Archive for the ‘Windows Server 2008’ Category
How to configure your virtual Domain Controllers and avoid simple mistakes with resulting big problems
So You went ahead and used virtualized Domain Controllers for Your Active Directory domain, congratulations! I am sure You will be happy with the decission, as long as You have a decent virtualizing environment, this will give You both peace of mind, faster recovery and cheaper redundancy.
There is however some special considerations You must do, when You are using virtual Domain Controllers, not to mention, please with sugar on top, do NOT P2V/Convert Your physical Domain Controllers to virtual, without at least reading this article!
What areas do we need to consider on a virtual DC?
- Time synchronization
- Disk cache
- Suspend/pausing virtual machine
- Snapshots and System State backups
Personally I much prefer virtual Domain Controllers, from having a lot of physical ones, but there are some considerations to be made, about perhaps leaving some physical and what features to use on the virtual and what settings to use as well. This article attempts to uncover some of the points to consider, specifically for virtal DC's. The list is in no way meant to be the only considerations, but is mostly the things that I personally have noticed forgotten in environments I have encountered. Add Your own preferences and research to this and You should be well on Your way to live happily forever with Your virtual DC's.
How to publish RD Web & Gateway (2008 r2) on ISA 2006, and still have time to watch The Big Bang Theory!
So I was asked the question, how do You publish the new Windows Server 2008 and 2008 R2 editions of Terminal Server, including the RD Web and RD Gateway (GW) services. And on top of that still use the ISA 2006 as authentication with Forms Based Authentication (needed in this case for RSA keys). Sounds easy enough right? Wrong!
Well once You get your head wrapped around the limitations, which of course are always hard to find documentation on, then it is easy enough. Basicly the RD Web service is easy enough to get working, simple next next next, will get You there with little trouble.(The RD Gateway on the other hand...)
Configure a ISA 2006 rule, with relevant web listener (or existing if appropiate), allow the /rdweb/* paths, use FBA authentication, use NTLM delegation of authentication to the internal webserver, configure the webserver (RD WEB) to use NTLM, install relevant SSL certificates to ISA and webserver, and presto it works! It even works with SSO if needed, and the user is only prompted by the ISA forms and not a second time by the RD Web site.
So far so good! A small hint before we go on, if You want to add multiple connections to other Terminal Servers in the RD Website, Read the rest of this entry »
Windows Server 2008 allows for setting up the server with a much smaller foot print and some will discuss even more secure environment because there is no GUI, the edition is called Windows Server 2008 Core.
The downside is all configuration of the server has to be done thru command line interface, it is also possible to RDP to a core server and get the command line interface.
But a clever guy named Guy Teverovsky created a very smart user interface to do basic configuration of a Core server. The program he made however was removed because his employer claimed rights of the software made while working for the company.
The software is still available on the internet and now there is even an updated version from the company he worked for. Read the rest of this entry »
During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers.
If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server.
I recently had a problem at a customer, where Windows Server 2008 DNS, at times would not resolve requests for certain top level domains (Among others .CN, .BR, .DK and .CO.UK). The customer would experience the problem every 12-48 hours and fix it by restarting the DNS server service - not acceptable.
The problem is reproduceable and is limited to all Windows 2008 servers of all editions, including Small Business Server (SBS), where the DNS server uses root hints for internet resolution. Read the rest of this entry »