Windows Server 2012 Virtual Labs

If you want to try all amazing features that are coming with Windows server 2012 try this labs:

Link

Reinstall IIS 7

Steps to completely reinstall IIS 7

1. Uninstall Windows Process Activation Service
2. Uninstall IIS and IIS Hostable Web Core.   This will require a Restart.
3. Delete or Move c:\inetpub
4. Install IIS, IIS Hostable Web Core, Windows Process Activation Service.

This will give a "default" IIS installation with only a "Default Web Site".

Additional features will need to be reinstalled (AppFabric, ASP.Net MVC, etc.)

Diagnostic Tool for the WSUS Agent

Some of Our Favorite Features in the Diagnostic Tool for the WSUS Agent:

·         Validate key Windows® Update Agent configuration values

·         Test connections to key WSUS resources

·         Works for both 32 and 62-bit systems

Link

VMware vSphere Hypervisor™ (ESXi) 5

VMware vSphere Hypervisor 5 is  the simplest and easiest way to get started with virtualization for free. This fully functional hypervisor lets you virtualize your servers and run your applications in virtual machines in a matter of minutes. vSphere Hypervisor 5 is based on VMware ESXi, the hypervisor architecture that sets the industry standard for reliability, performance, and ecosystem support. Consolidate your applications onto fewer servers and start saving money through reduced hardware, power, cooling, and administration costs.

Download

Windows 8 chkdsk utility plans detailed

Microsoft has revealed how Windows 8 will handle disk corruption problems with its revamped chkdsk utility and how the company plans to change the health model of NTFS. Read more…

Microsoft Security Essentials Version:4.0.1526.0

Today saw Microsoft release an upgrade to Security Essentials, its virus and spyware protection software.

Link

Microsoft Infrastructure Planning and Design

The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.

The guides are available as individual downloads or as a single all-in-one package.
Link

End of support information for Windows XP

On April 8, 2014, security patches and hotfixes for all versions of Windows XP will no longer be available.
Security patches and hotfixes for all versions of Windows XP will no longer be available. So bottom line, PC’s running Windows XP will be vulnerable to security threats. Furthermore, many third party software providers are not planning to extend support for their applications running on Windows XP.

The good news is there is a great alternative Operating System System Windows 7

Network Access Protection (NAP)

Roaming  laptops - Users are always a health threat for any network. While laptops are away from the company, they might not receive the most recent software updates, antivirus updates, or configuration changes. Laptops might also be infected while exposed to unsecured networks, such as the Internet Cafe, Airports Networks e.t.c.  When this laptops that these "Roaming Users use" bring back to Company might not meet network requirements and can present health risks.

The Network Access Protection (NAP) feature in Windows Server 2008 platform, provides an integrated way of detecting the state of a network client that is attempting to connect to a network. When Roaming Laptops connect to Company local area network (LAN), they must meet specific health requirements, such as having recent updates installed. If they can’t meet those health requirements, they can be quarantined to a network where they can download updates, install antivirus software, and obtain more information about how to meet the requirements of the LAN.  When this process finish NAP provides a mechanism to automatically bring the client back into compliance and  allowing full access to Company Network.

Link

Transferring FSMO Roles in Windows 2008 Server

One of many system administrator roles is be to upgrade a current domain controller to a new hardware server. You use Windows Server 2003 Server for years and now it’s time to use a new Windows Server 2008 Server. “One” of the steps that required to successfully migrating your domain controller is to be able to successfully transfer the FSMO roles to the new Hardware Windows 2008 Server. While Active Directory in general uses a multimaster replication scheme for replicating the directory database between domain controllers, there are certain directory functions that require they be performed on some specific domain controller. These functions are defined by flexible single master operations (FSMO) roles. There are five different FSMO roles and they each play a different function in Active Directory:

• PDC Emulator
• RID Master
• Infrastructure Master
• Schema Master
• Domain Naming Master

A.Let’s start transferring the FSMO roles and first the Active Directory Schema Master.

(Keep in mind that all steps are done on the new Windows Server 2008 machine)

First we need to register the schmmgmt.dll in order to be able to use the Active Directory Schema snap-in.

1. Click Start > Run

2. Type regsvr32 schmmgmt.dll

3. Click ok

4. Click Start > Run, type mmc, then click OK

5. On the MMC > Click File > then click Add/Remove Snap-in.

6. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK

7. Right click Active Directory Schema, and then click Change Active Directory Domain Controller.

8. On the Change Directory Server, click the domain controller that you want to be the schema master role holder and then click on OK. (In our Case the New Windows 2008 Server)

9. You will receive a warning message that the schema snap-in is not connected to a schema operations master. That’s ok, as we have not yet set this Windows Server 2008 domain controller as a Schema Master Role holder. Click OK.

 

10. In the new console tree, right click Active Directory Schema and then click Operations Master.

11. On the Change Schema Master, you can see the current schema master role holder, and the targeted schema holder as well. Click Change, to Change the schema master holder.

12. Click YES to transfer the role.

13. Click OK

14. As you can see in the below, the current schema master is changed.

  

B. Let’s start transferring now the Domain Naming Master Role

1. Click Start > Administrative Tools > then click Active Directory Domains and Trusts

2. Right click Active Directory Domains and Trusts, and then click Change Active Directory Domain Controller.

3. On the Change Directory Server, click the domain controller that you want to be the Domain Naming master role holder and then click on OK. (In our Case the New Windows 2008 Server)

4. Right click Active Directory Domains and Trusts, and then click Operations Master.

5. On the Operations Master page, we are going to change the Domain Naming role holder, Click Change

6. Click YES to confirm the transfer of the Domain Naming role

7. The role will be transferred and a confirmation message will be displayed. Click OK

C. Let’s start transferring now the RID Master, PDC Emulator, and Infrastructure Master Roles.

1. Click Start > Administrative Tools > then click Active Directory Users and Computers.
2. Right click Active Directory Users and Computers, then click All Tasks > Operations Master.

3. On Operation masters, there is three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click Change button under each of these three tabs to transfer the roles.

4. Click yes to confirm the role transfer.

5. The role will be transferred and a confirmation message will be displayed. Click OK

6. On the the Infrastructure role, once you click on the Change button you will receive the following message.

By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. At any time, there can be only one domain controller acting as the infrastructure master in each domain. The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog data will always be up to date. If the infrastructure master finds data that is out of date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain.

Important

• Unless there are only one or two domain controllers in the domain, the infrastructure master role should not be assigned to the domain controller that is hosting the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not function. The infrastructure master will never find data that is out of date, so it will never replicate any changes to the other domain controllers in the domain.
• In the case where all of the domain controllers in a domain are also hosting the global catalog, all of the domain controllers will have the current data and it does not matter which domain controller holds the infrastructure master role.

Click Yes

That's it!!!!!

You have successfully transferred the five FSMO roles to the new Windows Server 2008 Domain Controller.

Windows 8

Microsoft Corp. 29/02/2012 announced the availability of the Windows 8 Consumer Preview — the next milestone of the Windows operating system.  This latest preview will be made available for download.....


Link

Errors 1030 and 1058 in my error logs....

You may experience one or many errors and events if Group Policy (errors 1030 and 1058 in error logs)  is applied to the computers on your network. To determine the cause of the issue, you must troubleshoot the configuration of the computers on your network. Follow these steps to troubleshoot the cause of the issue:

1. Examine the DNS settings and network properties on the servers and client computers.
2. Examine the Server Message Block signing settings on the client computers.
3. Make sure that the TCP/IP NetBIOS Helper service, the Net Logon service, and the Remote Procedure Call (RPC) service are started on all computers.
4. Make sure that Distributed File System (DFS) is enabled on all computers.
5. Examine the contents and the permissions of the Sysvol folder.
6. Make sure that the Bypass traverse checking right is granted to the required groups.
7. Make sure that the domain controllers are not in a journal wrap state.
8. Run the dfsutil /purgemupcache command. The Dfsutil.exe program is included in the Windows 2000 Server Support Tools and the Windows Server 2003 Support Tools.

Link

Active Directory monitoring and health checkup.

I recommended to you to run the following test once a month and keep the log files for trend analysis as well, on all domain controllers
Dcdiag.exe /v >> c:\temp\pre_dcdiag.txt
This is a must and will always tell you if there is trouble with your DCs and/or services associated with it

Netdiag.exe /v >> c:\temp\pre_Netdiag.txt
This will let me know if there are issues with the networking components on the DC.  This along with the post test also is a quick easy way to ensure the patch I just installed is really installed (just check the top of the log)

Netsh dhcp show server >> c:\temp\pre_dhcp.txt
Some may not do this but I've felt the pain of a DHCP server somehow not being authorized after a patch.  This allows me verify the server count and names.

Repadmin /showreps >> c:\temp\pre_rep_partners.txt
This shows all my replication and if it was successful or not.  Just be aware that Global Catalogs will have more info here than a normal domain controller.

repadmin /replsum /errorsonly >> c:\temp\pre_repadmin_err.txt
This is the one that always takes forever but will let you know who you are having issues replicating with.

Windows 8 editions listed in HP driver notes

Microsoft Windows 8 32 Edition
Microsoft Windows 8 64 Edition
Microsoft Windows 8 Enterprise 32 Edition
Microsoft Windows 8 Enterprise 64 Edition
Microsoft Windows 8 Professional 32 Edition
Microsoft Windows 8 Professional 64 Edition


 Link

DNS in Small Networks Step-by-Step Guide

This guide helps you implement Domain Name System (DNS) on the Windows Server 2008 operating system in a small network. Windows Server 2008 uses DNS to translate computer names to network addresses. An Active Directory domain controller can act as a DNS server that registers the names and addresses of computers in the domain and then provides the network address of a member computer when the domain controller receives a query with the name of the computer. This guide explains how to set up DNS on a simple network that consists of a single domain.

Microsoft Link

Configuring Firewall Settings with Group Policy

In windows 2008 R2 Server you can use Group Policy to manage Windows Firewall settings for computers running Vista, 7, 2008, and 2008 R2 by using two nodes:

1.    Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall With Advanced Security\Windows Firewall With Advanced Security

This node applies settings only to computers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 and provides exactly the same interface as Windows Firewall With Advanced Security Console.

2.    Computer Configuration\Policies\Administrative Templates\Network\Network Connections \Windows Firewall.

This node applies settings to computers running Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. This tool is less flexible than the Windows Firewall with Advanced Security console.

Use Jetpack.exe to Compact a WINS or DHCP Database

Microsoft Windows NT Server includes a utility, Jetpack.exe, that can be used to compact a Windows Internet Name Service (WINS) or Dynamic Host Configuration Protocol (DHCP) database. Microsoft recommends that you compact the WINS database whenever it approaches 30 MB.

If the WINS/DHCP service is a resource within a Windows 2000 Cluster, refer to the following article:

283251  How to Use the Jetpack Utility on a Clustered WINS/DHCP Databas.

 

The correct syntax for Jetpack.exe is:

JETPACK.EXE

Example commands to compact the WINS database:

CD %SYSTEMROOT%\SYSTEM32\WINS
NET STOP WINS
JETPACK WINS.MDB TMP.MDB
NET START WINS

Example commands to compact the DHCP database:

CD %SYSTEMROOT%\SYSTEM32\DHCP
NET STOP DHCPSERVER
JETPACK DHCP.MDB TMP.MDB
NET START DHCPSERVER

In the examples above, Tmp.mdb is a temporary database that is used by Jetpack.exe. Wins.mdb is the WINS database. Dhcp.mdb is the DHCP database.

Jetpack.exe compacts the WINS or DHCP database by doing the following:

1. Copies database information to a temporary database file called Tmp.mdb.
2. Deletes the original database file, Wins.mdb or Dhcp.mdb.
3. Renames the temporary database files to the original filename.

NOTE: During the compact process, Jetpack.exe creates a temporary file with the name that is specified by the temp database name parameter. The temporary file is removed when the compact process is complete. Make sure you do not have a file already existing in WINS or DHCP folder with the same name as the one specified in the temp database name parameter.

Link

Remote Authentication Dial In User Service (RADIUS)

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service.

1) On Windows 2008 R2 Server Network Policy Server (NPS) can be used as a Remote Authentication Dial-In User Service (RADIUS) server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy.  Different editions of Windows Server 2008 R2 offer different RADIUS server capabilities.

• Windows Web Server 2008 R2 does not include NPS.
• Windows Server 2008 R2 Standard supports NPS with a maximum of 50 RADIUS clients and 2 remote RADIUS server groups. Windows Server 2008 R2 Standard also does not support defining groups of RADIUS clients by specifying an IP address range.
• Windows Server 2008 R2 Enterprise and Windows Server 2008 R2 Datacenter support NPS without restrictions.

When NPS is used as a RADIUS server, it provides the following:

• A central authentication and authorization service for all access requests that are sent by RADIUS clients.
• A central accounting recording service for all accounting requests that are sent by RADIUS clients.
• Accounting requests are stored in a local log file or a Microsoft® SQL Server™ database for analysis.

2) RADIUS AAA Services.

• Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.
• Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services the user has access to depend on the user's authorization level.
• Accounting is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.

WPA-PSK/WPA2-EAP with Windows Server 2008 R2

See this helpful video
WI-FI

The IP routing table

Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. To display the IP routing table on computers running Windows Server 2008R2 operating systems, you can type route print at a command prompt.

The following table shows an example of an IP routing table for a network adapter with the following configuration:

• IP address: 10.0.0.169
  
• Subnet mask: 255.0.0.0
  
• Default gateway: 10.0.0.1

The routing table is built automatically, based on the current TCP/IP configuration of your computer. Each route occupies a single line in the displayed table. Your computer searches the routing table for an entry that most closely matches the destination IP address.

The following sections describe each of the columns displayed in the IP routing table: network destination, netmask, gateway, interface, and metric.

• Network destination: The network destination is used with the netmask to match the destination IP address. The network destination can range from 0.0.0.0 for the default route through 255.255.255.255 for the limited broadcast, which is a special broadcast address to all hosts on the same network segment. 
• Netmask: The netmask is the subnet mask that is applied to the destination IP address when matching it to the value in the network destination.
• Gateway: The gateway address is the IP address that the local host uses to forward IP datagrams to other IP networks. This is either the IP address of a local network adapter or the IP address of an IP router (such as a default gateway router) on the local network segment. 
• Interface: The interface is the IP address that is configured on the local computer for the local network adapter that is used when an IP datagram is forwarded on the network. 
• Metric: A metric indicates the cost of using a route, which is typically the number of hops to the IP destination. Anything on the local subnet is one hop, and each router crossed after that is an additional hop. If there are multiple routes to the same destination with different metrics, the route with the lowest metric is selected.

Link

DHCP Lease Process

The first time that a  client (with DHCP enabled) attempts to join a network, it automatically follows an initialization process to obtain a lease from a DHCP server.

1. The DHCP client requests an IP address by broadcasting a message (known as a DHCPDiscover message) to the local subnet.
2. The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP address, and associated configuration information, available for lease to the client.
3. The client selects the offered address and replies to the server with a DHCPRequest message. Alternatively, the DHCP client might request the IP address that was previously assigned.
4. The client is assigned the address, and the DHCP server sends an acknowledgment message (DHCPAck) approving the lease. Other DHCP option information, such as default gateway and DNS server addresses, might be included in the message.

After the client receives acknowledgment, it configures its TCP/IP properties using any DHCP option information in the DHCPAck message and completes the initialization of TCP/IP.

If no DHCP server responds to the client request, the client can proceed in one of two ways:

1. If APIPA is enabled, the client self-configures a unique IP address in the range 169.254.0.1 through 169.254.255.254.
2. If APIPA has been disabled, the client network initialization fails. The client continues to re-send DHCPDiscover messages in the background until it receives a valid lease from a DHCP server. The client makes four attempts to obtain a lease, one every five minutes.