Re: I need a little IPSec help, please.

I had a "moment" and figured out almost everything in my lab. I even have
IPSec running on my home PC, as a secondary defense against unsolicited
Internet traffic. For some reason, ICMP traffic still can't seem to get
through even though it has been specifically permitted while the rest of the
IP traffic is set to negotiate. I'm sure I'll figure that out, too. But,
thanks again to anyone who was looking into this issue for me!

Tyler Cobb

"Tyler Cobb" <tyler.cobb@xxxxxxxxxxx> wrote in message
news:ZNIBi.42397$t9.13645@xxxxxxxxxxxxxxxxxxxxxxxxx
[NOTE]: I accidentally posted this on microsoft.public.certification.mcse
which looks more like a spam-fest than anything else. I usually post on
microsoft.public.cert.exam.mcse/mcsa so sorry if someone notices this on
the other newsgroup, too.

I have a test lab using VirtualPC 2007 with two Windows Server 2003
computers. I have a domain and one PC is a domain controller while the
other
PC is a member server. I have a big problem here and I need someone to
brutally assault me with a quick answer:

After setting up a domain and verifying Active Directory and DNS are
online
and fully operational, I create an OU called "Member Servers" and drag the
appropriate Computer object into it. I then pull up the Properties menu
and
add a new Group Policy Object that dictates all member servers to use the
"Server (Request Security)" default IPSec policy. I then force a Group
Policy update and verify the change through the IP Security Monitor
console
on the member server.

Next, I open the Properties up on the "Domain Controllers" default OU and
create a new Group Policy Object underneath the Default Domain Controller
policy. In this GPO, I tell my one and only domain controller that it
should
enable the "Secure Server (Require Security)" IPSec policy.

Once Group Policy is refreshed, the member server is no longer able to
communicate with the domain controller. I have changed nothing about the
default IPSec policies. I thought they were supposed to be able to work
right out of the box. Am I wrong? Also, if I didn't specifically mention a
change, then assume all settings on both PCs are at their default. I
installed the domain through the "Manage Your Server" wizard, not the
"Add/Remove Windows Components" menu. I'm very new at this, so any help
would be greatly appreciated!

Thanks,
Tyler Cobb



.

Relevant Pages

  • I need a little IPSec help, please.
    ... PC is a member server. ... "Server " default IPSec policy. ... create a new Group Policy Object underneath the Default Domain Controller ...
    (microsoft.public.cert.exam.mcsa)
  • Re: Microsoft IPSec via group policy
    ... I agree with Shawn, if you deploy a good passoword policy you can reduce any password crack problem, but this option, alone, is not enough. ... - Give more attention to your Host, moving you security focus to a client machine (the most of problems could be resolved if this machine are locked and secure, Ex. ... Microsoft IPSec via group policy ... the XP client can no longer contact the domain controller. ...
    (Security-Basics)
  • Re: Microsoft IPSec via group policy
    ... if you deploy a good passoword policy you can reduce any ... Microsoft IPSec via group policy ... the XP client and domain controller. ... the XP client can no longer contact the domain controller. ...
    (Security-Basics)
  • Re: ipsec help
    ... the require policy computers in a separate OU to assign that policy to them. ... If you try to use a request policy on domain controller, ... network responsiveness. ... domian for ipsec - kerberos will work very nicely. ...
    (microsoft.public.win2000.security)
  • Re: authentication problem
    ... regards to ipsec negotiation between domain members and domain controllers. ... Using the default ipsec policy filters in Windows the ... Canīt read the domain controller name on ... sent when the client is trying to login. ...
    (microsoft.public.win2000.security)