PS C:\>$Profile = Get-NetConnectionProfile -InterfaceAlias
PS C:\>$Profile.NetworkCategory =
PS C:\>Set-NetConnectionProfile -InputObject $Profile
Showing posts with label Server 2012. Show all posts
Showing posts with label Server 2012. Show all posts
25 Mar 2019
Changing the Profile of a Network Adaptor in Windows Server 2012
To change a particular network adaptor between profiles such as Public or Private or Domain, you can use PowerShell. Just open a PowerShell prompt and follow the commends below, ensuring you know your network adaptor name and the name of the required profile
PS C:\>$Profile = Get-NetConnectionProfile -InterfaceAlias such as "Ethernet"
PS C:\>$Profile.NetworkCategory = such as "Private"
PS C:\>Set-NetConnectionProfile -InputObject $Profile
PS C:\>$Profile = Get-NetConnectionProfile -InterfaceAlias
PS C:\>$Profile.NetworkCategory =
PS C:\>Set-NetConnectionProfile -InputObject $Profile
17 Jul 2013
Direct Access 2012 Installation Fun
We've recently upgraded our environment from Windows XP to Windows 7 Enterprise and therefore I thought it worthwhile to see what all the fuss was about regarding DA.
Instead of using UAG and Server 2008 R2, I took a shortcut and went straight for DA with Server 2012. Below are a few of the issues that I experienced and their associated fix.
Network Location Server
It's worth noting that when considering the placement of the Network Location Server, that it's not a good idea to place it on the DirectAccess server. This is due to DA configured clients, misjudging that they are outside the corporate infrastructure when the NLS is unreachable. When the NLS is unavailable they will attempt to connect to their DA server which will also be unavailable (it's the same server in this case) therefore putting the machines into a loop and disrupting their connectivity.
Do yourself a favour, build a separate NLS and consider using VMware Fault Tolerance (as an example - there are other virtualisation technologies) to ensure that it's always available in the event of a hardware failure.
General: Block the Connection
Scope: 2x External IPs
Programs and Services: Services - Network Location Awareness - NLASVC
Once configured, disable and re-enable the external interface and it should be associated with a public profile.
Instead of using UAG and Server 2008 R2, I took a shortcut and went straight for DA with Server 2012. Below are a few of the issues that I experienced and their associated fix.
Network Location Server
It's worth noting that when considering the placement of the Network Location Server, that it's not a good idea to place it on the DirectAccess server. This is due to DA configured clients, misjudging that they are outside the corporate infrastructure when the NLS is unreachable. When the NLS is unavailable they will attempt to connect to their DA server which will also be unavailable (it's the same server in this case) therefore putting the machines into a loop and disrupting their connectivity.
Do yourself a favour, build a separate NLS and consider using VMware Fault Tolerance (as an example - there are other virtualisation technologies) to ensure that it's always available in the event of a hardware failure.
When configuring the server, no matter what config I used, the 'Domain' profile was being associated with the external NIC, this is a problem due to the Network Location Awareness functionality within the Operating System which I could not resolve elegantly. After much Googling I resorted to a Block rule in the Windows Firewall.The adapter configured as external-facing is connected to a domain
General: Block the Connection
Scope: 2x External IPs
Programs and Services: Services - Network Location Awareness - NLASVC
Once configured, disable and re-enable the external interface and it should be associated with a public profile.
There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.The fix was to allow the DirectAcess server to auto enrol it's own Computer Certificate, even though a Server Authentication cert was present in it's Local Computer Cert Store. The Enhanced Key Usage on our Computer Certificate Template includes Server Authentication and Client Authentication, I believe that it's the Client Authentication that made the difference.
Subscribe to:
Posts (Atom)