locked
NAP/Non-Compliant VLAN RRS feed

  • Question

  • Hi,

    from non-compliant vlan must see in remediation servers (DHCP, Update server, antivirus update server).

     

    If need see from this vlan to DC + GPO ?

     

     

    After start PC wote in event log:

    Error 29.4.2008 9:21:15 Microsoft-Windows-GroupPolicy 1129 None The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

     

    Warning 29.4.2008 9:21:15 Microsoft-Windows-Time-Service 129 None NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)

     

    Error 29.4.2008 9:21:13 NETLOGON 5719 None "This computer was not able to set up a secure session with a domain controller in domain FAFUKHK due to the following:
    There are currently no logon servers available to service the logon request.
    This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 

     

     

    Thanks,

    L.

     

    Tuesday, April 29, 2008 8:23 AM

Answers

  • Hi,

     

    You can place a DC on the noncompliant VLAN, or you can place it on a trunking port that has access to both compliant and noncompliant VLANs.

     

    -Greg

     

    Tuesday, April 29, 2008 9:28 AM

All replies

  • Hi,

     

    You can place a DC on the noncompliant VLAN, or you can place it on a trunking port that has access to both compliant and noncompliant VLANs.

     

    -Greg

     

    Tuesday, April 29, 2008 9:28 AM
  • Agree with Greg. I always place the DC on VLAN 1 – “Management VLAN” – which is assessable from the compliant and non-complaint VLANs.

     

     

    {Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}

    {NAP Blog, FAQ, Forum, MSDN, Site and my bloÿg}

    Tuesday, April 29, 2008 6:11 PM