This is the third part (Part 1, Part 2) of the how-to guide on installing and configuring an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.
Within this part we are going to install and configure Active Directory Certificate Services (ADCS) on the Root CA. Also we are going to backup the root certificate with private key to external storage and encrypt this drive Bitlocker to go.
Prerequisites
The following must be available before using this guide:
- Part 1 and Part 2 of the installation guide must be completed;
- Root access to the Root CA server (ILO, VMware, vSphere console);
- SetupCA.vbs must be downloaded (click here) and stored on the Root CA (C:Temp)
- One or two USB drives (dedicated for the backup of the root certificate and private key).
Installation steps
Read more…
This guide explains how to install and configure an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.
This guide is splitted in three seperate parts:
Main reason to configure the Root CA on a core edition is to lower the attack surface. The attack surface should be as low as possible to prevent hackers from stealing the private key of the root certificate. Therefore most of the time the Root CA will be shutdown and disconnected from the network. More about security hardening on an Root CA in a later article.
Prerequisites
The following must be available before using this guide:
- A dedicated physical or virtual machine;
- Root access to the server (ILO, VMware, vSphere console);
- Windows Server 2008 R2 core edition already installed;
- Hostname and network settings already configured;
- Very complex password set for the administrator account;
- Firewall must be on with no exceptions;
- Access to Windows update, WSUS, SCCM or other patching mechanism.
Installation steps
Read more…
Source: Microsoft
Microsoft released service pack 1 for Windows 7 and Windows Server 2008 R2.
Windows 7 and Windows Server 2008 R2 SP1 helps keep your PCs and servers on the latest support level. It also provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback. This enables organizations to deploy a single set of updates.
Windows 7 and Windows Server 2008 R2 SP1 will help you:
- Keep your PCs supported and up-to-date
- Get ongoing updates to the Windows 7 platform
- Easily deploy cumulative updates at a single time
- Meet your users' demands for greater business mobility
- Provide a comprehensive set of virtualization innovations
- Provide an easier Service Pack deployment model for better IT efficiency
Download it here.
Within two weeks I will post two how-to guides.
Requests for other how-to guides are always welcome.
Source: Microsoft Download
This document guides you through the process of migrating from File
Replication Service (FRS) to Distributed File System (DFS) Replication.
File Replication Service (FRS) is a technology originally introduced on Windows 2000 Server to replicate Distributed File System (DFS) folders and the SYSVOL folder on domain controllers. FRS was replaced in Windows Server 2008 R2 by DFS Replication for replicating DFS folders and for replicating the SYSVOL folder. This guide provides instructions for migrating replication from FRS to DFS Replication (for folders other than the SYSVOL folder).
Download the guide here.
This book is targeted primarily at Windows server administrators who are responsible
for hands-on deployment and day-to-day management of Windows-based
servers for large organizations. Windows server administrators manage file and
print servers, network infrastructure servers, Web servers, and IT application
servers.
They use graphical administration tools as their primary interface but
also use Windows PowerShell commandlets and occasionally write Windows
PowerShell scripts for routine tasks and bulk operations. They conduct most
server management tasks remotely by using Terminal Server or administration
tools installed on their local workstation.
What This Book Is About
Covering every aspect of Windows Server 2008 R2 in nine chapters and approximately
200 pages is clearly an impossible task. Rather than try to cover everything,
we’ve focused on what is new and important, while giving you the context
from Windows Server 2008. Read more…
Source: Microsoft Clustering and High Availability blog
What is Extended Affinity?
To understand how NLB does load balancing, please refer to this TechNet article about various forms of affinity and their impact on load balancing decisions.
Extended Affinity is an extension to the Single and Network affinity. NLB does not rely on any network protocol’s state to make its load balancing decisions. As a result, NLB will work with a wide variety of protocols, documented and undocumented, stateless (HTTP/UDP etc.) and stateful (RDP/SSL etc). This makes NLB more flexible in deployment and easier to manage since we don’t have to configure the load balancer to work with every protocol that it needs to handle. However, some applications would benefit from being able to explicitly associate a connection to a server.
An example would be using IIS by online retailer using shopping carts. When a customer shops at their store, they save the intended purchases in a shopping cart which is stored on one of the nodes in the cluster. To keep the products in the shopping cart, the customer must stay connected to that same node. However configuration changes to the cluster (such as adding a new VIP or node) which cause cluster convergence may then directed customers to another cluster node, and they have lost the purchases saved in that shopping cart. Now the customer may become frustrated and the retailer may lose money.
Another instance could be with SSL where the SSL session can consist of multiple TCP Connections. In normal operations, if single affinity is used, NLB will guarantee that all connections coming from the same source IP will hit the same server. This would include multiple TCP connections of the same SSL session. However, configuration changes might cause NLB to accept different connections of the same SSL session by different servers during the convergence. As a result, the SSL session is broken.
Read more at the source.
Source: Microsoft’s Failover and Network Load Balancing Cluster Team.
Hi cluster scripting fans,
I often find myself looking for the drive letter(s) for a physical disk resource in a PowerShell console/script. After a bit of investigation, here is a way to do that using Cluster WMI through PowerShell:
$DiskResourceName = “Cluster Disk 2″
$DiskResource = gwmi MSCluster_Resource -Namespace root/mscluster | ?{ $_.Name -eq $DiskResourceName }
$Disk = gwmi -Namespace root/mscluster -Query “Associators of {$DiskResource} Where ResultClass=MSCluster_Disk”
$Partition = gwmi -Namespace root/mscluster -Query “Associators of {$Disk} Where ResultClass=MSCluster_DiskPartition”
Read more…
Microsoft has officially published documentation on upgrading Hyper-V clusters to Hyper-V R2.
Read more at the source.
The Windows Deployment Services guide, updated to reflect the new features and functionality that Windows Server 2008 R2 introduced, outlines the critical infrastructure design elements that are crucial to a successful implementation of Windows Deployment Services. Following the six steps in this guide will result in a design that is sized, configured, and appropriately placed to enable rapid deployment of Windows operating systems, while also considering the performance, capacity, and fault tolerance of the system.
Download at source.
Source: Microsoft Clustering and High Availability blog.
Hi Cluster Fans,
In Part 1 of this blog series we discussed Performance Counters and their interaction with the Network, Multicast Request Reply, Global Update Manager and Database clustering components. This post will look at monitoring some additional cluster components: the Checkpoint Manager, Resource Control Manager, Resource Types, APIs and Cluster Shared Volumes.
Checkpoint Manager
Checkpoint Manager is a component that helps you to make sure that data of the clustered application is available on all the nodes. Failover Cluster supports two kinds of checkpoints. Crypto Checkpoints allow you to keep your secret protected and available on all the nodes. The secret is used to create protected containers, generate keys in the containers, and encrypt data using the keys. If your application uses Crypto API and keeps secrets in the crypto container then you can associate a Crypto Checkpoint with your resource, providing it with information about the crypto provider and the container name. The cluster will export the keys from this container, export the container with data and will save all of this information to the cluster database. After offlining the resource on a node, the Checkpoint Manager will update the snapshot.
Read more at the source.
Source: Microsoft Clustering and High Availability blog
Hi Cluster Fans,
In Windows Server 2008 R2 we have added performance counters for Failover Clustering. Performance counters are like meters you have on some devices in your house. For instance, your electrical or water meter tracks what utilities you have consumed or your thermometer shows you the current temperature. They all have at least one thing in common – they show you aggregated information about the current state. However, they would not show you every event that contributes to that state. Some components in the cluster deal with lots of calls or traffic going through them and some buffer information in memory before it can get processed. We have added performance counters to several such components. This post will discuss each counter set and in future posts we will look at a couple of practical examples showing several issues resolved with the help of the performance counters.
Read more at the source.
On the Microsoft SharePoint Team blog I found an interesting article about the installation of SharePoint Server 2007 on Windows Server 2008 R2.
Within a couple of days I will publish my how to guide on installing SharePoint 2007 on Windows Server 2008 R2.
Starting from Service Pack 2, Windows SharePoint Services 3.0 and SharePoint Server 2007 support Windows Server 2008 R2 and Windows Server 2008 SP2. When you try to install SharePoint bits on Windows Server 2008 R2 directly, you may see the following dialogue:
This is because Windows SharePoint Services 3.0 and SharePoint Server 2007 bits without SP2 slipstreamed are not supported on Windows Server 2008 R2. The KB article 962935 is not live on the web site yet.
To install on Windows Server 2008 R2, for Windows SharePoint Services 3.0 you can download the slipstream builds here:
Windows SharePoint Services 3.0 with SP2 (x86)
http://www.microsoft.com/downloads/details.aspx?FamilyId=EF93E453-75F1-45DF-8C6F-4565E8549C2A&displaylang=en
Windows SharePoint Services 3.0 with SP2 (x64)
http://www.microsoft.com/downloads/details.aspx?familyid=9FB41E51-CB03-4B47-B89A-396786492CBA&displaylang=en
For SharePoint Server 2007, you can follow Create an installation source that includes software updates (Office SharePoint Server 2007) to create one. Or you can also read on, we will go through the complete steps to create a new slipstream build for SharePoint Server 2007.
Read more at the source (SharePoint Team blog).
Overview
This guide will provide basic configuration steps of Windows Storage Server 2008.
- Installing Microsoft iSCSI target software
- Configuring iSCSI target software
- Creating volumes
Installing Microsoft iSCSI target software
Read more…
Source: Microsoft Storage Team
Version 1.0 of the File Server Capacity Tool (FSCT) was announced yesterday during a presentation by Jian Yan and Bartosz Nyczkowski at SNIA’s Storage Developer Conference in Santa Clara, CA. The presentation covered a number of details about FSCT and included a demo running FSCT with the HomeFolders workload.
If you are not familiar with FSCT, the download page offers this overview: “File server capacity planning and performance troubleshooting are critical aspects of high-level network administration. Central file servers and distributed client workstations are now the norm in most corporate networks. This structure reduces storage capacity requirements, centralizes backup, increases the availability of files, and simplifies the document revision and review process. However, because data storage and access are centralized, performance limitations impact the entire network population. Accurately projecting the number of users that hardware can support under a specific workload, and understanding when and where bottlenecks occur, are critical to making efficient improvements to the server configuration. File server capacity planning tools can be valuable in choosing new hardware for purchase, identifying the capacity of existing hardware, locating existing bottlenecks, and planning for resource expansion in advance of resource exhaustion. The throughput capacity of a file server can be expressed either as the maximum number of operations per second or a maximum number of users supported by the configuration. These values are influenced by several factors, some of which include processor speed, available memory, disk speed, network throughput and latency, and the speed with which SMB requests are processed.”
Read more at the source.
Download x64 version of the FSCT
Download x86 version of the FSCT
Follow Us!