I have an OpenVPN client on a Windows 7, that connects to an OpenVPN server with tap.
The tunnel establishes correctly.
AFAIK, tap means that my virtual adapter is 'virtually' connected to the remote LAN, gets a remote LAN ip and participate in the LAN broadcast domani and so on.
When the tunnel is established, my virtual adapter gets the correct IP.
But I cannot ping the other hosts in the remote network.
It might be a problem on the sererver side, but before checking there i've noticed something strange on the client side, in the way Windows handles the virtual interface.
Let's begin.
When the tunnel is up, the virtual interface is up too. In my routing table i can see my phisical network 192.168.2.0, infact my local IP is 192.168.2.134.
Then I can see the remote network 172.16.1.0, directly attached to my interface 172.16.1.40. So far so good. (i've removed loopback entries)

          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.134     25
       172.16.1.0    255.255.255.0         On-link       172.16.1.40    276
      172.16.1.40  255.255.255.255         On-link       172.16.1.40    276
     172.16.1.255  255.255.255.255         On-link       172.16.1.40    276
      192.168.2.0    255.255.255.0         On-link     192.168.2.134    281
    192.168.2.134  255.255.255.255         On-link     192.168.2.134    281
    192.168.2.255  255.255.255.255         On-link     192.168.2.134    281
        224.0.0.0        240.0.0.0         On-link       172.16.1.40    276
        224.0.0.0        240.0.0.0         On-link     192.168.2.134    281
  255.255.255.255  255.255.255.255         On-link       172.16.1.40    276
  255.255.255.255  255.255.255.255         On-link     192.168.2.134    281

Thus, clients on the remote network shouldn't be reached via gateway, but through direct routing via the virtual interface provided by openvpn.
But when i trace the route to an host on the remote network (that my PC should see as local) my client routes it on the gateway, and obviously, get lost.

C:\Users\agostinox>tracert 172.16.1.17
  1     1 ms     1 ms     1 ms  192.168.2.1
  2    14 ms    96 ms   101 ms  192.168.1.1
  3     *        *        *     Richiesta scaduta.
  4    24 ms    12 ms    12 ms  172.17.129.137
  5     *        *        *     Richiesta scaduta.

And here it seems that the system routes packages straight to the gateway as it didn't see the directly attached network adapter. Why does this happen?

Edit 1 - details on my OpenVPN client config

C:\Users\agostinox>openvpn --version
OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08

And my client config:

remote xxx.xxx.xxx.xxx
cipher AES-128-CBC
port 1194
proto tcp-client
dev tap
ifconfig 172.16.1.40 255.255.255.0
dev-node "Connessione alla rete locale (LAN) 3"
secret a_file_containing_my_preshared_key.key
ping 10
comp-lzo
verb 4
mute 10

Edit 2, details on my server configuration

Here is the "backup" of my (pfsense) server configuration.
As you can see the configuration is at the minimum possible.

<openvpn>
  <openvpn-server>
  <vpnid>2</vpnid> 
  <mode>p2p_shared_key</mode> 
  <protocol>TCP</protocol> 
  <dev_mode>tap</dev_mode> 
  <ipaddr /> 
  <interface>wan</interface> 
  <local_port>1194</local_port> 
  <description><![CDATA[ test tap OpenVPN server]]> 
  </description>
  <custom_options /> 
  <shared_key>... my shared key, omitted ...</shared_key> 
  <crypto>AES-128-CBC</crypto> 
  <engine>none</engine> 
  <tunnel_network /> 
  <tunnel_networkv6 /> 
  <remote_network /> 
  <remote_networkv6 /> 
  <gwredir /> 
  <local_network /> 
  <local_networkv6 /> 
  <maxclients /> 
  <compression>yes</compression> 
  <passtos /> 
  <client2client /> 
  <dynamic_ip /> 
  <pool_enable>yes</pool_enable> 
  <topology_subnet /> 
  <serverbridge_dhcp /> 
  <serverbridge_interface /> 
  <serverbridge_dhcp_start /> 
  <serverbridge_dhcp_end /> 
  <netbios_enable /> 
  <netbios_ntype>0</netbios_ntype> 
  <netbios_scope /> 
  </openvpn-server>
</openvpn>

Edit 3, output of ipconfig /all

When the tunnel is up, this is the output of

ipconfig /all

Scheda Ethernet TAP-Interface:

   Suffisso DNS specifico per connessione:
   Descrizione . . . . . . . . . . . . . : TAP-Windows Adapter V9
   Indirizzo fisico. . . . . . . . . . . : 00-FF-7B-FB-32-C0
   DHCP abilitato. . . . . . . . . . . . : Sì
   Configurazione automatica abilitata   : Sì
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::3838:3c0c:c3c6:fcca%35(Preferenziale)
   Indirizzo IPv4. . . . . . . . . . . . : 172.16.1.40(Preferenziale)
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Lease ottenuto. . . . . . . . . . . . : giovedì 16 aprile 2015 09:57:32
   Scadenza lease . . . . . . . . . . .  : venerdì 15 aprile 2016 09:57:32
   Gateway predefinito . . . . . . . . . : fe80::20c:29ff:fe92:2272%35
   Server DHCP . . . . . . . . . . . . . : 172.16.1.0
   IAID DHCPv6 . . . . . . . . . . . : 1107361659
   DUID Client DHCPv6. . . . . . . . : 00-01-00-01-14-AE-89-EA-F0-4D-A2-63-11-97
   Server DNS . . . . . . . . . . . . .  : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
   NetBIOS su TCP/IP . . . . . . . . . . : Attivato

After having installed a software on my Windows 2003 terminal server, no user has been able to launch applications anymore.
When they log to the server via remote desktop, each icon they click produces the message "there is no application associated to this file". Even "My Computer" or other default links.

After a lot of research, I discovered that the:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes(all the sub-entries)
miss the "users" item in the permissions ACLs (see the screenshot below).

Infact, administrators aren't affected by the problem and regular users that get included into local administrator groups work correctly again.

Then i discovered an even more worrying fact.
In order to do some test, i've tried to manually assing to one of these subfolter the access for a regular user, and it worked, e.g.:giving access to the "Folder" entry, the user gets access to the "My Computer" item
But if i try to remove it, the system says that i can't because it is inherited by the parent!

So the propagation from parent to sub-items seems to be corrupted here.
Any idea of a way to fix it?

In the User part of a GPO that i activate for users who log on a terminal server, i tried to set the Administrative Templates, Desktop, "Hide and disable all objects on the desktop" (may be that the name isn't exact because i've translated it from italian, unfortunately).
Since the guide (also in italian) points out clearly that this gpo will hide also "My network places", i expect it to do so, and to disappear from Explorer too.
Well it doesn't, while it disappears if i set the network-places dedicated gpo, just a few lines below.
Is this a bug or the guide should be interpreted in another way?

In a Windows Terminal Server (2003 R2) where the users are not allowed to run a remote desktop, but just the applications they want (that's Citrix work), i've published "Explorer.exe" for the users to get their files. How can i prevent Explorer.exe to launch Internet Explorer when a user writes an url in the address bar instead of a local file path?

I have a Windows 2003 that hosts a Citrix Secure Gateway service. (It is a reverse proxy that adds SSL to my otherwise unencrypted connections)

It doesn't depend on IIS that indeed may also be stopped.
But for one fact: as an SSL proxy, this "secure gateway" must be provided with certificates.
When it comes to create a CSR, i need to revive my IIS, generate the CSR for the CA and install the certificate returned back from the CA (that is, process the csr pending request).
I am wondering if there is another tool in order to do such things because i can easily imagine Windows servers without IIS installed on them and I would like to have a procedure to manage those cases too.

At new customer I ound on an 2003 install the situation described in the title. A production database is installed in the instance used by SBS for monitoring the system.

Is it recommended to keep things in such a situation, or am I supposed to use an ad hoc SQLServer instance?

Is there some official recommendation about the case?

I have an extenal HP DAT 160 USB. The system i use is a Windows Server 2003, i launch a backup over the device with NTBackup.
I cannot store in the dat more than 80 GB, that is the hardware compression seems not to work.

After having enabled WebDav on an Apache httpd 2.2, i want to give access to a specific directory (that has not to do with other sites managed by httpd).
What is the smallest set of entries to do this?

I have an application that uses files on a network drive (K:) that normally is connected during user logon via net use K: \myserver\myshare .... The same files should be accessed by a windows service installed on a server. But the service doesn't fire a logon script, obviously.
It seems to me that all the mapped network drive stuff is available to an windows session (terminal server or client) and not to services which by definition run without the need of a user to be logged into the system. If so, what are my options?

I have installed an alfresco community edition 4.0 on a Win 2003 R2 with 3GB of RAM.
I've used alfresco for some hours, i've created a user, uploaded some documents. But now, restarting it, tomcat crashes during startup.

The logs are VERY poor: these are the last lines of conf/jakarta_service_20120420.log

[2012-04-20 15:45:07] [info] Commons Daemon procrun (1.0.2.0) started
[2012-04-20 15:45:07] [info] Running Service...
[2012-04-20 15:45:07] [info] Starting service...
[2012-04-20 15:45:08] [info] Service started in 1296 ms.

The last lines of conf/stderr_20120420.log

20-apr-2012 15.45.09 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
20-apr-2012 15.45.09 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.29
20-apr-2012 15.45.09 org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
20-apr-2012 15.45.10 org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
20-apr-2012 15.45.12 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext

The conf/stdout_20120420.log is empty.

I need to improve the troubleshooting process so:

1) how to increase the log level?

I replaced "FINE" the with "ALL" in conf/logging.properties, but nothing changed.

2) any other suggestion on troubleshooting startup is appreciated :-)

Starting from jre 1.6u10, browser integration uses a so-called "next-generation plugin".

Some old applications are not compatible with it, and (on windows) it could be disabled in control panel, java, Advanced, Java Plug-in, remove the check from "Enable the next-generation Java Plug-in (requires browser restart)".
The problem is that sometimes this check is grayed out, and it is not uncheckable even if you have amdinistrative priviledges and run as administrator.
Any workaround to solve this?

UPDATE:

I've done some testing on some machines with different operating systems, browsers and java versions.
Initially I've supposed that the problem was w 7 or the fact that it was a 64 bit o.s., but there is a case (case 3) that denies this assumption.
So there is something "else" on a machine that determines this option to be grayed out.

Test   O.S               Browser    JRE version    State 

  1    W 7 64 (Home)     IE 9       7u2   64       grayed out

  2    W 7 64 (Bus)      IE 8       6u27  64       grayed out

  3    W 7 64 (Bus)      IE 9       6u22  64       NOT grayed out

I logged on as administrator and created a trusted connection for a software that connects to my sqlserver. Then I logged on as a regular user and checked on the db server the users connected. Surprise: the user logged on was the administrator (the one that configured the connection) and not the current log-on user. Is it a "trusted connection" feature? I suspect that this behavior is introduced by my software. thanks in advance Agostino