We use HyperV Server to manage Microsoft VMs because of the cost and use the HyperV Manager app on other computers to manage the VMs on the HyperV Server machines. When we attempt to move VMs between servers with HyperV Manager, it fails with an authentication error because the destination server provides a authentication token that can only be used by the requesting computer (Computer with HyperV Manager installed) but HyperV Manager passes that auth token to the source server to perform the move which make them invalid.
There are two main solutions:
add new permissions to the Admin user in AD so that the auth token can be proxied; or
use powershell on the source server
As I expect you’re looking for a quick answer, here is the powershell comand:
Here are some setting you’ll want to change on your Telus LTE Hub if your going to use it with VoIP. This also presumes that your using a commercial grade router/firewall to protect your network from the internet. The LTE Hub does not have a sufficient firewall. I recommend either PFSense or a Ubiquiti EdgeRouter. Find out more at our web store at https://www.BuyPhonesOnline.ca
Turn off SIP ALG Settings: SIP ALG will mangle VoIP traffic. You must turn it off. Its on by default
The PFSense firewall should have a static ip address or static DHCP. The telus hub is in the range of 192.168.8.1 and at the moment the pfsense wan is 192.168.8.102. We want to make sure the .102 does not change. You can do this by setting it as static on the PfSense / EdgeRouter / other router. I didn’t see an option to mark it as static within the Telus Hub
The DMZ should be set to the IP address of PFSense. In this case (as above) pfsense is 192.168.8.102. We want to make sure this doesn’t change. This forces all non-initiated inbound traffic to the PFSense / EdgeRouter
Cone NAT is better for VoIP, Should be left as is.
Static IPs are better for VoIP and they can be requested with a special request from Telus on a LTE Hub. If you need support configuring your VoIP or Telus Hub, reach out to us and we can connect remotely and get you resolved
PFSense is great because it can be installed as a VM in a datacenter and handle enterprise grade routing and reporting. EdgeRouters are great because they’re readily available and at a very reasonable cost.
Both support Openvpn which tends to be a reliable easy to use VPN protocol that allows the vpn client to not have a static IP address. There is no GUI for Openvpn on the EdgeRouter but it is pre-installed and can be easily be configured in the console.
Once you’ve configured the OpenVPN server in the PFSense interface, there is a export feature that allows a ovpn file to be created that contains the configuration information required for the client side (EdgeRouter).
I initially had issue as the config file included a “pull” command that the Edgerouter complained was not valid without the TLS-Server or TLS-Client specified. I manually edited the file and removed the “pull” line and then the tunnel connected without issue.
From the EdgeRouter config, do:
# set interfaces openvpn vtun0 config-file /config/nameofyourconnection.ovpn # commit # set service nat rule 5020 description 'masquerade for Tunnel' # set service nat rule 5020 outbound-interface vtun0 # set service nat rule 5020 type masquerade # set service nat rule 5020 protocol all
Log files in EdgeOS are in the /var/log/messages file
I manually added a push route command to the client config file push "route 192.168.3.0 255.255.255.0"
EdgeOS 2.x uses OpenVPN 1.2.4 as does PFSense 2.4.x
Tunnel status is at: /var/run/openvpn/status/vtunX
To update, delete the interface and re-create. Delete with delete interfaces openvpn vtun0