locked
DirectAccess IPsec error RRS feed

  • Question

  • I build a DirectAccess test environment by following <DirectAccess Step by step>, the console is normal no dns error
     but Client1 can't get access to APP1, The error msg is "An IPsec negotiation failure is preventing the connection".
     How to solve the problem?
    windows7 and windows server 2008 R2 Versions are RTM 7600

    Thanks!
    Monday, July 27, 2009 1:37 AM

All replies

  • Details about notework security diagnosis:

    settings that might bi blocking the connection:
    Provider name:Microsoft Corportion
    Provider description: microsoft windows firewall IPsec provider
    Filter name: DirectAccess policy -ClientToDnsDc
    Provider context name:DirectAccess policy -ClientToDnsDc
    Tuesday, July 28, 2009 10:05 AM
  •  

    Hello,

     

    Thank you for posting here.

     

    According to your description, I understand that:

     

    You receive the error "An IPsec negotiation failure is preventing the connection" while building DirectAccess in the test environment.

     

    If I have misunderstood the problem, please don't hesitate to let me know.

     

    From the error message, it much seems like the issue related to the computer certificate for IPSec. Please double check the following aspects:

     

    1.   The correct computer certificates are not installed on the IPSec peers.

    2.  The root certificate of CA is properly installed on the DAS/clients.

     

    Hope it helps. If you have any questions or concerns, please do not hesitate to let me know.

    Tuesday, July 28, 2009 12:15 PM
  • I intall certificate  by following <DirectAccess Step by step>,

    On CLIENT1 :a certificate was enrolled with Intended Purposes of Client Authentication and Server Authentication(client1.corp.contoso.com)
    On DA1:certificate with the name da1.contoso.com was enrolled with Intended Purposes of Server Authentication( IP-HTTPS Certificate)

    root certificate of CA (corp-DC1-CA)Has been added to the "Trusted Root Certification Authorities"

    However, the problem still exists.

    Thursday, July 30, 2009 1:38 AM
  • Hello,

     

    Thanks for the update.

     

    To have a clear understanding of what you have done, I'd like to know whether you refer to the "Step By Step Guide: Demonstrate DirectAccess in a Test Lab" to make the test.

     

    According to the Step By Step Guide, you should create the additional CRL distribution and publish it to the external network. Please double check the CRL distribution point to make sure it is acceptable from the client side.

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

     

    Thursday, July 30, 2009 10:24 AM
  • Thanks for the reply.

    From the DirectAccess client:

    1. Ping da1.contoso.com and crl.contoso.com. They should both resolve to 131.107.0.2.

    2. From Internet Explorer, try to access https://da1.contoso.com;443/IPHTTPS. I can get a HTTP 403 error: This website requires you to log in.

    3. From Internet Explorer, try to access http://crl.contoso.com/crld, I can see two CRL files named corp-DC1-CA and corp-DC1-CA+

    4. I ping 2002:836b:2:1::5efe:10.0.0.1,and see four successful replies.
    Monday, August 3, 2009 5:29 AM
  •  

    Hello,

     

    Thanks for the update

     

    From the description that you can PING DC01 with the IP address 2002:836b:2:1::5efe:10.0.0.1, it seems that the IPsec connection to the DC01 works well.

     

    1. How it works if you PING the IPv6 address of APP01?

    2. Can you PING the DC01 with its hostname instead of the 6to4 IPv6 address?

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

    Monday, August 3, 2009 10:16 AM
  • Thanks for the reply.

    1. I ping 2002:836b:2:1::5efe:10.0.0.1 and   2002:836b:2:1::5efe:10.0.0.3,and see four successful replies
    2. I ping dc1.corp.contoso.com and app1.corp.contoso.com.Ping request could not find host
    3.  In the Windows Firewall with Advanced Security snap-in on the DirectAccess client, open Monitoring\Security Associations,in Main Mode and Quick Mode can't see anything.
    Tuesday, August 4, 2009 9:07 AM
  • Hello,

     

    Thanks for the update.

     

    1. For further investigation, please provide the following information:

     

    a.    Please paste the IPconfig /all from the DA client and the DA server.

    b.    Export the Connection Security Rules from the DA client and DA server.

     

    2. As the name resolution fails from the DA client, please double check the DNS server status in the DAMgmt monitoring.

     

    If you have any questions or concerns, please do not hesitate to let me know

     

    Tuesday, August 4, 2009 10:12 AM
  • Thanks for your response
    Here the ipconfig overview if the client:

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\System32>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : Client1
       Primary Dns Suffix  . . . . . . . : corp.contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.contoso.com
                                           isp.example.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter #2
       Physical Address. . . . . . . . . : 00-15-5D-00-69-0D
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::c844:fab2:4e65:81bc%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 131.107.0.101(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, August 04, 2009 4:14:52 PM
       Lease Expires . . . . . . . . . . : Thursday, August 13, 2009 9:52:02 AM
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 131.107.0.1
       DHCPv6 IAID . . . . . . . . . . . : 268440925
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-FC-4F-84-00-15-5D-16-ED-35

       DNS Servers . . . . . . . . . . . : 131.107.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.isp.example.com:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter iphttpsinterface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : iphttpsinterface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:836b:65::836b:65(Preferred)
       Default Gateway . . . . . . . . . : 2002:836b:2::836b:2
       DNS Servers . . . . . . . . . . . : 131.107.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Here the ipconfig overview if the DA server:
    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DA1
       Primary Dns Suffix  . . . . . . . : corp.contoso.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.contoso.com
                                           isp.example.com

    Ethernet adapter WAN:

       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter #3
       Physical Address. . . . . . . . . : 00-15-5D-00-69-0A
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::41ab:c0b5:b0bf:ee1%14(Preferred)
       IPv4 Address. . . . . . . . . . . : 131.107.0.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IPv4 Address. . . . . . . . . . . : 131.107.0.3(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 318772573
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-04-1D-DE-00-15-5D-00-69-06

       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter LAN:

       Connection-specific DNS Suffix  . : corp.contoso.com
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter #2
       Physical Address. . . . . . . . . : 00-15-5D-00-69-09
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::212e:8661:c88a:a91e%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 268440925
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-04-1D-DE-00-15-5D-00-69-06

       DNS Servers . . . . . . . . . . . : 10.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.corp.contoso.com:

       Connection-specific DNS Suffix  . : corp.contoso.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:836b:2:1:0:5efe:10.0.0.2(Preferred)

       Link-local IPv6 Address . . . . . : fe80::5efe:10.0.0.2%12(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 10.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.isp.example.com:

       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::200:5efe:131.107.0.2%15(Preferred)

       Link-local IPv6 Address . . . . . : fe80::200:5efe:131.107.0.3%15(Preferred)

       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter 6TO4 Adapter:

       Connection-specific DNS Suffix  . : isp.example.com
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:836b:2::836b:2(Preferred)
       IPv6 Address. . . . . . . . . . . : 2002:836b:3::836b:3(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8000:f227:7c94:fffd%17(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter IPHTTPSInterface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : IPHTTPSInterface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:836b:2:2:3119:92ee:cf67:c572(Preferr
    ed)
       Link-local IPv6 Address . . . . . : fe80::3119:92ee:cf67:c572%18(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Connection Security Rules from the DA client

    Name Enabled Endpoint 1 Endpoint 2 Authentication mode Authentication method Endpoint 1 port Endpoint 2 port Protocol Group 
    DirectAccess Policy-ClientToCorp Yes Any 2002:836b:2:1::/64 Require inbound and outbound Custom Any Any Any  
    DirectAccess Policy-ClientToDnsDc Yes Any 2002:836b:2:1:0:5efe:10.0.0.1 Require inbound and outbound Custom Any Any Any  
    DirectAccess Policy-clientToNlaExempt Yes 2002:836b:2:1::/64 2002:836b:2:1:0:5efe:10.0.0.3 Do not authenticate No authentication Any 443 TCP  

    Connection Security Rules from the DA server

    Name Enabled Endpoint 1 Endpoint 2 Authentication mode Authentication method Endpoint 1 port Endpoint 2 port Protocol Group 
    DirectAccess Policy-DaServerToCorp Yes 2002:836b:2:1::/64 Any Require inbound and outbound Custom Any Any Any  
    DirectAccess Policy-DaServerToDnsDc Yes 2002:836b:2:1:0:5efe:10.0.0.1 Any Require inbound and outbound Custom Any Any Any  

    Wednesday, August 5, 2009 2:32 AM
  •  

    Hello

     

    Thanks for the update.

     

    Form the description, it seems that you have the test to simulate the End-to-Edge scenarios that remote DA client connects the internal network with the public IPv4 address.

     

    According to the IPconfig output, the DA client has got the 6to4 IPv6 address and the internal servers all have the proper ISATAP IPv6 addresses.

     

    1. If the DA client is out of the internal network, you will see IPsec Main Mode and quick mode connections when you PING the internal servers. As you cannot see any active IPsec connections, please run the following command on the DA client to verify whether the DA client is out of the internal network and NRPT policy is enabled.

     

    Netsh name show effectivepolicy

     

    If you have any questions or concerns, please do not hesitate to let me know

     

    Wednesday, August 5, 2009 10:05 AM
  • Thanks for your response
    Here the detailen information for troubleshooting(connection to a workplace using DirectAccess):


    Connection to a Workplace Using DirectAccess Publisher details

    Issues found
    An IPsec negotiation failure is preventing the connectionAn IPsec negotiation failure is preventing the connection Detected 
    Contact your network administrator Completed
     

    Issues found Detection details

    6 An IPsec negotiation failure is preventing the connection Detected 
     
    Contact your network administrator Completed
     
    Your network security settings might need to be adjusted to allow Windows to connect.
     

    Detection details 

    Diagnostics Information (Network Security)
    Details about network security diagnosis:

    Settings that might be blocking the connection:
    Provider name:   Microsoft Corporation
    Provider description:  Microsoft Windows Firewall IPsec Provider
    Filter name:   DirectAccess Policy-ClientToDnsDc
    Provider context name:  DirectAccess Policy-ClientToDnsDc

     
     
    Diagnostics Information (IPHTTPS)
    Details about IPHTTPS diagnosis:


    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://da1.contoso.com:443/IPHTTPS
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface deactivated

     
     
    Diagnostics Information (Teredo)
    Details about Teredo diagnosis:

    Teredo Parameters
    ---------------------------------------------
    Type                    : enterpriseclient
    Server Name             : 131.107.0.2 (Group Policy)
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : qualified
    Client Type             : teredo host-specific relay
    Network                 : managed
    NAT                     : none (global connectivity)
    NAT Special Behaviour   : UPNP: No, PortPreserving: No
    Local Mapping           : 131.107.0.101:63744
    External NAT Mapping    : 131.107.0.101:63744

     
     
    Diagnostics Information (IPHTTPS)
    Details about IPHTTPS diagnosis:


    Interface IPHTTPSInterface (Group Policy)  Parameters
    ------------------------------------------------------------
    Role                       : client
    URL                        : https://da1.contoso.com:443/IPHTTPS
    Last Error Code            : 0x0
    Interface Status           : IPHTTPS interface deactivated

     
     
    Diagnostics Information (Teredo)
    Details about Teredo diagnosis:

    Teredo Parameters
    ---------------------------------------------
    Type                    : enterpriseclient
    Server Name             : 131.107.0.2 (Group Policy)
    Client Refresh Interval : 30 seconds
    Client Port             : unspecified
    State                   : qualified
    Client Type             : teredo host-specific relay
    Network                 : managed
    NAT                     : none (global connectivity)
    NAT Special Behaviour   : UPNP: No, PortPreserving: No
    Local Mapping           : 131.107.0.101:63744
    External NAT Mapping    : 131.107.0.101:63744

     
     
    Network Diagnostics Log
    File Name:  CE4A171E-C84D-4277-9FA4-1CA7223E5E21.Diagnose.Admin.0.etl
     
    Other Networking Configuration and Logs
    File Name:  NetworkConfiguration.cab
     
    Collection information
    Computer Name:  CLIENT1
    Windows Version: 6.1
    Architecture: x86
    Time: Thursday, August 06, 2009 2:16:03 PM

    Publisher details 

    Windows Network Diagnostics
    Detects problems with network connectivity.
    Package Version: 1.0
    Publisher: Microsoft Windows
    Connection to a Workplace Using DirectAccess
    Connect to your workplace network over the Internet
    Package Version: 1.0
    Publisher: Microsoft Corporation

    Thursday, August 6, 2009 6:27 AM
  • Hello,

     

    Thanks for the update.

     

    Beside checking the NRPT settings on the client, as the report indicates the negotiation failure in DirectAccess Policy-ClientToDnsDc IPsec policy you can also enable the Windows Firewall audit to verify the reason why the DirectAccess Policy-ClientToDnsDc IPsec policy fails to connect. To enable the firewall audit log, you may run the following command:

     

                                 

    auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable

     

    Once you enable the auditing, try to connect the internal resource to reproduce the issue. Then check the related errors in the Event log.

     

     

     

    Thursday, August 6, 2009 11:14 AM
  • Thanks for your response

    Here the detailen information for Netsh name show effectivepolicy

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Windows\System32>netsh name show effectivepolicy

    DNS Effective Name Resolution Policy Table Settings


    Settings for nls.corp.contoso.com
    ----------------------------------------------------------------------
    Certification authority                 : DC=com, DC=contoso, DC=corp, CN=corp-D
    C1-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              :
    DirectAccess (Proxy Settings)           : Bypass proxy

     

    Settings for .corp.contoso.com
    ----------------------------------------------------------------------
    Certification authority                 : DC=com, DC=contoso, DC=corp, CN=corp-D
    C1-CA
    DNSSEC (Validation)                     : disabled
    IPsec settings                          : disabled
    DirectAccess (DNS Servers)              : 2002:836b:2:1:0:5efe:10.0.0.1
    DirectAccess (Proxy Settings)           : Bypass proxy

     

    the related errors in the Event log
    An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.

    Local Endpoint:
     Principal Name:  NT AUTHORITY\NETWORK SERVICE
     Network Address: 2002:836b:65::836b:65
     Keying Module Port: 500

    Remote Endpoint:
     Principal Name:  host/DA1.corp.contoso.com
     Network Address: 2002:836b:2::836b:2
     Keying Module Port: 500

    Additional Information:
     Keying Module Name: AuthIP
     Authentication Method: NTLM V2
     Role:   Initiator
     Impersonation State: Enabled
     Quick Mode Filter ID: 65968

    Failure Information:
     Failure Point:  Local computer
     Failure Reason:  IKE authentication credentials are unacceptable

     State:   Sent second (SSPI) payload

     

    An IPsec main mode negotiation failed.

    Local Endpoint:
     Local Principal Name: -
     Network Address: 2002:836b:65::836b:65
     Keying Module Port: 500

    Remote Endpoint:
     Principal Name:  -
     Network Address: 2002:836b:2::836b:2
     Keying Module Port: 500

    Additional Information:
     Keying Module Name: IKEv1
     Authentication Method: Unknown authentication
     Role:   Initiator
     Impersonation State: Not enabled
     Main Mode Filter ID: 0

    Failure Information:
     Failure Point:  Local computer
     Failure Reason:  No policy configured

     State:   No state
     Initiator Cookie:  4fbfcd1e16e54e2e
     Responder Cookie: 0000000000000000

    Friday, August 7, 2009 2:24 AM
  •  

    Hello,

     

    Thanks for the update.

     

    According to the "Netsh name show effectivepolicy" output, the NRPT policies is applied and enabled.

     

    From the Event log, it seems that the IPsec Main Mode negotiation from the DA client to the DA server fails due to the reason "No policy configured".

     

    Typically, this error may result from the improper source and destination IP addressed defined in the IPsec policy.

     

    Troubleshooting VPN over IPsec

    http://technet.microsoft.com/en-us/library/bb794765.aspx

     

    If you have any questions or concerns, please do not hesitate to let me know.

     

     

    Friday, August 7, 2009 11:14 AM
  • Hello,

     

    I want to see if the information provided was helpful. Please keep us posted on your progress and let us know if you have any additional questions or concerns.

     

    We are looking forward to your response. Thanks.

     

    Tuesday, August 11, 2009 5:46 AM
  • Thanks for your response

    The problem haven't solved yet, I will rebuild a new environment in the next couple of days.
    Wednesday, August 12, 2009 1:41 AM
  • Hi,

     

    Thanks for the update.

     

    If you have any further questions or concerns, please do not hesitate to let us know. Thanks.

     

     

     

    Wednesday, August 12, 2009 10:20 AM
  • Hi,

    I've built with the same doc using Hyper-V and get the exact error?

    markone@microsoft.com

    With regards

    M
    Wednesday, September 30, 2009 9:04 PM
  • Hi,I like this site ,i am happy for post in this forums,I solve my IP related problem with this http://www.whoisxy.com/ site's help.this site provide an exact details about IP ,It will help for more use .you too also use this free site and successfully solve your problem.All the best.
    Sunday, June 20, 2010 2:48 AM