Source
watch the video, here’s the direct link.
Many coffee drinkers find that coffee taste much better when done at
home, but many of them will come across that an actual coffee roasting
machine may be out of their budget.
One gentleman, Andrew Tridgell, wanted
to put his own twist on the ‘Corretto’ roaster. For his coffee roaster,
however, he wanted to use a computer to control the required power. His
solution involved a Linux laptop and a lot of intelligence to make his
own coffee roaster.
The Setup
Required: A Corretto roaster, a thermocouple, and a Linux powered laptop.
The Corretto roaster
consists of a bread machine, and a heat gun. The bread maker is the
best choice for a coffee roaster for two very important factors: a built
in stirrer (metal is a better choice for it won’t melt), and the
ability to hold a high amount of heat. A heat gun is used because it can
reach the proper temperature for roasting the beans (which is 210
degrees). Tridgell added in a Linux (Can’t go wrong with penguin powered coffee!) and a thermocouple
to help control the temperature. For your information, the original
Corretto roaster used sound of the beans cracking (about 2-4 sets of
cracks) to tell when the beans were properly roasted.
The Procedure
Wednesday, January 25, 2012
VBoxHeadless
Source
Running Virtual Machines With VirtualBox 4.1 On A Headless Ubuntu 11.10 Server
This guide explains how you can run virtual machines with VirtualBox 4.1 on a headless Ubuntu 11.10 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there's no need for the VirtualBox GUI.
[...]
Now we must add the user that will run VirtualBox (administrator in this example) to the vboxusers group:
3 Using VirtualBox On The Command Line
3.1 Creating A VM To create a VM on the command line, we can use the VBoxManage command. See
I will now create an Ubuntu 11.10 Server VM with 512MB memory and a 10GB hard drive from the Ubuntu 11.10 Server iso image (which I have stored in /home/ubuntu-11.10-server-amd64.iso):
Let's assume you have a VM called examplevm that you want to reuse on this host. On the old host, you should have a directory Machines/examplevm in the VirtualBox directory; Machines/examplevm should contain the examplevm.xml file. Copy the examplevm directory (including the examplevm.xml file) to your new Machines directory (if your user name is administrator, this is /home/administrator/.VirtualBox/Machines - the result should be /home/administrator/.VirtualBox/Machines/examplevm/examplevm.xml). In addition to that copy the examplevm.vdi file from the old VDI directory to the new one (e.g. /home/administrator/.VirtualBox/VDI/examplevm.vdi).
Afterwards, you must register the imported VM:
VBoxHeadless will start the VM and a VRDP (VirtualBox Remote Desktop Protocol) server which allows you to see the VM's output remotely on another machine.
To stop a VM, run
Running Virtual Machines With VirtualBox 4.1 On A Headless Ubuntu 11.10 Server
This guide explains how you can run virtual machines with VirtualBox 4.1 on a headless Ubuntu 11.10 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there's no need for the VirtualBox GUI.
[...]
Now we must add the user that will run VirtualBox (administrator in this example) to the vboxusers group:
sudo adduser administrator vboxusers
VirtualBox is now installed and ready to be used.3 Using VirtualBox On The Command Line
3.1 Creating A VM To create a VM on the command line, we can use the VBoxManage command. See
VBoxManage --help
for a list of available switches and (highly recommended!) take a look at http://www.virtualbox.org/manual/ch08.html.I will now create an Ubuntu 11.10 Server VM with 512MB memory and a 10GB hard drive from the Ubuntu 11.10 Server iso image (which I have stored in /home/ubuntu-11.10-server-amd64.iso):
VBoxManage createvm --name "Ubuntu 11.10 Server" --register
VBoxManage modifyvm "Ubuntu 11.10 Server" --memory 512 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0
VBoxManage createhd --filename Ubuntu_11_10_Server.vdi --size 10000
VBoxManage storagectl "Ubuntu 11.10 Server" --name "IDE Controller" --add ide
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium Ubuntu_11_10_Server.vdi
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/ubuntu-11.10-server-amd64.iso
3.2 Importing An Existing VM VBoxManage modifyvm "Ubuntu 11.10 Server" --memory 512 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0
VBoxManage createhd --filename Ubuntu_11_10_Server.vdi --size 10000
VBoxManage storagectl "Ubuntu 11.10 Server" --name "IDE Controller" --add ide
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium Ubuntu_11_10_Server.vdi
VBoxManage storageattach "Ubuntu 11.10 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/ubuntu-11.10-server-amd64.iso
Let's assume you have a VM called examplevm that you want to reuse on this host. On the old host, you should have a directory Machines/examplevm in the VirtualBox directory; Machines/examplevm should contain the examplevm.xml file. Copy the examplevm directory (including the examplevm.xml file) to your new Machines directory (if your user name is administrator, this is /home/administrator/.VirtualBox/Machines - the result should be /home/administrator/.VirtualBox/Machines/examplevm/examplevm.xml). In addition to that copy the examplevm.vdi file from the old VDI directory to the new one (e.g. /home/administrator/.VirtualBox/VDI/examplevm.vdi).
Afterwards, you must register the imported VM:
VBoxManage registervm Machines/examplevm/examplevm.xml
3.3 Starting A VM With VBoxHeadlessRegardless of if you create a new VM or import an old one, you can start it with the command:
VBoxHeadless --startvm "Ubuntu 11.10 Server"
(Replace Ubuntu 11.10 Server with the name of your VM.)VBoxHeadless will start the VM and a VRDP (VirtualBox Remote Desktop Protocol) server which allows you to see the VM's output remotely on another machine.
To stop a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" poweroff
To pause a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" pause
To reset a VM, run
VBoxManage controlvm "Ubuntu 11.10 Server" reset
To learn more about VBoxHeadless, take a look at
VBoxHeadless --help
and at http://www.virtualbox.org/manual/ch07.html#vboxheadless
Ubuntu variants
Source
The Ubuntu Linux-based operating system (OS) has spawned a number of official and non-official variants that generally differ from the main Ubuntu release in one or two small, but very specific, ways. Some of the more prominent Ubuntu variants include
The Ubuntu Linux-based operating system (OS) has spawned a number of official and non-official variants that generally differ from the main Ubuntu release in one or two small, but very specific, ways. Some of the more prominent Ubuntu variants include
- Kubuntu: Ubuntu with KDE as the graphical desktop instead of Gnome
- Macbuntu: Ubuntu with a Mac OS X-inspired desktop shell
- Lubuntu: Ubuntu with the LXDE desktop instead of Gnome
- Xubuntu: Ubuntu with the Xfce desktop instead of Gnome
- Mythbuntu: a Xubuntu-based, Xfce4 desktop OS variant with MythTV installed
- Edubuntu: an education-focused variant of Ubuntu
- Ubuntu Studio: a multimedia-focused variant of Ubuntu
Monday, January 23, 2012
DSL tune up
Quelle
Wenn Sie über einen DSL-(WLAN-)Router verfügen, besteht die Möglichkeit, dass auch dort der Ping blockiert wird. Sehen Sie in der Bedienungsanleitung Ihres Routers nach, wie Sie diese Blockade zeitweise deaktivieren können.
10 Top-Tipps zur Erhöhung des DSL-Tempos.
Schließen Sie Ihr DSL optimal an
In vielen Wohnungen oder Häusern gibt es mehrere der herkömmlichen TAE-Telefonanschlussdosen. Der Anschluss an verlängerten TAE-Zweitdosen kann zum Geschwindigkeitsverlust führen.
Tipp 1
Verbinden Sie das erste DSL-Gerät, also den Splitter, möglichst mit der ersten TAE-Telefondose in Wohnung oder Haus.
Konfigurieren Sie Ihre Netzwerkkarte mit TCP Optimizer
Die Netzwerkkarte im Desktop-PC oder Notebook muss optimal eingestellt sein. In der Regel ist sie das auch. Falls nicht, stellt der TCP Optimizer die idealen Werte für Ihren DSL-Anschluss ein.
Nutzen Sie das Hilfsprogramm TCP Optimizer, um Ihre Netzwerk- oder WLAN-Karte optimal für den DSL-Anschluss zu konfigurieren.
» TCP Optimizer: Die Netzwerkkarte optimal für DSL einstellen
Belegen Sie einen neuen WLAN-Kanal im Router
Sie nutzen einen WLAN-Router? Dann kann es sein, dass benachbarte WLAN-Funknetze die Leistungsfähigkeit Ihres WLANs beeinträchtigen, besonders in einer dicht besiedelten Stadt.
Wechseln Sie den WLAN-Funkkanal. Oft sind Router auf dieselben Kanäle voreingestellt. Auf welchen Kanälen die Geräte der Nachbarschaft laufen, können Sie mit der Software NetStumbler prüfen. Wählen Sie einen Kanal, der möglichst weit von den meistbelegten Kanälen entfernt ist.
» Download: Gratis-Programm NetStumbler herunterladen
Nun lassen sich Ihre Messergebnisse langfristig speichern und sogar
mobile Verbindungen messen, etwa per Handy. Zudem sorgen neue,
leistungsfähigere Testserver für noch zuverlässigere Messwerte. Persönliche DSL-Statistik erstellen
Kurzzeitige
Schwankungen der DSL-Geschwindigkeit sind normal. Mit Langzeitmessungen
weisen Sie zweifelsfrei nach, dass Ihr Anschluss nicht nur
gelegentlich, sondern generell zu langsam ist. Von nun an werden bei
registrierten Nutzern auf Wunsch alle Messungen abgespeichert und in
einer persönlichen Übersicht angezeigt.
» Weitere Informationen zur Erstellung persönlicher Statistiken
DSL-Anbieter-Tempo exakt ermitteln
» Weitere Informationen zur Erstellung persönlicher Statistiken
DSL-Anbieter-Tempo exakt ermitteln
Der erweiterte DSL-Speedtest misst nun das Tempo, das der Anbieter
Ihrem Anschluss zuweist, direkt am Router. Nach der einmaligen
Installation einer Zusatzsoftware funktioniert der erweiterte
DSL-Geschwindigkeitstest genau wie der normale.
Achtung: Diese Messung funktioniert nicht mit allen Router-Modellen.
» Weitere Informationen zum erweiterten DSL-Geschwindigkeitstest
» Download: Programm für den erweiterten DSL-Geschwindigkeitstest
Für Internetanschlüsse per TV-Kabel oder DSL-Verbindungen ohne Router ist der erweiterte Speedtest nicht geeignet. Hier funktioniert nur der normale DSL-Geschwindigkeitstest von COMPUTER BILD.
Mobile Internetverbindungen messen
Achtung: Diese Messung funktioniert nicht mit allen Router-Modellen.
» Weitere Informationen zum erweiterten DSL-Geschwindigkeitstest
» Download: Programm für den erweiterten DSL-Geschwindigkeitstest
Für Internetanschlüsse per TV-Kabel oder DSL-Verbindungen ohne Router ist der erweiterte Speedtest nicht geeignet. Hier funktioniert nur der normale DSL-Geschwindigkeitstest von COMPUTER BILD.
Mobile Internetverbindungen messen
Ab
sofort lässt sich auch die Leistung Ihres mobilen Internetzugangs
messen, zum Beispiel UMTS-Zugänge per Notebook oder
Internet-Verbindungen mit dem Handy. Rufen Sie einfach den Speedtest mit
Ihrem Handy oder einer anderen mobilen Verbindung auf, wählen Sie den
entsprechenden Tarif und führen Sie die Messung anschließend wie gewohnt
durch.
» Weitere Informationen zur Messung mobiler Verbindungen
» Weitere Informationen zur Messung mobiler Verbindungen
Schnelle VDSL- und Kabelverbindungen messen
Die
technischen Möglichkeiten der Testserver wurden erweitert, sodass nun
auch sehr schnelle Verbindungen (Kabel, VDSL) bis zu einer
Geschwindigkeit von 70.000 Kilobit pro Sekunde exakt messbar sind.
Der Pingtest funktioniert bei mir nicht
Um den Pingtest ausführen zu können,
sollten Sie Ihre Firewall für die Dauer des Tests deaktivieren. Wenn Sie
Bedenken haben, die Firewall ganz zu deaktivieren, können Sie
alternativ nur die Funktion "ICMP/Eingehende Echoanforderung zulassen"
aktivieren. Diese Option finden Sie bei den "erweiterten Einstellungen"
Ihrer Windows-Firewall.Wenn Sie über einen DSL-(WLAN-)Router verfügen, besteht die Möglichkeit, dass auch dort der Ping blockiert wird. Sehen Sie in der Bedienungsanleitung Ihres Routers nach, wie Sie diese Blockade zeitweise deaktivieren können.
- Das Anbieter-Problem: Weniger DSL als versprochen
Einige Anbieter versprechen zwar die Höchstgeschwindigkeiten eines Sportflitzers, liefern tatsächlich aber nur die Leistung eines Kleinwagens. Sie bieten beispielsweise DSL 16000 an, garantieren aber lediglich ein Tempo von 7.000 Kilobit pro Sekunde (kbit/s). Im Kleingedruckten steht dann nicht ohne Grund „bis zu 16.000 kbit/s“. - Das Heim-Problem: Falsche Hardware und falsche Einstellungen
Nicht immer tragen die DSL-Anbieter die Schuld an der Misere. Selbst bei fehlerfreien Internet-Leitungen kann es zu lahmen Breitbandverbindungen kommen. Die möglichen Ursachen liegen dann bei Ihnen – im heimischen Gerätepark. Nicht korrekt konfigurierte Netzwerkkarten, alte Router, falsches WLAN-Equipment und schlechte Empfangsbedingungen, die das WLAN-Funknetzwerk stören, sind typische DSL-Bremsklötze. Schnelle Hilfe: Durch Neupositionierung von WLAN-Router, PC oder Notebook erreichen Sie oft mehr Leistung. Fehlerhaft eingestellte Netzwerkkarten optimiert das Hilfsprogramm TCP Optimizer.
10 Top-Tipps zur Erhöhung des DSL-Tempos.
In vielen Wohnungen oder Häusern gibt es mehrere der herkömmlichen TAE-Telefonanschlussdosen. Der Anschluss an verlängerten TAE-Zweitdosen kann zum Geschwindigkeitsverlust führen.
Tipp 1
Verbinden Sie das erste DSL-Gerät, also den Splitter, möglichst mit der ersten TAE-Telefondose in Wohnung oder Haus.
Konfigurieren Sie Ihre Netzwerkkarte mit TCP Optimizer
Die Netzwerkkarte im Desktop-PC oder Notebook muss optimal eingestellt sein. In der Regel ist sie das auch. Falls nicht, stellt der TCP Optimizer die idealen Werte für Ihren DSL-Anschluss ein.
Nutzen Sie das Hilfsprogramm TCP Optimizer, um Ihre Netzwerk- oder WLAN-Karte optimal für den DSL-Anschluss zu konfigurieren.
» TCP Optimizer: Die Netzwerkkarte optimal für DSL einstellen
Belegen Sie einen neuen WLAN-Kanal im Router
Sie nutzen einen WLAN-Router? Dann kann es sein, dass benachbarte WLAN-Funknetze die Leistungsfähigkeit Ihres WLANs beeinträchtigen, besonders in einer dicht besiedelten Stadt.
Wechseln Sie den WLAN-Funkkanal. Oft sind Router auf dieselben Kanäle voreingestellt. Auf welchen Kanälen die Geräte der Nachbarschaft laufen, können Sie mit der Software NetStumbler prüfen. Wählen Sie einen Kanal, der möglichst weit von den meistbelegten Kanälen entfernt ist.
» Download: Gratis-Programm NetStumbler herunterladen
Sunday, January 22, 2012
NTLM versions and network compatibilities
Source
http://www.sevenforums.com/network-sharing/5369-networking-file-share-between-windows-7-windows-xp.html
SourceB
Trying to share files between my three machines (there are actually none windows machines as well using SMB share).
They all work with each other except "Windows 7" is misbehaving.
Everyone is prompted for a password to browse the 7 machine, and 7 is asked for password when it tries to look at any other device. This is obviously a "password encryption" thing that I have run into before, but now I cannot seem to find a solution.
I have the following changes to Windows 7:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa LmCompatibilityLevel=1
Which I think is all I had to do with Vista and XP to get them to cooperate. Since I do not have gpedit.msc, is there any other registery changes that need to be made for this work? Thank you.
-----------------------------
secpol.msc also has, under Security Options, Network Security: LAN
Manager Authentication Level ... which can make changes to the
setting.
registry: HKLM/System/CurrentControlSet\Control\LSA Look for the
0 = sent LM adn NTLM, never use NTLMv2
1 = use NTLMv2 if negitiated. LM, NTLM and LTLMv2 can be used
2 = send NTLM only.
3 = sent NTLMv2 only.
4 = Domain controllers refuse LM.
5 = Domain controllers refuse LM and NTLM.
----------------------------
It does not look like 7 "Home" has secpol.msc either. I tried setting
LmCompatiblityLevel to 0 and 1, neither seemed to work.
=====================
Windows XP SP2, Vista, Windows 7 clients unable to connect to Netware CIFS
=====================
eSafe Proxy with NTLM v2.0
(as you can see it's not enough to check Disable Netbios over TCP/IP from
Advanced TCP/IP settings).
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/
=================
=====================
eSafe Proxy with NTLM v2.0
Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0.
The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:
- 1. Open the Group Policy Editor with gpedit.msc;
- 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
- 3. Go to the setting: Network security: LAN Manager authentication level
- 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
- 5. Apply the policy with gpupdate /force
The picture shows the policy setting within Windows.
This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.
This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.
======================
Disable NetBIOS and NTLM on Windows 2003 Domain Controllers
About NTLMv1/LM ... I don't think it's a problem disabling them (maybe only if you have some very old OS on your network). Regarding NETBIOS
I think the domain controller need this functionality for the replication. Anyway, for fully disable NETBIOS and SMB check
http://www.microsoft.com/technet/Sec...n2k/a0604.mspxDisable NetBIOS and NTLM on Windows 2003 Domain Controllers
About NTLMv1/LM ... I don't think it's a problem disabling them (maybe only if you have some very old OS on your network). Regarding NETBIOS
I think the domain controller need this functionality for the replication. Anyway, for fully disable NETBIOS and SMB check
(as you can see it's not enough to check Disable Netbios over TCP/IP from
Advanced TCP/IP settings).
Andrei Ungureanu
www.eventid.net
Free Windows event logs reports
http://www.altairtech.ca/evlog/
=================
Wednesday, January 18, 2012
LLTD responder on Windows Server 2003
http://www.ehow.co.uk/list_6620360_alternatives-network-magic.html
Installing Link Layer Topology Discovery (LLTD) on Windows Server 2003
Installing Link Layer Topology Discovery (LLTD) on Windows Server 2003
In one of my previous articles – "Hide your Vista Computer on the Network" I wrote about what the network map is in Vista.
The network map on a computer running Windows Vista shows a graphical
view of the computers and devices on your network and how they are
connected by using the LLTD protocol. Thing is, that in order to display
Windows Vista/2008 computers in the network map you need not do
anything special. However, in order to make Windows XP computers appear
in it, you will need to download and install the LLTD responder before
it can be detected and appear on the network map. You can read more
about this issue in my "Installing Link Layer Topology Discovery (LLTD) on Windows XP" article.
You can download the update from the following link:
All this is good and well, however there's one little catch. By
default, you can’t run the LLTD responder update under Windows 2003. If
you try to run the update you'll get this error:
However, you can try to force the update to run by performing these steps:
Note: Installing LLTD on Windows Server 2003 is NOT
SUPPORTED by Microsoft, and has mixed results. Do NOT do it if you don't
know what you're doing, and if something breaks, don't expect anyone to
help you.
- After downloading the update, navigate to the folder where you've saved the file and right-click it. Select Properties.
- Next, in the Compatibility tab, click to select the Run This Program in Compatibility Mode for, and in the drop-down list select Windows XP. Click Ok.
- You can now install the update. You will not be prompted for a reboot, but you might want to reboot anyway.
- Next, you need to install the LLTD protocol in the network adapter's properties. Go to the downloaded file from step 1, and double-click on it as if to install it. Do NOT proceed with the installation, just leave the welcome screen open. Now go to your hard disk, and on the partition with the largest available free space you'll find a folder which's name is made of many letters and numbers (name varies, so there's no point in typing it here).
- Open the network interface's properties screen, and click install.
- In the network component type click Protocol and the click on the Add button.
- In the Select Protocol window click Have Disk, and browse to the folder from step 4. In that path, look for the file called rspndr.inf. Click Ok.
- In the Select Network Protocol window click the Link-Layer Topology Discovery Responder and click Ok. After a short installation, the new protocol should be available in the network interface's properties screen.
- To be safe, reboot the computer. It should now be visible on the network map.
As noted above, this procedure is not supported in any way. Use at your own risk.
=================================
Unattended Windows Vista tech. on Windows XP/2003
UPDATE (09/12/2007): Updated with the list of applications and components listed here:
Windows Vista components available for Windows XP.
With Microsoft releasing a number of applications developed for Windows Vista also available for Windows XP, I’ve put together a quick ‘how to’ guide for performing an unattended install for each application.
Here’s a breakdown for each application including the command line you need to use for an unattended or silent install. I have the Windows XP version executables listed, so for Windows Server 2003 you will have to adjust the file names.
=================================
Unattended Windows Vista tech. on Windows XP/2003
UPDATE (09/12/2007): Updated with the list of applications and components listed here:
Windows Vista components available for Windows XP.
With Microsoft releasing a number of applications developed for Windows Vista also available for Windows XP, I’ve put together a quick ‘how to’ guide for performing an unattended install for each application.
- Windows Internet Explorer 7 [ Windows XP 32-bit | Windows Server 2003 32-bit ]
- Windows Media Player 11 [ Windows XP 32-bit ]
- Windows Defender 1.1 [ Windows XP / Server 2003 32-bit ]
- Microsoft .NET Framework 3.0 [ Windows XP / Server 2003 32-bit ]
- Windows Desktop Search 3.01 [ Windows XP 32-bit | Windows Server 2003 32-bit ]
- Remote Desktop Connection 6.0 [ Windows XP 32-bit | Windows Server 2003 32-bit ]
- Link Layer Topology Discovery (LLTD) Responder [ Windows XP 32-bit ]
Here’s a breakdown for each application including the command line you need to use for an unattended or silent install. I have the Windows XP version executables listed, so for Windows Server 2003 you will have to adjust the file names.
Windows Internet Explorer 7
Internet Explorer can be installed during Windows Setup via CMDLINES.TXT. This will ensure that the latest version of IE is installed as soon as Windows setup is complete from a clean install. This command will stop the setup program from downloading updates during install and will display a dialog box with a progress bar. You can also add the /NO-DEFAULT switch to prevent setup from making Internet Explorer the default web browser. You can get a full list of command line switches by running IE7-WindowsXP-x86-enu.EXE /?.START /WAIT IE7-WindowsXP-x86-enu.EXE /PASSIVE /NORESTART /UPDATE-NO
Windows Media Player 11
This application is for Windows XP only, but then who needs WMP 11 on their Terminal Server? Unlike Internet Explorer, I’ve not been able to get Windows Media Player to install via CMDLINES.TXT. This command will install Windows Media Player without you seeing any install user interface during setup.START /WAIT wmp11-windowsxp-x86-enu.exe /Q:A /C:"SETUP_WM.EXE /Q:A /R:N /P:#e"
Windows Defender 1.1
This command line will install Windows Defender silently prevent Windows Defender from running after setup is complete.START /WAIT MSIEXEC /I WindowsDefender.MSI ALLUSERS=TRUE REBOOT=SUPRESS CHECK_WGA=0 LAUNCHPROGRAM=0 LAUNCHSCAN=0 /QB-
Microsoft .NET Framework 3.0
The .NET Framework 3.0 includes the .NET Framework 2.0 so you do not have to install that version separately. You will see a dialog with a progress bar during install.START /WAIT dotnetfx3.EXE /PASSIVE /NORESTART
Windows Desktop Search 3.01
The Windows Desktop Search setup application will accept the /PASSIVE switch so that a progress bar is displayed during setup, but the /QUIET switch is required to prevent setup from displaying an ‘Install Complete’ dialog once finished.START /WAIT WindowsDesktopSearch-KB917013-V301-XP-x86-enu.exe /QUIET /NORESTART
Remote Desktop Connection 6.0
Like Internet Explorer this application can be deployed via CMDLINES.TXT using a custom Windows setup source.START /WAIT WindowsXP-KB925876-x86-ENU.EXE /PASSIVE /NORESTART
Link Layer Topology Discovery (LLTD) Responder
The LLTD Responder will install via CMDLINES.TXT. Here’s a description of what the LLTD Responder is from the Microsoft web site:
The network map on a computer running Windows Vista shows a graphical view of the computers and devices on your network and how they are connected by using the LLTD protocol. The LLTD responder must be installed on a computer running Windows XP before it can be detected and appear on the network map.
START /WAIT WindowsXP-KB922120-v5-x86-ENU.exe /PASSIVE /NORESTART
Full List
I’ve updated this script with the applications listed here. Windows Installer 3.1 is a requirement for installing .NET Framework 3.5.@ECHO OFF REM Windows Installer 3.1 START /WAIT WindowsInstaller-KB893803-v2-x86.EXE /PASSIVE /NORESTART REM Microsoft Core XML Services 6.0 START /WAIT MSIEXEC /I MSXML6.MSI ALLUSERS=TRUE REBOOT=SUPPRESS /QB REM Internet Explorer 7 START /WAIT IE7-WindowsXP-x86-enu.EXE /PASSIVE /NORESTART /UPDATE-NO REM Windows Media Player 11 START /WAIT wmp11-windowsxp-x86-enu.EXE /Q:A /C:"SETUP_WM.EXE /Q:A /R:N /P:#e" REM Windows Defender 1.1 START /WAIT MSIEXEC /I WindowsDefender.MSI ALLUSERS=TRUE REBOOT=SUPRESS CHECK_WGA=0 LAUNCHPROGRAM=0 LAUNCHSCAN=0 /QB- REM .NET Framework 3.5 START /WAIT dotnetfx35.EXE /PASSIVE /NORESTART REM Windows Desktop Search 3.01 START /WAIT WindowsDesktopSearch-KB917013-V301-XP-x86-enu.EXE /QUIET /NORESTART REM Remote Desktop Connection 6.0 START /WAIT WindowsXP-KB925876-x86-ENU.EXE /PASSIVE /NORESTART REM LLTD Responder START /WAIT WindowsXP-KB922120-v5-x86-ENU.EXE /PASSIVE /NORESTART REM Image Mastering API START /WAIT WindowsXP-KB932716-x86-ENU.EXE /PASSIVE /NORESTART REM Microsoft Management Console 3.0 START /WAIT WindowsXP-KB907265-x86-ENU.EXE /PASSIVE /NORESTART REM Windows Script 5.7 START /WAIT scriptenXP.exe /PASSIVE /NORESTART REM Windows PowerShell 1.0 START /WAIT WindowsXP-KB926139-x86-ENU.EXE /PASSIVE /NORESTART REM XPS Essentials Pack START /WAIT MSIEXEC /I "XPSEP XP and Server 2003 32 bit.MSI" ALLUSERS=TRUE REBOOT=SUPRESS /QB REM Peer Name Resolution Protocol (PNRP) version 2.0 START /WAIT WindowsXP-KB920342-x86-ENU.EXE /PASSIVE /NORESTART REM Silverlight 1.0 START /WAIT SILVERLIGHT.EXE /Q REM Network Diagnostic Tool START /WAIT WindowsXP-KB914440-v12-x86-ENU.EXE /PASSIVE /NORESTART REM WS-Management v1.1 START /WAIT WindowsXP-KB936059-x86-ENU.EXE /PASSIVE /NORESTART REM Windows Rights Management Services Client with Service Pack 1 START /WAIT WindowsRightsManagementServicesSP1-KB839178-Client-ENU.EXE /PASSIVE /NORESTART
===========================
Link Layer Topology Discovery (LLTD) Responder
How do I search for computers using Windows 7
Windows 2003 R2 Network Visibilty - Forum
Link Layer Topology Discovery (LLTD) Responder
How do I search for computers using Windows 7
Windows 2003 R2 Network Visibilty - Forum
- Installing Link Layer Topology Discovery (LLTD) on Windows Server
- KB 922120 - LLTD (Link Layer Topology Discovery) protocol support
- Why doesn't Windows 2003 R2 Standard Edition like Vista
- Hide your Vista Computer on the Network
- Getting XP Computers to Appear on Network Map
- Installing Link Layer Topology Discovery (LLTD) on Windows XP
- How to include Windows XP computers in your Vista or Windows 7 network map
What is a Network Map?Having multiple computers in the same home, or small office, is common. It’s becoming a rule, rather than an exception. Moms, Dads, and children all want to be online simultaneously as they work and play. As the number of computers increase so does the complexity of the network. Vista introduced a useful feature called Network Map. Network Map is a graphical map of the network showing locations, connections, and other basic network information.Sounds great, doesn’t it? Well you just knew it couldn’t be that simple! Since Network Map was introduced in Vista it isn’t compatible with XP by default. This means only computers running the Vista and later operating systems show in the map. The screenshot below is of the Network Map. In the map you can see HP-DV9500 is connected wirelessly (dotted line) to the router, which has a wired connection to my ISP. Also notice that computers using operating systems other than Vista do not show in the map, but are listed below as “can not be placed in map”. The ZD7020 is running XP and the Server is running Windows Home Server, neither of which can be mapped by Vista or Windows 7.[...] look for the rest! - Layer by Layer Troubleshooting with a Cisco Router
Networking with different Windows
New features and functionality in PortQry version 2.0 (for NT5.2)
Networking home computers running different versions of Windows
Make sure your firewall allows file and printer sharing
Note
Consider using password-protected sharing
----------------
If you are using any third party firewall, you may contact the security software manufacturer and check how to change the settings for you to use remote desktop
Remote desktop or Terminal services use TCP port 3389, not port 137.
Port assignments for TCP and UDP.
http://technet.microsoft.com/en-us/library/cc959833.aspx
Service overview and network port requirements
Networking home computers running different versions of Windows
If your network contains computers running different versions of Windows, put all computers in the same workgroup Let's assume that you've already set up the physical network itself. If you haven’t, see What you need to set up a home network.
Set the network location to Home or Work
After your network is set up, the next step is
to fine-tune it so that all the computers can find each other—something
you'll need if you want to share files and printers.
If computers running Windows XP
are part of your network, it’s important to use the same workgroup name
for all of the computers on your network. This makes it possible for
computers running different versions of Windows to detect and access each other. Remember that the default workgroup name is not the same in all versions of Windows.
To find or change the workgroup name on a computer running Windows XP
-
Click Start, right-click My Computer, and then click Properties.
-
In System Properties, click the Computer Name tab to see the workgroup name. To change the name, click Change, type the new name in Computer name, and then click OK.
To find the workgroup name on a computer running Windows Vista or Windows 7
Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
-
The workgroup name is displayed under Computer name, domain, and workgroup settings.
To change the workgroup name on a computer running Windows Vista or Windows 7
Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
-
Under Computer name, domain, and workgroup settings, click Change settings.
-
In System Properties, on the Computer Name tab, click Change.
-
In Computer Name/Domain Changes, in Workgroup, type the name of the workgroup you want to use, and then click OK. You will be prompted to restart your computer.
Next, check the network location on all computers running Windows Vista or Windows 7. The network location is a setting that allows Windows
to automatically adjust security and other settings based on the type
of network that the computer is connected to. For more information, see Choosing a network location.
There are four network locations:
-
Home. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most home networks fall into this category. HomeGroup is available on networks with the Home network location.
-
Work. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most small business networks fall into this category.
-
Public. The computer is connected to a network that's available for public use. Examples of public network types are public Internet access networks, such as those found in airports, libraries, and coffee shops.
-
Domain. The computer is connected to a network that contains an Active Directory domain controller. An example of a domain network is a network at a workplace. This network location is not available as an option and must be set by the domain administrator.
For your home network, make sure that the network location type is set to Home. Here's how to check:
-
Open Network and Sharing Center by clicking the Start button , and then clicking Control Panel. In the search box, type network, and then click Network and Sharing Center.
The network location type is displayed below the network name.
If your network type is public, click Public network, and then select the network location you want.
Warning
You should only change a network to Home or
Work if it's a known and trusted network, such as your home or small
business network. Changing a network in a public place to Home or Work
can be a security risk because it allows other people on the network to
see your computer.
If you're using Windows Firewall, you can skip this section, because Windows Firewall automatically opens the correct ports for file and printer sharing when you share something or turn on network discovery. (For more information about network discovery, see What is network discovery?)
If you're using another firewall, you must open these ports yourself so
that your computer can find other computers and devices that have files
or printers that you want to share.
To find other computers running Windows Vista or Windows 7, open these ports:
-
UDP 3702
-
UDP 5355
-
TCP 5357
-
TCP 5358
To find other computers running earlier versions of Windows, and to use file and printer sharing on any version of Windows, open these ports:
-
UDP 137
-
UDP 138
-
TCP 139
-
TCP 445
-
UDP 5355
To find network devices, open these ports:
-
UDP 1900
-
TCP 2869
-
UDP 3702
-
UDP 5355
-
TCP 5357
-
TCP 5358
To make HomeGroup work correctly between computers running Windows 7, open these ports:
-
UDP 137
-
UDP 138
-
TCP 139
-
TCP 445
-
UDP 1900
-
TCP 2869
-
UDP 3540
-
TCP 3587
-
UDP 3702
-
UDP 5355
-
TCP 5357
-
TCP 5358
Turn on additional file and printer sharing options
By changing your network location to Home or
Work, network discovery is automatically turned on . You can also turn
on these sharing options individually:
-
Network discovery
-
File sharing (in Windows 7, this is automatically turned on when you share a file or folder)
-
Public folder sharing
When you turn on these options, your computer can:
-
Find other computers and devices on your home network and have other computers find your computer
-
Share its files and folders
-
Share its Public folders
Note
Password-protected sharing is a special option that's discussed below.
To turn on network discovery, file and printer sharing, and public folder sharing in Windows 7
Open Advanced sharing settings by clicking the Start button , and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.
Open Advanced sharing settings by clicking the Start button , and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.
-
Click the chevron to expand the Home or Work network profile.
-
Select the options to turn on network discovery and file sharing.
-
Under Public folder sharing, do one of the following:
-
To share your Public folders so that people on other computers on the network can open files in them but can't create or change files, click Turn on sharing so anyone with network access can open files.
-
To share your Public folders so that people on other computers on the network can open files in them and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files.Click Save changes. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
-
To turn on network discovery, file sharing, public folder sharing, and printer sharing in Windows Vista Open Network and Sharing Center in Control Panel.
-
Under Sharing and Discovery, click the chevron next to File sharing to expand the section, click Turn on file sharing, and then click Apply. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
-
Click the chevron next to Public folder sharing to expand the section, and then do one of the following:
-
To share the Public folder so that people on other computers on the network can open files in it but can't create or change files, click Turn on sharing so anyone with network access can open files, and then click Apply. If you're prompted for an administrator password or confirmation, type the password or provide confirmation. This is the default setting.
-
To share the Public folder so that people on other computers on the network can open files in it and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files, and then click Apply. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
-
-
Click the chevron next to Printer sharing to expand the section, click Turn on printer sharing, and then click Apply. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Password-protected sharing is a more secure
method of sharing files and folders on a network, and it is enabled by
default. With password-protected sharing enabled, people on your network
can't access shared folders on other computers, including the Public
folders, unless they have a user name and password on the computer that
has the shared folders. They will be prompted to type a user name and
password when accessing the shared folders.
For quicker access, you might want to have
matching user accounts on all your computers. For example, Dana wants to
use password-protected sharing to more securely share files and
printers between her two computers. On Computer A, she has the user
account "Dana22" and the password "Fly43$." If she sets up that same
user account and password combination on Computer B, she can more
quickly access shared files on Computer B. If Dana changes the password
on one of these computers, she must make the same change on the other
computer.
To turn on password-protected sharing in Windows 7
-
Open Advanced sharing settings by clicking the Start button , and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.
-
Click the chevron to expand the Home or Work network profile.
-
Under Password protected sharing, click Turn on password protected sharing, and then click Save changes. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on password-protected sharing in Windows Vista
-
Open Network and Sharing Center in Control Panel.
-
Under Sharing and Discovery, click the chevron next to Password protected sharing to expand the section, click Turn on password protected sharing, and then click Apply. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
To share a file or folder
In any version of Windows, you can right-click a file or folder, click Share,
and then select the people or groups you want to share with. You can
also assign permissions so that those people can or cannot make changes
to the file or folder you shared. For more information, see Share files with someone.
Using the network map
The network map in Network and Sharing Center is
a graphical view of the computers and devices on your network, showing
how they're connected and including any problem areas. This can be
helpful for troubleshooting. Before a computer running Windows XP
can be detected and appear on the network map, you might need to
install the Link-Layer Topology Discovery (LLTD) protocol on that
computer. For more information, go to Network Map Does Not Display Computers Running Windows XP on the Microsoft website.
If the LLTD protocol is installed but computers running Windows XP still don't appear on the network map, firewall settings could be preventing Windows
from detecting them. Check the firewall settings and make sure that
file and printer sharing is enabled. To learn how to do this, if you're
using Windows Firewall, open Help
and Support and search for "Enable file and printer sharing." Open the
Help topic, and then scroll to the end. If you're using another
firewall, check the information that came with your firewall.
- Do you have any third party firewall installed on the computer or are you using Windows Firewall?
- Were you able to access remote desktop connection on this computer earlier?
- Did you make any changes to the computer before this issue started?
However, if you are using Windows Firewall and if
Windows Firewall is blocking a program and you want to allow that
program to communicate through the firewall, you can usually do that by
selecting the program in the list of allowed programs
(also called theexceptions list) in Windows Firewall.
Access the links below and follow the steps to troubleshoot the issue and add the program to exception list.
A port stays open all the time, so be sure to close ports that you don't need open anymore.
-
Open Windows Firewall by clicking the Start button , and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
-
In the left pane, click Advanced settings. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
-
In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.
-
Follow the instructions in the New Inbound Rule wizard.
If you’re having trouble allowing other computers to communicate with your computer through Windows Firewall, you can try using the Incoming Connections troubleshooter to automatically find and fix some common problems.
Open the Incoming Connections troubleshooter by clicking the Start button , and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Click View all, and then click Incoming Connections.
For information about advanced firewall troubleshooting, see Windows Firewall with Advanced Security Troubleshooting Guide: Diagnostics and Tools and Troubleshooting Windows Firewall settings in Windows XP Service Pack 2 for advanced users.
----------------
If you are using any third party firewall, you may contact the security software manufacturer and check how to change the settings for you to use remote desktop
Remote desktop or Terminal services use TCP port 3389, not port 137.
Port assignments for TCP and UDP.
http://technet.microsoft.com/en-us/library/cc959833.aspx
Service overview and network port requirements
Tuesday, January 17, 2012
Reset Roaming Profile and Folder Redirection Permissions
Source
[...]
Resetting Permissions
If you run into permission issues, first make sure your parent folder permissions are correct as defined above.
If you need to reset permissions on a user folder, you will first need to take ownership of the entire folder, then reset permissions, then assign ownership back to the user. While it is possible to do this in the GUI, if you need to do it for lots of users, you’ll want to develop a script. Starting from Richard Teachout’s article, I came up with the following approach. Notes:
D:\RoamingProfiles
D:\RoamingProfiles\UserDocs
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserProfiles
D:\RoamingProfiles\UserProfiles\User01
D:\RoamingProfiles\UserProfiles\User01.V2 – used by new Windows 7 profile folder redirection
D:\RoamingProfiles\UserProfiles\User02
D:\RoamingProfiles\UserProfiles\User02.V2
The ScriptBased on that structure, I created my script in the D:\RoamingProfiles folder, and assumed it would be run with a single parameter, the %UserName%. Here are the basic commands. As always, use at your own risk!
[...]
[...]
Resetting Permissions
If you run into permission issues, first make sure your parent folder permissions are correct as defined above.
If you need to reset permissions on a user folder, you will first need to take ownership of the entire folder, then reset permissions, then assign ownership back to the user. While it is possible to do this in the GUI, if you need to do it for lots of users, you’ll want to develop a script. Starting from Richard Teachout’s article, I came up with the following approach. Notes:
- You can use the built-in utility takeown to assign ownership to Administrators. However in order to assign ownership back to end users, you’ll need to download and install subinacl.
- For permission assignment, you can use the built-in cacls utility. Although Mr. Teachout recommended the /G parameter to grant permissions, I had better luck with the /P parameter to replace permissions. This hopefully takes care of the odd permission on some profiles where the user has full access to the top folder only.Using /G on that kind of folder generates errorlevel 13 and the message "The data is invalid".
D:\RoamingProfiles
D:\RoamingProfiles\UserDocs
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserDocs\User01
D:\RoamingProfiles\UserProfiles
D:\RoamingProfiles\UserProfiles\User01
D:\RoamingProfiles\UserProfiles\User01.V2 – used by new Windows 7 profile folder redirection
D:\RoamingProfiles\UserProfiles\User02
D:\RoamingProfiles\UserProfiles\User02.V2
The ScriptBased on that structure, I created my script in the D:\RoamingProfiles folder, and assumed it would be run with a single parameter, the %UserName%. Here are the basic commands. As always, use at your own risk!
[...]
VPN Can’t Ping from LAN to LAN
Source
Unfortunately after configuring the VPN, I could ping from the router
to the other LAN, but I could not ping from one LAN to the other LAN.
Not good!
I got lots of help from the VPN and VLAN and authors. Long story short: the VLAN setup was not allowing packets on the local LAN to be forwarded to the VPN tunnel.
The solution is to manually add a one-line forwarding instruction to
each router. The exact instruction depends on which VLAN you wan to
route to which VPN tunnel.
The VLANs are listed under Advanced > VLAN. Choose the Bridge name for the VLAN you want to connect.
The tunnels are named as follows: tun11 = OpenVPN Client1, tun12 =
Client2, tun21 = Server1, and tun22 = Server2. You can see which tunnel
is active under Advanced > Routing. This screen shot is from my
OpenVPN server:
On both the client and sever, my main LAN (that I want to share
across the VPN) is on br0. The server is tun21 and the client is tun11.
So on the OpenVPN server router, I ran this instruction from Tools >
System:
iptables -A FORWARD -i br0 -o tun21 -j ACCEPT
and on the OpenVPN client router I ran this instruction:
iptables -A FORWARD -i br0 -o tun11 -j ACCEPT
Voila! Bi-directional ping happiness, from server’s LAN to client’s LAN and vice-versa.
To make the instructions “sticky,” save the corresponding instruction
in Administration > Scripts > Firewall on each router, and reboot
the router.
This functionality may eventually become “standard” or part of the
GUI, but for now, a pair of simple instructions lets you use OpenVPN on a
router running VLANs.
runas command
You’ll need admin privileges to stop and start a service.
On XP, you can use a command like this:
runas /noprofile /env /user:Administrator cmd
You will be prompted for the Administrator password, and a new command window will open.
Ping request could not find host
Fix for Ping request could not find host "FQDN of server" Error
I can ping by their IP address but not by their name
ping 192.168.1.3 --works
ping familypc --doesn't work
Ping request could not find host ___ Please check the name and try again
Solution
Need to setup WINS server or service on one of the computer. Or if
you're using one of those gateway/router for internet sharing, you can
set your wins server as that since it has capabilities of DHCP
Best solution
Windows firewall was blocking port 137. After unblocking it worked fine.
At command prompt
ping myserver.mydomain.local
I get back the message “Ping request could not find host
myserver.mydomain.local. Please check the name and try again.”
An nslookup works fine, so I know the SBS server is there and is responding to DNS requests.
In fact, I can “ping myserver” without problems. But for some reason, pinging the fully-qualified internal name doesn’t work.
Sometimes, I can just type “ipconfig /flushdns” to clear this up.
Today that didn’t work. However once I actually stopped and started the
DNS cache, ping started working
net stop DNScache
net start DNScache
net start DNScache
---------
Windows XP Home SP3. “PING name” does not find the host, and “PING
ip-address” works fine. Also, “NSLOOKUP name” and also “NSLOOKUP name
dns-server-ip-address” both work fine; that is NSLOOKUP works using it’s
own default, and also using any valid DNS server I specify. But, PING
and various other software like browsers, anti-virus, and pretty much
any other name-dependent software will not function.
--------
Can still ping both ways by IP addr but not by computer name and hence
Network Neighborhood only shows the source PC name, and can not see the
other shared folders
---------------
Are NSLOOKUPs resolving the names correctly? Does it help if you stop then start the “DNS Client” service (not just “DNSCache”)?
Despite multiple cache clearings, browsers can't find it either (it's an
internal website). I am suspecting this is why. I am not sure how,
after several /flushdns and /registerdns, if nslookup finds it right
off, why can't anything else..?
--------------------------
nslookup does not use the same references as ping
nslookup does not use the same references as ping
Ping will directly query the DNS server defined in ipconfig
nslookup will quiery the DNS server, on the AD domain controller your security was authenticated on.
Ping simply asks DNS give me the ip so I can ping it.
Their is no record in DNS for a myhost PC. But the code within the AD DNS schema has a refernce for a nslookup so you are returned the address of your authentication server..
If you invoke nslookup and put a x in front of it, you will get a > prompt. Type in a question mark at the prompt and you can see the switches to get the info you need with nslookup.
nslookup will quiery the DNS server, on the AD domain controller your security was authenticated on.
Ping simply asks DNS give me the ip so I can ping it.
Their is no record in DNS for a myhost PC. But the code within the AD DNS schema has a refernce for a nslookup so you are returned the address of your authentication server..
If you invoke nslookup and put a x in front of it, you will get a > prompt. Type in a question mark at the prompt and you can see the switches to get the info you need with nslookup.
---------------------------
Win 2k3 'Round Robin' setting
I didn't set this box up - looking at the DNS settings, i see it's set for round robin.
configured on the workstations? To clarify, on your workstations, do you
have the primary DNS server as the ADC and a secondary DNS server ip
that points to a non-Active Directory DNS server?
Answer
On Windows 2000 and later, if a request to your primary DNS server times out, it switches to the secondary DNS server and stays with it for a period of time. However, nslookup always connects to the primary.
Take a look at this article and be sure to read the part about caching negative responses.
Answer
On Windows 2000 and later, if a request to your primary DNS server times out, it switches to the secondary DNS server and stays with it for a period of time. However, nslookup always connects to the primary.
Take a look at this article and be sure to read the part about caching negative responses.
Windows contains a client-side Domain Name System (DNS)
cache. The client-side DNS caching feature may generate a false impression that
DNS "round robin" is not occurring from the DNS server to the Windows client
computer. When you use the ping command to search for the same A-record domain name, the client
may use the same IP address. This behavior is different from Microsoft
operating systems earlier than Windows 2000. These operating systems do not
include the client-side DNS caching feature. This article describes how to
disable DNS caching.
Note This article refers to the client portion of DNS. Do not use this information for making changes to DNS servers.
Note This article refers to the client portion of DNS. Do not use this information for making changes to DNS servers.
To stop DNS caching, run either of the following commands:
- net stop dnscache
-or- - sc servername stop dnscache
To disable the DNS cache permanently in Windows, use the
Service Controller tool or the Services tool to set the DNS Client service
startup type to Disabled. Note that the name of the Windows DNS Client service
may also appear as "Dnscache."
Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.
The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.
When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.
You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the Hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.
Note The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.
The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.
When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.
You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the Hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.
[...]
Subnet Prioritization
The Windows XP DNS resolver also uses Subnet Prioritization. If
the resolver receives multiple IP address mappings (A resource records) from a
DNS server, and some of the records have IP addresses from networks to which
the computer is directly connected, the resolver places those resource records
first. This behavior reduces network traffic across subnets by forcing
computers to connect to network resources that are closer to them.
Although subnet prioritization does reduce network traffic across subnets, in some cases you may prefer to have the round robin feature work as described in RFC 1794. If so, you can disable the Subnet Prioritization feature on your clients by adding the
Although subnet prioritization does reduce network traffic across subnets, in some cases you may prefer to have the round robin feature work as described in RFC 1794. If so, you can disable the Subnet Prioritization feature on your clients by adding the
PrioritizeRecordData
registry entry with a value of 0 (REG_DWORD data type) in the
following registry key:
For additional information, click the following article numbers to view the
articles in the Microsoft Knowledge Base:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
297510
How to Modify Time to Live on Domain Name System Records
286834
The DNS Client Service Does Not Revert to Using the First Server
For more information, see the Microsoft Windows XP Professional
Resource Kit Documentation, chapter "DNS Caching, Network Prioritization, and
Security."
Reply
We have no secondary internal DNS, and had round-robin set on the DNS
server: i already turned that off. We are serving 2nd/tertiary DNS
servers via DHCP to client workstations. I've turned off neg caching
for all stations, serving a .reg via GPO. So far, on my own machine, i
have seen no issues. Since this has been sporadic, it'll likely be a
few days before i know it's gone for good.
I'm hoping this will also clear up the weird sudden-loss-of-shares and exchange issues
I'm hoping this will also clear up the weird sudden-loss-of-shares and exchange issues
...
So: it is NOT resolving the CNAME correctly, but when asked about the
machine itself, data, it resolves to the correct IP, and then the CNAME
resolves "thru" the machine name to the target IP.
I incremented the serial the last time i made DNS changes. I made the above-suggested zero-neg-cache registry change. I have rebooted the machine and ensured all settings are current and policies are being applied.
I incremented the serial the last time i made DNS changes. I made the above-suggested zero-neg-cache registry change. I have rebooted the machine and ensured all settings are current and policies are being applied.
DNS resolve problem with ping but not nslookup
windows XP SP3
my PC was not able to resolve DNS with most internet software
I tried pinging google and it also fails.
ping www.google.com
Ping request could not find host www.google.com. Please check the name and try again.
But nslookup can still work
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1
Non-authoritative answer:
Name: www.l.google.com
Addresses: 209.85.165.103, 209.85.165.104, 209.85.165.147, 209.85.165.99
Aliases: www.google.com
------------------
Ping isn't going to work with many of the external host sites, so this is normal. If you can do an nslookup on a site, then dns is resolving correctly.
------------------
tenroc2o0o:
I've had the exact same issue on two computers and until I read this
form it didn't occur to me it might have to do with SP3. I had just
deployed SP2 & SP3 via group policy to over 40 PCs at my clients
location while joining all of their computers to the new active
directory network.
Basically, unless I use nslookup, DNS doesn't work. This includes
Firefox, Internet Explorer, as well as internal active directory lookups
to authenticate usernames and passwords against the domain. Noone
could log on to the computer as a domain user - had to logon as local
admin to work on it.
This means I could, say, "nslookup myserver.mydomain.local", get the IP, and then manually ping the IP and get a reply.
However, if I said "ping myserver.mydomain.local" it would say "Ping
request could not find host myserver.mydomain.local. Please check the
name and try again."
To me, basically this means nslookup can query because it simply opens a
winsock connection on the DNS port and gets a query itself, whereas
ping, IE, Firefox, and Windows itself for active directory domain
authentication all cannot since they use the DNS Client service.
I had this same problem on now two computers. The first one, which I
worked on earlier this week, I ended up formatting the computer to fix.
I tried specifying a static IP & DNS instead of using DHCP.
I tried uninstalling/reinstalling the network adapter.
I checked the Winsock using LSPFix to make sure there weren't any files missing or malware.
I checked hijackthis log for other malware - all clean.
I tried resetting all of the registry entries for the TCP/IP stack using
netsh int ip reset c:\resetlog.txt
SP3 reinstallation fixed all of the DNS query issues.
It's worth noting that even though DNS didn't work, WINS and NetBIOS
still did so I could still connect to our server via \\myservername (or
by IP of course). (whereas \\myservername.mydomainname.local did not
because that's a DNS entry)
I just connected to my server & ran the SP3 update again and it fixed all of the DNS resolution problems.
----------------
Linux
I got the same problem with my two new virtual redhat and suse. It was
the directory LDAP client which was the problem. Now both servers are
running correctly.
If using linux (redhat or suse):
look at nsswitch.conf & ldap.conf
1) put "bind_policy soft" in /etc/ldap.conf
2) nsswitch.conf must minimum have:
passwd: compat
group: compat
hosts: files dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files nis
aliases: files
3) reboot
4) check with: ping, nmap localhost.
5) now you can enable your ldap client again. (RH: authconfig ; suse: yast2 ldap). It will modify your nsswitch.conf
-------------------
pings and nslookup problems are not related to AD, rather they are based
on the client's network configuration and the client side resolver
service
Subscribe to:
Posts (Atom)