netsh – Set Multiple DNS Servers

October 5th, 2011

So to set a single DNS server using netsh at the Windows command prompt you can do as follows:

netsh> interface ip
netsh interface ip>set dns "Local Area Connection" static addr=10.0.0.1

The first command changes to the interface ip context. The second command sets a single DNS server. That’s great when you have one server but many networks will have alternate addresses as well. To add those, use this:

netsh interface ip>add dns "Local Area Connection" addr=10.0.0.2

You can also put index=X at the end of the command to put the server in the right place in the ordered list.

Finally, to get DNS servers via DHCP instead of static, do this:

netsh interface ip>set dns "Local Area Connection" dhcp

The same syntax as above can be used for WINS servers as well, just replace dns with wins.

For Windows 7, the commands are basically the same but some syntax has changed, for example, replace dns with dnsservers and wins with winsservers. The context has also changed when you switch to the interface ip context it will be labelled netsh interface ipv4. Do a “set/add dns ?” for command help.

Popularity: 6% [?]

Tags: ,
Posted in Windows | No Comments »

Windows 8 Developer Preview – Virtual Machine Install

September 20th, 2011

Since Windows 8 Developer Preview / Pre-Beta is now available, thought I’d give it a test running as a virtual machine in VMware Workstation.

Initially tried the 32-bit version of Windows 8 under VMware Workstation  7.0.1 but it failed to start with a HAL_INITIALIZATION_FAILED error, with the fancy new sad face BSOD.

Tried multiple different CPU, Memory and HDD configurations but would always end up with the same result. So, to be sure it wasn’t going to run in Workstation 7, I downloaded the latest build version 7.1.4 and gave that a try. Same result.

As is documented in numerous places online, the Windows 8 Developer Preview will work in VMware Workstation 8 and in the latest build of VirtualBox (v4.1.2). It is not supported in most older virtualization software including Virtual PC. If you’re just intending to run up a Windows 8 virtual machine for testing purposes, VirtualBox is probably the way to go. You can run VMware Workstation as a trial for 30 days but you will then need to purchase whereas VirtualBox is freely available under the GNU GPL v2.

As for Windows 8 on VMware ESX or ESXi (any version), subscribe to this KB for updates:  http://kb.vmware.com/kb/2006859 Note: Although there are Windows 8 options in the Guest Operating System drop down in vSphere / ESXi 5 (though only when editing the VM, not creating it), VMware is not currently supporting Windows 8 in that environment. I ended up getting the same HAL_INITIALIZATION_FAILED sad face BSOD as above in Workstation when trying to get Windows 8 to start under ESXi 5.

Popularity: 10% [?]

Tags: ,
Posted in Windows | 1 Comment »

Getting Windows 7 BitLocker To Backup Recovery Info To Active Directory In A Windows Server 2003 Domain

June 1st, 2011

Long title but pretty much explains it all. Thread about this here [social.technet.microsoft.com]

So you’ve got Windows 7 clients and a Windows Server 2003 domain. All the domain preparation has been completed  (schema extensions for Vista, etc)  and all your Group Policy settings in place to require a machine to backup its recovery keys / recovery passwords to Active Directory before enabling BitLocker, but it isn’t working.

First, try running:

manage-bde -protectors -adbackup c: -id <numerical_id>

I was getting a group policy permission denied error which matched the situation in this thread [social.technet.microsoft.com]

I initially tried setting the necessary GPO options via local policy, see here [blogs.technet.com] – refers to Group Policy, but use local policy (gpedit.msc) on the target Windows 7 machine. This will work, but because you have Windows Server 2003 domain controllers and even trying to set Group Policy on a Windows 7 machine with RSAT installed, the Windows 7 group policy options are not available (i.e. the Fixed Data drive, Operating System drive, etc options). They are only available in the ADMX templates which Windows 2003 can’t read. So, you need to set them using Extra Registry Settings instead.

Also, it turns out that the backup to AD registry settings that get applied have changed from Windows Vista to Windows 7 (because Windows 7 extends upon BitLocker beyond what Vista offered). In Vista the policy created keys called:

  • ActiveDirectoryBackup, REG_DWORD (1)
  • ActiveDirectoryInfoToStore, REG_DWORD (1)
  • RequireActiveDirectoryBackup, REG_DWORD (1)

Windows 7 does not recognise these as they are now on a drive type basis. So, create in your GPO Extra Registry Settings as follows (this is for enabling FVE on an OS drive):

  • OSActiveDirectoryBackup, REG_DWORD (1)
  • OSActiveDirectoryInfoToStore, REG_DWORD (1)
  • OSRequireActiveDirectoryBackup, REG_DWORD (1)

These registry settings should be created in HKLM\SOFTWARE\Policies\Microsoft\FVE

Remove the local settings (if you chose to test that way) and once Group Policy is updated, the correct settings will be applied and AD backup of BitLocker recovery info will work. Note that backup of recovery info is only ever attempted once during the BitLocker enable process. It can be retried with the manage-bde command as shown above though.

Popularity: 18% [?]

Tags: , ,
Posted in Windows | 2 Comments »

Replacing an OCS 2007 R2 Edge Server

May 6th, 2011

Quick brain dump really for replacing a physical OCS 2007 R2 Edge Server with another physical server. Note this method is effectively a swap out, i.e. the new server is named and numbered the same as the old server which was useful in my scenario as no firewall rules needed to be updated. This does mean of course that there is a brief outage during the old switcheroo.

First, identify and build up your new server with Windows Server 2003 x64 R2 with Service Pack 2. Install Windows Updates as per your company’s policy, but do not install KB974571 (MS-09-056) – although, there is a fix which is explained in the article if you absolutely have to install that update (see the ‘Resolution for these known issues’ section of the article). At this stage, name and number the new server differently to the existing server (also, at this stage you probably only need the inside interface online, though both NICs should be patched for production).

Next, on the existing server, export the certificates as a PFX package (cert + keys) so they can be imported on the new server. To export the certificates, open Computer Management -> Services and Applications -> Right-Click Office Communications Server 2007 R2 and choose Certificates. Hit Next > select Export a certificate to a .pfx file, select the first valid certificate (there should be at least two, one for the inside one for the outside), hit Next > provide a path and file name (leave the checkbox select to attempt to export the chain), hit Next > provide a password which you will later use to import the cert, hit Next > and complete the wizard. Repeat for the remaining valid certificate(s) – you will only need the certificates that are applied to each of the interface roles (Access, Web Conf, Internal, etc).

Also, use lcscmd.exe to export the existing server configuration so we can import on the new server. Run lcscmd similar to this (note the fqdn is the internal name of the server):

"%CommonProgramFiles%\Microsoft Office Communications Server 2007 R2\lcscmd" /config /action:export /level:machine /configfile:<path_to_xml_file> /fqdn:<fqdn_of_server>

Copy the exported XML config file and the .pfx cert files to the new server.

At this point you are ready to shut down the existing server, this is the old switcheroo. You could of course switch a couple of these steps around to keep the old server up a bit longer but the whole process from now takes only around 20 minutes…up to you. Also up to you but possibly a good idea, either change the IP address or disable the NICs of the existing server before shutting it down just to b safe.

  • Rename the new server to take the host name of the old server
  • Renumber the new server to take the inside and outside IP addresses of the old server
  • Launch OCS 2007 R2 setup on the new server, go to Deploy Other Server Roles -> Deploy Edge Server.
  • At Step 1, click Install and follow the wizard to install the application files.
  • Run Step 2, Activate Edge Server, this will ask for account information for the RTCProxyService account.
  • Run Step 3, Configure Edge Server, the wizard allows for the import of a config file, point the wizard to the XML file copied over prior to shutting down the old server. Each step of the wizard will display and allow you to update any of the imported settings if necessary.
  • Run Step 4, Configure Certificates for the Edge Server, the wizard allows for the import of .pfx files. Match up the internal certificate with the internal interface role and the external certificate(s) with the external roles.
  • Run Step 5, Start Services, if everything went well the services should come online.

You can run the validation process, Step 6, but since the Edge Server has just replaced another one, you should know pretty quickly if things are working or not (test federated contacts, public IM connectivity, external client connectivity, etc). You can also use Microsoft’s Remote Connectivity Analyzer

Popularity: 18% [?]

Tags: ,
Posted in OCS | No Comments »

Fuze Messenger For Blackberry – Mobile OCS Without RIM Enterprise Messenger

March 14th, 2011

If you have a Microsoft Office Communications Server (OCS) 2007 R2 environment and want to use the Blackberry Client for OCS, you need to install the OCS Communicator Web Access (CWA) R1 role. This is due to some changes made by Microsoft between R1 and R2 (removing UC AJAX), see here

Unfortunately, from a BES-integrated aspect, there isn’t much else and I believe RIM haven’t announced an updated version of the client and probably won’t as there will no doubt instead be a release pending for a Lync 2010 client instead. I believe the current version, 2.5.46, still only supports CWA R1 via BES.

As an alternative, I’ve recently tried Fuze Messenger which is an all-purpose messaging client, supporting AIM, MSN, ICQ, Google Talk, Yahoo but also supports OCS 2007 R2. The application must be downloaded via Blackberry App World which perhaps makes it a little more difficult for Administrators to control and manage. Current version at time of writing is 3.2 (0505)

Technically, the installation and setup was simple – the application doesn’t request it, but I needed to reboot my device to get it to successfully connect to OCS first time round. To use the app, you must first create a Fuze Messenger login. Once created, you then setup IM Networks.

From an OCS perspective, the client connects similar to the way a remote Communicator client would connect, via the Access Edge server. Therefore, the user needs to have the ‘Enable remote user access’ setting enabled under Other Settings in their Communications Server properties. Once logged in to Fuze and you’ve selected OCS as an IM Network, the settings required are just your OCS sign-in name (i.e. SIP address) and your OCS User Name and Password (domain credentials) – note that the User Name is in the format <domain>\\<username>. You then just choose whether you want to import your existing contact list and if so how, then hit Finish and you should be logged in and your contacts displayed if you chose to import them.

The IM experience using Fuze isn’t as good as what I expect the RIM client to be, however it is functional and the application does run nicely in the background alerting you to new IM conversations and has plenty of options for configuring how you want to be alerted and how you want messages to be displayed, etc.

Popularity: 87% [?]

Tags: ,
Posted in OCS | No Comments »

« Older Entries