MSCHAPv2 / Setup Secure VPN Server Using Windows Server 2012 Without Domain?
Jan 10, 2013
i've been using a VPN to connect to my home network from elsewhere for a few months. It's set up as follows:
PPTP
Maximum Strength Encryption
EAP-MSCHAP-v2 Authentication
Now I find out that MSCHAPv2 authentication has been broken and is no longer considered secure (even by Microsoft), so I want to change the protocol I'm using to make it secure.
However, I've spent 3 hours now researching this and I cannot for the life of me figure out how to use a better protocol on my Windows Server 2012 home server. I've tried setting up PEAP authentication (still PPTP) a la Microsoft's recommendation document, but it requires a certificate. I've created a self-signed certificate but it seems I can't issue certificates (via this method) without being a member of a domain, so I'm stuck. I can't even get started with L2TP since I can't find the option for it.
My question is this: Is there a way to setup a secure VPN server using Windows Server 2012 without a domain? If so, how do I do this?
I have an unusual issue, for which I can find nothing on the net similar.
Setup:
ASA5505 = > CISCO3524 => Windows 2012 server
ASA is internet edge with ACL / NAT implemented.
We are wanting to implement inbound NATs for this server - 3389. We have many other servers on the internal side of this ASA that we are NATing to. Creating NATs using the same outside IP to another server is fine, no issues. This other test server resides on the same VLAN as the windows 2012 server. All IPv6 is turned off on the W2012 server, and it can web-browse out via the ASA as well. No matter what I do, however I cannot get iinbound NAT, on ANY port to this server working. Internally from another server to this server on any port is fine, i.e. we can RDP to this server without issue, so we know this works - the firewall on this server is turned off too. This is our ONLY w2012 server on the internal side. When we run a wireshark on the server whilst testing the NAT there is no traffic, so its getting blocked somewhere.
The config of the ASA is fairly big to to santize it and remove all customer reference would take a while to make display of this secure difficult.
Differences between using an Apache server on a regular laptop vs. a whole operating system like Windows Server 2008. I'd like to setup an intranet complete with an internal domain name. Is this possible with Apache or do you have to use a complete server operating system like Windows server 2008?
I can't seem to get the browser to properly show spacing.So I was browsing the internet normally, then all of the sudden, I'm disconnected. When I reconnected, I was able to access the network, but unable to connect to the internet. After attempting to diagnose the issue, I got the "There may be a problem with your Domain Name Server Configuration."can't connect to well known host microsoft.com.
I have configured a my desktop as a domain controller with server 2008..with dns service running on it. When i tried adding another desktop to this domain, i get the following error message
"Troubleshooting network identification Error: This computer successfully resolved the Domain Name System (DNS) service (SRV) resource record required to locate a domain controller, but it failed to locate a domain controller for the Active Directory domain displayed in the error message.
Cause: The required A (address) resource records that map the name of the domain controller to its IP address do not exist in DNS.
Solution: Verify that the required A resource records do not exist in DNS by using the Nslookup command-line tool.
See also: To verify that A resource records exist in DNS. Cause: The domain controller advertised in DNS may not be connected to the network or is connected to the network but is not running.
Solution: Verify connectivity and then verify that the domain controller is running.
See also: To test a TCP/IP configuration by using the ping command; DNS requirements for joining an Active Directory domain."
When attempting to log in to a computer (running Windows 7 Professional) here at the office using the network administrator account, I get the error message: "The trust relationship between this workstation and the primary domain failed." I wasn't here when this laptop was set up, and so I don't know if any local user accounts were made or what their passwords would be if they were there, so I can't think of any way to log in to the machine and disconnect/reconnect to the domain which is really my only idea on how to fix it. Finding out what would cause this to suddenly start happening would also be nice, but mostly I just need to figure out how to get reconnected so I can get this back up and running.
At my small business (30 employees) we currently don't have a hardware firewall. Should I have one? If so what do you recommend? We are all connected to a Windows Server 2003 domain in one office building.
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
I have a micro-server at home running Server 2012 which is going to have a few virtual machines on hyper v.I also would like to use the server to watch films on which will be connected to by tv using a hdmi cable..I wanted to know is it ok to play films off server 2012 and watch them on the tv?
I have some unused 10G NIC's and want to see if there's a way to install them into a computer and turn that PC into a switch. I need to run Windows based software for driver support of the NIC's, such as Server 2012. This is a picture of what I am hoping to accomplish:
As you can see in the simplified picture above, I have a real switch which has a single 10G link that is connected to PC2. I would like to add the 10G cards to PC2 so that I can create a "switch" of 10G ports on PC2 which I can then hook up other clients (such as PC1 in the above picture).
PC2 needs to provide network access and internet access to PC1 (and other PC's connected to PC2 - not pictured).
The rest of the clients on the network are connected to the regular gigabit ethernet ports of the hardware switch (including my router which is 192.168.1.1).
I looked into Windows Internet Sharing, but for that to work, I need to connect the router to PC2 above and for other considerations not described above, it is not physically possible for me to do that.
Is there software I can run on PC2 that will turn all the NIC ports of PC2 into a "switch"?
I just installed Server 2012 Standard on a trial. I would like to play around with Remote Desktop Services formerly called Terminal Services. I have no clue on where to start but I have installed the RDS roles.
I can't seem to figure out which one I should go for. I'm thinking Kaspersky would have greater security but I'm not familiar with AVG's server level security.I don't need all the bells and whistles such as file encryption or password storage. I'm simply after a really strong AV for the server. Another one is VIPRE although I've heard it can take a while to configure it unlike Kaspersky which is pretty straight forward.
When I create a virtual switch on hyper v, i lose network connectivity and the default gateway is missing I have to manually put the default gateway in and disable and re enable the network adaptor each time the server restarts in order to get network connectivity. I am running windows server 2012 Hyper V Virtual Ethernet Adapter loses default gateway server 2012
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
I am attempting to setup an Apache Server 2.2 for Windows, everything is set up but the server will not start, I heard it may be caused by my virus protector using Port 80 but I cannot find the httpd.conf file for it in the directories they say it should be in, I even did a tree/f with CMD DOS?
First network card have the static IP address 82.x.x.30 from the ISP.The second network card have 2 IP addresses: 192.x.x.0 and 82.x.x.1 ( first IP is for LAN and second IP is for routing the additional IP class).In other words if i have the computer "Z" with configuration: IP: 82.x.x.100 Sub: 255.255.255.128 and GTW:82.x.x.1 i can access the internet but practically with with the IP from ISP wich is 82.x.x.30
I would like to set up a home server, that will sit under the stairs so that it can link to out BT home hub (v3). The idea is then to connect the printer to it, so that we can have both a wireless printer and a central file store for pictures/vids etc.Is XP ok for this? if so, what settings do I need to change/add?Is there any software that I need to make it work?How do I make sure that it is secure for external hacking? As it will contain our personal docs/photos etc and I would hate to use them.
I planned for my customer to replace his old LMS 4.0.1 server under Windows 2003 by a new server under Windows 2008 R2.Customer wants also to set a new LMS name and IP address for the new server under Windows 2008 R2 and keep both servers on the network.I'm wondering what could be the best procedure to do that migration.Can I used backup / restore procedure in that case ?If yes, what file must I modify to adapt the new LMS configuration to new hostname and IP Address ?
I am planning to implement wireless network in my work place. Plan is to have two networks one for guests and one for employee. I am trying to find a guide for 2500 WLC but couldn't find one.I've been reading couple of articles about setting up radius server and CA. I want to know what the best way to approach this.In my environment I got a CA server windows server 2003 and current DC's are windows server 2008 R2.I got 2500 WLC with POE switch and 4 aironet AS 1142.
I have assigned a task to configure a vpn between windows 2008 server and cisco asa 5505, what kind of vpn should i go with as the windows 2008 server r2 is on cloud and is it possible to configure site-to-site vpn for this network senario or not.. i have try ikev1/ipsec remote access vpn with l2tp with (CHAP, MS-CHAP v2) and couldn't find any document which will allow me to configure windows 2008 server to behave a client and connect it to asa, well what i did is that i configured a dail-up connnect with l2tp and found the following debug message
Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, Oakley proposal is acceptable Sep 09 20:04:02 [IKEv1 DEBUG]IP = 172.16.32.5, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 1
I am planning to implement wireless network in my work place. Plan is to have two networks one for guests and one for employee. I am trying to find a guide for 2500 WLC but couldn't find one.
I've been reading couple of articles about setting up radius server and CA. I want to know what the best way to approach this.
In my environment I got a CA server windows server 2003 and current DC's are windows server 2008 R2.
I got 2500 WLC with POE switch and 4 aironet AS 1142.
I am looking at buying the EA6500 router. However, before I make the investment into buying this router, I need to know some basic information first.
1. I want to setup the EA6500 to accept FTP requests to my Windows Home Server. Yes or No? 2. Remote access to the EA6500, Yes or No? i am aware of the security risks 3. I need to setup Port forwarding on the EA6500. I assume I can? 4. Manage a Kindle Fire and other wireless devices?
I have install the administration toolpack on Windows 7 and enabled remote connections on my server 2008 box, When i try and connect with my Windows 7 server manager it does not work.I see stuff on google about enabling a trustedhost with winrm but can't find a way to do this.
I have a wireless system with Wireless controller and AP. I deploy wireless with WPA2-Enterprise and use Active directory domain account for authentication. But I have to modify some settings on client (windows XP, windows 7) to have it connect.
- If my clients joined in domain, they can connect to wireless sucessfully.
- If my clients are not joined in domain (they use local username and password), I have to go to wireless properties on client, and uncheck the option "Automatically use my Windows logon name and password" on EAP MSCHAPv2 properties. If not, windows automatically use the local account of the client to connect.
After getting New Workstations, I wanted to connect that to the SERVER but Windows 7 could not log into domain of our server with Windows Server 2003. Besides following the proper process/steps. I am able to use the printer and internet shared through SERVER though.
