Quantcast
Channel: Network Access Protection forum
Viewing all 1875 articles
Browse latest View live

VPN Share error 2221

November 28, 2012, 6:39 am
$
0
0

We are migrating from SBS 2008 to a new server 2012 and I'm setting up a VPN server, I can connect to the VPN without problems. But when trying to access a share I get the error User name cannot be found. But when I try to access the share based on IP address it works fine.

C:\Users\mats>net use J: \\192.168.10.2\Public
De opdracht is voltooid. (SUCCES)


C:\Users\mats>net use X: \\SERVER\Public
Systeemfout 2221.

Kan de gebruikersnaam niet vinden. (User name cannot be found)


C:\Users\mats>net use X: \\SERVER\Public PASSWORD# /u:DOMAIN\USERNAME
De opdracht is voltooid. (SUCCES)

Can someone point me in the right direction?

Search

RRAS WAN Interface

November 30, 2012, 2:09 am
$
0
0

I have configured RRAS (NAT) on Windows Server 2008, everything works fine except my WAN ADSL Modem cannot ping the server when the RRAS service is online, due to which I am unable to Port Forward Services such as WWW or Terminal Services.

Regards

Atul Deshmukh

How do you restrict users' destinations on a network using "windows NPS" radius when dialing into a cisco ASA

November 29, 2012, 11:56 am
$
0
0

Hi there,

My setup is this:

  • Cisco ASA 5525 firewalls
  • Cisco Anyconnect Client
  • Windows 2008 R2 AD Domain w/ NPS server installed and using Radius to authenticate the users' access via a group.
  • Different domain (so users are connecting from our domain into completely disconnected, remote site with a different domain).

All this is working fine.  Users can log into the system and everything is good.  Now, we would like to restrict *where* certain groups of users can log.  Most of the services they are trying to access are running either centos or RHEL, but they are connecting from Windows 7 x64-based systems.

I would like them to be able to log into the environment, but when they pull up their ssh client, I want them to be able to get to server x, but not server y.

I'm open to suggestions.


MS-CHAPV2 NAP Policy failing - Reason Code 65

November 27, 2012, 10:01 am
$
0
0

I have a Sonicwall TZ100 using Radius that is connecting to a new install of Server 2012 with NPS configured. I've followed exactly what I've done on 2008 in the past and I'm getting errors when I try to connect. The error message is:

Radius Client Authentication Failed (MSCHAP error: E=649 R=0 V=3)

On the server, I have found that NPS authentication is failing with the following message:

Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

I've found that if I edit the user profile in Active Directory and under a user's Dial-in tab select Allow Access, the error goes away and radius authenticates properly. For some reason the NPS policy isn't granting access properly. Where do I need to go to troubleshoot further why the NPS policy isn't working properly?

I have three computers in the same domain which cloned from a same template in virtual environment, none of them can logon to Remote Desktop Session Host.(NULL SID Security Log Event ID 4625)

November 26, 2012, 9:10 pm
$
0
0

As my title, these three computers are all windows 2008 R2; And tie up with same SID;

I cannot logon to the Remote Desktop Session with Domain Admin Account, While the Local Account succeed to logon to Remote Desktop Session;

(Besides,my DC comes from the same tamplate and with the same SID but I can logon to Remote Desktop Session with Domain Admin Account)

When I check the Event Viewer, I find the following Audit Faliure:

(Does the same SID cause this problem? Or how can I solve this problem?)

An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0

Logon Type:3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrator
Account Domain:qa2010dag

Failure Information:
Failure Reason:Domain sid inconsistent.
Status: 0xc000006d
Sub Status: 0xc000019b

Process Information:
Caller Process ID:0x0
Caller Process Name:-

Network Information:
Workstation Name:ZHU11030
Source Network Address:-
Source Port: -

Detailed Authentication Information:
Logon Process:NtLmSsp 
Authentication Package:NTLM
Transited Services:-
Package Name (NTLM only):-
Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

NPS grants access, but users are connecting and disconnecting then connecting intermittently

October 30, 2012, 4:39 pm
$
0
0

Hi,

i'm after some help with an NPS server I manage

I've setup a NPS server (without NAP active) on a 2008r2.

I'm seeing events 6278 and 6272 pairs for users as they connect.

I have Machine or user authentication running.

What is happening is the connection drops every now and then, sometimes after a few seconds, sometimes longer. But it will always happen within 2 minutes.

If I just used wpa2 I didn't have the issue.

I've created a separate certificate for machine authentication and one for user authentication

Output from netsh nps show config follows.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>netsh nps show config

Client configuration:
---------------------------------------------------------
Name                = wx3010
Address             = 10.0.8.2
State               = Enabled
Shared secret       = AdelaidePremiers1997-1998 (not really password)
Require auth attrib = No
NAP capable         = No
Vendor              = RADIUS Standard

Connection request policy configuration:
---------------------------------------------------------
Name             = Use Windows authentication for all users
State            = Enabled
Processing order = 1000001
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x1006      "0 00:00-24:00; 1 00:00-24:0
0; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
Auth-Provider-Type                      0x1025      "0x1"

Connection request policy configuration:
---------------------------------------------------------
Name             = Curric Secure Wireless Machine Connections
State            = Enabled
Processing order = 1
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x3d        "^18$|^19$"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
Auth-Provider-Type                      0x1025      "0x1"

Connection request policy configuration:
---------------------------------------------------------
Name             = Guest Network Secure Wireless Connections
State            = Disabled
Processing order = 2
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x3d        "^18$|^19$"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
Auth-Provider-Type                      0x1025      "0x1"

Event log configuration:
---------------------------------------------------------
Accepted authentication requests = Enabled
Rejected authentication requests = Enabled

File log configuration:
---------------------------------------------------------
Accounting                     = Enabled
Authentication                 = Enabled
Periodic accounting status     = Enabled
Periodic authentication status = Enabled
Directory                      = C:\Windows\system32\LogFiles
Format                         = ODBC formatting
Delete old logs                = Enabled
Frequency                      = Monthly logs
Max size                       = 10 MB

Ports configuration:
---------------------------------------------------------
Accounting ports     = 1813,1646
Authentication ports = 1812,1645

Network policy configuration:
---------------------------------------------------------
Name             = Connections to other access servers
State            = Enabled
Processing order = 1000001
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x1006      "0 00:00-24:00; 1 00:00-24:0
0; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
NP-Allow-Dial-in                        0x100f      "FALSE"
NP-Authentication-Type                  0x1009      "0x3" "0x4" "0x9" "0xa"
Quarantine-Update-Non-Compliant         0x1fc8      "TRUE"
Framed-Protocol                         0x7         "0x1"
Service-Type                            0x6         "0x2"

Network policy configuration:
---------------------------------------------------------
Name             = Connections to Microsoft Routing and Remote Access server
State            = Enabled
Processing order = 1000000
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x1033      "^311$"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
NP-Allow-Dial-in                        0x100f      "FALSE"
NP-Allowed-EAP-Type                     0x100a      "1A0000000000000000000000000
00000" "0D000000000000000000000000000000"
NP-Authentication-Type                  0x1009      "0x5" "0x4" "0xa" "0x3" "0x9
"
Quarantine-Update-Non-Compliant         0x1fc8      "TRUE"
Framed-Protocol                         0x7         "0x1"
Service-Type                            0x6         "0x2"
MS-Filter                               0x102f

        ===============================================================
        IPFILTER_IPV4INFILTER   Action: DENY
        ---------------------------------------------------------------
        Address . . . . . : 0.0.0.0
        Mask. . . . . . . : 0.0.0.0
        Protocol. . . . . : 0
        Source Port . . . : 0
        Destination Port. : 0
        ---------------------------------------------------------------

MS-MPPE-Encryption-Policy               0xffffffa7  "0x2"
MS-MPPE-Encryption-Types                0xffffffa6  "0xe"

Network policy configuration:
---------------------------------------------------------
Name             = Curric Secure Wireless Machine Connections
State            = Enabled
Processing order = 1
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x3d        "^18$|^19$"
Condition1                              0x1023      "S-1-5-21-3373441940-3891712
694-2128681551-3133;S-1-5-21-3373441940-3891712694-2128681551-1632"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
EAP-Configuration                       0x1fa2      "190000000000000000000000000
000004C030000020000004C0300000100000014000000D80BFA95CB1FBCC8027A7233C1DD0C3162A
D61870100000001000000240300001A0000000000000003000000040000000200000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000"
MS-Extended-Quarantine-State            0x1fd9      "0x0"
Ignore-User-Dialin-Properties           0x1005      "TRUE"
NP-Allow-Dial-in                        0x100f      "TRUE"
NP-Allowed-EAP-Type                     0x100a      "190000000000000000000000000
00000"
NP-Authentication-Type                  0x1009      "0x5" "0x3" "0x9" "0x4" "0xa
"
MS-Quarantine-State                     0x1faf      "0x0"
Quarantine-Update-Non-Compliant         0x1fc8      "FALSE"
Framed-Protocol                         0x7         "0x1"
Service-Type                            0x6         "0x2"
MS-Link-Utilization-Threshold           0xffffffaa  "0x32"
MS-Link-Drop-Time-Limit                 0xffffffa9  "0x78"

Network policy configuration:
---------------------------------------------------------
Name             = Guest Network Secure Wireless Connections
State            = Disabled
Processing order = 1
Policy source    = 0

Condition attributes:

Name                                    Id          Value
---------------------------------------------------------
Condition0                              0x3d        "^18$|^19$"
Condition1                              0x1023      "S-1-5-21-3373441940-3891712
694-2128681551-1632"
Condition2                              0x100c      "10.0.16.3"

Profile attributes:

Name                                    Id          Value
---------------------------------------------------------
Ignore-User-Dialin-Properties           0x1005      "TRUE"
NP-Allow-Dial-in                        0x100f      "TRUE"
NP-Allowed-EAP-Type                     0x100a      "190000000000000000000000000
00000"
NP-Authentication-Type                  0x1009      "0x5" "0x3" "0x9" "0x4" "0xa
"
MS-Quarantine-State                     0x1faf      "0x0"
Quarantine-Update-Non-Compliant         0x1fc8      "TRUE"
Framed-Protocol                         0x7         "0x1"
Service-Type                            0x6         "0x2"

Server registration:
---------------------------------------------------------
Status = Registered

SHV configuration:
---------------------------------------------------------
Id                             = 79744
Name                           = Windows Security Health Validator
Vendor                         = Microsoft Corporation

Description                    = The Windows Security Health Validator defines t
he policy that client computers must be compliant with.

Version                        = 1.0


Policy server unreachable      = Noncompliant
Remediation server unreachable = Noncompliant
System Health Agent failure    = Noncompliant
NAP server failure             = Noncompliant
Other errors                   = Noncompliant

SQL log configuration:
---------------------------------------------------------
Connection                     =
Description                    =
Accounting                     = Enabled
Authentication                 = Enabled
Periodic accounting status     = Enabled
Periodic authentication status = Enabled
Max sessions                   = 20

Ok.


C:\Windows\system32>

Install a radius server on windows server 2012

December 3, 2012, 5:02 am
$
0
0
Looking for advice on how to install Radius server on windows 2012

Windows Server 2003 R2 Incorrect Password when browsing shared folders

December 5, 2012, 7:03 am
$
0
0

Everything worked last night.

Everything is working for every computer except one now.  That one computer (out of 20) is saying that credentials are incorrect when trying to browse shared folders on one of our servers (win 2003 r2)  the other server (2008) is able to be browsed fine.  I am able to connect using RDP to the server from the affected laptop using the credentials that are supposedly incorrect when trying to browse (or map a network drive).  I have searched the internet for about an hour and not found any fix.  Thanks in advance.

I'm assuming this is a security issue rather than a networking issue but no settings have changed.

Search

NAP 2008 R2 Licensing

December 2, 2012, 10:27 pm
$
0
0

Dears,

We are planning to deploy dot1x with NPS / RADIUS servers for almost 32000 users and countless switches..

Is there any specific licensing for NAP ? do we need 32000 Client Access Licenses for NAP? and what about network switches using RADUIS servers..

Any official document to support NAP licensing is most welcome..

Regards,

MCP,MCTS(Vista),MCSA(Messaging)

Remediation server doen't show in print route

December 6, 2012, 12:59 am
$
0
0

hi guys,

my problem is that not all remediation servers IPs appear on the client PC in the cmd when 'route print' is issued.

So, what I did is that I deleted one of them and I'm not able to delete the second.

I get the followin message:

' Server is being used in the following network policy.

Pleaze delete or update that policy first'.

Can you please let me know how to fix this and overcome the problem.

step by step giude for NAP SQL reporting

December 8, 2012, 11:15 pm
$
0
0
looking for step by step giude for NAP SQL reporting

NAP notification (napstat) on Windows 8

December 6, 2012, 5:48 am
$
0
0

I have NAP running on several Wireless Access Points and switches. I have only tested it on Windows 8 sofar. I noticed that when a NAP Client is nog compliant or non-compliant users don't get a (pup-up) notification in the taskbar. You can only check it in the Action/Security Center. I have read that apparently this behavior has changed in Windows 7/8. I just want to confirm that is correct.

Does a NAP client not show any notifications (in the taskbar) anymore when it is non-compliant? Is there any way to enable it?

Boudewijn Plomp, BPMi Infrastructure & Security

printer not able to scan to folder with NAP client

November 30, 2012, 10:26 pm
$
0
0

i have a network printer configured to scan to folder - the shared folder is on a client machine

now i am implementing NAP (IPSEC)  - so the client is in the secure network and requiring IPSEC communication

the printer is not able to communicate with the client anymore - is there anyway to fix that


do i need to add it in the exemptions in this case and how becasue i think the printer will now understand IPSEC - right?

802.1x wired authentication problem with windows 7

November 20, 2012, 8:31 am
$
0
0
I am trying to set up a 802.1x environment for work . I would like the windows 7 clients to be authenticated by windows logon automatically that configured by group policy. but when i authenticated by domain user on my windows 7 , the interface authentication failed , and it needed disable/enable interface to authenticate correctly. but windows 8 worked excellent by the same policy. what is the windows 7 problem?

NPS authentication fails with reason 16 after applying realm striping rule (striping domain from user-name) in NPS

December 7, 2012, 7:36 pm
$
0
0

I need to implement a 802.1x network authentication for our wired infrastructure using one 2008 R2 server which is our NPS as well as our DC. We are running NPS on Windows 2008 R2 Ent. We are stripping the domain name using realm.  But now authentication failed with

Reason Code:       16

Reason:                 Authentication failed due to a user credentials mismatch. Either the user name  provided does not map to an existing user account or the password was incorrect.

Here is the Detail Event log

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

               Security ID:                                           KWT\moe

               Account Name:                                   moe

               Account Domain:                                KWT

               Fully Qualified Account Name:         KWT.PRIV/People/100099363

Client Machine:

               Security ID:                                           NULL SID

               Account Name:                                   -

               Fully Qualified Account Name:         -

               OS-Version:                                          -

               Called Station Identifier:                     16-18-1A-32-59-46:eduroam

               Calling Station Identifier:                    70-DE-E2-85-B9-31

NAS:

               NAS IPv4 Address:                               172.16.16.6

               NAS IPv6 Address:                               -

               NAS Identifier:                                      -

               NAS Port-Type:                                    Wireless - IEEE 802.11

               NAS Port:                                              0

RADIUS Client:

               Client Friendly Name:                         Surrey APs

               Client IP Address:                                172.16.16.6

Authentication Details:

               Connection Request Policy Name:    Eduroam - Local

               Network Policy Name:                        Eduroam -LocalN

               Authentication Provider:                    Windows

               Authentication Server:                        IDA.KWT.PRIV

               Authentication Type:                          PEAP

               EAP Type:                                             Microsoft: Secured password (EAP-MSCHAP v2)

               Account Session Identifier:                -

               Logging Results:                                  Accounting information was written to the local log file.

               Reason Code:                                       16

               Reason:                                                 Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Search

NPS and WSUS

December 10, 2012, 9:43 am
$
0
0

Hello guys,

Here is how my network infrastructure is designed:

- Server1: DC

- Server2: DHCP and NPS

- Server3: WSUS

- Server4: Anti-Virus

I've configured NPS successfully and I have identified the remediation servers which are WSUS and AV.

Now I'm working on configuring WSUS to remediate NPS clients to install updates on client PCs.

My client computers do not show in the WSUS console 'Computers' section, although an update is required. How can I do that?

Your suggestions are appreciated.

performance of NPS .. need to know if my info is normal

December 7, 2012, 6:19 am
$
0
0

We are discussing internally to moving our current single NPS server to multiple NPS's with 2 NPS proxies.

The reasoning behind this has mostly been to increase redundancy. However I have been curios if we even need to go that route because no one is really sure if our existing NPS server is overloaded or not. So I began running performance monitor and tracking the "NPS Authentication Server" counters. I collected data for 4.5 hours on a typical data and these are the numbers I got. I'm wondering if these are normal or extremely high for our environment.

~120 access points spread over 6 buildings.

~1000 users on wireless at any given time

NPS is running on 2008 R2, all DC's are 2008 R2.

NPS Data (4.5 hours runtime)

Access-Challenges/sec - avg = 1.5, max = 45, total = 2,339,207

Access-Requests/sec - avg = 1.7, max = 51, total = 2,672,590

Access-Accepts/sec - avg = .198, max = 6, total = 325,000

Exact same problem after server updates

December 12, 2012, 2:22 pm
$
0
0
Hi, I am getting this same issue, except the wifi has been working great for the last 6 months, I turn up today and I get the same logs in Event viewer under NPS, the only thing that has changed on the server and clients are some updates that came thru last night and restarted them, now it appear no one can connect.

NPS fails reason code 266

May 21, 2012, 8:46 am
$
0
0

Hi,

Recently I started getting complaints that internal wireless users couldn't connect to our internal network.  We have the following setup:

Windows 2008 Server with NPS role installed - fully patched with the most current patches from MS.

NetGear WNDAP350 Access Point

The WNDAP350 AP is configured to use Radius and points to Windows 2008 server with NPS installed.

This has all been working fine for several years but starting about two weeks ago I noticed that users were no longer able to connect using this AP.  I looked at the NPS logs and I see the following event in the event log now:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
 Security ID:   DDD\User
 Account Name:   DDD\User
 Account Domain:   DDD
 Fully Qualified Account Name: DDD\User

Client Machine:
 Security ID:   NULL SID
 Account Name:   -
 Fully Qualified Account Name: -
 OS-Version:   -
 Called Station Identifier:  00-26-F2-F7-FE-A0:wirelessAP
 Calling Station Identifier:  88-53-2E-A0-C4-63

NAS:
 NAS IPv4 Address:  172.16.0.246
 NAS IPv6 Address:  -
 NAS Identifier:   hello
 NAS Port-Type:   Wireless - IEEE 802.11
 NAS Port:   0

RADIUS Client:
 Client Friendly Name:  mywap
 Client IP Address:   172.16.0.246

Authentication Details:
 Proxy Policy Name:  Use Windows authentication for all users
 Network Policy Name:  Secure Wireless Connections
 Authentication Provider:  Windows
 Authentication Server:  ADC1.ddd.com
 Authentication Type:  PEAP
 EAP Type:   -
 Account Session Identifier:  -
 Reason Code:   266
 Reason:    The message received was unexpected or badly formatted.

I haven't made any changes in the configuration other than applying the most recent set of MS patches that were released on the most recent patch Tuesday.  I thought maybe the problem was the AP so I replaced it with a backup and I still have the same problem.  Did the most recent MS patches break something? 

Thanks in advance,
Nick

How to monitor VPN connection?

April 27, 2010, 1:07 am
$
0
0

Hi all,

Please help me with vpn monitoring. Here are the general description of my objectives:

Function:

Monitor VPN clients on server side, disconnect those suspicious connections. "Suspicious" means the client sents/receives bytes that exceeds specified numbers in a specified time, e.g., 100MB in 20 minutes.

Requirements:

Realtime. It should automatically and periodically check all the VPN clients' connection status, to see if they hit the disconnection criteria.

To my knowledge, in the RRAS snap-in I can view all the connection status, including each connection's up/download bytes. I can also kick those suspicious connection, only manually. And in the system event log, I can filter out Remote Access log recording up/download bytes, but the difference is that this log is generated after the client disconnected.

My progress:

Event Log is too late - it is recorded afterwards. The suspicious connection need to be disconnected by the server, instead of by itself.

I haven't found any ready-made program which meet my requirements(not too high, right?)

API is a good idea. I check MSDN but not a clue. I guess I will have to do a lot of programming in this way.

Please share anything you know regarding this. Many thanks!

Viewing all 1875 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>