I have a DC with a ldaps (636) and an external nat address through the firewall.

it has a self signed certificate from our in house certificate authority. and my hosted software is able to connect to it and allow my users to authenticate via LDAP just fine.

Except one.

the newest is requiring that we have a 3rd party certificate installed. So i purchased one, and added it to the personal store in the Certificate management area for the service account.  however didn't buy the extended validation option. so i think i have to buy another one.

if that is the case.. i would like to do it a bit differently.

if my server is server.mydomain.org
can i (after adding an external DNS alias for ldap.mydomain.org) purchase a cert for ldap.mydomain.org, and if so my reading leads me to believe that if i purchase the EV version of the cert, and put it in the personal store for the serivice account, is that all i need to do to get LDAPS using it ?

Thanks,

I have a 2008 R2 RRAS (routing and remote access server) and I'm connecting to it with a VPN connection.

Once connected, I get an IP address and my DNS is correct in that it's my DNS servers on my domain, but I can't resolve anything unless I use the FQDN like computer.mydomain.local.  

As a side note, my end user told me Linux shows no DNS server is affixed to the tunnel and Linux shows no gateway affixed to the tunnel.

Anyway, i need some help resolving this problem.

Where do I look?

Thanks

Cliff

in the Exchange queue find the message and don't send it.
the dns nslookup on the srvmail respond with the error unknow.
on the server dns respond wth the correct name

Hi, I connected two asa5505 with a crossover cable to learn site2site vpn, I have these configures for both but it just not working, there are no activities on the outside interfaces. I have tested each asa5505 connected to my home LAN with internet access to make sure the interfaces are working. Thanks!


ASA Version 8.2(5)
!
hostname asa-a
domain-name asa-a.domain
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 10.1.1.1 255.255.255.0
!
ftp mode passive
dns server-group DefaultDNS
 domain-name asa-a.domain
access-list outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.2.2.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn …

Let's say I've bought a domain called "mynicedomain.org"

Now I want to have a mail service. Let's say office 365 or gsuite so I can have an email address called "ben@mynicedomain.org"

Beyond that I want to buy a web hosting (like GoDaddy) service to serve "http://mynicedomain.org".

Maybe I also want an intranet service hosted by AWS virtual machine at "http://wwwin.mynicedomain.org".

Can this be accomplished? If so how it works? Who is going to be nameserver for my domain?

Hello - My company uses Office365 for our email, and we want to add a second IP address to our main location(fail-over). The TXT record currently is:  'v=spf1 ip4:XXX.XX.XX.XXX include:spf.protection.outlook.com -all' . My question is, can I add another IP address in the DNS record for the second IP? Or should I create another TXT with the second IP address at the DNS host?


Thank you for your help!

Do I need to configure a Gateway Role if I am only having users connect to the farm from within the network?  We don't access the Farm from outside only internally.  The reason I ask is that it seems I am having issues connecting to the servers themselves when using RDP.  I have no HA and only 2 Host servers and the Connection Broker and have setup a RR NLB setup.  I have an existing 2003 TS environment and I have built the new 2012 Farm but don't want to confuse the end user with new names.  I plan on when going to production with the new system pointing the name they use now to the new servers.  Say Corp1 is what they are using, I want it to point to the new system.  I am guessing smoking the test farm collection and creating a new one with said old name as the new FARM name on 2012.  Does that make sense?

Hi

We are in process of company acquisition and need to set up a forest trust - we are waiting for VPN tunnel to be created first

In terms of DNS we are currently using our ISP as forwarders (with root hints check box checked)

My question is do I still need to add conditional forwarders to the remote company in our DNS setup, or is this something we need to request from our ISP? (Our ISP manages the DNS for the remote company we are acquiring also)

Many thanks

Jason

Hi

I have two DC that are DNS servers in my WIndows 2012R2domain. I want them to synchronize but they are not. If I lookin the SOA the serials numers are not the same.

Is there a way to repair?

Thanks

We have 120 users on network with cyberoam ( 50 ING ) firewall  configured , from last 2 weeks we had issues like http websites not resolving getting error could not reach . But on other ISP it works fine.

Environment :
Cyberoam 50 ING Firewall with BSNL ISP configured  ....connected to Unmanaged switches
Internal AD integrated with DNS Server windows 2012 r2
All server + clients having primary dns server is windows server local IP address

But if do the nslookup domain name then it resolves fine but on browser it stucks. But sometime it works fine too.

ipconfig / flushdns
ipconfig / release
ipconfig / renew
ipconfig / registerdns
Winsock reset
Antivirus scan + malware scan , after malware scan it works for sometime and again it stucks. some of PC having the malware or spyware which blocks the http 80

everything did but http is not working . Only remains the Cyberoam Firewall firmware upgrade and restart of Windows 2012 server.

Please assist me to resolve this issue on urgent basis

Regards,
Vijay Kadadi

We are merging two domains into one.  We have a library, .lib domain that will be going away, and server objects merging into parent domain.  We want all the servers to maintain the .lib part of their name for application, web and certificate purposes.

We have the internal integrated AD DNS, and also an external DNS.  I assume on Internal - when objects are moved between domains, the .lib server will be removed and  the name will end in the only the primary domain.  I assume I can make .lib type Alias records for these pointing to new name.  For instance,  abc.lib.contoso.edu will become abc.contoso.edu when switching domains - and I can Alias abc.lib.contoso.edu to abc.contonso.edu.  Does that sound reasonable?

Then, on External DNS -- which is all manually can I just keep the abc.lib.contoso.edu with the same IP.  The 'real' server will be abc.contoso.edu -- but the IP will be the same.  Is there a need to setup a proper HOST record for abc.contoso.edu, then an Alias abc.lib.contoso.edu.  Can I just leave things exactly as they are and not worry about DNS replication, etc.. Essentially, can I just leave abc.lib.conoso.edu HOST record  - which is accurate now - the same after migration.  It's IP will NAT to proper server - IPs are staying all the same.  Will it matter that external HOST record is actually accurate as far as 'true' new server name?  Then there's nothing to replicate.