Windows XP bridge

Bridge其實應該好簡單, 但測試一直都失敗, 最後發現好像不相容, 兩張LAN CARD都forcecompatmode enabled就可以了

netsh bridge show adapter
netsh bridge set adapter 1 forcecompatmode=enable

Bridge1

bridge2

bridge3

AD 2003增加AD 2012 R2後的錯誤

1.
The DNS server was unable to create a resource record for  fdb0ca48-99c5-4047-aaff-b3396816f239._msdcs.xx.xx. in zone xx.xx. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

解決方法:

請先備份所有AD, 在Windows 2012 R2使用ADSI Edit->Connect to->DC=ForestDNSZones,DC=xx,DC=xx
刪除fdb0ca48-99c5-4047-aaff-b3396816f239._msdcs.xx.xx

ADSI1

ADSI

2.
Starting test: NetLogons
[xxx] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges for this machine’s domain.
……………………. xxx failed test NetLogons

CommandPromptAdmin

3.
Starting test: KccEvent
A warning event occurred.  EventID: 0x80000603
Time Generated: 03/29/2015   23:22:08
Event String:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.

Starting test: SystemLog
A warning event occurred.  EventID: 0x80040020
Time Generated: 03/29/2015   23:22:08
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.

我的AD是在Hyper-v上運行, 提醒如果Enabled write cache(Device Management裏的硬碟) , 如果斷電有可能會有Data lost, 好像沒有解決方法, 情怳應該和Raid的Write cache相似, 但Hardware Raid有電保護, 這個沒有, 亦不能Disable

WriteCache

4.
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.

不用理會

The server holding the PDC role is down

AD Forest由2000升級2003後兩台Controller發生以下錯誤

dcdiag /test:FSMOcheck

Warning: DsGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355.
A Good Time Server could not be located.

然後發現兩台Controller的Windows Time service都突然不能啟動, “系統找不到指定的檔案”

c0becb1a004d96c429f882e0bec60471_b

解決方法:

w32tm /unregister
w32tm /register

有時見過有些Workstation在Service不見了Windows Time, 都可以使用w32tm /register

Windows vLan tag

讀CCNP的時候不明白為何有公司可以20/80, 而我公司是舊式的80/20, 現在終於明白了
以下常見的牌子都有Support multi vLan, 但本人不敢拿Realtek trunk到Network上, 應該沒有Server在用Realtek吧

241592262_o.jpg

RealtekvLanTag

 

Windows 7 connect to 365 via Powershell

Windows Management Framework 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows6.1-KB2506143-x64.msu

Microsoft Online Services Sign-In Assistant for IT Professionals RTW
http://www.microsoft.com/en-us/download/details.aspx?id=41950
msoidcli_64.msi

Active Directory Module for Windows PowerShell (64-bit version)
http://go.microsoft.com/fwlink/p/?linkid=236297
AdministrationConfig-en.msi

LFG ACL test 2

LFACL2

vLan 110, vLan 109禁止連接192.168.3.0/24, 除了10.20.9.2

access-list 10 deny 192.168.3.0 0.0.0.255
access-list 10 permit any

int vlan 110
ip access-group 10 out

access-list 100 permit ip 192.168.3.0 0.0.0.255 10.20.9.2 0.0.0.0
access-list 100 deny ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip any any

int vlan 109
ip access-group 100 out

LFG ACL test 1

LFACL1

測試環境只可修改香港的GATEWAY
禁止中國MPLS 192.168.3.7連接vLan 109,110, 由於192.168.3.252, 192.168.0.252由ISP管理, 所以需要在香港的192.168.1.254增加ACL

access 10 deny 192.168.3.0 0.0.0.255
access 10 permit any

int vlan 109
ip access-group 10 out
int vlan 110
ip access-group 10 out