Sole's Blog

Posts Tagged ‘Windows Server 2008’

So I was asked the question, how do You publish the new Windows Server 2008 and 2008 R2 editions of Terminal Server, including the RD Web and RD Gateway (GW) services. And on top of that still use the ISA 2006 as authentication with Forms Based Authentication (needed in this case for RSA keys). Sounds easy enough right? Wrong!

Well once You get your head wrapped around the limitations, which of course are always hard to find documentation on, then it is easy enough. Basicly the RD Web service is easy enough to get working, simple next next next, will get You there with little trouble.(The RD Gateway on the other hand…)

Configure a ISA 2006 rule, with relevant web listener (or existing if appropiate), allow the /rdweb/* paths, use FBA authentication, use NTLM delegation of authentication to the internal webserver, configure the webserver (RD WEB) to use NTLM, install relevant SSL certificates to ISA and webserver, and presto it works! It even works with SSO if needed, and the user is only prompted by the ISA forms and not a second time by the RD Web site.

So far so good! A small hint before we go on, if You want to add multiple connections to other Terminal Servers in the RD Website, Read the rest of this entry »

Please pretty please do not just hit the button and P2V/ColdClone/HotClone/Copy your Windows Server Domain Controllers, regardless if they run Windows Server 2000/2003/2008 etc.

In best case You accomplish to virtualize your domain controllers, wich You could have done with a few simple steps just as easily with out any danger.

In worst case You render your Domain Controllers useless, create several other problems and hickups in your infrastructure, not limited to complete production halt and at least several hours of pain and horror trying to get everything back and running!

Personally I have nothing against virtual Domain Controllers, usually best practice is not to run all kinds of other software or services on a Domain Controller, plus the need to have multiple Domain Controllers for redundancy will quickly add alot of boxes doing very little. Virtualizing some or all of these Domain Controllers, will put better use of ressources and still keep the box seperate from other services. Dont forget to change time synchronisation settings in the w32time service, vmware tools and ntp servers in the ESX’s, but thats another story.

One of the big problems with doing a clone of a Domain Controller, is that if you get problems, you will not notice them untill it is too late. The domain controller will seem to function and work with clients, but it will actually have stopped replicating with all other domain controllers, because it has detected that it has been copied. The result is an inconsistent domain with client records not being updated, they will slowly stop working depending on what domain controller they get in contact with, untill everything goes dead. If you have then virtualized ALL domain controllers, You will be left with 1-3 months of changes going down the tube together with your damaged Domain Controllers. Dont forget to take a full backup of at least 1 Domain Controller before starting your cloning!

So what happens when things go bad? Read the rest of this entry »

Windows Server 2008 allows for setting up the server with a much smaller foot print and some will discuss even more secure environment because there is no GUI, the edition is called Windows Server 2008 Core.

The downside is all configuration of the server has to be done thru command line interface, it is also possible to RDP to a core server and get the command line interface.

But a clever guy named Guy Teverovsky created a very smart user interface to do basic configuration of a Core server. The program he made however was removed because his employer claimed rights of the software made while working for the company.

The software is still available on the internet and now there is even an updated version from the company he worked for. Read the rest of this entry »

During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers.

If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server.

Read the rest of this entry »

A small but anoying bug in Microsoft Exchange 2007 in combination with Windows Server 2008, will under certain conditions make Outlook Anywhere (OA) fail no matter how correct your settings are in Exchange 2007.

The Outlook Anywhere error only shows under theese conditions.

• Any Exchange 2007 version
• Client Access Server (CAS) and Mailbox Server roles installed on the same server
• Operating system any version and edition of Windows Server 2008, with RPC Proxy feature installed (required for OA).

The reason for the bug and the fix is very simple…

Read the rest of this entry »

I recently had a problem at a customer, where Windows Server 2008 DNS, at times would not resolve requests for certain top level domains (Among others .CN, .BR, .DK and .CO.UK). The customer would experience the problem every 12-48 hours and fix it by restarting the DNS server service – not acceptable.

The problem is reproduceable and is limited to all Windows 2008 servers of all editions, including Small Business Server (SBS), where the DNS server uses root hints for internet resolution. Read the rest of this entry »