Networking

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support DOH/DOT Server

    In line with the announcement that Windows 10 will support DOH, the Windows DNS server should support name resolution using the DOH or DOT protocols.

    This is separate to the DNS server supporting DOH/DOT to upstream DNS servers (be they forwarders or the root DNS servers).

    All DNS traffic from my clients would be encrypted, while maintaining the existing administrative controls.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  2. shutdown-i

    shutdown-i-now

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conservative RSS Profile assigns 2 CPUs when 1 RSS Queue is chosen

    Hi,

    I'm trying to understand how RSS works and while experimenting, I found out that when Convervative RSS Profile is used with 1 RSS Queue, Indirection Table stay the same, with two processors. Is that correct behavior?

    I'm asking, because when I choose other RSS Profile (for example Closest or ClosestStatic), number of the processors in IndirectionTable always match NumberOfRecaiveQueues.

    Is that mean that I have some bad version of Powershell/Windows/Drivers or is it correct??

    Can anyone help with that?

    I've used Set-NetAdapterRss cmdlet to set things up.

    Name : test0
    InterfaceDescription : Intel(R) Ethernet Converged Network Adapter X550-T2
    Enabled…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  4. DNS records make it easy and fast

    create a new DNS records list as MAC OS has it to be easy to manage and access

    PC name IP and DNS record

    Server 1 | 192.. | A
    Server 2 | 192.. | MX

    on the IIS 7 have this option to DNS records for easy management

    Windows Server should only be as Server using the right tools for Server and not work as wndows desktop

    make the Windows Server just as Server and run the programms need

    windows desktop as desktop only and not with option to run as server

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  5. better firewall to rule windows and block all useless ports and connections

    better firewall to block all incoming traffic and block all useless connections

    just open the port needs to use as port 53, 80, 443 and open port when need it

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  6. Hyper-V: Add ICMP to Stateful ACL rules

    Currently you cannot add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol.

    This leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.

    Neither is secure or practical for such an important and basic functionality (ping).

    Doc: https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/create-security-policies-with-extended-port-access-control-lists#bkmk_stateful

    So the request is simple: Create the functionality to create ICMP stateful rules.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  7. LBFO Team: Prevent duplicate multicast traffic on virtual nic

    When using a switch independent team, multicast traffic is received by all physical nics in the team (switch does not know the ports are in a team). When attaching a virtual switch to the team, it appears as if virtual nics receive the multicast traffic multiple times (once from each physical team member). Is it not possible to send it to the virtual nic only once (eg. only from the physical nic the virtual nic's VMQ is associated with)?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Teaming & load balancing  ·  Flag idea as inappropriate…  ·  Admin →
  8. Windows needs better inbox packet filtering.

    "netsh trace" and/or NetEventPacketCapture lacks capable packet filtering. A lot of secure and change managed environments do not [easily] allow the installation of packet capture tools for collecting network data, like Wireshark (or the now defunct netmon and Message Analyzer).

    The two built-in packet capture tools in Windows, "netsh trace" and NetEventPacketCapture, can only filter packets by IP address, MAC, and protocol. This makes collecting a targeted trace, sometimes needed when collecting traces on sensitive networks or when other data floods the ETL, impossible.

    This is a request to add, at a minimum, the ability to filter packets by TCP…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Misc  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support SSHFP records in Windows DNS Server and its admin tools

    Since Windows now supports OpenSSH natively, as well as other clients/servers on the same network, supporting this standard for server authentication seems like an obvious win.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  10. [Bug] Server 2019, firewall logging injects NULL bytes into file "pfirewall.log"

    When firewall logging is activated, the resulting "pfirewall.log" gets a string of about 955,868 null bytes inserted into it. The actual log line entries are there, along with 900K of null's. OS seems to fixated on making a minimum size file. Big bug somewhere.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create a WiFi policy linked to User Configuration, to allow for GP WiFi conn mngmt on non-domain devices

    Currently the WiFi Network Policies exists only under Computer Configuration -> Policies -> Windows Settings -> Security Settings and can only be applied to Computers that are members of the domain.
    We need a similar WiFi Network Policy under User Configuration to be able to manage the domain Users capability to connect to WiFi with Enterprise authentication irrespective to which device they use to connect to the Enterprise WiFi

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  12. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support CAA records in nslookup

    The nslookup command line tool should support CAA (id=257) DNS resource record types. Bonus points for teaching Resolve-DnsName about this type as well. Super bonus points for supporting and rendering arbitrary record types: just print the data in a side-by-side hex/ASCII view. This way I can view newer record types without needing an OS update.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DNS  ·  Flag idea as inappropriate…  ·  Admin →
  14. Fix default NPS firewall rules for Server 2019

    Hi all,

    I understand there is an issue with Windows Server 2019/Windows 10 1809 however I was wondering if Microsoft are aware of any problems regarding the Firewall rather than the systems handling of user files.

    Recently I setup a Server 2019 VM (1.5GB Dynamic RAM, 2 Allocated Cores, 36GB Drive space, 3GB NIC Team) and installed the NPS and RDS Gateway role onto it however I noticed that despite the NPS role adding the standard firewall rules for port 1813 and 1812 they do not seem to be working.

    I have confirmed that with an exception allowing port 1812…

    100 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    28 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  15. 4G

    Network

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Layer 2 & Ethernet  ·  Flag idea as inappropriate…  ·  Admin →
  16. RE-code the DFACS utility

    RE-code the released DHCP Failover Auto Config Sync (DFACS) utility. We were considering an implementation of it but scrapped the idea hearing of all the alleged scary issues in the comments e.g. memory consumption, deletion of scopes, issues with reservations, etc. The result of implementing the tool should mitigate config drift, not end up causing other larger issues!

    Please do update me if a new build fixing the reported issues.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  DHCP  ·  Flag idea as inappropriate…  ·  Admin →
  17. Fix the ping timeout bug that gives incorrect "reply timed out" messages in Server 2012r2 and Windows 10 for pings under 1000ms timeout

    Ping can take a timeout, if the timeout is set less than 1000ms then genuine replies start getting ignored as timed out failures.

    Does not affect Server 2003 or 2008.

    Does affect Server 2012 r2 and Windows 10

    Appears to be a problem in WinAPI / networking stack rather than .Net or ping.exe implementation - happens at ICMPSendEcho2Ex and ICMP6SendEcho2Ex layers at least.

    Documented in detail here: https://stackoverflow.com/questions/45528336/winapi-why-does-icmpsendecho2ex-report-false-timeouts-when-timeout-is-set-belo

    and here: http://web.archive.org/web/20150519002258/http://www.frameflow.com:80/ping-utility-flaw-in-windows-api-creating-false-timeouts/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Bug  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remove Network Location Awareness from Windows Server

    Remove Network Location Awareness from Windows Server, all it does is cause problems. There is no reason to include this service in Windows Server, servers have static network settings, people do not consistently move servers to different networks. Network Location Awareness service fails way to often on reboots to find the proper network it should connect to. It then assigns the incorrect Windows Firewall to the NIC. This services needs to be removed, or we need the ability to set a static location (Domain).

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
  19. DnsServerResourceRecord does not support multi-string records

    RFC-4408 (section 3.1.3) https://tools.ietf.org/html/rfc4408#section-3.1.3 defines the use of multi-string records for SPF (DNS TXT records), however the Get- or Add- DNSServerResourceRecord commands do not support this. For the Get- the actual DNS record is truncated to 256 chars, and for the Add- it simply errors out with an invalid propery.

    Example of a valid DNS record (that can be configured by the DNS GUI)
    $RecordName = "spfrecord"
    $RecordText = "v=spf1 ip4:192.168.0.1 ip4:192.168.0.2 ip4:192.168.0.3 ip4:192.168.0.4 ip4:192.168.0.5 ip4:192.168.0.6 ip4:192.168.0.7 ip4:192.168.0.8 ip4:192.168.0.9 ip4:192.168.0.10 ip4:192.168.0.11 ip4:192.168.0.12 ip4:192.168.0.13 ip4:192.168.0.14 include:spf.protection.outlook.com mx -all"
    $Zone = "contoso.com"
    $Type = "TXT"
    $DNSServer = "DC1.contoso.com"
    Add-DnsServerResourceRecord -DescriptiveText $RecordText -Name…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Managment tools  ·  Flag idea as inappropriate…  ·  Admin →
  20. Cannot create IKEv2 tunnel mode IPsec rules in PowerShell, but IKEv1 works just fine

    Bug:

    When creating an IPsec rule which uses the IKEv2 keying module in PowerShell, an error is thrown, but it is not likely a PowerShell error, but an underlying bug in Windows.

    Expected Behavior:

    We should be able to manage IKEv2 IPsec rules however we wish, including creating tunnel mode IKEv2 rules without using RRAS.

    Steps To Reproduce:

    In PowerShell, the following code should work (notice the KeyModule):

    -------start---------
    $P1MachineCertOnly = New-NetIPsecPhase1AuthSet -Default <rest of command not shown>

    $IPsec3Tunnel = @{

    IPsecRuleName = &#39;IPsec3&#39;
    
    DisplayName = &#39;IPsec3&#39;
    KeyModule = &#39;IKEv2&#39;
    Mode = &#39;Tunnel&#39;
    LocalAddress = &#39;192.168.1.0/24&#39;
    LocalTunnelEndpoint = &#39;192.168.1.204&#39;
    RemoteAddress
    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Firewall  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base