I am also thinking maybe you could use a different vpn solution. I don't think I have ever heard of a company that uses the Microsoft vpn. I know Cisco has a cloud solution. Maybe they even have some sort of trial or nonprofit discount. It does seem like Windows builds in a lot of services that are there, but nobody really uses them in real life; they are just there for the books and the tests :). Best, Mika @pyyhkala -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Friday, August 25, 2017 1:30 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone? Other than I would never put Microsoft Windows in a network facing roll, especially public facing. It’s to easy to own a windows box. I think the last time I checked on average a windows box will be compromised with in 12 hours of being attached to the network. I have a copy of a defense department manual that states the only acceptable security option for Microsoft based systems is to have them disconnected from the network, locked in a room and powered off.;) Oh and linux interfaces with active directory just fine. You can emulate all windows services and be or join domains etc. Of course, use what works for you I wasn’t meaning you should change. Just commenting that your thread made me count my lucky stars that I don’t live and or work in that MS hell. And in full disclosure, I am biased because I have seen first hand (I was in the room) Microsoft Windows kill someone. (As in dead, assumed room temperature, bag him and slab him and all that). The company I worked for at the time started a migration to Solaris the very next day. So be careful.
On Aug 25, 2017, at 1:14 PM, Katherine M. Moss <kmoss@winterhillsolutions.com> wrote:
I thank you for your opinion, but my infrastructure is already set up with active Directory and other things that we specifically want to use. Do you have anything specific networking wise to add to this thread?
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Friday, August 25, 2017 1:09 PM To: george@techno-vision.co.uk; Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Wow, this thread makes me happy that I’m a unix man myself and we use Linux across our enterprise.;)
In my last gig we managed about 5000 servers with chef scripts and Open LDAP and it was the bees knees. Especially m making bulk changes. Add puppet to this mix and you could also automatically provision the network hardware. I’ve tried to work in some of these windows environments and just can’t make it work for me so you both have my respect for putting up with an MS environment.
On Aug 25, 2017, at 4:39 AM, George Bell <george@techno-vision.co.uk> wrote:
Hi Katherine,
Having spent the last 6 months battling with our Windows Server 2016 Domain Controller here, you have my deepest sympathy and understanding. I feel that we almost have a hotline between ourselves and Microsoft's support in Delhi or Bombay.
First, do you have access to, or indeed have anyone who can handle the 2016 server itself? I mean in terms of running Server Manager and Best Practices Analyzer (BPA) plus reviewing Event Viewer errors and warnings.
There are many issues coming to light, and it is vital that these are resolved first or Direct Access and VPN will fail.
Happy to chat off list if you'd like to compare notes.
George W F Bell (MD) Techno-Vision Systems Ltd. 76 Bunting Road Ind. Est. NORTHAMPTON, NN2 6EE United Kingdom.
Tel: +44 (0)160 479 2777 Fax: +44 (0)160 479 2726
e-mail: George@techno-vision.co.uk Web: http://www.techno-vision.co.uk
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Katherine M. Moss Sent: 24 August 2017 15:50 To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Hi all,
Has anybody gotten this to work? I want to try; would love to get my group off of the free version of PulseSecure VPN since it's obvious that it's broken, and we don't have the networking skills to fix it, nor the money to buy a license. Plus I want to succeed in getting a native Windows complex technology working. Everyone has tried but me, and none can get it going. We have a setup where the DA server would be behind a NAT, not on the EDGE (except for the one in the datacenter, but all of the local internal networks would have their behind a NAT.) We would also have to avoid use of the Teredo protocol, considering we don't have multiple public IP addresses to play with. Any suggestions on a good configuration to connect a few sites? Thanks.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins ________________________________ This message contains information from Neighborhood Health Plan that may be confidential or privileged. This message is directed only to the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution, or use of the contents of this email is prohibited. If you have received this email in error, please notify the sender immediately and delete the message and any attachments.