So we had ADFS Proxy connected with ADFS (Install-WebApplicationProxy), both Windows Server 2019. Had to re-establish the trust, but it waits a loong time, retrying auth

AD FS Event logs

ADFS Side has event 276 with weird values:

The federation server proxy was not able to authenticate to the Federation Service. User Action Ensure that the proxy is trusted by the Federation Service. To do this, log on to the proxy computer with the host name that is identified in the certificate subject name and re-establish trust between the proxy and the Federation Service using the Install-WebApplicationProxy cmdlet.

Additional Data

Certificate details:

Subject Name: Thumbprint:

NotBefore Time:

NotAfter Time:

There are lots of thsee events as each ~20 sec proxy retries auth. However the first event generated after Install-WebApplicationProxy is 395:

The trust between the federation server proxy and the Federation Service was established successfully using the account 'example\administrator'.

Proxy trust certificate subject: CN=ADFS ProxyTrust - ADFSproxy. Proxy trust certificate thumbprint: 3F5DBD1C735A57C5FEA8C18905EE83CEAE3EA732 So obviously my credentials are correct, the cert could be delivered to ADFS. I validated it using certlm.msc - the cert is under AdfsTrustedDevices

SChannel logs

I see following event on both, ADFS and ADFS Proxy:

Event 36867:

Creating a TLS client credential.

However for ADFS Proxy there are also warnings, Event Id 36857:

The remote server has requested TLS client authentication, but no suitable client certificate could be found. An anonymous connection will be attempted. This TLS connection request may succeed or fail, depending on the server's policy settings.

AD FS Tracing

Turned on Debug log.

ADFS:

Multiple Event 107 Errors:

ProxyRequestHandler.DefaultExceptionHandler: ProxyTrust could not be verified for certificate with subject name '' and thumbprint ''.

Exception details: Exception: No client certificate associated with the request was found. StackTrace: at Microsoft.IdentityServer.Web.Proxy.TlsRequestVerificationMethod.VerifyTrustedRequest(WrappedHttpListenerContext context, String& auditInformation) at Microsoft.IdentityServer.Web.Rest.RestRequestHandler.OnGetContext(WrappedHttpListenerContext context)

Error retrieving proxy configuration. Microsoft.IdentityServer.WebHost.Proxy.ProxyTrustException: No client certificate associated with the request was found. at Microsoft.IdentityServer.Web.Proxy.TlsRequestVerificationMethod.VerifyTrustedRequest(WrappedHttpListenerContext context, String& auditInformation) at Microsoft.IdentityServer.Web.Rest.RestRequestHandler.OnGetContext(WrappedHttpListenerContext context)

TlsRequestVerificationMethod: Incoming request didnt contain a cert.

ADFS Proxy.

Event 54:

Found certificate matching thumbprint '3F5DBD1C735A57C5FEA8C18905EE83CEAE3EA732'

Event 52 Errors:

Request for configuration failed with status:ProtocolError Message: The remote server returned an error: (401) Unauthorized. Exception:System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityServer.Management.Proxy.StsConfigurationProvider.GetStsProxyConfiguration(X509Certificate2 trustCert)

Random things tried

• Disabled TLS1.3 (not that it's a thing on 2019) https://jaapwesselius.com/2022/01/19/adfs-web-application-proxy-configuration-wizard-fails-with-trust-certificate-error/
• Enabled TLS 1.0, 1.1 (Previously only 1.2 was configured)
• .NET Registry keys for enabling strong crypto was missing. Added. + Set default TLS 1.2
• Set winHTTP default protocol to TLS1.2 using registry
• Got latest CU 2024-03 on both servers
• Checked that the generated cert on adfsproxy has private key read permissions for adfssrv, appproxyctrl and appproxysvc service accounts.

All in all seems cert gets delivered to ADFS but client auth fails.

I don't know too much internals for ADFS Proxy / Web Application Proxy - hope there is someone who can direct me how to further troubleshoot this. Now we must endure some downtime :(

P.S. If someone recommends re-establishing trust - I AM trying to do that. These events are generated as part of that process. It fails with: An error occurred while attempting to retrieve configuration data from the Federation Server. Unable to retrieve pro...

P.P.S Could it be some configuration that prevents certificates within AdfsTrustedDevices be used for client auth? P.S. ADFS ProxyTrust - ADFSproxy cert doesn't have any enchanced key usage - but I checked with other proxy server which was working, it neither has. How does it even trust this self-signed cert? Does ADFS implicitly trust selfsigned certs within AdfsTrustedDevices?

Having 2 guest Windows Server 2016 OSes hosted by Hyper-V Server 2016. The guest OS cluster is very unreliable and one of the nodes constantly gets quarantined (multiple times per day).

I also have Windows Server 2012R2 cluster. Those are hosted by same Hyper-V hosts and have no issues whatsoever. That means I have the same networking and hyper-v infrastructure in-between 2012R2 as well as 2016.

Further config for 2016 hosts:

1. In Network Connections, TCP/IPv6 is unchecked for all adapters. I'm aware that this actually doesn't disable IPv6 for Cluster as it uses hidden network adapter by NetFT and there it encapsulates IPv6 in IPv4 for heartbeats. I have the same configuration on good 2012R2 hosts.
2. Although 2012R2 cluster worked like I wanted without Witness, I initially configured 2016 the same. Trying to troubleshoot these issues, I added File Share Witness to 2016 cluster - no change.
3. Network Validation Report completes successfully

I know WHAT happens, but don't know WHY. The WHAT:

1. Cluster plays ping-pong with heartbeat UDP packets via multiple interfaces between both nodes on port 3343. Packets get sent approx. each second.
2. Suddenly 1 node stops playing ping-pong and doesn't respond. One node still tries to deliver heartbeat.
3. Well, I read cluster logfile to find out that the node removed routing info knowledge:

000026d0.000028b0::2019/06/20-10:58:06.832 ERR   [CHANNEL fe80::7902:e234:93bd:db76%6:~3343~]/recv: Failed to retrieve the results of overlapped I/O: 10060
000026d0.000028b0::2019/06/20-10:58:06.909 ERR   [NODE] Node 1: Connection to Node 2 is broken. Reason (10060)' because of 'channel to remote endpoint fe80::7902:e234:93bd:db76%6:~3343~ has failed with status 10060'
...
000026d0.000028b0::2019/06/20-10:58:06.909 WARN  [NODE] Node 1: Initiating reconnect with n2.
000026d0.000028b0::2019/06/20-10:58:06.909 INFO  [MQ-...SQL2] Pausing
000026d0.000028b0::2019/06/20-10:58:06.910 INFO  [Reconnector-...SQL2] Reconnector from epoch 1 to epoch 2 waited 00.000 so far.
000026d0.00000900::2019/06/20-10:58:08.910 INFO  [Reconnector-...SQL2] Reconnector from epoch 1 to epoch 2 waited 02.000 so far.
000026d0.00002210::2019/06/20-10:58:10.910 INFO  [Reconnector-...SQL2] Reconnector from epoch 1 to epoch 2 waited 04.000 so far.
000026d0.00002fc0::2019/06/20-10:58:12.910 INFO  [Reconnector-...SQL2] Reconnector from epoch 1 to epoch 2 waited 06.000 so far.
...
000026d0.00001c54::2019/06/20-10:59:06.911 INFO  [Reconnector-...SQL2] Reconnector from epoch 1 to epoch 2 waited 1:00.000 so far.
000026d0.00001c54::2019/06/20-10:59:06.911 WARN  [Reconnector-...SQL2] Timed out, issuing failure report.
...
000026d0.00001aa4::2019/06/20-10:59:06.939 INFO  [RouteDb] Cleaning all routes for route (virtual) local fe80::e087:77ce:57b4:e56c:~0~ to remote fe80::7902:e234:93bd:db76:~0~
000026d0.00001aa4::2019/06/20-10:59:06.939 INFO    <realLocal>10.250.2.10:~3343~</realLocal>
000026d0.00001aa4::2019/06/20-10:59:06.939 INFO    <realRemote>10.250.2.11:~3343~</realRemote>
000026d0.00001aa4::2019/06/20-10:59:06.939 INFO    <virtualLocal>fe80::e087:77ce:57b4:e56c:~0~</virtualLocal>
000026d0.00001aa4::2019/06/20-10:59:06.939 INFO    <virtualRemote>fe80::7902:e234:93bd:db76:~0~</virtualRemote>

Now the WHY part... Why does it do that? I don't know. Note that a minute earlyer it complains: Failed to retrieve the results of overlapped I/O. But I can still see UDP packets being sent/received

until the route was removed at 10:59:06 and only 1 node pings, but have no pongs. As seen in wireshark, there is no IP 10.0.0.19 and 10.250.2.10 in source column.

The route is re-added after some ~35 seconds, but that doesn't help - the node is already quarantined for 3 hours.

What am I missing here?

The problem:

• DC1 Clock: 17:23
• AD joined client clock: 17:28

After client> w32tm /resync time is in sync, but the clock again jumps forward for 5 minutes for client. It always happens in less than a minute.

Ok, maybe syncing from somwhere else. I did manually set peer list to domain controllers :

client>w32tm /config /manualpeerlist:"DC1 DC2 DC3" /syncfromflags:manual
The command completed successfully.

client>w32tm /resync
Sending resync command to local computer
The command completed successfully.

The result? Doesn't help, because behaviour is the same. I should note that the DC and client is in different subnets, but can communicate.

What should I check to further troubleshoot the situation, please?

Posting requested information:

client> w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 30000 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Policy)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Policy)
ResolvePeerBackoffMaxTimes: 7 (Policy)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 0 (Policy)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Policy)
Type: NT5DS (Policy)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)


client> get-date -format "yyyy.MM.dd hh:mm:ss"

2013.05.27 10:53:12 (Time WRONG)


client> w32tm /resync
Sending resync command to local computer
The command completed successfully.
client> get-date -format "yyyy.MM.dd hh:mm:ss"

2013.05.27 10:48:03 (Time OK)


client> w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0804749s
Root Dispersion: 7.8843410s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: 2013.05.27. 10:53:17
Source: DC1
Poll Interval: 10 (1024s)

client> get-date -format "yyyy.MM.dd hh:mm:ss"

2013.05.27 10:53:44 (Time WRONG)


client> w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0804749s
Root Dispersion: 7.8845136s
ReferenceId: 0x0A0A0109 (source IP:  10.10.1.9)
Last Successful Sync Time: 2013.05.27. 10:48:17
Source: DC1
Poll Interval: 10 (1024s)

Please see edit below, as it turns out that the problem is with uid/gid to sid mapping and shows a workaround that will help understand the problem more quickly.

We have a Ubuntu 11.04 server machine (lets's call it data) joined to Windows Domain with tools provided by likewise-open So far so good, because i am able to:

1. Log on to machine with AD credentials
2. Set permissions for files and folders with extended ACLs and they work. So by setting "Domain Admins" permission on the folder, i can log onto machine with different domain admin account and access that folder.

So the computer itself understands which domain groups i am member of and can correctly handle permissions.

But the problem is when i want to access files from samba share. Windows doesn't seem to understand that we are talking about same "Domain Admins" or any other domain user/group.

Details

The home folder has is acl-enabled

My share as it's in smb.conf:

[home]
        path = /home/local/MYDOMAIN
        browsable = yes
        guest ok = no
        read only = no
        writeable = yes
        valid users = MYDOMAIN\Administrator, @MYDOMAIN\"Domain Users", @MYDOMAIN\"Domain Admins"
        write list = @MYDOMAIN\"Domain Users", @MYDOMAIN\"Domain Admins"
        nt acl support = yes
        create mask = 700
        directory mask = 700
        hide dot files = yes

So far so good, i can access the share given that folder has read/execute permissions bits set for "others"

So lets try to access test_directory with domain permissions set. I remove any unix permissions:

janis.veinbergs@data:/home/local/MYDOMAIN$ whoami
janis.veinbergs
janis.veinbergs@data:/home/local/MYDOMAIN$ id janis.veinbergs
...1319633408(domain^admins)...
janis.veinbergs@data:/home/local/MYDOMAIN$ cd /home/local/MYDOMAIN
janis.veinbergs@data:/home/local/MYDOMAIN$ sudo chown root:root ./test_directory/
janis.veinbergs@data:/home/local/MYDOMAIN$ sudo chmod 700 ./test_directory/

So on the machine, if i try

ls ./test_directory/

Obviously, i get

ls: cannot open directory ./test_directory/: Permission denied

So i add all permissions for "Domain Admins". (I could have skipped the MYDOMAIN\ thing, because MYDOMAIN is the default domain for the machine)

$ sudo setfacl -m g:MYDOMAIN\\"Domain Admins":rwx ./test_directory/

I can do things in the directory

$ echo "yay" >> ./test_directory/test.txt
$ ls ./test_directory/
test.txt

So far so good, data understands domain groups.

But if i try to access that share on windows machine (from powershell):

PS> whoami
mydomain\janis.veinbergs
PS> gci \\data\home\test_directory
Get-ChildItem : Access to the path '\\data\home\test_directory' is denied.

Now, from data, i'll add permissions for others, so i can access that folder from windows:

$ sudo chmod o+rx ./test_directory/

Now, from windows, i can see files:

PS> gci \\data\home\test_directory


    Directory: \\data\home\test_directory


Mode                LastWriteTime     Length Name                                                                                      
----                -------------     ------ ----                                                                                      
-----       2012.02.06.     14:56          4 test.txt  

Now i can view permissions in properties window (localized, but you can get the idea)

I wonder why it shows Unix Group\domain^admins rather than MYDOMAIN\domain^admins ? What am i missing here and how to make it work?

EDIT: Found a workaround

I'v found a workaround and possible cause but don't know how to resolve It turns out that some wrong mapping between id's are happening.

If i look up the sid-to-gid mapping with wbinfo for MYDOMAIN\Domain Admins group i find that the mapped unix gid is 10010. And this if i set permissions using gid, not the name, the permissions works and windows understands them:

$ sudo setfacl -m g:10010:rwx ./test_directory/

When i enumerate permissions in numerical form, to see gid's and sid's, i see that when settings permissions like MYDOMAIN\"Domain Admins", it actually uses a different GID

$ getfacl -n ./test_directory/
# file: test_directory/
# owner: 0
# group: 0
user::rwx
group::r-x
group:10010:rwx  <-- this is the actual GID mapping for MYDOMAIN\\"Domain Admins" group (setfacl -m g:10010:rwx) and it works when browsing share with windows
group:1319633408:rwx <-- this entry is when setting permission like setfacl -m g:MYDOMAIN\\"Domain Admins":rwx
mask::rwx
other::---

I then looked at my idmap configuration in smb.conf:

   idmap domains = ALL
   idmap config ALL:backend = lwicompat_v4
   idmap config ALL:default = yes
   idmap config ALL:readonly = yes
   idmap uid = 10000-33554431
   idmap gid = 10000-33554431

I see that the gid from ACL entry 1319633408 doesn't go into the defined scope. So i tried extending scope to 10000-3355443100, restarted smbd, but it still didn't work.

So now i have a workaround, to set permissions using gid's, sid's, but thats not user friendly. What should i do to fix this?

We have a computer in a dusty environment. Worked for more than a year and then PSU died, probably because PSU fan wasn't cooling enought good. I tried to rotate the fan by hand and it was rotating hard.

We have a need for another computer in another dusty environment, so to make a better choice, i`m researching about ways to save computer from dust as i have no experience in such field.

The PC can be low power/performance PC, as it just needs to operate with the database software and work with a printer.

Ways to keep computer clean

I am now reading The dust free computer and it mentions 4 ways to solve the problem:

• Clean the environment. Not possible, as this is manufacturing
• Reduce the need of airflow. Computer without fans.
• Isolate the computer. An interesting and cheap solution - wrap the computer in a dirt bag and that's all.
• Use filtered airflow.

What i`m thinking about

1. First of all i look forward for a small PC, wall mounted would be nice, but is there any that doesn't require fans to operate? I'm looking at Dell Optiplex FX160, but would that be an option? I don't actually know if this device has fans, but as i'm reading the technical guidebook, it requires that there is some spacing for the airflow: But as i'm looking that are "so many dots" for airflow, i`m afraid that it could be blocked by dust really fast?

2. Just buying a regular PC and upgrading airflow as mentioned in the article - will it really solve the problem or just mitigate it?

3. Well the dirt bag looks like a real option.

But what are your experiences and suggestions?

I get access denied when trying to initiate zone transfer.

For a dig @ns.example.com example.com axfr i'm getting

client 71.252.219.43#58392: zone transfer 'balticovo.eu/AXFR/IN' denied

Configuration:

1. Server is NATed, behind firewall. If it would be firewalls issue, i wouldn't see in my computer log files that there such a request has been made.
2. named process runs as bind user which is chrooted in /var/lib/named.

3. named.conf:

   web:/var/lib/named/etc# cat named.conf
   options {
       directory "/etc";
       pid-file "/var/run/named.pid";
       statistics-file "/var/run/named.stats";
       allow-transfer { 127.0.0.1; };
       listen-on port 53 { any; };
       listen-on-v6 port 53 { any; };
   };
   
   logging {
       category default { default_syslog; default_debug; };
       category unmatched { null; };
   
       channel default_syslog {
           syslog daemon;
           severity info;
       };
   
       channel default_debug {
           file "named.run";
           severity dynamic;
       };
   
       channel default_stderr {
           stderr;
           severity info;
       };
   
       channel null {
           null;
       };
   };
   
   zone "." {
       type hint;
       file "/etc/root.hints";
   };
   
   zone "localhost" {
       type master;
       file "/etc/localhost";
   };
   
   zone "0.0.127.in-addr.arpa" {
       type master;
       file "/etc/127.0.0";
   };
   
   zone "example.com" IN {
           type master;
           file "sites/example.com/forward.zone";
           allow-transfer { 202.157.182.142; 71.252.219.43; };
           allow-update { none; };
           allow-query { any; };
           zone-statistics yes;
   };   
   

4. All files are owned by bind. And the named process truly runs by the chrooted user.
5. Digging other than axfr record works.
6. named -v outputs BIND 9.6-ESV-R3

I have a problem where my Layer 3 Dell PowerConnect 6248 Switch (main switch) will sometimes (that means sometimes it works, sometimes it won't) not get an arp response from a device behind Dell PowerConnect 2824 (edge switch).

The situation

- - - - -       ===============          ===============       - - - - - 
| client | ---- | Main Switch | -------- | Edge switch | ----- | Device |
- - - - -       ===============          ===============       - - - - - 

1. If the Client is on same vlan as Device, there is no problem and traffic always flows.
2. If the Client is on different vlan, then only sometimes traffic will flow. This switch routes between vlans (inter-vlan routing).

3. Main switch broadcasts (many) arp packets, but seems like no response?!

   990 719.323028  Dell_xx:xx:xx   Broadcast   ARP Who has 10.11.0.43?  Tell 10.11.0.1
   

   because when looking at main switch's arp table, it doesn't know coressponding mac address:

   #show arp
   IP Address        MAC Address      Interface        Type        Age
   ---------------  -----------------  --------------  --------  -----------
   10.11.0.43       0000.0000.0000     vlan 11         Dynamic    0h  0m  2s
   

4. Main switch knows to which port traffic has to be sent to reach Device. There is an entry in address table that shows on which port the device is, the only problem is the switch doesn't know that particular IP corresponds to this MAC address :(

   Address table:

   VLAN ID     MAC Address           Interface  
   VLAN 11     00:1c:c0:ef:e0:03       2/g5
   

5. Edge switch is L2 switch and it appears that address tables are ok for this switch also.

6. Some additional info about main switch:

   #show arp brief
   
   Age Time (seconds)............................. 1200
   Response Time (seconds)........................ 1
   Retries........................................ 4
   Cache Size..................................... 1024
   Dynamic Renew Mode ............................ Disable
   Total Entry Count Current / Peak .............. 68 / 99
   Static Entry Count Configured / Active / Max .. 6 / 6 / 64
   

Where is the problem?

Sometimes the traffic will just start flowing. Does the problem lie within the Main Switch or Edge Switch? Is it device configuration maybe? Maybe something with network cables? Main switch and edge switch is connected with fibre optics if it helps. Where should i look into?

Workaround

Creating a static arp entry solves the problem... currently I need only 5 arp entries for my devices, but this is just a workaround not a solution.

Windows Server 2003 has this feature where you can forward queries for domain "example.com" to specific nameserver (not the default DNS server).

How do i set this up in BIND? For example, i want to set up forwarding for local TLD to specific local nameserver.

Bind version 9.6

Working configuration

As Khaled noted, we can use forwarders statement in zone clause. It worked with the following configuration:

zone "local." IN {
   type forward;
   forward only;
   forwarders { 10.10.1.9; };
};

We actually don't have an domain installation, just 1 server, which is domain controler with local domain TLD. But we want to implement domain, first off changing domain controler name to outside-reachable domain.

Currently this box runs SharePoint. No exchange, no client workstations, no nothing. But SharePoint actually imports users from AD, i'm concerned on what will happen after the domain has changed?

Should it be safe to remove active directory controller and then create new one with the new domain?

When i run dcpromo and try to remove active directory, i read that "All user accounts in this domain will be deleted". I would like to preserve created groups (that reside in folder Users) and users (that reside in another, dedicated to them, folder)

How to preserve the users? Will it not harm SharePoint?

Its currently all about 1 server, no more. It couldn't be hard, could it?

There is a dedicated DNS SPF record which can be used for SPF record. However DNS TXT record may also be used for backwards compatibility.

If i CAN define SPF record - should i just delete the deprecated TXT record or leave it?

Reading throught web, I often find recommendations that a subnet should not have many hosts, usually recommended number is 254, but without any explanation why.

I wanted to have multiple networks in class A address range (10.*.*.*), one for example would be video network 10.10.0.0 with subnet 255.255.0.0 where i could do like that:

• 10.10.0.* - some IP videocameras location X
• 10.10.1.* - some IP videocameras location Y
• 10.10.2.* - some IP videocameras location Z

Could anyone please explain me if having few hosts in a big network is likely to be a problem or not? If no then why those recommendations about 254 host subnets? Mabybe those are just old recommendations.

I`m talking about DELL PowerConnect 6248 here.

For Module 1 bay you can buy PowerConnect 6xxx SFP+ Module supports up to two SFPs (no SFPs included)

Can i plug into these those Transceivers that are offered for front end SFP ports :

SFP Optical Transceiver, 1000BASE-LX, LC

instead of what DELL offers for Modular Upgrade Bay 1: Optics: ??

POWERCONNECT 6XXX Long Range, Single-Mode SFP+ Optic

?

That is 1Gbit instead of 10Gbit.

Looking for a core (other switches and devices are connected to this switch) switch at our company.

I wonder if splitting LAN into VLANS and then gaining access to some computers to that network is possible without layer 3 switch?

And what's possible with layer 3 switch and not possible with layer 2 ? What if we want to connect 2 networks over internet?

The goal

is to find out which parts of network should be upgraded / reorganized to improve network health (reliability and performance).

What are the methods to monitor network traffic, detect bottlenecks, latency, packet loss? Can i do it from 1 point in network or do i have to plug my computer in specific network places?

What would be the best strategy to check networks load, detect bottleneck etc?

Now there are many tools, but is installing it and running anywhere enought for ntop, cacti? I`v googled around and found something that says

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.

But I cannot use it until i understand how to gather the data, so i`m asking this question.

Background

Our network is totally built on cheap network switches but the network has pretty much expanded involving Computers, Network cameras and some other hardware with network interfaces. All of network devices are 100mbit, none are 1gbit.

• Cameras get recorded on few PCs at distant locations and viewed on other PCs at distant locations.
• Computers are no more than 50, but few are pretty distant (large area here), some are 300meters away etc. There is a radio link and fibre optic connceting those places. These computers usually connect to database application.

Network map

• Red lines are Fibre optic
• Black lines are Ethernet cables
• Boxes are physical locations

The problem:

• If i access SharePoint from Windows 7 with IE8 or Chrome5 - I must wait for like a minute to get a response. If i use other Windows 7 with IE8, just the same - just wait a MINUTE.
• If i use Firefox3.6 on W7 machine - page opens up instantly.
• Now switch to IE rendering engine in Firefox, you will have to wait just as with IE.
• Now i tried IE8 on XP SP3 - page opens up instantly.
• I tried IE8 on Windows Server 2003 SP2 (machine on which SharePoint is hosted) - page opens up instantly.

IIS6 Logs

I did request almost instantly from all 3 browsers and this is what shows up in IIS logs (first 2 entries for each browser):

Chrome

Ok, IIS saw first Chrome request when i Hit enter in browser, but i had to wait long for things to move on

2010-06-01 05:46:04 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/533.4+(KHTML,+like+Gecko)+Chrome/5.0.375.55+Safari/533.4 401 2 2148074254

Loading...

2010-06-01 05:47:07 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/533.4+(KHTML,+like+Gecko)+Chrome/5.0.375.55+Safari/533.4 401 1 0

... etc...

Firefox

All Instantly

2010-06-01 05:46:06 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+lv;+rv:1.9.2.3)+Gecko/20100401+Firefox/3.6.3 401 2 2148074254

2010-06-01 05:46:06 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+lv;+rv:1.9.2.3)+Gecko/20100401+Firefox/3.6.3 401 1 0

... etc...

IE

I did hit enter when it was 05:46:06, but these are first entries in IIS logs

2010-06-01 05:47:08 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+Tablet+PC+2.0;+.NET+CLR+1.1.4322;+.NET4.0C;+.NET4.0E) 401 1 0

2010-06-01 05:47:08 W3SVC1794621940 192.168.0.9 GET /sapulces - 80 - 192.168.0.186 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+Tablet+PC+2.0;+.NET+CLR+1.1.4322;+.NET4.0C;+.NET4.0E) 401 1 0

... etc...

Nothing to see in Event Logs.

Fiddler

IE

GET /dokumenti HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: lv-LV
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: serveris

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
Date: Mon, 07 Jun 2010 08:40:46 GMT
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /dokumenti HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: lv-LV
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: serveris
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==

HTTP/1.1 401 Unauthorized
Content-Length: 1539
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAEgASADgAAAAVgonihccyI36f5i4AAAAAAAAAAIIAggBKAAAABQLODgAAAA9CAEEATABUAEkAQwBPAFYATwACABIAQgBBAEwAVABJAEMATwBWAE8AAQAQAFMARQBSAFYARQBSAEkAUwAEABIAQgBhAGwAdABpAGMAbwB2AG8AAwAkAHMAZQByAHYAZQByAGkAcwAuAEIAYQBsAHQAaQBjAG8AdgBvAAUAEgBCAGEAbAB0AGkAYwBvAHYAbwAAAAAA
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
Date: Mon, 07 Jun 2010 08:41:49 GMT
Proxy-Support: Session-Based-Authentication

------------------------------------------------------------------
GET /dokumenti HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: lv-LV
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJgAAAAYABgAsAAAABIAEgBYAAAAHgAeAGoAAAAQABAAiAAAABAAEADIAAAAFYKI4gYBsB0AAAAPirSYl+w3M1gPelXA+mS9OEIAQQBMAFQASQBDAE8AVgBPAGoAYQBuAGkAcwAuAHYAZQBpAG4AYgBlAHIAZwBzAEoAQQBOAEkAUwAtAFAAQwCxt4kZryxtOgAAAAAAAAAAAAAAAAAAAAC7gY8LTv2TqmFbggCo52sIVw8zy2V/s0ZHHFSqA0tiiGpcNplfJlok
Host: serveris

HTTP/1.1 302 Object Moved
Content-Length: 161
Content-Type: text/html
Location: http://serveris/dokumenti/default.aspx
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
Date: Mon, 07 Jun 2010 08:41:49 GMT

------------------------------------------------------------------
GET /dokumenti/default.aspx HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Accept-Language: lv-LV
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
If-Modified-Since: Mon, 07 Jun 2010 06:45:23 GMT
Host: serveris

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 114839
Content-Type: text/html; charset=utf-8
Expires: Sun, 23 May 2010 08:41:49 GMT
Last-Modified: Mon, 07 Jun 2010 08:41:49 GMT
Server: Microsoft-IIS/6.0
MicrosoftSharePointTeamServices: 12.0.0.6520
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: WSS_KeepSessionAuthenticated=80; path=/
Set-Cookie: MSOWebPartPage_AnonymousAccessCookie=80; expires=Mon, 07-Jun-2010 09:11:49 GMT; path=/
Set-Cookie: ASP.NET_SessionId=d2r5lj32dm4svg554sixwc2t; path=/; HttpOnly
Date: Mon, 07 Jun 2010 08:41:51 GMT

------------------------------------------------------------------

Chrome

But when trying to use Google Chrome, then fiddler hangs if i do not close chrome soon after sending request - all i see in fiddler is a flood (thousands) of 401 (unauthorized) responses.

The question

Similar question has been asked but there is no response and i`m trying to access page without SSL and that happens even on GET requests.

Where do I look? Where would be the problem? Browser? OS? I don't even know what to think about.

Just a note

Just a note about chrome's process isolation: I found it sad that while I was waiting that minute with Chrome, i could not use any other tab (i could switch, but i could not, for example, scroll or use any controls)

We have several IP cameras and more to be added. The problem is they consume pretty much CPU power and we are thinking of buying newer hardware for that.

The camera provides MPEG4 video on the fly and i wonder if there are GPUs that will help render video to leverage CPU?

Installed SharePoint Services v3 (SP2, october 2009 cumulative updates, Language Pack), attached to a content database I had previously (all works). Installed Search server 2008 Express (with language pack) on top of WSS and crawl does not work. However it works for newly created web application + database.

Was playing around with accounts, permissions to try get it working. Currently I have WSS_Crawler account with such permissions:

• Office Search Server runs with WSS_Crawler account
• Config database has read permissions for WSS_Crawler
• Content database has read permissions for WSS_Crawler
• WSS_Crawler is owner of search database.
• Added WSS_Crawler to SQL server browser user group and administrator

Yes, i'v given more permissions than needed, but it doesn't even work with that and i don't know if its permission problem or what.

Crawl log says there is Error in the Site Data Web Service., nothing more. There were known issues with a similar error: Error in the Site Data Web Service. (Value does not fall within the expected range.), but this is not the case as thats an old issue and i hope it has been included in SP2...

Logs are from olders to newest (descending order). They don't appear to be very helpful.

Crawl log

• http://serveris Crawled Local Office SharePoint Server sites 3/15/2010 9:39 AM
• sts3://serveris Crawled Local Office SharePoint Server sites 3/15/2010 9:39 AM
• sts3://serveris/contentdbid={55180cfa-9d2d-46e4... Crawled Local Office SharePoint Server sites 3/15/2010 9:39 AM
• http://serveris/test Error in the Site Data Web Service. Local Office SharePoint Server sites 3/15/2010 9:39 AM
• http://serveris Error in the Site Data Web Service. Local Office SharePoint Server sites 3/15/2010 9:39 AM

EventLog

No errors in EventLog, just some Information events that Office Server Search provides

• The search service started.
• Successfully stored the application
  configuration registry snapshot in
  the database. Context: Application
  'SharedServices
• Component: da1288b2-4109-4219-8c0c-3a22802eb842 Catalog: Portal_Content. A master merge was started due to an external request.
• Component: da1288b2-4109-4219-8c0c-3a22802eb842 A master merge has completed for catalog Portal_Content.
• Component: da1288b2-4109-4219-8c0c-3a22802eb842 Catalog: AnchorProject. A master merge was started due to an external request.
• Component: da1288b2-4109-4219-8c0c-3a22802eb842 A master merge has completed for catalog AnchorProject.

ULS Log

Just some information, but no exceptions, unexpected errors

03/15/2010 09:03:28.28  mssearch.exe (0x1B2C)                       0x0E8C  Search Server Common            GatherStatus                    0   Monitorable Insert crawl 771 to inprogress queue hr 0x00000000 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6591   
03/15/2010 09:03:28.28  mssearch.exe (0x1B2C)                       0x0E8C  Search Server Common            GatherStatus                    0   Monitorable Request Start Crawl 1, project Portal_Content, crawl 771 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2875     
03/15/2010 09:03:28.28  mssearch.exe (0x1B2C)                       0x0E8C  Search Server Common            GatherStatus                    0   Monitorable Advise status change 1, project Portal_Content, crawl 771 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:28.28  w3wp.exe (0x1D98)                           0x0958  Search Server Common            MS Search Administration        8wn6    Information A full crawl was started on 'Local Office SharePoint Server sites' by BALTICOVO\janis.veinbergs.     
03/15/2010 09:03:28.43  mssdmn.exe (0x1750)                         0x10F8  ULS Logging                     Unified Logging Service         8wsv    High        ULS Init Completed (mssdmn.exe, Microsoft.Office.Server.Native.dll)  
03/15/2010 09:03:30.48  mssdmn.exe (0x1750)                         0x09C0  Search Server Common            MS Search Indexing              8z0v    Medium      Create CCache    
03/15/2010 09:03:30.56  mssdmn.exe (0x1750)                         0x09C0  Search Server Common            MS Search Indexing              8z0z    Medium      Create CUserCatalogCache     
03/15/2010 09:03:32.06  w3wp.exe (0x1D98)                           0x0958  Search Server Common            MS Search Administration        90ge    Medium      SQL: dbo.proc_MSS_PropagationGetQueryServers     
03/15/2010 09:03:32.09  w3wp.exe (0x1D98)                           0x0958  Search Server Common            MS Search Administration        7phq    High        GetProtocolConfigHelper failed in GetNotesInterface().   
03/15/2010 09:03:34.26  mssearch.exe (0x1B2C)                       0x16A4  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project Portal_Content, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:35.92  mssearch.exe (0x1B2C)                       0x16A4  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project Portal_Content, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:37.32  mssearch.exe (0x1B2C)                       0x16A4  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project Portal_Content, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:37.23  mssdmn.exe (0x1750)                         0x1850  Search Server Common            MS Search Indexing              8z14    Medium      Test TRACE (NULL):(null), (NULL)(null), (CrLf):  , end   
03/15/2010 09:03:39.04  mssearch.exe (0x1B2C)                       0x16A4  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project Portal_Content, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:40.98  mssdmn.exe (0x1750)                         0x0B24  Search Server Common            MS Search Indexing              7how    Monitorable GetWebDefaultPage fail. error 2147755542, strWebUrl http://serveris  
03/15/2010 09:03:41.87  mssdmn.exe (0x1750)                         0x1260  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::GetSubWebListItemAccessURL GetAccessURL failed: Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:505  
03/15/2010 09:03:41.87  mssdmn.exe (0x1750)                         0x1260  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::Init: GetSubWebListItemAccessURL failed. Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:348     
03/15/2010 09:03:41.87  mssdmn.exe (0x1750)                         0x1260  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::Init fails, Url sts3://serveris/siteurl=test/siteid={390611b2-55f3-4a99-8600-778727177a28}/weburl=/webid={fb0e4bff-65d5-4ded-98d5-fd099456962b}, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:243     
03/15/2010 09:03:41.87  mssdmn.exe (0x1750)                         0x1260  Search Server Common            PHSts                           0   Monitorable CSTS3Handler::CreateAccessorExB: Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:261    
03/15/2010 09:03:40.98  mssdmn.exe (0x1750)                         0x1260  Search Server Common            MS Search Indexing              7how    Monitorable GetWebDefaultPage fail. error 2147755542, strWebUrl http://serveris/test     
03/15/2010 09:03:41.90  mssdmn.exe (0x1750)                         0x0B24  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::GetSubWebListItemAccessURL GetAccessURL failed: Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:505  
03/15/2010 09:03:41.90  mssdmn.exe (0x1750)                         0x0B24  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::Init: GetSubWebListItemAccessURL failed. Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3acc.cxx Line:348     
03/15/2010 09:03:41.90  mssdmn.exe (0x1750)                         0x0B24  Search Server Common            PHSts                           0   Monitorable CSTS3Accessor::Init fails, Url sts3://serveris/siteurl=/siteid={505443fa-ef12-4f1e-a04b-d5450c939b78}/weburl=/webid={c5a4f8aa-9561-4527-9e1a-b3c23200f11c}, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:243     
03/15/2010 09:03:41.90  mssdmn.exe (0x1750)                         0x0B24  Search Server Common            PHSts                           0   Monitorable CSTS3Handler::CreateAccessorExB: Return error to caller, hr=80042616 - File:d:\office\source\search\search\gather\protocols\sts3\sts3handler.cxx Line:261    
03/15/2010 09:03:43.26  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 24, project Portal_Content, crawl 771 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853   
03/15/2010 09:03:43.26  mssearch.exe (0x1B2C)                       0x1804  Search Server Common            GatherStatus                    0   Monitorable Remove crawl 771 from inprogress queue - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6722   
03/15/2010 09:03:43.26  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project Portal_Content, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853    
03/15/2010 09:03:44.65  mssearch.exe (0x1B2C)                       0x1804  Search Server Common            GatherStatus                    0   Monitorable Insert crawl 772 to inprogress queue hr 0x00000000 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6591   
03/15/2010 09:03:44.65  mssearch.exe (0x1B2C)                       0x1804  Search Server Common            GatherStatus                    0   Monitorable Request Start Crawl 0, project AnchorProject, crawl 772 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2875  
03/15/2010 09:03:44.65  mssearch.exe (0x1B2C)                       0x1804  Search Server Common            GatherStatus                    0   Monitorable Advise status change 0, project AnchorProject, crawl 772 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:44.65  mssearch.exe (0x1B2C)                       0x1804  Search Server Common            GatherStatus                    0   Monitorable Unlock Queue, project Portal_Content - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2922     
03/15/2010 09:03:44.82  mssearch.exe (0x1B2C)                       0x1DD0  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:44.95  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project AnchorProject, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:46.51  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project AnchorProject, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:46.39  mssearch.exe (0x1B2C)                       0x1E4C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.01  mssearch.exe (0x1B2C)                       0x1C6C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.87  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.29  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.53  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.67  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.82  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.84  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.89  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:49.90  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project AnchorProject, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:51.42  mssearch.exe (0x1B2C)                       0x1E4C  Search Server Common            GatherStatus                    0   Monitorable Advise status change 4, project AnchorProject, crawl 772 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:51.00  mssearch.exe (0x1B2C)                       0x1E4C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:51.42  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Remove crawl 772 from inprogress queue - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6722   
03/15/2010 09:03:52.96  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Insert crawl 773 to inprogress queue hr 0x00000000 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6591   
03/15/2010 09:03:52.96  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Request Start Crawl 0, project AnchorProject, crawl 773 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2875  
03/15/2010 09:03:55.29  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Unlock Queue, project AnchorProject - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2922  
03/15/2010 09:03:55.29  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Removed start crawl request from Queue 0, crawl 773  - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2942     
03/15/2010 09:03:55.29  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Request Start Crawl 0, project AnchorProject, crawl 773 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2875  
03/15/2010 09:03:55.29  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GatherStatus                    0   Monitorable Advise status change 0, project AnchorProject, crawl 773 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:55.37  mssearch.exe (0x1B2C)                       0x1CCC  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:55.37  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project AnchorProject, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:56.71  mssearch.exe (0x1B2C)                       0x1E4C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:56.78  mssearch.exe (0x1B2C)                       0x0750  Search Server Common            GatherStatus                    0   Monitorable Advise status change 12, project AnchorProject, crawl -1 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:58.40  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GathererSql                     0   Monitorable CGatherer::LoadTransactionsFromCrawlInternal Flush anchor, count 0 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4943   
03/15/2010 09:03:58.89  mssearch.exe (0x1B2C)                       0x155C  Search Server Common            GatherStatus                    0   Monitorable Advise status change 4, project AnchorProject, crawl 773 - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:4853     
03/15/2010 09:03:58.89  mssearch.exe (0x1B2C)                       0x1130  Search Server Common            GatherStatus                    0   Monitorable Remove crawl 773 from inprogress queue - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:6722   
03/15/2010 09:03:58.89  mssearch.exe (0x1B2C)                       0x1130  Search Server Common            GatherStatus                    0   Monitorable Unlock Queue, project AnchorProject - File:d:\office\source\search\search\gather\server\gatherobj.cxx Line:2922  

What could be wrong here - any clues?

We have iphones in our network and they can't resolve computer names. We want to access internal sites through internal names (http://server), however we can't.

Is there any solution to this?

Thank you.

Before I even try to install Windows 7 RC, will I be able to virtualize Windows server edition there?

Microsoft Virtual PC 2007 SP1 does not seem to be compatible with w7 (as the installer states it).

Thank you.

I have a problem where Windows Server 2003 takes lots of DHCP addresses althought there is only 1 NIC in that server and with DHCP disabled (see information below).

However, as you can see, MAC address in DHCP client table on router does not match the one server NIC has.

It's a D-Link DWL-2000AP+ cheap wireless router with DHCP enabled.

DHCP Client Table

navserver 192.168.0.248 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.242 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.247 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.246 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.243 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.240 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.239 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.244 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.245 52-41-53-20-00-13 Jan/03/1970 09:12:55  
navserver 192.168.0.241 52-41-53-20-00-13 Jan/03/1970 09:12:55

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : navserver
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-13-21-1C-EB-50
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.90
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.100
   DNS Servers . . . . . . . . . . . : 195.122.1.59
                                       195.2.96.2

I have no idea how to solve this issue. Could you help me please?

As it appears, RRAS service is enabled. However i`m afraid to disable it. Could it be that fax/modem is using it? I don't administer the server but not long ago someone set up fax/modem to that server. Not sure if it works, but they want it to work.

I see many warnings like this:

The user navserver connected from 192.168.0.90 but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used. 

And errors:

A Demand Dial connection to the remote interface Remote Router on port VPN4-4 was successfully initiated but failed to complete successfully because of the  following error: Access was denied because the username and/or password was invalid on the domain.

associated to remote access.

Could these issues somehow be linked?

Or maybe i just block that mac address from dhcp server and live happily ever after?

Thank you.