Solved

microsoft KMS server activations through Cisco ASA5525

Posted on 2015-02-03
6
180 Views
Last Modified: 2015-06-22
We had to secure our MS 2008 KMS server from the internet and implement a IPSEC policy for KMS office activations. This does not appear to be working, and was wondering if anyone had any luck putting a KMS server behind a Cisco ASA5525  9.1(5). have been able to see packets getting to and from the client, through the ASA and to the 2008 serve with acknowledgements from the server but no activations. Turn off IPSEC and presto, activations are working.
Possibly IPSEC is not the answer. Tried both with Kerberos and pre-shared key, same result.
0
Comment
Question by:ramseyjack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40588605
easier to just on the kms server to block port 1688 from all but the local network
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40588848
Are you trying to prevent KMS from being contacted over the Internet, or are you trying to get KMS to work over the Internet?

I have KMS working from DMZ through ASA to inside network. Just allow the proper port. You can't do the same over the Internet so Microsoft requires that the KMS server not be available to the public.
0
 

Author Comment

by:ramseyjack
ID: 40588867
We are attempting to get KMS to work from the internet. We were contacted by MS to close down our outward facing port 1688 to the internet and complied. We then thought that by implementing via group policy an IPSEC policy that only allowed domain computers access to the KMS that it might work. The implemented process works flawlessly on the network, but it appears the ASA possibly changes the header or something in the IPSEC packets. Cisco no help, but have not escalated to a level that has more than google experience.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40588910
Okay, makes perfect sense. So you have IPSec working on the local LAN? That would be the first thing you would need to have working. After that, escalate with Cisco.
0
 

Accepted Solution

by:
ramseyjack earned 0 total points
ID: 40835005
The issue was with the fact that the windows boxes were attempting to negotiate a Kerberos session and had an error out on it. once we disabled the Kerberos, all worked well.
0
 

Author Closing Comment

by:ramseyjack
ID: 40843110
that was what fixed it
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question