Instalar Windows 11 Pro Sin Internet
Sacha Weakland
This past weekend I moved from a TMG 2010 to XG310. Everything is running correctly but all the windows machines are reporting "No internet access" with a yellow exclamation mark over their network connection status icons. Sophos is setup with "Sophos Transparent Authentication Suite" turned on and a collector on each of our Windows AD domain controllers.
The couple posts I have found with the same issue are old and didn't have a real resolution. Things online said to turn off the part of windows that checks this but then the clients will always show they have internet access even when they don't which isn't a solution either
Hi Allan, since this is not a common problem, I would say double check your DNS and web access settings. Here is an old technet article that I found but the mechanism that checks for connectivity is still the same in windows 7/8/10. Let us know if this works for you.
I once did some consulting work at a place that had a Astaro v6 with transparent authentication that had the exact same issue (Windows XP back then) and I couldn't figure it out but since it didn't seem to break anything I told them to ignore it.
I experienced this exact same issue. It is due to STAS and how the firewall drops traffic while trying to figure out who the user is. I has to stop using STAS until Sophos comes up with a better implementation. I have 2 XG230's running in a cluster with multiple RED sites. The RED sites experienced the problem more than the users directly behind the XG. Both Domain Controllers are behind the XG and all RED sites use those. The XG takes way too long to identify the user and thus cause connectivity issues and show the yellow exclamation point as you saw.
I wish the problem was more consistent also. Like yesterday my own computer showed no internet access for about three hours. Today it did it for 45 minutes. I realize that's partially a Microsoft issue but it also didn't happen before we put in the Sophos.
I did the "echo 28800 > /proc/sys/ipset/ipset_guest_flush_timeout" command to increase the timeout but I couldn't figure out the "system auth cta unauth-traffic drop-period" command and I don't want to randomly try things and break it. You know the exact syntax to lower it?
We don't restrict anyone based on their user, we have a DMZ/customer wireless which is completely open access (bandwidth limited) and our regular user access is pretty wide open also. Is there any reason I can't set this down to 1?
We don't restrict access by user either. We tried to use it so we could get more granular reporting based on the user and not the IP but even for use, setting it all the way down to 1 still cause a small issues. Turning it down to 1 does not give the firewall enough time to learn who the user is so it almost as if you don't have the feature enabled.
For your DMZ, I would exclude that subnet in the STAS application itself. That seems to work most of the time but it's not 100%. I was still seeing some dropped packets from our DMZ WIFI network saying identity was the cause.
system auth cta unauth-traffic drop-period 40 must be done from the device console which is option 4 on the main menu. The other command is done from the advanced shell of the firewall.
I'll try it with 30 and see if its better. Although anything would be better at this point to stop users from calling and saying they have no internet access then asking them if they can get to google and when they say yes telling them they have internet access and trying to explain whats going on over and over.
I feel your pain. That article wasn't out when I had the problem and support "couldn't find anything wrong" until I started doing drop packet captures and showed them the firewall was at fault. We only want to use STAS to help identify the users. I wish they would come up with a way to not block users like this when the firewall cannot identify them. Even at 30 seconds, that is awhile to wait when you have someone trying to access something right then.
I had a similar problem, but it wasn't STAS for me. Windows does a lookup to a URL to determine if internet access is working. The XG was blocking this request as a virus. I needed to add the following to a web exception rule and disable malware scanning:
I added both exceptions in but it also didn't seem to help for me. Most Windows 10 machines and Server 2012 are clearing the error within a hour, most Windows 7 machines are never clearing.
I also found this that's related but not related: -us/articles/230900948-Umbrella-Roaming-Client-Microsoft-Windows-Limited-Network-Connectivity-Warning-Yellow-Triangle- along with this: -7-network-awareness/ in which someone created their own "internet check server". The first didn't seem to help, the second could potentially but I don't really want to have to create and host a website for the check to work especially when clients leave the network and might be affected coming back in to check status.
-Allan
However, I have found that these commands only work if the machine has internet access, which makes sense since each command uses the 'Online' switch. The existence of the 'Online' switch makes me think that there might be a way to perform the installation offline. Such an offline installation would probably require files to be downloaded and placed on the machines, which Add-WindowsCapability or DISM.exe knows how to use.
The Add-WindowsCapability cmdlet does have a method for installing from a local package file. I've copied the example from the link here. The key is the -Source parameter which should point to the location of the CAB file containing the windows feature to be installed.
For this work around you will need both the Windows Server 2019 Features On Demand disc and the Windows 10 Features On Demand disc. Once you have both discs / ISOs downloaded follow these simple steps.
I have a project which I will have to deploy to client Windows systems where it will not be possible to connect to internet. I currently have a folder in D:\NODE which contains node.exe and npm.cmd and a node_modules folder. To be able to run node from command line I have added D:\NODE to PATH variable.
Following suggestion below I went to node-windows (installed globally) and packaged it up (npm pack), which created a tarball. I have then copied that file with my project and tried to install it on the test machine globally like this: npm install -g node-windows-0.1.5.tgz
2 - go to %userprofile%\AppData\Roaming\npm\node_modules[module name]\(e.g C:\Users\janson\AppData\Roaming\npm\node_modules\grunt-cli)
3 - run npm pack
4 - this should result in a [module name]-x.y.z.tgz file
5 - run npm i -g [module name]-x.y.z.tgz in offline system
Cannot under any circumstances use wireless at the office and wouldn't you know it the machine doesn't come with a wired network adapter. Or a cd/dvd drive. Or a way to connect to a standard workstation monitor. All of those are extra. But I digress.
I've taken the machine home and used my home wireless to download the latest boot camp files (which now reside in the downloads folder as a .zip file). But I'll be ****** if I am going to do this work at home in the evenings in my spare time.
So...back in the office with no internet. If I try to create a bootable usb it insists on re-downloading the drivers even though I already have them downloaded. If I manually copy the files over to the usb it balks because the usb drive is already bootable. If I skip the usb drive the windows install balks because it doesn't like the partition created by boot camp. Seriously???
So...it cannot be done without an internet connection. That is short sighted. This particular machine will never connect to the internet. EVER. But it requires an internet connection to set it up. Disappointing.
how do you expect Windows to activate/verify your license key? if they allowed non-internet installs, everyone would be running free/pirated versions of Windows since someone would hack whatever pre-installed auth were in the installer
Back on topic: It would seem you need an internet connected Mac to create the USB boot drive. Once this is done however it should be possible to use this already created USB boot disk to do an offline install. Haven't tested it yet. Still this requires at least one machine connected to the internet in order to make this work.
but yes, back on topic. no internet, no solution. let us know if you figure it out. you have home internet, it takes about 10 minutes of real work and about 1 hour of the computer working for it to finish installing everything, but i find the irony rich that you will spend more time researching how to do this without internet then just checking on the machine every 30 minutes at home after starting the install.
Ideally I would just setup one machine and clone it (I have many machines to setup) and hold off on activating Windows until after the imaging. But I have yet to find a good imaging solution that will handle the UEFI enabled 2013 Macbook Pro with multiple OSes installed. On the bright side: keeps me in a job.
I have a MediaAgent which does not have internet access or access to any other windows update service, can I use the workflow to update this MediaAgent with windows updates, or does it need to have access to the internet to get this workflow to work?
Just to clarify. So its not enough that the CommServe has access to the internet, and therefor are able to download the updates and then send the updates to the MediaAgent via Commvault communication, the MediaAgent it self also needs internet access?
The updates are not downloaded to the commserve and then pushed to the media agent. The workflow executes the script on the client (Media agent in this case) which will download the updates directly to the client, thus it will need access to internet.
Microsoft requires your system to have an active internet connection to complete the Windows 11 setup. It asks you to log into your Microsoft account to download critical updates and new features before you can start using your freshly installed Windows operating system.
d3342ee215