I need a little IPSec help, please.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Tyler Cobb" <tyler.cobb@xxxxxxxxxxx>
• Date: Thu, 30 Aug 2007 18:57:49 -0500

---

[NOTE]: I accidentally posted this on microsoft.public.certification.mcse
which looks more like a spam-fest than anything else. I usually post on
microsoft.public.cert.exam.mcse/mcsa so sorry if someone notices this on the
other newsgroup, too.

I have a test lab using VirtualPC 2007 with two Windows Server 2003
computers. I have a domain and one PC is a domain controller while the other
PC is a member server. I have a big problem here and I need someone to
brutally assault me with a quick answer:

After setting up a domain and verifying Active Directory and DNS are online
and fully operational, I create an OU called "Member Servers" and drag the
appropriate Computer object into it. I then pull up the Properties menu and
add a new Group Policy Object that dictates all member servers to use the
"Server (Request Security)" default IPSec policy. I then force a Group
Policy update and verify the change through the IP Security Monitor console
on the member server.

Next, I open the Properties up on the "Domain Controllers" default OU and
create a new Group Policy Object underneath the Default Domain Controller
policy. In this GPO, I tell my one and only domain controller that it should
enable the "Secure Server (Require Security)" IPSec policy.

Once Group Policy is refreshed, the member server is no longer able to
communicate with the domain controller. I have changed nothing about the
default IPSec policies. I thought they were supposed to be able to work
right out of the box. Am I wrong? Also, if I didn't specifically mention a
change, then assume all settings on both PCs are at their default. I
installed the domain through the "Manage Your Server" wizard, not the
"Add/Remove Windows Components" menu. I'm very new at this, so any help
would be greatly appreciated!

Thanks,
Tyler Cobb


.

---

• Prev by Date: Re: Can Exam 70-621 be used in place of 70-620
• Next by Date: Re: Can Exam 70-621 be used in place of 70-620
• Previous by thread: Re: Does Exam 70-620 count for both client operating system and electi
• Index(es):
  • Date
  • Thread

---

Relevant Pages Windows 2003R2 Group Policy Errors ... Policy from our oldest domain controller to other domain controllers. ... All servers are running Windows 2003 R2 32-bit standard edition. ... Group Policy was working fine for several months, ... (microsoft.public.windows.server.active_directory) Re: I need a little IPSec help, please. ... PC is a member server. ... "Server " default IPSec policy. ... create a new Group Policy Object underneath the Default Domain Controller ... (microsoft.public.cert.exam.mcsa) Re: Failed to open the Group Policy Object ... Now gpotool dosent't detect any errors. ... But the initial error (Failed to open the Group Policy Object ... > domain controller default Group Policy for instance. ... (microsoft.public.security) Re: Failed to open the Group Policy Object ... Dompol.msc is used to open Domain Security Policy yet your gpotool results ... selecting properties - Group Policy. ... domain controller default Group Policy for instance. ... (microsoft.public.security) Re: Prevent Domain Users from logging on to specific PCs w/ Group Policies ... This user right is defined in the Default Domain Controller Group Policy object and in the local security policy of workstations and servers. ... (microsoft.public.windows.server.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Certification  > microsoft.public.cert.exam.mcsa  > 2007-08