Networking

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add-IpamRange adding wrong range

    As discussed in topic https://docs.microsoft.com/en-us/answers/questions/107982/add-ipamrange-adding-wrong-range.html the powershell cmdlet Add-IPAMRange adds the wrong range. For example for a /24 net the range starts with 0 and ends with 255, but 1 and 254 would be correct.
    The IPAM GUI Add IP Address Range has the same problem.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  2. New/Set-NetQosPolicy -ThrottleRateActionBitsPerSecond is double buggy, vs documentation vs actual set values

    Documentation at
    https://docs.microsoft.com/en-us/powershell/module/netqos/new-netqospolicy
    says -ThrottleRateActionBitsPerSecond would enter the value as bytes per second. Example 4: 10 MB would result in limit of 80,000,000 bits per second.

    In reality this will set: ThrottleRate : 10.486 MBits/sec

    Note! Not 10 megabits per second, but 1.0486 times that, nearly 5% difference.
    This is a potentially very bad bug because limits would be set as the highest rate of traffic. Someone trying to set limits per whole available bandwidth might end up going 5% over the available bandwidth and result in network traffic congestion.

    And it makes setting actual limits a difficult exercise when…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support for 32-bit ASNs

    Add support for 32-bit ASNs on BGP.

    The Add-BgpRouter cmdlet and the Set-BgpRouter cmdlet seem to limit the LocalASN and PeerASN parameters to 16-bit. The parameters themselves are 32-bit unsigned integers. However in C:\Windows\System32\WindowsPowerShell\v1.0\Modules\RemoteAccess the cmdlets show a validator stopping it from being any larger than 65534.
    I propose changing the validators to allow for 32-bit ASNs. The current setup limits Windows servers to only being able to use 16-bit ASNs and prevents them from peering with any device that uses a 32-bit ASN

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managment tools  ·  Flag idea as inappropriate…  ·  Admin →
  4. monitor my Network aurto config,vie datta balance

    Remove Network Location Awareness from Windows Server

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DirectAccess  ·  Flag idea as inappropriate…  ·  Admin →
  5. IPAM-Client benötigt sinnloserweise lokale Admin-Rechte

    Wie unter https://social.technet.microsoft.com/Forums/de-DE/c69529e0-a8de-4063-a2f0-1b2d8e180c28/windows-not-finding-ipam-client-installation?forum=windows_Serverde diskutiert benötigt der IPAM-Client im Server-Manager lokale Administrator-Rechte. Dies ist in meinen Augen unnötig und diese Abhängigkeit sollte aus Sicherheitsgründen entfernt werden.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPNAuthProtocol uses the first certificate found with matching name, should use specified certificate.

    On my VPN server, I run "set-vpnauthprotocol -rootcertificatenametoaccept $RootCACert", with $RootCACert containing the public certificate of our internal root CA. After running this command (and after restarting the server) I run get-vpnauthprotocol to confirm that the certificate was updated, but find it set to a different certificate than the one I provided. This different certificate has the same name, but all other attributes are different.

    Even though a certificate object is required for the 'rootcertificatenametoaccept' parameter, it only uses the name of the certificate provided, then searches for a certificate matching that name in the computer's local root store. If…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fix default NPS firewall rules for Server 2019

    Hi all,

    I understand there is an issue with Windows Server 2019/Windows 10 1809 however I was wondering if Microsoft are aware of any problems regarding the Firewall rather than the systems handling of user files.

    Recently I setup a Server 2019 VM (1.5GB Dynamic RAM, 2 Allocated Cores, 36GB Drive space, 3GB NIC Team) and installed the NPS and RDS Gateway role onto it however I noticed that despite the NPS role adding the standard firewall rules for port 1813 and 1812 they do not seem to be working.

    I have confirmed that with an exception allowing port 1812…

    144 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hyper-V: Add ICMP to Stateful ACL rules

    Currently you cannot add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol.

    This leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.

    Neither is secure or practical for such an important and basic functionality (ping).

    Doc: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/create-security-policies-with-extended-port-access-control-lists#bkmk_stateful

    So the request is simple: Create the functionality to create ICMP stateful rules.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  10. shutdown-i

    shutdown-i-now

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support DOH/DOT Server

    In line with the announcement that Windows 10 will support DOH, the Windows DNS server should support name resolution using the DOH or DOT protocols.

    This is separate to the DNS server supporting DOH/DOT to upstream DNS servers (be they forwarders or the root DNS servers).

    All DNS traffic from my clients would be encrypted, while maintaining the existing administrative controls.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  12. Conservative RSS Profile assigns 2 CPUs when 1 RSS Queue is chosen

    Hi,

    I'm trying to understand how RSS works and while experimenting, I found out that when Convervative RSS Profile is used with 1 RSS Queue, Indirection Table stay the same, with two processors. Is that correct behavior?

    I'm asking, because when I choose other RSS Profile (for example Closest or ClosestStatic), number of the processors in IndirectionTable always match NumberOfRecaiveQueues.

    Is that mean that I have some bad version of Powershell/Windows/Drivers or is it correct??

    Can anyone help with that?

    I've used Set-NetAdapterRss cmdlet to set things up.

    Name : test0
    InterfaceDescription : Intel(R) Ethernet Converged Network Adapter X550-T2
    Enabled…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  13. DNS records make it easy and fast

    create a new DNS records list as MAC OS has it to be easy to manage and access

    PC name IP and DNS record

    Server 1 | 192.. | A
    Server 2 | 192.. | MX

    on the IIS 7 have this option to DNS records for easy management

    Windows Server should only be as Server using the right tools for Server and not work as wndows desktop

    make the Windows Server just as Server and run the programms need

    windows desktop as desktop only and not with option to run as server

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  14. better firewall to rule windows and block all useless ports and connections

    better firewall to block all incoming traffic and block all useless connections

    just open the port needs to use as port 53, 80, 443 and open port when need it

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  15. Windows needs better inbox packet filtering.

    "netsh trace" and/or NetEventPacketCapture lacks capable packet filtering. A lot of secure and change managed environments do not [easily] allow the installation of packet capture tools for collecting network data, like Wireshark (or the now defunct netmon and Message Analyzer).

    The two built-in packet capture tools in Windows, "netsh trace" and NetEventPacketCapture, can only filter packets by IP address, MAC, and protocol. This makes collecting a targeted trace, sometimes needed when collecting traces on sensitive networks or when other data floods the ETL, impossible.

    This is a request to add, at a minimum, the ability to filter packets by TCP…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Misc  ·  Flag idea as inappropriate…  ·  Admin →
  16. LBFO Team: Prevent duplicate multicast traffic on virtual nic

    When using a switch independent team, multicast traffic is received by all physical nics in the team (switch does not know the ports are in a team). When attaching a virtual switch to the team, it appears as if virtual nics receive the multicast traffic multiple times (once from each physical team member). Is it not possible to send it to the virtual nic only once (eg. only from the physical nic the virtual nic's VMQ is associated with)?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Teaming & load balancing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support SSHFP records in Windows DNS Server and its admin tools

    Since Windows now supports OpenSSH natively, as well as other clients/servers on the same network, supporting this standard for server authentication seems like an obvious win.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  18. Create a WiFi policy linked to User Configuration, to allow for GP WiFi conn mngmt on non-domain devices

    Currently the WiFi Network Policies exists only under Computer Configuration -> Policies -> Windows Settings -> Security Settings and can only be applied to Computers that are members of the domain.
    We need a similar WiFi Network Policy under User Configuration to be able to manage the domain Users capability to connect to WiFi with Enterprise authentication irrespective to which device they use to connect to the Enterprise WiFi

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  19. [Bug] Server 2019, firewall logging injects NULL bytes into file "pfirewall.log"

    When firewall logging is activated, the resulting "pfirewall.log" gets a string of about 955,868 null bytes inserted into it. The actual log line entries are there, along with 900K of null's. OS seems to fixated on making a minimum size file. Big bug somewhere.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support CAA records in nslookup

    The nslookup command line tool should support CAA (id=257) DNS resource record types. Bonus points for teaching Resolve-DnsName about this type as well. Super bonus points for supporting and rendering arbitrary record types: just print the data in a side-by-side hex/ASCII view. This way I can view newer record types without needing an OS update.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base