Networking
-
Windows needs better inbox packet filtering.
"netsh trace" and/or NetEventPacketCapture lacks capable packet filtering. A lot of secure and change managed environments do not [easily] allow the installation of packet capture tools for collecting network data, like Wireshark (or the now defunct netmon and Message Analyzer).
The two built-in packet capture tools in Windows, "netsh trace" and NetEventPacketCapture, can only filter packets by IP address, MAC, and protocol. This makes collecting a targeted trace, sometimes needed when collecting traces on sensitive networks or when other data floods the ETL, impossible.
This is a request to add, at a minimum, the ability to filter packets by TCP…
5 votes -
Broke RRAS
At the moment PPPoE is broken in Windows Server 2016 over RRAS.
It would be great if this could be solved.
Till yet we're using Windows Server 2012. But we would like to upgrade but can't 'cause RRAS is broken.9 votes -
DirectAccess documentation
Comparing the documentation of DirectAccess for 2012 with other products, even DirectAccess 2008, I see that it lacks some in-depth insights that an Admin needs to be able to deploy and manage the component effectively.
for example, I could not find a TechNet article describing in details, what happens from start to finish when a resource is being accessed through direct access:
1. how is the NAT64 working? how does NAT64 translates address and which IPv4 address translates to which IPv6 and vice-versa? how does the component come up with those connection security rules in GPOs based on admin input…8 votes -
Add more BGP debug info
There's no info about:
- routes that ingress or egress through BGP really,
- reasons of including/excluding BGP routes in/from main route table.4 votes -
DirectAccess should support multiple CA
if the customer wants to upgrade or change the CA, he needs to bring in all the remote computers and do a GPO refresh on-premises; otherwise the moment the new CA is input into the configuration of DA server, the clients which are still using the old CA are kicked out of DA.
we need a process for such transition, in case of an expired or compromised CA, to let the clients smoothly transition into the new CA without the requirement of them comping onsite for a GPO refresh. I would say enable the addition of Multiple CA rather than…
3 votes -
Routing & RAS installation without Direct Access
Allow installtion of Routing & RAS without Direct Access. On some Servers I only want to get VPN and not DirectAccess.
3 votes -
DirectAccess better visibility of connection interface
it is hard to tell which IPv6 interface DirectAccess is using to connect to the infrastructure. now you have to run netsh on httpstunnel and teredo and 6 to 4 to have some "educated guess" about which one is the one chosen for DA.
we should be able to easily identify which interface (native or tunnel) is being utilized for DA communication on the client. the server GUI shows it already.
2 votes -
Routing and RRAS
Routing and RRAS is Broken on Windows Server 2016.
I can''t dail up via pppoe.
It would be great, if this could be fixed.1 vote -
DirectAccess over Native IPv6 Internet
I read somewhere that DirectAccess ALWAYS uses transition technologies (Teredo,6 to 4, IPHTTPS) for client to DA connection, EVEN WHEN both DA server and DA client have native IPv6 public addresses.
in case it is true, I believe we should let the native IPv6 be the 1st priority of the connection security rules rather than the Tunneled ones.
1 vote -
Product to Product SPPC (Secure Port & Protocol Comunication) for Server 2017
Hola,
(if that clear, read until reach bottom of this post)
Just like to ask Microsoft if they could make a secure server to server communication protocol, that use say 44443, that is a strip-down TCP that don't use the 3-hand system (more like secure UDP with error correction). That allows each product to talk to each other, using a PKI, or on-prem ADCS certificate.
But this communication should be base on Control+Data info
were each product can list all the control-command(standards) that it accepts.What is this for, you ask:
So it will be easy for all products to…
4 votes -
DirectAccess
DirectAccess not work properly with RRAS NAT while using three network with two public network and one private network.
5 votes -
1 vote
- Don't see your idea?