Posts Tagged ‘microsoft’

« Older Entries

netsh – Set Multiple DNS Servers

Wednesday, October 5th, 2011

So to set a single DNS server using netsh at the Windows command prompt you can do as follows:

netsh> interface ip
netsh interface ip>set dns "Local Area Connection" static addr=10.0.0.1

The first command changes to the interface ip context. The second command sets a single DNS server. That’s great when you have one server but many networks will have alternate addresses as well. To add those, use this:

netsh interface ip>add dns "Local Area Connection" addr=10.0.0.2

You can also put index=X at the end of the command to put the server in the right place in the ordered list.

Finally, to get DNS servers via DHCP instead of static, do this:

netsh interface ip>set dns "Local Area Connection" dhcp

The same syntax as above can be used for WINS servers as well, just replace dns with wins.

For Windows 7, the commands are basically the same but some syntax has changed, for example, replace dns with dnsservers and wins with winsservers. The context has also changed when you switch to the interface ip context it will be labelled netsh interface ipv4. Do a “set/add dns ?” for command help.

Popularity: 6% [?]

Tags: ,
Posted in Windows | No Comments »

Windows 8 Developer Preview – Virtual Machine Install

Tuesday, September 20th, 2011

Since Windows 8 Developer Preview / Pre-Beta is now available, thought I’d give it a test running as a virtual machine in VMware Workstation.

Initially tried the 32-bit version of Windows 8 under VMware Workstation  7.0.1 but it failed to start with a HAL_INITIALIZATION_FAILED error, with the fancy new sad face BSOD.

Tried multiple different CPU, Memory and HDD configurations but would always end up with the same result. So, to be sure it wasn’t going to run in Workstation 7, I downloaded the latest build version 7.1.4 and gave that a try. Same result.

As is documented in numerous places online, the Windows 8 Developer Preview will work in VMware Workstation 8 and in the latest build of VirtualBox (v4.1.2). It is not supported in most older virtualization software including Virtual PC. If you’re just intending to run up a Windows 8 virtual machine for testing purposes, VirtualBox is probably the way to go. You can run VMware Workstation as a trial for 30 days but you will then need to purchase whereas VirtualBox is freely available under the GNU GPL v2.

As for Windows 8 on VMware ESX or ESXi (any version), subscribe to this KB for updates:  http://kb.vmware.com/kb/2006859 Note: Although there are Windows 8 options in the Guest Operating System drop down in vSphere / ESXi 5 (though only when editing the VM, not creating it), VMware is not currently supporting Windows 8 in that environment. I ended up getting the same HAL_INITIALIZATION_FAILED sad face BSOD as above in Workstation when trying to get Windows 8 to start under ESXi 5.

Popularity: 10% [?]

Tags: ,
Posted in Windows | 1 Comment »

Getting Windows 7 BitLocker To Backup Recovery Info To Active Directory In A Windows Server 2003 Domain

Wednesday, June 1st, 2011

Long title but pretty much explains it all. Thread about this here [social.technet.microsoft.com]

So you’ve got Windows 7 clients and a Windows Server 2003 domain. All the domain preparation has been completed  (schema extensions for Vista, etc)  and all your Group Policy settings in place to require a machine to backup its recovery keys / recovery passwords to Active Directory before enabling BitLocker, but it isn’t working.

First, try running:

manage-bde -protectors -adbackup c: -id <numerical_id>

I was getting a group policy permission denied error which matched the situation in this thread [social.technet.microsoft.com]

I initially tried setting the necessary GPO options via local policy, see here [blogs.technet.com] – refers to Group Policy, but use local policy (gpedit.msc) on the target Windows 7 machine. This will work, but because you have Windows Server 2003 domain controllers and even trying to set Group Policy on a Windows 7 machine with RSAT installed, the Windows 7 group policy options are not available (i.e. the Fixed Data drive, Operating System drive, etc options). They are only available in the ADMX templates which Windows 2003 can’t read. So, you need to set them using Extra Registry Settings instead.

Also, it turns out that the backup to AD registry settings that get applied have changed from Windows Vista to Windows 7 (because Windows 7 extends upon BitLocker beyond what Vista offered). In Vista the policy created keys called:

  • ActiveDirectoryBackup, REG_DWORD (1)
  • ActiveDirectoryInfoToStore, REG_DWORD (1)
  • RequireActiveDirectoryBackup, REG_DWORD (1)

Windows 7 does not recognise these as they are now on a drive type basis. So, create in your GPO Extra Registry Settings as follows (this is for enabling FVE on an OS drive):

  • OSActiveDirectoryBackup, REG_DWORD (1)
  • OSActiveDirectoryInfoToStore, REG_DWORD (1)
  • OSRequireActiveDirectoryBackup, REG_DWORD (1)

These registry settings should be created in HKLM\SOFTWARE\Policies\Microsoft\FVE

Remove the local settings (if you chose to test that way) and once Group Policy is updated, the correct settings will be applied and AD backup of BitLocker recovery info will work. Note that backup of recovery info is only ever attempted once during the BitLocker enable process. It can be retried with the manage-bde command as shown above though.

Popularity: 18% [?]

Tags: , ,
Posted in Windows | 2 Comments »

Replacing an OCS 2007 R2 Edge Server

Friday, May 6th, 2011

Quick brain dump really for replacing a physical OCS 2007 R2 Edge Server with another physical server. Note this method is effectively a swap out, i.e. the new server is named and numbered the same as the old server which was useful in my scenario as no firewall rules needed to be updated. This does mean of course that there is a brief outage during the old switcheroo.

First, identify and build up your new server with Windows Server 2003 x64 R2 with Service Pack 2. Install Windows Updates as per your company’s policy, but do not install KB974571 (MS-09-056) – although, there is a fix which is explained in the article if you absolutely have to install that update (see the ‘Resolution for these known issues’ section of the article). At this stage, name and number the new server differently to the existing server (also, at this stage you probably only need the inside interface online, though both NICs should be patched for production).

Next, on the existing server, export the certificates as a PFX package (cert + keys) so they can be imported on the new server. To export the certificates, open Computer Management -> Services and Applications -> Right-Click Office Communications Server 2007 R2 and choose Certificates. Hit Next > select Export a certificate to a .pfx file, select the first valid certificate (there should be at least two, one for the inside one for the outside), hit Next > provide a path and file name (leave the checkbox select to attempt to export the chain), hit Next > provide a password which you will later use to import the cert, hit Next > and complete the wizard. Repeat for the remaining valid certificate(s) – you will only need the certificates that are applied to each of the interface roles (Access, Web Conf, Internal, etc).

Also, use lcscmd.exe to export the existing server configuration so we can import on the new server. Run lcscmd similar to this (note the fqdn is the internal name of the server):

"%CommonProgramFiles%\Microsoft Office Communications Server 2007 R2\lcscmd" /config /action:export /level:machine /configfile:<path_to_xml_file> /fqdn:<fqdn_of_server>

Copy the exported XML config file and the .pfx cert files to the new server.

At this point you are ready to shut down the existing server, this is the old switcheroo. You could of course switch a couple of these steps around to keep the old server up a bit longer but the whole process from now takes only around 20 minutes…up to you. Also up to you but possibly a good idea, either change the IP address or disable the NICs of the existing server before shutting it down just to b safe.

  • Rename the new server to take the host name of the old server
  • Renumber the new server to take the inside and outside IP addresses of the old server
  • Launch OCS 2007 R2 setup on the new server, go to Deploy Other Server Roles -> Deploy Edge Server.
  • At Step 1, click Install and follow the wizard to install the application files.
  • Run Step 2, Activate Edge Server, this will ask for account information for the RTCProxyService account.
  • Run Step 3, Configure Edge Server, the wizard allows for the import of a config file, point the wizard to the XML file copied over prior to shutting down the old server. Each step of the wizard will display and allow you to update any of the imported settings if necessary.
  • Run Step 4, Configure Certificates for the Edge Server, the wizard allows for the import of .pfx files. Match up the internal certificate with the internal interface role and the external certificate(s) with the external roles.
  • Run Step 5, Start Services, if everything went well the services should come online.

You can run the validation process, Step 6, but since the Edge Server has just replaced another one, you should know pretty quickly if things are working or not (test federated contacts, public IM connectivity, external client connectivity, etc). You can also use Microsoft’s Remote Connectivity Analyzer

Popularity: 18% [?]

Tags: ,
Posted in OCS | No Comments »

Internet Explorer 8 (IE8) Security Warning after DivX Plus Web Player Install

Tuesday, December 14th, 2010

As the title suggests, after installing the DivX codec and then also installing the DivX Plus Web Player component which is an Add-On for IE, I began to receive the IE Security Warning about mixing secure (https) and non-secure (http) content on the same page for every https page that was loaded.

The reason is because the add-on seems to add a whole bunch of CSS content to the browser rendered page when it is enabled. Checked this using the IE8 Developer Tools (in IE: Tools -> Developer Tools). The following screen shot shows some of the content added, there is more.

To stop the security warning from constantly popping up, in IE go to Tools -> Manage Add-Ons. Select the DivX Plus Web Player HTML5 item and hit Disable. This will also disale the DivX HiQ helper object as well.

Close and re-open the browser and try the https page again, you should no longer see the Security Warning.

Popularity: 50% [?]

Tags: , , ,
Posted in Windows | 3 Comments »

« Older Entries