IPAM Access Blocked in Server 2012 ?

By TPreston
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

TPreston

Posted
Posted

Has anyone else experienced this ? I added the IPAM feature to a new server provisioned it using the group policy option (it for some reason did not create the gpos even though I was logged in as domain\administrator so I ran the Invoke-IpamGpoProvisioning cmd and did a gpupdate /force on the dc and DHCP servers and even after a reboot and then refresh in the console the status is still coming up as access blocked. The firewall rules are being created on the destination servers.

The only thing I could think of was the TMG server was blocking IPAM traffic but nothing is showing up as blocked in the logs.

The DNS servers show up as eventlog access status blocked (dns)

even though I can browse the dns eventlog remotely using the mmc snapin ?

Link to comment
https://www.neowin.net/forum/topic/1139834-ipam-access-blocked-in-server-2012/
Share on other sites
Contributor

cluberti

Posted
Posted

When you configure it in an environment without the TMG firewall, does it work? I've seen TMG cause issues like this before (numerous reasons) and logging everything based on IP address usually gives up the reasoning if it is TMG. If the rules are created in the firewall profile in use on each server, then it's usually not server-side.

I have seen Cisco network access protection on networks cause issues here too, but those showed up in the Cisco logs and were obvious.

Grand Master

TPreston

Posted
  • Author
Posted

I created a firewall rule to bypass all traffic and filtering with no luck Its my first time trying to deploy this and all the videos made it look easy not sure where im going wrong the jobs are definitely running when I start them on the ipam console but I cant get rid of the blocked status.

Grand Master

TPreston

Posted
  • Author
Posted

Ok I found the solution, Nothing to do with firewall settings

http://edwardvbs.wor...us-blocked-dns/

Just added the IPAM server to domain\builtin\Administrators in active directory users and computers.

Same thing I needed to do to get SQL always on working.

For DHCP I had to make a share http://technet.microsoft.com/en-us/library/jj878311.aspx#audit and add ipamug to dhcp users and admins local group on the dhcp server

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft confirms Recycle Bin bug across all versions of Windows

      By Usama Jawad96 · Posted

      Normally, I admit when a title is clickbait (unfortunately, it's become somewhat necessary in AI-dominated news sections today), but in this case, all supported versions is implied and doesn't need to be spelled out in the title. Of course, I'm covering a Patch Tuesday update but that is only available to supported Windows SKUs. All our coverage relates to supported Windows software and SKUs only unless we expressly state that it's "unsupported", "unofficial", or "third-party". I'm sorry, but supported/official SKUs don't need to be spelled out as such in every Neowin headline.
    • Microsoft confirms Recycle Bin bug across all versions of Windows

      By aioraito · Posted

      ALL versions or ALL SUPPORTED versions? Neowin does it again.
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

    • Apple MacBook Neo is a blessing for Windows users, here's why

      By +samw61 · Posted

      But the reality is it will work for people's needs, and they don't care about the technology that makes it. Clearly not everyone's needs, but that low end space where personal laptops were only used to type emails, watch content and browse websites, but they didn't want to do that on a small screen device. Heck, writing that out I can now see the connection and reason it'll do so well. Apple is about experience. If the experience is bad, they don't release it. Low end Windows laptop manufacturers up until this point have not taken that into consideration ever before, so slow laggy usage with brittle slimey plastic shells were common. I hope that the low end space at least creates better physical products that last a bit longer, and if Microsoft get their act together, they could also have a solid OS on such low end hardware that would actually make the experience work for what the hardware was intended for. The fact that the CPU is a "cellphone", sorry mobile phone processor is irrelevant. It's about the experience, and so far, that sounds quite solid.
    • Module Blocked - Is this Okay?

      By goretsky · Posted

      Hello, Bonjour is Apple's implementation of a multicast-DNS service, which allows devices running Apple's software and/or hardware to find each other on your local network.  I believe the Windows version was last updated around 2010. If you do not need it, you can stop and disable the Bonjour service in the Services Control Manager (filename: SERVICES.MSC).  Once you have done that, the operating system will no longer attempt to load the service. Regards, Aryeh Goretsky  

  • Recent Achievements

    • Week One Done
      Jordan Smith earned a badge
      Week One Done
    • Reacting Well
      BizSAR earned a badge
      Reacting Well
    • First Post
      AndreaB earned a badge
      First Post
    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      581
    2. 2
      +Edouard
      184
    3. 3
      PsYcHoKiLLa
      75
    4. 4
      Michael Scrip
      73
    5. 5
      neufuse
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!