I'm trying to set a new IP-Address by using a powershell script. I use this command:
New-NetIPAddress -InterfaceAlias $interfaceName -IPAddress $_.IPAddress -AddressFamily IPv4 -PrefixLength $maskLegth
However, on a disconnected interface i get this error:
New-NetIPAddress : Inconsistent parameters PolicyStore PersistentStore and Dhcp Enabled
But when i set the -PolicyStore to ActiveStore, the script will run without errors:
New-NetIPAddress -InterfaceAlias $interfaceName -IPAddress $_.IPAddress -AddressFamily IPv4 -PrefixLength $maskLegth -PolicyStore ActiveStore
I'm not quite sure what this property does, since after restart the settings still are in place. Are there any drawbacks here? Or why does this error even come up?
New-NetIPAddress : Inconsistent parameters PolicyStore PersistentStore and Dhcp Enabled
PersistentStore is separate from ActiveStore, and there is also separate GPO store.
These stores are firewall and network configurations.
ActiveStore contains configuration for this computer.
GPO store is configuration from local group policy.
Active store is curentlly active configuration, and includes both GPO and Persistent store.
Problem you are getting is because Persistent store is set to DHCP and you are configuring static address, which makes not sense.
first disable DHCP in active store and then set IP for interface.
For information about these stores and how to set them see:
https://learn.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallsetting?view=win10-ps
Related
I've have a Win10IoT Enterprise image I've built.
It is running with Unified Write Filter enabled on the system (C:) volume.
I have the following registry exclusions added to the system disk (the only protected volume) to allow changing IP addresses via netsh to persist and be saved through the filter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
When I boot the machine with the uwf filter ON I do the following actions....
Run netsh to set a static IP, Subnet, and gateway
Verify the commanbd worked with ipconfig
Check the NIC card GUI in Windows and also verify it looks good there.
Everything at this point looks great. I now reboot the machine (uwf filter still on).
When the machine reboots I check the IP address again via ipconfig and the NIC GUI to verify they are still good.
This is when things get odd. The ipconfig looks fine, but in the GUI window the IP is listed as the last static IP address I set with the uwf filter OFF (192.168.0.20 in this example). If I click the advanced settings there are two address listed under the IP Addresses, my expected 192.168.0.50 address as well as the old 192.168.0.20.
Some more info, the machine will respond to pings to 192.168.0.50 but will not respond to 192.168.0.20. I'm guessing there is another registry setting somewhere that is getting reverted causing the GUI to not update correctly. Anyone have any ideas?
Thanks!
Post reboot images....
I had the same problem.
But when I add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi to my exclusion list, it works
I have been struggling to find a solution for the following errors when I configure Forwarding Windows Events to a collector using source initiated http (I followed most blogs on configuration). The error is:
ErrorCode 2150859195
ErrorMessage The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.
So far, I have tried to add the collector IP to the client's TrustedHosts and vice versa; add NetworkService account to the Event Log Readers group.
I felt lucky to figure it out and wanted to share here to help others. At least, after I made the following change on the source computers, I worked well now.
use FQDN not the IP address of the collector. I do not know why
enable WinRM listeners policy, set both IPv4 and IPv6 value to *
In Windows 10 64bit I use the command Set-NetConnection Profile -InterfaceIndex 30 -NetworkCategory Private in the Powershell and it changes all network connections which had the same profile as the interface with index 30.
My Question: Why does this command change all networks?
They are all virtual networks, but I tried the same on another PC with two physical adapters and the same thing happens.
networks before change
the command I am entering
networks after change : i.stack.imgur.com/WW4Iy.png
I found technet.microsoft.com/en-us/library/jj899565.aspx (sorry reputation) and it says The Set-NetConnectionProfile cmdlet changes the network category setting of a connection profile. A connection profile represents a network connection.
Could it be that a connection profile is representating more than one network connection?
Edit:
They are all not identified Networks.
When you change something for unindentified networks, because these networks are unindentified, they are not given a connection profile, this means any change is applied to all unidentified networks.
What you need to do is to make them identified. Identification relies on having a gateway address. One trick is to add a second IP to the interface, usually just 1 before the broadcast address for the subnet, and then assign that address as the gateway. This makes Windows automatically identify the network (using your own machine's characteristics), and then allow you to set a firewall profiles to it, and other details.
I have created a powershell script that makes this easy: https://gist.github.com/CMCDragonkai/dbd2d94840cdaf79d3f6964bbd58e92f
Try it!
Background/objective here is to get clients that VPN in to have access to the LAN they are VPN-ing into. Everything is on EC2.
To get this working, I'm trying to set up direct-access on the Win2k12 box where Remote Access is set-up. Once of the perquisite checks when you launch the "Enabled Direct Access Wizard" is verifying one of the network adapters is configured to have a static IP address (I do not, nor am I aware of a way to make that a reality on EC2!) I can choose to suppress that warning and continue...to a point...eventually I am prompted to "Type the public name of IPv4 used by clients..." prompt pictured below. No value I have tried (host name, fully qualified host name, IP) seems to
work failing with the below errors
host name : "The public name of IPv4 address is invalid. Modify the settings"
fully qualified host name : "An internal adapter with a valid IP address, IPv6 enabled, DNS settings, and a domain profile cannot be located"
IP: "The public name of IPv4 address is invalid. Modify the settings"
I'm thinking this could all be due to the failed pre-requisite, though I'm not 100% sure. Ultimately, I'm beginning to be become unsure if this is possible [by using direct access] or if it is possible to accomplish my goal by using a different approach. Thanks in advance.
I was setting this up on my 2012 server as well and came across the same error. I had to restart the server after verifying I had a static IP, with it's own IP ad the main DNS and the loopback address as the secondary. This was probably because I said that DNS could only respond on that certain IP.
I have been struggling to deal with winrm and TrustedHosts but to no avail. After some experimenting I found out the this field of winrm/config/client is limited up to 1023 symbols which is way not enough especially if adding hosts by their ipv6.
I quote from Installation and Configuration for Windows Remote Management: A trusted hosts list should be set up when mutual authentication cannot be established.
Also in the same file the text says: Other computers in a workgroup or computers in a different domain should be added to this list. So I thought that this implies that as long as two computers are in the same domain, I should be able to access one of them from the other using winrm.
I tried to add two computers to a test domain and the executed:
winrm get winrm/config/client -r:192.168.100.1 -u:user -p:pass
From one of them to the other, but this failed with the error:
WSManFault
Message = The WinRM client cannot process the request. If the authentication
scheme is different from Kerberos, or if the client computer is not joined to a
domain, then HTTPS transport must be used or the destination machine must be ad
ded to the TrustedHosts configuration setting. Use winrm.cmd to configure Truste
dHosts. You can get more information about that by running the following command
: winrm help config.
Error number: -2144108316 0x803380E4
The WinRM client cannot process the request. If the authentication scheme is dif
ferent from Kerberos, or if the client computer is not joined to a domain, then
HTTPS transport must be used or the destination machine must be added to the Tru
stedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. You ca
n get more information about that by running the following command: winrm help c
onfig.
After adding 192.168.100.1 to TrustedHosts the query above succeeds. So my question is: is it possible to use winrm between two hosts without modifying TrustedHosts? Setting Trusted hosts to * is not an option for me.
If both machines are on the same domain, you should be able to use the ComputerName instead of the IP address. When you use the IP address you're pretty much forced to use TrustedHosts from what I've seen.