Tuesday, July 31, 2012

Windows Activation SLMGR

slmgr /rearm -to extend activation without a key for 30 more days 3 times up to 120 days
slmgr /ipk -install key
slmgr /ato -activate windows
slmgr /dli -KMS activation count from KMS host
slmgr /dlv -display license info
slmgr /xpr -display expiration date


RSA Basic Administration


ISA RSA Administration:


Using the Following for RSA VPN through ISA2006
· RSA 7.0 Management Console is installed on Server1
· RSA 6.1 Agent is installed on ISA2006 Server (Other Agents will not work on ISA2006)
· RSA 7.1 EAP Client is installed on VPN authorized Guest Systems


For Licensing and Main Administration Select the RSA Operations Console:
Log on using the RSA administrative credentials

For Users and Keyfob Administration Select the RSA Security Console:
Log on using the RSA administrative credentials

To add or manage a user :
From the Home Menu Select “Identity”> “Users” :

By default these queries are blank click “Search” at the bottom to run the query:

You can add a new user using the “Add New” button:

Fill in the user fields below and “Save”: 

Note the Password policy no @ or ~:

The new user will then be listed:

To add a key fob click on the arrow next to the user name and select SecurID Tokens:

Select “Assign Tokens”

Select the check box next to the token you want to assign and click “Assign”

You will then see a green checkmark alert that the token was successfully assigned:

To manage SecurID Tokens:
From the Home Menu Select “Authentication”> “SecurID Tokens”>”Manage Existing”:

You will see an Assigned and Unassigned Tab, on the Assigned tab you can see whom the key fob is assigned to as shown below:

To edit or unassign a token click on the arrow to the right of the token:

Monday, July 23, 2012

2008 DFS Basics

Jose Barreto's Blog Post Covers The Basics:

http://blogs.technet.com/b/josebda/archive/2009/03/10/the-basics-of-the-windows-server-2008-distributed-file-system-dfs.aspx

My Notes:

If you have an environment transitioning from 2003 to 2008. Once your domain controllers are all 2008 and you can use the proper domain and forest levels, rather than trying to convert a smaller 2000 DFS configuration I would consider starting DFS over with the following steps:

-document thoroughly your configuration.
-review what you have and what you don't need. (how many namespace servers are you using?)
-backup the data on both the primary and replica location
-log off users to make sure the data is not in use
-delete your old namespaces, namespace servers, and replications. (not the data!)
-recreate DFS using 2008 only namespace servers to rebuild your DFS paths
-carefully recreate your DFS replicas
-restart servers and desktops as necessary

Note: Just because you are referencing data on a server or system does NOT mean it needs to be a Nameserver. Think of Nameservers as DNS servers pointing you to the data not necessarily hosts of the data.

2008 Server Core Setup and RODC


2008 Server Core Initial Setup notes: Credit "Avi Samocha's Blog"

Set password for local admin –
Choose 'Other User' at the logon screen> type 'Administrator' with no password and press Enter > Follow the instruction to create a new password.



Run Sysprep (For deployment) –
Navigate to 'C:\windows\system32\sysprep' and run - sysprep /OOBE /Generalize /shutdown.


Disable/Enable Screen Saver and Screen Saver Lock –
Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the 'ScreenSaverActive' & 'ScreenSaverIsSecure' Keys (0 to Disable, 1 to Enable).



Rename the Server –
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>



Setup IP Configuration –
View Interfaces: netsh interface ipv4 show interfaces
Set IP for Interface: Netsh interface ipv4 set address "InterfaceName" static 192.168.0.2 255.255.255.0 192.168.0.1
Set DNS Server Addresses: netsh interface ipv4 add dnsserver name="InterfaceID" address="DNSIPAddress"
Run again for additional DNS Servers.



Join the computer to Domain –
netdom join "ComputerName" /domain:"DomainName" /userd:"UserName" /passwordd:"password"

Note:If you have trouble reaching the domain try checking your firewall settings or disabling it all together temporarily as listed below



EnableWindows Update –
Cscript c:\windows\system32\scregedit.wsf /au 4
Net stop wuauserv
Net start wuauserv
This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow



Enable Remote Management on Firewall –
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Disabling and Enabling Windows Firewall-
To disable the windows firewall –
netsh firewall set opmode disable
To enable the windows firewall –
netsh firewall set opmode enable



Enable Windows Remote Management (WinRM) –
winrm qc



Enable Remote Desktop –
cscript C:\Windows\System32\ Scregedit.wsf /ar 0
If Firewall Enabled –
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes


Installation of a Windows Server 2008 Core RODC:

Install DNS –
start /w ocsetup DNS-Server-Core-Role


Prepare DC Schema for RODC – (Skip if 2008 Only Server Environment)
On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:
X:\sources\adprep>adprep /rodcprep


Run Dcpromo with an unattended file for RODC Installation –
(dcpromo /unattend:<unattendfile>)
Sample of Unattended File for RODC Installation:

[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=
RebootOnCompletion=Yes
ReplicaDomainDNSName= DomainDNSName
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=SRV2008DC.DomainDNSName
SafeModeAdminPassword=
SiteName=Default-First-Site-Name
UserDomain=DomainDNSName
UserName=Administrator

You Server Core Initial Setup and RODC are Done!

Monday, July 16, 2012

Veeam Backup VSS errors


VSS errors using Veeam backup:

To disable local VSS data

Log onto VM as Administrator

Open Command Prompt as Administrator
Use vssadmin at the command prompt:

c:\Vssadmin list shadows

Which showed me what drive was using VSS

In the GUI though the drive was listed as shadow copies off but it still was using storage for VSS files.
Re-enabled VSS for that drive then immediately disabled it again which deleted the old VSS files and set me back to 0% used.

Alternatively I probably could have used vssadmin to delete the VSS files as well using the 
c:\vssadmin Delete Shadows 
and 
c:\vssadmin Delete Shadow Storage 
options.

I ran a restart of COM+ services from services.mmc which restarted all the other dependencies as well.

I  then reran veeam backup job and no more VSS errors.

However if  the next backup fails with “failed to delete oib….”  you will need to recreate the job, but you should not get the VSS errors anymore.