data _system_translations { ConvertFrom-StringData @' # fallback text goes here (optional) RRASInstalled_title = RRAS: The Routing and Remote Access role service must be installed RRASInstalled_problem = The Routing and Remote Access role service is not installed on this computer. RRASInstalled_impact = If the Routing and Remote Access role service is not installed, then the server cannot provide routing or remote access services to remote clients. RRASInstalled_resolution = Use Server Manager to install the Routing and Remote Access role service, which is part of the Network Policy and Access Services server role. RRASInstalled_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. RRASDisabled_title = RRAS: The Routing and Remote Access role service must be enabled RRASDisabled_problem = The Routing and Remote Access role service is disabled on this computer. RRASDisabled_impact = If the Routing and Remote Access role service is not enabled, then the server cannot provide routing or remote access services to remote clients. RRASDisabled_resolution = Use 'Routing and Remote Access' in Server Manager to enable the Routing and Remote Access role service. RRASDisabled_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. RRASStopped_title = RRAS: The Routing and Remote Access service must be running RRASStopped_problem = The Routing and Remote Access service is either stopped or paused. RRASStopped_impact = If the Routing and Remote Access service is in a stopped or paused state, then the server cannot provide routing or remote access services to remote clients. RRASStopped_resolution = Use 'Routing and Remote Access' in Server Manager to start the Routing and Remote Access service. RRASStopped_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. VPNConfigured_title = RRAS: To support remote access connections, IPv4 or IPv6 Remote Access must be enabled on the RRAS server VPNConfigured_problem = Neither 'IPv4 Remote access server' nor 'IPv6 Remote access server' is selected on the Routing and Remote Access Properties page. VPNConfigured_impact = If 'Remote access server' is not selected, then the server cannot support virtual private network (VPN) or dial-up connections. VPNConfigured_resolution = Use 'Routing and Remote Access' in Server Manager to enable 'IPv4 Remote access server', 'IPv6 Remote access server', or both, on the Routing and Remote Access Properties page, as required by your network. VPNConfigured_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. EventLog_title = RRAS: Logging should be enabled on the RRAS server EventLog_problem = Routing and Remote Access logging is disabled on the server. EventLog_impact = If logging is disabled, then no errors or warnings are logged, making it difficult to troubleshoot problems on the RRAS server. EventLog_resolution = Use 'Routing and Remote Access' in Server Manager to enable logging on the RRAS server. EventLog_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. InterfaceEnabled_title = RRAS: At least one network interface should be enabled on the RRAS server InterfaceEnabled_problem = All network interfaces on the Routing and Remote Access server are disabled. InterfaceEnabled_impact = If all network interfaces are disabled, then remote access clients cannot communicate with the RRAS server. InterfaceEnabled_resolution = Enable at least one network interface on the RRAS server. InterfaceEnabled_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. InterfaceDisabled_title = RRAS: The network interface {0} on the RRAS server should be enabled InterfaceDisabled_problem = The interface {0} is disabled. InterfaceDisabled_impact = If a network interface is disabled then clients cannot communicate with the RRAS server through that interface. InterfaceDisabled_resolution = Enable the interface {0} on the RRAS server. InterfaceDisabled_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. InterfaceReachable_title = RRAS: At least one network interface on the RRAS server must be reachable InterfaceReachable_problem = All network interfaces on the Routing and Remote Access server are in an unreachable state. InterfaceReachable_impact = If a network interface is in an unreachable state, then clients cannot communicate with the RRAS server by using that interface. InterfaceReachable_resolution = Review the 'Unreachability Reason' in 'Routing and Remote Access' in Server Manager, and then take corrective steps. InterfaceReachable_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. InterfaceUnReachable_title = RRAS: The network interface {0} on the RRAS server should be reachable InterfaceUnReachable_problem = The interface {0} is in an unreachable state. InterfaceUnReachable_impact = If a network interface is in an unreachable state, then clients cannot communicate with the RRAS server by using that interface. InterfaceUnReachable_resolution = Review the 'Unreachability Reason' in 'Routing and Remote Access' in Server Manager, and then take corrective steps. InterfaceUnReachable_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPv4Router_title = RRAS: To use RRAS server as an IPv4 router, IPv4 forwarding must be enabled IPv4Router_problem = IPv4 routing is enabled, but IPv4 forwarding is disabled on the Routing and Remote Access server. IPv4Router_impact = If IPv4 forwarding is disabled on the RRAS server, then it cannot operate as an IPv4 router. IPv4Router_resolution = Use 'Routing and Remote Access' in Server Manager to select 'Enable IPv4 Forwarding' on the Routing and Remote Access Properties page. IPv4Router_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPv6Router_title = RRAS: To use RRAS server as an IPv6 router, IPv6 forwarding must be enabled IPv6Router_problem = IPv6 routing is enabled, but IPv6 forwarding is disabled on the Routing and Remote Access server. IPv6Router_impact = If IPv6 forwarding is disabled on the RRAS server, then it cannot operate as an IPv6 router. IPv6Router_resolution = Use 'Routing and Remote Access' in Server Manager to select 'Enable IPv6 Forwarding' on the Routing and Remote Access Properties page. IPv6Router_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPv4Routing_title = RRAS: IPv4 routing should be enabled on the RRAS server for routing protocols like DHCP Relay, RIP and IGMP to run IPv4Routing_problem = IPv4 routing is disabled on the Routing and Remote Access server. IPv4Routing_impact = If IPv4 routing is disabled, then IPv4 routing protocols like DHCP Relay, RIP, or IGMP cannot run. IPv4Routing_resolution = Use 'Routing and Remote Access' in Server Manager to enable IPv4 routing if you want to use IPv4 routing protocols. IPv4Routing_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPv6Routing_title = RRAS: IPv6 routing should be enabled on the RRAS server for routing protocols like DHCP Relay to run IPv6Routing_problem = IPv6 routing is disabled on the Routing and Remote Access server. IPv6Routing_impact = If IPv6 routing is disabled, then IPv6 routing protocols like DHCP Relay Agent cannot run. IPv6Routing_resolution = Use 'Routing and Remote Access' in Server Manager to enable IPv6 routing if you want to use IPv6 routing protocols. IPv6Routing_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. Ports_title = RRAS: IKEv2, L2TP, and SSTP should have a minimum of 1 port, and PPTP should have a minimum of 2 Ports_problem = The number of ports assigned to IKEv2, L2TP, and SSTP tunnels is zero, and the number of ports assigned to PPTP is one. Ports_impact = If you do not assign a sufficient number of ports to the tunneling protocols, then remote access clients cannot communicate with the RRAS server. Ports_resolution = Use 'Routing and Remote Access' in Server Manager to increase the number of ports assigned to the tunneling protocols. IKEv2, L2TP, and SSTP should have a minimum or 1 port, and PPTP should have a minimum of 2. Ports_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. PortProtocol_title = RRAS: The number of ports available for use by {0} should be greater than 0 PortProtocol_problem = The number of ports assigned to {0} is zero. PortProtocol_impact = If you do not assign any ports for use by {0} tunneling, then remote access clients cannot communicate with the RRAS server by using {0}. PortProtocol_resolution = Use 'Routing and Remote Access' in Server Manager to increase the number of ports assigned to {0}. PortProtocol_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. PortProtocolPPTP_title = RRAS: The number of ports available for use by {0} should be greater than 1 PortProtocolPPTP_problem = The number of ports assigned to {0} is 1. IKEv2Service_title = RRAS: The IKEEXT service is required to support L2TP/IPsec and IKEv2 tunnels IKEv2Service_problem = The IKE and AuthIP IPsec Keying Modules service (IKEEXT) is not running on the Routing and Remote Access server. IKEv2Service_impact = If the IKE and AuthIP IPsec Keying Modules service is not running on the RRAS server, then remote access clients cannot communicate with the RRAS server by using L2TP/IPsec or IKEv2. IKEv2Service_resolution = Start the IKE and AuthIP IPsec Keying Modules service by using the Services MMC snap-in or by entering the command "net start ikeext" at a command prompt running with administrator permissions. IKEv2Service_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IKEv2CertificateForNAT_Title = RRAS: To use IKEv2 behind a NAT router, the certificate subject name must match the NAT address IKEv2CertificateForNAT_problem = RRAS cannot determine if a certificate valid for IKEv2 is present on the RRAS server. If your server is behind a NAT router, then the subject name of the certificate must match the DNS name or IP address of the external interface of the router. IKEv2CertificateForNAT_impact = If you do not have a correctly configured and accessible IKEv2 certificate, then remote access clients cannot communicate with the RRAS server by using an IKEv2 tunnel. IKEv2CertificateForNAT_resolution = Use the Certificates MMC snap-in to request and configure a certificate for IKEv2 that specifies a subject name matching the DNS name or IP address of the external interface of the NAT router that is between the RRAS server and the remote access clients. IKEv2CertificateForNAT_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IKEv2Certificate_title = RRAS: To use IKEv2, at least one valid certificate must be present on the RRAS server IKEv2Certificate_problem = A certificate that is usable for IKEv2 is not present on your RRAS server. IKEv2Certificate_impact = If you do not have a correctly configured and accessible IKEv2 certificate, then remote access clients cannot communicate with the RRAS server by using an IKEv2 tunnel. IKEv2Certificate_resolution = Use the Certificates MMC snap-in to request and configure certificates on the RRAS server for IKEv2. IKEv2Certificate_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. IKEv2CertificateIKEINTERMEDIATE_title = RRAS: Only one certificate for IKEv2 should have IP security IKE intermediate in its EKU property IKEv2CertificateIKEINTERMEDIATE_problem = There are one or more valid certificates for IKEv2 and either (a) none of them has IP security IKE intermediate in the EKU property, or (b) there are multiple valid certificates for IKEv2 and more than one has IP security IKE intermediate in the EKU property. IKEv2CertificateIKEINTERMEDIATE_impact = If there are one or more valid certificates, and none or more than one has IP security IKE intermediate in the EKU property, then RRAS does not know which certificate to use, and selects one at random. The selected certificate might not be the one intended for use. IKEv2CertificateIKEINTERMEDIATE_resolution = 1) If there are no certificates with IP security IKE intermediate then issue a certificate for IKEv2 with IP security IKE intermediate in the EKU property. 2) If there is more than one certificate with IP security IKE intermediate, then delete all but the 1 certificate that you want to use. IKEv2CertificateIKEINTERMEDIATE_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. SSTPCertificateForNAT_title = RRAS: To use SSTP behind a NAT router, the certificate subject name must match the NAT address SSTPCertificateForNAT_problem = RRAS cannot determine if a certificate valid for SSTP is present on the RRAS server. If your server is behind a NAT router, then the subject name of the certificate must match the DNS name or IP address of the external interface of the router. SSTPCertificateForNAT_impact = If you do not have a correctly configured and accessible SSTP certificate, then remote access clients cannot communicate with the RRAS server by using an SSTP tunnel. SSTPCertificateForNAT_resolution = Use the Certificates MMC snap-in to request and configure a certificate for SSTP that specifies a subject name matching the DNS name or IP address of the external interface of the NAT router that is between the RRAS server and the remote access clients. SSTPCertificateForNAT_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. SSTPCertificate_title = RRAS: To use SSTP, at least one valid certificate must be present on the RRAS server SSTPCertificate_problem = A certificate that is usable for SSTP is not present on your RRAS server. SSTPCertificate_impact = If you do not have a correctly configured and accessible SSTP certificate, then remote access clients cannot communicate with the RRAS server by using an SSTP tunnel. SSTPCertificate_resolution = Use the Certificates MMC snap-in to request and configure certificates on the RRAS server for SSTP. SSTPCertificate_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. SSTPCertificateDefault_title = RRAS: If there are > 1 certificates for SSTP, then the preferred certificate must be specified SSTPCertificateDefault_problem = There are multiple valid certificates for SSTP, and the administrator selected 'Default' instead of specifying the certificate to be used for SSTP. SSTPCertificateDefault_impact = If there is more than one valid certificate for use with SSTP and 'Default' is selected, then RRAS does not know which certificate to use and selects one at random. The selected certificate might not be the one intended for this use. SSTPCertificateDefault_resolution = Use 'Routing and Remote Access' in Server Manager to select a certificate to use for SSTP on the Routing and Remote Access Properties page. SSTPCertificateDefault_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. NATCertificate_title = RRAS: The subject name of the certificate to be used for IKEv2 or SSTP must match the name of the RRAS server or the IP address of the external interface of the RRAS server NATCertificate_problem = The subject name of the following certificates do not match the name of the RRAS server or the IP address of one of the interfaces of the RRAS server: {0}. NATCertificate_impact = If the subject name of a certificate does not match the name or IP address of an interface on the RRAS server then the client cannot connect to the RRAS server if the server uses this certificate. NATCertificate_resolution = Issue a certificate with a subject name that reflects the IP address or name of the RRAS server. NOTE: Ignore this warning if your RRAS server is behind a NAT router. The certificate should contain the address of external interface of the NAT router. NATCertificate_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. Authentication_title = RRAS: Use authentication protocols that are considered more secure than PAP, CHAP, or MS-CHAPv2 Authentication_problem = The RRAS server is configured to accept remote access connections that are not authenticated, or that are authenticated with an authentication protocol that is no longer considered secure. Authentication_impact = PAP and CHAP are no longer considered secure for protecting sensitive data. MS-CHAP v2 is better than PAP or CHAP, but we recommend EAP or computer certificates. Authentication_resolution = Use 'Routing and Remote Access' in Server Manager to select a secure authentication method on the Routing and Remote Access Properties page. Authentication_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. RasAdapter_title = RRAS: If DHCP is used to allocate addresses to remote clients then specify the network adapter to be used to obtain DHCP addresses RasAdapter_problem = The RRAS server is configured to use DHCP to obtain IP addresses for remote access clients, but the network adapter through which a DHCP server can be accessed has not been specified. RasAdapter_impact = RRAS might select an adapter through which DHCP is not available resulting in APIPA addresses. APIPA addresses are not routable. Remote access clients that are assigned an APIPA address cannot communicate beyond the remote access server. RasAdapter_resolution = Use 'Routing and Remote Access' in Server Manager to select an adapter on the Routing and Remote Access Properties page. Select an adapter connected to a network that has an accessible DHCP server. RasAdapter_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DemandDial_title = RRAS: To use a demand-dial interface, 'LAN and demand-dial routing' must be enabled on the server DemandDial_problem = A demand-dial interface has been configured, but demand-dial routing is not enabled on the RRAS server. DemandDial_impact = If 'LAN and demand-dial routing' is disabled on the RRAS server, then demand-dial connections cannot be established. DemandDial_resolution = Use 'Routing and Remote Access' in Server Manager to enable 'LAN and demand-dial routing' on the RRAS server. DemandDial_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DemandDialEncrypt_title = RRAS: Demand-dial interface {0} should support data encryption DemandDialEncrypt_problem = "No encryption allowed" is selected in the {0} Properties page. DemandDialEncrypt_impact = If you do not enable encryption, all data sent through the demand-dial interface is transmitted in plaintext and subject to inspection by any device on the network. DemandDialEncrypt_resolution = Use 'Routing and Remote Access' in Server Manager to configure the {0} Properties page to enable 'Optional encryption', 'Require encryption', or 'Maximum strength encryption'. DemandDialEncrypt_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DhcpRelayServersV4_title = RRAS: IPv4 DHCP Relay Agent should be configured with at least one DHCP server DhcpRelayServersV4_problem = IPv4 DHCP Relay Agent is enabled, but is not configured with the IPv4 address of a DHCP server. DhcpRelayServersV4_impact = IPv4 DHCP Relay Agent must be configured with the address of at least one DHCPv4 server. Without a DHCP server, DHCP Relay Agent has nowhere to relay DHCP messages from clients. DhcpRelayServersV4_resolution = Use 'Routing and Remote Access' in Server Manager to configure one or more DHCP server addresses on the IPv4 DHCP Relay Agent Properties page. DhcpRelayServersV4_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DhcpRelayServersV6_title = RRAS: IPv6 DHCPv6 Relay Agent should be configured with at least one DHCP server DhcpRelayServersV6_problem = IPv6 DHCPv6 Relay Agent is enabled, but is not configured with the IPv6 address of a DHCP server. DhcpRelayServersV6_impact = IPv6 DHCPv6 Relay Agent must be configured with the address of at least one DHCPv6 server. Without a DHCPv6 server, DHCPv6 Relay Agent has nowhere to relay DHCP messages from clients. DhcpRelayServersV6_resolution = Use 'Routing and Remote Access' in Server Manager to configure one or more DHCP server addresses on the IPv6 DHCPv6 Relay Agent Properties page. DhcpRelayServersV6_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DhcpRelayServersInterfaceV4_title = RRAS: At least one interface in IPv4 DHCP Relay Agent must have 'Relay DHCP packets' enabled DhcpRelayServersInterfaceV4_problem = IPv4 DHCP Relay Agent is enabled and configured, but none of the interfaces assigned to DHCP Relay Agent are configured with 'Relay DHCP packets' enabled. DhcpRelayServersInterfaceV4_impact = If 'Relay DHCP packets' is not enabled on at least one interface assigned to the IPv4 DHCP Relay Agent routing protocol, then DHCP Relay Agent cannot forward DHCP packets from clients to DHCP servers. DhcpRelayServersInterfaceV4_resolution = Use 'Routing and Remote Access' in Server Manager to enable 'Relay DHCP packets' on at least one interface assigned to IPv4 DHCP Relay Agent. DhcpRelayServersInterfaceV4_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DhcpRelayServersInterfaceV6_title = RRAS: At least one interface in IPv6 DHCPv6 Relay Agent must have 'Relay DHCP packets' enabled DhcpRelayServersInterfaceV6_problem = IPv6 DHCPv6 Relay Agent is enabled and configured, but none of the interfaces assigned to DHCPv6 Relay Agent are configured with 'Relay DHCP packets' enabled. DhcpRelayServersInterfaceV6_impact = If 'Relay DHCP packets' is not enabled on at least one interface assigned to the IPv6 DHCPv6 Relay Agent routing protocol, then DHCPv6 Relay Agent cannot forward DHCP packets from clients to DHCPv6 servers. DhcpRelayServersInterfaceV6_resolution = Use 'Routing and Remote Access' in Server Manager to enable 'Relay DHCP packets' on at least one interface assigned to IPv6 DHCPv6 Relay Agent. DhcpRelayServersInterfaceV6_compliant = The RRAS Best Practices Analyzer scan has determined that you are in compliance with this best practice. DirectAccessDisabled_title = DirectAccess: DirectAccess must be configured to accept client connections DirectAccessDisabled_problem = The Remote Access role combines DirectAccess and RRAS VPN. The role is installed, but DirectAccess is not configured. DirectAccessDisabled_impact = Until DirectAccess is configured, the server cannot provide access to internal resources for remote client computers connecting over DirectAccess. DirectAccessDisabled_resolution = Set up DirectAccess in the Remote Access Management console. DirectAccessDisabled_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ExtDefaultGateway_title = DirectAccess: A default gateway must be configured on the external adapter of the Remote Access server ExtDefaultGateway_problem = A default gateway is not configured for the external network adapter {0} on the Remote Access server. ExtDefaultGateway_impact = Client computers cannot connect to internal resources via Remote Access. ExtDefaultGateway_resolution = Configure a default gateway for the external adapter {0}. ExtDefaultGateway_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IntDefaultGateway_title = DirectAccess: A default gateway must be configured on the internal adapter of the Remote Access server IntDefaultGateway_problem = A default gateway is not configured for the internal network adapter {0} on the Remote Access server. IntDefaultGateway_impact = Client computers cannot connect to internal resources via Remote Access. IntDefaultGateway_resolution = Configure a default gateway for the internal adapter {0}. IntDefaultGateway_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. MultipleInternalInterface_title = DirectAccess: The Remote Access server should have only one internal adapter MultipleInternalInterface_problem = More than one internal network adapter is configured on the Remote Access server. MultipleInternalInterface_impact = Clients might not be able to connect to the internal network with DirectAccess or VPN. MultipleInternalInterface_resolution = Disable all internal adapters except one or enable forwarding and route publishing on all internal adapters. MultipleInternalInterface_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. MultipleExternalInterface_title = DirectAccess: The Remote Access server should have only one external adapter MultipleExternalInterface_problem = More than one external network adapter is configured on the Remote Access server. MultipleExternalInterface_impact = Clients might not be able to connect to the internal network with DirectAccess or VPN. MultipleExternalInterface_resolution = Disable all external adapters except one or enable forwarding on all internal adapters. MultipleExternalInterface_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. NativeIPv6OnInternalInterface_title = DirectAccess: In a native IPv6 deployment, ISATAP should not be configured on internal adapter NativeIPv6OnInternalInterface_problem = ISATAP NIC is configured while Remote Access Server is configured to use the native IPv6 internal adapter. NativeIPv6OnInternalInterface_impact = IPv4 only resources are not accessible from outside the corpnet via Remote Access connectivity. NativeIPv6OnInternalInterface_resolution = Do one of the following: 1. Disable the ISATAP NIC. 2. Enable forwarding on ISATAP NIC and add DirectAccess server in PRL. NativeIPv6OnInternalInterface_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice ExternalInterfaceIPv6Checked_title = DirectAccess: IPv6 must be enabled on the external adapter {0} of the Remote Access server ExternalInterfaceIPv6Checked_problem = IPv6 is not enabled on the external network adapter {0}. ExternalInterfaceIPv6Checked_impact = Clients may not be able to connect to Remote Access Server ExternalInterfaceIPv6Checked_resolution = Enable IPv6 on the adapter {0}. ExternalInterfaceIPv6Checked_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. InternalInterfaceIPv6Checked_title = DirectAccess: IPv6 must be enabled on the internal adapter {0} of the Remote Access server InternalInterfaceIPv6Checked_problem = IPv6 is not enabled on the internal network adapter {0}. InternalInterfaceIPv6Checked_impact = Connectivity between the Remote Access server and the internal network will not work as expected. InternalInterfaceIPv6Checked_resolution = Enable IPv6 on the adapter {0}. InternalInterfaceIPv6Checked_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. MgmtServersIPv6Invalid_title = DirectAccess: Remote Access infrastructure server addresses must be valid MgmtServersIPv6Invalid_problem = The IPv6 addresses of the following Remote Access infrastructure servers are not included in the internal network IPv6 prefix : {0}. MgmtServersIPv6Invalid_impact = DirectAccess clients cannot connect to these infrastructure servers. End-to-end communication will not work as expected. MgmtServersIPv6Invalid_resolution = Add the server addresses for {0} to the internal network IPv6 prefix. MgmtServersIPv6Invalid_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. FirewallBlocksToredo_title = DirectAccess: Teredo should not be blocked on the Remote Access server FirewallBlocksToredo_problem = Windows Firewall settings are blocking Teredo (ICMPv4) traffic. FirewallBlocksToredo_impact = Teredo will not work as expected. FirewallBlocksToredo_resolution = Modify Windows Firewall settings to allow Teredo traffic. FirewallBlocksToredo_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. FirewallON_title = DirectAccess: On the Remote Access Server, Windows Firewall state must be on FirewallON_problem = Windows firewall is turned off for the required profiles on the Remote Access Server. FirewallON_impact = Clients may not be able to connect to Remote Access Server FirewallON_resolution = Turn on Windows Firewall for the corresponding profile on the Remote Access server. FirewallON_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice ToredoAvailable_title = DirectAccess: Teredo functionality is available, Teredo can be enabled on the Remote Access Server ToredoAvailable_problem = The two consecutive public IPv4 addresses required for Teredo are available on the server. Teredo can be used, but is not enabled. ToredoAvailable_impact = Teredo functionality is available but not enabled. ToredoAvailable_resolution = Enable Teredo on the Remote Access Server. ToredoAvailable_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. SGDomainCompWithFilter_title = DirectAccess: The DirectAccess client security group should not include desktop Domain Computers SGDomainCompWithFilter_problem = The DirectAccess client security group contains "Domain computers" without "Enable DirectAcces for mobile computers only" checkbox enabled. SGDomainCompWithFilter_impact = If desktop computers do not require remote connectivity to the internal network using DirectAccess, they do not need to be included in a DirectAccess client security group. DirectAccess client settings stored in the client Group Policy object (GPO) is applied to all computers in the security group. SGDomainCompWithFilter_resolution = Limit the security group to mobile computers only from DirectAccess Client Setup. SGDomainCompWithFilter_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ISATAPResolution_title = DirectAccess: ISATAP should be registered in all domains ISATAPResolution_problem = ISATAP is not registered with DNS servers in all domains in the Active Directory forest. ISATAPResolution_impact = If you are using manage out capabilities from IPv4 servers in your corporate network, communication with DirectAccess clients from these servers might fail. ISATAPResolution_resolution = Register ISATAP addresses for all Remote Access servers with DNS servers in each domain. ISATAPResolution_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. DNS64ReturnsAAAA_title = DirectAccess: DNS64 should be configured to return AAAA queries DNS64ReturnsAAAA_problem = ISATAP is enabled but not configured to return AAAA queries. DNS64ReturnsAAAA_impact = ISATAP communication will not work as expected. DNS64ReturnsAAAA_resolution = Configure DNS64 to return AAAA queries. DNS64ReturnsAAAA_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPv4OnlyMgmtServers_title = DirectAccess: Remote Access Management servers should support IPv6 IPv4OnlyMgmtServers_problem = IPv6 support is not available for the following infrastructure servers : {0}. IPv4OnlyMgmtServers_impact = Management servers cannot initiate communication with DirectAccess client computers for remote management purposes. For example, to deliver updates. However, clients can initiate communication with management servers. IPv4OnlyMgmtServers_resolution = Ensure that management servers used for remote management of DirectAccess client computers support IPv6. IPv4OnlyMgmtServers_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPSecCertAboutToExpire_title = DirectAccess: The validity of IPsec certificate should be more than seven days IPSecCertAboutToExpire_problem = The certificate used for IPsec authentication will expire in less than seven days. IPSecCertAboutToExpire_impact = DirectAccess client connectivity will not work as expected without a valid certificate. IPSecCertAboutToExpire_resolution = Install a valid IPsec certificate on the Remote Access server. IPSecCertAboutToExpire_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPHTTPCertAboutToExpire_title = DirectAccess: The validity of IP-HTTPS certificate should be more than seven days IPHTTPCertAboutToExpire_problem = The IP-HTTPS certificate will expire in less than seven days. IPHTTPCertAboutToExpire_impact = DirectAccess client IP-HTTPS connectivity will not work as expected without a valid certificate. IPHTTPCertAboutToExpire_resolution = Install a valid IP-HTTPS certificate on the Remote Access server. IPHTTPCertAboutToExpire_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. NLSCertAboutToExpire_title = DirectAccess: The validity of network location server certificate should be more than seven days NLSCertAboutToExpire_problem = The network location server certificate will expire in less than seven days. NLSCertAboutToExpire_impact = DirectAccess client connectivity will not work as expected without a valid certificate. NLSCertAboutToExpire_resolution = Install a valid NLS certificate on the Remote Access server. NLSCertAboutToExpire_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. NLSOnHighAvailableServer_title = DirectAccess: The network location server should be highly available NLSOnHighAvailableServer_problem = A single Remote Access server is deployed. Network location server availability is dependent upon the availability on the Remote Access server. NLSOnHighAvailableServer_impact = The network location server is used by DirectAccess clients to determine their location. If the Remote Access server (and thus the network location server) is unavailable, clients located in the internal network will not be able to access internal resources. NLSOnHighAvailableServer_resolution = Remote Access is deployed on a single server only, it is recommended to install the network location server on a separate computer that is highly available to DirectAccess clients. NLSOnHighAvailableServer_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. CloseDCNotUsed_title = DirectAccess: The domain controller configured for an entrypoint should be the one closest to the multisite deployment entrypoint CloseDCNotUsed_problem = The domain controller closest to the entry point is not listed in the server GPO. Either the domain controller listed is not available, or a closer domain controller is now available. CloseDCNotUsed_impact = Routing and system performance will be impacted. CloseDCNotUsed_resolution = Update the server GPO with the closest available domain controller. CloseDCNotUsed_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ADSiteValid_title = DirectAccess: Active Directory site for an entry point should be valid ADSiteValid_problem = Active Directory site settings for the entry point have been modified and are invalid. ADSiteValid_impact = Remote clients will not be able to connect as expected to internal network using the entry point. ADSiteValid_resolution = Remove and then add the entry point to the multisite deployment again. ADSiteValid_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ConnectToExceptionMissing_title = DirectAccess:The address used to connect to the Remote Access server must not be a part of the internal network suffix ConnectToExceptionMissing_problem = The public name or IP address used by DirectAccess clients to connect to the Remote Access server is included in the internal network suffix for the NRPT. DirectAccess client will attempt to resolve the external name using an internal DNS server. ConnectToExceptionMissing_impact = Client connectivity will not work as expected. ConnectToExceptionMissing_resolution = Manually add an exemption entry in the NRPT (i.e. with a NULL DNS Address) for the public name/address used by clients to connect to the Remote Access server. ConnectToExceptionMissing_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. EPInInfraTPUpdated_title = DirectAccess: DirectAccess infrastructure server addresses must be up-to-date EPInInfraTPUpdated_problem = The addresses of one or more infrastructure servers such as domain controllers and DNS servers, are not valid. EPInInfraTPUpdated_impact = DirectAccess connectivity will not work as expected. EPInInfraTPUpdated_resolution = Run the “Refresh Management Servers” task in the Remote Access management UI. EPInInfraTPUpdated_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ExternalInterfaceChanged_title = DirectAccess: The external adapter IP address of the Remote Access server has been modified ExternalInterfaceChanged_problem = Changes to the external adapter IP address of the Remote Access server have not been applied. ExternalInterfaceChanged_impact = Client connectivity will not work as expected. ExternalInterfaceChanged_resolution = Update the IPSec policies with the correct external IP Address for DA Server. ExternalInterfaceChanged_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. InternalInterfaceChanged_title = DirectAccess: The internal adapter IP address of the Remote Access server has been modified InternalInterfaceChanged_problem = Changes to the internal adapter IP address of the Remote Access server have not been applied. InternalInterfaceChanged_impact = Client connectivity will not work as expected. InternalInterfaceChanged_resolution = Update the IPSec policies with the correct internal IP Address for DA Server. InternalInterfaceChanged_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. NCSIProbeNotWorking_title = DirectAccess: The Network Connectivity Status Indicator (NCSI) web probe url and DNS resource probe should be accessible NCSIProbeNotWorking_problem = The Network Connectivity Status Indicator (NCSI) web probe url or DNS resource probe is not accessible. NCSIProbeNotWorking_impact = Client connectivity will not work as expected NCSIProbeNotWorking_resolution = Update the Client GPO with the correct web probe and DNS probe information. NCSIProbeNotWorking_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. NCAResourceNotReachable_title = DirectAccess: NCA resources should be accessible NCAResourceNotReachable_problem = One or more NCA resources are not accessible. NCAResourceNotReachable_impact = Remote clients may not get correct connectivity status over DirectAccess. NCAResourceNotReachable_resolution = Update the NCA resources from the Remote client setup wizard in the Remote Access Management console. NCAResourceNotReachable_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. E2ETraceEnabledLong_title = DirectAccess: Remote Access tracing should not be activated for long periods E2ETraceEnabledLong_problem = Tracing has been active for more than five hours. E2ETraceEnabledLong_impact = Activating tracing for long periods of time will consume disk space and reduce performance. E2ETraceEnabledLong_resolution = Stop tracing from the Remote Access Management console if not required. E2ETraceEnabledLong_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. InBoxAccounting_title = DirectAccess: Remote Access reporting functionality should be available InBoxAccounting_problem = Inbox accounting (Windows Internal Database accounting) is not enabled. InBoxAccounting_impact = Reporting functionality is not available if inbox accounting is not enabled. InBoxAccounting_resolution = Enable inbox accounting. InBoxAccounting_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. RemoteAccessServerHealth_title = DirectAccess: Remote Access Server's operational status should be okay RemoteAccessServerHealth_problem = The following Remote Access components are in a critical or warning state : {0}. RemoteAccessServerHealth_impact = Possible Remote Access Server connectivity problems RemoteAccessServerHealth_resolution = Fix the critical/warning Remote Access Server component(s) and run BPA scan again. RemoteAccessServerHealth_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPNotConfigured_title=Web Application Proxy must be configured before it is used. WAPNotConfigured_problem=Web Application Proxy was installed but not configured for initial use. WAPNotConfigured_impact=If Web Application Proxy is not configured it cannot be used to publish applications. WAPNotConfigured_resolution=Use ‘Remote Access Management’ in Server Manager to start the configuration wizard or use the Install-WebApplicationProxy PowerShell command. WAPNotConfigured_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateMissing_title=Web Application Proxy: Application '{0}' is configured to use an external certificate that is not present on this server. WAPCertificateMissing_problem=Application '{0}' that is published by Web Application Proxy is using an external certificate that is not present on this server. WAPCertificateMissing_impact=If an application uses a certificate that is not present on this server, Web Application Proxy will not publish the application and users will not have access. WAPCertificateMissing_resolution=Obtain the configured external certificate from another server and copy it to this server with its private key. WAPCertificateMissing_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateExpired_title=Web Application Proxy: Application '{0}' is using an external certificate that has expired. WAPCertificateExpired_problem=Application '{0}' that is published by Web Application Proxy is using a certificate that has expired. WAPCertificateExpired_impact=If an application is using a certificate that has expired, users will not be able to secure their access to the application and sensitive data will not be encrypted. Some browsers might block access to such sites. WAPCertificateExpired_resolution=Issue a new certificate for this address and publish this application again with the new certificate. WAPCertificateExpired_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateWillExpire_title=Web Application Proxy: Application '{0}' is using an external certificate that is about to expire. WAPCertificateWillExpire_problem=Application '{0}' that is published by Web Application Proxy is using a certificate that is about to expire. WAPCertificateWillExpire_impact=If an application is using a certificate that has expired, users will not be able to secure their access to the application and sensitive data will not be encrypted. Some browsers might block access to such sites. WAPCertificateWillExpire_resolution=Issue a new certificate for this address and publish this application again with the new certificate. WAPCertificateWillExpire_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateNoPrivateKey_title=Web Application Proxy: Application '{0}' is using an external certificate that has no private key. WAPCertificateNoPrivateKey_problem=Application '{0}' that is published by Web Application Proxy is using a certificate that has no private key. WAPCertificateNoPrivateKey_impact=If an application is using a certificate that has no private key, users will not be able to secure their access to the application and sensitive data will not be encrypted. Some browsers might block access to such sites. WAPCertificateNoPrivateKey_resolution=Publish this application again with a valid certificate. WAPCertificateNoPrivateKey_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateInvalidPurpose_title=Web Application Proxy: Application '{0}' is using an external certificate that has an invalid key usage. WAPCertificateInvalidPurpose_problem=Application '{0}' that is published by Web Application Proxy is using a certificate that has an invalid key usage. WAPCertificateInvalidPurpose_impact=If an application is using a certificate that has an invalid key usage, users will not be able to secure their access to the application and sensitive data will not be encrypted. Some browsers might block access to such sites. WAPCertificateInvalidPurpose_resolution=Publish this application again with a valid certificate. WAPCertificateInvalidPurpose_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPCertificateNotBefore_title=Web Application Proxy: Application '{0}' is using an external certificate that is not yet valid. WAPCertificateNotBefore_problem=Application '{0}' that is published by Web Application Proxy is using a certificate that is not yet valid. WAPCertificateNotBefore_impact=If an application is using a certificate that is not yet valid, users will not be able to secure their access to the application and sensitive data will not be encrypted. Some browsers might block access to such sites. WAPCertificateNotBefore_resolution=Publish this application again with a valid certificate. WAPCertificateNotBefore_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPNonDomainJoinedAndIWA_title=Web Application Proxy: Some applications are configured to perform backend authentication using Integrated Windows authentication but the server is not joined to a domain. WAPNonDomainJoinedAndIWA_problem=Web Application Proxy can perform backend authentication using Integrated Windows authentication only when it is running on a server that is joined to a domain. WAPNonDomainJoinedAndIWA_impact=Users will not be able to access this application from the current server. WAPNonDomainJoinedAndIWA_resolution=Join this server to a domain. WAPNonDomainJoinedAndIWA_compliant=The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. WAPServiceNotAuto_title=Web Application Proxy: The service is not configured to run automatically WAPServiceNotAuto_problem=Web Application Proxy service (appproxysvc) settings were changed and it is not configured to run automatically. WAPServiceNotAuto_impact=After the server restarts, the service will not start and users will not be able to access published applications. WAPServiceNotAuto_resolution=Consider changing the Web Application Proxy service startup type to Automatic. WAPADFSServiceNotAuto_title=Web Application Proxy: The AD FS Proxy service is not configured to run automatically WAPADFSServiceNotAuto_problem=Active Directory Federation Services service (adfssrv) settings were changed and it is not configured to run automatically. WAPADFSServiceNotAuto_impact=After the server restarts, the service will not start and users will not be able to authenticate and will not be able to access published applications. WAPADFSServiceNotAuto_resolution=Consider changing the Active Directory Federation Services service startup type to Automatic. WAPServiceStopped_title=Web Application Proxy service is stopped WAPServiceStopped_problem=Web Application Proxy service (appproxysvc) is stopped. WAPServiceStopped_impact=Users will not be able to access published applications. WAPServiceStopped_resolution=Look for problems in the Windows event log. If no problems are found, restart the server. If this doesn't solve the problem, reinstall Web Application Proxy. WAPADFSServiceStopped_title=Web Application Proxy: The AD FS Proxy service is stopped WAPADFSServiceStopped_problem=Active Directory Federation Services service (adfssrv) is stopped. WAPADFSServiceStopped_impact=Users will not be able to authenticate and will not be able to access published applications. WAPADFSServiceStopped_resolution=Look for problems in the Windows event log. If no problems are found, restart the server. If this doesn't solve the problem, reinstall Web Application Proxy. WAPCantRetrieveConfPermanent_title=Web Application Proxy could not retrieve its configuration WAPCantRetrieveConfPermanent_problem=Web Application Proxy could not retrieve its configuration from AD FS storage. WAPCantRetrieveConfPermanent_impact=Web Application Proxy was unable to retrieve its configuration from AD FS storage and used the latest copy of the configuration; any updates to the configuration were not applied on this server. When the service starts, there is no copy of the configuration and any previously published applications are temporarily unavailable to users. WAPCantRetrieveConfPermanent_resolution=Check connectivity between Web Application Proxy and the AD FS servers. If the problem persists, consider running the Install-WebApplicationProxy cmdlet. WAPCantRetrieveConfTemporary_title=Web Application Proxy was not able to check for configuration updates WAPCantRetrieveConfTemporary_problem=Web Application Proxy was not able to check for configuration updates from AD FS storage. WAPCantRetrieveConfTemporary_impact=Web Application Proxy was temporarily unable to retrieve its configuration from AD FS storage and used the latest copy of the configuration; any updates to the configuration were not applied on this server. When the service starts, there is no copy of the configuration and any previously published applications are temporarily unavailable to users. WAPCantRetrieveConfTemporary_resolution=Check connectivity between Web Application Proxy and the AD FS servers. WAPCantApplyConfCert_title=Web Application Proxy could not publish an application due to certificate problems WAPCantApplyConfCert_problem=Web Application Proxy could not publish an application due to certificate problems. WAPCantApplyConfCert_impact=Users were not able to access the applications. WAPCantApplyConfCert_resolution=In the Windows event log, look for event 12021 for more details about these applications. Consider issuing a new certificate for these applications. WAPCantApplyConfHttpSys_title=Web Application Proxy could not publish an application WAPCantApplyConfHttpSys_problem=Web Application Proxy could not publish an application because it could not configure the HTTP protocol stack (http.sys) for that application. WAPCantApplyConfHttpSys_impact=Users were not able to access the applications. WAPCantApplyConfHttpSys_resolution=In the Windows event log, look for events 12019 and 12020 for more details about these applications. This may occur due to misconfiguration or a conflict with other services on the server. WAPIwaFailed_title=Web Application Proxy: Could not perform Integrated Windows authentication to the backend servers WAPIwaFailed_problem=The backend server rejected the Kerberos ticket that was presented by Web Application Proxy. WAPIwaFailed_impact=The backend server was not able to authenticate users. WAPIwaFailed_resolution=Check the Windows event log for event 12008 to identify the application. Check the Kerberos configuration on the domain controller and backend server for each application. This might also occur if the Web Application Proxy server time is not synchronized with the domain controller or the backend server. WAPUrlTranslationDis_title=Web Application Proxy: The external and backend server URLs are different and URL translation is disabled WAPUrlTranslationDis_problem=The external and backend server URLs are different and URL translation is disabled. WAPUrlTranslationDis_impact=The published application might reject requests from the client. WAPUrlTranslationDis_resolution=Consider changing the application publishing settings. WAPDAWithWAPCluster_title=Web Application Proxy: A cluster of Web Application Proxy servers is deployed and DirectAccess is also installed WAPDAWithWAPCluster_problem=A cluster of Web Application Proxy servers is deployed and DirectAccess is also installed on this server. WAPDAWithWAPCluster_impact=Web Application Proxy does not support this configuration and might not work as expected. WAPDAWithWAPCluster_resolution=Consider uninstalling DirectAccess from this server. WAPServerNotInCluster_title=Web Application Proxy: This server is not included in the ConnectedServersName list WAPServerNotInCluster_problem=This server is not included in the ConnectedServersName list. WAPServerNotInCluster_impact=The Remote Access Management console may not work as expected. WAPServerNotInCluster_resolution=Use the Set-WebApplicationProxyConfiguration cmdlet to add this server to the ConnectedServersName list. WAPPollingIntervalHigh_title=Web Application Proxy: The ConfigurationChangesPollingIntervalSec value is high WAPPollingIntervalHigh_problem=When the ConfigurationChangesPollingIntervalSec value is high, any changes that you make are not propagated in a timely manner, or changes are only partially propagated until the next time the server checks for updates. WAPPollingIntervalHigh_impact=Applications might not be published as expected until the next time the server checks for updates. WAPPollingIntervalHigh_resolution=Consider changing ConfigurationChangesPollingIntervalSec to a lower value using the Set-WebApplicationProxyConfiguration cmdlet. DownLevel_title = DirectAccess: DirectAccess is not enabled to work with Windows 7 clients DownLevel_problem = The checkbox for enabling DirectAccess for Windows 7 clients is not checked. DownLevel_impact = Windows 7 clients will not be able to connect to the corporate network over DirectAccess. DownLevel_resolution = Add support for Windows 7 clients as follows: 1. In the Remote Access Management console, run the Remote Access Server Setup Wizard. 2. On the Authentication page, check the checkbox to allow support for Windows 7 clients. If you are not already using certificate based authentication, you will need to enable that support. For this, on this page, you will also need to enter a root certificate authority to which the server machine certificate will chain to. 3. Apply the new configuration changes. DownLevel_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. ForceTunnelAndKerProxy_title = DirectAccess: Force tunneling and Kerberos proxy will not work together when both are deployed for DirectAccess ForceTunnelAndKerProxy_problem = Force tunneling and Kerberos proxy cannot be configured together in a DirectAccess deployment. ForceTunnelAndKerProxy_impact = Client connectivity will not work as expected. ForceTunnelAndKerProxy_resolution = You can either reconfigure to split tunneling mode or to certificate based authentication. Configure split tunneling mode as follows: 1. In the Remote Access Management console, run the Remote Clients Setup Wizard. 2. On the Select Groups page, uncheck the checkbox for force tunneling. 3. Apply the new configuration changes. Configure certificate based authentication as follows: 1. In the Remote Access Management console, run the Remote Access Server Setup Wizard. 2. On the Authentication page, check the checkbox to allow support for Windows 7 clients. You will also need to enter a root certificate authority to which the server machine certificate will chain to. 3. Apply the new configuration changes. ForceTunnelAndKerProxy_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. DCInstalled_title = DirectAccess: DirectAccess connectivity will not work if the DirectAccess server is also a Domain Controller DCInstalled_problem = DirectAccess has been configured on a server that is also a domain controller. DCInstalled_impact = Client connectivity will not work. DCInstalled_resolution = You can do either of the following: 1. Remove the Active Directory Domain Services role from the DirectAccess Server 2. Move the Remote Access role to a different server DCInstalled_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsNetAdapterBindingOrderCorrect_title = DirectAccess: The internal network adapter on the Remote Access server should be accessed first IsNetAdapterBindingOrderCorrect_problem = The external network adapter is listed before the internal network adapter in the connection order. IsNetAdapterBindingOrderCorrect_impact = Remote Access will check the external adapter before the internal adapter. This might cause a delay when applying configuration changes. IsNetAdapterBindingOrderCorrect_resolution = Modify the connection order as follows: 1. Click Start, and type ncpa.cpl. 2. In Network Connections, press the Alt key to open the hidden menu. 3. In the menu, click Advanced, and then click Advanced Settings. 4. In the Connections list, move the internal adapter above the external adapter. Then click OK. IsNetAdapterBindingOrderCorrect_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsSanAndSubjectName_title = DirectAccess: A certificate that could be used for DirectAccess has a SAN, but no subject name IsSanAndSubjectName_problem = One or more certificates are incompatible with DirectAccess. IsSanAndSubjectName_impact = You will not be able to use these certificates for DirectAccess configuration. IsSanAndSubjectName_resolution = To find and remove non compatible certificates, do the following: 1. Type certmgr.msc at an elevated command prompt 2. Go to Personal -> Certificates. 3. For each certificate, click on Details and check if the Subject field is empty. 4. Remove the certificate from the store. IsSanAndSubjectName_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IPHTTPSHasPrivateKey_title = DirectAccess: IP-HTTPS certificate {0} on the Remote Access server should have a valid private key. IPHTTPSHasPrivateKey_problem = The IP-PHTTPS certificate {0} is located on the server, but a private key for the certificate cannot be found. IPHTTPSHasPrivateKey_impact = DirectAccess client computers cannot connect over IP-HTTPS as expected. IPHTTPSHasPrivateKey_resolution = Do the following: 1. Obtain an IP-HTTPS certificate with a private key. 2. Ensure that the certificate is in the Personal store of the computer account. IPHTTPSHasPrivateKey_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsDAPolicyPresent_title = DirectAccess: The DirectAccess server did not receive the DirectAccess server GPO IsDAPolicyPresent_problem = DirectAccess policies have not been configured on the DirectAccess server. IsDAPolicyPresent_impact = Client connectivity will not work as expected. IsDAPolicyPresent_resolution = To ensure that DirectAccess server is receiving the DirectAccess policies, do the following: 1. Execute gpupdate /force from an elevated command prompt 2. If policies have still not been received, check the GPO in GPMC to ensure that the GPO is accessible to the DirectAccess server IsDAPolicyPresent_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsDomainComputersInDA_title = DirectAccess: The DirectAccess client security group should not include desktop computers IsDomainComputersInDA_problem = The DirectAccess client security group contains non-mobile desktop computers. IsDomainComputersInDA_impact = If desktop computers do not require remote connectivity to the corporate network using DirectAccess, they do not need to be included in a DirectAccess client security group. DirectAccess client settings stored in the client Group Policy object (GPO) are applied to all computers in the security group. IsDomainComputersInDA_resolution = To limit the security group to mobile computers only, do the following: 1. In the Remote Access Management console, run the Remote Clients Setup Wizard. 2. On the Select Groups page, select Enable DirectAccess for mobile computers only. Then click OK. 3. Apply the new configuration changes. IsDomainComputersInDA_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsSupportEmailConfigured_title = DirectAccess: An email address should be configured for NCA IsSupportEmailConfigured_problem = The support email address for DirectAccess clients has not been configured. IsSupportEmailConfigured_impact = If there are any connectivity issues, DirectAccess clients will not be able to send logs to the administrator. IsSupportEmailConfigured_resolution = Configure the helpdesk email address as follows: 1. In the Remote Access Management console, run the Remote Clients Setup Wizard. 2. On the Network Connectivity Assistant page, enter an email address for the text field Helpdesk email address. Then click Finish. 3. Apply the new configuration changes. IsSupportEmailConfigured_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsDefaultGWConfigProper_title = DirectAccess: The default gateway should be configured on the Internet interface and not on the internal interface IsDefaultGWConfigProper_problem = Either a default gateway is not configured on the external interface, or a default gateway is configured on the internal interface. IsDefaultGWConfigProper_impact = If a default gateway is not configured on the external interface, clients on the corporate network will not be able to send packets back to the Internet. If you have specific routes configured on the external interface to reach the Internet, ignore this warning. If a default gateway is configured on the internal interface, DirectAccess communication will fail. IsDefaultGWConfigProper_resolution = Configure a default gateway on the external interface. Remove the default gateway from the internal interface. The default gateway can be changed in the IPv4/IPv6 properties page of the physical interface. IsDefaultGWConfigProper_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsInvalidNrptExpPresent_title = DirectAccess: NRPT exemptions have been configured in force tunneling deployments IsInvalidNrptExpPresent_problem = Corporate namespace exemptions have been configured in a deployment where all traffic goes through the DirectAccess tunnels. IsInvalidNrptExpPresent_impact = These exemptions will not be functional since all traffic will go through the DirectAccess tunnels. IsInvalidNrptExpPresent_resolution = Remove the NRPT exemptions as follows: 1. In the Remote Access Management console, run the Infrastructure Server Setup Wizard. 2. On the DNS page of the wizard, delete the namespace entries with no corresponding DNS servers 3. Apply the new configuration changes. IsInvalidNrptExpPresent_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsDNS64AcptIfaceConfigValid_title = DirectAccess: AcceptInterface for DNS64 must use the same IP address as the one used for DNS64 IsDNS64AcptIfaceConfigValid_problem = The IP address on the interface where DNS64 is listening is not correct. IsDNS64AcptIfaceConfigValid_impact = Client connectivity will not work as expected. IsDNS64AcptIfaceConfigValid_resolution = Configure the correct address as follows: 1. From an elevated Powershell prompt, execute "Set-NetDnsTransitionConfiguration –State Disabled". 2. Restart the Remote Access Management Service by executing Restart-Service ramgmtsvc. After the service has been restarted, the address will be reconfigured on the interface. IsDNS64AcptIfaceConfigValid_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsDNSAddrConfigValid_title = DirectAccess: The DNS address used for name resolution of internal network resources should be correct IsDNSAddrConfigValid_problem = The DNS server used to resolve internal namespace queries is not configured as the NAT64/DNS64 address of the DirectAccess server. IsDNSAddrConfigValid_impact = Client connectivity will not work as expected. IsDNSAddrConfigValid_resolution = Add the default entry for a name suffix as follows: 1. In the Remote Access Management console, run the Infrastructure Server Setup Wizard. 2. On the DNS page of the wizard, double-click the entry containing the relevant network suffix. 3. Remove the IP addresses for the network suffix. Once all the IP addresses are removed, the Detect button is enabled. Click on the button to populate the default IP addresses. 4. Apply the new configuration changes. IsDNSAddrConfigValid_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsIpHttpsCdpReachable_title = DirectAccess: The IP-HTTPS CRL distribution point should be accessible from the DirectAccess server IsIpHttpsCdpReachable_problem = DirectAccess clients may not be able to access the CRL distribution point (CDP) of the online issuing authority. IsIpHttpsCdpReachable_impact = If the CDP is not reachable, DirectAccess clients will not be able to get the updated CRLs and hence connectivity to the DirectAccess server will fail. IsIpHttpsCdpReachable_resolution = Ensure that the CRL distribution point is hosted on an Internet-facing and publically accessible Web or file server that provides high availability and, depending on the number of DirectAccess clients, high capacity. IsIpHttpsCdpReachable_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsNlsCdpReachable_title = DirectAccess: An NLS CRL distribution point should be accessible from the DirectAccess server IsNlsCdpReachable_problem = DirectAccess clients will not be able to access the CRL distribution point (CDP) of the online issuing authority for network location determination. IsNlsCdpReachable_impact = If the CDP is not reachable, DirectAccess clients will not be able to get the updated CRLs .When they come inside the corporate network, they will not be qualified as inside and will not be able to access corporate network resources. IsNlsCdpReachable_resolution = Ensure that the CRL distribution point is hosted on an intranet Web or file server that provides high availability and, depending on the number of DirectAccess clients, high capacity. IsNlsCdpReachable_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsNonPingProbesConfigured_title = DirectAccess: Ensure that probes other than ping probes are configured in the NCA IsNonPingProbesConfigured_problem = Only ping (ICMP) probes have been configured for checking corporate connectivity on the client. IsNonPingProbesConfigured_impact = Since ICMP is exempted from IPsec, successfull ping queries do not guarantee that clients have full connectivity to the corporate network. IsNonPingProbesConfigured_resolution = To ensure that remote clients can properly determine if they have full corporate connectivity over DirectAccess, configure an HTTP probe. You can configure an HTTP probe as follows: 1. In the Remote Access Management console, run the Remote Clients Setup Wizard. 2. On the Network Connectivity Assistant page, enter an HTTP resource to validate connectivity to the internal network. Then click Finish. 3. Apply the new configuration changes. IsNonPingProbesConfigured_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. IsIsatapDnsRecordsProper_title = DirectAccess: If NLB/ELB is deployed and ISATAP is also deployed in the corporate network, ensure that all the internal DIPs and VIPs are registered in DNS for the ISATAP entry. IsIsatapDnsRecordsProper_problem = ISATAP is deployed in the corporate network and the ISATAP DNS record does not have all the internal dedicated IP addresses and Virtual IPaddresses of the cluster. IsIsatapDnsRecordsProper_impact = DirectAccess clients will not be able to communicate with corporate network resources. IsIsatapDnsRecordsProper_resolution = Ensure that all the internal dedicated IPaddresses of the remote access servers and the internal virtual IPaddresses of the load balancer are registered in DNS for ISATAP. The internal virtual IP address can be determined by executing the cmdlet Get-RemoteAccessLoadBalancer. The internal dedicated IPaddresses are the actual addresses configured on the internal interface of the DirectAccess servers. IsIsatapDnsRecordsProper_compliant = The Remote Access Best Practices Analyzer scan has determined that you are in compliance with this best practice. '@ } Import-LocalizedData -BindingVariable _system_translations -filename RemoteAccessServer.psd1 function Compile-Csharp ([string] $code, [string] $compilerOptions, [Array]$References) { # Get an instance of the CSharp code provider $cp = New-Object Microsoft.CSharp.CSharpCodeProvider $refs = New-Object Collections.ArrayList $refs.AddRange( @("${framework}System.dll", "${framework}System.XML.dll")) if ($References.Count -ge 1) { $refs.AddRange($References) } # Build up a compiler params object... $cpar = New-Object System.CodeDom.Compiler.CompilerParameters $cpar.GenerateInMemory = $true $cpar.GenerateExecutable = $true $cpar.IncludeDebugInformation = $false $cpar.CompilerOptions = $compilerOptions $cpar.ReferencedAssemblies.AddRange($refs) $cr = $cp.CompileAssemblyFromSource($cpar, $code) if ( $cr.Errors.Count) { $codeLines = $code.Split("`n"); foreach ($ce in $cr.Errors) { write-host "Error: $($codeLines[$($ce.Line - 1)])" $ce | out-default } Throw "INVALID DATA: Errors encountered while compiling code" } } #CSharp code goes here function call-RRASGenConfig() { $code = @' namespace RRASServiceConfig { using System; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Text; using System.Xml; using System.Xml.Serialization; using System.IO; using System.Runtime.InteropServices; using System.ComponentModel; using System.Net; using System.Net.NetworkInformation; using System.Collections; using System.Net.Sockets; #region auto-generated-xml-schema-code //------------------------------------------------------------------------------ // // This code was generated by a tool. // Runtime Version:4.0.30319.34003 // // Changes to this file may cause incorrect behavior and will be lost if // the code is regenerated. // //------------------------------------------------------------------------------ // // This source code was auto-generated by xsd, Version=4.0.30319.17929. // /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] [System.Xml.Serialization.XmlRootAttribute("RRASSERVER", Namespace = "http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008/04", IsNullable = false)] public partial class RRASService { private bool rRASInstalledField; private bool vPNEnabledField; private bool vPNEnabledFieldSpecified; private bool dAEnabledField; private bool dAEnabledFieldSpecified; private bool multiTenancyEnabledField; private RRAS rRASField; private DA daField; private bool webApplicationProxyInstalledField; private bool webApplicationProxyEnabledField; private bool webApplicationProxyEnabledFieldSpecified; private WebApplicationProxy webApplicationProxyField; public RRASService() { this.multiTenancyEnabledField = false; } /// public bool RRASInstalled { get { return this.rRASInstalledField; } set { this.rRASInstalledField = value; } } /// public bool VPNEnabled { get { return this.vPNEnabledField; } set { this.vPNEnabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool VPNEnabledSpecified { get { return this.vPNEnabledFieldSpecified; } set { this.vPNEnabledFieldSpecified = value; } } /// public bool DAEnabled { get { return this.dAEnabledField; } set { this.dAEnabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool DAEnabledSpecified { get { return this.dAEnabledFieldSpecified; } set { this.dAEnabledFieldSpecified = value; } } /// public bool MultiTenancyEnabled { get { return this.multiTenancyEnabledField; } set { this.multiTenancyEnabledField = value; } } /// public RRAS RRAS { get { return this.rRASField; } set { this.rRASField = value; } } /// public DA DA { get { return this.daField; } set { this.daField = value; } } /// public bool WebApplicationProxyInstalled { get { return this.webApplicationProxyInstalledField; } set { this.webApplicationProxyInstalledField = value; } } /// public bool WebApplicationProxyEnabled { get { return this.webApplicationProxyEnabledField; } set { this.webApplicationProxyEnabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool WebApplicationProxyEnabledSpecified { get { return this.webApplicationProxyEnabledFieldSpecified; } set { this.webApplicationProxyEnabledFieldSpecified = value; } } /// public WebApplicationProxy WebApplicationProxy { get { return this.webApplicationProxyField; } set { this.webApplicationProxyField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class RRAS { private bool isInstallationValidField; private bool rRASRunningField; private bool vpnEnabledField; private bool loggingEnabledField; private RouterConfiguration iPv4RouterField; private RouterConfiguration iPv6RouterField; private InterfaceList interfaceListField; private bool allPortsDisabledField; private bool allPortsDisabledFieldSpecified; private Port[] portField; private bool iKEEXTRunningField; private bool iKEEXTRunningFieldSpecified; private bool dHCPServersAddedV4Field; private bool dHCPServersAddedV4FieldSpecified; private bool dHCPServersAddedV6Field; private bool dHCPServersAddedV6FieldSpecified; private CertificateType validIKEv2CertificatesField; private bool validIKEv2CertificatesFieldSpecified; private CertificateType validSSTPCertificatesField; private bool validSSTPCertificatesFieldSpecified; private IKECertificateType iKEv2CertIkeIntermediateField; private bool iKEv2CertIkeIntermediateFieldSpecified; private bool sSTPDefaultCertField; private bool sSTPDefaultCertFieldSpecified; private string certInvalidNameField; private bool authenticationMethodsField; private bool authenticationMethodsFieldSpecified; private bool rasAdapterField; private bool rasAdapterFieldSpecified; private bool allCompartmentsEnabledField; private string disabledCompartmentsNameField; private bool deletedCompartmentsField; private string deletedCompartmentNamesField; private bool machineCertificateAuthenticationEnabledField; private bool isInboundCAConfiguredField; private bool eAPAuthenticationEnabledField; private bool certAuthenticationEnabledField; private bool serverCertHasNoRootCertificateField; private bool serverCertificateAboutToExpireField; private bool serverRootCertificateAboutToExpireField; private bool rootCertificateToAcceptAboutToExpireField; private bool serverCertificateHasAtleastOneIPInCNField; private bool serverCertificateHasAtleastOnePublicIPInCNField; private bool defaultCapacityParamsField; private bool portLimitExceededField; private bool pSKBasedS2SInterfacesWithSameDestinationField; private string pSKBasedS2SInterfacesWithSameDestinationListField; private RoutingDomain[] routingDomainField; public RRAS() { this.isInstallationValidField = false; this.allCompartmentsEnabledField = false; this.deletedCompartmentsField = false; this.machineCertificateAuthenticationEnabledField = false; this.isInboundCAConfiguredField = false; this.eAPAuthenticationEnabledField = false; this.certAuthenticationEnabledField = false; this.serverCertHasNoRootCertificateField = false; this.serverCertificateAboutToExpireField = false; this.serverRootCertificateAboutToExpireField = false; this.rootCertificateToAcceptAboutToExpireField = false; this.serverCertificateHasAtleastOneIPInCNField = true; this.serverCertificateHasAtleastOnePublicIPInCNField = false; this.defaultCapacityParamsField = false; this.portLimitExceededField = false; this.pSKBasedS2SInterfacesWithSameDestinationField = false; } /// public bool IsInstallationValid { get { return this.isInstallationValidField; } set { this.isInstallationValidField = value; } } /// public bool RRASRunning { get { return this.rRASRunningField; } set { this.rRASRunningField = value; } } /// public bool VpnEnabled { get { return this.vpnEnabledField; } set { this.vpnEnabledField = value; } } /// public bool LoggingEnabled { get { return this.loggingEnabledField; } set { this.loggingEnabledField = value; } } /// public RouterConfiguration IPv4Router { get { return this.iPv4RouterField; } set { this.iPv4RouterField = value; } } /// public RouterConfiguration IPv6Router { get { return this.iPv6RouterField; } set { this.iPv6RouterField = value; } } /// public InterfaceList InterfaceList { get { return this.interfaceListField; } set { this.interfaceListField = value; } } /// public bool AllPortsDisabled { get { return this.allPortsDisabledField; } set { this.allPortsDisabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool AllPortsDisabledSpecified { get { return this.allPortsDisabledFieldSpecified; } set { this.allPortsDisabledFieldSpecified = value; } } /// [System.Xml.Serialization.XmlElementAttribute("Port")] public Port[] Port { get { return this.portField; } set { this.portField = value; } } /// public bool IKEEXTRunning { get { return this.iKEEXTRunningField; } set { this.iKEEXTRunningField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IKEEXTRunningSpecified { get { return this.iKEEXTRunningFieldSpecified; } set { this.iKEEXTRunningFieldSpecified = value; } } /// public bool DHCPServersAddedV4 { get { return this.dHCPServersAddedV4Field; } set { this.dHCPServersAddedV4Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool DHCPServersAddedV4Specified { get { return this.dHCPServersAddedV4FieldSpecified; } set { this.dHCPServersAddedV4FieldSpecified = value; } } /// public bool DHCPServersAddedV6 { get { return this.dHCPServersAddedV6Field; } set { this.dHCPServersAddedV6Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool DHCPServersAddedV6Specified { get { return this.dHCPServersAddedV6FieldSpecified; } set { this.dHCPServersAddedV6FieldSpecified = value; } } /// public CertificateType ValidIKEv2Certificates { get { return this.validIKEv2CertificatesField; } set { this.validIKEv2CertificatesField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool ValidIKEv2CertificatesSpecified { get { return this.validIKEv2CertificatesFieldSpecified; } set { this.validIKEv2CertificatesFieldSpecified = value; } } /// public CertificateType ValidSSTPCertificates { get { return this.validSSTPCertificatesField; } set { this.validSSTPCertificatesField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool ValidSSTPCertificatesSpecified { get { return this.validSSTPCertificatesFieldSpecified; } set { this.validSSTPCertificatesFieldSpecified = value; } } /// public IKECertificateType IKEv2CertIkeIntermediate { get { return this.iKEv2CertIkeIntermediateField; } set { this.iKEv2CertIkeIntermediateField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IKEv2CertIkeIntermediateSpecified { get { return this.iKEv2CertIkeIntermediateFieldSpecified; } set { this.iKEv2CertIkeIntermediateFieldSpecified = value; } } /// public bool SSTPDefaultCert { get { return this.sSTPDefaultCertField; } set { this.sSTPDefaultCertField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool SSTPDefaultCertSpecified { get { return this.sSTPDefaultCertFieldSpecified; } set { this.sSTPDefaultCertFieldSpecified = value; } } /// public string CertInvalidName { get { return this.certInvalidNameField; } set { this.certInvalidNameField = value; } } /// public bool AuthenticationMethods { get { return this.authenticationMethodsField; } set { this.authenticationMethodsField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool AuthenticationMethodsSpecified { get { return this.authenticationMethodsFieldSpecified; } set { this.authenticationMethodsFieldSpecified = value; } } /// public bool RasAdapter { get { return this.rasAdapterField; } set { this.rasAdapterField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool RasAdapterSpecified { get { return this.rasAdapterFieldSpecified; } set { this.rasAdapterFieldSpecified = value; } } /// public bool AllCompartmentsEnabled { get { return this.allCompartmentsEnabledField; } set { this.allCompartmentsEnabledField = value; } } /// public string DisabledCompartmentsName { get { return this.disabledCompartmentsNameField; } set { this.disabledCompartmentsNameField = value; } } /// public bool DeletedCompartments { get { return this.deletedCompartmentsField; } set { this.deletedCompartmentsField = value; } } /// public string DeletedCompartmentNames { get { return this.deletedCompartmentNamesField; } set { this.deletedCompartmentNamesField = value; } } /// public bool MachineCertificateAuthenticationEnabled { get { return this.machineCertificateAuthenticationEnabledField; } set { this.machineCertificateAuthenticationEnabledField = value; } } /// public bool IsInboundCAConfigured { get { return this.isInboundCAConfiguredField; } set { this.isInboundCAConfiguredField = value; } } /// public bool EAPAuthenticationEnabled { get { return this.eAPAuthenticationEnabledField; } set { this.eAPAuthenticationEnabledField = value; } } /// public bool CertAuthenticationEnabled { get { return this.certAuthenticationEnabledField; } set { this.certAuthenticationEnabledField = value; } } /// public bool ServerCertHasNoRootCertificate { get { return this.serverCertHasNoRootCertificateField; } set { this.serverCertHasNoRootCertificateField = value; } } /// public bool ServerCertificateAboutToExpire { get { return this.serverCertificateAboutToExpireField; } set { this.serverCertificateAboutToExpireField = value; } } /// public bool ServerRootCertificateAboutToExpire { get { return this.serverRootCertificateAboutToExpireField; } set { this.serverRootCertificateAboutToExpireField = value; } } /// public bool RootCertificateToAcceptAboutToExpire { get { return this.rootCertificateToAcceptAboutToExpireField; } set { this.rootCertificateToAcceptAboutToExpireField = value; } } /// public bool ServerCertificateHasAtleastOneIPInCN { get { return this.serverCertificateHasAtleastOneIPInCNField; } set { this.serverCertificateHasAtleastOneIPInCNField = value; } } /// public bool ServerCertificateHasAtleastOnePublicIPInCN { get { return this.serverCertificateHasAtleastOnePublicIPInCNField; } set { this.serverCertificateHasAtleastOnePublicIPInCNField = value; } } /// public bool DefaultCapacityParams { get { return this.defaultCapacityParamsField; } set { this.defaultCapacityParamsField = value; } } /// public bool PortLimitExceeded { get { return this.portLimitExceededField; } set { this.portLimitExceededField = value; } } /// public bool PSKBasedS2SInterfacesWithSameDestination { get { return this.pSKBasedS2SInterfacesWithSameDestinationField; } set { this.pSKBasedS2SInterfacesWithSameDestinationField = value; } } /// public string PSKBasedS2SInterfacesWithSameDestinationList { get { return this.pSKBasedS2SInterfacesWithSameDestinationListField; } set { this.pSKBasedS2SInterfacesWithSameDestinationListField = value; } } /// [System.Xml.Serialization.XmlElementAttribute("RoutingDomain")] public RoutingDomain[] RoutingDomain { get { return this.routingDomainField; } set { this.routingDomainField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class RouterConfiguration { private bool routingConfiguredField; private bool forwardingEnabledField; private bool lanAndDemandDialEnabledField; /// public bool RoutingConfigured { get { return this.routingConfiguredField; } set { this.routingConfiguredField = value; } } /// public bool ForwardingEnabled { get { return this.forwardingEnabledField; } set { this.forwardingEnabledField = value; } } /// public bool LanAndDemandDialEnabled { get { return this.lanAndDemandDialEnabledField; } set { this.lanAndDemandDialEnabledField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class WAP_AdditionalError { private string errorTypeField; /// public string ErrorType { get { return this.errorTypeField; } set { this.errorTypeField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class WAP_InvalidCert { private string applicationNameField; private string certErrorTypeField; /// public string ApplicationName { get { return this.applicationNameField; } set { this.applicationNameField = value; } } /// public string CertErrorType { get { return this.certErrorTypeField; } set { this.certErrorTypeField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class WebApplicationProxy { /// [System.Xml.Serialization.XmlArrayItemAttribute("Certificate", IsNullable=false)] public Collection InvalidCerts { get; private set; } /// [System.Xml.Serialization.XmlArrayItemAttribute("AdditionalError", IsNullable=false)] public Collection AdditionalErrors { get; private set; } public WebApplicationProxy() { InvalidCerts = new Collection(); AdditionalErrors = new Collection(); } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAServerHealthIssues { private string[] nameField; private string nameArrayField; /// [System.Xml.Serialization.XmlElementAttribute("Name")] public string[] Name { get { return this.nameField; } set { this.nameField = value; } } /// public string NameArray { get { return this.nameArrayField; } set { this.nameArrayField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAChangeManagement { private bool mgmtServersField; private bool externalInterfaceField; private bool internalInterfaceField; public DAChangeManagement() { this.mgmtServersField = true; this.externalInterfaceField = false; this.internalInterfaceField = false; } /// public bool MgmtServers { get { return this.mgmtServersField; } set { this.mgmtServersField = value; } } /// public bool ExternalInterface { get { return this.externalInterfaceField; } set { this.externalInterfaceField = value; } } /// public bool InternalInterface { get { return this.internalInterfaceField; } set { this.internalInterfaceField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DACertificates { private bool ipSecAboutToExpireField; private bool ipSecAboutToExpireFieldSpecified; private bool sslAboutToExpireField; private bool sslAboutToExpireFieldSpecified; private bool nlsAboutToExpireField; private bool nlsAboutToExpireFieldSpecified; /// public bool IpSecAboutToExpire { get { return this.ipSecAboutToExpireField; } set { this.ipSecAboutToExpireField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IpSecAboutToExpireSpecified { get { return this.ipSecAboutToExpireFieldSpecified; } set { this.ipSecAboutToExpireFieldSpecified = value; } } /// public bool SslAboutToExpire { get { return this.sslAboutToExpireField; } set { this.sslAboutToExpireField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool SslAboutToExpireSpecified { get { return this.sslAboutToExpireFieldSpecified; } set { this.sslAboutToExpireFieldSpecified = value; } } /// public bool NlsAboutToExpire { get { return this.nlsAboutToExpireField; } set { this.nlsAboutToExpireField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool NlsAboutToExpireSpecified { get { return this.nlsAboutToExpireFieldSpecified; } set { this.nlsAboutToExpireFieldSpecified = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DANCSI { private bool dNSProbeResolveField; private bool webProbeReachableField; public DANCSI() { this.dNSProbeResolveField = false; this.webProbeReachableField = false; } /// public bool DNSProbeResolve { get { return this.dNSProbeResolveField; } set { this.dNSProbeResolveField = value; } } /// public bool WebProbeReachable { get { return this.webProbeReachableField; } set { this.webProbeReachableField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class NRPTPolicies { private bool connectToExemptedField; private bool connectToExemptedFieldSpecified; /// public bool ConnectToExempted { get { return this.connectToExemptedField; } set { this.connectToExemptedField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool ConnectToExemptedSpecified { get { return this.connectToExemptedFieldSpecified; } set { this.connectToExemptedFieldSpecified = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAMultiSite { private bool closeDCUsedField; private bool aDSiteValidField; private string closeDCField; public DAMultiSite() { this.closeDCUsedField = false; this.aDSiteValidField = false; } /// public bool CloseDCUsed { get { return this.closeDCUsedField; } set { this.closeDCUsedField = value; } } /// public bool ADSiteValid { get { return this.aDSiteValidField; } set { this.aDSiteValidField = value; } } /// public string CloseDC { get { return this.closeDCField; } set { this.closeDCField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class ManagementServer { private string[] nameField; private string serverArrayField; /// [System.Xml.Serialization.XmlElementAttribute("Name")] public string[] Name { get { return this.nameField; } set { this.nameField = value; } } /// public string ServerArray { get { return this.serverArrayField; } set { this.serverArrayField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAManagementServers { private ManagementServer outSideCorpPrefixField; private ManagementServer iPv4OnlyField; /// public ManagementServer OutSideCorpPrefix { get { return this.outSideCorpPrefixField; } set { this.outSideCorpPrefixField = value; } } /// public ManagementServer IPv4Only { get { return this.iPv4OnlyField; } set { this.iPv4OnlyField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAInterface { private string nameField; private bool v6checkboxField; private bool v4Field; private bool v4FieldSpecified; private bool v6Field; private bool v6FieldSpecified; private DAConfigIntType interfaceConfigTypeField; private bool interfaceConfigTypeFieldSpecified; private string v4DefaultGatewayField; private string v6DefaultGatewayField; private bool multipleNicField; public DAInterface() { this.v6checkboxField = true; } /// public string Name { get { return this.nameField; } set { this.nameField = value; } } /// public bool v6checkbox { get { return this.v6checkboxField; } set { this.v6checkboxField = value; } } /// public bool v4 { get { return this.v4Field; } set { this.v4Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool v4Specified { get { return this.v4FieldSpecified; } set { this.v4FieldSpecified = value; } } /// public bool v6 { get { return this.v6Field; } set { this.v6Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool v6Specified { get { return this.v6FieldSpecified; } set { this.v6FieldSpecified = value; } } /// public DAConfigIntType InterfaceConfigType { get { return this.interfaceConfigTypeField; } set { this.interfaceConfigTypeField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool InterfaceConfigTypeSpecified { get { return this.interfaceConfigTypeFieldSpecified; } set { this.interfaceConfigTypeFieldSpecified = value; } } /// public string v4DefaultGateway { get { return this.v4DefaultGatewayField; } set { this.v4DefaultGatewayField = value; } } /// public string v6DefaultGateway { get { return this.v6DefaultGatewayField; } set { this.v6DefaultGatewayField = value; } } /// public bool MultipleNic { get { return this.multipleNicField; } set { this.multipleNicField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum DAConfigIntType { /// V4, /// V6, /// PureV6, /// ExternalISATAP, } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DAInterfaceList { private DAInterface externalInterfaceField; private DAInterface internalInterfaceField; /// public DAInterface ExternalInterface { get { return this.externalInterfaceField; } set { this.externalInterfaceField = value; } } /// public DAInterface InternalInterface { get { return this.internalInterfaceField; } set { this.internalInterfaceField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class DA { private DATopologyType topologyField; private bool nLBField; private bool nlsOnDAsField; private DAInterfaceList interfaceListField; private DAManagementServers managementServersField; private bool isMultiSiteField; private DAMultiSite multiSiteField; private NRPTPolicies policiesField; private bool isatapResolvingField; private bool isatapResolvingFieldSpecified; private bool isatapResolveAllField; private bool isatapResolveAllFieldSpecified; private bool sGDomainCompWithFilterField; private bool sGDomainCompWithFilterFieldSpecified; private bool dNS64ReturnsAAAAField; private bool dNS64ReturnsAAAAFieldSpecified; private bool toredoConfiguredField; private bool toredoConfiguredFieldSpecified; private bool firewallBlocksTeredoField; private bool firewallBlocksTeredoFieldSpecified; private bool firewallONField; private DANCSI nCSIField; private bool nCAResourceReachableField; private bool nCAResourceReachableFieldSpecified; private DACertificates certificatesField; private DAChangeManagement changeManagementField; private bool e2ETraceEnabledLongField; private bool e2ETraceEnabledLongFieldSpecified; private bool inBoxAccountingField; private bool isServerHealthGoodField; private DAServerHealthIssues serverHealthIssueField; private bool downLevelField; private bool forceTunnelAndKerProxyField; private bool dCInstalledField; private bool dCInstalledFieldSpecified; private bool isNetAdapterBindingOrderCorrectField; private bool isSanAndSubjectNameField; private bool iPHTTPSHasPrivateKeyField; private string iPHTTPSCertNameField; private bool isDAPolicyPresentField; private bool isSupportEmailConfiguredField; private bool isDefaultGWConfigProperField; private bool isDefaultGWConfigProperFieldSpecified; private bool isInvalidNrptExpPresentField; private bool isDNS64AcptIfaceConfigValidField; private bool isDNS64AcptIfaceConfigValidFieldSpecified; private bool isDNSAddrConfigValidField; private bool isIpHttpsCdpReachableField; private bool isIpHttpsCdpReachableFieldSpecified; private bool isNlsCdpReachableField; private bool isNlsCdpReachableFieldSpecified; private bool isNonPingProbesConfiguredField; private bool isIsatapDnsRecordsProperField; private bool isIsatapDnsRecordsProperFieldSpecified; /// public DATopologyType Topology { get { return this.topologyField; } set { this.topologyField = value; } } /// public bool NLB { get { return this.nLBField; } set { this.nLBField = value; } } /// public bool NlsOnDAs { get { return this.nlsOnDAsField; } set { this.nlsOnDAsField = value; } } /// public DAInterfaceList InterfaceList { get { return this.interfaceListField; } set { this.interfaceListField = value; } } /// public DAManagementServers ManagementServers { get { return this.managementServersField; } set { this.managementServersField = value; } } /// public bool IsMultiSite { get { return this.isMultiSiteField; } set { this.isMultiSiteField = value; } } /// public DAMultiSite MultiSite { get { return this.multiSiteField; } set { this.multiSiteField = value; } } /// public NRPTPolicies Policies { get { return this.policiesField; } set { this.policiesField = value; } } /// public bool IsatapResolving { get { return this.isatapResolvingField; } set { this.isatapResolvingField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsatapResolvingSpecified { get { return this.isatapResolvingFieldSpecified; } set { this.isatapResolvingFieldSpecified = value; } } /// public bool IsatapResolveAll { get { return this.isatapResolveAllField; } set { this.isatapResolveAllField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsatapResolveAllSpecified { get { return this.isatapResolveAllFieldSpecified; } set { this.isatapResolveAllFieldSpecified = value; } } /// public bool SGDomainCompWithFilter { get { return this.sGDomainCompWithFilterField; } set { this.sGDomainCompWithFilterField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool SGDomainCompWithFilterSpecified { get { return this.sGDomainCompWithFilterFieldSpecified; } set { this.sGDomainCompWithFilterFieldSpecified = value; } } /// public bool DNS64ReturnsAAAA { get { return this.dNS64ReturnsAAAAField; } set { this.dNS64ReturnsAAAAField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool DNS64ReturnsAAAASpecified { get { return this.dNS64ReturnsAAAAFieldSpecified; } set { this.dNS64ReturnsAAAAFieldSpecified = value; } } /// public bool ToredoConfigured { get { return this.toredoConfiguredField; } set { this.toredoConfiguredField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool ToredoConfiguredSpecified { get { return this.toredoConfiguredFieldSpecified; } set { this.toredoConfiguredFieldSpecified = value; } } /// public bool FirewallBlocksTeredo { get { return this.firewallBlocksTeredoField; } set { this.firewallBlocksTeredoField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool FirewallBlocksTeredoSpecified { get { return this.firewallBlocksTeredoFieldSpecified; } set { this.firewallBlocksTeredoFieldSpecified = value; } } /// public bool FirewallON { get { return this.firewallONField; } set { this.firewallONField = value; } } /// public DANCSI NCSI { get { return this.nCSIField; } set { this.nCSIField = value; } } /// public bool NCAResourceReachable { get { return this.nCAResourceReachableField; } set { this.nCAResourceReachableField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool NCAResourceReachableSpecified { get { return this.nCAResourceReachableFieldSpecified; } set { this.nCAResourceReachableFieldSpecified = value; } } /// public DACertificates Certificates { get { return this.certificatesField; } set { this.certificatesField = value; } } /// public DAChangeManagement ChangeManagement { get { return this.changeManagementField; } set { this.changeManagementField = value; } } /// public bool E2ETraceEnabledLong { get { return this.e2ETraceEnabledLongField; } set { this.e2ETraceEnabledLongField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool E2ETraceEnabledLongSpecified { get { return this.e2ETraceEnabledLongFieldSpecified; } set { this.e2ETraceEnabledLongFieldSpecified = value; } } /// public bool InBoxAccounting { get { return this.inBoxAccountingField; } set { this.inBoxAccountingField = value; } } /// public bool IsServerHealthGood { get { return this.isServerHealthGoodField; } set { this.isServerHealthGoodField = value; } } /// public DAServerHealthIssues ServerHealthIssue { get { return this.serverHealthIssueField; } set { this.serverHealthIssueField = value; } } /// public bool DownLevel { get { return this.downLevelField; } set { this.downLevelField = value; } } /// public bool ForceTunnelAndKerProxy { get { return this.forceTunnelAndKerProxyField; } set { this.forceTunnelAndKerProxyField = value; } } /// public bool DCInstalled { get { return this.dCInstalledField; } set { this.dCInstalledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool DCInstalledSpecified { get { return this.dCInstalledFieldSpecified; } set { this.dCInstalledFieldSpecified = value; } } /// public bool IsNetAdapterBindingOrderCorrect { get { return this.isNetAdapterBindingOrderCorrectField; } set { this.isNetAdapterBindingOrderCorrectField = value; } } /// public bool IsSanAndSubjectName { get { return this.isSanAndSubjectNameField; } set { this.isSanAndSubjectNameField = value; } } /// public bool IPHTTPSHasPrivateKey { get { return this.iPHTTPSHasPrivateKeyField; } set { this.iPHTTPSHasPrivateKeyField = value; } } /// public string IPHTTPSCertName { get { return this.iPHTTPSCertNameField; } set { this.iPHTTPSCertNameField = value; } } /// public bool IsDAPolicyPresent { get { return this.isDAPolicyPresentField; } set { this.isDAPolicyPresentField = value; } } /// public bool IsSupportEmailConfigured { get { return this.isSupportEmailConfiguredField; } set { this.isSupportEmailConfiguredField = value; } } /// public bool IsDefaultGWConfigProper { get { return this.isDefaultGWConfigProperField; } set { this.isDefaultGWConfigProperField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsDefaultGWConfigProperSpecified { get { return this.isDefaultGWConfigProperFieldSpecified; } set { this.isDefaultGWConfigProperFieldSpecified = value; } } /// public bool IsInvalidNrptExpPresent { get { return this.isInvalidNrptExpPresentField; } set { this.isInvalidNrptExpPresentField = value; } } /// public bool IsDNS64AcptIfaceConfigValid { get { return this.isDNS64AcptIfaceConfigValidField; } set { this.isDNS64AcptIfaceConfigValidField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsDNS64AcptIfaceConfigValidSpecified { get { return this.isDNS64AcptIfaceConfigValidFieldSpecified; } set { this.isDNS64AcptIfaceConfigValidFieldSpecified = value; } } /// public bool IsDNSAddrConfigValid { get { return this.isDNSAddrConfigValidField; } set { this.isDNSAddrConfigValidField = value; } } /// public bool IsIpHttpsCdpReachable { get { return this.isIpHttpsCdpReachableField; } set { this.isIpHttpsCdpReachableField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsIpHttpsCdpReachableSpecified { get { return this.isIpHttpsCdpReachableFieldSpecified; } set { this.isIpHttpsCdpReachableFieldSpecified = value; } } /// public bool IsNlsCdpReachable { get { return this.isNlsCdpReachableField; } set { this.isNlsCdpReachableField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsNlsCdpReachableSpecified { get { return this.isNlsCdpReachableFieldSpecified; } set { this.isNlsCdpReachableFieldSpecified = value; } } /// public bool IsNonPingProbesConfigured { get { return this.isNonPingProbesConfiguredField; } set { this.isNonPingProbesConfiguredField = value; } } /// public bool IsIsatapDnsRecordsProper { get { return this.isIsatapDnsRecordsProperField; } set { this.isIsatapDnsRecordsProperField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IsIsatapDnsRecordsProperSpecified { get { return this.isIsatapDnsRecordsProperFieldSpecified; } set { this.isIsatapDnsRecordsProperFieldSpecified = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum DATopologyType { /// Edge, /// DoubleNicBehindNat, /// SingleNic, } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class BGP { private bool defaultGatewayAdvertisedField; private string defaultGatewayAdvertisedPeerNamesField; private bool defaultGatewayAcceptedField; private string defaultGatewatAcceptedPeerNamesField; private bool peerIpAssignedToLocalInterfaceField; private string peerIPAssignedToLocalInterfacePeerNamesField; private bool iPv6EnabledIPv4PeersNoLocalIPv6AddressField; private bool customRoutesNotReachableField; private string customRoutesNotReachableListField; private bool routesWithMultipleNextHopsField; private string routesWithMultipleNextHopsListField; private bool holdTimeSecZeroField; private string holdTimeSecZeroPeerNamesField; private bool holdTimeSecLowValueField; private string holdTimeSecLowValuePeerNamesField; private bool allIngressRoutesRejectedField; private string allIngressRoutesRejectedPeerNamesField; private bool allEgressRoutesRejectedField; private string allEgressRoutesRejectedPeerNamesField; private bool manualModePeersField; private string manualModePeerNamesField; private bool iPv6PeersWithIPv4CustomRoutesField; private string iPv6PeersWithIPv4CustomRoutesPeerNamesField; private bool idleHoldTimeSecHighValueField; private string idleHoldTimeSecHighValuePeerNamesField; private bool peersWithoutMaxPrefixLimitField; private string peersWithoutMaxPrefixLimitNamesField; private bool prefixCountNearMaxLimitField; private string prefixCountNearMaxLimitPeerNamesField; private bool vpnAddressPoolNotInCustomRoutesField; private string vpnAddressPoolNotInCustomRoutesListField; public BGP() { this.defaultGatewayAdvertisedField = false; this.defaultGatewayAcceptedField = false; this.peerIpAssignedToLocalInterfaceField = false; this.iPv6EnabledIPv4PeersNoLocalIPv6AddressField = false; this.customRoutesNotReachableField = false; this.routesWithMultipleNextHopsField = false; this.holdTimeSecZeroField = false; this.holdTimeSecLowValueField = false; this.allIngressRoutesRejectedField = false; this.allEgressRoutesRejectedField = false; this.manualModePeersField = false; this.iPv6PeersWithIPv4CustomRoutesField = false; this.idleHoldTimeSecHighValueField = false; this.peersWithoutMaxPrefixLimitField = false; this.prefixCountNearMaxLimitField = false; this.vpnAddressPoolNotInCustomRoutesField = false; } /// public bool DefaultGatewayAdvertised { get { return this.defaultGatewayAdvertisedField; } set { this.defaultGatewayAdvertisedField = value; } } /// public string DefaultGatewayAdvertisedPeerNames { get { return this.defaultGatewayAdvertisedPeerNamesField; } set { this.defaultGatewayAdvertisedPeerNamesField = value; } } /// public bool DefaultGatewayAccepted { get { return this.defaultGatewayAcceptedField; } set { this.defaultGatewayAcceptedField = value; } } /// public string DefaultGatewatAcceptedPeerNames { get { return this.defaultGatewatAcceptedPeerNamesField; } set { this.defaultGatewatAcceptedPeerNamesField = value; } } /// public bool PeerIpAssignedToLocalInterface { get { return this.peerIpAssignedToLocalInterfaceField; } set { this.peerIpAssignedToLocalInterfaceField = value; } } /// public string PeerIPAssignedToLocalInterfacePeerNames { get { return this.peerIPAssignedToLocalInterfacePeerNamesField; } set { this.peerIPAssignedToLocalInterfacePeerNamesField = value; } } /// public bool IPv6EnabledIPv4PeersNoLocalIPv6Address { get { return this.iPv6EnabledIPv4PeersNoLocalIPv6AddressField; } set { this.iPv6EnabledIPv4PeersNoLocalIPv6AddressField = value; } } /// public bool CustomRoutesNotReachable { get { return this.customRoutesNotReachableField; } set { this.customRoutesNotReachableField = value; } } /// public string CustomRoutesNotReachableList { get { return this.customRoutesNotReachableListField; } set { this.customRoutesNotReachableListField = value; } } /// public bool RoutesWithMultipleNextHops { get { return this.routesWithMultipleNextHopsField; } set { this.routesWithMultipleNextHopsField = value; } } /// public string RoutesWithMultipleNextHopsList { get { return this.routesWithMultipleNextHopsListField; } set { this.routesWithMultipleNextHopsListField = value; } } /// public bool HoldTimeSecZero { get { return this.holdTimeSecZeroField; } set { this.holdTimeSecZeroField = value; } } /// public string HoldTimeSecZeroPeerNames { get { return this.holdTimeSecZeroPeerNamesField; } set { this.holdTimeSecZeroPeerNamesField = value; } } /// public bool HoldTimeSecLowValue { get { return this.holdTimeSecLowValueField; } set { this.holdTimeSecLowValueField = value; } } /// public string HoldTimeSecLowValuePeerNames { get { return this.holdTimeSecLowValuePeerNamesField; } set { this.holdTimeSecLowValuePeerNamesField = value; } } /// public bool AllIngressRoutesRejected { get { return this.allIngressRoutesRejectedField; } set { this.allIngressRoutesRejectedField = value; } } /// public string AllIngressRoutesRejectedPeerNames { get { return this.allIngressRoutesRejectedPeerNamesField; } set { this.allIngressRoutesRejectedPeerNamesField = value; } } /// public bool AllEgressRoutesRejected { get { return this.allEgressRoutesRejectedField; } set { this.allEgressRoutesRejectedField = value; } } /// public string AllEgressRoutesRejectedPeerNames { get { return this.allEgressRoutesRejectedPeerNamesField; } set { this.allEgressRoutesRejectedPeerNamesField = value; } } /// public bool ManualModePeers { get { return this.manualModePeersField; } set { this.manualModePeersField = value; } } /// public string ManualModePeerNames { get { return this.manualModePeerNamesField; } set { this.manualModePeerNamesField = value; } } /// public bool IPv6PeersWithIPv4CustomRoutes { get { return this.iPv6PeersWithIPv4CustomRoutesField; } set { this.iPv6PeersWithIPv4CustomRoutesField = value; } } /// public string IPv6PeersWithIPv4CustomRoutesPeerNames { get { return this.iPv6PeersWithIPv4CustomRoutesPeerNamesField; } set { this.iPv6PeersWithIPv4CustomRoutesPeerNamesField = value; } } /// public bool IdleHoldTimeSecHighValue { get { return this.idleHoldTimeSecHighValueField; } set { this.idleHoldTimeSecHighValueField = value; } } /// public string IdleHoldTimeSecHighValuePeerNames { get { return this.idleHoldTimeSecHighValuePeerNamesField; } set { this.idleHoldTimeSecHighValuePeerNamesField = value; } } /// public bool PeersWithoutMaxPrefixLimit { get { return this.peersWithoutMaxPrefixLimitField; } set { this.peersWithoutMaxPrefixLimitField = value; } } /// public string PeersWithoutMaxPrefixLimitNames { get { return this.peersWithoutMaxPrefixLimitNamesField; } set { this.peersWithoutMaxPrefixLimitNamesField = value; } } /// public bool PrefixCountNearMaxLimit { get { return this.prefixCountNearMaxLimitField; } set { this.prefixCountNearMaxLimitField = value; } } /// public string PrefixCountNearMaxLimitPeerNames { get { return this.prefixCountNearMaxLimitPeerNamesField; } set { this.prefixCountNearMaxLimitPeerNamesField = value; } } /// public bool VpnAddressPoolNotInCustomRoutes { get { return this.vpnAddressPoolNotInCustomRoutesField; } set { this.vpnAddressPoolNotInCustomRoutesField = value; } } /// public string VpnAddressPoolNotInCustomRoutesList { get { return this.vpnAddressPoolNotInCustomRoutesListField; } set { this.vpnAddressPoolNotInCustomRoutesListField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class RoutingProtocols { private bool bGPConfiguredField; private BGP bGPField; /// public bool BGPConfigured { get { return this.bGPConfiguredField; } set { this.bGPConfiguredField = value; } } /// public BGP BGP { get { return this.bGPField; } set { this.bGPField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class MTVPN { private bool staticAddressPoolConfiguredField; private bool staticAddressPoolIsUnicastField; private bool tenantNameConfiguredField; private bool tenantNameSubsetOfAnotherRDField; private string tenantNameSubsetOfAnotherRDListField; public MTVPN() { this.staticAddressPoolConfiguredField = false; this.staticAddressPoolIsUnicastField = false; this.tenantNameConfiguredField = false; this.tenantNameSubsetOfAnotherRDField = false; } /// public bool StaticAddressPoolConfigured { get { return this.staticAddressPoolConfiguredField; } set { this.staticAddressPoolConfiguredField = value; } } /// public bool StaticAddressPoolIsUnicast { get { return this.staticAddressPoolIsUnicastField; } set { this.staticAddressPoolIsUnicastField = value; } } /// public bool TenantNameConfigured { get { return this.tenantNameConfiguredField; } set { this.tenantNameConfiguredField = value; } } /// public bool TenantNameSubsetOfAnotherRD { get { return this.tenantNameSubsetOfAnotherRDField; } set { this.tenantNameSubsetOfAnotherRDField = value; } } /// public string TenantNameSubsetOfAnotherRDList { get { return this.tenantNameSubsetOfAnotherRDListField; } set { this.tenantNameSubsetOfAnotherRDListField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class VPN { private MTVPN mTVPNField; /// public MTVPN MTVPN { get { return this.mTVPNField; } set { this.mTVPNField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class S2S { private bool s2SInterfacesWithoutValidCertificateField; private string s2SInterfacesWithoutValidCertificateListField; private bool s2SInterfacesWithCertificateAboutToExpireField; private string s2SInterfacesWithCertificateAboutToExpireListField; private bool s2SInterfacesWithoutRootCertificateField; private string s2SInterfacesWithoutRootCertificateListField; private bool s2SInterfacesWithRootCertificateAboutToExpireField; private string s2SInterfacesWithRootCertificateAboutToExpireListField; private bool eAPBasedS2SInterfacesWithInValidNameField; private string eAPBasedS2SInterfacesWithInvalidNameListField; private bool defaultRateLimitingParamsField; private string defaultRateLimitingParamsListField; private bool s2SInterfacesWithInValidRateLimitingParamsField; private string s2SInterfacesWithInValidRateLimitingParamsListField; private bool pSKBasedS2SInterfacesWithInvalidDestinationField; private string pSKBasedS2SInterfacesWithInvalidDestinationListField; private bool s2SInterfacesRequireSourceIpConfigurationField; private string s2SInterfacesRequireSourceIpConfigurationListField; private bool s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesField; private string s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesListField; private bool s2SInterfacesWithoutTriggeringRouteField; private string s2SInterfacesWithoutTriggeringRouteListField; private bool s2SInterfacesWithoutHostTriggeringRouteField; private string s2SInterfacesWithoutHostTriggeringRouteListField; public S2S() { this.s2SInterfacesWithoutValidCertificateField = false; this.s2SInterfacesWithCertificateAboutToExpireField = false; this.s2SInterfacesWithoutRootCertificateField = false; this.s2SInterfacesWithRootCertificateAboutToExpireField = false; this.eAPBasedS2SInterfacesWithInValidNameField = false; this.defaultRateLimitingParamsField = false; this.s2SInterfacesWithInValidRateLimitingParamsField = false; this.pSKBasedS2SInterfacesWithInvalidDestinationField = false; this.s2SInterfacesRequireSourceIpConfigurationField = false; this.s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesField = false; this.s2SInterfacesWithoutTriggeringRouteField = false; this.s2SInterfacesWithoutHostTriggeringRouteField = false; } /// public bool S2SInterfacesWithoutValidCertificate { get { return this.s2SInterfacesWithoutValidCertificateField; } set { this.s2SInterfacesWithoutValidCertificateField = value; } } /// public string S2SInterfacesWithoutValidCertificateList { get { return this.s2SInterfacesWithoutValidCertificateListField; } set { this.s2SInterfacesWithoutValidCertificateListField = value; } } /// public bool S2SInterfacesWithCertificateAboutToExpire { get { return this.s2SInterfacesWithCertificateAboutToExpireField; } set { this.s2SInterfacesWithCertificateAboutToExpireField = value; } } /// public string S2SInterfacesWithCertificateAboutToExpireList { get { return this.s2SInterfacesWithCertificateAboutToExpireListField; } set { this.s2SInterfacesWithCertificateAboutToExpireListField = value; } } /// public bool S2SInterfacesWithoutRootCertificate { get { return this.s2SInterfacesWithoutRootCertificateField; } set { this.s2SInterfacesWithoutRootCertificateField = value; } } /// public string S2SInterfacesWithoutRootCertificateList { get { return this.s2SInterfacesWithoutRootCertificateListField; } set { this.s2SInterfacesWithoutRootCertificateListField = value; } } /// public bool S2SInterfacesWithRootCertificateAboutToExpire { get { return this.s2SInterfacesWithRootCertificateAboutToExpireField; } set { this.s2SInterfacesWithRootCertificateAboutToExpireField = value; } } /// public string S2SInterfacesWithRootCertificateAboutToExpireList { get { return this.s2SInterfacesWithRootCertificateAboutToExpireListField; } set { this.s2SInterfacesWithRootCertificateAboutToExpireListField = value; } } /// public bool EAPBasedS2SInterfacesWithInValidName { get { return this.eAPBasedS2SInterfacesWithInValidNameField; } set { this.eAPBasedS2SInterfacesWithInValidNameField = value; } } /// public string EAPBasedS2SInterfacesWithInvalidNameList { get { return this.eAPBasedS2SInterfacesWithInvalidNameListField; } set { this.eAPBasedS2SInterfacesWithInvalidNameListField = value; } } /// public bool DefaultRateLimitingParams { get { return this.defaultRateLimitingParamsField; } set { this.defaultRateLimitingParamsField = value; } } /// public string DefaultRateLimitingParamsList { get { return this.defaultRateLimitingParamsListField; } set { this.defaultRateLimitingParamsListField = value; } } /// public bool S2SInterfacesWithInValidRateLimitingParams { get { return this.s2SInterfacesWithInValidRateLimitingParamsField; } set { this.s2SInterfacesWithInValidRateLimitingParamsField = value; } } /// public string S2SInterfacesWithInValidRateLimitingParamsList { get { return this.s2SInterfacesWithInValidRateLimitingParamsListField; } set { this.s2SInterfacesWithInValidRateLimitingParamsListField = value; } } /// public bool PSKBasedS2SInterfacesWithInvalidDestination { get { return this.pSKBasedS2SInterfacesWithInvalidDestinationField; } set { this.pSKBasedS2SInterfacesWithInvalidDestinationField = value; } } /// public string PSKBasedS2SInterfacesWithInvalidDestinationList { get { return this.pSKBasedS2SInterfacesWithInvalidDestinationListField; } set { this.pSKBasedS2SInterfacesWithInvalidDestinationListField = value; } } /// public bool S2SInterfacesRequireSourceIpConfiguration { get { return this.s2SInterfacesRequireSourceIpConfigurationField; } set { this.s2SInterfacesRequireSourceIpConfigurationField = value; } } /// public string S2SInterfacesRequireSourceIpConfigurationList { get { return this.s2SInterfacesRequireSourceIpConfigurationListField; } set { this.s2SInterfacesRequireSourceIpConfigurationListField = value; } } /// public bool S2SInterfacesWithCustomPolicyDiffFromGlobalPolicies { get { return this.s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesField; } set { this.s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesField = value; } } /// public string S2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesList { get { return this.s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesListField; } set { this.s2SInterfacesWithCustomPolicyDiffFromGlobalPoliciesListField = value; } } /// public bool S2SInterfacesWithoutTriggeringRoute { get { return this.s2SInterfacesWithoutTriggeringRouteField; } set { this.s2SInterfacesWithoutTriggeringRouteField = value; } } /// public string S2SInterfacesWithoutTriggeringRouteList { get { return this.s2SInterfacesWithoutTriggeringRouteListField; } set { this.s2SInterfacesWithoutTriggeringRouteListField = value; } } /// public bool S2SInterfacesWithoutHostTriggeringRoute { get { return this.s2SInterfacesWithoutHostTriggeringRouteField; } set { this.s2SInterfacesWithoutHostTriggeringRouteField = value; } } /// public string S2SInterfacesWithoutHostTriggeringRouteList { get { return this.s2SInterfacesWithoutHostTriggeringRouteListField; } set { this.s2SInterfacesWithoutHostTriggeringRouteListField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class RoutingDomain { private bool enabledField; private string nameField; private bool s2SEnabledField; private S2S s2SField; private bool vpnEnabledField; private VPN vPNField; private bool routingProtocolsConfiguredField; private RoutingProtocols routingProtocolsField; public RoutingDomain() { this.s2SEnabledField = false; this.vpnEnabledField = false; } /// public bool Enabled { get { return this.enabledField; } set { this.enabledField = value; } } /// public string Name { get { return this.nameField; } set { this.nameField = value; } } /// public bool S2SEnabled { get { return this.s2SEnabledField; } set { this.s2SEnabledField = value; } } /// public S2S S2S { get { return this.s2SField; } set { this.s2SField = value; } } /// public bool VpnEnabled { get { return this.vpnEnabledField; } set { this.vpnEnabledField = value; } } /// public VPN VPN { get { return this.vPNField; } set { this.vPNField = value; } } /// public bool RoutingProtocolsConfigured { get { return this.routingProtocolsConfiguredField; } set { this.routingProtocolsConfiguredField = value; } } /// public RoutingProtocols RoutingProtocols { get { return this.routingProtocolsField; } set { this.routingProtocolsField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public partial class Port { private string protocolField; private string portCountField; /// public string Protocol { get { return this.protocolField; } set { this.protocolField = value; } } /// [System.Xml.Serialization.XmlElementAttribute(DataType="integer")] public string PortCount { get { return this.portCountField; } set { this.portCountField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] [System.Xml.Serialization.XmlRootAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04", IsNullable=false)] public partial class InterfaceList { private bool demandDialInterfaceExistsField; private AllInterfaceStatus allInterfaceDisabledField; private AllInterfaceStatus allEnabledIfReachableField; private DhcpRelayStatus verifyDhcpRelayStatusV4Field; private bool verifyDhcpRelayStatusV4FieldSpecified; private DhcpRelayStatus verifyDhcpRelayStatusV6Field; private bool verifyDhcpRelayStatusV6FieldSpecified; private Interface[] interfaceField; /// public bool DemandDialInterfaceExists { get { return this.demandDialInterfaceExistsField; } set { this.demandDialInterfaceExistsField = value; } } /// public AllInterfaceStatus AllInterfaceDisabled { get { return this.allInterfaceDisabledField; } set { this.allInterfaceDisabledField = value; } } /// public AllInterfaceStatus AllEnabledIfReachable { get { return this.allEnabledIfReachableField; } set { this.allEnabledIfReachableField = value; } } /// public DhcpRelayStatus VerifyDhcpRelayStatusV4 { get { return this.verifyDhcpRelayStatusV4Field; } set { this.verifyDhcpRelayStatusV4Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool VerifyDhcpRelayStatusV4Specified { get { return this.verifyDhcpRelayStatusV4FieldSpecified; } set { this.verifyDhcpRelayStatusV4FieldSpecified = value; } } /// public DhcpRelayStatus VerifyDhcpRelayStatusV6 { get { return this.verifyDhcpRelayStatusV6Field; } set { this.verifyDhcpRelayStatusV6Field = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool VerifyDhcpRelayStatusV6Specified { get { return this.verifyDhcpRelayStatusV6FieldSpecified; } set { this.verifyDhcpRelayStatusV6FieldSpecified = value; } } /// [System.Xml.Serialization.XmlElementAttribute("Interface")] public Interface[] Interface { get { return this.interfaceField; } set { this.interfaceField = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum AllInterfaceStatus { /// All, /// None, /// Some, } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum DhcpRelayStatus { /// NoIfAddedToDHCPRelay, /// IfAddedWithDHCPRelayEnabled, /// IfAddedWithDHCPRelayDisabled, } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Diagnostics.DebuggerStepThroughAttribute()] [System.ComponentModel.DesignerCategoryAttribute("code")] [System.Xml.Serialization.XmlTypeAttribute(AnonymousType=true, Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] [System.Xml.Serialization.XmlRootAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04", IsNullable=false)] public partial class Interface { private string ifNameField; private string ifTypeField; private bool enabledField; private bool reachableField; private bool encryptionAllowedField; private bool encryptionAllowedFieldSpecified; private bool iPv4RelayDhcpPktEnabledField; private bool iPv4RelayDhcpPktEnabledFieldSpecified; private bool iPv6RelayDhcpPktEnabledField; private bool iPv6RelayDhcpPktEnabledFieldSpecified; /// public string IfName { get { return this.ifNameField; } set { this.ifNameField = value; } } /// public string IfType { get { return this.ifTypeField; } set { this.ifTypeField = value; } } /// public bool Enabled { get { return this.enabledField; } set { this.enabledField = value; } } /// public bool Reachable { get { return this.reachableField; } set { this.reachableField = value; } } /// public bool EncryptionAllowed { get { return this.encryptionAllowedField; } set { this.encryptionAllowedField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool EncryptionAllowedSpecified { get { return this.encryptionAllowedFieldSpecified; } set { this.encryptionAllowedFieldSpecified = value; } } /// public bool IPv4RelayDhcpPktEnabled { get { return this.iPv4RelayDhcpPktEnabledField; } set { this.iPv4RelayDhcpPktEnabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IPv4RelayDhcpPktEnabledSpecified { get { return this.iPv4RelayDhcpPktEnabledFieldSpecified; } set { this.iPv4RelayDhcpPktEnabledFieldSpecified = value; } } /// public bool IPv6RelayDhcpPktEnabled { get { return this.iPv6RelayDhcpPktEnabledField; } set { this.iPv6RelayDhcpPktEnabledField = value; } } /// [System.Xml.Serialization.XmlIgnoreAttribute()] public bool IPv6RelayDhcpPktEnabledSpecified { get { return this.iPv6RelayDhcpPktEnabledFieldSpecified; } set { this.iPv6RelayDhcpPktEnabledFieldSpecified = value; } } } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum CertificateType { /// ValidCert, /// InvalidCert, /// ValidOrInvalidCert, } /// [System.CodeDom.Compiler.GeneratedCodeAttribute("xsd", "4.0.30319.17929")] [System.SerializableAttribute()] [System.Xml.Serialization.XmlTypeAttribute(Namespace="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008" + "/04")] public enum IKECertificateType { /// NoValidIKECert, /// OneValidIKECert, /// MultipleValidIKECert, } #endregion auto-generated-xml-schema-code #region marshalled-unmanaged-structures-and-APIs public enum EncryptionType { ET_None, // No encryption ET_Require, // Require Encryption ET_RequireMax, // Require max encryption ET_Optional // Do encryption if possible. None Ok. } public partial class NativeConstants { public const int MAX_PATH = 260; public const int MPRAPI_OBJECT_TYPE_MPR_SERVER_OBJECT = 0x2; public const int MPRAPI_MPR_SERVER_OBJECT_REVISION_1 = 0x1; /// IPV4 RAS flag public const int ROUTER_ROLE_RAS_IPV4 = 0x00000001; /// IPV4 LAN routing flag public const int ROUTER_ROLE_LAN_IPV4 = 0x00000002; /// IPV4 Demand dial routing flag public const int ROUTER_ROLE_WAN_IPV4 = 0x00000004; /// IPV6 RAS flag public const int ROUTER_ROLE_RAS_IPV6 = 0x00000008; /// IPV6 LAN routing flag public const int ROUTER_ROLE_LAN_IPV6 = 0x00000010; /// IPV6 Demand dial routing flag public const int ROUTER_ROLE_WAN_IPV6 = 0x00000020; /// IPV4 transport ID public const int PID_IP = 0x00000021; /// IPV6 transport ID public const int PID_IPV6 = 0x00000057; /// IPV4 DHCP relay agent info public const int MS_IP_BOOTP = 0x0000270f; /// IPV6 DHCP relay agent info public const int MS_IPV6_DHCP = 0x000003E7; /// IPV4 DHCP relay enabled public const int IPBOOTP_RELAY_ENABLED = 0x00000001; /// IPV6 DHCP relay enabled public const int DHCPV6R_RELAY_ENABLED = 0x00000001; /// MAX_INTERFACE_NAME_LEN -> 256 public const int MAX_INTERFACE_NAME_LEN = 256; /// RAS_MaxDeviceType -> 16 public const int RAS_MaxDeviceType = 16; /// RAS_MaxPhoneNumber -> 128 public const int RAS_MaxPhoneNumber = 128; /// RAS_MaxIpAddress -> 15 public const int RAS_MaxIpAddress = 15; /// RAS_MaxIpxAddress -> 21 public const int RAS_MaxIpxAddress = 21; /// RAS_MaxEntryName -> 256 public const int RAS_MaxEntryName = 256; /// RAS_MaxDeviceName -> 128 public const int RAS_MaxDeviceName = 128; /// RAS_MaxCallbackNumber -> RAS_MaxPhoneNumber public const int RAS_MaxCallbackNumber = NativeConstants.RAS_MaxPhoneNumber; /// RAS_MaxAreaCode -> 10 public const int RAS_MaxAreaCode = 10; /// RAS_MaxPadType -> 32 public const int RAS_MaxPadType = 32; /// RAS_MaxX25Address -> 200 public const int RAS_MaxX25Address = 200; /// RAS_MaxFacilities -> 200 public const int RAS_MaxFacilities = 200; /// RAS_MaxUserData -> 200 public const int RAS_MaxUserData = 200; /// RAS_MaxReplyMessage -> 1024 public const int RAS_MaxReplyMessage = 1024; /// RAS_MaxDnsSuffix -> 256 public const int RAS_MaxDnsSuffix = 256; /// Const for RAS_USER_1 structure public const byte RASPRIV_NoCallback = 1; public const byte RASPRIV_AdminSetCallback = 2; public const byte RASPRIV_CallerSetCallback = 4; public const byte RASPRIV_DialinPrivilege = 8; public const byte RASPRIV2_DialinPolicy = 1; } public enum ROUTER_INTERFACE_TYPE { ROUTER_IF_TYPE_CLIENT, ROUTER_IF_TYPE_HOME_ROUTER, ROUTER_IF_TYPE_FULL_ROUTER, ROUTER_IF_TYPE_DEDICATED, ROUTER_IF_TYPE_INTERNAL, ROUTER_IF_TYPE_LOOPBACK, ROUTER_IF_TYPE_TUNNEL1, ROUTER_IF_TYPE_DIALOUT, ROUTER_IF_TYPE_MAX, } public enum ROUTER_CONNECTION_STATE { ROUTER_IF_STATE_UNREACHABLE, ROUTER_IF_STATE_DISCONNECTED, ROUTER_IF_STATE_CONNECTING, ROUTER_IF_STATE_CONNECTED, } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Unicode)] public struct MPR_INTERFACE_0 { /// WCHAR[MAX_INTERFACE_NAME_LEN + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_INTERFACE_NAME_LEN + 1)] public string wszInterfaceName; /// HANDLE->void* public System.IntPtr hInterface; /// BOOL->int public int fEnabled; /// ROUTER_INTERFACE_TYPE->_ROUTER_INTERFACE_TYPE public ROUTER_INTERFACE_TYPE dwIfType; /// ROUTER_CONNECTION_STATE->_ROUTER_CONNECTION_STATE public ROUTER_CONNECTION_STATE dwConnectionState; /// DWORD->unsigned int public uint fUnReachabilityReasons; /// DWORD->unsigned int public uint dwLastError; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct PPTP_CONFIG_PARAMS { /// DWORD->unsigned int public uint dwNumPorts; /// DWORD->unsigned int public uint dwPortFlags; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct L2TP_CONFIG_PARAMS { /// DWORD->unsigned int public uint dwNumPorts; /// DWORD->unsigned int public uint dwPortFlags; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct SSTP_CERT_INFO { /// BOOL->int [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.Bool)] public bool isDefault; /// CRYPT_HASH_BLOB->_CRYPTOAPI_BLOB public CERT_NAME_BLOB certBlob; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct SSTP_CONFIG_PARAMS { /// DWORD->unsigned int public uint dwNumPorts; /// DWORD->unsigned int public uint dwPortFlags; /// BOOL->int [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.Bool)] public bool isUseHttps; /// DWORD->unsigned int public uint certAlgorithm; /// SSTP_CERT_INFO->_SSTP_CERT_INFO public SSTP_CERT_INFO sstpCertDetails; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct IKEV2_TUNNEL_CONFIG_PARAMS { /// DWORD->unsigned int public uint dwIdleTimeout; /// DWORD->unsigned int public uint dwNetworkBlackoutTime; /// DWORD->unsigned int public uint dwSaLifeTime; /// DWORD->unsigned int public uint dwSaDataSizeForRenegotiation; /// DWORD->unsigned int public uint dwConfigOptions; /// DWORD->unsigned int public uint dwTotalCertificates; /// CERT_NAME_BLOB* public System.IntPtr certificateNames; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct IKEV2_CONFIG_PARAMS { /// DWORD->unsigned int public uint dwNumPorts; /// DWORD->unsigned int public uint dwPortFlags; /// DWORD->unsigned int public uint dwTunnelConfigParamFlags; /// IKEV2_TUNNEL_CONFIG_PARAMS->_IKEV2_TUNNEL_CONFIG_PARAMS public IKEV2_TUNNEL_CONFIG_PARAMS TunnelConfigParams; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct MPRAPI_TUNNEL_CONFIG_PARAMS { /// IKEV2_CONFIG_PARAMS->_IKEV2_CONFIG_PARAMS public IKEV2_CONFIG_PARAMS IkeConfigParams; /// PPTP_CONFIG_PARAMS->_PPTP_CONFIG_PARAMS public PPTP_CONFIG_PARAMS PptpConfigParams; /// L2TP_CONFIG_PARAMS->_L2TP_CONFIG_PARAMS public L2TP_CONFIG_PARAMS L2tpConfigParams; /// SSTP_CONFIG_PARAMS->_SSTP_CONFIG_PARAMS public SSTP_CONFIG_PARAMS SstpConfigParams; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct MPRAPI_OBJECT_HEADER { /// UCHAR->unsigned char [System.Runtime.InteropServices.MarshalAsAttribute(UnmanagedType.U1)] public byte revision; /// UCHAR->unsigned char [System.Runtime.InteropServices.MarshalAsAttribute(UnmanagedType.U1)] public byte type; /// USHORT->unsigned short [System.Runtime.InteropServices.MarshalAsAttribute(UnmanagedType.U2)] public ushort size; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct MPR_SERVER_EX { /// MPRAPI_OBJECT_HEADER->_MPRAPI_OBJECT_HEADER public MPRAPI_OBJECT_HEADER Header; /// DWORD->unsigned int public uint fLanOnlyMode; /// DWORD->unsigned int public uint dwUpTime; /// DWORD->unsigned int public uint dwTotalPorts; /// DWORD->unsigned int public uint dwPortsInUse; /// DWORD->unsigned int public uint Reserved; /// MPRAPI_TUNNEL_CONFIG_PARAMS->_MPRAPI_TUNNEL_CONFIG_PARAMS public MPRAPI_TUNNEL_CONFIG_PARAMS ConfigParams; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct RTR_TOC_ENTRY { /// ULONG->unsigned int public uint InfoType; /// ULONG->unsigned int public uint InfoSize; /// ULONG->unsigned int public uint Count; /// ULONG->unsigned int public uint Offset; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct RTR_INFO_BLOCK_HEADER { /// ULONG->unsigned int public uint Version; /// ULONG->unsigned int public uint Size; /// ULONG->unsigned int public uint TocEntriesCount; /// RTR_TOC_ENTRY[1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 1, ArraySubType = System.Runtime.InteropServices.UnmanagedType.Struct)] public RTR_TOC_ENTRY[] TocEntry; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct IPBOOTP_IF_CONFIG { /// DWORD->unsigned int public uint IC_State; /// DWORD->unsigned int public uint IC_RelayMode; /// DWORD->unsigned int public uint IC_MaxHopCount; /// DWORD->unsigned int public uint IC_MinSecondsSinceBoot; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct DHCPV6R_IF_CONFIG { /// DWORD->unsigned int public uint IC_State; /// DWORD->unsigned int public uint IC_RelayMode; /// DWORD->unsigned int public uint IC_MaxHopCount; /// DWORD->unsigned int public uint IC_MinElapsedTime; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct IPBOOTP_GLOBAL_CONFIG { /// DWORD->unsigned int public uint GC_LoggingLevel; /// DWORD->unsigned int public uint GC_MaxRecvQueueSize; /// DWORD->unsigned int public uint GC_ServerCount; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct DHCPV6R_GLOBAL_CONFIG { /// DWORD->unsigned int public uint GC_LoggingLevel; /// DWORD->unsigned int public uint GC_MaxRecvQueueSize; /// DWORD->unsigned int public uint GC_ServerCount; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct RASIPADDR { /// BYTE->unsigned char public byte a; /// BYTE->unsigned char public byte b; /// BYTE->unsigned char public byte c; /// BYTE->unsigned char public byte d; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct in6_addr { /// Anonymous_5b3dda90_dbc7_4df8_825a_48e598dedcbd public Anonymous_5b3dda90_dbc7_4df8_825a_48e598dedcbd u; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Unicode)] public struct RASENTRYW { /// DWORD->unsigned int public uint dwSize; /// DWORD->unsigned int public uint dwfOptions; /// DWORD->unsigned int public uint dwCountryID; /// DWORD->unsigned int public uint dwCountryCode; /// WCHAR[RAS_MaxAreaCode + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxAreaCode + 1)] public string szAreaCode; /// WCHAR[RAS_MaxPhoneNumber + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxPhoneNumber + 1)] public string szLocalPhoneNumber; /// DWORD->unsigned int public uint dwAlternateOffset; /// RASIPADDR->_RASIPADDR public RASIPADDR ipaddr; /// RASIPADDR->_RASIPADDR public RASIPADDR ipaddrDns; /// RASIPADDR->_RASIPADDR public RASIPADDR ipaddrDnsAlt; /// RASIPADDR->_RASIPADDR public RASIPADDR ipaddrWins; /// RASIPADDR->_RASIPADDR public RASIPADDR ipaddrWinsAlt; /// DWORD->unsigned int public uint dwFrameSize; /// DWORD->unsigned int public uint dwfNetProtocols; /// DWORD->unsigned int public uint dwFramingProtocol; /// WCHAR[MAX_PATH] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_PATH)] public string szScript; /// WCHAR[MAX_PATH] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_PATH)] public string szAutodialDll; /// WCHAR[MAX_PATH] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_PATH)] public string szAutodialFunc; /// WCHAR[RAS_MaxDeviceType + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxDeviceType + 1)] public string szDeviceType; /// WCHAR[RAS_MaxDeviceName + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxDeviceName + 1)] public string szDeviceName; /// WCHAR[RAS_MaxPadType + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxPadType + 1)] public string szX25PadType; /// WCHAR[RAS_MaxX25Address + 1 ] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxX25Address + 1)] public string szX25Address; /// WCHAR[RAS_MaxFacilities + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxFacilities + 1)] public string szX25Facilities; /// WCHAR[RAS_MaxUserData + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxUserData + 1)] public string szX25UserData; /// DWORD->unsigned int public uint dwChannels; /// DWORD->unsigned int public uint dwReserved1; /// DWORD->unsigned int public uint dwReserved2; /// DWORD->unsigned int public uint dwSubEntries; /// DWORD->unsigned int public uint dwDialMode; /// DWORD->unsigned int public uint dwDialExtraPercent; /// DWORD->unsigned int public uint dwDialExtraSampleSeconds; /// DWORD->unsigned int public uint dwHangUpExtraPercent; /// DWORD->unsigned int public uint dwHangUpExtraSampleSeconds; /// DWORD->unsigned int public uint dwIdleDisconnectSeconds; /// DWORD->unsigned int public uint dwType; /// DWORD->unsigned int public uint dwEncryptionType; /// DWORD->unsigned int public uint dwCustomAuthKey; /// GUID->_GUID public GUID guidId; /// WCHAR[MAX_PATH] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_PATH)] public string szCustomDialDll; /// DWORD->unsigned int public uint dwVpnStrategy; /// DWORD->unsigned int public uint dwfOptions2; /// DWORD->unsigned int public uint dwfOptions3; /// WCHAR[RAS_MaxDnsSuffix] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxDnsSuffix)] public string szDnsSuffix; /// DWORD->unsigned int public uint dwTcpWindowSize; /// WCHAR[MAX_PATH] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.MAX_PATH)] public string szPrerequisitePbk; /// WCHAR[RAS_MaxEntryName + 1] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxEntryName + 1)] public string szPrerequisiteEntry; /// DWORD->unsigned int public uint dwRedialCount; /// DWORD->unsigned int public uint dwRedialPause; /// RASIPV6ADDR->in6_addr public in6_addr ipv6addrDns; /// RASIPV6ADDR->in6_addr public in6_addr ipv6addrDnsAlt; /// DWORD->unsigned int public uint dwIPv4InterfaceMetric; /// DWORD->unsigned int public uint dwIPv6InterfaceMetric; /// RASIPV6ADDR->in6_addr public in6_addr ipv6addr; /// DWORD->unsigned int public uint dwIPv6PrefixLength; /// DWORD->unsigned int public uint dwNetworkOutageTime; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Explicit)] public struct Anonymous_5b3dda90_dbc7_4df8_825a_48e598dedcbd { /// UCHAR[16] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 16, ArraySubType = System.Runtime.InteropServices.UnmanagedType.I1)] [System.Runtime.InteropServices.FieldOffsetAttribute(0)] public byte[] Byte; /// USHORT[8] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 8, ArraySubType = System.Runtime.InteropServices.UnmanagedType.U2)] [System.Runtime.InteropServices.FieldOffsetAttribute(0)] public ushort[] Word; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_NAME_BLOB { /// DWORD->unsigned int public uint cbData; /// BYTE* public System.IntPtr pbData; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)] public struct GUID { /// unsigned int public uint Data1; /// unsigned short public ushort Data2; /// unsigned short public ushort Data3; /// unsigned char[8] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 8)] public string Data4; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct MIB_IPSTATS { /// DWORD->unsigned int public uint dwForwarding; /// DWORD->unsigned int public uint dwDefaultTTL; /// DWORD->unsigned int public uint dwInReceives; /// DWORD->unsigned int public uint dwInHdrErrors; /// DWORD->unsigned int public uint dwInAddrErrors; /// DWORD->unsigned int public uint dwForwDatagrams; /// DWORD->unsigned int public uint dwInUnknownProtos; /// DWORD->unsigned int public uint dwInDiscards; /// DWORD->unsigned int public uint dwInDelivers; /// DWORD->unsigned int public uint dwOutRequests; /// DWORD->unsigned int public uint dwRoutingDiscards; /// DWORD->unsigned int public uint dwOutDiscards; /// DWORD->unsigned int public uint dwOutNoRoutes; /// DWORD->unsigned int public uint dwReasmTimeout; /// DWORD->unsigned int public uint dwReasmReqds; /// DWORD->unsigned int public uint dwReasmOks; /// DWORD->unsigned int public uint dwReasmFails; /// DWORD->unsigned int public uint dwFragOks; /// DWORD->unsigned int public uint dwFragFails; /// DWORD->unsigned int public uint dwFragCreates; /// DWORD->unsigned int public uint dwNumIf; /// DWORD->unsigned int public uint dwNumAddr; /// DWORD->unsigned int public uint dwNumRoutes; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_ENHKEY_USAGE { /// DWORD->unsigned int public uint cUsageIdentifier; /// LPSTR* public System.IntPtr rgpszUsageIdentifier; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_CONTEXT { /// DWORD->unsigned int public uint dwCertEncodingType; /// BYTE* public System.IntPtr pbCertEncoded; /// DWORD->unsigned int public uint cbCertEncoded; /// PCERT_INFO->_CERT_INFO* public System.IntPtr pCertInfo; /// HCERTSTORE->void* public System.IntPtr hCertStore; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_INFO { /// DWORD->unsigned int public uint dwVersion; /// CRYPT_INTEGER_BLOB->_CRYPTOAPI_BLOB public CRYPT_ATTR_BLOB SerialNumber; /// CRYPT_ALGORITHM_IDENTIFIER->_CRYPT_ALGORITHM_IDENTIFIER public CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm; /// CERT_NAME_BLOB->_CRYPTOAPI_BLOB public CRYPT_ATTR_BLOB Issuer; /// FILETIME->_FILETIME public FILETIME NotBefore; /// FILETIME->_FILETIME public FILETIME NotAfter; /// CERT_NAME_BLOB->_CRYPTOAPI_BLOB public CRYPT_ATTR_BLOB Subject; /// CERT_PUBLIC_KEY_INFO->_CERT_PUBLIC_KEY_INFO public CERT_PUBLIC_KEY_INFO SubjectPublicKeyInfo; /// CRYPT_BIT_BLOB->_CRYPT_BIT_BLOB public CRYPT_BIT_BLOB IssuerUniqueId; /// CRYPT_BIT_BLOB->_CRYPT_BIT_BLOB public CRYPT_BIT_BLOB SubjectUniqueId; /// DWORD->unsigned int public uint cExtension; /// PCERT_EXTENSION->_CERT_EXTENSION* public System.IntPtr rgExtension; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CRYPT_ATTR_BLOB { /// DWORD->unsigned int public uint cbData; /// BYTE* public System.IntPtr pbData; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CRYPT_ALGORITHM_IDENTIFIER { /// LPSTR->CHAR* [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)] public string pszObjId; /// CRYPT_OBJID_BLOB->_CRYPTOAPI_BLOB public CRYPT_ATTR_BLOB Parameters; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct FILETIME { /// DWORD->unsigned int public uint dwLowDateTime; /// DWORD->unsigned int public uint dwHighDateTime; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_PUBLIC_KEY_INFO { /// CRYPT_ALGORITHM_IDENTIFIER->_CRYPT_ALGORITHM_IDENTIFIER public CRYPT_ALGORITHM_IDENTIFIER Algorithm; /// CRYPT_BIT_BLOB->_CRYPT_BIT_BLOB public CRYPT_BIT_BLOB PublicKey; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CRYPT_BIT_BLOB { /// DWORD->unsigned int public uint cbData; /// BYTE* public System.IntPtr pbData; /// DWORD->unsigned int public uint cUnusedBits; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)] public struct CERT_EXTENSION { /// LPSTR->CHAR* [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)] public string pszObjId; /// BOOL->int public int fCritical; /// CRYPT_OBJID_BLOB->_CRYPTOAPI_BLOB public CRYPT_ATTR_BLOB Value; } [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct RAS_USER_1 { public byte bfPrivilege; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = NativeConstants.RAS_MaxPhoneNumber + 1)] public string phonenumber; public byte bfPrivilege2; }; public partial class NativeMethods { /// Return Type: DWORD->unsigned int ///lpwsServerName: LPWSTR->WCHAR* ///phMprConfig: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigServerConnect", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigServerConnect([System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] System.Text.StringBuilder lpwsServerName, ref System.IntPtr phMprConfig); /// Return Type: DWORD->unsigned int ///phMprConfig: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigServerDisconnect", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigServerDisconnect(System.IntPtr phMprConfig); /// Return Type: DWORD->unsigned int ///lpwsServerName: LPWSTR->WCHAR* ///phMprConfig: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprAdminServerConnect", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprAdminServerConnect([System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] System.Text.StringBuilder lpwsServerName, ref System.IntPtr hMprServer); /// Return Type: DWORD->unsigned int ///lpwsServerName: LPWSTR->WCHAR* ///phMprConfig: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprAdminServerDisconnect", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprAdminServerDisconnect(System.IntPtr hMprServer); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///dwLevel: DWORD->unsigned int ///lplpBuffer: LPBYTE* ///dwPrefMaxLen: DWORD->unsigned int ///lpdwEntriesRead: LPDWORD->DWORD* ///lpdwTotalEntries: LPDWORD->DWORD* ///lpdwResumeHandle: LPDWORD->DWORD* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigInterfaceEnum", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigInterfaceEnum(System.IntPtr hMprConfig, uint dwLevel, ref System.IntPtr lplpBuffer, uint dwPrefMaxLen, ref uint lpdwEntriesRead, ref uint lpdwTotalEntries, ref uint lpdwResumeHandle); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///pServerInfo: MPR_SERVER_EX* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigServerGetInfoEx", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigServerGetInfoEx(System.IntPtr hMprConfig, ref MPR_SERVER_EX pServerInfo); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///hRouterInterface: HANDLE->void* ///dwTransportId: DWORD->unsigned int ///phRouterIfTransport: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigInterfaceTransportGetHandle", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigInterfaceTransportGetHandle(System.IntPtr hMprConfig, System.IntPtr hRouterInterface, uint dwTransportId, ref System.IntPtr phRouterIfTransport); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///dwTransportId: DWORD->unsigned int ///phRouterTransport: HANDLE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigTransportGetHandle", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigTransportGetHandle(System.IntPtr hMprConfig, uint dwTransportId, ref System.IntPtr phRouterTransport); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///hRouterInterface: HANDLE->void* ///hRouterIfTransport: HANDLE->void* ///ppInterfaceInfo: LPBYTE* ///lpdwInterfaceInfoSize: LPDWORD->DWORD* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigInterfaceTransportGetInfo", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigInterfaceTransportGetInfo(System.IntPtr hMprConfig, System.IntPtr hRouterInterface, System.IntPtr hRouterIfTransport, ref System.IntPtr ppInterfaceInfo, ref uint lpdwInterfaceInfoSize); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///hRouterTransport: HANDLE->void* ///ppGlobalInfo: LPBYTE* ///lpdwGlobalInfoSize: LPDWORD->DWORD* ///ppClientInterfaceInfo: LPBYTE* ///lpdwClientInterfaceInfoSize: LPDWORD->DWORD* ///lplpwsDLLPath: LPWSTR* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigTransportGetInfo", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprConfigTransportGetInfo(System.IntPtr hMprConfig, System.IntPtr hRouterTransport, ref System.IntPtr ppGlobalInfo, ref uint lpdwGlobalInfoSize, ref System.IntPtr ppClientInterfaceInfo, ref uint lpdwClientInterfaceInfoSize, ref System.IntPtr lplpwsDLLPath); /// Return Type: DWORD->unsigned int ///lpszPhonebook: LPCWSTR->WCHAR* ///lpszEntry: LPCWSTR->WCHAR* ///lpRasEntry: LPRASENTRYW->RASENTRYW* ///lpcbRasEntry: LPDWORD->DWORD* ///lpbDeviceConfig: LPBYTE->BYTE* ///lpcbDeviceConfig: LPDWORD->DWORD* [DllImport("rasapi32.dll", CharSet = CharSet.Auto, CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint RasGetEntryPropertiesW( string lpszPhoneBook, string szEntry, ref RASENTRYW lpbEntry, ref UInt32 lpdwEntrySize, IntPtr lpb, IntPtr lpdwSize); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///pszGuidName: PWSTR->WCHAR* ///pszBuffer: PWCHAR->WCHAR* ///dwBufferSize: DWORD->unsigned int [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigGetFriendlyName", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] // public static extern uint MprConfigGetFriendlyName(System.IntPtr hMprConfig, System.IntPtr pszGuidName, System.IntPtr pszBuffer, uint dwBufferSize); public static extern uint MprConfigGetFriendlyName(System.IntPtr hMprConfig, [MarshalAs(UnmanagedType.LPWStr)] String pszGuidName, [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] System.Text.StringBuilder pszBuffer, uint dwBufferSize); /// Return Type: DWORD->unsigned int ///pStats: PMIB_IPSTATS->_MIB_IPSTATS* ///dwFamily: DWORD->unsigned int [System.Runtime.InteropServices.DllImportAttribute("iphlpapi.dll", EntryPoint = "GetIpStatisticsEx")] public static extern uint GetIpStatisticsEx([System.Runtime.InteropServices.OutAttribute()] out MIB_IPSTATS pStats, uint dwFamily); /// Return Type: DWORD->unsigned int ///pBuffer: LPVOID->void* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprConfigBufferFree")] public static extern uint MprConfigBufferFree(System.IntPtr pBuffer); /// Return Type: DWORD->unsigned int ///hMprConfig: HANDLE->void* ///dwLevel: DWORD->unsigned int ///lplpBuffer: LPBYTE* ///dwPrefMaxLen: DWORD->unsigned int ///lpdwEntriesRead: LPDWORD->DWORD* ///lpdwTotalEntries: LPDWORD->DWORD* ///lpdwResumeHandle: LPDWORD->DWORD* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprAdminInterfaceEnum", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprAdminInterfaceEnum(System.IntPtr hMprServer, uint dwLevel, ref System.IntPtr lplpBuffer, uint dwPrefMaxLen, ref uint lpdwEntriesRead, ref uint lpdwTotalEntries, ref uint lpdwResumeHandle); /// Return Type: DWORD->unsigned int ///pBuffer: LPVOID->void* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprAdminBufferFree")] public static extern uint MprAdminBufferFree(System.IntPtr pBuffer); /// Return Type: DWORD->unsigned int ///lpHeader: LPVOID->void* ///dwInfoType: DWORD->unsigned int ///lpdwItemSize: DWORD->unsigned int ///lpdwItemCount: DWORD->unsigned int ///lplpItemData: LPBYTE* [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprInfoBlockFind", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall)] public static extern uint MprInfoBlockFind( System.IntPtr lpHeader, uint dwInfoType, ref uint lpdwItemSize, ref uint lpdwItemCount, ref System.IntPtr lplpItemData); /// Return Type: BOOL->int ///pCertContext: PCCERT_CONTEXT->CERT_CONTEXT* ///dwFlags: DWORD->unsigned int ///pUsage: PCERT_ENHKEY_USAGE->_CTL_USAGE* ///pcbUsage: DWORD* [System.Runtime.InteropServices.DllImportAttribute("crypt32.dll", SetLastError=true, EntryPoint="CertGetEnhancedKeyUsage")] [return: System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.Bool)] public static extern bool CertGetEnhancedKeyUsage(System.IntPtr pCertContext, uint dwFlags, System.IntPtr pUsage, ref uint pcbUsage) ; [System.Runtime.InteropServices.DllImportAttribute("mprapi.dll", EntryPoint = "MprAdminUserGetInfo", CallingConvention = System.Runtime.InteropServices.CallingConvention.StdCall, SetLastError = false)] public static extern UInt32 MprAdminUserGetInfo( [MarshalAs(UnmanagedType.LPWStr)] string serverName, [MarshalAs(UnmanagedType.LPWStr)] string userName, UInt32 Level, // This must be 1 ref RAS_USER_1 buffer); } #endregion marshalled-unmanaged-structures-and-APIs public class RRASUtil { public static bool IsGuid(string str) { bool retVal; try { new Guid(str); retVal = true; } catch { retVal = false; } return retVal; } public static DhcpRelayStatus GetDhcpRelayStatus(bool bIfAdded, bool bRelayEnabled) { DhcpRelayStatus retVal = DhcpRelayStatus.NoIfAddedToDHCPRelay; if (bIfAdded) { if (bRelayEnabled) { retVal = DhcpRelayStatus.IfAddedWithDHCPRelayEnabled; } else { retVal = DhcpRelayStatus.IfAddedWithDHCPRelayDisabled; } } return retVal; } } public enum HRESULT : uint { ERROR_SUCCESS = 0, ERROR_BUFFER_TOO_SMALL = 603, ERROR_INVALID_SIZE = 632, ERROR_NO_SUCH_INTERFACE = 905, ERROR_ACCESS_DENIED = 5, ERROR_DDM_NOT_RUNNING = 903, ERROR_PROC_NOT_FOUND = 127, ERROR_INVALID_PARAMETER = 87, ERROR_NOT_ENOUGH_MEMORY = 8, ERROR_NO_MORE_ITEMS = 259, ERROR_UNKNOWN_PROTOCOL_ID = 902, ERROR_BUFFER_OVERFLOW = 111, ERROR_NOT_FOUND = 1168, ERROR_BUFFER_INVALID = 610, ERROR_CANNOT_OPEN_PHONEBOOK = 621, ERROR_CANNOT_FIND_PHONEBOOK_ENTRY = 623 } public enum PROTOCOL_TYPE : uint { PROTOCOL_IKEv2 = 0, PROTOCOL_SSTP = 1 } public enum AUTHENTICATION : uint { PROTOCOL_CFG_AllowNoAuthentication = 0x00004000, PROTOCOL_CFG_NegotiatePAP = 0x00010000, PROTOCOL_CFG_NegotiateMD5CHAP = 0x00020000, PROTOCOL_CFG_NegotiateStrongMSCHAP = 0x00800000 } public enum DACERTTYPE : uint { IPSec = 0, Ssl = 1, Nls = 2 } public enum ADAPTER_TYPE : uint { ADAPTER_8023 = 0, ADAPTER_ETHERNETDIX = 1 } public static class OIDValues { public const string OID_SERVERAUTH = "1.3.6.1.5.5.7.3.1"; public const string OID_MSSPECALLPURPOSE = "1.3.6.1.4.1.311.10.12.1"; public const string OID_ALLPURPOSE = "2.5.29.37.0"; public const string OID_IKEINTERMEDIATE = "1.3.6.1.5.5.8.2.2"; public const string OID_ENHANCEDKEYUSAGE = "2.5.29.37"; } public static class PROTOCOLTYPE { public const string PROTOCOL_IKEv2 = "IKEv2"; public const string PROTOCOL_SSTP = "SSTP"; } public class RRASException : Exception { #region private members /// /// RRAS Error returned by the API. /// private HRESULT rrasError; /// /// Error code. /// private UInt32 errorCode; /// /// Win32 exception. /// private Win32Exception win32Exception; #endregion private members #region constructors /// /// Construct from an error code. /// /// The 32-bit error code that an API call returned. public RRASException(UInt32 errorCode) : base((0 != MapToRRASError(errorCode)) ? MapToRRASError(errorCode).ToString() : (new Win32Exception((int)errorCode)).Message) { this.rrasError = MapToRRASError(errorCode); if (0 == this.rrasError) { this.win32Exception = new Win32Exception((int)errorCode); } else { this.win32Exception = null; } this.errorCode = errorCode; } /// /// Construct from a HRESULT enum. /// /// A HRESULT Error enum. public RRASException(HRESULT error) : base(error.ToString()) { this.rrasError = error; this.errorCode = (uint)error; this.win32Exception = null; } #endregion constructors #region public properties /// /// Gets the HRESULT error that caused this exception. /// All RRASException may not have a SAPI error associated. /// public HRESULT RRASError { get { return this.rrasError; } } /// /// Gets the Win32 exception that corresponds to this exception. /// public Win32Exception Win32Ex { get { return this.win32Exception; } } /// /// Gets the error code that caused this RRASException. /// public UInt32 ErrorCode { get { return this.errorCode; } } #endregion public properties #region public methods /// /// Map a 32-bit error code to a HRESULT (if possible). /// /// A 32-bit error code returned by the SAPI. /// A HRESULT.RRASError if possible. 0 otherwise. private static HRESULT MapToRRASError(UInt32 error) { HRESULT mappedError = 0; foreach (HRESULT e in Enum.GetValues(typeof(HRESULT))) { if ((uint)e == error) { mappedError = e; } } return mappedError; } #endregion public methods } public class RRASServiceConfiguration { private const String IKE_PROTOCOL_STRING = "IKEv2"; private const String PPTP_PROTOCOL_STRING = "PPTP"; private const String SSTP_PROTOCOL_STRING = "SSTP"; private const String L2TP_PROTOCOL_STRING = "L2TP"; private RRASService rrasServiceObjField; private IntPtr hServer; private bool fServerConnected; private bool bDHCPRelayConfiguredForIPv4; private bool bDHCPRelayConfiguredForIPv6; private MPR_SERVER_EX serverInfo; private bool bServerInfoPopulated; public RRASService RRasServiceObj { get { return this.rrasServiceObjField; } set { this.rrasServiceObjField = value; } } public RRASServiceConfiguration() { RRasServiceObj = new RRASService(); RRasServiceObj.RRAS = new RRAS(); RRasServiceObj.DA = new DA(); } private void ConnectToServer() { uint error = NativeMethods.MprConfigServerConnect(null, ref hServer); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } fServerConnected = true; } private void DisconnectServer() { if (fServerConnected) { NativeMethods.MprConfigServerDisconnect(hServer); fServerConnected = false; } } private bool IsDemandDialEnabled() { bool bDemandDial = false; if (((RRasServiceObj.RRAS.IPv4Router != null) && (RRasServiceObj.RRAS.IPv4Router.RoutingConfigured) && (RRasServiceObj.RRAS.IPv4Router.LanAndDemandDialEnabled)) || ((RRasServiceObj.RRAS.IPv6Router != null) && (RRasServiceObj.RRAS.IPv6Router.RoutingConfigured) && (RRasServiceObj.RRAS.IPv6Router.LanAndDemandDialEnabled)) ) { bDemandDial = true; } return bDemandDial; } private void GetServerInfo() { if (bServerInfoPopulated) return; bool bDisconnectServer = false; if (!fServerConnected) { ConnectToServer(); bDisconnectServer = true; } if (fServerConnected) { serverInfo = new MPR_SERVER_EX(); serverInfo.Header.size = (ushort)Marshal.SizeOf(serverInfo); serverInfo.Header.type = NativeConstants.MPRAPI_OBJECT_TYPE_MPR_SERVER_OBJECT; serverInfo.Header.revision = NativeConstants.MPRAPI_MPR_SERVER_OBJECT_REVISION_1; uint error = NativeMethods.MprConfigServerGetInfoEx(hServer, ref serverInfo); if ((uint)HRESULT.ERROR_SUCCESS != error) { throw new RRASException(error); } bServerInfoPopulated = true; if (bDisconnectServer) DisconnectServer(); } } /// /// this APIs makes a PInvoke to MprConfigServerGetInfoEx API that returns an /// object of type MPR_SERVER_EX. The following member of MPR_SERVER_EX are /// used to get the port information. /// /// Number of IKEv2 ports used: ConfigParams->IkeConfigParams->dwNumPorts /// Number of L2TP ports used: ConfigParams->L2tpConfigParams->dwNumPorts /// Number of SSTP ports used: ConfigParams->SstpConfigParams->dwNumPorts /// Number of PPTP ports used: ConfigParams->PptpConfigParams->dwNumPorts /// /// Using the above information, it populates the RRasServiceObj.RRAS.Port[] /// member. /// private void PopulatePortInfo() { if (!fServerConnected) return; // A pre condition for this rule would be to check for this rule only when the server // has been configured for demand dial/VPN. So don’t fire this rule if only LAN routing has been enabled bool bDemandDialEnabled = IsDemandDialEnabled(); // If neither VPN nor demand-dial is enabled, we will not populte the port info // in the XML. if (!RRasServiceObj.RRAS.VpnEnabled && !bDemandDialEnabled) { return; } GetServerInfo(); int index = 0; int complientPortCount = 0; //if (RRasServiceObj.RRAS.VpnEnabled) //{ RRasServiceObj.RRAS.Port = new Port[4]; RRasServiceObj.RRAS.Port[index] = new Port(); RRasServiceObj.RRAS.Port[index].Protocol = IKE_PROTOCOL_STRING; RRasServiceObj.RRAS.Port[index].PortCount = serverInfo.ConfigParams.IkeConfigParams.dwNumPorts.ToString(); if (serverInfo.ConfigParams.IkeConfigParams.dwNumPorts > 0) complientPortCount++; index++; RRasServiceObj.RRAS.Port[index] = new Port(); RRasServiceObj.RRAS.Port[index].Protocol = SSTP_PROTOCOL_STRING; RRasServiceObj.RRAS.Port[index].PortCount = serverInfo.ConfigParams.SstpConfigParams.dwNumPorts.ToString(); if (serverInfo.ConfigParams.SstpConfigParams.dwNumPorts > 0) complientPortCount++; index++; //} //else //{ // RRasServiceObj.RRAS.Port = new Port[2]; //} RRasServiceObj.RRAS.Port[index] = new Port(); RRasServiceObj.RRAS.Port[index].Protocol = L2TP_PROTOCOL_STRING; RRasServiceObj.RRAS.Port[index].PortCount = serverInfo.ConfigParams.L2tpConfigParams.dwNumPorts.ToString(); if (serverInfo.ConfigParams.L2tpConfigParams.dwNumPorts > 0) complientPortCount++; index++; RRasServiceObj.RRAS.Port[index] = new Port(); RRasServiceObj.RRAS.Port[index].Protocol = PPTP_PROTOCOL_STRING; RRasServiceObj.RRAS.Port[index].PortCount = serverInfo.ConfigParams.PptpConfigParams.dwNumPorts.ToString(); if (serverInfo.ConfigParams.PptpConfigParams.dwNumPorts > 1) complientPortCount++; index++; if (complientPortCount == index) { RRasServiceObj.RRAS.AllPortsDisabled = false; RRasServiceObj.RRAS.AllPortsDisabledSpecified = true; } else if (complientPortCount == 0) { RRasServiceObj.RRAS.AllPortsDisabled = true; RRasServiceObj.RRAS.AllPortsDisabledSpecified = true; } else { RRasServiceObj.RRAS.AllPortsDisabledSpecified = false; } } /// /// This function makes PInvoke call to MprConfigTransportGetInfo API for /// the specified transport ID. MprConfigTransportGetInfo returns IPBOOTP_GLOBAL_CONFIG /// object for IPv4 and IPBOOTP_GLOBAL_CONFIG for IPv6. GC_ServerCount member of both /// the above structure specifies the number of DHCP servers attached to the DHCP Relay /// agent. /// /// Using this info it sets the flag RRasServiceObj.RRAS.DHCPServersAddedV4 or /// RRasServiceObj.RRAS.DHCPServersAddedV4. /// /// The transport ID (IPv4 or IPv6) for which /// RRasServiceObj.RRAS.DHCPServersAddedV4 is to be identifies. private void PopulateDHCPRelayConfiguration(uint dwTransportID) { if (!fServerConnected) return; IntPtr hIfTransport = IntPtr.Zero; uint error = NativeMethods.MprConfigTransportGetHandle(hServer, dwTransportID, ref hIfTransport); if ((uint)HRESULT.ERROR_SUCCESS != error) { throw new RRASException(error); } IntPtr pClientInterfaceInfo = IntPtr.Zero; IntPtr pDllPath = IntPtr.Zero; uint clientInterfaceInfoSize = 0; IntPtr pGlobalInfoBuffer = IntPtr.Zero; uint globalInfoSize = 0; error = NativeMethods.MprConfigTransportGetInfo(hServer, hIfTransport, ref pGlobalInfoBuffer, ref globalInfoSize, ref pClientInterfaceInfo, ref clientInterfaceInfoSize, ref pDllPath); if ((uint)HRESULT.ERROR_SUCCESS != error) { throw new RRASException(error); } IntPtr tocEntryPtr = IntPtr.Zero; int infoType = (NativeConstants.PID_IP == dwTransportID) ? NativeConstants.MS_IP_BOOTP : NativeConstants.MS_IPV6_DHCP; uint dwItemSize = 0; uint dwItemcount = 0; error = NativeMethods.MprInfoBlockFind(pGlobalInfoBuffer, (uint) infoType, ref dwItemSize, ref dwItemcount, ref tocEntryPtr); if (((uint)HRESULT.ERROR_NOT_FOUND != error) && ((uint)HRESULT.ERROR_SUCCESS != error)) { throw new RRASException(error); } if ((uint)HRESULT.ERROR_NOT_FOUND != error) { if (NativeConstants.PID_IP == dwTransportID) { bDHCPRelayConfiguredForIPv4 = true; IPBOOTP_GLOBAL_CONFIG dhcpConfig = (IPBOOTP_GLOBAL_CONFIG)Marshal.PtrToStructure(tocEntryPtr, typeof(IPBOOTP_GLOBAL_CONFIG)); if (dhcpConfig.GC_ServerCount > 0) { RRasServiceObj.RRAS.DHCPServersAddedV4 = true; } RRasServiceObj.RRAS.DHCPServersAddedV4Specified = true; } else if (NativeConstants.PID_IPV6 == dwTransportID) { bDHCPRelayConfiguredForIPv6 = true; DHCPV6R_GLOBAL_CONFIG dhcpConfig = (DHCPV6R_GLOBAL_CONFIG)Marshal.PtrToStructure(tocEntryPtr, typeof(DHCPV6R_GLOBAL_CONFIG)); if (dhcpConfig.GC_ServerCount > 0) { RRasServiceObj.RRAS.DHCPServersAddedV6 = true; } RRasServiceObj.RRAS.DHCPServersAddedV6Specified = true; } } NativeMethods.MprConfigBufferFree(pGlobalInfoBuffer); } /// /// This API gets the transport information for a given interface. This makes a PInvoke /// call to MprConfigInterfaceTransportGetInfo API. This API returns IPBOOTP_IF_CONFIG for IPv4. /// And DHCPV6R_IF_CONFIG for IPv6. If the given interface is not added to the DHCP Relay agent, then /// it does not return the above structures. The IC_RelayMode member of the above structures /// specifies whether "DHCP Relay Packect" is enabled on this interface. /// /// Using this information, IPv4RelayDhcpPktEnabled member of the Interface is populated. /// /// /// IPv4 or IPv6 /// Handle of the interface for which DHCP Relay Packect information is to be populated /// the Interface object for which IPv4RelayDhcpPktEnabled is to be set. /// This flag will be set to TRUE if this interface is added to DHCP Relay Agent /// this flag will be set to TRUE if "DHCP Relay Packect" is enabled private void GetTransportInformationForInterface(uint dwTransportID, IntPtr hInterface, ref Interface ifEntry, ref bool bIfAddedToDhcpRelay, ref bool bDhcpRelayEnabledOnIf) { if (!fServerConnected) return; IntPtr pInterfaceInfoBuffer = IntPtr.Zero; uint interfaceInfoSize = 0, error = 0; IntPtr hIfTransport = IntPtr.Zero; error = NativeMethods.MprConfigInterfaceTransportGetHandle(hServer, hInterface, dwTransportID, ref hIfTransport); if ((uint)HRESULT.ERROR_NO_SUCH_INTERFACE == error) { return; } if ((uint)HRESULT.ERROR_SUCCESS != error) { throw new RRASException(error); } error = NativeMethods.MprConfigInterfaceTransportGetInfo(hServer, hInterface, hIfTransport, ref pInterfaceInfoBuffer, ref interfaceInfoSize); if ((uint)HRESULT.ERROR_SUCCESS != error) { throw new RRASException(error); } IntPtr tocEntryPtr = IntPtr.Zero; int infoType = (NativeConstants.PID_IP == dwTransportID) ? NativeConstants.MS_IP_BOOTP : NativeConstants.MS_IPV6_DHCP; uint dwItemSize = 0; uint dwItemcount = 0; error = NativeMethods.MprInfoBlockFind(pInterfaceInfoBuffer, (uint)infoType, ref dwItemSize, ref dwItemcount, ref tocEntryPtr); if (((uint)HRESULT.ERROR_NOT_FOUND != error) && ((uint)HRESULT.ERROR_SUCCESS != error)) { throw new RRASException(error); } if ((uint)HRESULT.ERROR_NOT_FOUND != error) { if (NativeConstants.PID_IP == dwTransportID) { bIfAddedToDhcpRelay = true; IPBOOTP_IF_CONFIG dhcpConfig = (IPBOOTP_IF_CONFIG)Marshal.PtrToStructure(tocEntryPtr, typeof(IPBOOTP_IF_CONFIG)); if (NativeConstants.IPBOOTP_RELAY_ENABLED == dhcpConfig.IC_RelayMode) { ifEntry.IPv4RelayDhcpPktEnabled = true; ifEntry.IPv4RelayDhcpPktEnabledSpecified = true; bDhcpRelayEnabledOnIf = true; } } else if (NativeConstants.PID_IPV6 == dwTransportID) { bIfAddedToDhcpRelay = true; DHCPV6R_IF_CONFIG dhcpConfig = (DHCPV6R_IF_CONFIG)Marshal.PtrToStructure(tocEntryPtr, typeof(DHCPV6R_IF_CONFIG)); if (NativeConstants.DHCPV6R_RELAY_ENABLED == dhcpConfig.IC_RelayMode) { ifEntry.IPv6RelayDhcpPktEnabled = true; ifEntry.IPv6RelayDhcpPktEnabledSpecified = true; bDhcpRelayEnabledOnIf = true; } } } NativeMethods.MprConfigBufferFree(pInterfaceInfoBuffer); } /// /// We generate the interface list using the API MprConfigInterfaceEnum. This API returns /// the list of all the available interfaces but does not return the Interface /// status (enable or not, reachable or not)properly. There is another API MprAdminInterfaceEnum /// available that works only if the RemoteAccess service is running.This API returns /// proper status of the interfaces but it does not return the interfaces that are in disabled /// state. /// /// Hence, first we call MprConfigInterfaceEnum to get all the interfaces (enabled /disabled). /// Then we call MprAdminInterfaceEnum (only if the RemoteAccess service is running). From this /// list we take the interface status and update the same in the first list returned /// by MprConfigInterfaceEnum. The interfaces in the first list, that are not in the second list /// are marked as "disabled". /// /// The interface list returned by MprConfigInterfaceEnum /// Number of interfaces returned by MprConfigInterfaceEnum /// The interface list returned by MprConfigInterfaceEnum with interface /// status updated properly. private MPR_INTERFACE_0[] UpdateInterfaceStatus(IntPtr pIfBuffer, uint dwIfEntries) { if ((pIfBuffer == IntPtr.Zero) || (dwIfEntries == 0)) return null; MPR_INTERFACE_0[] ifAdminList = null; if (RRasServiceObj.RRAS.RRASRunning) { IntPtr hAdminServer = IntPtr.Zero; uint error = NativeMethods.MprAdminServerConnect(null, ref hAdminServer); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } IntPtr pBuffer = IntPtr.Zero; uint dwEntries = 0, dwTotalEntries = 0, hResumeHandle = 0; error = NativeMethods.MprAdminInterfaceEnum(hAdminServer, 0, ref pBuffer, 0xffffff, ref dwEntries, ref dwTotalEntries, ref hResumeHandle); NativeMethods.MprAdminServerDisconnect(hAdminServer); if ((HRESULT.ERROR_SUCCESS != (HRESULT)error) && (HRESULT.ERROR_NO_MORE_ITEMS != (HRESULT)error)) { throw new RRASException(error); } if (dwEntries > 0) { ifAdminList = new MPR_INTERFACE_0[dwEntries]; for (int i = 0; i < dwEntries; i++) { MPR_INTERFACE_0 ifEntry = new MPR_INTERFACE_0(); IntPtr ifPtr = (IntPtr)((long)pBuffer + (i * Marshal.SizeOf(ifEntry))); ifEntry = (MPR_INTERFACE_0)Marshal.PtrToStructure(ifPtr, typeof(MPR_INTERFACE_0)); ifAdminList[i] = ifEntry; } NativeMethods.MprAdminBufferFree(pBuffer); } } MPR_INTERFACE_0[] ifCfgList = new MPR_INTERFACE_0[dwIfEntries]; for (int i = 0; i < dwIfEntries; i++) { MPR_INTERFACE_0 ifEntry = new MPR_INTERFACE_0(); IntPtr ifPtr = (IntPtr)((long)pIfBuffer + (i * Marshal.SizeOf(ifEntry))); ifEntry = (MPR_INTERFACE_0)Marshal.PtrToStructure(ifPtr, typeof(MPR_INTERFACE_0)); ifCfgList[i] = ifEntry; if (ifAdminList != null) { bool bFound = false; for (int j = 0; j < ifAdminList.Length; j++) { if ((ifAdminList[j].wszInterfaceName == ifCfgList[i].wszInterfaceName) && (ifAdminList[j].dwIfType == ifCfgList[i].dwIfType)) { ifCfgList[i].fEnabled = ifAdminList[j].fEnabled; ifCfgList[i].fUnReachabilityReasons = ifAdminList[j].fUnReachabilityReasons; ifCfgList[i].dwConnectionState = ifAdminList[j].dwConnectionState; bFound = true; break; } } if (!bFound) { ifCfgList[i].fEnabled = 0; } } } return ifCfgList; } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateInterfaceList // Arguments : none // // Description : This function sets the XML nodes for interface Lists. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// private void PopulateInterfaceList() { if (!fServerConnected) return; bool bDemandDialRoutingEnabled = IsDemandDialEnabled(); bool bIPv4RoutingEnabled = ((RRasServiceObj.RRAS.IPv4Router != null) && (RRasServiceObj.RRAS.IPv4Router.RoutingConfigured)); bool bIPv6RoutingEnabled = ((RRasServiceObj.RRAS.IPv6Router != null) && (RRasServiceObj.RRAS.IPv6Router.RoutingConfigured)); /// Invoke the MprApi.dll!MprConfigInterfaceEnum method to get the interface list /// RRasServiceObj.RRAS.InterfaceList = new InterfaceList(); IntPtr pBuffer = IntPtr.Zero; uint dwEntries = 0, dwTotalEntries = 0, hResumeHandle = 0; uint error = NativeMethods.MprConfigInterfaceEnum(hServer, 0, ref pBuffer, 0xffffff, ref dwEntries, ref dwTotalEntries, ref hResumeHandle); if (HRESULT.ERROR_NO_MORE_ITEMS == (HRESULT)error) { return; } if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } MPR_INTERFACE_0[] ifList = UpdateInterfaceStatus(pBuffer, dwEntries); if (ifList == null) return; NativeMethods.MprConfigBufferFree(pBuffer); bool bInterfaceAddedToIPv4 = false; bool bInterfaceAddedToIPv6 = false; bool bDhcpRelayEnabledOnIfForIPv4 = false; bool bDhcpRelayEnabledOnIfForIPv6 = false; RRasServiceObj.RRAS.InterfaceList.AllEnabledIfReachable = AllInterfaceStatus.All; RRasServiceObj.RRAS.InterfaceList.AllInterfaceDisabled = AllInterfaceStatus.All; RRasServiceObj.RRAS.InterfaceList.Interface = new Interface[dwEntries]; bool interfaceEnabled = false; bool interfaceDisabled = false; bool interfaceReachable = false; bool interfaceUnReachable = false; int i = 0; foreach (MPR_INTERFACE_0 ifEntry in ifList) { Interface interFace = new Interface(); if (!RRASUtil.IsGuid(ifEntry.wszInterfaceName)) { interFace.IfName = ifEntry.wszInterfaceName; } else { StringBuilder ifName = new StringBuilder(NativeConstants.MAX_INTERFACE_NAME_LEN + 1); error = NativeMethods.MprConfigGetFriendlyName(hServer, ifEntry.wszInterfaceName, ifName, NativeConstants.MAX_INTERFACE_NAME_LEN + 1); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { if(HRESULT.ERROR_NOT_FOUND == (HRESULT)error) { continue; } else { throw new RRASException(error); } } interFace.IfName = ifName.ToString(); } interFace.IfType = ifEntry.dwIfType.ToString(); if (ifEntry.dwIfType == ROUTER_INTERFACE_TYPE.ROUTER_IF_TYPE_LOOPBACK) { continue; } if (bIPv4RoutingEnabled && bDHCPRelayConfiguredForIPv4) { GetTransportInformationForInterface(NativeConstants.PID_IP, ifEntry.hInterface, ref interFace, ref bInterfaceAddedToIPv4, ref bDhcpRelayEnabledOnIfForIPv4); } if (bIPv6RoutingEnabled && bDHCPRelayConfiguredForIPv6) { GetTransportInformationForInterface(NativeConstants.PID_IPV6, ifEntry.hInterface, ref interFace, ref bInterfaceAddedToIPv6, ref bDhcpRelayEnabledOnIfForIPv6); } if (ifEntry.dwIfType == ROUTER_INTERFACE_TYPE.ROUTER_IF_TYPE_INTERNAL) { continue; } interFace.Enabled = Convert.ToBoolean(ifEntry.fEnabled); interFace.Reachable = (ifEntry.dwConnectionState != ROUTER_CONNECTION_STATE.ROUTER_IF_STATE_UNREACHABLE); if (interFace.Enabled) { interfaceEnabled = true; if (!interFace.Reachable) { interfaceUnReachable = true; } else { interfaceReachable = true; } } else { interfaceDisabled = true; } // We have to set the "EncryptionAllowed" flag only for demand dial interfaces if (ROUTER_INTERFACE_TYPE.ROUTER_IF_TYPE_FULL_ROUTER == ifEntry.dwIfType) { RRasServiceObj.RRAS.InterfaceList.DemandDialInterfaceExists = true; if (bDemandDialRoutingEnabled) { String phoneBookPath = Environment.ExpandEnvironmentVariables("%SystemRoot%\\system32\\RAS\\Router.Pbk"); RASENTRYW re = new RASENTRYW(); uint dwSize = (uint)Marshal.SizeOf(re); re.dwSize = dwSize; error = NativeMethods.RasGetEntryPropertiesW(phoneBookPath, ifEntry.wszInterfaceName, ref re, ref dwSize, IntPtr.Zero, IntPtr.Zero); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } interFace.EncryptionAllowed = (re.dwEncryptionType != (uint)EncryptionType.ET_None); interFace.EncryptionAllowedSpecified = true; } } RRasServiceObj.RRAS.InterfaceList.Interface[i++] = interFace; } if (interfaceEnabled && interfaceDisabled) { RRasServiceObj.RRAS.InterfaceList.AllInterfaceDisabled = AllInterfaceStatus.Some; } else if (interfaceEnabled) { RRasServiceObj.RRAS.InterfaceList.AllInterfaceDisabled = AllInterfaceStatus.None; } else if (interfaceDisabled) { RRasServiceObj.RRAS.InterfaceList.AllInterfaceDisabled = AllInterfaceStatus.All; } if (interfaceReachable && interfaceUnReachable) { RRasServiceObj.RRAS.InterfaceList.AllEnabledIfReachable = AllInterfaceStatus.Some; } else if (interfaceReachable) { RRasServiceObj.RRAS.InterfaceList.AllEnabledIfReachable = AllInterfaceStatus.All; } else if (interfaceUnReachable) { RRasServiceObj.RRAS.InterfaceList.AllEnabledIfReachable = AllInterfaceStatus.None; } if (bDHCPRelayConfiguredForIPv4) { RRasServiceObj.RRAS.InterfaceList.VerifyDhcpRelayStatusV4Specified = true; RRasServiceObj.RRAS.InterfaceList.VerifyDhcpRelayStatusV4 = RRASUtil.GetDhcpRelayStatus(bInterfaceAddedToIPv4, bDhcpRelayEnabledOnIfForIPv4); } if (bDHCPRelayConfiguredForIPv6) { RRasServiceObj.RRAS.InterfaceList.VerifyDhcpRelayStatusV6Specified = true; RRasServiceObj.RRAS.InterfaceList.VerifyDhcpRelayStatusV6 = RRASUtil.GetDhcpRelayStatus(bInterfaceAddedToIPv6, bDhcpRelayEnabledOnIfForIPv6); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateRRasServiceObject // Arguments : none // // Description : This function sets the XML nodes for various RRAS configurations // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateRRasServiceObject() { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; ConnectToServer(); if ((RRasServiceObj.RRAS.IPv4Router != null)) { PopulateDHCPRelayConfiguration(NativeConstants.PID_IP); } if ((RRasServiceObj.RRAS.IPv6Router != null)) { PopulateDHCPRelayConfiguration(NativeConstants.PID_IPV6); } PopulateInterfaceList(); PopulatePortInfo(); DisconnectServer(); } ////////////////////////////////////////////////////////////////////////////////// // Function Name : GenerateXml // Arguments : none // // Description : This function sets serializes the XML doc // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public MemoryStream GenerateXml() { if (RRasServiceObj != null) { MemoryStream st = new MemoryStream(); XmlSerializer serializer = new XmlSerializer(typeof(RRASService)); serializer.Serialize(st, RRasServiceObj); return st; } return null; } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetRRASInstallStatus // Arguments : status - true/false // // Description : This function sets the XML nodes with true/false for RRAS // installed/uninstalled status. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetRRASInstallStatus(int status) { if (null == RRasServiceObj) return; RRasServiceObj.RRASInstalled = Convert.ToBoolean(status); if (!RRasServiceObj.RRASInstalled) { RRasServiceObj.RRAS = null; RRasServiceObj.VPNEnabledSpecified = false; RRasServiceObj.DA = null; RRasServiceObj.DAEnabledSpecified = false; RRasServiceObj.WebApplicationProxyInstalled = false; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetWAPInstallStatus // Arguments : status - true/false // // Description : This function sets the XML nodes with true/false for WAP // installed/uninstalled status. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetWAPInstallStatus(int status) { if (null == RRasServiceObj) return; RRasServiceObj.WebApplicationProxyInstalled = Convert.ToBoolean(status); if (!RRasServiceObj.WebApplicationProxyInstalled) { RRasServiceObj.WebApplicationProxy = null; RRasServiceObj.WebApplicationProxyEnabled = false; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetRRASEnableStatus // Arguments : status - true/false // // Description : This function sets the XML nodes with true/false for RRAS // enabled/disabled status. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetRRASEnableStatus(int status) { if (null == RRasServiceObj) return; if (RRasServiceObj.RRASInstalled) { RRasServiceObj.VPNEnabled = Convert.ToBoolean(status); if (!RRasServiceObj.VPNEnabled) { RRasServiceObj.RRAS = null; } RRasServiceObj.VPNEnabledSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetWAPConfiguredStatus // Arguments : status - true/false // // Description : This function sets the XML nodes with true/false for Web // Application Proxy configuration status. Configured means that // post install was executed via PSH or UI // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetWAPConfiguredStatus(int status) { if (RRasServiceObj == null) return; if (RRasServiceObj.WebApplicationProxyInstalled) { RRasServiceObj.WebApplicationProxyEnabled = Convert.ToBoolean(status); RRasServiceObj.WebApplicationProxyEnabledSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : AddWAPCertificateError // Arguments : Two strings indicating the certificate error type and the // application in which the certificate is used. // // Description : Add a certificate error node to the XML // // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void AddWAPCertificateError(string certErrorType, string applicationName) { if (RRasServiceObj == null) { return; } //if the Web Application Proxy node is missing. create it. if (RRasServiceObj.WebApplicationProxy == null) { RRasServiceObj.WebApplicationProxy = new WebApplicationProxy(); } //Create the object that would be added WAP_InvalidCert invalidCert = new WAP_InvalidCert() { ApplicationName = applicationName, CertErrorType = certErrorType }; //Add the error to the invalid certs collection. RRasServiceObj.WebApplicationProxy.InvalidCerts.Add(invalidCert); } ////////////////////////////////////////////////////////////////////////////////// // Function Name : AddWAPAdditionalErrors // Arguments : A string indicating the error type // // Description : Add an additional error node to the XML // // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void AddWAPAdditionalErrors(string errorType) { if (RRasServiceObj == null) { return; } //if the Web Application Proxy node is missing. create it. if (RRasServiceObj.WebApplicationProxy == null) { RRasServiceObj.WebApplicationProxy = new WebApplicationProxy(); } //Create the object that would be added WAP_AdditionalError newError = new WAP_AdditionalError() { ErrorType = errorType }; //Add the error to the additional errors collection. RRasServiceObj.WebApplicationProxy.AdditionalErrors.Add(newError); } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateDirectAccessConfigured // Arguments : DAConfigured - true/false // // Description : This function sets the XML nodes with true/false for DAEnabled // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDirectAccessConfigured(int DAConfigured) { if (null == RRasServiceObj) return; if (RRasServiceObj.RRASInstalled) { RRasServiceObj.DAEnabled = Convert.ToBoolean(DAConfigured); if (!RRasServiceObj.DAEnabled) { RRasServiceObj.DA = null; } RRasServiceObj.DAEnabledSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateTopology // Arguments : Topology // // Description : This function sets the XML nodes for topology // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateTopology(DATopologyType TopologyType) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.Topology = TopologyType; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateNlbConfigured // Arguments : IsNlb // // Description : This function sets the XML nodes for Nlb configured // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNlbConfigured(int IsNlb) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.NLB = Convert.ToBoolean(IsNlb); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateNlsOnDas // Arguments : IsNlsOnDas // // Description : This function sets the XML nodes for Nls on DAS or not // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNlsOnDas(int IsNlsOnDas) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.NlsOnDAs = Convert.ToBoolean(IsNlsOnDas); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateDAinterfaces // Arguments : externalInterface, internalInterface // // Description : This function creates the internal and external interfaces and sets the XML nodes // for them // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAinterfaces(String externalInterface, String internalInterface) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.InterfaceList = new DAInterfaceList(); // populate external interface only in case of two nics if(RRasServiceObj.DA.Topology != DATopologyType.SingleNic) { RRasServiceObj.DA.InterfaceList.ExternalInterface = new DAInterface(); RRasServiceObj.DA.InterfaceList.ExternalInterface.Name = externalInterface; } RRasServiceObj.DA.InterfaceList.InternalInterface = new DAInterface(); RRasServiceObj.DA.InterfaceList.InternalInterface.Name = internalInterface; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateDAIntfIPv6CheckBox // Arguments : extv6Checked, intv6Checked // // Description : // // // Return value : // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAIntfIPv6CheckBox(int extv6Checked, int intv6Checked) { if (RRasServiceObj.DA.InterfaceList != null) { if (RRasServiceObj.DA.InterfaceList.ExternalInterface != null) { RRasServiceObj.DA.InterfaceList.ExternalInterface.v6checkbox = Convert.ToBoolean(extv6Checked); } if (RRasServiceObj.DA.InterfaceList.InternalInterface != null) { RRasServiceObj.DA.InterfaceList.InternalInterface.v6checkbox = Convert.ToBoolean(intv6Checked); } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateDAInterfacesCount // Arguments : // // Description : // // // Return value : // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAInterfacescount(int ExtInterfaceCount, int IntInterfaceCount) { if (RRasServiceObj.DA.InterfaceList != null) { if(RRasServiceObj.DA.InterfaceList.ExternalInterface != null) { if(ExtInterfaceCount > 1) { RRasServiceObj.DA.InterfaceList.ExternalInterface.MultipleNic = true; } else { RRasServiceObj.DA.InterfaceList.ExternalInterface.MultipleNic = false; } } if(RRasServiceObj.DA.InterfaceList.InternalInterface != null) { if(IntInterfaceCount > 1) { RRasServiceObj.DA.InterfaceList.InternalInterface.MultipleNic = true; } else { RRasServiceObj.DA.InterfaceList.InternalInterface.MultipleNic = false; } } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateDefaultGateWay // Arguments : // // Description : // // // Return value : // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDefaultGateWay(String DefGatewayIPv4, String DefGatewayIPv6) { if (RRasServiceObj.DA != null && RRasServiceObj.DA.InterfaceList != null) { DAInterface Interface = RRasServiceObj.DA.InterfaceList.ExternalInterface; if(RRasServiceObj.DA.Topology == DATopologyType.SingleNic) { Interface = RRasServiceObj.DA.InterfaceList.InternalInterface; } if(Interface != null) { if( DefGatewayIPv4 != null && DefGatewayIPv4 != string.Empty) { Interface.v4DefaultGateway = DefGatewayIPv4; } if( DefGatewayIPv6 != null && DefGatewayIPv6 != string.Empty) { Interface.v6DefaultGateway = DefGatewayIPv6; } } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateIntfAddressFamily // Arguments : // // Description : This function sets the XML nodes with DA.InterfaceList.External\Internal Interface's v4\v6 node. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIntfAddressFamily(int IPv4, int IPv6) { if (RRasServiceObj.DA.InterfaceList != null) { DAInterface Interface = RRasServiceObj.DA.InterfaceList.ExternalInterface; if(RRasServiceObj.DA.Topology == DATopologyType.SingleNic) { Interface = RRasServiceObj.DA.InterfaceList.InternalInterface; } if(Interface != null) { Interface.v4 = Convert.ToBoolean(IPv4); Interface.v4Specified = true; Interface.v6 = Convert.ToBoolean(IPv6); Interface.v6Specified = true; } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : // // Description : // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateInternalIntfConfigType(DAConfigIntType IntfConfigType) { if (RRasServiceObj.DA.InterfaceList != null && RRasServiceObj.DA.InterfaceList.InternalInterface != null ) { RRasServiceObj.DA.InterfaceList.InternalInterface.InterfaceConfigType = IntfConfigType; RRasServiceObj.DA.InterfaceList.InternalInterface.InterfaceConfigTypeSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : GetMgmtIPv6OutsideCorp // Arguments : // // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public System.Collections.Generic.List GetMgmtIPv6OutsideCorp(System.Collections.Hashtable MgmtServersIPv6, String[] CorpPrefixes) { System.Collections.Generic.List MgmtIPv6OutsideCorp = new System.Collections.Generic.List(); // all addresses of each management server should be part of corp prefix, if any one address is outside then // management server is considered outside corp prefix foreach(String Key in MgmtServersIPv6.Keys) { Subnet subnet = Subnet.Different; foreach(String address in MgmtServersIPv6[Key] as String[]) { subnet = Subnet.Different; foreach(String CorpPrefix in CorpPrefixes) { subnet = FindSubset(address, CorpPrefix); if (subnet == Subnet.Subset) { break; } } if(subnet == Subnet.Different) { break; } } if(subnet == Subnet.Different) { MgmtIPv6OutsideCorp.Add(Key); } } return MgmtIPv6OutsideCorp; } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateManagementServersNode // Arguments : none // // Description : This function simply creats the Management Servers node so taht Schemarton rule should kick in in cae of existence of management servers. // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateManagementServersNode() { if (RRasServiceObj.DA != null && RRasServiceObj.DA.ManagementServers == null) { RRasServiceObj.DA.ManagementServers = new DAManagementServers(); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateMgmtIPv6OutsideCorp // Arguments : // // Description : This function sets the XML nodes for IPv6 management servers which are outside corp prefix // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateMgmtIPv6OutsideCorp(String[] MgmtServersIPv6OutCorp) { if (MgmtServersIPv6OutCorp != null && MgmtServersIPv6OutCorp.Length > 0) { if (RRasServiceObj.DA.ManagementServers == null) { RRasServiceObj.DA.ManagementServers = new DAManagementServers(); } if (RRasServiceObj.DA != null && RRasServiceObj.DA.ManagementServers != null) { String[] MgmtServers = null; RRasServiceObj.DA.ManagementServers.OutSideCorpPrefix = new ManagementServer(); RRasServiceObj.DA.ManagementServers.OutSideCorpPrefix.ServerArray = Utilities.FormatList(MgmtServersIPv6OutCorp, ref MgmtServers); RRasServiceObj.DA.ManagementServers.OutSideCorpPrefix.Name = MgmtServers; } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : PopulateIPv4OnlyMgmtServers // Arguments : // // Description : This function sets the XML nodes for management servers which have only IPv4 address // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIPv4OnlyMgmtServers(String[] IPv4OnlyMgmtServers) { if (IPv4OnlyMgmtServers != null && IPv4OnlyMgmtServers.Length > 0) { if (RRasServiceObj.DA.ManagementServers == null) { RRasServiceObj.DA.ManagementServers = new DAManagementServers(); } if (RRasServiceObj.DA != null && RRasServiceObj.DA.ManagementServers != null) { String[] IPv4Servers = null; RRasServiceObj.DA.ManagementServers.IPv4Only = new ManagementServer(); RRasServiceObj.DA.ManagementServers.IPv4Only.ServerArray = Utilities.FormatList(IPv4OnlyMgmtServers, ref IPv4Servers); RRasServiceObj.DA.ManagementServers.IPv4Only.Name = IPv4Servers; } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : // // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDomainCompSGWithFilter(int value) { if( RRasServiceObj.DA != null ) { RRasServiceObj.DA.SGDomainCompWithFilter = Convert.ToBoolean(value); RRasServiceObj.DA.SGDomainCompWithFilterSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : // // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDNS64ReturnAAAA(int DNS64ReturnAAAA) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.DNS64ReturnsAAAA = Convert.ToBoolean(DNS64ReturnAAAA); RRasServiceObj.DA.DNS64ReturnsAAAASpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : // // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateISATAPResolutionInDASDomain(int IsResolve) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.IsatapResolving = Convert.ToBoolean(IsResolve); RRasServiceObj.DA.IsatapResolvingSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateISATAPResolutionInAllDomains(int IsResolve) { if(RRasServiceObj.DA != null) { RRasServiceObj.DA.IsatapResolveAll = Convert.ToBoolean(IsResolve); RRasServiceObj.DA.IsatapResolveAllSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : true/false // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateInfratunnelpolicyepChanged(int InfraTunnelEPChanged) { if(RRasServiceObj.DA != null ) { if (RRasServiceObj.DA.ChangeManagement == null) { RRasServiceObj.DA.ChangeManagement = new DAChangeManagement(); } RRasServiceObj.DA.ChangeManagement.MgmtServers = Convert.ToBoolean(InfraTunnelEPChanged); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : true/false // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAExtIntfAddrChanged(int ExtIntfAddrChanged) { if(RRasServiceObj.DA != null ) { if (RRasServiceObj.DA.ChangeManagement == null) { RRasServiceObj.DA.ChangeManagement = new DAChangeManagement(); } RRasServiceObj.DA.ChangeManagement.ExternalInterface = Convert.ToBoolean(ExtIntfAddrChanged); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : true/false // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAIntIntfAddrChanged(int IntIntfAddrChanged) { if(RRasServiceObj.DA != null ) { if (RRasServiceObj.DA.ChangeManagement == null) { RRasServiceObj.DA.ChangeManagement = new DAChangeManagement(); } RRasServiceObj.DA.ChangeManagement.InternalInterface = Convert.ToBoolean(IntIntfAddrChanged); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : TeredoConfigured - true/false , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateTeredoConfigured(int TeredoConfigured) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.ToredoConfigured = Convert.ToBoolean(TeredoConfigured); RRasServiceObj.DA.ToredoConfiguredSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : FirewallBlockTeredo - true/false , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateFirewallBlockTeredo(int FirewallBlockTeredo) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.FirewallBlocksTeredo = Convert.ToBoolean(FirewallBlockTeredo); RRasServiceObj.DA.FirewallBlocksTeredoSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : IsCertExpire - true/false , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateCertConfig(int CertExpireSoon, DACERTTYPE CertType) { if(RRasServiceObj.DA != null ) { if(RRasServiceObj.DA.Certificates == null ) { RRasServiceObj.DA.Certificates = new DACertificates(); } if(CertType == DACERTTYPE.IPSec) { RRasServiceObj.DA.Certificates.IpSecAboutToExpire = Convert.ToBoolean(CertExpireSoon); RRasServiceObj.DA.Certificates.IpSecAboutToExpireSpecified = true; } else if(CertType == DACERTTYPE.Ssl) { RRasServiceObj.DA.Certificates.SslAboutToExpire = Convert.ToBoolean(CertExpireSoon); RRasServiceObj.DA.Certificates.SslAboutToExpireSpecified = true; } else if(CertType == DACERTTYPE.Nls) { RRasServiceObj.DA.Certificates.NlsAboutToExpire = Convert.ToBoolean(CertExpireSoon); RRasServiceObj.DA.Certificates.NlsAboutToExpireSpecified = true; } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateE2ETracing(int E2ETracingOnLonger) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.E2ETraceEnabledLong = Convert.ToBoolean(E2ETracingOnLonger); RRasServiceObj.DA.E2ETraceEnabledLongSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateInboxAccounting(int IsNotInboxAcct) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.InBoxAccounting = Convert.ToBoolean(IsNotInboxAcct); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateServerHealth(int ServerHealth, System.Collections.Generic.List ErrorComponents) { if (RRasServiceObj.DA != null) { RRasServiceObj.DA.IsServerHealthGood = Convert.ToBoolean(ServerHealth); if (!Convert.ToBoolean(ServerHealth)) { String[] HealthIssues = null; RRasServiceObj.DA.ServerHealthIssue = new DAServerHealthIssues(); RRasServiceObj.DA.ServerHealthIssue.NameArray = Utilities.FormatList(ErrorComponents.ToArray(), ref HealthIssues); RRasServiceObj.DA.ServerHealthIssue.Name = HealthIssues; } } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIsMultiSite(int IsMultiSite) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsMultiSite = Convert.ToBoolean(IsMultiSite); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateConnectToExemption(int exemptionpresent) { if(RRasServiceObj.DA != null ) { if(RRasServiceObj.DA.Policies == null) { RRasServiceObj.DA.Policies = new NRPTPolicies(); } RRasServiceObj.DA.Policies.ConnectToExempted = Convert.ToBoolean(exemptionpresent); RRasServiceObj.DA.Policies.ConnectToExemptedSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateMultiSite(int CloseDCUsed, String CloseDC, int ADSiteValid) { if(RRasServiceObj.DA != null ) { if(RRasServiceObj.DA.MultiSite == null) { RRasServiceObj.DA.MultiSite = new DAMultiSite(); } RRasServiceObj.DA.MultiSite.CloseDCUsed = Convert.ToBoolean(CloseDCUsed); RRasServiceObj.DA.MultiSite.CloseDC = CloseDC; RRasServiceObj.DA.MultiSite.ADSiteValid = Convert.ToBoolean(ADSiteValid); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNCSI(int NCSIDnsProbeResolve, int NCSIWebProbeReachable) { if(RRasServiceObj.DA != null ) { if(RRasServiceObj.DA.NCSI == null) { RRasServiceObj.DA.NCSI = new DANCSI(); } RRasServiceObj.DA.NCSI.DNSProbeResolve = Convert.ToBoolean(NCSIDnsProbeResolve); RRasServiceObj.DA.NCSI.WebProbeReachable = Convert.ToBoolean(NCSIWebProbeReachable); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNCAResReachable(int NCAResourcesReachable) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.NCAResourceReachable = Convert.ToBoolean(NCAResourcesReachable); RRasServiceObj.DA.NCAResourceReachableSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateFirewallOn(int FirewallOn) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.FirewallON = Convert.ToBoolean(FirewallOn); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDownLevelConfigured(int DownLevel) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.DownLevel = Convert.ToBoolean(DownLevel); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateForceTunnelAndKerProxyConfigured(int ForceTunnelAndKerProxy) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.ForceTunnelAndKerProxy = Convert.ToBoolean(ForceTunnelAndKerProxy); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDCInstalled(int DCInstalled) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.DCInstalled = Convert.ToBoolean(DCInstalled); RRasServiceObj.DA.DCInstalledSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNetAdapterBindingOrder(int IsNetAdapterBindingOrderCorrect) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsNetAdapterBindingOrderCorrect = Convert.ToBoolean(IsNetAdapterBindingOrderCorrect); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateSanAndSujectNameConfigured(int IsSanAndSubjectName) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsSanAndSubjectName = Convert.ToBoolean(IsSanAndSubjectName); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIPHTTPSHasPrivateKey(int IPHTTPSHasPrivateKey, string IPHTTPSCertName) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IPHTTPSHasPrivateKey = Convert.ToBoolean(IPHTTPSHasPrivateKey); RRasServiceObj.DA.IPHTTPSCertName = Convert.ToString(IPHTTPSCertName); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDAPolicyPresent(int IsDAPolicyPresent) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsDAPolicyPresent = Convert.ToBoolean(IsDAPolicyPresent); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateSupportEmailConfigured(int IsSupportEmailConfigured) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsSupportEmailConfigured = Convert.ToBoolean(IsSupportEmailConfigured); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDefaultGWConfig(int IsDefaultGWConfigProper) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsDefaultGWConfigProper = Convert.ToBoolean(IsDefaultGWConfigProper); RRasServiceObj.DA.IsDefaultGWConfigProperSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateInvalidNrptExpPresent(int IsInvalidNrptExpPresent) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsInvalidNrptExpPresent = Convert.ToBoolean(IsInvalidNrptExpPresent); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDNS64AcptIfaceConfigValid(int IsDNS64AcptIfaceConfigValid) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsDNS64AcptIfaceConfigValid = Convert.ToBoolean(IsDNS64AcptIfaceConfigValid); RRasServiceObj.DA.IsDNS64AcptIfaceConfigValidSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateDNSAddrConfigValid(int IsDNSAddrConfigValid) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsDNSAddrConfigValid = Convert.ToBoolean(IsDNSAddrConfigValid); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIpHttpsCdpState(int IsIpHttpsCdpReachable) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsIpHttpsCdpReachable = Convert.ToBoolean(IsIpHttpsCdpReachable); RRasServiceObj.DA.IsIpHttpsCdpReachableSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNlsCdpState(int IsNlsCdpReachable) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsNlsCdpReachable = Convert.ToBoolean(IsNlsCdpReachable); RRasServiceObj.DA.IsNlsCdpReachableSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateNonPingProbesConfigured(int IsNonPingProbesConfigured) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsNonPingProbesConfigured = Convert.ToBoolean(IsNonPingProbesConfigured); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : // Arguments : , // Description : // // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void PopulateIsatapDnsRecordsProper(int IsIsatapDnsRecordsProper) { if(RRasServiceObj.DA != null ) { RRasServiceObj.DA.IsIsatapDnsRecordsProper = Convert.ToBoolean(IsIsatapDnsRecordsProper); RRasServiceObj.DA.IsIsatapDnsRecordsProperSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetRRASServiceStatus // Arguments : status - true/false // // Description : This function sets the XML nodes with true/false for RRAS // service status. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetRRASServiceStatus(int status) { if ((RRasServiceObj != null) && (RRasServiceObj.RRAS != null)) { RRasServiceObj.RRAS.RRASRunning = Convert.ToBoolean(status); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetLoggingEnable // Arguments : flag - logging type // // Description : This function sets the XML nodes with true/false for logging // enabled // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetLoggingEnable(int flag) { if ((RRasServiceObj != null) && (RRasServiceObj.RRAS != null)) { RRasServiceObj.RRAS.LoggingEnabled = Convert.ToBoolean(flag); } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetRouterType // Arguments : routerType - router config settings // // Description : This function sets the XML nodes with the RRAS service (VPN/Routing) // configurations. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetRouterType(int routerType) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; MIB_IPSTATS stats = new MIB_IPSTATS(); RRasServiceObj.RRAS.VpnEnabled = (Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_RAS_IPV4) || Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_RAS_IPV6)); uint error = NativeMethods.GetIpStatisticsEx(out stats, (uint)System.Net.Sockets.ProtocolFamily.InterNetwork); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } if (Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_LAN_IPV4) || Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_WAN_IPV4)) { if (null == RRasServiceObj.RRAS.IPv4Router) { RRasServiceObj.RRAS.IPv4Router = new RouterConfiguration(); } RRasServiceObj.RRAS.IPv4Router.RoutingConfigured = true; RRasServiceObj.RRAS.IPv4Router.LanAndDemandDialEnabled = Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_WAN_IPV4); if (stats.dwForwarding == 0x01) { RRasServiceObj.RRAS.IPv4Router.ForwardingEnabled = true; } } else { RRasServiceObj.RRAS.IPv4Router = null; } error = NativeMethods.GetIpStatisticsEx(out stats, (uint)System.Net.Sockets.ProtocolFamily.InterNetworkV6); if (HRESULT.ERROR_SUCCESS != (HRESULT)error) { throw new RRASException(error); } if (Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_LAN_IPV6) || Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_WAN_IPV6)) { if (null == RRasServiceObj.RRAS.IPv6Router) { RRasServiceObj.RRAS.IPv6Router = new RouterConfiguration(); } RRasServiceObj.RRAS.IPv6Router.RoutingConfigured = true; RRasServiceObj.RRAS.IPv6Router.LanAndDemandDialEnabled = Convert.ToBoolean(routerType & NativeConstants.ROUTER_ROLE_WAN_IPV6); if (stats.dwForwarding == 0x01) { RRasServiceObj.RRAS.IPv6Router.ForwardingEnabled = true; } } else { RRasServiceObj.RRAS.IPv6Router = null; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetIKEServiceStatus // Arguments : status - true/false // // Description : This function sets the XML node with the IKEEXT service status // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetIKEServiceStatus(int status) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; bool ikeExtServiceRequired = false; if (((RRasServiceObj.RRAS.VpnEnabled) || IsDemandDialEnabled())) { foreach (Port p in RRasServiceObj.RRAS.Port) { if (((p.Protocol == IKE_PROTOCOL_STRING) || (p.Protocol == L2TP_PROTOCOL_STRING)) && (Convert.ToInt32(p.PortCount) > 0)) { ikeExtServiceRequired = true; break; } } } if (ikeExtServiceRequired) { RRasServiceObj.RRAS.IKEEXTRunning = Convert.ToBoolean(status); RRasServiceObj.RRAS.IKEEXTRunningSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetIKECertificateStatus // Arguments : CertStatus - CertificateType enumeration // // Description : This function sets the XML node with the CertificateType // enumeration based on valid IKEv2 certificaes // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetIKECertificateStatus(CertificateType CertStatus) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; bool ikeCertFieldRequired = false; if (RRasServiceObj.RRAS.VpnEnabled) { foreach (Port p in RRasServiceObj.RRAS.Port) { if ( (p.Protocol == IKE_PROTOCOL_STRING) && (Convert.ToInt32(p.PortCount) > 0)) { ikeCertFieldRequired = true; break; } } } if (ikeCertFieldRequired) { RRasServiceObj.RRAS.ValidIKEv2Certificates = CertStatus; RRasServiceObj.RRAS.ValidIKEv2CertificatesSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetSSTPCertificateStatus // Arguments : CertStatus - CertificateType enumeration // // Description : This function sets the XML node with the CertificateType // enumeration based on valid SSTP certificaes // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetSSTPCertificateStatus(CertificateType CertStatus) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; bool sstpCertFieldRequired = false; if (RRasServiceObj.RRAS.VpnEnabled) { foreach (Port p in RRasServiceObj.RRAS.Port) { if ( (p.Protocol == SSTP_PROTOCOL_STRING) && (Convert.ToInt32(p.PortCount) > 0)) { sstpCertFieldRequired = true; break; } } } if (sstpCertFieldRequired) { RRasServiceObj.RRAS.ValidSSTPCertificates = CertStatus; RRasServiceObj.RRAS.ValidSSTPCertificatesSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetIKECertificateIKEIntermediateStatus // Arguments : CertCount - Count of valid certs with EKU IKE Intermediate. // // Description : This function sets the XML node with the IKECertificateType // enumeration based on number of valid certificaes with EKU having // IKE Inttermediate. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetIKECertificateIKEIntermediateStatus(int CertCount) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; bool ikeCertFieldRequired = false; if (RRasServiceObj.RRAS.VpnEnabled) { foreach (Port p in RRasServiceObj.RRAS.Port) { if ( (p.Protocol == IKE_PROTOCOL_STRING) && (Convert.ToInt32(p.PortCount) > 0)) { ikeCertFieldRequired = true; break; } } } if (ikeCertFieldRequired) { // IKE certificate is valid if there is exactly one certificate having the IP // security IKE intermediate in its EKU property is present in the certificate store. // if(CertCount == 1) { RRasServiceObj.RRAS.IKEv2CertIkeIntermediate = IKECertificateType.OneValidIKECert; } else { RRasServiceObj.RRAS.IKEv2CertIkeIntermediate = IKECertificateType.NoValidIKECert; } RRasServiceObj.RRAS.IKEv2CertIkeIntermediateSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetNATCertificates // Arguments : certificates - string containing certificate names. // // Description : This function sets the XML node with the names of all the // certificates which are possibly valid (i.e their certificate name // or IP address does not match the server name/IP). // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetNATCertificates(string certificates) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null) || (certificates.Length == 0)) return; bool CertFieldRequired = false; if (RRasServiceObj.RRAS.VpnEnabled) { foreach (Port p in RRasServiceObj.RRAS.Port) { if ( ((p.Protocol == IKE_PROTOCOL_STRING) || (p.Protocol == SSTP_PROTOCOL_STRING) ) && (Convert.ToInt32(p.PortCount) > 0)) { CertFieldRequired = true; break; } } } if (CertFieldRequired) { RRasServiceObj.RRAS.CertInvalidName = certificates; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetSSTPSpecifiedCert // Arguments : certs - total number of certs. // // Description : This function sets the XML node for whether a specific SSTP // certificate is configured on the RRAS server // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetSSTPSpecifiedCert(int certs) { bool sstpPortRequired = false; if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; if (RRasServiceObj.RRAS.VpnEnabled) { foreach (Port p in RRasServiceObj.RRAS.Port) { if ( (p.Protocol == SSTP_PROTOCOL_STRING) && (Convert.ToInt32(p.PortCount) > 0)) { sstpPortRequired = true; break; } } } if(!sstpPortRequired || (certs ==0)) { return; } if(certs > 1) { GetServerInfo(); RRasServiceObj.RRAS.SSTPDefaultCert = serverInfo.ConfigParams.SstpConfigParams.sstpCertDetails.isDefault; RRasServiceObj.RRAS.SSTPDefaultCertSpecified = true; } else if(certs == 1) { RRasServiceObj.RRAS.SSTPDefaultCert = false; RRasServiceObj.RRAS.SSTPDefaultCertSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetAuthentication // Arguments : status - true/false // // Description : This function sets the XML node for whether a weak authentication // like PAP CHAP MSCHAPv2 is selected. // // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetAuthentication(int status) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; if (RRasServiceObj.RRAS.VpnEnabled) { RRasServiceObj.RRAS.AuthenticationMethods = Convert.ToBoolean(status); RRasServiceObj.RRAS.AuthenticationMethodsSpecified = true; } } ////////////////////////////////////////////////////////////////////////////////// // Function Name : SetNetworkAdapter // Arguments : status - true/false // // Description : This function sets the XML node for a specific LAN Adapter when // RRAS is requesting DHCP addresses . // Return value : none // ////////////////////////////////////////////////////////////////////////////////// public void SetNetworkAdapter(int status) { if ((RRasServiceObj == null) || (RRasServiceObj.RRAS == null)) return; RRasServiceObj.RRAS.RasAdapter = Convert.ToBoolean(status); RRasServiceObj.RRAS.RasAdapterSpecified = true; } ////////////////////////////////////////////////////////////////////////////////// // Function Name : CertGetEnhancedKeyUsageProperty // Arguments : CertHandle - Handle to the certificate // // Description : This function gets the EKU property for the certificates . // Return value : string [] // ////////////////////////////////////////////////////////////////////////////////// public string[] CertGetEnhancedKeyUsageProperty(System.IntPtr CertHandle) { uint flag = 0; uint size = 0; int err = 0; List oids = new List(); bool fCert = NativeMethods.CertGetEnhancedKeyUsage(CertHandle,flag, IntPtr.Zero, ref size) ; if( fCert == false) { throw new RRASException((uint)err); } IntPtr certUsage = Marshal.AllocHGlobal((int)size); fCert = NativeMethods.CertGetEnhancedKeyUsage(CertHandle,flag, certUsage, ref size) ; if( fCert == false) { Marshal.FreeHGlobal(certUsage); throw new RRASException((uint)err); } CERT_ENHKEY_USAGE cert = (CERT_ENHKEY_USAGE)Marshal.PtrToStructure(certUsage, typeof(CERT_ENHKEY_USAGE)); for(uint i=0; i /// A NET_LUID as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// Bits Usage /// [0-23] Reserved /// [24-47] NetLuidIndex /// [48-63] IfType /// [StructLayout(LayoutKind.Sequential)] internal struct NET_LUID { internal ulong Value; } /// /// A NET_IFINDEX as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// [StructLayout(LayoutKind.Sequential)] internal struct NET_IFINDEX { internal uint Value; } /// /// The TUNNEL_TYPE as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum TUNNEL_TYPE { TUNNEL_TYPE_NONE = 0, TUNNEL_TYPE_OTHER = 1, TUNNEL_TYPE_DIRECT = 2, TUNNEL_TYPE_6TO4 = 11, TUNNEL_TYPE_ISATAP = 13, TUNNEL_TYPE_TEREDO = 14, TUNNEL_TYPE_IPHTTPS = 15 } /// /// The NET_IF_CONNECTION_TYPE as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum NET_IF_CONNECTION_TYPE { NET_IF_CONNECTION_DEDICATED = 1, NET_IF_CONNECTION_PASSIVE = 2, NET_IF_CONNECTION_DEMAND = 3, NET_IF_CONNECTION_MAXIMUM = 4 } /// /// The IF_OPER_STATUS as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// public enum IF_OPER_STATUS { IfOperStatusUp = 1, IfOperStatusDown, IfOperStatusTesting, IfOperStatusUnknown, IfOperStatusDormant, IfOperStatusNotPresent, IfOperStatusLowerLayerDown } /// /// The NET_IF_ADMIN_STATUS as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum NET_IF_ADMIN_STATUS { NET_IF_ADMIN_STATUS_UP = 1, NET_IF_ADMIN_STATUS_DOWN = 2, NET_IF_ADMIN_STATUS_TESTING = 3 } /// /// The NET_IF_MEDIA_CONNECT_STATE as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum NET_IF_MEDIA_CONNECT_STATE { MediaConnectStateUnknown, MediaConnectStateConnected, MediaConnectStateDisconnected } /// /// The NDIS_MEDIUM as defined in /// %sdxroot%\minio\published\inc\net\ntddndis.w. /// /// N.B. We dont do any versioning here. /// internal enum NDIS_MEDIUM { NdisMedium802_3, NdisMedium802_5, NdisMediumFddi, NdisMediumWan, NdisMediumLocalTalk, NdisMediumDix, NdisMediumArcnetRaw, NdisMediumArcnet878_2, NdisMediumAtm, NdisMediumWirelessWan, NdisMediumIrda, NdisMediumBpc, NdisMediumCoWan, NdisMedium1394, NdisMediumInfiniBand, NdisMediumTunnel, NdisMediumNative802_11, NdisMediumLoopback, NdisMediumWiMAX, NdisMediumIP, NdisMediumMax } /// /// The NDIS_PHYSICAL_MEDIUM as defined in /// %sdxroot%\minio\published\inc\net\ntddndis.w. /// internal enum NDIS_PHYSICAL_MEDIUM { NdisPhysicalMediumUnspecified, NdisPhysicalMediumWirelessLan, NdisPhysicalMediumCableModem, NdisPhysicalMediumPhoneLine, NdisPhysicalMediumPowerLine, NdisPhysicalMediumDSL, NdisPhysicalMediumFibreChannel, NdisPhysicalMedium1394, NdisPhysicalMediumWirelessWan, NdisPhysicalMediumNative802_11, NdisPhysicalMediumBluetooth, NdisPhysicalMediumInfiniband, NdisPhysicalMediumWiMax, NdisPhysicalMediumUWB, NdisPhysicalMedium802_3, NdisPhysicalMedium802_5, NdisPhysicalMediumIrda, NdisPhysicalMediumWiredWAN, NdisPhysicalMediumWiredCoWan, NdisPhysicalMediumOther, NdisPhysicalMediumMax } /// /// The NET_IF_ACCESS_TYPE as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum NET_IF_ACCESS_TYPE { NET_IF_ACCESS_LOOPBACK = 1, NET_IF_ACCESS_BROADCAST = 2, NET_IF_ACCESS_POINT_TO_POINT = 3, NET_IF_ACCESS_POINT_TO_MULTI_POINT = 4, NET_IF_ACCESS_MAXIMUM = 5 } /// /// The NET_IF_DIRECTION_TYPE as defined in /// %sdxroot%\minio\published\inc\net\ifdef.w. /// internal enum NET_IF_DIRECTION_TYPE { NET_IF_DIRECTION_SENDRECEIVE, NET_IF_DIRECTION_SENDONLY, NET_IF_DIRECTION_RECEIVEONLY, NET_IF_DIRECTION_MAXIMUM } /// /// The MIB_IPINTERFACE_ROW as defined in /// %sdxroot%\minio\published\inc\net\netioapi.w /// [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] internal struct MIB_IF_ROW2 { // // Key structure. Sorted by preference. // internal NET_LUID InterfaceLuid; internal NET_IFINDEX InterfaceIndex; // // Read-Only fields. // internal Guid InterfaceGuid; [MarshalAs( UnmanagedType.ByValTStr, SizeConst = IF_MAX_STRING_SIZE + 1)] internal string Alias; [MarshalAs( UnmanagedType.ByValTStr, SizeConst = IF_MAX_STRING_SIZE + 1)] internal string Description; internal uint PhysicalAddressLength; [MarshalAs( UnmanagedType.ByValArray, SizeConst = IF_MAX_PHYS_ADDRESS_LENGTH)] internal byte[] PhysicalAddress; [MarshalAs( UnmanagedType.ByValArray, SizeConst = IF_MAX_PHYS_ADDRESS_LENGTH)] internal byte[] PermanentPhysicalAddress; internal uint Mtu; // // See %sdxroot%\minio\published\inc\net\ipifcons.w for the // various IFTYPE values. // internal uint Type; internal TUNNEL_TYPE TunnelType; internal NDIS_MEDIUM MediaType; internal NDIS_PHYSICAL_MEDIUM PhysicalMediumType; internal NET_IF_ACCESS_TYPE AccessType; internal NET_IF_DIRECTION_TYPE DirectionType; // // Bits Usage // 0 HardwareInterface // 1 FilterInterface // 2 ConnectorPresent // 3 NotAuthenticated // 4 NotMediaConnected // 5 Paused // 6 LowPower // 7 EndPointInterface // byte InterfaceAndOperStatusFlags; internal IF_OPER_STATUS OperStatus; internal NET_IF_ADMIN_STATUS AdminStatus; internal NET_IF_MEDIA_CONNECT_STATE MediaConnectState; internal Guid NetworkGuid; internal NET_IF_CONNECTION_TYPE ConnectionType; // // Statistics. // internal ulong TransmitLinkSpeed; internal ulong ReceiveLinkSpeed; internal ulong InOctets; internal ulong InUcastPkts; internal ulong InNUcastPkts; internal ulong InDiscards; internal ulong InErrors; internal ulong InUnknownProtos; internal ulong InUcastOctets; internal ulong InMulticastOctets; internal ulong InBroadcastOctets; internal ulong OutOctets; internal ulong OutUcastPkts; internal ulong OutNUcastPkts; internal ulong OutDiscards; internal ulong OutErrors; internal ulong OutUcastOctets; internal ulong OutMulticastOctets; internal ulong OutBroadcastOctets; internal ulong OutQLen; } [DllImport( "iphlpapi.dll", CharSet = CharSet.Unicode, SetLastError = false)] internal static extern uint ConvertInterfaceGuidToLuid( ref Guid InterfaceGuid, out NET_LUID InterfaceLuid ); [DllImport( "iphlpapi.dll", CharSet = CharSet.Unicode, SetLastError = false)] internal static extern uint GetIfEntry2( ref MIB_IF_ROW2 Row ); /// /// This routine determines the tunnel type for the specified /// interface. The caller is responsible for passing in a tunnel /// NIC. /// /// /// Supplies the interface to query for the tunnel type. /// /// /// Returns the tunnel type. /// /// /// Success on success, /// Appropriate error code otherwise. /// public static bool GetTunnelType( NetworkInterface Nic, out Iphlpapi.TUNNEL_TYPE TunnelType ) { MIB_IF_ROW2 NicRow; Guid NicGuid; NET_LUID NicLuid; bool Status = true; uint WinError = 0; TunnelType = TUNNEL_TYPE.TUNNEL_TYPE_NONE; NicGuid = new Guid(Nic.Id); NicLuid = new NET_LUID(); WinError = ConvertInterfaceGuidToLuid(ref NicGuid, out NicLuid); if (WinError != 0) { Status = false; goto error; } NicRow = new MIB_IF_ROW2(); NicRow.InterfaceLuid = NicLuid; WinError = GetIfEntry2(ref NicRow); if (WinError != 0) { Status = false; goto error; } TunnelType = NicRow.TunnelType; error: return Status; } } public class Utilities { public static long InfiniteLifetime = 0xffffffff; public static bool IsPublicIpv4Address(Byte[] AddressBytes) { bool IsPublicIpv4 = false; // // This skips 127/8, , 10/8, 169.254/16, 172.16/12, 192.168/16 if (AddressBytes[0] == 0x7f || AddressBytes[0] == 0x0a || (AddressBytes[0] == 0xa9 && AddressBytes[1] == 0xfe) || (AddressBytes[0] == 0xc0 && AddressBytes[1] == 0xa8) || (AddressBytes[0] == 0xac && (AddressBytes[1] >= 0x10 && AddressBytes[1] <= 0x1F))) { goto error; } IsPublicIpv4 = true; error: return IsPublicIpv4; } public static ArrayList PruneNonSequentialv4Address(ArrayList SuitableAddresses) { int Index = 0; bool sequence = false; ArrayList toDelete = new ArrayList(); for (Index = 0; Index < SuitableAddresses.Count; Index++) { if (Index == (SuitableAddresses.Count - 1))//last entry { if (!sequence) { toDelete.Add(Index); } break; } // 2.1.1.255 and 2.1.2.0 are consecutive if sorted according to bytes however these are not valid consecutive addresses // for teredo to function. Ignoring all addresses with fourth octet as 255 for consecutive check. // NOTE: The assumption made here is that all the addresses are sorted in ascending order. if (((IPAddress)SuitableAddresses[Index]).GetAddressBytes()[3] == 0xff) { if (!sequence) { toDelete.Add(Index); } sequence = false; continue; } byte[] addr1 = ((IPAddress)SuitableAddresses[Index]).GetAddressBytes(); byte[] addr2 = ((IPAddress)SuitableAddresses[Index + 1]).GetAddressBytes(); int lAddr1 = IPAddress.HostToNetworkOrder(BitConverter.ToInt32(addr1, 0)); int lAddr2 = IPAddress.HostToNetworkOrder(BitConverter.ToInt32(addr2, 0)); if (lAddr1 - lAddr2 == (int)1 || lAddr2 - lAddr1 == (int)1) { sequence = true; } else { if (!sequence) { toDelete.Add(Index); } sequence = false; } } for (Index = toDelete.Count - 1; Index >= 0; Index--) { SuitableAddresses.RemoveAt((int)toDelete[Index]); } return SuitableAddresses; } public static ArrayList GetTeredoServerVirtualIpCandidates(bool nlbDeployed, bool isExternalnlb, List InternetVIPs) { ArrayList SuitableAddresses = null; IPAddress Address = null; CompareIPAddress Comparer = null; SuitableAddresses = new ArrayList(); if (nlbDeployed && isExternalnlb) { foreach (string addr in InternetVIPs) { string ip = addr.Split('/')[0]; Address = IPAddress.Parse(ip); if (Address.AddressFamily != System.Net.Sockets.AddressFamily.InterNetwork) { continue; } if (!Utilities.IsPublicIpv4Address(Address.GetAddressBytes())) { continue; } SuitableAddresses.Add(Address); } if (SuitableAddresses.Count > 1) { Comparer = new CompareIPAddress(); SuitableAddresses.Sort(Comparer); } // // Prune out the entries that are not part of a sequence. SuitableAddresses = PruneNonSequentialv4Address(SuitableAddresses); } return SuitableAddresses; } public static ArrayList GetTeredoServerIpCandidates(NetworkInterface Nic, bool nlbDeployed, bool isExternalnlb, List InternetVIPs) { ArrayList SuitableAddresses = null; IPInterfaceProperties NicProperties = null; UnicastIPAddressInformation AddressInfo = null; IPAddress Address = null; CompareIPAddress Comparer = null; int Index = 0; SuitableAddresses = new ArrayList(); NicProperties = Nic.GetIPProperties(); for (Index = 0; Index < NicProperties.UnicastAddresses.Count; Index++) { AddressInfo = NicProperties.UnicastAddresses[Index]; if (AddressInfo.Address.AddressFamily != System.Net.Sockets.AddressFamily.InterNetwork) { continue; } if (!Utilities.IsPublicIpv4Address(AddressInfo.Address.GetAddressBytes())) { continue; } // // REVIEW: How about 192.168/16 and 10.10/16? Do these // work correctly for Teredo? // if (AddressInfo.AddressValidLifetime != InfiniteLifetime) { continue; } Address = new IPAddress(AddressInfo.Address.GetAddressBytes()); // For Windows NLB case, it must be part of VIP if (!nlbDeployed || isExternalnlb || !string.IsNullOrEmpty(InternetVIPs.Find(x => (x.Split('/')[0]).Equals(Address.ToString())))) { SuitableAddresses.Add(Address); } } if (SuitableAddresses.Count > 1) { Comparer = new CompareIPAddress(); SuitableAddresses.Sort(Comparer); } // // Prune out the entries that are not part of a sequence. SuitableAddresses = PruneNonSequentialv4Address(SuitableAddresses); return SuitableAddresses; } public static bool IsV6IP(string ipv6) { IPAddress ip; return (IPAddress.TryParse(ipv6, out ip) && ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && !ip.Equals(IPAddress.Parse("::0")) && !ip.IsIPv6LinkLocal && !ip.IsIPv6Multicast && !ip.IsIPv6SiteLocal); } public static readonly string DaIsatapPublicAddressId = ":200:5efe:"; public static readonly string DaIsatapPrivateAddressId = ":0:5efe:"; public static string[] GetV6AddressesFromV4(IPAddress ipV4Address, string nat64prefix, string isatapprefix, DAConfigIntType internalConfig) { List V6AddrList = new List(); if (internalConfig == DAConfigIntType.V4 && !string.IsNullOrEmpty(isatapprefix)) { string IsatapAddress = GetV6AddressFromV4WithIsatap(ipV4Address, isatapprefix); if (!string.IsNullOrEmpty(IsatapAddress)) { V6AddrList.Add(IsatapAddress); } } if(internalConfig != DAConfigIntType.PureV6 && !string.IsNullOrEmpty(nat64prefix)) { string Nat64Address = GetV6AddressFromV4WithNat64Prefix(ipV4Address, nat64prefix); if (!string.IsNullOrEmpty(Nat64Address)) { V6AddrList.Add(Nat64Address); } } return V6AddrList.ToArray(); } public static string GetV6AddressFromV4WithNat64Prefix(IPAddress ipV4Address, string prefix) { if (null == ipV4Address || string.IsNullOrEmpty(prefix)) { return null; } string ipV6Address; string[] prefixSplit = prefix.Split('/'); if (prefixSplit != null) { byte prefixLength = Byte.Parse(prefixSplit[1], System.Globalization.CultureInfo.InvariantCulture); if (prefixLength != 96) { return null; } prefix = prefixSplit[0]; prefix = prefix.TrimEnd(':'); } byte[] ipv4AddrBytes = ipV4Address.GetAddressBytes(); IPAddress nat64Addr = IPAddress.Parse(prefix + "::0"); byte[] nat64AddrBytes = nat64Addr.GetAddressBytes(); nat64AddrBytes[12] = ipv4AddrBytes[0]; nat64AddrBytes[13] = ipv4AddrBytes[1]; nat64AddrBytes[14] = ipv4AddrBytes[2]; nat64AddrBytes[15] = ipv4AddrBytes[3]; ipV6Address = new IPAddress(nat64AddrBytes).ToString(); return ipV6Address; } public static string GetV6AddressFromV4WithIsatap(IPAddress ipV4Address, string prefix) { if (null == ipV4Address) { return null; } string ipV6Address; string[] prefixSplit = prefix.Split('/'); if (prefixSplit != null) { prefix = prefixSplit[0]; prefix = prefix.TrimEnd(':'); } if (IsPublicIpv4Address(ipV4Address.GetAddressBytes())) { ipV6Address = prefix + DaIsatapPublicAddressId + ipV4Address.ToString(); } else { ipV6Address = prefix + DaIsatapPrivateAddressId + ipV4Address.ToString(); } return ipV6Address; } /// /// This routine identifies a IP - TLS NIC given the parent NIC. The /// match is determined by comparing the name generated for the /// interface to the specified name. /// /// /// Supplies the set of NICs to examine. /// /// /// Supplies the name to look for. /// /// /// Returns the IP - TLS NIC if found, null otherwise. /// /// /// Success if found, /// Appropriate error code otherwise. /// public static bool IdentifyIpHttpsNic(NetworkInterface[] Nics, out NetworkInterface IpHttpsNic ) { NetworkInterface Nic = null; bool Status = true; Iphlpapi.TUNNEL_TYPE TunnelType = Iphlpapi.TUNNEL_TYPE.TUNNEL_TYPE_NONE; int NicIndex = 0; for (NicIndex = 0; NicIndex < Nics.Length; NicIndex++) { Nic = Nics[NicIndex]; if (Nic.OperationalStatus != OperationalStatus.Up) { continue; } if (Nic.NetworkInterfaceType != NetworkInterfaceType.Tunnel) { continue; } Status = Iphlpapi.GetTunnelType(Nic, out TunnelType); if (Status && TunnelType == Iphlpapi.TUNNEL_TYPE.TUNNEL_TYPE_IPHTTPS) { break; } } if (NicIndex < Nics.Length) { IpHttpsNic = Nics[NicIndex]; } else { IpHttpsNic = null; Status = false; } return Status; } public static String FormatList(String[] Items, ref String[] Name) { Name = new String[Items.Length]; StringBuilder NameArray = new StringBuilder(); for (int i = 0; i < Items.Length; i++) { String item = Items[i] as System.String; Name[i] = item; NameArray.Append(item); if (i < Items.Length - 1) { NameArray.Append(", "); } } return NameArray.ToString(); } public enum COMPUTER_NAME_FORMAT { ComputerNameNetBIOS, ComputerNameDnsHostname, ComputerNameDnsDomain, ComputerNameDnsFullyQualified, ComputerNamePhysicalNetBIOS, ComputerNamePhysicalDnsHostname, ComputerNamePhysicalDnsDomain, ComputerNamePhysicalDnsFullyQualified, ComputerNameMax } [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern int GetComputerNameEx(COMPUTER_NAME_FORMAT NameType, [Out] StringBuilder lpBuffer, ref uint lpnSize); public static String GetPrimaryDnsSuffix() { int result; const int MAX_LEN = 256; uint bufferSize = (uint)MAX_LEN; StringBuilder buffer = new StringBuilder((int)bufferSize); string dnsSuffix = string.Empty; result = GetComputerNameEx(COMPUTER_NAME_FORMAT.ComputerNameDnsDomain, buffer, ref bufferSize); if (result != 0) { dnsSuffix = buffer.ToString(); } return dnsSuffix; } } } '@ Compile-Csharp $code "/target:library /unsafe" } # helper function to create document function Create-DocumentElement($ns, $name ) { [xml] "<$name xmlns='$ns'/>" } ######################################################################################### # Function Name : get-rrasServiceInstalled # Arguments : none # # Description : This function checks if the "RemoteAccess" service is installed. # Return value : true - if service is installed # false - if not installed ######################################################################################### function get-rrasServiceInstalled() { #SAIN: This will create the RRASInstalled tag, Should we use RemoteAccess or DirectAccess-VPN here? Import-module servermanager $Rras = Get-windowsFeature -Name "DirectAccess-VPN" If($Rras.Installed -eq $true) { $status = $true } else { $status = $false } return $status } ######################################################################################### # Function Name : get-DirectAccessConfigured # Arguments : RemoteAccess # # Description : This function checks if the DirectAccess is configured. # Return value : true - if configured # false - if not configured ######################################################################################### function get-DirectAccessConfigured($RemoteAccess) { $IsConfigured = $false If(($RemoteAccess -ne $null) -and ($RemoteAccess.DAStatus -eq "Installed")) { $IsConfigured = $true } return $IsConfigured } ######################################################################################### # Function Name : get-DAIPv6CheckedOnInterface # Arguments : Interface Alias # # Description : This function checks if IPv6 check box is enabled on the interface. # Return value : true - if IPv6 check Box is enabled # false - if IPv6 check Box is not enabled ######################################################################################### function get-DAIPv6CheckedOnInterface($InterfaceName) { $enabled = $false if($InterfaceName -ne $null) { $AddressObj = Get-NetIPAddress –InterfaceAlias $InterfaceName -AddressFamily "IPv6" -PolicyStore ActiveStore if($AddressObj -ne $null) { $enabled = $true } } return $enabled } ######################################################################################### # Function Name : get-DAInterfaceCount # Description : This function finds the number of internal and external interfaces # Return value : no of interfaces as part of ref variables # ######################################################################################### function get-DAInterfaceCount($ConnectToAddress, $IsNlb, [ref] $ExtIntfCount, [ref] $IntIntfCount) { if($ConnectToAddress -ne $null) { $RALocal = gwmi -namespace root\Microsoft\Windows\remoteaccess\server -class ps_remoteaccesslocal -list $Interfaces = $RALocal.GetInterfaces(0,$ConnectToAddress,$IsNlb) if($Interfaces -ne $null) { #without value this was n't working $IntIntfCount.value = $Interfaces.IntranetInterfaces.count $ExtIntfCount.value = $Interfaces.InternetInterfaces.count } } } ######################################################################################### # Function Name : get-DefaultGatewayConfigured # Arguments : InterfaceName # IPv4 # IPv6 # # Description : This function checks if Default IPv4\IPv6 Gateway is configured on the InterfaceName. # Return value : $DefaultGatewayIPv4, [ref] $DefaultGatewayIPv6 # ######################################################################################### function get-DefaultGatewayConfigured($InterfaceName, $IPv4, $IPv6, $Topology, [ref] $DefaultGatewayIPv4, [ref] $DefaultGatewayIPv6) { if($IPv4) { $DestinationPrefix = "0.0.0.0/0" $routes = Get-NetRoute -InterfaceAlias $InterfaceName -AddressFamily "IPv4" -PolicyStore ActiveStore foreach($route in $routes) { if($route.DestinationPrefix -eq $DestinationPrefix) { $DefaultGatewayIPv4.value = $route.NextHop break; } } } $SixtofourAdapterName = get-SixToFourNicName if(!$IPv6 -and ($Topology -eq [RRASServiceConfig.DATopologyType]::Edge) -and ($SixtofourAdapterName -ne $null)) { $InterfaceName = $SixtofourAdapterName } $DestinationPrefix = "::/0" $routes = Get-NetRoute -InterfaceAlias $InterfaceName -AddressFamily "IPv6" foreach($route in $routes) { if($route.DestinationPrefix -eq $DestinationPrefix) { $DefaultGatewayIPv6.value = $route.NextHop break; } } } ######################################################################################### # Function Name : get-DAIntfAddrFamily # Arguments : InterfaceName - Name of the interface # Description : This function checks which address families are configured on the interface # Return value : AddrIpv4 - true if IPv4 address is configured, false if IPv4 address is not configured # AddrIpv6 - true if IPv6 address is configured, false if IPv6 address is not configured ######################################################################################### function get-DAIntfAddrFamily($InterfaceName, [ref] $AddrIpv4, [ref] $AddrIpv6) { if($InterfaceName -ne $null) { $Ipv4Addresses = Get-NetIPAddress -InterfaceAlias $InterfaceName -PolicyStore ActiveStore -AddressFamily "IPv4" if($Ipv4Addresses -ne $null) { $AddrIpv4.value = $true } $Ipv6Addresses = Get-NetIPAddress -InterfaceAlias $InterfaceName -PolicyStore ActiveStore -AddressFamily "IPv6" if($Ipv6Addresses -ne $null) { foreach($Address in $Ipv6Addresses) { if ([RRASServiceConfig.Utilities]::IsV6IP($Address.IPAddress) -eq $true) { $AddrIpv6.value = $true break } } } } } ######################################################################################### # Function Name : get-DADCName # Arguments : IsMultiSite, RemoteAccess # # Description : ######################################################################################### function get-DADCName($IsMultiSite, $RemoteAccess) { $DCName = "" if($IsMultiSite) { $EntrypointName = $RemoteAccess.EntrypointName $EntrypointDC = Get-DAEntryPointDC -EntryPointName $EntrypointName $DCName = $EntrypointDC.DomainControllerName } else { $DasDomainName = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name $DasDC = nltest /dsgetdc:$DasDomainName /writable $DCName = $DasDC[0].Trim().Replace("DC: \\","") } return $DCName } ######################################################################################### # Function Name : get-DAInternalIntfConfigType # Arguments : ServerGpoName # # Description : ######################################################################################### function get-DAInternalIntfConfigType($ServerGpoName, $DCName) { $InternalV6State = [RRASServiceConfig.DaConfigIntType]::V4 $GpoName = $ServerGpoName.Split('\') $CorpPrefix = Get-GPRegistryValue -Name $GpoName[1] -Domain $GpoName[0] -Server $DCName -key hklm\software\policies\microsoft\windows\remoteaccess\config -ValueName corpprefix if($CorpPrefix -ne $null) { $InternalV6State = [RRASServiceConfig.DaConfigIntType]::V6 } $RaDeployMode = Get-GPRegistryValue -Name $GpoName[1] -Domain $GpoName[0] -Server $DCName -key hklm\software\policies\microsoft\windows\remoteaccess\config -ValueName radeploymentmode $DA_PUREIPV6_MASK = 0x00000400 $DA_EXTERNAL_ISATAP_MASK = 0x00008000 if($RaDeployMode.Value -band $DA_PUREIPV6_MASK) { $InternalV6State = [RRASServiceConfig.DaConfigIntType]::PureV6 } else { if($RaDeployMode.Value -band $DA_EXTERNAL_ISATAP_MASK) { $InternalV6State = [RRASServiceConfig.DaConfigIntType]::ExternalISATAP } } return $InternalV6State } ######################################################################################### # Function Name : get-DAMgmtServersIPv6 # Arguments : # # Description : # Return value : list of IPv6 management servers # ######################################################################################### function get-DAMgmtServersIPv6($MgmtServers) { $Address = New-Object System.Net.IPAddress(0) $HashMgmtIPv6NameAndAddress =@{} if($MgmtServers -ne $null) { foreach($MgmtServer in $MgmtServers) { $IsAddress = [System.Net.IPAddress]::TryParse($MgmtServer, [ref]$Address) If($IsAddress -eq $false) { try { $IPv6Addresses = Resolve-DnsName $MgmtServer -Type "AAAA" if($IPv6Addresses.count -gt 0) { [System.String[]] $IPv6AddressesArr = @() foreach($IPv6Address in $IPv6Addresses) { $IPv6AddressesArr += $IPv6Address.IPAddress } $HashMgmtIPv6NameAndAddress.add($MgmtServer, $IPv6AddressesArr) } } catch [Exception] { } } else { if($Address.AddressFamily -eq [System.Net.Sockets.AddressFamily]::InterNetworkV6) { [System.String[]] $IPv6AddressesArr = @($Address) $HashMgmtIPv6NameAndAddress.add($MgmtServer, $IPv6AddressesArr) } } } } return $HashMgmtIPv6NameAndAddress } ######################################################################################### # Function Name : get-TeredoSuitability # Arguments : # # Description : the function checks if teredo can be configured # Return value : true/false # ######################################################################################### function get-TeredoSuitability($ExternalInterfaceName, $IsEdge, $IsIpv4, $IsNlb, $InternetVIPs, $IsExternalNlb) { $TeredoSuitability = $false if($IsEdge -and $IsIpv4) { $NetworkInterfaces = [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() $hash = @{} foreach($NetworkInterface in $NetworkInterfaces) { $hash.Add($NetworkInterface.Name, $NetworkInterface) } [System.Net.NetworkInformation.NetworkInterface]$ExternalNetworkInterface = $hash[$ExternalInterfaceName] [Collections.ArrayList]$SuitableAddresses = [RRASServiceConfig.Utilities]::GetTeredoServerIpCandidates($ExternalNetworkInterface, $IsNlb, $IsExternalnlb, $InternetVIPs) if($SuitableAddresses.Count -ge 2) { $TeredoSuitability = $true } if($IsNlb -and $IsExternalNlb) { $TeredoSuitability = $false [Collections.ArrayList]$SuitableVirtualAddresses = [RRASServiceConfig.Utilities]::GetTeredoServerVirtualIpCandidates($IsNlb, $IsExternalnlb, $InternetVIPs) if($SuitableVirtualAddresses.Count -ge 2) { $TeredoSuitability = $true } } } return $TeredoSuitability } ######################################################################################### # Function Name : get-FirewallBlockTeredo # Arguments : # # Description : the function checks if teredo is enabled but firewall blocks teredo # Return value : true/false # ######################################################################################### function get-FirewallBlockTeredo() { $ICMPv4FWRules = Get-NetFirewallPortFilter -PolicyStore ActiveStore -Protocol ICMPv4 | where { $_.IcmpType -contains 'Any' -or $_.IcmpType -contains 8 } | Get-NetFirewallRule | where { $_.Enabled -eq 'True' -and $_.Direction -eq 'Inbound' } $ICMPv4FWRulesAllow = $ICMPv4FWRules | where {$_.Action -eq 'Allow'} $ICMPv4FWRulesBlock = $ICMPv4FWRules | where {$_.Action -eq 'Block'} if($ICMPv4FWRulesBlock -ne $null -or $ICMPv4FWRulesAllow -eq $null) { return $true } else { return $false } } ######################################################################################### # Function Name : get-CertExpireSoon # Arguments : # # Description : the function checks if certificate is about to expire soon # Return value : true/false # ######################################################################################### function get-CertExpireSoon([System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate) { [System.DateTime]$TodaysDate = [System.DateTime]::Now if($Certificate.NotAfter -le $TodaysDate.AddDays(7)) { return $true } return $false } ######################################################################################### # Function Name : get-DAMultiSiteFunc # Arguments : # # Description : the function checks if multisite is enabled # Return value : true/false # ######################################################################################### function get-DAMultiSiteFunc { try { $DAMultiSite = Get-DAMultiSite return $true } catch [Exception] { } return $false } ######################################################################################### # Function Name : get-E2ETracingOnLonger # Arguments : # # Description : the function checks if E2E is enabled for longer i.e. more than 5 hours # Return value : true/false # ######################################################################################### function get-E2ETracingOnLonger { $result = $false $E2ETracing = Get-ItemProperty HKLM:\system\CurrentControlSet\Services\RaMgmtSvc\E2ETracing if ($E2ETracing.StartTime -gt 0) { #netsh trace keeps the StartTime as number of seconds from Jan 1, 1970 $BeginDateTime = New-Object System.DateTime (1970,1,1) $E2EStartTime = $BeginDateTime.AddSeconds($E2ETracing.StartTime) if([System.DateTime]::Now.AddHours(-5) -gt $E2EStartTime) { $result = $true } } return $result } ######################################################################################### # Function Name : get-DAIPv4OnlyMgmtServers # Arguments : List of Management Servers # # Description : This function finds mgmt servers which have only IPv4 address. # Return value : list of management servers which have IPv4 address only # ######################################################################################### function get-DAIPv4OnlyMgmtServers($MgmtServers) { $address = New-Object System.Net.IPAddress(0) $IPv4OnlyMgmtServerArr =@() if($MgmtServers -ne $null) { foreach($MgmtServer in $MgmtServers) { $IsAddress = [System.Net.IPAddress]::TryParse($MgmtServer, [ref]$address) If($IsAddress -ne $true) { try { $V6Addresses = Resolve-DnsName $MgmtServer -Type AAAA if($V6Addresses.count -eq 0) { $IPv4OnlyMgmtServerArr += $MgmtServer } } catch [Exception] { } } else { if($address.AddressFamily -eq [System.Net.Sockets.AddressFamily]::InterNetwork) { $IPv4OnlyMgmtServerArr += $MgmtServer } } } } return $IPv4OnlyMgmtServerArr } function get-LocalizedDomainComputersName($DomainName, $GlobalDomainCompDictionary) { $LocDomainComputers = "" $bfound = $GlobalDomainCompDictionary.TryGetValue($DomainName, [ref]$LocDomainComputers) if (!$bfound) { [DirectoryServices.ActiveDirectory.DirectoryContext]$DirContext = New-Object DirectoryServices.ActiveDirectory.DirectoryContext([DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $DomainName) [DirectoryServices.ActiveDirectory.Domain]$Domain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($DirContext) [DirectoryServices.DirectoryEntry]$DomainEntry = $Domain.GetDirectoryEntry() [Security.Principal.SecurityIdentifier]$DomainSid = New-Object Security.Principal.SecurityIdentifier([System.Byte[]]$DomainEntry.Properties["objectSid"].Value, 0) [Security.Principal.SecurityIdentifier]$DomainCompSid = New-Object Security.Principal.SecurityIdentifier([Security.Principal.WellKnownSidType]::AccountComputersSid, $DomainSid) $account = $DomainCompSid.Translate([Security.Principal.NTAccount].AsType()).ToString() $LocDomainComputers = $account.Split('\\')[1] $GlobalDomainCompDictionary.Add($DomainName, $LocDomainComputers) } return $LocDomainComputers } ######################################################################################### # Function Name : get-DomainCompSGWithFilter # Arguments : none # # Description : This function checks if "Domain Computers" is present in Security Group Name List and checks # for laptop only filter present or not # Return value : true - if Domain Computers are present in Client Security Group List and filter for Only Remote Computers is enabled # false - if Domain Computers are present in Client Security Group List and filter for Only Remote Computers is disabled # null - if domain compuetres aren't present ######################################################################################### function get-DomainCompSGWithFilter { $DomainComputersPresent = $false [System.Collections.Generic.Dictionary[System.String, System.String]]$GlobalDomainComputersDictionary = New-Object "System.Collections.Generic.Dictionary``2[System.String,System.String]" $clients = Get-DAClient if($clients -ne $null) { foreach($SG in $clients.SecurityGroupNameList) { $SGItems = $SG.Split('\') $DomainName = $SGItems[0] $LocDomainComputers = get-LocalizedDomainComputersName $DomainName $GlobalDomainComputersDictionary if($SGItems[1] -eq $LocDomainComputers) { $DomainComputersPresent = $true; break; } } } if($DomainComputersPresent -eq $false ) { return $null } else { if($clients.OnlyRemoteComputers -eq "Disabled") { return $false } else { return $true } } } ######################################################################################### # Function Name : get-ISATAPResolving # Arguments : Domain Name # # Description : This fucntion checks if ISATAP is resolving in domain # Return value : true - if ISATAP is resolving # fasle - if ISATAP is not resolving # ######################################################################################### function get-ISATAPResolving($DomainName) { if($DomainName -ne $null) { $IsatapDomain = "isatap." + $DomainName; try { $ret = Resolve-DnsName $IsatapDomain -Type A if($ret -ne $null) { return $true } } catch [Exception] { return $false } } return $false } ######################################################################################### # Function Name : get-ISATAPResolvingAll # Arguments : List of Domains (atleast one domain will be be present in list) # # Description : This function returns true if ISATAP resolving all domains # : This function returns false if ISATAP does n't resolve in all domains # # Return value : true/false # ######################################################################################### function get-ISATAPResolvingAll($domainList) { $isatapresolveall = $true foreach($domain in $domainList) { $IsResolve = get-ISATAPResolving $domain.Name if($IsResolve -ne $true) { $isatapresolveall = $false break } } return $isatapresolveall } ######################################################################################### # Function Name : get-DNS64ReturnAAAA # Arguments : none # # Description : This function checks if DNS64 is configured to return quad A addresses # Return value : true/false ######################################################################################### function get-DNS64ReturnAAAA { $DNSconfig = Get-NetDNSTransitionConfiguration if(($DNSconfig -ne $null) -and ($DNSconfig.OnlySendAQuery -eq $false)) { return $true } else { return $false } } ######################################################################################### # Function Name : get-InfraTunnelPolicyEPChanged # Arguments : MgmtServers - List of Management Servers # RemoteAccess - RemoteAccess Object # InternalIntfConfigType - internal interface configuration type # Description : This function checks if Infrastructure Tunnel Endpoints are changed # Return value : true\false # ######################################################################################### function get-InfraTunnelPolicyEPChanged($MgmtServers, $RemoteAccess, $InternalIntfConfigType) { $address = New-Object System.Net.IPAddress(0) [System.Net.IPAddress[]]$MgmtServerAddresses =@() #In non PKI only Simplified policy is created in which management server addresses are not used if($MgmtServers -ne $null -and $RemoteAccess.IPsecRootCertificate -ne $null) { foreach($MgmtServer in $MgmtServers) { $IsAddress = [System.Net.IPAddress]::TryParse($MgmtServer, [ref]$address) If($IsAddress -ne $true) { try { $ServerAddressesV4 = Resolve-DnsName $MgmtServer -Type "A" $NatPrefix = $null $IsatapPrefix = $null if($ServerAddressesV4.count -gt 0) { if($InternalIntfConfigType -eq [RRASServiceConfig.DaConfigIntType]::V4) { $IsatapPrefix = $RemoteAccess.InternalIPv6Prefix } if($InternalIntfConfigType -ne [RRASServiceConfig.DaConfigIntType]::PureV6) { $NatConfig = Get-NetNatTransitionConfiguration -Store ActiveStore if ($NatConfig.State -eq "Enabled") { $NatPrefix = $NatConfig.PrefixMapping[0].Split(',')[0] } } } $ServerAddresses = Resolve-DnsName $MgmtServer if($ServerAddresses.count -gt 0) { foreach($ServerAddress in $ServerAddresses) { if($ServerAddress.Type -eq "A") { { $V6Addresses = [RRASServiceConfig.Utilities]::GetV6AddressesFromV4($ServerAddress.IPAddress, $NatPrefix, $IsatapPrefix, $InternalIntfConfigType) foreach($V6Address in $V6Addresses) { $MgmtServerAddresses += [System.Net.IPAddress]::Parse($V6Address) } } } elseif($ServerAddress.Type -eq "AAAA") { $MgmtServerAddresses += [System.Net.IPAddress]::Parse($ServerAddress.IPAddress) } } } } catch [Exception] { } } } $Filter = Get-NetIPSecRule –PolicyStore $RemoteAccess.ServerGpoName -DisplayName "DirectAccess Policy-DaServerToInfra"| Get-NetFirewallAddressFilter if($Filter -ne $null) { [System.Net.IPAddress[]]$FilterAddresses = @() foreach($PrefixOrAddress in $Filter.LocalAddress) { if(!$PrefixOrAddress.Contains("-")) { if($PrefixOrAddress.Contains("/")) { $FilterAddresses += [System.Net.IPAddress]::Parse($PrefixOrAddress.Split('/')[0]) } else { $FilterAddresses += [System.Net.IPAddress]::Parse($PrefixOrAddress) } } } foreach($MgmtServerAddress in $MgmtServerAddresses) { if(!$FilterAddresses.Contains($MgmtServerAddress)) { return $true break } } } } return $false } ######################################################################################### # Function Name : get-DAExtIntfAddrChanged # Arguments : none # # Description : This function checks if External Interface Address is changed # Return value : true - if changed # false - if not changed ######################################################################################### function get-DAExtIntfAddrChanged($RemoteAccess) { $ExtIntfAddrChanged = $false [System.Net.IPAddress[]]$TunnelEndPoints = @() if($RemoteAccess.IPsecRootCertificate -ne $null) { $IPsecRule = Get-NetIPSecRule -PolicyStore $RemoteAccess.ServerGPOName -DisplayName "DirectAccess Policy-DaServerToCorp" $TunnelEndPoints += $IPsecRule.LocalTunnelEndpoint $IPsecRule = Get-NetIPSecRule -PolicyStore $RemoteAccess.ServerGPOName -DisplayName "DirectAccess Policy-DaServerToInfra" $TunnelEndPoints += $IPsecRule.LocalTunnelEndpoint } else { $IPsecRule = Get-NetIPSecRule -PolicyStore $RemoteAccess.ServerGPOName -DisplayName "DirectAccess Policy-DaServerToCorpSimplified" $TunnelEndPoints += $IPsecRule.LocalTunnelEndpoint } #check tunnel endpoints to be present on physical internet nic/6to4 nic/iphttps nic [System.Net.IPAddress[]]$AvailableAddresses = @() $Addresses = Get-NetIPAddress -InterfaceAlias $RemoteAccess.InternetInterface -PolicyStore "ActiveStore" -SkipAsSource $false -Type "Unicast" -AddressFamily "IPv6" -SuffixOrigin "Manual" foreach($Address in $Addresses) { $AvailableAddresses += $Address.IPAddress } $SixToFourNicName = get-SixToFourNicName if($SixToFourNicName -ne $null) { $Addresses = Get-NetIPAddress -InterfaceAlias $SixToFourNicName -PolicyStore "ActiveStore" -SkipAsSource $false -Type "Unicast" -AddressFamily "IPv6" -SuffixOrigin "Manual" foreach($Address in $Addresses) { $AvailableAddresses += $Address.IPAddress } } $IpHttpsNicName = get-IpHttpsNicName if($IpHttpsNicName -ne $null) { $Addresses = Get-NetIPAddress -InterfaceAlias $IpHttpsNicName -PolicyStore "ActiveStore" -SkipAsSource $false -Type "Unicast" -AddressFamily "IPv6" -SuffixOrigin "Manual" foreach($Address in $Addresses) { $AvailableAddresses += $Address.IPAddress } } foreach($TunnelEndPoint in $TunnelEndPoints) { if(!($AvailableAddresses.Contains($TunnelEndPoint))) { $ExtIntfAddrChanged = $true break } } return $ExtIntfAddrChanged } ######################################################################################### # Function Name : get-DAIntIntfAddrChanged # Arguments : none # # Description : This function checks if Internal Interface Address is changed # Return value : true - if changed # false - if not changed ######################################################################################### function get-DAIntIntfAddrChanged($RemoteAccess, $InternalIntfConfigType) { $IntIntfAddrChanged = $false #internal interface address is used in Dns64Nat64 server address, NCSI webprobe, NLS on DA if($InternalIntfConfigType -eq [RRASServiceConfig.DaConfigIntType]::V6) { $DirectAccessDnsServers = @() $ClientDnsConfig = Get-DAClientDnsConfiguration foreach($Entry in $ClientDnsConfig.NrptEntry) { if($Entry.DirectAccessDnsServers -ne $null) { $DirectAccessDnsServers += $Entry.DirectAccessDnsServers } } [System.Net.NetworkInformation.Ping]$pingsender = New-Object System.Net.NetworkInformation.Ping foreach($DirectAccessDnsServer in $DirectAccessDnsServers) { [System.Net.NetworkInformation.PingReply]$pingreply = $pingsender.Send($DirectAccessDnsServer) if ($pingreply.Status -ne [System.Net.NetworkInformation.IPStatus]::Success) { $IntIntfAddrChanged = $true break } } } $ClientGpoNames = @($RemoteAccess.ClientGpoName) $NCSI = Get-NCSIPolicyConfiguration -PolicyStore $ClientGpoNames[0] [System.Net.WebClient]$webclient = New-Object System.Net.WebClient try { [System.IO.Stream]$data = $webclient.OpenRead($NCSI.CorporateWebsiteProbeURL) } catch [Exception] { $IntIntfAddrChanged = $true } if($RemoteAccess.NlsLocation -eq "DirectAccessServer") { try { [System.IO.Stream]$data = $webclient.OpenRead($NCSI.DomainLocationDeterminationURL) } catch [Exception] { $IntIntfAddrChanged = $true } } return $IntIntfAddrChanged } ######################################################################################### # Function Name : get-RAHealth # Arguments : # # Description : # Return value : true/false and error components if false # ######################################################################################### function get-RAHealth([System.Collections.Generic.List[System.String]] $ErrorComponents) { $HealthGood = $true $UnhealthyComponents = Get-RemoteAccessHealth | where {$_.HealthState -eq "Error" -or $_.HealthState -eq "Warning"} if ($UnhealthyComponents.Count -gt 0) { $HealthGood = $false } foreach($UnhealthyComponent in $UnhealthyComponents) { $ErrorComponents.Add($UnhealthyComponent.Component) } return $HealthGood } function get-DAConnectToExempted($ConnectToAddress, [ref] $exactmatch, [ref] $partialmatch, [ref] $exemptionpresent) { [System.Net.IPAddress]$ipaddress = $null $IsConnectToIPAddress = [System.Net.IPAddress]::TryParse($ConnectToAddress,[ref] $ipaddress) if(!$IsConnectToIPAddress) { $ClientDnsConfig = Get-DAClientDnsConfiguration foreach($Entry in $ClientDnsConfig.NrptEntry) { if($ConnectToAddress -eq $Entry.Namespace[0]) { $exactmatch.value = $true if($Entry.DirectAccessDnsServers -eq $null) { $exemptionpresent.value = $true } else { $exemptionpresent.value = $false } break } else { if($ConnectToAddress.Contains($Entry.Namespace[0])) { $partialmatch.value = $true if($Entry.DirectAccessDnsServers -eq $null) { $exemptionpresent.value = $true } } } } } } function get-DACloseDCUsed($DCName, [ref] $CloseDC) { #TODO alokjain put the unreachable DC logic $CloseDCUsed = $true $EpDCSite = nltest /dsgetsite /server:$DCName $EpDCSiteName = $EpDCSite[0] $NltestSite = nltest /dsgetsite $DasSiteName = $NltestSite[0] $CloseDC.value = $DCName if($EpDCSiteName -ne $DasSiteName) { $CloseDCUsed = $false $DasDomainName = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name $DasSiteDC = nltest /dsgetdc:$DasDomainName /site:$DasSiteName /writable $DasSiteDCName = $DasSiteDC[0].Trim().Replace("DC: \\","") if(($DasSiteDCName -ne $null) -and ($DasSiteDCName -ne "")) { $CloseDC.value = $DasSiteDCName } else { $CloseDCUsed = $true } } return $CloseDCUsed } function get-DAADSiteValid($RemoteAccess) { $ClientGpoNames = @($RemoteAccess.ClientGpoName) $EpTable = Get-DAEntryPointTableItem -PolicyStore $ClientGpoNames[0] $NltestSite = nltest /dsgetsite $DasSiteName = $NltestSite[0] if($EpTable.ADSite -ne $DasSiteName) { return $false } return $true } function get-NCSIProbesGood($RemoteAccess, $DCName, [ref] $NCSIDnsProbeResolve, [ref] $NCSIWebProbeReachable) { $NCSIDnsProbeResolve.value = $false $NCSIWebProbeReachable.value = $false $ClientGpoNames = @($RemoteAccess.ClientGpoName) $NCSI = Get-NCSIPolicyConfiguration -PolicyStore $ClientGpoNames[0] #dnsProbe $NCSIDnsProbeResolveExternal = $false $NCSIDnsProbeResolveInternal = $false $DnsServersObj = Get-GPRegistryValue -Name $RemoteAccess.ServerGpoName.Split('\')[1] -Server $DCName -key 'hklm\software\policies\microsoft\windows\remoteaccess\config' -ValueName DnsServers $NCSIDnsProbeAddressesExternal = Resolve-DnsName -Name $NCSI.CorporateDNSProbeHostName -Server $DnsServersObj.Value foreach($NCSIDnsProbeAddressExternal in $NCSIDnsProbeAddressesExternal) { if($NCSIDnsProbeAddressExternal.Type -eq "A" -or $NCSIDnsProbeAddressExternal.Type -eq "AAAA") { if([System.Net.IPAddress]::Parse($NCSI.CorporateDNSProbeHostAddress) -eq [System.Net.IPAddress]::Parse($NCSIDnsProbeAddressExternal.IPAddress)) { $NCSIDnsProbeResolveExternal = $true break } } } $NCSIDnsProbeAddressesInternal = Resolve-DnsName -Name $NCSI.CorporateDNSProbeHostName foreach($NCSIDnsProbeAddressInternal in $NCSIDnsProbeAddressesInternal) { if($NCSIDnsProbeAddressInternal.Type -eq "A" -or $NCSIDnsProbeAddressInternal.Type -eq "AAAA") { if([System.Net.IPAddress]::Parse($NCSI.CorporateDNSProbeHostAddress) -eq [System.Net.IPAddress]::Parse($NCSIDnsProbeAddressInternal.IPAddress)) { $NCSIDnsProbeResolveInternal = $true break } } } if($NCSIDnsProbeResolveExternal -and $NCSIDnsProbeResolveInternal) { $NCSIDnsProbeResolve.value = $true } #webProbe [System.Net.WebClient]$webclient = New-Object System.Net.WebClient try { [System.IO.Stream]$data = $webclient.OpenRead($NCSI.CorporateWebsiteProbeURL) $NCSIWebProbeReachable.value = $true } catch [Exception] { } } function get-NCAResourcesReachable { $NcaResReachable = $true $ClientGpoNames = @($RemoteAccess.ClientGpoName) $NcaObj = Get-DAClientExperienceConfiguration -PolicyStore $ClientGpoNames[0] foreach($NcaResoure in $NcaObj.CorporateResources) { if ($NcaResoure.StartsWith("HTTP:")) { $HttpRes = $NcaResoure.Substring(5) [System.Net.WebClient]$webclient = New-Object System.Net.WebClient try { [System.IO.Stream]$data = $webclient.OpenRead($HttpRes) } catch [Exception] { $NcaResReachable = $false break } } else { if ($NcaResoure.StartsWith("PING:")) { $PingRes = $NcaResoure.Substring(5) [System.Net.NetworkInformation.Ping]$pingsender = New-Object System.Net.NetworkInformation.Ping [System.Net.NetworkInformation.PingReply]$pingreply = $pingsender.Send($PingRes) if ($pingreply.Status -ne [System.Net.NetworkInformation.IPStatus]::Success) { $NcaResReachable = $false break } } } } return $NcaResReachable } function get-NetFirewallOn($Topology) { $FirewallOn = $false if($Topology -eq [RRASServiceConfig.DATopologyType]::SingleNic) { $firewallDomain = Get-NetFirewallProfile -PolicyStore ActiveStore | where {($_.Name -eq "Domain") -and ($_.Enabled -eq "true")} if($firewallDomain -ne $null) { $FirewallOn = $true } } else { $firewallPublic = Get-NetFirewallProfile -PolicyStore ActiveStore | where {($_.Name -eq "Public") -and ($_.Enabled -eq "true")} $firewallPrivate = Get-NetFirewallProfile -PolicyStore ActiveStore | where {($_.Name -eq "Private") -and ($_.Enabled -eq "true")} if($firewallPublic -ne $null -and $firewallPrivate -ne $null) { $FirewallOn = $true } } return $FirewallOn } function get-IpHttpsNicName { [System.Net.NetworkInformation.NetworkInterface[]]$Nics = [System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() [System.Net.NetworkInformation.NetworkInterface]$IpHttpsNic = $null $IsIphttpsNic = [RRASServiceConfig.Utilities]::IdentifyIpHttpsNic($Nics, [ref] $IpHttpsNic) if($IsIphttpsNic) { return $IpHttpsNic.Name } else { return $null } } function get-SixToFourNicName { $Name = $null $Interfaces = Get-NetIPInterface foreach($Interface in $Interfaces) { $SixToFour = $Interface | Get-Net6to4Configuration -ErrorAction SilentlyContinue if($SixToFour -ne $null) { $Name = $Interface.InterfaceAlias break } } return $Name } ######################################################################################### # Function Name : get-rrasServiceEnabled # Arguments : none # # Description : This function checks if the "RemoteAccess" service is enabled. # Return value : true - if service is enabled # false - if not enabled ######################################################################################### function get-rrasServiceEnabled() { $regOutput = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess if($regOutput.ConfigurationFlags -eq 0) { $status = $false } else { $status = $true } return $status } ######################################################################################### # Function Name : get-rrasServiceRunning # Arguments : serviceName - name of the service. # # Description : This function checks if the service specified in "serviceName" is running # Return value : true - if service is running # false - if not running ######################################################################################### function get-rrasServiceRunning($serviceName) { $remoteAccess =get-service -Name $serviceName if( $remoteAccess.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running) { $status = $true } else { $status = $false } return $status } ######################################################################################### # Function Name : get-rrasLoggingEnabled # Arguments : none # # Description : This function checks if logging is enabled # Return value : true - if logging is enabled # false - if not enabled ######################################################################################### function get-rrasLoggingEnabled() { $regOutput = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters if( $regOutput.LoggingFlags -ne 0) { $status = $true } else { $status = $false } return $status } ######################################################################################### # Function Name : get-rrasRouterType # Arguments : none # # Description : This function gets the router configurations # Return value : returns router configuration ######################################################################################### function get-rrasRouterType() { $regOutput = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters return $regOutput.RouterType } ######################################################################################### # Function Name : get-WeakAuthenticationConfiguration # Arguments : none # # Description : This function checks the authentication types PAP, CHAP, MSCHAP-v2 # Return value : true- if any of the above is configured # false - if none of the above is configured. ######################################################################################### function get-WeakAuthenticationConfiguration() { $status = $false $regOutput = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters if( ($regOutput.ServerFlags -band [RRASServiceConfig.AUTHENTICATION]::PROTOCOL_CFG_NegotiatePAP) -or ($regOutput.ServerFlags -band [RRASServiceConfig.AUTHENTICATION]::PROTOCOL_CFG_NegotiateMD5CHAP) -or ($regOutput.ServerFlags -band [RRASServiceConfig.AUTHENTICATION]::PROTOCOL_CFG_NegotiateStrongMSCHAP) -or ($regOutput.ServerFlags -band [RRASServiceConfig.AUTHENTICATION]::PROTOCOL_CFG_AllowNoAuthentication) ) { $status = $true } return $status } ######################################################################################### # Function Name : get-adapter # Arguments : none # # Description : This function gets all the LAN adapters on the m/c # Return value : Returns the list of LAN adapters ######################################################################################### function get-adapter() { $adapt = get-wmiobject win32_NetworkAdapter $adapterlist = @() foreach ($adapter in $adapt) { if ( ($adapter.AdapterTypeID -eq [RRASServiceConfig.ADAPTER_TYPE]::ADAPTER_8023) -or ($adapter.AdapterTypeID -eq [RRASServiceConfig.ADAPTER_TYPE]::ADAPTER_ETHERNETDIX)) { $adapterlist = $adapterlist + @($adapter) } } return $adapterlist } ######################################################################################### # Function Name : get-ServerName # Arguments : none # # Description : This function gets the m/c netbios/FQDN name. # Return value : Returns the netbios/FQDN name ######################################################################################### function get-ServerName() { $serverName = $null $computerStatus = Get-WmiObject win32_computerSystem if ($computerStatus.PartOfDomain) { $serverName = $computerStatus.name + "." + $computerStatus.domain } else { $serverName = $computerStatus.name } return $serverName } ######################################################################################### # Function Name : get-SelectedNetworkAdapter # Arguments : none # # Description : This function checks if the LAN adapter is selected on which the # RRAS Server will get the DHCP addresses . If there is only one adapter # it returns true, irrespective of the configuration. # Return value : TRUE - if Lan adapter selected. # FALSE - if LAN adapter is not selected ######################################################################################### function get-SelectedNetworkAdapter() { $status = $true $regOutput = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IP if($regOutput.UseDhcpAddressing -eq 0) { return $null } $adapterlist = @(get-adapter) if($adapterlist.count -gt 1) { if($regOutput.NetworkAdapterGUID.Length -eq 0) { $status = $false } } return $status } ########################################################################################## # Function Name : get-CertsValidEKUDuration # Arguments : $Protocol - IKEv2/SSTP # # Description : This function gets the valid certificates wrt duration, private key and # "Enhanced Key Usage" parameter. # Return value : returns a list of valid certificates ######################################################################################### function get-CertsValidEKUDuration($Protocol,$RasInstance) { $certificates = @() $KeyUsage = $false $currentTime = get-date $certs = get-childitem cert:\LocalMachine\My foreach ($cert in $certs) { $KeyUsage = $false if(($cert.HasPrivateKey -eq $true) -and ( ($currentTime.CompareTo($cert.NotBefore) -ge 0) -and ($currentTime.CompareTo($cert.NotAfter) -le 0)) ) { foreach ($ext in $cert.Extensions) { if ($ext.Oid.Value -eq [RRASServiceConfig.OIDValues]::OID_ENHANCEDKEYUSAGE) { $KeyUsage = $true $EKUOids = $RasInstance.CertGetEnhancedKeyUsageProperty($cert.Handle); foreach ($oid in $EKUOids ) { if($Protocol -eq [RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_IKEv2) { if( ($oid -eq [RRASServiceConfig.OIDValues]::OID_SERVERAUTH) ) { $certificates = $certificates + @($cert) break } } else { if( ($oid -eq [RRASServiceConfig.OIDValues]::OID_SERVERAUTH) -or ($oid -eq[RRASServiceConfig.OIDValues]::OID_MSSPECALLPURPOSE) -or ($oid -eq [RRASServiceConfig.OIDValues]::OID_ALLPURPOSE)) { $certificates = $certificates + @($cert) break } } } } } if( ($KeyUsage -eq $false) -and ($Protocol -eq [RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_SSTP)) { $certificates = $certificates + @($cert) } } } return $certificates } ######################################################################################### # Function Name : get-ValidIKECerts # Arguments : $certificates - returned by the Fn get-ValidCerts # # Description : This checks if the "Enhanced key Usage" of the certificate contains # IKE_INTERMEDIATE OID. # "Enhanced Key Usage" parameter. # Return value : returns a list of valid certificates ######################################################################################### function get-ValidIKECerts($certificates,$RasInstance) { $IKEv2Certs = @() foreach ($cert in $certificates) { foreach ($ext in $cert.Extensions) { if ($ext.Oid.Value -eq [RRASServiceConfig.OIDValues]::OID_ENHANCEDKEYUSAGE) { $EKUOids = $RasInstance.CertGetEnhancedKeyUsageProperty($cert.Handle); foreach ($oid in $EKUOids) { if( ($oid -eq [RRASServiceConfig.OIDValues]::OID_IKEINTERMEDIATE) ) { $IKEv2Certs = $IKEv2Certs + @($cert) break; } } } } } return $IKEv2Certs } ######################################################################################### # Function Name : get-Address # Arguments : $IPv4 - IPv4/IPv6 # # Description : This checks if the protocol is IPv4/IPv6 and gets all the corresponding # addresses on the interfaces # Return value : returns a list of IPv4 or IPv6 addresses ######################################################################################### function get-Address($IPv4) { $adapterlist = @(get-adapter) $adapterConf = get-wmiobject win32_NetworkAdapterConfiguration $adapterConflist = @() foreach ($conf in $adapterConf) { foreach ($adapter in $adapterlist) { if ( ($adapter.Index -eq $conf.Index)) { $adapterConflist = $adapterConflist + @($conf) } } } # get all the ipv4 addresses and ipv6 addresses. $ipaddress = @() $ipv6address = @() foreach ($conf in $adapterConflist) { foreach ($address in $conf.IpAddress) { if($address -match "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") { $ipaddress = $ipaddress + @($address) } else { $ipv6address = $ipv6address + @($address) } } } if($IPv4 -eq [System.Net.Sockets.ProtocolFamily]::InterNetwork) { return $ipaddress } else { return $ipv6address } } ######################################################################################### # Function Name : get-certificateName # Arguments : $cert - get the certificate name # # Description : This obtains the certificate name from the certificate # Return value : returns a list of IPv4 or IPv6 addresses ######################################################################################### function get-certificateName($cert) { $name = $null foreach ($ext in $cert.Extensions) { if ($ext.Oid.FriendlyName -match "Subject Alternative Name") { $San = $ext.Format($true) foreach ($SanName in $San) { $dnsName = $SanName.Split("=") if($dnsName[0] -match "DNS Name") { $name = $dnsName[1].trim() } } } } if($name -eq $null) { $SubjectName = $cert.SubjectName.Name.Split("=") $name = $SubjectName[1] } return $name } ######################################################################################### # Function Name : get-ValidCerts # Arguments : none # # Description : This obtains all the valid certificates in the personal store. # The certificate are valid if they have a private key, have not expired # and have appropriate values of "enhanced key usage" and the name # corresponds to the server name or IPv4/IPv6 address on the server # interfaces. # Return value : returns a list of valid certificates ######################################################################################### function get-ValidCerts($Protocol,$RasInstance) { $ipaddress = @() $validcert = @() $name = $null $certificates = @(get-CertsValidEKUDuration $Protocol $RasInstance) # get all the interface IP addresses $ipaddress = @(get-address ([System.Net.Sockets.ProtocolFamily]::InterNetwork)) #get all the IPv6 address. $ipv6address = @(get-address ([System.Net.Sockets.ProtocolFamily]::InterNetworkV6)) #get the name of the m/c $serverName = get-ServerName foreach($cert in $certificates) { #get name of the certificate # get the Subject Alternative Name first $name = get-certificateName $cert if($name -ne $null) { if($name -match "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") { foreach ($address in $ipaddress) { if($name -eq $address) { $validcert = $validcert + @($cert) } } } elseif($name -match ".:.") { foreach ($address in $ipv6address) { if($name -eq $address) { $validcert = $validcert + @($cert) } } } else { if($name -eq $serverName) { $validcert = $validcert + @($cert) } } $name = $null } } return $validcert } ######################################################################################### # Function Name : get-NATValidCerts # Arguments : $Protocol - SSTP/IKEv2 # # Description : This obtains all the NAT valid certificates in the personal store. # The certificate are valid if they have a private key, have not expired # and have appropriate values of "enhanced key usage" and the name # does not corresponds to the server name or IPv4 address on the server. # interfaces. # Return value : returns a list of valid NAT certificates ######################################################################################### function get-NATValidCerts($Protocol,$RasInstance) { $addressMatch = $false $ipaddress = @() $validcert = @() $name = $null $certificates = @(get-CertsValidEKUDuration $Protocol $RasInstance) # get all the interface IP addresses $ipaddress = @(get-address ([System.Net.Sockets.ProtocolFamily]::InterNetwork)) #get the name of the m/c $serverName = get-ServerName foreach($cert in $certificates) { #get name of the certificate # get the Subject Alternative Name first $name = get-certificateName $cert if($name -ne $null) { if($name -match "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") { foreach ($address in $ipaddress) { if($name -eq $address) { $addressMatch = $true break; } } if($addressMatch -eq $false) { $validcert = $validcert + @($cert) } } elseif($name -notmatch ".:.") { if($name -ne $serverName) { $validcert = $validcert + @($cert) } } $name = $null } } return $validcert } ######################################################################################### # Function Name : get-NatCerts # Arguments : $Protocol - SSTP/IKEv2 # # Description : This obtains all the NAT valid certificates and get's their names # Return value : returns a list of valid NAT certificates names. ######################################################################################### function get-NatCerts($Protocol,$RasInstance) { $certificateNames = $null $validcerts = @(get-NATValidCerts $Protocol $RasInstance) foreach($cert in $validcerts) { #get name of the certificate # get the Subject Alternative Name first $name = get-certificateName $cert if($name -ne $null) { if($certificateNames -ne $null) { $certificateNames = $certificateNames + ', ' } $certificateNames = $certificateNames + '"' + $name + '"' } $name = $null } return $certificateNames } # Returns $True if either the DialIn permissions are set to "permit" or "policy" (using NPS) function Is-DialInEnabled { Param( [Parameter(Mandatory=$True)] [String] $UserName ) $RasUser1Obj = New-Object RRASServiceConfig.RAS_USER_1 $ServerName = "" $Error = [RRASServiceConfig.NativeMethods]::MprAdminUserGetInfo($ServerName, $UserName, 1, ([ref]$RasUser1Obj)) if($Error -eq 0) { if(($RasUser1Obj.bfPrivilege -band [RRASServiceConfig.NativeConstants]::RASPRIV_DialinPrivilege) -or ($RasUser1Obj.bfPrivilege2 -band [RRASServiceConfig.NativeConstants]::RASPRIV2_DialinPolicy)) { return $True } } return $False } ######################################################################################### # Function Name : get-dcInstalled # # Description : This function checks if the domain controller service is installed, # only on non-SBS systems. # Return value : true - if service is installed # false - if not installed ######################################################################################### function get-dcServiceInstalled() { Import-module servermanager $OperatingSystemSku = (Get-WmiObject Win32_OperatingSystem).OperatingSystemSku $SmallBusinessServerEdition = 9 if($OperatingSystemSku -eq $SmallBusinessServerEdition) { #Dont evaluate the rule in case of SBS return $null } $DC = Get-windowsFeature -Name "AD-Domain-Services" If($DC.Installed -eq $true) { $status = $true } else { $status = $false } return $status } ######################################################################################### # Function Name : check-NetAdapterBindingOrder # # Description : The function checks whether the internal network adapter on the # Remote Access server is accessed first # Return value : true - if internal adapter is accessed first # false - otherwise ######################################################################################### function check-NetAdapterBindingOrder($InternalAdapter,$ExternalAdapter) { $Bindings = (get-itemproperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage").bind $BindingOrder = @{} $Position = 0 foreach ($Bind in $Bindings) { $Deviceid = $Bind.split("\")[2] $Adapter = (get-netadapter |where {$_.DeviceID -eq $Deviceid}).Name if($Adapter -ne $Null) { $BindingOrder.Add($Adapter,$Position) $Position++ } } if($BindingOrder.Get_Item($InternalAdapter) -le $BindingOrder.Get_Item($ExternalAdapter)) { return $true } return $false } ######################################################################################### # Function Name : check-SANAndSubjectName # # Description : Check if there is a server auth EKU cert with SAN but no subject name # Return value : true - if no such certs are present # false - if any such certs are present ######################################################################################### function check-SANAndSubjectName($RasInstance) { $certs = get-childitem cert:\LocalMachine\My foreach ($cert in $certs) { $FoundExt = $false foreach ($ext in $cert.Extensions) { if ($ext.Oid.Value -eq [RRASServiceConfig.OIDValues]::OID_ENHANCEDKEYUSAGE) { $EKUOids = $RasInstance.CertGetEnhancedKeyUsageProperty($cert.Handle); foreach ($oid in $EKUOids ) { if( ($oid -eq [RRASServiceConfig.OIDValues]::OID_SERVERAUTH) ) { $Certificates = $Certificates + @($cert) $FoundExt = $true break } } } if($FoundExt -eq $true) { break } } } $RetVal = $true foreach ($cert in $Certificates) { $SANPresent = $false foreach ($ext in $cert.Extensions) { if ($ext.Oid.FriendlyName -match "Subject Alternative Name") { $San = $ext.Format($true) foreach($SanName in $San) { if($SanName.Length) { $SANPresent = $true break } } break } } if($SANPresent -eq $true) { $SubjectName = $cert.SubjectName.Name if($SubjectName.Length -eq 0) { #SAN is present, but subject name not present, return false $RetVal = $false return $RetVal } } } return $RetVal } ######################################################################################### # Function Name : check-SupportEmailConfigured # # Description : Check if email address field has been populated for NCA in # Remote Access Management console # Return value : true - if email is configured # false - otherwise ######################################################################################### function check-SupportEmailConfigured($ClientGPOName,$DCName) { $GpoName = $ClientGPOName.Split('\') $Config = Get-GPRegistryValue -Name $GpoName[1] -Domain $GpoName[0] -Server $DCName -key HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityAssistant -ValueName SupportEmail if ($Config -ne $null) { if($Config.Value -ne $null) { return $true } } return $false } ######################################################################################### # Function Name : check-GatewayConfiguration # # Description : Check if there is a default gateway configured on the Internet interface. # Check if there is a default gateway configured on the internal interface. # Return value : false - if either a default gateway is not configured on the # external interface, or a default gateway is configured on the internal interface. # true - otherwise ######################################################################################### function check-GatewayConfiguration($InternalAdapter,$ExternalAdapter) { if($InternalAdapter -eq $ExternalAdapter) { #Do not evaluate the rule in case of single nic scenario return $null } $InternalAdapterConfig = Get-NetIPConfiguration -InterfaceAlias $InternalAdapter $ExternalAdapterConfig = Get-NetIPConfiguration -InterfaceAlias $ExternalAdapter $InternalAdapterGW = $false if($InternalAdapterConfig.IPv4DefaultGateway -ne $null -or $InternalAdapterConfig.IPv6DefaultGateway -ne $null) { $InternalAdapterGW = $true } $ExternalAdapterGW = $false if($ExternalAdapterConfig.IPv4DefaultGateway -ne $null -or $ExternalAdapterConfig.IPv6DefaultGateway -ne $null) { $ExternalAdapterGW = $true } if($InternalAdapterGW -eq $true -or ($ExternalAdapterGW -eq $false -and $ExternalAdapterConfig -ne $null) ) { return $false } return $true } ######################################################################################### # Function Name : check-InvalidNrptExpConfigured # # Description : If force tunnelling is enabled, check whether NRPT has exemptions # other than Connect To Address and NLS # Return value : true - if any NRPT exemptions are found # false - otherwise ######################################################################################### function check-InvalidNrptExpConfigured($RemoteAccess) { $IsForcedTunnel = $RemoteAccess.ForceTunnel $ConnectToAddress = $RemoteAccess.ConnectToAddress if($IsForcedTunnel -ne "Enabled") { return $false } if($RemoteAccess.NlsLocation -eq "DirectAccessServer") { $NlsUrl = $RemoteAccess.NlsCertificate.Subject.split("=")[1] } else { $NlsUrl = $RemoteAccess.NlsUrl.split("/",[StringSplitOptions]::RemoveEmptyEntries)[1] } $ClientDnsConfig = Get-DAClientDnsConfiguration $NrptEntries = $ClientDnsConfig.NrptEntry foreach($NrptEntry in $NrptEntries) { if($NrptEntry.DirectAccessDnsServers -eq $null) { if($NrptEntry.Namespace[0] -eq $ConnectToAddress -or $NrptEntry.Namespace[0] -eq $NlsUrl) { continue } return $true } } return $false } ######################################################################################### # Function Name : check-DNS64Address # # Description : Helper function to get DNS64Address from registry # # Return value : Returns DNS64 address ######################################################################################### function get-DNS64Address($ServerGPOName,$DCName){ $GpoName = $ServerGpoName.Split('\') $Entry = Get-GPRegistryValue -Name $GpoName[1] -Domain $GpoName[0] -Server $DCName -key hklm\software\policies\microsoft\windows\remoteaccess\config -ValueName DefaultDnsServers return $Entry.Value } ######################################################################################### # Function Name : check-DNS64AcceptInterface # # Description : AcceptInterface for DNS64 must use the same IP address # as the one used for DNS64 # Return value : true - If AcceptInterface has DNS64 address # false - otherwise ######################################################################################### function check-DNS64AcceptInterface($ServerGPOName,$DCName) { $DNS64Config = Get-NetDnsTransitionConfiguration if($DNS64Config.State -ne "Enabled") { #Do not evaluate the rule if DNS64 is disabled return $null } $DNS64Address = get-DNS64Address $ServerGPOName $DCName $AcceptInterface = $DNS64Config.AcceptInterface $IPAddressEntries = Get-NetIPAddress -InterfaceAlias $AcceptInterface foreach($IPAddressEntry in $IPAddressEntries) { if($IPAddressEntry.IPAddress -eq $DNS64Address) { return $true } } return $false } ######################################################################################### # Function Name : check-DNSServerAddress # # Description : Check if the internal interface of the DA server has an IPv4 address # or an IPv4 and IPv6 address. If it has only IPv4 address, the DNS server # configured in NRPT must be the DNS64 address. # Return value : true - If DNS Server address configured is proper # false - otherwise ######################################################################################### function check-DNSServerAddress($InternalInterface,$ServerGPOName,$DCName) { $IPAddressEntries = Get-NetIPAddress -InterfaceAlias $InternalInterface $IsIPv6Present = $false $IsIPv4Present = $false $RetVal = $true foreach($IPAddressEntry in $IPAddressEntries){ if($IPAddressEntry.AddressFamily -eq "IPv6" -and [RRASServiceConfig.Utilities]::IsV6IP($IPAddressEntry.IPAddress) -eq $true) { $IsIPv6Present = $true } if($IPAddressEntry.AddressFamily -eq "IPv4") { $IsIPv4Present = $true } } if($IsIPv6Present -eq $false -and $IsIPv4Present -eq $true){ $DNS64Address = get-DNS64Address $ServerGPOName $DCName $DnsConfiguration = Get-DaClientDnsConfiguration foreach($Entry in $DnsConfiguration.NrptEntry) { $NonDns64AddrPresent = $false foreach($DnsServerAddress in $Entry.DirectAccessDnsServers){ if($DnsServerAddress -ne $null -and $DnsServerAddress -ne $DNS64Address) { $NonDns64AddrPresent = $true break } } if($NonDns64AddrPresent -eq $true) { #There is an address present in the NRPT which is not DNS64, return false $RetVal = $false break } } } return $Retval } ######################################################################################### # Function Name : Get-CdpUrls # # Description : Helper function to get the CDP URLs from the certificate. # Uses native API. # Return value : CDP URLs from the certificate ######################################################################################### function Get-CdpUrls($Cert) { $signature = @" [DllImport("cryptnet.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool CryptGetObjectUrl( int pszUrlOid, IntPtr pvPara, int dwFlags, byte[] pUrlArray, ref int pcbUrlArray, IntPtr pUrlInfo, ref int pcbUrlInfo, int pvReserved ); "@ try { Add-Type -MemberDefinition $signature -Namespace PKI -Name Cryptnet } catch [System.Exception] { } $pvPara = $Cert.Handle if (!$Cert.Handle.Equals([IntPtr]::Zero)) { $URL_OID_CERTIFICATE_CRL_DIST_POINT_OID = 2 $CRYPT_GET_URL_FROM_EXTENSION_FLAG = 2 $pcbUrlArray = 0 $pcbUrlInfo = 0 $URLs = $null $Result = [PKI.Cryptnet]::CryptGetObjectUrl( $URL_OID_CERTIFICATE_CRL_DIST_POINT_OID, $pvPara, $CRYPT_GET_URL_FROM_EXTENSION_FLAG, $null, [ref]$pcbUrlArray, [IntPtr]::Zero, [ref]$pcbUrlInfo, $null) if($Result) { $pUrlArray = New-Object byte[] -ArgumentList $pcbUrlArray $Result = [PKI.Cryptnet]::CryptGetObjectUrl( $URL_OID_CERTIFICATE_CRL_DIST_POINT_OID, $pvPara, $CRYPT_GET_URL_FROM_EXTENSION_FLAG, $pUrlArray, [ref]$pcbUrlArray, [IntPtr]::Zero, [ref]$pcbUrlInfo, $null) if($Result){ $URLArray = [System.Text.Encoding]::Unicode.GetString($pUrlArray) $URLArray = $URLArray.Split("`0",[StringSplitOptions]::RemoveEmptyEntries) $URLS = foreach($URL in $URLArray) { if($URL.ToLower().StartsWith("http")) { $URL } } } } return $URLs } } ######################################################################################### # Function Name : check-Cdp # # Description : Helper function which checks whether any of the CDP URLs for # the Certificate are accessible # # Return value : true - If the CDP URL is accessible # false - otherwise ######################################################################################### function check-Cdp($Cert) { $URLs = Get-CdpUrls $Cert if($URLs -eq $null) { return $true } foreach($URL in $URLs) { try { $Response = Invoke-WebRequest -Uri $URL if($Response.StatusCode -eq 200) { return $true } } catch { } } return $false } ######################################################################################### # Function Name : check-IpHttpsCdp # # Description : Check the “CRL distribution points” field in the IP-HTTPS certificate # configured on the DA server is accessible. This check is only required # if Windows 7 clients are configured for DA. # Return value : true - If the CDP URL is accessible # false - otherwise ######################################################################################### function check-IpHttpsCdp($IsDownLevel,$Cert) { $Status = $false if($IsDownLevel) { $Status = check-Cdp $Cert } else { #Check not applicable $Status = $null } return $Status } ######################################################################################### # Function Name : check-NlsCdp # # Description : Check the “CRL distribution points” field in the IP-NLS certificate # configured on the DA server is accessible. This check is only required # if Windows 7 clients are configured for DA. Also, only relevant if NLS # is on the DA Server. # Return value : true - If the CDP URL is accessible # false - otherwise ######################################################################################### function check-NlsCdp($IsDownLevel,$NlsLocation,$Cert) { $Status = $false if($IsDownLevel -eq $true -and $NlsLocation -eq "DirectAccessServer") { $Status = check-Cdp $Cert } else { #Check not applicable $Status = $null } return $Status } ######################################################################################### # Function Name : check-NcaProbes # # Description : Check if NCA probe list has any probes other than ping probes # # Return value : true - If any probe other than PING is found # false - otherwise ######################################################################################### function check-NcaProbes($ClientGPOName,$DCName){ $GpoName = $ClientGPOName.Split('\') $Probes = Get-GPRegistryValue -Name $GpoName[1] -Domain $GpoName[0] -Server $DCName -key HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes foreach($Probe in $Probes) { $ProbeValue = $Probe.Value if(-not ($ProbeValue.ToUpper().StartsWith("PING:"))) { return $true } } return $false } ######################################################################################### # Function Name : check-IstapDnsRecords # # Description : Check if load balancing is configured and ISATAP is deployed in the # corp network. If yes, check the DNS records for ISATAP. The DNS records # should have the internal DIP of the server and the internal VIP of # the load balancer # # Return value : true - If the ISATAP DNS record have all the internal dedicated # IP addresses and Virtual IPaddresses of the cluster. # false - otherwise ######################################################################################### function check-IstapDnsRecords($LoadBalancing,$InternalIface) { if($LoadBalancing -eq "NotConfigured") { #Load Balancing not enabled, dont evaluate the rule return $null } $DasDomainName = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name $IsatapDomain = "isatap." + $DasDomainName try { $Records = Resolve-DnsName $IsatapDomain -Type A if($Records -ne $null) { $DIPs = Get-NetIPAddress -InterfaceAlias $InternalIface -AddressFamily IPv4 $IsatapAddresses = foreach($Record in $Records) { $Record.IPAddress } foreach($DIP in $DIPs) { if($IsatapAddresses -notcontains $DIP.IPAddress) { #DIP Not found in isatap dns record, return false return $false } } $LBConfig = Get-RemoteAccessLoadBalancer foreach($IVPStr in $LBConfig.InternalVirtualIPAddress){ $IVP = $IVPStr.split("/")[0] if($IsatapAddresses -notcontains $IVP) { #VIP not found in isatap dns record, return false return $false } } } } catch [Exception] { #ISATAP not configured, dont evaluate the rule. return $null } return $true } ######################################################################################### # Function Name : get-CertMatchingThumbPrint # # Description : Helper function to get the certificate matching the thumb print # # Return value : Returns the certificate mathching the thumb print ######################################################################################### function get-CertMatchingThumbPrint($ThumbPrint) { $cert = get-childitem cert:\LocalMachine\My\$ThumbPrint return $cert } #*************************************************************************************************************************** # Main code that generates the XML $tns="http://schemas.microsoft.com/bestpractices/models/ServerManager/RemoteAccess/2008/04" # create a new XmlDocument $doc = Create-DocumentElement $tns "RemoteAccess" call-RRASGenConfig $RRasConfig = New-Object RRASServiceConfig.RRASServiceConfiguration # collect and populate DA and VPN data $status = get-rrasServiceInstalled $RRasConfig.SetRRASInstallStatus($status); if($status -eq $true) { $status = get-rrasServiceEnabled $RRasConfig.SetRRASEnableStatus($status); if($status -eq $true) { $status = get-rrasServiceRunning "RemoteAccess" $RRasConfig.SetRRASServiceStatus($status); $status = get-rrasLoggingEnabled $RRasConfig.SetLoggingEnable($status); $status = get-rrasRouterType $RRasConfig.SetRouterType($status); $RRasConfig.PopulateRRasServiceObject(); $status = get-rrasServiceRunning "IKEEXT" $RRasConfig.SetIKEServiceStatus($status); } $possiblyvalidcerts = @(get-NATValidCerts ([RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_IKEv2) $RRasConfig) $certs = @(get-ValidCerts ([RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_IKEv2) $RRasConfig) if($certs.count -ge 1) { $RRasConfig.SetIKECertificateStatus([RRASServiceConfig.CertificateType]::ValidCert) ; } elseif($certs.count -eq 0) { if($possiblyvalidcerts.count -eq 0) { $RRasConfig.SetIKECertificateStatus([RRASServiceConfig.CertificateType]::InvalidCert); } else { $RRasConfig.SetIKECertificateStatus([RRASServiceConfig.CertificateType]::ValidOrInvalidCert); } } $IKEcerts = @(get-ValidIKECerts $certs $RRasConfig) $RRasConfig.SetIKECertificateIKEIntermediateStatus($IKEcerts.count) ; $possiblyvalidcerts = @(get-NATValidCerts ([RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_SSTP) $RRasConfig) $certs = @(get-ValidCerts ([RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_SSTP) $RRasConfig) if($certs.count -ge 1) { $RRasConfig.SetSSTPCertificateStatus([RRASServiceConfig.CertificateType]::ValidCert) ; } elseif($certs.count -eq 0) { if($possiblyvalidcerts.count -eq 0) { $RRasConfig.SetSSTPCertificateStatus([RRASServiceConfig.CertificateType]::InvalidCert) ; } else { $RRasConfig.SetSSTPCertificateStatus([RRASServiceConfig.CertificateType]::ValidOrInvalidCert) ; } } $AllpossiblyvalidCerts = @($possiblyvalidcerts) + @($certs) $RRasConfig.SetSSTPSpecifiedCert($AllpossiblyvalidCerts.count) ; $NatCerts = get-NatCerts ([RRASServiceConfig.PROTOCOL_TYPE]::PROTOCOL_SSTP) $RRasConfig $RRasConfig.SetNATCertificates($NatCerts); $status = get-WeakAuthenticationConfiguration $RRasConfig.SetAuthentication($status); $status = get-SelectedNetworkAdapter if ($status -ne $null) { $RRasConfig.SetNetworkAdapter($status); } # DA related BPA rele execution logic starts from here. # No need to do Import module as this is done in get-rrasServiceInstalled and that function will be called always. # Import-module servermanager $RemoteAccess = Get-RemoteAccess $DAConfigured = get-DirectAccessConfigured $RemoteAccess $RRasConfig.PopulateDirectAccessConfigured($DAConfigured) if($DAConfigured -eq $true) { if($RemoteAccess.IsNatDeployed -eq $false) { $Topology = [RRASServiceConfig.DATopologyType]::Edge } else { if ($RemoteAccess.IsSingleNic -eq $true) { $Topology = [RRASServiceConfig.DATopologyType]::SingleNic } else { $Topology = [RRASServiceConfig.DATopologyType]::DoubleNicBehindNat } } $RRasConfig.PopulateTopology($Topology) $IsNlb = $false if($RemoteAccess.LoadBalancing -eq "Configured") { $IsNlb = $true } $RRasConfig.PopulateNlbConfigured($IsNlb) $IsNlsOnDas = $true if($RemoteAccess.NlsLocation -eq "ExternalServer") { $IsNlsOnDas = $false } $RRasConfig.PopulateNlsOnDas($IsNlsOnDas) $intInf = $RemoteAccess.InternalInterface $extInf = $RemoteAccess.InternetInterface $RRasConfig.PopulateDAinterfaces($extInf, $intInf) $Intv6checked = get-DAIPv6CheckedOnInterface $RemoteAccess.InternalInterface if($Topology -ne [RRASServiceConfig.DATopologyType]::SingleNic) { $Extv6checked = get-DAIPv6CheckedOnInterface $RemoteAccess.InternetInterface } $RRasConfig.PopulateDAIntfIPv6CheckBox($Extv6checked, $Intv6checked) $InternalInterfaceCount = 1 $ExternalInterfaceCount = 1 # syntax of passing in brackets is needed for ref, it didn't work without this get-DAInterfaceCount($RemoteAccess.ConnectToAddress) ($IsNlb) ([ref] $ExternalInterfaceCount) ([ref] $InternalInterfaceCount) $RRasConfig.PopulateDAInterfacescount($ExternalInterfaceCount, $InternalInterfaceCount); $IPv4 = $false $IPv6 = $false get-DAIntfAddrFamily ($extInf) ([ref] $IPv4) ([ref] $IPv6) $RRasConfig.PopulateIntfAddressFamily($IPv4, $IPv6) $DefaultGatewayIPv4 = "" $DefaultGatewayIPv6 = "" get-DefaultGatewayConfigured ($extInf) ($IPv4) ($IPv6) ($Topology) ([ref] $DefaultGatewayIPv4) ([ref] $DefaultGatewayIPv6) $RRasConfig.PopulateDefaultGateWay($DefaultGatewayIPv4, $DefaultGatewayIPv6) $IsMultiSite = get-DAMultiSiteFunc $RRasConfig.PopulateIsMultiSite($IsMultiSite) #Get DC name (get it from dsgetdc in case of singulus and get it from registry in case of multisite) $DCName = get-DADCName $IsMultiSite $RemoteAccess # Get Internal Interface Configuration type $InternalIntfConfigType = get-DAInternalIntfConfigType $RemoteAccess.ServerGpoName $DCName $RRasConfig.PopulateInternalIntfConfigType($InternalIntfConfigType) # Get the Management Servers whose IPv6 address are outside the corp prefix $MgmtServers = Get-DAMgmtServer if($MgmtServers -ne $null -and $MgmtServers.Count -gt 0) { $RRasConfig.PopulateManagementServersNode() $MgmtServersIPv6 = get-DAMgmtServersIPv6 $MgmtServers $InternalIPv6Prefixes = @($RemoteAccess.InternalIPv6Prefix) $MgmtServersIPv6OutCorp = $RRasConfig.GetMgmtIPv6OutsideCorp($MgmtServersIPv6, $InternalIPv6Prefixes) $RRasConfig.PopulateMgmtIPv6OutsideCorp($MgmtServersIPv6OutCorp) $IPv4OnlyMgmtServers = get-DAIPv4OnlyMgmtServers $MgmtServers $RRasConfig.PopulateIPv4OnlyMgmtServers($IPv4OnlyMgmtServers) } # Check if Security Group has Domain Computers $IsDomainCompSGWithFilter = $null $IsDomainCompSGWithFilter = get-DomainCompSGWithFilter if($IsDomainCompSGWithFilter -ne $null) { $RRasConfig.PopulateDomainCompSGWithFilter($IsDomainCompSGWithFilter) } $DasPrimaryDnsSuffix = [RRASServiceConfig.Utilities]::GetPrimaryDnsSuffix() $ISATAPResolvingInDASDomain = get-ISATAPResolving $DasPrimaryDnsSuffix $RRasConfig.PopulateISATAPResolutionInDASDomain($ISATAPResolvingInDASDomain) $Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $ISATAPResolvingAll = get-ISATAPResolvingAll $Forest.Domains $RRasConfig.PopulateISATAPResolutionInAllDomains($ISATAPResolvingAll) if($InternalIntfConfigType -ne [RRASServiceConfig.DaConfigIntType]::PureV6) { $DNS64ReturnsAAAA = get-DNS64ReturnAAAA $RRasConfig.PopulateDNS64ReturnAAAA($DNS64ReturnsAAAA) } #change management $InfraTunnelEPChanged = get-InfraTunnelPolicyEPChanged $MgmtServers $RemoteAccess $InternalIntfConfigType $RRasConfig.PopulateInfratunnelpolicyepChanged($InfraTunnelEPChanged) $ExtIntfAddrChanged = get-DAExtIntfAddrChanged $RemoteAccess $RRasConfig.PopulateDAExtIntfAddrChanged($ExtIntfAddrChanged) $IntIntfAddrChanged = get-DAIntIntfAddrChanged $RemoteAccess $InternalIntfConfigType $RRasConfig.PopulateDAIntIntfAddrChanged($IntIntfAddrChanged) # Check teredo configuration availability if teredo not configured $IsTeredoConfigured = $false $DAServer = Get-DAServer if($DAServer.TeredoState -eq "Enabled") { $IsTeredoConfigured = $true } if(!$IsTeredoConfigured) { $IsExternalNlb = $false [System.Collections.Generic.List[System.String]]$InternetVIPs = New-Object System.Collections.Generic.List[System.String] if($IsNlb) { $Nlb = Get-RemoteAccessLoadBalancer if ($Nlb.ThirdPatyLoadBalancer -eq "Enabled") { $IsExternalNlb = $true } } $TeredoSuitability = get-TeredoSuitability $extInf !$RemoteAccess.IsNatDeployed $IPv4 $IsNlb $InternetVIPs $IsExternalNlb } if($IsTeredoConfigured) { $RRasConfig.PopulateTeredoConfigured($true) } else { if($TeredoSuitability) { $RRasConfig.PopulateTeredoConfigured($false); } } # Check if teredo is enabled but firewall blocks teredo function if($IsTeredoConfigured) { $FirewallBlockTeredo = get-FirewallBlockTeredo $RRasConfig.PopulateFirewallBlockTeredo($FirewallBlockTeredo) } # Check if ipsec certificate is used and about to expire [System.Security.Cryptography.X509Certificates.X509Certificate2]$IPSecCert = $RemoteAccess.IPSecRootCertificate if($IPSecCert -ne $null) { $IsIpSecCertExpire = get-CertExpireSoon $IPSecCert $CertType = [RRASServiceConfig.DACERTTYPE]::IPSec $RRasConfig.PopulateCertConfig($IsIpSecCertExpire, $CertType) } # Check if iphttps certificate is used and about to expire [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslCert = $RemoteAccess.SslCertificate if($SslCert -ne $null) { $IsSslCertExpire = get-CertExpireSoon $SslCert $CertType = [RRASServiceConfig.DACERTTYPE]::Ssl $RRasConfig.PopulateCertConfig($IsSslCertExpire, $CertType) } # Check if nls certificate is used and about to expire [System.Security.Cryptography.X509Certificates.X509Certificate2]$NlsCert = $RemoteAccess.NlsCertificate if($NlsCert -ne $null) { $IsNlsCertExpire = get-CertExpireSoon $NlsCert $CertType = [RRASServiceConfig.DACERTTYPE]::Nls $RRasConfig.PopulateCertConfig($IsNlsCertExpire, $CertType) } # Check if End to End tracing has been enabled for longer duration $IsE2ETracingOnLonger = get-E2ETracingOnLonger $RRasConfig.PopulateE2ETracing($IsE2ETracingOnLonger) # Check if Inbox accounting is enabled $InboxAcct = $false $RemoteAccessAccounting = Get-RemoteAccessAccounting if($RemoteAccessAccounting.InboxAccountingStatus -eq "Enabled") { $InboxAcct = $true } $RRasConfig.PopulateInboxAccounting($InboxAcct) # Check server health $ServerHealthGood = $false [System.Collections.Generic.List[System.String]]$ErrorComponents = New-Object System.Collections.Generic.List[System.String] $ServerHealthGood = get-RAHealth($ErrorComponents) $RRasConfig.PopulateServerHealth($ServerHealthGood, $ErrorComponents) # check if connect to address is part of corp suffix but does n't have exemption entry $ConnectToAddress = $RemoteAccess.ConnectToAddress $exactmatch = $false $partialmatch = $false $exemptionpresent = $false get-DAConnectToExempted($RemoteAccess.ConnectToAddress)([ref] $exactmatch) ([ref] $partialmatch)([ref] $exemptionpresent) if($exactmatch -or $partialmatch) { $RRasConfig.PopulateConnectToExemption($exemptionpresent) } if($IsMultiSite) { # check if closest DC being used by entrypoint $CloseDC = "" $CloseDCUsed = get-DACloseDCUsed($DCName)([ref] $CloseDC) # check AD site specified in ep configuration is valid $ADSiteValid = get-DAADSiteValid $RemoteAccess $RRasConfig.PopulateMultiSite($CloseDCUsed, $CloseDC, $ADSiteValid) } # check NCSI dnsProbe and webProbe $NCSIDnsProbeResolve = $false $NCSIWebProbeReachable = $false get-NCSIProbesGood($RemoteAccess)($DCName)([ref] $NCSIDnsProbeResolve)([ref] $NCSIWebProbeReachable) $RRasConfig.PopulateNCSI($NCSIDnsProbeResolve, $NCSIWebProbeReachable) # check NCA resources $NCAResourcesReachable = get-NCAResourcesReachable $RRasConfig.PopulateNCAResReachable($NCAResourcesReachable) #check firewall is on $FirewallOn = get-NetFirewallOn $Topology $RRasConfig.PopulateFirewallOn($FirewallOn) #DirectAccess is not enabled to work with Windows 7 clients $IsDownLevel = $false if($RemoteAccess.Downlevel -eq "Enabled") { $IsDownLevel = $true } $RRasConfig.PopulateDownLevelConfigured($IsDownLevel) #Force tunnelling and Kerberos proxy will not work together when both are deployed for DirectAccess $IsForceTunnelAndKerProxy = $false if($RemoteAccess.ForceTunnel -eq "Enabled" -and $RemoteAccess.UserAuthentication -eq "UserPasswd" -and $RemoteAccess.ComputerCertAuthentication -eq "Disabled") { $IsForceTunnelAndKerProxy = $true } $RRasConfig.PopulateForceTunnelAndKerProxyConfigured($IsForceTunnelAndKerProxy) #DirectAccess connectivity will not work if the DirectAccess server is also a Domain Controller $IsDCInstalled = get-dcServiceInstalled if($IsDCInstalled -ne $null) { $RRasConfig.PopulateDCInstalled($IsDCInstalled) } #The internal network adapter on the Remote Access server should be accessed first $IsNetAdapterBindingOrderCorrect = check-NetAdapterBindingOrder $RemoteAccess.InternalInterface $RemoteAccess.InternetInterface $RRasConfig.PopulateNetAdapterBindingOrder($IsNetAdapterBindingOrderCorrect) #A certificate that could be used for DirectAccess has a SAN, but no subject name $IsSanAndSubjectName = check-SANAndSubjectName $RRasConfig $RRasConfig.PopulateSanAndSujectNameConfigured($IsSanAndSubjectName) #IP-HTTPS certificate on the Remote Access server should have a valid private key [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslCert = $RemoteAccess.SslCertificate $IPHTTPSCert = get-CertMatchingThumbPrint($SslCert.ThumbPrint) $IPHTTPSHasPrivateKey = $false if($IPHTTPSCert -ne $null) { if($IPHTTPSCert.HasPrivateKey) { $IPHTTPSHasPrivateKey = $true } } $RRasConfig.PopulateIPHTTPSHasPrivateKey($IPHTTPSHasPrivateKey,$IPHTTPSCert.FriendlyName) #The DirectAccess server did not receive the DirectAccess server GPO $IsDAPolicyPresent = $false if($DAServer.GpoName -ne $null) { $IsDAPolicyPresent = $true } $RRasConfig.PopulateDAPolicyPresent($IsDAPolicyPresent) #An Email address should be configured for NCA $IsSupportEmailConfigured = check-SupportEmailConfigured $RemoteAccess.ClientGpoName $DCName $RRasConfig.PopulateSupportEmailConfigured($IsSupportEmailConfigured) #Default gateway should be configured on the Internet interface and not on the internal interface $IsDefaultGWConfigProper = check-GatewayConfiguration $RemoteAccess.InternalInterface $RemoteAccess.InternetInterface if($IsDefaultGWConfigProper -ne $null) { $RRasConfig.PopulateDefaultGWConfig($IsDefaultGWConfigProper) } #NRPT exemptions have been configured in force tunnelling deployments $IsInvalidNrptExpPresent = check-InvalidNrptExpConfigured $RemoteAccess $RRasConfig.PopulateInvalidNrptExpPresent($IsInvalidNrptExpPresent) #AcceptInterface for DNS64 has th$e DNS64 IP address $IsDNS64AcptIfaceConfigValid = check-DNS64AcceptInterface $RemoteAccess.ServerGpoName $DCName if($IsDNS64AcptIfaceConfigValid -ne $null) { $RRasConfig.PopulateDNS64AcptIfaceConfigValid($IsDNS64AcptIfaceConfigValid) } #The DNS address used for name resolution of internal network resources should be correct $IsDNSAddrConfigValid = check-DNSServerAddress $RemoteAccess.InternalInterface $RemoteAccess.ServerGpoName $DCName $RRasConfig.PopulateDNSAddrConfigValid($IsDNSAddrConfigValid) #IP-HTTPS CRL distribution point should be accessible from the DirectAccess server $IsIpHttpsCdpReachable = check-IphttpsCdp $IsDownLevel $SslCert if($IsIpHttpsCdpReachable -ne $null) { $RRasConfig.PopulateIpHttpsCdpState($IsIpHttpsCdpReachable) } #NLS CRL distribution point should be accessible from the DirectAccess server [System.Security.Cryptography.X509Certificates.X509Certificate2]$NlsCertificate = $RemoteAccess.NlsCertificate $IsNlsCdpReachable = check-NlsCdp $IsDownLevel $RemoteAccess.NlsLocation $NlsCertificate if($IsNlsCdpReachable -ne $null) { $RRasConfig.PopulateNlsCdpState($IsNlsCdpReachable) } #Ensure that probes other than ping probes are configured in the NCA $IsNonPingProbesConfigured = check-NcaProbes $RemoteAccess.ClientGpoName $DCName $RRasConfig.PopulateNonPingProbesConfigured($IsNonPingProbesConfigured) #If NLB/ELB is deployed and ISATAP is also deployed in the corp network, #ensure that all the internal DIPs and VIPs are registered in DNS against the isatap entry. $IsIsatapDnsRecordsProper = check-IstapDnsRecords $RemoteAccess.LoadBalancing $RemoteAccess.InternalInterface if($IsIsatapDnsRecordsProper -ne $null) { $RRasConfig.PopulateIsatapDnsRecordsProper($IsIsatapDnsRecordsProper) } } } . .\WebApplicationProxyBPA.ps1 $RRasServiceObj = $RRasConfig.RRasServiceObj if($RRasServiceObj.RRASInstalled -eq $True) { if($RRasServiceObj.RRAS -ne $Null) { . .\BpaHelper.ps1 Update-RRASConfigForV2 -RRASConfig ([REF]$RRasServiceObj) } } # transform the objects into XML and output it $xmlStream = $RRasConfig.GenerateXml(); $retval = $xmlStream.Seek(0,[System.IO.SeekOrigin]::Begin); $docNode = New-Object -TypeName xml $docNode.Load($xmlStream); $element = $doc.ImportNode($docNode.DocumentElement,$true) [void]$doc.DocumentElement.AppendChild($element) $xmlStream.close(); $doc # # ------------------------ # SCRIPT MAIN BODY - END # ------------------------ #