The Lone Server

he countdown is on! As I write this blog, it’s only 72 days until support for Windows Server 2003 finishes. That’s right, the workhorse of many an organisation is about to lose support. If you haven’t yet, then you need to seriously start planning to move the last of your Windows Server 2003 installations across the the latest version, Server 2012 R2. That will mean big changes, not only the operating system but all your applications and infrastructure will need to be upgraded, or migrated, to Server 2012 R2. It’s been more than 7 years now since Microsoft replaced the last of their Server 2003 installations with Server 2008. For a while there was one, lonely server left still running the older operating system. He became a bit of a star, “Lone Server” had his own blog, even had a short movie made about being  Microsoft’s last 2003 Server. Clever, and well worth a look at.

What resources are there? One of the best options is Microsoft’s Virtual Academy (MVA). They have a number of sessions that instruct organisations on how to plan and then migrate to Server 2012. You can download these sessions or watch at your own pace online. Andrew McMurray presents the first of many MVA sessions. Technet has articles, planning guides and tools available. Migration guides are readily available and a good starting point.

Migrate to Server 2012

Not only do your operating systems and applications need to be migrated or upgraded, just like that Lone Server, your own skills and certifications also need to be brought up to date. Microsoft have a fantastic, limited-time offer that allows you to take any Microsoft Certified Professional (MCP) exam between 5 January 2015 and 31 May 2015 and get a free Second Shot exam if you don’t pass.

Even better, if you hold any of the certifications listed below; sitting one course at DDLS, MOC 20417 – Upgrading Your Skills to MCSA Windows Server 2012 and writing one exam, 70-417, will upgrade you to a Microsoft Certified Solutions Associate (MCSA) Windows Server 2012. This is a great opportunity, especially for those who haven’t had a chance to upgrade their qualifications since Server 2000. Take your time, peruse the list then book your Upgrade Course.

Windows Server 2008 Certifications:

  • MCSA: Windows Server 2008
  • MCITP: Server Administrator on Windows Server 2008
  • MCITP: Enterprise Administrator on Windows Server 2008
  • MCITP: Virtualization Administrator on Windows Server 2008 R2
  • MCITP: Enterprise Messaging Administrator 2010
  • MCITP: Lync Server Administrator 2010
  • MCITP: SharePoint Administrator 2010
  • MCITP: Enterprise Desktop Administrator on Windows 7

Windows Server 2003 Certifications (and earlier!)

  • MCDST: Windows XP
  • MCSE: Windows 2000
  • MCSA Windows 2000
  • MCSA: Security on Windows 2000
  • MCSA: Security on Windows 2003
  • MCSA: Windows Server 2003
  • MCSE: Security on Windows 2000
  • MCSE: Security on Windows 2003
  • MCSE: Windows Server 2003
  • MCSA: Messaging on Windows Server 2000
  • MCSA: Messaging on Windows Server 2003
  • MCSE: Messaging on Windows Server 2000
  • MCSE: Messaging on Windows Server 2003

Remember, the countdown finishes on 14 July 2015. Don’t be the lone 2003 IT person in your organisation, upgrade!

 

Wayne McGlinn
CCSE+, MSCE, MCT, MVP
Brisbane

Leave a comment

Filed under Uncategorized

Securing your new Server 2012 R2 Domain Controllers

No, I’m not writing a book! It could easily be done, there is an enormous amount of information on the Interwebs about AD and Security. Instead, I want to put a couple of links in here for reference.

Firstly, a friend of mine, Laura Robinson, was the Lead Author of a whitepaper specifically dealing with this topic, download the Best Practices for Securing Active Directory.docx. It’s an awesome document well worth reading through.

Secondly, for those also running SCCM 2012 in their environment, here is a link to a very well written post about Windows Server and SCCM 2012  – Compliance Checking. Step by step on how to use SCCM to run a weekly check on *all* your servers, DCs or otherwise, to make sure they are compliant with your internal (or Microsoft’s) Best Practice.

Enjoy the light reading.

 

get IT right

Wayne

Leave a comment

Filed under SCCM 2012 R2, Server 2012 R2

Are you using the wrong Salt?

Not on your hot chips, but in your Active Directory environment. Server 2003 was a very robust and long living operating system. The trouble is, next year W2K3 support disappears . The latest version is of course Server 2012 R2, and it’s this huge gap of 11 years that is causing some issues as people migrate from Domain Controllers running W2K3 to Server 2012 R2. At the heart of it is the “salt” used:

“The Kerberos client depends on a “salt” from the KDC in order to create the AES keys on the client side. These AES keys are used to hash the password that the user enters on the client, and protect it in transit over the wire so that it can’t be intercepted and decrypted. The “salt” refers to information that is fed into the algorithm used to generate the keys, so that the KDC is able to verify the password hash and issue tickets to the user.

When a Windows 2012 R2 DC is promoted in an environment where Windows 2003 DCs are present, there is a mismatch in the encryption types that are supported on the KDCs and used for salting. Windows Server 2003 DCs do not support AES and Windows Server 2012 R2 DCs don’t support DES for salting.”

Fascinating! Read the full article on the ASKDS TechNet Blog

 

get IT right

Wayne

 

Leave a comment

Filed under Uncategorized

SCCM R2 Cumulative Update 2

was released last month, 24th June. As I’m teaching the 10747 course this week, I thought I’d better refresh myself with what’s in the update. Interesting reading, in fact, a *must* read for those running ConfigMan.

Something I tend to emphasise during the course is the use of options when deploying the SCCM Client, in particular the smscachesize= option. We discuss HDD size, amount of RAM, size of the students SOE, and the size of the largest applications they plan on deploying. As a reminder, the default cache size is set to 5120MB; too small, in my mind, for todays beefy applications, especially if you want to persist content in the cache. I normally suggest 10240MB as a starting point.

The KB article, 2970177, points out a very interesting “undocumented software feature” (well, undocumented until now) about cache size: “If the maximum size of the Configuration Manager client cache is exceeded by a software update package, the cache continues to increase beyond its specified limit.” Interesting, to put it mildly. So, check the cache on selected clients and see if you need this Update.

Also, to assist you managing your ConfigMan environment, Microsoft have released:

System Center 2012 Configuration Manager Servicing Extension has been released to the Configuration Manager Open Beta community! You can download the Beta here:  http://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=53752.

System Center 2012 Configuration Manager Servicing Extension provides useful information for maintaining a Configuration Manager environment. Servicing Extension provides the following capabilities:

  • Notifies you of Configuration Manager updates as they become available, with the ability to filter updates according to which major release they apply to
  • Provides details on the sites in your environment, including the last major Configuration Manager version installed and the most recently installed Cumulative Update
  • Provides a list of Configuration Manager client versions that may be present in your environment, and makes it easy to create queries to locate these clients
  • Provides a built-in RSS reader to display recent blog postings from the System Center Configuration Manager Team Blog and The Configuration Manager Support Team Blog

get IT right

Wayne

Leave a comment

Filed under SCCM 2012 R2

DHCP stopped my Audio???

What the?? How can DHCP affect my Audio? You didn’t know it could, did you 🙂 Shout out to Mitchell on my course this week in Darwin. I was reading a ASKPFE Blog post and found a really handy command line tool I didn’t know about tasklist /svc

tasklist

Great! Now you can see exactly what processes and the corresponding identifier (PID) for each running service. Mitchell pointed out that this screenshot points out a weird error he had on his own system: misconfigured IPV6 causing DHCP to fall over, taking the Audio with it! So, a new tool for your troubleshooting kit :tasklist

get IT right

Wayne

 

1 Comment

Filed under Server 2012 R2, Windows 8.1

Course 50412 – links.txt

Shout out to Lockesh, Ben, Bharat, and Daniel from this weeks course! Here’s the links file:

http://blogs.technet.com/b/askpfeplat/archive/2013/12/09/how-to-build-your-adfs-lab-on-server-2012-part-1.aspx
http://blogs.technet.com/b/askpfeplat/archive/2013/12/23/how-to-build-your-adfs-lab-on-server-2012-part2-web-sso.aspx
http://blogs.technet.com/b/askpfeplat/archive/2014/03/17/how-to-build-your-adfs-lab-on-server-2012-part-3-adfs-proxy.aspx
http://blogs.technet.com/b/askpfeplat/archive/2014/03/31/how-to-build-your-adfs-lab-part4-upgrading-to-server-2012-r2.aspx

https://bnemct.murrumba.net/2014/04/30/planning-for-pki/

http://www.komarconsulting.com/Pages/default.aspx

http://blogs.technet.com/b/xdot509/archive/2013/03/22/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up.aspx
http://blogs.technet.com/b/pki/archive/2013/04/14/3390760.aspx

http://blogs.msdn.com/b/leoncon/archive/2012/07/17/non-domain-joined-machines-with-lync-clients-unable-to-connect-using-adfs.aspx

http://technet.microsoft.com/en-us/library/cc732424(v=WS.10).aspx
Evaluating AD FS Design Examples

http://blogs.technet.com/b/askds/archive/2009/10/15/windows-server-2008-r2-capolicy-inf-syntax.aspx

http://social.technet.microsoft.com/wiki/contents/articles/1841.adfs-2-0-high-availability-and-high-resiliency-walkthrough.aspx

 

get IT right!

Wayne

Leave a comment

Filed under ADFS

Links from SCCM 2012 R2 10747 Course!

Contents of the links.txt file from the SCCM 2012 R2 Course (10747) I taught this week. A shout out to Helen, Omar, and Zarand 🙂

http://www.microsoft.com/learning/en-us/exam-70-243.aspx

http://www.ddls.com.au/VendCourseID/MS10748+.htm

http://www.microsoft.com/learning/en-us/certification-exam-policies.aspx#exam_basics

http://social.technet.microsoft.com/wiki/contents/articles/7807.windows-server-2012-test-lab-guides.aspx

http://msdn.microsoft.com/en-us/library/dn205286.aspx
Download the Evaluation copy of Windows Server 2012 R2

http://www.microsoft.com/en-us/download/confirmation.aspx?id=34591
Microsoft Virtual Machine Converter Solution Accelerator

https://bnemct.murrumba.net/
https://bnemct.murrumba.net/2014/02/12/sccm-2012-r2-start-using-powershell/

http://myitforum.com/myitforumwp/2012/05/07/config-manager-2012-right-click-tools/

http://technet.microsoft.com/en-us/library/gg699356.aspx
About Client Installation Properties in Configuration Manager

http://myitforum.com/cs2/blogs/skissinger/archive/2010/12/01/march-cochrane-s-regkeytomof-v2-5.aspx

http://labratcentral.wordpress.com/2013/01/02/software-metering-deep-dive-and-automation-part-3-use-it-or-lose-it-the-orchestrator-runbook-automation/

http://sccmgeekdiary.wordpress.com/2012/10/29/sccm-2012-reporting-for-dummies-creating-your-own-ssrs-reports/

http://technet.microsoft.com/en-us/library/hh427342.aspx
Technical Reference for Log Files in Configuration Manager

http://technet.microsoft.com/en-us/systemcenter//bb932316.aspx
AdminStudio Configuration Manager Edition

http://www.itninja.com/blog/view/the-appdeploy-repackager?from=appdeploy.com

http://blogs.technet.com/b/askpfeplat/archive/2013/05/27/windows-server-and-sccm-2012-sp1-configuration-management-with-dcm.aspx

 

get IT right!

Wayne

 

 

 

 

 

 

Leave a comment

Filed under Uncategorized

Building your own Test Lab – revisited!

The most common question I get asked in every course is: “Can we take the virtual machines with us?”. Short answer. No. The virtual environment I build up for each course actually belongs to Microsoft! But, you can build your own Test Lab and setup various scenarios quite easily. First, you need a decent pc. I7 processor, at least 16GB RAM and a quick HDD; big enough to store all your vhds (virtual hard disks). Operating system? If you’re running Windows 8 or higher, you have a built-in feature, Hyper-V, that can easily be turned on. If you would rather run a Server o/s (operating system) then you either have to use one of your company’s licenses, or download a 180 Evaluation version from TechNet.  You’ll need those evaluation versions in any case, because you’re about to build a Base Test Lab. Using the TLG (Test Lab Guide) available from Microsoft, you’ll be able to build, relatively quickly, an entire test environment. The graphic below shows what I mean:

BaseConfig_NewIcons_png-550x0

What’s even more exciting (in a geeky way!) is the new ability to build your test lab in the cloud!!

Azure_BaseConfig_png-550x0

Awesome! Once you have your Base Lab setup, BACKUP! and BACKUP again! You’ve just put a lot of hard work into setting you Lab up, don’t lose it.

Now that you backed up the Lab, you can start playing, building, breaking, and fixing your resources. If you want to extend the Base Test Lab, go back to the wiki and look at the additional Labs that have been written: Exchange, SCCM, ADFS, Direct Access, and a multitude of others! http://social.technet.microsoft.com/wiki/contents/articles/1262.test-lab-guides.aspx

Take checkpoints (or snapshots) of your Lab before installing or testing, that way you can revert to a pristine Lab environment, ready for you to break it all over again. This has to be one of the best ways to learn, and a whole lot of geeky fun as well 🙂

 

get IT right!

Wayne

1 Comment

Filed under Certification, Server 2012 R2, Windows 8.1

Planning for PKI

Certificates, both for user and computer authentication/authorization, are becoming ubiquitous. As such, if you are planning to install or upgrade your Public Key Infrastructure (PKI), you normally look for guidance. Finding Best Practice for PKI isn’t as easy as it seems, and the majority of planners would like a credible source to quote in their documentation. This morning I found a blog post on Microsoft’s Ask PFE site  that is well worth reading. Use it as a guide and dig around your own organization’s documentation to confirm that your proposal matches the company’s operating procedures.

 

get IT right

Wayne

1 Comment

Filed under Uncategorized

An azure blue sky … with cloud on the horizon!

Ah, I love word play, although my students call them “dad jokes” (sure sign of encroaching old age!) A respected, venerable colleague of mine, let’s call him Gerg, had an … interesting problem this evening. Gerg had a VM running in Azure and to fix a minor problem, Gerg disabled the network interface, intending, of course, to immediately re-enable it. Um. Gerg realised that once you disable the network interface, in a VM, in the Cloud .. it becomes a little difficult to connect back to that VM .. the VM with only one interface .. to re-enable it. An appeal to social media did produce a fix (an lots of unseemly laughter, not from me of course! well, maybe a discreet snicker .. or guffaw) Niro rode to the rescue and pointed out a blog post that points out a quick way (resize the VM) to solve above mentioned problem. Gerg did point out it was a deliberate error to see if Niro knew the solution (ok, bit of poetic license there, never let facts get in the way of a good yarn!). Good reference though, and I’m going to be keeping out of both Gerg and Niro’s way at TENA and TEAU 🙂

 

get IT right!

 

Wayne

Leave a comment

Filed under Cloud