﷽
برای پیروزی بر دشمن مقابلمان و برای حفظ خود در فتنههای آخرالزمان به یک راهبرد هوشمندانه نیازمندیم و قویترین راهبرد با شناخت چرایی رفتار دشمن و جهانبینی او میسر است
ایتا و تلگرام: @sarbazemahdi39
کانال ایتا سرباز مهدی عج:
https://eitaa.com/sarbazemahdi39
کانال تلگرام سرباز مهدی عج:
https://t.me/sarbazemahdi39
گروه چت تلگرامی سربازان امام زمان عج امام مهدی عجل الله تعالی فرجه الشریف بحث و گفتگو
گروه تلگرامی سربازان مهدی عج | گفتگو و بحث دینی و مذهبی و علمی
https://t.me/sarbazemahdi39gap
Networking Pupil
Let others know this Blog!
منابع خوبی برای آشنایی با مهدویت و مسائل ظهور
How to troubleshoot a DHCP server?
DHCP can also be cause of a problem in network. take the following steps to resolve the DHCP problem:
1- DHCP Server Must has a static IP moreover we Must authorize DHCP server to start in AD and also we need to active the scope.
a. Note: sometimes we need reauthorize or deactivate and reactivate the server for solving a problem.
2- If we faced with run out of addresses maybe we need to decrease the lease time so IPs release sooner.
a. Another reason for decreasing the lease time is when we changed some of our policy like IP range (check superscopes and migration in below) and we want changes take place as soon as possible.
3- After a major DHCP failure when we don’t have backup we need to rebuild the scopes but in this time we must turn on Conflict Detection (before the server assigns an IP, It pings that IP to be sure that IP is not in use) for diagnosing the problems of DHCP we can check DHCP logs or check Network Monitor to make sure that server make DHCP Packet or not.
At the most attempts for major problems advised be 2
4- Sometimes wrong binding is an issue for DHCP server check Bindings that is showed in top figure, e.g.: if our server has several interfaces, which one want to give the service, does our external interface which is open to internet, is bound to DHCP? If it is bound uncheck it and just check the interface which is dedicated to give the dhcp service.
5- Sometimes it happened that a client plugged a device to the network which it has DHCP server on itself (like ICS/Internet Sharing) and it caused some problem in the network for that we can run DHCPLOC from support tools from win2k3 CD that shows location of DHCP.
6- Another issue is some internal firewalls(like ICF), Ensure UDP ports 67 and 68 are not blocked
7- In some scenario we see all clients from a switch cannot get IP from DHCP, we should check the switch has Broadcast Storm intelligent technology which blocks all broadcast enquiries or not.
8- DHCP for standalone server who are not members of domain called DHCPINFORM that they announce the presence of DHCP but as soon as other DHCP servers announce they give same scope service first one will stop leasing address
9- We cannot have two same DHCP Scopes on two servers because they overlap each other and that cause a server crash. So DHCP scope redundancy cannot be happened. But we can split a subnet between two segregate scopes and each server has one scope to lease addresses, in this case we can have both scopes in each server but we must activate one of them (cross purpose) and keep another one inactivated for redundancy purposes.
10- DHCP not only provides dynamic IP addresses for client computers but also it can bind/give a static IP address for specific MAC address such as Servers, Printers and other devices which need a static address. DHCP do that through Reservation in the scope what we do is just right-click on Reservation -> New Reservation-> put a reservation name, IP and MAC address(MAC address doesn’t need its hyphens)
11- DHCP can hold scopes for remote subnets, (we know DHCP is broadcast based and Routers block broadcasts) in this scenario we can do any of below solutions
a. Make routers to forward DHCP requests (some routers have BOOTP forwarding ability) to the DHCP server
b. Configure a DHCP Relay Agent in remote subnets (DHCP Relay Agent included in Routing and Remote Access/RRAS) we should be aware that we must bind relay agent to an interface in RRAS because it somehow works as a bridge
c. DHCP Relay Agent installing:
Select the interface which is hearing to broadcast requests
DHCP Relay Agent is ready to giving service
12- Reconcile database scopes for fixing any inconsistencies
13- Backup from DHCP database
14- We can use NETSH command for scripting or managing DHCP by command line
Superscope: bring multiple scopes together for one physical network
15- If we want to use two logical subnet in one physical subnet (VLAN for decrease the impact of broadcast domain on network bandwidth) we need to make two segregate scope and associate the two scopes within one superscope then we need to have a router (or switch layer3) that can route between two subnets.
16- We can use superscopes for Migration goals, e.g.: we have an old class C scope and we need to make a new class B scope due to expanding the company, in this case we need to make a new class B scope and associate it with old scope under a superscope.
Remote Access Troubleshooting
Remote Desktop, Remote Assistance, Remote Connection and in general Remote Access is one of the most common IT problems in customer support service area. you can find step-by-step guide to fix and repair your remote access issues in following:
1- Reset the service: Takes everything back to default (Removes all configurations and registry settings but it does not want to remove your remote access policies)
2- For resource access problems: Are your users able to connect but they do not have access on resources?
a. Be sure routing is configured on the remote access server (Enable IP routing) if IP range of your users differs from your internal IPs
b. Be sure IP addresses are available, if you use DHCP, check you have at least 10 IP addresses that are not assigned to resources.
3- If you have a connectivity issue: check Routing and Remote Access (RRAS) console to make sure that enough ports are available, maybe you need setup a multiple RRAS server
4- Remote Access Security:
a. Don’t use DC as RRAS server because it can compromise your data on the internet, try to use a dedicated server for your RRAS server
b. Use L2TP/IPSec whenever possible
c. Use Certificate, Smart card, Strong Passwords, Require MS-CHAP v2
d. Configure Packet filters to allow only VPN traffic:
i. PPTP uses TCP port 1723 and protocol 47
ii. L2TP/IPSec, UDP ports 500, 1701, 4500
RRAS:
1- Recheck your configurations
2- Routing Problem
a. Confirm IP forwarding
b. Confirm TCP/IP, maybe your IP range has problem or maybe someone turns on route DHCP server and it cause some conflicts
c. Confirm RIP versions
Demand-Dial:
1- Ensure ports are enabled for inbound and outbound
2- Are you using PPTP but you didn’t enable it for inbound and outbound
3- Ensure LAN and demand-dial routing option is enabled
4- Ensure both the user account and password are correct. Your password should never expired and use complicate password to prevent of any password cracking
NAT:
1- Ensure that public and Private interfaces are specified correctly
2- If using multiple public IP, Ensure they are right
3- Ensure DHCP server or allocator is working correctly
4- Is the basic firewall blocking traffic?
For most of RRAS services you can use of Logging/Monitoring:
· Event logging can be turned on at multiple locations inside RRAS
o Basic RRAS logs
· Tracing logs
o Show protocol information as it happens
o You can enable them by editing: HKLM\Software\Microsoft\Tracing\
· Network Monitor
1- You can go in Server properties in RRAS by right-clicking on the name of your server --> logging tab --> and select what level of logging do you want and mark “Log additional RRAS information” for more helpful detail
2- Also you can go in Security tab and configure “Accounting Provider” to have information for who logged in, who wanted to logged in but couldn’t do that, these logs are available under “Remote Access Logging” under your server name in RRAS console --> local File properties will give you another options. If you selected that your logs files will saves as IAS format, there is a tool in the “windows support tools” which can decrypt IAS logs and open them in excel or something like that and see its information and find why somebody cannot connecting
3- And also there are some other logging options under some services of RRAS for example if you go in properties of “NAT/Basic Firewall” in its general tab there are some logging option
4- You can enable trace logging by editing: HKLM\Software\Microsoft\Tracing\
a. For instance go to HKLM\Software\Microsoft\Tracing\PPP and change value of EnableFileTracing to 1 means it is enabled and read Point-to-Point logs in %windir%\tracing
Search
Categories
- Active Diretory Directory Service (AD DS) (4)
- Addressing (4)
- Class (6)
- Concept (17)
- Devices and Symbols (18)
- Diagnosing (9)
- Home Network (11)
- Internet (6)
- IT support (4)
- Protocol (17)
- Scripting (1)
- Security (6)
- Services (18)
- Standard (6)
- Storage (10)
- Technology (7)
- Topology (1)
- Troubleshooting (12)