Problem:
Running out of RDP licensing for your terminal servers. Win 2008 & Win 2008 R2 licenses. You need to restrict/control what servers are allowed to get RDP licenses from the your pool of licenses.
Solution:
On the license server, there is a local security group called Terminal Server Computers. Add the client servers (computer names) that are allowed to get RDP licensing for their clients to the security group. Once all the servers are in the group, enable policy "License server security group" found in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing using GPEDIT.MSC.
Caveat:
This solution should only be done when Licensing server is a domain member.
Reference:
http://technet.microsoft.com/en-us/library/cc725704.aspx
Friday, March 14, 2014
Wednesday, February 12, 2014
Configuring multiple SSL DNS URLs for same IP/port in IIS 7.5
Basically, you have a website that has to be SSL enabled, but different URLs for different groups of users. Ie. internal company users might use www.abc.edu vs external might use www.abc.com, or whatever.
To do this, you need a SAN Certificate (Subject Alternative Name Certificate). A SAN cert allows for multiple domain names to be protected with a single certificate.
The SOP to generate it is below in the reference. Send the certreq file to your preferred CA (Certificate Authority) and they will send back a SAN cert. Bind that new cert to your SSL binding for the website and either any and all URLs in the SAN cert will work as a SSL link.
Adding another DNS to the SSL, would require a new SAN cert be generated with all the valid DNS' listed, including the new one.
Reference:
http://blogs.msdn.com/b/andrekl/archive/2008/09/24/how-to-generate-a-csr-for-an-iis-website-using-the-windows-vista-server-2008-certificates-mmc-plugin.aspx
http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx
To do this, you need a SAN Certificate (Subject Alternative Name Certificate). A SAN cert allows for multiple domain names to be protected with a single certificate.
The SOP to generate it is below in the reference. Send the certreq file to your preferred CA (Certificate Authority) and they will send back a SAN cert. Bind that new cert to your SSL binding for the website and either any and all URLs in the SAN cert will work as a SSL link.
Adding another DNS to the SSL, would require a new SAN cert be generated with all the valid DNS' listed, including the new one.
Reference:
http://blogs.msdn.com/b/andrekl/archive/2008/09/24/how-to-generate-a-csr-for-an-iis-website-using-the-windows-vista-server-2008-certificates-mmc-plugin.aspx
http://blogs.msdn.com/b/varunm/archive/2013/06/18/bind-multiple-sites-on-same-ip-address-and-port-in-ssl.aspx
Tuesday, February 11, 2014
How to remove cluster warning: ESXi Shell for the Host has been enabled
When taking Vmware ESXi hosts out of maintenance mode, I used to see this all the time. You can ignore if you know that you have the shell enabled, but found this method to suppress the warning...
Reference:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003637
Reference:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2003637
Thursday, February 6, 2014
Migrate Reporting Services to SQL 2008 RS
Here is the MS SOP, works well.
Reference:
http://msdn.microsoft.com/en-us/library/ms143724(v=sql.100).aspx
Reference:
http://msdn.microsoft.com/en-us/library/ms143724(v=sql.100).aspx
Thursday, January 30, 2014
Blank page for SQL 2008 Reporting Services management site
Finally figured this out. The Windows 2008 R2 image we use had the described setting enabled by default. Had to disable in order for the Reporting services management page to work/display.
*** Report Manager fails after you enable FIPS compliant
algorithms in Local Security Policy
After you enable the Local Security Policy "System
cryptography: Use FIPS compliant algorithms for encryption, hashing, and
signing", you are not able to use Report Manager. When you open Report
Manager, your browser will be empty or show an "HTTP 500 Internal Server
Error". A SQL Server 2008 R2 or later version of the report server will
add an error message similar to the following in the report server service log
file:
ui!ReportManager_0-1!1708!02/27/2010-08:02:03:: e ERROR:
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
To work around this issue: At this time, there is no
known work around. Report Manager does not support the Local Security Policy
"System cryptography: Use FIPS compliant algorithms for encryption,
hashing, and signing". If you want to use Report Manager you need to
disable the setting and restart the report server service.
This issue applies to: SQL Server 2008 Reporting Services
and SQL Server 2008 R2 Reporting Services.
Reference:
Tuesday, December 10, 2013
WSUSContent Folder clean up
Trying this now since our folder is well over 200GB...
Reference:
http://blogs.technet.com/b/gborger/archive/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large.aspx
Reference:
http://blogs.technet.com/b/gborger/archive/2009/02/27/what-to-do-when-your-wsuscontent-folder-grows-too-large.aspx
Tuesday, December 3, 2013
Task Scheduler – A Specified Logon Session Does Not Exist
Good fix for issue where on Win 2008 R2 my task sequence would not save...
Reference:
http://blogs.msdn.com/b/agileer/archive/2010/08/31/task-scheduler-a-specified-logon-session-does-not-exist.aspx
Reference:
http://blogs.msdn.com/b/agileer/archive/2010/08/31/task-scheduler-a-specified-logon-session-does-not-exist.aspx
Subscribe to:
Posts (Atom)