Category Archives: Windows Server

Howto Upgrade Forefront Unified Access Gateway (UAG) to SP3

2 Replies

As most of Microsoft’s products are provided with an easy procedure to install a service pack to introduce new features and fix bugs, unfortunately Forefront UAG is not among them. When Forefront UAG is updated using the procedure outlined at http://technet.microsoft.com/library/jj590870 you will loose your configuration. While the article mentions you should backup your configuration, it doesn’t say you will loose your configuration if you don’t backup.

The the steps below to retain your configuration throughout the upgrade process.

1. Download the following files:

2. Save your backup as follows:

  • Login to your Forefront UAG server using Remote Desktop
  • Start the Forefront UAG Management Console
  • Choose File, Export and save your configuration to a location of your liking as an XML file.

Please note: While Forefront UAG creates a backup of your configuration everytime you activate the configuration, this file cannot be used when you upgrade to SP3. You have to have a backup in the form of an XML file!

3. Install the updates in the following order:

Continue reading

Managing the Windows Server 2012 SMB Version 3 Protocol

Leave a reply

SMB has been the default file sharing protocol in the Windows operating system for many years. With the release of Windows 8 and Windows Server 2012, Microsoft brings SMB version 3.0. But how does a client choose a SMB version, and what are the differences between the protocols? This article explains the logic behind the protocols, and shows you how the SMB protocol can be managed from Windows Server 2012.

If you want to review the differences between every SMB version, take a look at this technet blog. At a glance, this is what SMB 3.0 brings us:

  • Improved availability by supporting SMB Transparant Failover, SMB Witness and SMB Multichannel
  • Improved performance by supporting SMB Scale-Out, SMB Direct, SMB Multichannel, Directory Leasing and BranchCache v2.
  • Improved backup by supporting VSS for Remote File Shares.
  • Improved security by supporting SMB Encryption using AES-CCM. Signing now uses AES-CMAC.
  • Improved management by adding SMB Powershell commands, improved Performance counters and improved eventing.

SMB Protocol management using Powershell

As you can see in the last bullet, SMB 3.0 brings us SMB powershell commands. This section explains a few commands of which I believe can be very useful.

Get-SmbSession

The Get-SmbSession command allows you to list clients currently connected to a share on a server. When you specify the “dialect” column, you’ll be able to see the SMB version that the server and the client have agreed upon using. In the above screenshot, you see a legacy client, which is using the SMB 1 protocol.

Continue reading

First look and howto configure Windows Server 2012 DHCP Failover / Load Balancing

3 Replies

If you have been following the presentations at the recent “build windows” event, you probably have seen some new features of the Windows Server 2012 version. In this blogpost I want to take a look at the new failover option that the DHCP server in Windows 8 Server has onboard. The failover options are based on the failover draft from the Internet Engineering Task Force (IETF).

I think every Windows admin knows the hassle, creating DHCP scopes that have to be redundant by splitting scopes using multiple DHCP Servers. Windows Server 2012 should make this process easier for us, as it allows a mechanism between DHCP servers to use them in a active-passive (failover) or active-active (load balancing!) setup. Let’s take a look at these new features.

Prerequisites

In the following example I’ve made use of a dual server setup. Be sure to meet the following prerequisites:

  • 2 Servers running Windows Server 2012
  • The Domain Controller Role Installed on 1 server
  • The DHCP Role installed on both servers
  • Authorization of the DHCP Servers in Active Directory

Configuring DHCP Failover

Continue reading

Disabling the domain logon wait time when no domain controller is available

2 Replies

By default, when Windows 7 en Windows Server 2008 do not detect the Windows domain the computer belong to, it will wait 30 seconds before logging in with the roaming user profile. This has been done to give slow networks (read: wireless networks) the time to connect before the computer attempts a domain logon.

While this can be a nice feature to have when actually waiting for a network, personally I like to disable it to avoid long waiting times when I’m no in the office. Adjust the following policy to disable the waiting time:

Continue reading

Active Directory Migration Tool (ADMT) 3.2 Commandline and SID Migration Caveats

9 Replies

When you want to do a scripted migration of Active Directory Objects between different forests keeping the object’s SID history, a commandline tool is available from within the Active Directory Migration Tool (ADMT). This article describes the caveats that exist when you want to install ADMT and the required SQL Server 2008 SP1 on your domain controller.

First off, When you want to do scripted migrations using the ADMT commandline and you need to do SID migrations, ADMT needs to be installed on an domain controller in the target domain. ADMT can be installed on a member server in the target domain, but you won’t be able to use the commandline tool in combination with a SID History migration when you don’t install it on a domain controller. You will receive the following error when you try to do this:

ERR:7615 SID History cannot be updated for username. You must be an administrator in the source domain.
ERR:7392 SIDHistory could not be updated due to a configuration or permissions problem. The Active Directory Migration Tool will not attempt to migrate the remaining objects.

Continue reading

Introduction to Microsoft Security Compliance Manager (SCM)

Leave a reply

With Microsoft Security Compliance Manager (SCM), it’s possible to download so-called ‘baselines’ for various Microsoft products which provide you with a security baseline in the form of a set of policies. These baselines can be customized to your own needs and be used for the environments you manage. Also, it contains nice documentation on the subjects.

With this post I want to walk you through the installation and configuration of SCM, explain the features of the product, and how to use them.

Installation

First, download SCM from the Microsoft Download Center and start the installation.

Continue reading

The “Windows Optimized Desktop” Proof of Concept Jumpstart Kit

2 Replies

Recently I found out something that’s rather nice (and free ;) ). Say you are studying for a windows desktop exam or want to know more about deployment of Windows 7 and Office 2010 with SCCM and other components.

What you can do is build your own environment using freshly installed virtual machines from the ground up. The downside to this is that it will cost you a lot of time. What if you could have an environment that is ready to be used? Well, there’s something just like that. It’s called the Desktop proof of Concept Jumpstart kit. (OK I know, I start to sound like some sort of salesman now.)

Recently Microsoft has designed a new way of deploying and managing the Windows 7 environment. This concept is called the “Windows optimized Desktop”. This is better and easier explained in graphical form, and looks like this:

Continue reading

Windows Server 2008 R2 x64 Autounattend.xml Sample

5 Replies

Since the Windows Automated Installation Kit (WAIK) holds only a sample autounattend.xml configuration file for Windows Server 2008 R2 and Windows 7 x86 versions, I created one myself to use as a starting point for creating unattended installations on x64 systems. This sample file holds the minimal values for a zero-touch installation. Save it as autounattend.xml and place it on a floppy (yikes!) or usb disk, so the Windows installation will find it. Ofcourse, it’s also possible to load the xml into the WAIK and adjust it.
Continue reading

Preparing your server for Exchange 2010 installation – The Powershell way

1 Reply

We all know the drill, preparing your server for the next Exchange installation. Adding Features, installing roles. Always such a hassle. But, when reading documentation regarding the installation of Exchange 2010, I made a nice discovery regarding automatic setup of the above so-called hassle!

For automatic preparation of your server to support the Exchange installation of your liking, powershell can be used to automate the process. So, instead of going through boatloads of menus to select the roles and features of your liking, you can use the following powershell method: Continue reading

Windows XP Embedded File-Based Write Filter and Domain Membership Explained

Leave a reply

The Microsoft Press book that will prepare you for the 70-640 Active Directory exam will teach you that “Computers are people too”. And I have to admit, looking at that sentence for the first time , I thought the authors where going haywire.

What they where actually trying to tell us there, is that computers act like users in an Active Directory domain. They have their own account, and with that, their own password as well. And that’s when I started asking myself questions when troubleshooting some stuff with a Windows XP Embedded device. Continue reading