Can’t ping the domain controller via FQDN while on the internal network? Trouble accessing any of the internal domains that are available via Direct Access while on your internal network?
This is a quick blog post to document an error I encountered that took me a while to figure out, as is typical with errors that are caused by configuration mistakes, yes self-inflicted. In the Microsoft Unified Access Gateway administration documentation for configuring Direct Access (DA), it says 2 things that are extremely important but does not emphasize just how important they are, or the errors that will be encountered if they are not followed.
Your Network Location Server (NLS), which must be able to serve HTTPS requests, is used by your DA clients to determine whether they are on the internal network, this site must not and cannot be accessible through DA or any other means from outside your network, so make sure the HTTPS resource is NOT something you need to access from external networks. If your clients can access the NLS then they will not attempt a DA connection. If they cannot access the server, then they will attempt a DA connection. There are a few key points to this server that also cannot be overlooked.
Continue reading Direct Access Computers Can’t Ping Domain Controller on Internal Network?
So I’ve run into this problem multiple times and ‘hacked’ my way around it various ways, but there is a better way that doesn’t require the use of certutil.exe or any other console utilities. This scenario applies under the following conditions:
- CA (Certificate Authority) Server is running on Windows Server 2008 R2
- Web Server is running on Windows Server 2008 R2
- Both servers are members of the same domain
- You want to use the Certificates snap-in
- You want to stay away from the console if you can
By default, you cannot generate a web server certificate request directly from your servers and you are presented with this screen based on the default Active Directory Enrollment Policy:
As you can see from the screenshot, most of the certificate templates are unavailable with the exception of the computer certificate template.
Continue reading Enable Web Server Certificate Requests On Windows Server 2008R2 CA Server
I decided to sign up for Microsoft Connect and download the Windows Home Server “Vail” public preview and install it in my lab vSphere lab. I recently picked up an Iomega ix4-200 and had some extra space so I wanted to try to streaming media and backup functionality.
After Windows (Server 2008 R2) installed, and the WHS configuration wizard started running, it would error out at 36% or 37% consistently. It would post an error, and instruct me to reboot and contact the vendor if the error continued. Hmm… contacting Microsoft about a beta, yehrite, and I’m impatient so I didn’t feel like posting on the forums and trying to wait for a response what would likely be a dance of posting log files etc. I so I went into reinstall / reboot hell.
After numerous reboots, rebuilds, and a successful VMware Workstation deployment (yes I actually wondered if Microsoft put something in the bits to keep it from being installed on VMware… hahah), I tracked down the issue. In the installation guide it says to use a hard drive that has a minimum of 160GB of space. I made a drive that had exactly 160GB. This was the problem. The successful workstation VM I created had a hard drive of 165GB. I went back and increased the size of the vSphere VM to 165GB and voila! Success. Hopefully this saves someone some time and trouble with virtualizing WHS “Vail”.
EDIT: 2011/04/14 – I’m working on another method of doing this since it appears that this only works sporadically or no longer works as written. I will update this post if I can figure out where the disconnect / issues are.
I’ve been experimenting with creating a good Windows Server 2008 R2 template for VMware vSphere 4 and wondered just how many times Microsoft would allow an activation on the same MSDN license key (Multiple Activation) for the OS. I often deploy multiple servers at a time and am always fearful of activating since I don’t want the key to be shut off. Typically I only run these servers for short periods of time so not activating is no big deal, however in longer running projects I often have no choice but to either activate or destroy and redeploy. With information that I’ve come across on the Internet, I’ve managed to consolidate a method that does not break the Windows Server 2008 activation, while still sysprep’ing and generating a new SID.
This process can be used for other virtualized environments as well I’m sure, but in this case I created it for VMware vSphere.
Continue reading Creating an Activated Windows Server 2008 R2 VMware Template using Microsoft Sysprep
This is a quick post, or maybe not so quick, just to illustrate how to create and add records to a DNS zone on your own Windows Server with the DNS role configured. This server can be a domain controller with DNS installed or just a DNS server, it doesn’t make any difference.
A quick primer on DNS. DNS, or domain name servers (services), provides the ability for servers to access systems by name instead of IP address. Without DNS servers, we would all have to navigate the Internet by typing in IP addresses, like http://18.104.22.168. From reading this link, you’d have no idea where you were navigating to, but it just so happens that this is one of Google’s many public IP addresses. Try it.
Continue reading Creating and Managing a DNS Zone Using Windows Server + Quick DNS Primer
Have you tried rebooting?
I ran across an issue on Windows Server 2008 R2 but also found the issue to happen on Windows 7 installations.
Apparently this will be fixed in the R2 releases of SQL but since those aren’t available yet for the enterprise and similar versions, there’s a pretty simple fix. I found an article that references a few fixes that I’ll link to here in case the fix that I have doesn’t work.
The error states that “Invoke or BeginInvoke cannot be called on a control until the window handle has been created.”
Continue reading SQL Server 2008 Installer Fails on Windows 7 and Windows Server 2008 R2
As I’ve upgraded my lab environment to vSphere over the weekend, I’ve been running across the occasional VM that fails to allow me to upgrade it’s VMware Tools. This seems to be predominantly happening with my Windows Server 2008 VMs.
I’ve received various error messages including ‘can’t find vmware tools.msi’ looking at c:windowsinstallers, and messages stating that Installation cannnot continue because a previous version is installed, even though it had just been removed. FRUSTRATING! Fortunately, this isn’t the first time people are running across it and there’s a VMware KB article on how to address this.
Issues as noted on the VMware KB:
- Unable to upgrade existing VMware Tools
- Unable to upgrade existing installation of VMware Tools because the previous installation fails to be removed
- The uninstall feature of VMware Tools fails to complete, and finally
- Cannot uninstall VMware Tools.
All this boils down to ‘IT’S BROKE! HOW CAN I FIX IT!?’
Continue reading VMware Tools Fail During Upgrade / Uninstall
Tonight I decided to go on the magical journey of upgrading my ESX 3.5 environment to vSphere using the Host Update Utility. I’m usually a firm believer in ‘If it ain’t broke, don’t fix it!’ but this time I decided to take the plunge and see what happens.
A few months ago, I ran through the Host Update Utility and failed a hardware compatibility check. I was running a few Intel Pro/100 NICs that ESX 3.5 was more than happy to work with but vSphere said, NO WAY. After tracking down a few Broadcom 5701 NICs, installing them without a hiccup, I honestly still considered sticking with ESX 3.5, but after talking to a few friends who have had no trouble with their upgrades, I figured the most that I had to lose was a little time. I ran through the wizard again, of the Host Update Utility, it complained about nothing this time and continued.
After a short while, maybe 10 minutes or so, I was up and running on vSphere 4. No hiccups! I immediately started booting up VMs. I ran into my first problem. 🙂
Continue reading Upgrading ESX 3.5 to vSphere 4 Using Host Update
Here’s the scenario, I decided to try out Subversion as a source control repository on a Windows Server 2008 server, attached to a Win Server 2008 domain, with ISA Server forwarding HTTP traffic. After doing a little bit of research, I decided to give VisualSVN Server a try. If you don’t know it, it’s a very small footprint product produced by VisualSVN Limited, that installs Subversion and an Apache server, on Windows, to handle the HTTP connection to SVN (Subversion).
The product installed and configured very easily, ‘hats off’ to VisualSVN, and I was immediately able to connect to it from internal on my network. There are a few self-explanatory questions that are posed in the installation wizard. Tough things like where do you want to store your repositories. ;) (If you’re going to use a file share as a repository, make sure that you use the UNC and not a mapped drive.)
I’m amazed that I’ve come across yet another tech product that is actually behaving as advertised. Is it just me, or is that odd???
Not the fault of VisualSVN, I began to run into configuration issues when I tried to route the traffic through ISA Server.
Continue reading Windows Server 2008 and Subversion over HTTPS
This post picks up where the last post left off. In the last post, we created a Windows Server 2008 R2 Active Directory Domain Controller and stopped short of going on to add Certificate Services into the mix.
If you’re not sure if you need certificate services for your environment, it never hurts to have it available. It does not add much overhead so for development environments and small businesses you can consider adding the role to a DC (domain controller) as we are here. Certificate Services will allow you to issue certificates to your internal resources, use client/server certificates for authentication, and set up SSL enabled websites.
I believe best practice is, and I’m sure someone will correct me if I’m wrong, to set up an Enterprise Root CA (Certificate Authority), then set up one or more subordinate CA’s. You can then make your Root CA unavailable for access and have the subordinates handle all of the traffic without fear of compromising your Root CA. In this tutorial, we’ll just be installing and configuring a Root CA, but the process is basically the same for the subordinates.
Now that you’ve got some background information, onto the installation/configuration of Windows Server 2008 R2 Certificate Services.
In ‘Server Manager’, select Roles in the left pane, then Add Roles in the right pane. Place a check mark in the checkbox for Active Directory Certificate Services. Then click Next.
Continue reading Install Certificate Services on Windows Server 2008 R2