Networking
-
Add-IpamRange adding wrong range
As discussed in topic https://docs.microsoft.com/en-us/answers/questions/107982/add-ipamrange-adding-wrong-range.html the powershell cmdlet Add-IPAMRange adds the wrong range. For example for a /24 net the range starts with 0 and ends with 255, but 1 and 254 would be correct.
The IPAM GUI Add IP Address Range has the same problem.3 votes -
Add support for 32-bit ASNs
Add support for 32-bit ASNs on BGP.
The Add-BgpRouter cmdlet and the Set-BgpRouter cmdlet seem to limit the LocalASN and PeerASN parameters to 16-bit. The parameters themselves are 32-bit unsigned integers. However in C:\Windows\System32\WindowsPowerShell\v1.0\Modules\RemoteAccess the cmdlets show a validator stopping it from being any larger than 65534.
I propose changing the validators to allow for 32-bit ASNs. The current setup limits Windows servers to only being able to use 16-bit ASNs and prevents them from peering with any device that uses a 32-bit ASN3 votes -
New/Set-NetQosPolicy -ThrottleRateActionBitsPerSecond is double buggy, vs documentation vs actual set values
Documentation at
https://docs.microsoft.com/en-us/powershell/module/netqos/new-netqospolicy
says -ThrottleRateActionBitsPerSecond would enter the value as bytes per second. Example 4: 10 MB would result in limit of 80,000,000 bits per second.In reality this will set: ThrottleRate : 10.486 MBits/sec
Note! Not 10 megabits per second, but 1.0486 times that, nearly 5% difference.
This is a potentially very bad bug because limits would be set as the highest rate of traffic. Someone trying to set limits per whole available bandwidth might end up going 5% over the available bandwidth and result in network traffic congestion.And it makes setting actual limits a difficult exercise when…
1 vote -
monitor my Network aurto config,vie datta balance
Remove Network Location Awareness from Windows Server
2 votes -
IPAM-Client benötigt sinnloserweise lokale Admin-Rechte
Wie unter https://social.technet.microsoft.com/Forums/de-DE/c69529e0-a8de-4063-a2f0-1b2d8e180c28/windows-not-finding-ipam-client-installation?forum=windows_Serverde diskutiert benötigt der IPAM-Client im Server-Manager lokale Administrator-Rechte. Dies ist in meinen Augen unnötig und diese Abhängigkeit sollte aus Sicherheitsgründen entfernt werden.
1 vote -
Microsoft IPAM creates wrong PTR
As discussed in topic https://social.technet.microsoft.com/Forums/de-DE/4e19815d-7158-4ca6-b71a-5f23e6663624/microsoft-ipam-creates-wrong-ptr?forum=winserveripamdhcpdns there is a bug with handling PTR records in MS IPAM. Please fix it.
1 vote -
VPNAuthProtocol uses the first certificate found with matching name, should use specified certificate.
On my VPN server, I run "set-vpnauthprotocol -rootcertificatenametoaccept $RootCACert", with $RootCACert containing the public certificate of our internal root CA. After running this command (and after restarting the server) I run get-vpnauthprotocol to confirm that the certificate was updated, but find it set to a different certificate than the one I provided. This different certificate has the same name, but all other attributes are different.
Even though a certificate object is required for the 'rootcertificatenametoaccept' parameter, it only uses the name of the certificate provided, then searches for a certificate matching that name in the computer's local root store. If…1 vote -
Fix default NPS firewall rules for Server 2019
Hi all,
I understand there is an issue with Windows Server 2019/Windows 10 1809 however I was wondering if Microsoft are aware of any problems regarding the Firewall rather than the systems handling of user files.
Recently I setup a Server 2019 VM (1.5GB Dynamic RAM, 2 Allocated Cores, 36GB Drive space, 3GB NIC Team) and installed the NPS and RDS Gateway role onto it however I noticed that despite the NPS role adding the standard firewall rules for port 1813 and 1812 they do not seem to be working.
I have confirmed that with an exception allowing port 1812…
157 votes -
Hyper-V: Add ICMP to Stateful ACL rules
Currently you cannot add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol.
This leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.
Neither is secure or practical for such an important and basic functionality (ping).
So the request is simple: Create the functionality to create ICMP stateful rules.
9 votes -
shutdown-i
shutdown-i-now
1 vote -
Support DOH/DOT Server
In line with the announcement that Windows 10 will support DOH, the Windows DNS server should support name resolution using the DOH or DOT protocols.
This is separate to the DNS server supporting DOH/DOT to upstream DNS servers (be they forwarders or the root DNS servers).
All DNS traffic from my clients would be encrypted, while maintaining the existing administrative controls.
1 vote -
Conservative RSS Profile assigns 2 CPUs when 1 RSS Queue is chosen
Hi,
I'm trying to understand how RSS works and while experimenting, I found out that when Convervative RSS Profile is used with 1 RSS Queue, Indirection Table stay the same, with two processors. Is that correct behavior?
I'm asking, because when I choose other RSS Profile (for example Closest or ClosestStatic), number of the processors in IndirectionTable always match NumberOfRecaiveQueues.
Is that mean that I have some bad version of Powershell/Windows/Drivers or is it correct??
Can anyone help with that?
I've used Set-NetAdapterRss cmdlet to set things up.
Name : test0
InterfaceDescription : Intel(R) Ethernet Converged Network Adapter X550-T2
Enabled…1 vote -
DNS records make it easy and fast
create a new DNS records list as MAC OS has it to be easy to manage and access
PC name IP and DNS record
Server 1 | 192.. | A
Server 2 | 192.. | MXon the IIS 7 have this option to DNS records for easy management
Windows Server should only be as Server using the right tools for Server and not work as wndows desktop
make the Windows Server just as Server and run the programms need
windows desktop as desktop only and not with option to run as server
1 vote -
better firewall to rule windows and block all useless ports and connections
better firewall to block all incoming traffic and block all useless connections
just open the port needs to use as port 53, 80, 443 and open port when need it
1 vote -
Windows needs better inbox packet filtering.
"netsh trace" and/or NetEventPacketCapture lacks capable packet filtering. A lot of secure and change managed environments do not [easily] allow the installation of packet capture tools for collecting network data, like Wireshark (or the now defunct netmon and Message Analyzer).
The two built-in packet capture tools in Windows, "netsh trace" and NetEventPacketCapture, can only filter packets by IP address, MAC, and protocol. This makes collecting a targeted trace, sometimes needed when collecting traces on sensitive networks or when other data floods the ETL, impossible.
This is a request to add, at a minimum, the ability to filter packets by TCP…
5 votes -
LBFO Team: Prevent duplicate multicast traffic on virtual nic
When using a switch independent team, multicast traffic is received by all physical nics in the team (switch does not know the ports are in a team). When attaching a virtual switch to the team, it appears as if virtual nics receive the multicast traffic multiple times (once from each physical team member). Is it not possible to send it to the virtual nic only once (eg. only from the physical nic the virtual nic's VMQ is associated with)?
3 votes -
Support SSHFP records in Windows DNS Server and its admin tools
Since Windows now supports OpenSSH natively, as well as other clients/servers on the same network, supporting this standard for server authentication seems like an obvious win.
2 votes -
Create a WiFi policy linked to User Configuration, to allow for GP WiFi conn mngmt on non-domain devices
Currently the WiFi Network Policies exists only under Computer Configuration -> Policies -> Windows Settings -> Security Settings and can only be applied to Computers that are members of the domain.
We need a similar WiFi Network Policy under User Configuration to be able to manage the domain Users capability to connect to WiFi with Enterprise authentication irrespective to which device they use to connect to the Enterprise WiFi3 votes -
Support CAA records in nslookup
The nslookup command line tool should support CAA (id=257) DNS resource record types. Bonus points for teaching Resolve-DnsName about this type as well. Super bonus points for supporting and rendering arbitrary record types: just print the data in a side-by-side hex/ASCII view. This way I can view newer record types without needing an OS update.
6 votes -
[Bug] Server 2019, firewall logging injects NULL bytes into file "pfirewall.log"
When firewall logging is activated, the resulting "pfirewall.log" gets a string of about 955,868 null bytes inserted into it. The actual log line entries are there, along with 900K of null's. OS seems to fixated on making a minimum size file. Big bug somewhere.
1 vote
- Don't see your idea?