Windows 2012 R2 已經內建vLan tagging達成20/80基本需求
按NIC小組
新增Teaming介面
選左邊小組名稱再按右邊新增介面
vLan ID
共開了2個vLan tag及1個default vLan
月份: 2015 年 3 月
Windows XP bridge
Bridge其實應該好簡單, 但測試一直都失敗, 最後發現好像不相容, 兩張LAN CARD都forcecompatmode enabled就可以了
netsh bridge show adapter
netsh bridge set adapter 1 forcecompatmode=enable
AD 2003增加AD 2012 R2後的錯誤
1.
The DNS server was unable to create a resource record for fdb0ca48-99c5-4047-aaff-b3396816f239._msdcs.xx.xx. in zone xx.xx. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
解決方法:
請先備份所有AD, 在Windows 2012 R2使用ADSI Edit->Connect to->DC=ForestDNSZones,DC=xx,DC=xx
刪除fdb0ca48-99c5-4047-aaff-b3396816f239._msdcs.xx.xx
2.
Starting test: NetLogons
[xxx] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges for this machine’s domain.
……………………. xxx failed test NetLogons
3.
Starting test: KccEvent
A warning event occurred. EventID: 0x80000603
Time Generated: 03/29/2015 23:22:08
Event String:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
Starting test: SystemLog
A warning event occurred. EventID: 0x80040020
Time Generated: 03/29/2015 23:22:08
Event String:
The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.
我的AD是在Hyper-v上運行, 提醒如果Enabled write cache(Device Management裏的硬碟) , 如果斷電有可能會有Data lost, 好像沒有解決方法, 情怳應該和Raid的Write cache相似, 但Hardware Raid有電保護, 這個沒有, 亦不能Disable
4.
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
不用理會
The server holding the PDC role is down
AD Forest由2000升級2003後兩台Controller發生以下錯誤
dcdiag /test:FSMOcheck
Warning: DsGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355.
A Good Time Server could not be located.
然後發現兩台Controller的Windows Time service都突然不能啟動, “系統找不到指定的檔案”
解決方法:
w32tm /unregister
w32tm /register
有時見過有些Workstation在Service不見了Windows Time, 都可以使用w32tm /register
AD常用command
列出五大角色
netdom query fsmo
Replication情怳
repadmin /replsummary
即時Replication
repadmin /syncall
AD狀態測試
dcdiag
Windows vLan tag
讀CCNP的時候不明白為何有公司可以20/80, 而我公司是舊式的80/20, 現在終於明白了
以下常見的牌子都有Support multi vLan, 但本人不敢拿Realtek trunk到Network上, 應該沒有Server在用Realtek吧
Exchange 365 password never expires
Import-Module msonline
$cred = Get-Credential
Connect-MsolService -cred $cred
Get-Command –Module msonline
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
Windows 7 connect to 365 via Powershell
Windows Management Framework 3.0
http://www.microsoft.com/en-us/download/details.aspx?id=34595
Windows6.1-KB2506143-x64.msu
Microsoft Online Services Sign-In Assistant for IT Professionals RTW
http://www.microsoft.com/en-us/download/details.aspx?id=41950
msoidcli_64.msi
Active Directory Module for Windows PowerShell (64-bit version)
http://go.microsoft.com/fwlink/p/?linkid=236297
AdministrationConfig-en.msi
LFG ACL test 2
vLan 110, vLan 109禁止連接192.168.3.0/24, 除了10.20.9.2
access-list 10 deny 192.168.3.0 0.0.0.255
access-list 10 permit any
int vlan 110
ip access-group 10 out
access-list 100 permit ip 192.168.3.0 0.0.0.255 10.20.9.2 0.0.0.0
access-list 100 deny ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip any any
int vlan 109
ip access-group 100 out
LFG ACL test 1
測試環境只可修改香港的GATEWAY
禁止中國MPLS 192.168.3.7連接vLan 109,110, 由於192.168.3.252, 192.168.0.252由ISP管理, 所以需要在香港的192.168.1.254增加ACL
access 10 deny 192.168.3.0 0.0.0.255
access 10 permit any
int vlan 109
ip access-group 10 out
int vlan 110
ip access-group 10 out