Wingate Transition from 6x to 8x Server 2012 Essentials

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Wingate Transition from 6x to 8x Server 2012 Essentials

Postby Nev » Jun 13 16 12:08 pm

'Morning all on the QBIK board.

After a long time our servers' are in upgrade to Wingate 8x on HP hardware and Windows Server 2012 Essentials.

The first one to go into production has become unstable and I have a question which might reduce my build time if you could suggest an answer!

After a random period of client usage (varying from minutes to several hours at most); The external link to the router becomes disabled or at very best unresponsive; This forces a reset.

Today I have thought to override the MTU to 1450 and am trialling that.

The correct HP / Broadcom drivers are applied and the Internal NIC does not have a gateway or DNS entry, also I turned off the MS Firewall (although not sure this is still required - please comment?).

Here is a snippet from the Global Log:

404 12/06/2016 22:18:20.362 192.168.0.1 DNS Client 6660 434 warning 0 response code 3 (NXNAME) from 100.100.100.200, processing aborted for query: wingate (type A)
405 12/06/2016 22:18:20.365 192.168.0.1 DNS Client 6660 435 warning 0 response code 3 (NXNAME) from 100.100.100.200, processing aborted for query: wingate (type A)
1 12/06/2016 22:31:26.029 Active Directory 8476 warning 0 Search failed, error 8007203E
2 12/06/2016 22:33:08.164 192.168.0.1 DNS Client 7904 6 warning 104 No usable servers for request - rejecting
4 12/06/2016 22:33:33.820 192.168.0.1 DNS Client 7904 9 warning 104 No usable servers for request - rejecting
7 12/06/2016 22:37:05.667 192.168.0.1 DNS Client 7904 18 warning 104 No usable servers for request - rejecting
1 13/06/2016 8:35:41.167 Active Directory 2136 error 1 Failed to obtain domain information with DsGetDcName : error 1355, this computer may not be connected to a domain. This provider will not be available
2 13/06/2016 8:35:41.480 WinGate Engine 2136 Startup warning 0 WinGate started after an unsafe shutdown
3 13/06/2016 8:35:41.558 DNS Client 3336 1 warning 0 response code 3 (NXNAME) from 100.100.100.200, processing aborted for query: test-9580ad85-1780-4543-8f34-20e0a7dbe5b4.dnsloopcheck.qbik.com (type A)

(Router is the .200 IP // static server external NIC is .100 IP // I have always used this private range on my external NICS and hope it isn't the culprit and I am using Wingate DNS for simplicity at this stage.).
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby adrien » Jun 14 16 10:30 am

Hi Nev

looks like there's most likely some sort of DNS configuration problem on that computer making its domain connectivity problematic.

We've also seen in some cases that missing records in the AD DNS server can cause this sort of problem as well.

Does your LAN NIC have the AD DNS server set in its DNS as the first DNS server?

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby Nev » Jun 14 16 11:56 am

Hello Adrien,

Thank you for the reply; There is no DNS set for the internal NIC; However when it is configured a dialogue reports that; "as MS DNS is configured, that it will be the Name Server for this computer", so as I said before it looked as though there was a loop I disabled MS-DNS and used Wingate's resolver.

Yesterday I ran a simple load test on the outbound NIC and it worked for about six hours without fault; Other news is that the O/s has hit a major roadblock with a client database (nowt' to do with Wingate of course) and the server has been de-commissioned until a path is found around this aspect.

Oh; Should the MS firewall be off with Wingate 8?
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby MattP » Jun 14 16 1:34 pm

Hi Nev,

Actually we've found that disabling the Windows firewall can cause problems too, so we normally just leave it enabled now and make sure there is an exception in there for WinGate.

Regards,

Matt
MattP
Qbik Staff
 
Posts: 991
Joined: Sep 08 03 4:30 pm

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby adrien » Jun 14 16 1:40 pm

Is that server also the AD domain controller or AD DNS server?

If so then you do need loopback set on the internal NIC, and you won't be able to run WinGate's DNS server.

AD is based on DNS and LDAP, if you don't run MS's AD DNS server, your domain won't work.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby Nev » Jun 15 16 6:20 pm

MattP wrote:Hi Nev,

Actually we've found that disabling the Windows firewall can cause problems too, so we normally just leave it enabled now and make sure there is an exception in there for WinGate.

Regards,

Matt


Hi Matt,

Yes I noticed that the Windows Firewall was seamless alongside Wingate in a dev' server so I will enable it when this project is resumed - thanks.
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby Nev » Jun 15 16 6:22 pm

adrien wrote:Is that server also the AD domain controller or AD DNS server?

If so then you do need loopback set on the internal NIC, and you won't be able to run WinGate's DNS server.

AD is based on DNS and LDAP, if you don't run MS's AD DNS server, your domain won't work.

Adrien


Thanks Adrien, that makes sense for how it was prior to Wingate 8, yes it is AD controller so it will need the service enabled and Wingate's disabled, when the project is taken past the other roadblock.

Cheers //
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Re: Wingate Transition from 6x to 8x Server 2012 Essentials

Postby Nev » Oct 07 16 5:30 pm

Hi all,

Back onto this project and its roadblocks !

I have deprecated the server role to a Workgroup where Wingate will be DNS due to network client size (12 users').

My question(s) are:

1. Locally there has been a reliance on POP Mail internally, is there a way to continue using this without the "Allow POP3 proxying" magic button? Having said that, I prefer not to have to configure all the clients to another POP3 port (eg: 8111) just for local mail and provide KAV mail scanning on that traffic too.

2. Can the Console be opened similar to V6? I seem to need to type my credentials for password every access session, if not, could this be provisioned?; Unless it is a security risk.

3. Another aspect to deal with is that the enterprise handles three domains and mail should ideally go by each SMTP relay to obtain the correct DKIM; Is this possible? EG: user9@domain#1.info goes via smtp.domain#1.info, or mail from user6@domain#3.org goes via smtp.domain#3.org // Can it be done?
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia


Return to WinGate

Who is online

Users browsing this forum: Google [Bot] and 26 guests