing the private address, didn't add this in. However, packers from serverA seem to be defaulting to come from the private address.

Is the private address deterministic? How can I disable it? Should I disable it?

I'm trying to log certain information from my network of Windows machines; I've set them to periodically collect this info, then I want it in a single CSV file on a network drive. I'm using a VBS to collect this data, using OpenTextFile in append mode for writing. Will this allow multiple computers to simultaneously append a line to this file? Or is there another way to do this (apart from storing a separate file for each device).

I don't care about the order (I collect a timestamp from each device).

I have a windows 7 SOE for my school which involves two partitions - C: for system (windows) and programs, and D: for Data. The "Users" folder is kept on D:. All users are in Active Directory.

I would like to be able to re-image drive C: when there is a problem, and have the user be able to pick up where they left off with the data on drive D:. However, when I tried re-imaging just drive C:, when I logged in for the first time, it created a new user folder in drive D: - I still had access to the old one, but it wasn't the default location for my files (the old one was named 'myusername' while the newly created one was named 'myusername.DOMAIN')

Any ideas how I can 're-link' the account to the pre-existing user drive? Registry entry? Sysprep command?

I have a server which needs to communicate with another server (both win 2k8r2). One of them recently had an IP address change, and I suspect that the IPv6 address that the AD DNS server holds is now invalid. Nevermind, I switched off IPv6 on both servers. Now when I try to ping one from the other, it resolves the name to an IPv6 address, so the ping (and other services) fail.

An nslookup resolves two IPv6 address and the IPv4 address. However, despite IPv6 being turned off (on both ends) it's still trying to use IPv6. Any ideas?

Can I use the same SSL certificate for a Tomcat service on port 443, and for a separate IIS service on some other port? Both services live on the same machine, on the same IP address and have the same DNS entry.

If so, how would I convert the certificate (issued for Tomcat/java) to a form that IIS7 can handle?

I work in a high school, and want to do a performance test of our wireless network. We have some 700 students, each with at least 1 wireless device. Assuming they will typically only use one device for any sort of high-throughput activity, that is about 700 devices. There are plenty of WAPs distributed around the school; roughly one per 25 students. The WAPs are all dual band 802.11n, and use a wireless controller. My idea is to have all users simultaneously download a large(ish) file, and record throughput both at the server and client level. Any considerations how I should serve such a file to stop disk IO being a bottleneck? What about the ethernet to the server being a bottleneck. Assuming each client having about 10Mbps, this would require the server to have some 7Gbps of network goodness available. Is this a valid concern? Are there any client-side tools that can synchronise the transfers and automatically report the speeds the client saw?

Alternately, if this is not a valid testing methodology, how would I go about doing a wireless performance test?

I have a few clients that need to sit across two otherwise separate networks. Let's call them network A (10.0.0.1) and network B (1.2.3.4).

Network A is effectively a private network; any Internet access on network A needs to go through a proxy.

I have configured routing such that traffic for 10...* will go through network A, and everything else will go through network B.

However, some private services on network A only exist in network A's private DNS - a lookup on network B will not resolve them. So even though the traffic could be routed to the right network, it won't be able to find the right network since the server doesn't exist in the public DNS.

Is it possible to configure Windows 7 to use one DNS server for certain lookups (e.g. all domains ending in example.private.lan), but use a different server for everything else?

I'm configuring a gateway/router linux box. It is performing masquerading/NAT. The primary Internet interface is a 3G modem, but if that goes down, I would like it to try a different interface automatically. How would I go about doing this? Can the routing rules automatically cater for this, or should I get it to periodically check if the 3G connection is up, and if not, try the other?

Cheers,

Victor

I have a number of (windows 7) laptops that normally connect via wireless. We also have a wired network for special purposes. When one of these laptops plugs in to the wired network, at the moment, it makes the wired network the default route. Instead, I would like it to keep the wireless network the default, and route only 10...* through the wired. I can achieve this with: route delete 0.0.0.0 IF 22 route add 10.0.0.0 ... IF 22 (where IF 22 is the wired network interface).

But how can I get this to stick? Currently, if the wired network is unplugged then re-plugged, it grabs the default route again. So I want a way of making the wireless network not get the default route, and to make the 10...* network persistent.

Is there a hook to run commands after a network connection is established in windows? In linux I would use post-up hooks.

I'm deploying a few hundred laptops next year. I want them to be dual boot machines, and have the windows side of things worked out using sysprep. For the second OS I want to use Ubuntu, but am uncertain how best to configure this. I can load a disk-image easily onto the disk, but when it boots, how would I best give the machine a unique name, generate the user (or join to the AD)? What are the tools/resources Ubuntu/Linux uses for this?

EDIT: I should have added: the disks will be cloned using ghost. After this, the machines will not be connected to a wired network - they will be completely wireless. I guess I could potentially pxe install linux after the ghost clone, but it would be quicker and easier just to do one imaging run. Any suggestions? I'm conjuring up some first-boot type scripts, but was wondering if there were any enterprise solutions.

Our organisation has an AD; all users are in the one OU. I administer a section of the users. We have a bunch of computers that I only want to allow logon by users in a particular AD group (i.e. users in my section). How might I go about this?

We have 200 odd wireless-only laptops that I want to put on a domain. The wireless authentication is user based, so establishing a wireless connection before the logon is not possible i.e. machine authentication is not possible.

However, the credentials for wireless auth and the domain are the same. Is it possible to configure the machines so windows tries to establish the wireless connection as the first part of the logon process? i.e. SSO?

Just to make things more complicated, the wireless system uses a supplicant (SecureW2) for authentication.

Possible Duplicate:
Is the audit mode of SYSPREP practically useful in Windows deployment?

The MS docs say when you should use it, and for what, but I can't find any description of what going into Audit mode actually does.

I'm trying to configure an image for deployment to other machines. I've configured the machine, then I run sysprep, choose generalize and OOBE. Sysprep does its thing, then reboots. Then when 'setup is starting services', I get a 'Windows could not finish configuring the system', and it advises to reboot and try again, which presents the same error. I've tried uninstalling symantec endpoint antivirus, but this does not prevent the issue. Where should I look for what is causing the problem? Is there a logfile?

I'm needing to use sysprep to deploy some Windows 7 machines. I can't find any resources that explain this very easily. In particular, I've loaded all of the programs I want for the image onto a computer. If I want to use prepares this for cloning onto 200 other machines, what steps would I need to take?

Or do I need to start again, creating the image using 'audit' mode? The machines I'm using come pre-configured from the manufacturer with a host of custom drivers that wouldn't be fun to re-install - I'd rather use their base image to build upon.

Cheers,
Victor

I need to set up an AD. The larger organisation I'm in has its own LDAP service which handles authentication and some other details. I would like to get AD to use that LDAP info just for authentication purposes. Is this possible?

I'm deploying about 200 laptops at a school, with a custom Windows 7 image. The supplier can clone the disk of the 'source' machine onto all 200 target machines. This allows for the pre-installation of required software. However, this does not adequately allow for the create of individual user accounts. At this point we are not running AD, and the machines are essentially unmanaged. I would like the following things:

• When the student first turns on the laptop, they will be presented with a screen asking them to enter their username.
• A new account will then be created for that user.
• There are certain settings (e.g. desktop background, taskbar applications) that I would like to pre-configure for the newly created user.

Any pointers to any info about this would be great.