Network Capture on Server Core

Rather than installing 3rd party tools that may or may not work with server core this is built into most recent Windows Server operating systems.

netsh trace start persistent=yes capture=yes tracefile=c:\temp\trace.etl
netsh trace stop

The .etl can be examined using Microsoft Network Monitor or Microsoft Message Analyser

https://blogs.msdn.microsoft.com/canberrapfe/2012/03/30/capture-a-network-trace-without-installing-anything-capture-a-network-trace-of-a-reboot/

 

Cannot connect to servers through VPN The username could not be found

Using the Azure Point-to-Site VPN client we could establish a connection to servers using the FQDN only anything else would fail with a Username could not be found error which the main issue was the fact it broke GPO processing as the GPO looks at the \\domain.local DFS location rather than DC by FQDN.

\\server.domain.local fine
\\server fails
\\ipaddress fails

Following website has pointed me in the right direction

https://conetrix.com/Blog/Access-Domain-Resources-When-Connected-to-VPN

When I run the command cmdkey.exe /delete /ras everything works correctly again

I did try to edit the pbk and change the UseRaSCredentials=0 but it didn’t seem to work for me.  Still have to manually run the command above once established but I can easily fire this from a custom scheduled task

 

 

 

Windows 10 VPN connections & default DNS servers

For some reason the DNS servers for the connecting VPN client do not get used and this caused problems especially as the internal AD domain suffix was split brain DNS and was getting resolved externally first.

After trying various things including registry hacks removing IPv6 etc I found out that it worked fine as long as I specified a default DNS server and used a named connection suffix.

Downside is that this is useless as I wanted to leverage DHCP wherever I may be and hard coding DNS servers would become a problem when roaming between internally and externally.

I finally found that all I had to do was change the metric on the network interface.  For both ipv4 AND ipv6 remove automatic metric and set to 100.  After this, no problems.