Archive for the 'Windows Server' Category

WSUS Console Error

I have installed a bunch of updates on the WSUS Server and after that I coudln’t login to the console anymore.

So I did some research on the net and some users had to uninstal KB3148812 and others KB3159706.

Instead of uninstalling following steps helped me:

  1. Elevated Command Prompt "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
  2. Enable HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features Wizard
  3. Restart the WSUS service

No Comments »

admin on October 19th 2016 in IT, Windows Server

WSUS shows Vista instead of Windows 7

Microsoft released a hotfix for that:
https://support.microsoft.com/en-us/kb/3095113

No Comments »

admin on April 19th 2016 in Windows Server

Shortcut to login with local Administrator on Windows

.\Administrator

No Comments »

admin on December 22nd 2015 in IT, Windows, Windows Server

Upgrade from Windows 2012 Standard to Enterprise Edition

DISM /Online /Set-Edition:ServerDatacenter /AcceptEula /ProductKey: *****-*****-*****-*****-*****

No Comments »

admin on December 11th 2015 in IT, Windows Server

Deploy ODBC Setting with Windows Authentication via GPO

You can actually deploy ODBC Settings via GPO very easily.

Computer Configuration > Preferences > Control Panel Settings > Data Sources
or
User Configuration > Preferences > Control Panel Settings > Data Sources

ODBC Example with Windows Authentication
New > Data Source
Action: Replace
Data Source Name: Test
Driver: SQL Server

Attributes:
Database: DBName
Server: SQLServer
TRUSTED_CONNECTION: Yes

No Comments »

admin on September 26th 2015 in IT, Windows, Windows Server

Compact a vhdx disk

After you delete files from vhdx disk I noticed that it doesn’t free up disk space on a dynamic vhdx file.

Make sure the vhdx file is mounted read-only or not at all and run following command to free up disk space:
Optimize-VHD –Path C:\Data\Test.vhdx –Mode Full

Important: I could just run this command from a computer where Hypver-V role was installed.

No Comments »

admin on May 19th 2015 in IT, Windows Server

Install the IPAM Server on Windows 2012 R2

If you have multiple DNS, DHCP, NPS Servers you can install an IPAM-Server to manage them. It also gives you a good overview and statistics.

Important: The IPAM feature can’t be installed on a DC and the computer needs to be joined to the domain. It should also not be on a DHCP/DNS Server.

Quick step by step guide to install it:
1. Install the IPAM-Feature
You will be asked to choose between an WID DB or an MS SQL Server and to pick a GPO name prefix to provisione the servers with a GPO. I picked the WID DB and as GPO name prefix IPAM.

2. Configure IPAM
Connect to IPAM Server
Provision the IPAM Server
Configure Server Discovery (Pick the Domains)
Start Server Discovery

3. After that you will notice that the servers will be populated but showed as blocked. To manage them install the GPOs on the DCs and add the IPAM Server to the Builtin\Event Log Readers Group.

Run following command to install the GPO’s in the powershell as an administrator:
Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM -IpamServerFqdn ipam.contoso.com –DomainController dc1.contoso.com

Now you should see in the Group Policy Manager three new GPOs:
ipam_DC_NPS
ipam_DHCP
ipam_DNS

Make sure that in the Security Filtering all the servers which should be managed are added.
Then run a “gpupdate /force” on all the servers.

Then add the IPAM-Server to the Builtin\Event Log Readers Group

4. Even I did everything above it still didn’t show up as unblocked in the IPAM Server Inventory. The trick was to edit the servers manually and untick and tick again the DNS-Server. After that it worked like a charm;-)

No Comments »

admin on April 20th 2015 in IT, Windows Server

Can’t add the Event Viewer from a Remote Machine to a Management Console (MMC)

If you run the MMC Console as an Domain Admin and you can’t add the event viewer of an remote machine to the mmc console it is probably because of the firewall settings.

Go to the remote machine and run firewall.cpl:
Allow an app or feature through Windows Firewall->Check Remote Event Log Management.

That’s it. Enjoy;-)

No Comments »

admin on March 31st 2015 in IT, Windows Server

Troubleshooting Active Directory Replication

In Windows 2003 there was a useful gui tool replmon but they didn’t continue developing and shipping it.

But you can also do it comfortable with the command repadmin. Here the most important commands:
repadmin /showrepl
repadmin /showrepl * /errorsonly
repadmin /showrepl * /csv
repadmin /queue
repadmin /queue DCServerName
repadmin /replsummary

repadmin /syncall DCServerName /APed
* All Partitions Push enterprise distinguished Name
** Pushes all DCs to start the replication

No Comments »

admin on March 3rd 2015 in IT, Windows Server

Windows 2012 R2 Single Sign On with RemoteAPP Web Access

It took me quite long to figure it out to get RemoApp on WebAccess working with “Web Single Sign On”.

Here the steps to get it done:

1. ISS Certificate for https

If you have an internal CA you need to create a certificate for IIS and make sure it is trusted on your client computer to connect via https to:
https:\\yourserver.domain.local\rdweb\

Certificate can be created or imported here in IIS:
1. Run inetmgr
2. Choose your IIS Server
3. Import or create a certificate in Server Certificates

Follow these steps to activate it in IIS:
1. Run inetmgr
2. Go to IIS Server\Sites\Default Web Site\Bindings\https:
3. Edit Setting and pick there the SSL Certificate

If you have an internal CA and it is already trusted on your client computer then you don’t require to do anything otherwise you need add the Root Certificate into the Trusted Root Certifications Container.

Important: You should also have valid certificates for your connection broker and rdp etc.

2. Change “Form Based Authentication” to SSO
1. Run inetmgr and enable only Windows Authentification in RDWeb Authentication

2. Backup and edit %SYSTEMROOT%\Web\RDWeb\pages\web.config

3. Change Authentification Method (Comment Forms out)
<authentication mode=”Windows”/>
<!–
<authentication mode=”Forms”>
<forms loginUrl=”default.aspx” name=”TSWAAuthHttpOnlyCookie” protection=”All” requireSSL=”true” />
</authentication>
–>

4. Change Security Mode (Comment it out)
<!–
<security>
<authentication>
<windowsAuthentication enabled=”false” />
<anonymousAuthentication enabled=”true” />
</authentication>
</security>
–>

4. Backup and edit %SYSTEMROOT%\Web\RDWeb\Pages\en-us\Default.aspx

5. Change to private mode
public bool bShowPublicCheckBox = false, bPrivateMode = true, bRTL = false;

3. IE Security
In my environment it just worked when I didn’t use you the FQDN for my Server in Internet Eplorer. As soon as I used the FQDN it asked me to put in the credentials and to avoid that I made sure that our internal domain is added to the Intranet Zone in Internet Explorer.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

Add:
*.yourdomain.com with value 1

4. Trusted RDP Connection
Even you can login to the webapage now without beeing prompted you will still get a warning dialog as soon as you click on an icon.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

And add the thumbprints of the RDP Certificates in “Specify SHA1 thumprints of certificates representing trusted .rdp publishers”

5. Allow Delegation of Default Credentials for RDP
So finally you get a last dialog which will ask yo to put in the credentials. If you don’t like that you can solve it with following GPO.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\System\Credential Delegation\Allow delegation default credentials

And add: TERMSRV/*.yourdomain.com

No Comments »

admin on February 12th 2015 in IT, Windows Server




Check out new movies online website. Download and buy movies now.