Solved

microsoft KMS server activations through Cisco ASA5525

Posted on 2015-02-03
6
172 Views
Last Modified: 2015-06-22
We had to secure our MS 2008 KMS server from the internet and implement a IPSEC policy for KMS office activations. This does not appear to be working, and was wondering if anyone had any luck putting a KMS server behind a Cisco ASA5525  9.1(5). have been able to see packets getting to and from the client, through the ASA and to the 2008 serve with acknowledgements from the server but no activations. Turn off IPSEC and presto, activations are working.
Possibly IPSEC is not the answer. Tried both with Kerberos and pre-shared key, same result.
0
Comment
Question by:ramseyjack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40588605
easier to just on the kms server to block port 1688 from all but the local network
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40588848
Are you trying to prevent KMS from being contacted over the Internet, or are you trying to get KMS to work over the Internet?

I have KMS working from DMZ through ASA to inside network. Just allow the proper port. You can't do the same over the Internet so Microsoft requires that the KMS server not be available to the public.
0
 

Author Comment

by:ramseyjack
ID: 40588867
We are attempting to get KMS to work from the internet. We were contacted by MS to close down our outward facing port 1688 to the internet and complied. We then thought that by implementing via group policy an IPSEC policy that only allowed domain computers access to the KMS that it might work. The implemented process works flawlessly on the network, but it appears the ASA possibly changes the header or something in the IPSEC packets. Cisco no help, but have not escalated to a level that has more than google experience.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40588910
Okay, makes perfect sense. So you have IPSec working on the local LAN? That would be the first thing you would need to have working. After that, escalate with Cisco.
0
 

Accepted Solution

by:
ramseyjack earned 0 total points
ID: 40835005
The issue was with the fact that the windows boxes were attempting to negotiate a Kerberos session and had an error out on it. once we disabled the Kerberos, all worked well.
0
 

Author Closing Comment

by:ramseyjack
ID: 40843110
that was what fixed it
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
OfficeMate Freezes on login or does not load after login credentials are input.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question