7.Jan.2013 |
by Gusac |
Filed in: Articles, Tutorials
Server Manager in Windows server 2012 lets you manage remote servers using Windows Remote Management (WinRM). However, for managing down-level servers like Windows server 2008 and Windows server 2008 R2 there are a few prerequisites need to be met. 1. Service Pack Prerequisite SP1 required on Windows Server 2008 R2 and SP2 on Windows Server 2008. 2. Microsoft .Net Framework 4.0 3. Windows Management Framework (WMF) 3.0 Target system needs to have WinRM 3.0. It is included in Windows Management Framework 3.0 and can be download from Microsoft Site. 4. Services status Windows Remote Management (WS-Management) service - Started and set to Automatic Windows Management Instrumentation service – Started and set to Automatic DCOM Process Launcher service – Started and set to Automatic 5. WINRM Port or DCOM Port connectivity Make exception in Windows firewall to allow Winrm or Dcom port. Default port for WinRM over HTTP is 5985 and over HTTPS is 5986. 6. Microsoft Patch for the down-level (target) server Windows Server 2012 list the target servers with status: “Online - Verify WinRM 3.0 service is installed, running, and required firewall ports are open” http://support.microsoft.com/kb/2682011 7. Allow remote server management through WinRM Method 1: Group Policy Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow remote server management through WinRM Set the policy to Enabled and put * symbol for IPv4 and IPv6 filter. Method 2: Command line On the target server, type the command: Alternatively, you can run the command “winrm quickconfig” to enable remote access 8. Enable Windows PowerShell remote management On the target sever, launch Powershell window and type the following comment: Enable-PSremoting –Force This command configures the computer to receive Windows PowerShell remote commands that are sent by using the WS-Management technology.
3.Jan.2013 |
by Gusac |
Filed in: Articles, Tutorials
Steps to enable or disable Internet explorer security Configuration: 1. Open Server Manager 2. Click Configure this local server to open the Local Server configuration page. 3. Then, in the Properties area, next to IE Enhanced Security Configuration, click On to open the Internet Explorer Enhanced Security Configuration dialog. 3. To allow members of the local Administrators group to use Internet Explorer in its default client configuration, under Administrators click Off. 4. To allow members of all other groups to use Internet Explorer in its default client configuration, under Users click Off. 5. Click OK to apply your changes. Once the Internet Explorer Enhanced Configuration is turned off for one set of users, Server Manager will display Off next to Internet Explorer Enhanced Security Configuration.
2.Sep.2012 |
by Gusac |
Filed in: Tutorials, Articles
By default, the DHCP Scope option 150 for Cisco TFTP Server is not available on Windows Server. Below are the steps to add the configure the option 150: 1. First we need to define the option 150 so that it can be made available in the scope options list. For this, right click on the IPv4 and choose the option Set Predefined Options… (screenshot below) 2. Click on the Add… button and you will get another dialog box asking you the Option Type. 3. Fill the details as mentioned below and shown in the screenshot: Name: Cisco TFTP Server Data Type: IP Address Array: Checked Code: 150 Description: Used for Cisco Call Manager TFTP Server
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; } 4. Click OK and click Edit Array button to enter the IP address for the TFTP Server (Screenshot below). Once you are done, click OK to exit. 5. Now, to configure Option 150 for any scope, go to its Scope Options, right click on and choose Configure Options and select the Option 150 from the list. You can edit the IPs if you required.
26.Aug.2012 |
by Gusac |
Filed in: Articles
Issue: Windows 2008 R2 Service Pack 1 installation fails with the error (as shown below). If you click on the Details link on the error page, it displays the error code 0x800f081f Installation was not successful A system error prevented the service pack from installing. Please download and run the "Check for System Update Readiness" tool at http://go.microsoft.com/fwlink/?LinkId=122602 Additionally, the event log displays two error event ids in the system logs: Event ID 7 and Event ID 8 from source: Service pack installer Solution: 1. First step, though not seldom useful for this issue, is to run System Update Readiness tool and let it fix the corrupt manifest or you can check the logs and replace them. Click here is a reference to an article that shows how to troubleshoot using System Update Readiness tool 2. Check the Event ID 8 in the system log. It would show you the update that is causing the issue. In this case, it is KB 976932 Notice the value for Identity in the above screenshot. To fix this, remove this package. Here is the command: dism /online /remove-package /packagename:PACKAGE_NAME
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
where PACKAGE_NAME is the exact name string provided in the Identity section of the error. You can also get this value from the CheckSUR.log from the step 1.
So, in our case the actual command would look like:
dism /online /remove-package /packagename:Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.1.17514
3. Reboot the server once the above command completes successfully and start the Windows 2008 R2 SP1 setup again. It should succeed this time.
23.Jul.2012 |
by Gusac |
Filed in: Articles
With Windows server 2012, the option to turn off Internet explorer enhanced security configuration has been moved. Below are the steps to accomplish the same task in new server edition: Launch Server Manager Click on Local Server on the left pane of the Server Manager console. On right pane for server properties, we have the option IE Enhanced Security Configuration. Click ON option and it will give you a new window. 5. Select the appropriate option that you require and click OK
18.Jul.2012 |
by Gusac |
Filed in: Articles
While promoting a Windows server 2012 as a domain controller, the first thing you would notice is that DCPROMO command no longer works! The windows would give you a screen as below: The article talks about the steps to promote your Windows server 2012 as a domain controller or we can say installing the Active Directory Services role. There are two ways to promote Windows 2012 to a DC. One use GUI, that is, via Server manager console and another is via command line using Powershell. In this article, we are going to discuss the DC deployment and configuration via Server manager only. Server Manager 1. Launch Server Manager and click on Manage at top right and choose Add Roles and Features. 2. Select Role-based or feature-based installation and click Next. 3. Select the server on which you want to deploy ADS role 4. Check the role Active Directory Domain Services. Once you check, you would be given a prompt, click on 5. Select features that you want and click Next 6. Click on Next and Finish the wizard to start installing the ADS role. You can close the wizard once it starts installing the role, without interrupting the installation task. 7. One the installation is complete, it should give you the Post-deployment configuration wizard. If it doesn’t then click on the Notification Flag at top right and then click on Task menu or Task Details at the bottom. 8. In Task Details and Notifications window, the Post-deployment Configuration task should be listed. Under Action column, click on Promote the server to a domain controller option. This would launch a new configuration window. 9. Select the Deployment option; if you are promoting the first DC or adding additional DC to existing domain/forest. In our case, we are going for first option: Add a domain controller to an existing domain. Supply other details like domain name and the credentials. 10. The next Domain Controller Options screen may take some time and appears to be hung with all settings greyed out. Give it a little time and it would let you choose the options as give below. Choose DNS, GC or RODC role and the Site name as required. Provide the DSRM password. 11. Next screen is for DNS options to let you configure DNS Delegation. You may need to Update DNS delegation. To update, enter credentials with permission to create DNS delegation records in the parent DNS zone. 12. On the Additional Options page, choose one of the following options: To create a new domain, type or verify the NetBIOS name of the domain. To add a DC to a domain, select a domain controller to replicate the AD DS installation data from (or the wizard can select "any"). 13. Select the desired path for AD database, Log files and Sysvol folder. 14. On next Preparation Options page, you may need to specify alternate credentials to run Adprep. 15. Next is Review Options page which gives you the summary of your selection before it actually starts making the configuration changes. There is also a button at bottom right to View script of the task the wizard is going to perform. This contains the PowerShell cmdlets for the same. 16. Next is the page for Prerequisites. You can review the warnings and errors before proceeding with the installation. 17. Once the installation is complete, the server is reboot automatically. If not, reboot it to complete the installation.
18.Jul.2012 |
by Gusac |
Filed in: Tutorials, Articles
Schema version value is stored in the objectVersion attribute in Active Directory. There are different methods to query and find the attributes value: Registry Command Line - DSQUERY ADSIEdit.msc Powershell Applies to: Windows server 2003, Windows server 2008 and Windows server 2012 server as well. Registry: Navigate to registry: HKLM\System\CurrentControlSet\Services\NTDS\Parameters DWORD Value: Schema Version (value in Decimal) In example below, the schema version is 47 (Windows server 2008 R2) Command Line - DSQUERY Open the command prompt as administrator and type: dsquery * cn=schema,cn=configuration,dc=DOMAINNAME,dc=COM -scope base -attr objectVersion
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
ADSIEDIT
1. Launch ADSIEdit.msc and connect to Schema naming context.
2. On the right pane, right click and go to properties.
3. In properties window, scroll down to attribute objectVersion
Powershell
Launch the Active Directory module for Powershell and type the following command:
Get-ADObject "cn=schema,cn=configuration,dc=DOMAINNAME,dc=COM" -properties objectversion
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
16.Jul.2012 |
by Gusac |
Filed in: Articles, Tutorials
In Windows 2012, the usual Remote Desktop window is not easily visible. To launch the Remote Desktop window, there are two methods: Command Line and Graphical User Interface. Command Line 1. Move your mouse to bottom right of the screen and you would see a bar, Charm Bar. 2. Click on the Search button, the one with magnifying glass. See the screenshot below: 3. Enter CMD in the Apps search text box: 4. Click on CMD on the left, it will launch the command prompt: 5. In command prompt window, type SystemPropertiesRemote and hit Enter 6. The above command would launch the System Properties windows. 7. Select the appropriate option under Remote Desktop and click OK. Graphical Interface 1. Move your mouse to bottom right of the screen and you would see a bar, Charm Bar. 2. Click on the Settings button, 3. Click on Server Info under Desktop 4. The Server Info launches the Control Panel System page. Click Advance System Settings on the right. This would launch the same System Properties page. 5. Select the appropriate option under Remote Desktop and click OK.
17.May.2012 |
by Gusac |
Filed in: Articles, Troubleshoot, Tutorials
As most of you know by now that since Windows server 2008, mstsc.exe has replaced old /console switch with new /admin switch. This article talks about the behavior when you connect to an administrative session using the /admin switch. Below are the behavioral changes: It does not connect to session 0 of the server unlike /console switch. This is because the session 0 on Windows 2008 and later operating system is used exclusively for the system services. Client access license is not used. If you have Remote desktop services role installed with configured CALs, using this switch will not use one of the CALs. We can have only two sessions on the server including session using /admin switch. This different from previous version where we could have two remote desktop sessions and a third console session using /console switch. Time zone and Plug-n-Play device redirection is not available with /admin session Easy Print feature is not available in the session. Administrative sessions (/admin) are not counted towards session limit.
12.May.2012 |
by Prem Rana |
Filed in: Articles, MS Exchange
Below are the steps to configure SSL for Exchange server 2007
1. Open EMS and type the below command to generate certificate request in shell.
New-ExchangeCertificate -GenerateRequest -SubjectName "dc=com,dc=winplat,o=Article,cn=OWA.winplat.com" -domainname OWA.winplat.com,
autodiscover.winplat.com, SMTP.Winplat.Com, CAS01.Winplat.Com, CAS02.Winplat.Com, -FriendlyName "Microsoft Exchange 2007"
-KeySize 1024 -PrivateKeyExportable $true -Path c:\owacert.txt
2. Open URL http://certificate server name/certsrv
Click on the task Request a certificate
3. Click submit an advanced certificate request
4. Click Create and submit a request to this CA
5. Keep the next page open and browse and Open the cert request in notepad previously generated in shell in step 1.
6. Copy the notepad text and paste it in the Saved Request text box on the configuration page and click submit
7. Click on download certificate
8. User Powershell command to import the certificate. Here is the command:
Import-ExchangeCertificate -Path <Path of the Certificate File>
9. Use Powershell to enable this certificate for IIS and SMTP services. Below is the command:
Enable-ExchangeCertificate –Thumbprint “AAAAAAAAAAAAAAAAAAAAAAAAAA” –Services IIS,SMTP
10. PowerShell command to enable this certificate for POP and IMAP services:
Enable-ExchangeCertificate –Thumbprint “AAAAAAAAAAAAAAAAAAAAAAAAAA” –Services IIS,SMTP
