Kemp Exchange 2010 Templates

Kemp released Exchange 2010 Templates witch makes configure a Kemp Loadmaster easier

Microsoft® Exchange 2010 Templates

Core services: MAPI, SMTP and Unified HTTP/HTTPS
Extended services: Per-service HTTP/HTTPS
Additional Services: POP, IMAP and SMTP

Ward 06-07-2012: Fixed Links

Enable Bitlocker with MDT

Bitlocker is a password centered disk encryption system built into Windows which encrypts your volumes and server platforms.

When your do a new deployment on a new computer with MDT you want automatically enable the TPM chip and encrypt the disk.

On 1 Feb 2012 a wrote an article about how to Enable TPM devices on HP Laptops trough MDT.

When you create a new client task sequence enable Bitlocker is default on.

After that I found a bug in MDT 2012 witch cost me al lot of time finding the answer.
MDT 2012 – Settings Per Task Sequence

So let’s begin.

Open Customsettings.ini

Change the following

[Settings]
Priority=Default
Properties=MyCustomProperty

to

[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty

Add the following text.

[HP6560B] = TaskSequenceID in my Case
MachineObjectOU=ou=laptops,ou=ward,dc=wardvissers,dc=local
BdeInstallSuppress=NO
BDEDriveLetter=S:
BDEDriveSize=300
SkipBitLocker=NO
BDEInstall=TPM
BDERecoveryKey=AD
OSDBitLockerWaitForEncryption=TRUE
BDEKeyLocation=\\ward-bh01.wardvissers.local\Bitlocker$

And change the following SkipBitLocker=YES under [DEFAULT]

In my case on the OU Laptops I created the following Bitlocker Group Policy

image

Important:

Group Policy’s will break deployment’s

System Center 2012 Service Pack 1 CTP2 available

This Community Technology Preview (“CTP2”) enables System Center customers to jointly evaluate System Center 2012 and Windows Server 2012 Release Candidate. CTP2 includes updates and enhancements to the following System Center 2012 components:

  • Virtual Machine Manager
    • Improved Support for Network Virtualization
    • Extend the VMM console with Add-ins
    • Support for Windows Standards-Based Storage Management Service, thin provisioning of logical units and discovery of SAS storage
    • Ability to convert VHD to VHDX, use VHDX as base Operating System image
  • Configuration Manager
    • Support for Windows 8
    • Support for Mac OS clients
    • Support for Linux and Unix servers
  • Data Protection Manager
    • Improved backup performance of Hyper-V over CSV 2.0
    • Protection for Hyper-V over remote SMB share
    • Protection for Windows Server 2012 de-duplicated volumes
    • Uninterrupted protection for VM live migration
  • App Controller
    • Service Provider Foundation API to create and operate Virtual Machines
    • Support for Azure VM; migrate VHDs from VMM to Windows Azure, manage from on-premise System Center
  • Operations Manager
    • Support for IIS 8
    • Monitoring of WCF, MVC and .NET NT services
    • Azure SDK support
  • Orchestrator
    • Additional support for Integration Packs, including 3rd party
    • Manage VMM self-service User Roles
    • Manage multiple VMM ‘stamps’ (scale units), aggregate results from multiple stamps
    • Integration with App Controller to consume Hosted clouds
  • Service Manager
    • Apply price sheets to VMM clouds
    • Create chargeback reports
    • Pivot by cost center, VMM clouds, Pricesheets
  • Server App-V
    • Support for applications that create scheduled tasks during packaging
    • Create virtual application packages from applications installed remotely on native server

You can get the System Center 2012 Service Pack 1 CTP2 Downloads here:

TMG2010: Server Configuration does not match the stored configuration

Issue: Not Synced Server Configuration does not match with stored configuration

image4

Cause: FF TMG 2010 Array certificates expired.

Solutions: The following steps will fix the issue. Please note that I am explaining the situation where my TMG 2010 enterprise Array is deployed in workgroup.

Step1: Run ISA BPA on TMG 2010 Array Member

image1

Step2: Verify certificate expiry date

1. From the Start menu, click Run. Type MMC, and then click OK.

2. In MMC, click File, and then click Add/Remove Snap-in.

3. Click Add to open the Add Standalone Snap-in dialog box.

4. From the list of snap-ins, select Certificates, and then click Add.

5. Select the service account and click Next.

6. Click Next.

7. Select ISASTGCTRL and click Finish.

8. Browse to ADAM_ISASTGCTRL\Personal > Certificates.

9. Open the certificate to see if it is expired.

Step3: Create a Request.inf file. Open notepad and copy the following and paste into notepad. modify CN and domain details as per your own requirement. rename the file as request.inf. An example of the inf file is:

[Version]

Signature=”$Windows NT$

[NewRequest]

Subject = “CN=myTMG.mydomain.com”

EncipherOnly = FALSE

Exportable = TRUE  

KeyLength = 1024

KeySpec = 1 ; Key Exchange

KeyUsage = 0xA0 ; Digital Signature, Key Encipherment

MachineKeySet = True

ProviderName = “Microsoft RSA SChannel Cryptographic Provider”

ProviderType = 12

RequestType = CMC

; Omit entire section if CA is an enterprise CA

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; Server Authentication

[RequestAttributes]

CertificateTemplate = WebServer

Step4: request Certificate to the Root/Subordinate CA

Open a elevated command prompt. At the command prompt, type the following command, and then press ENTER:

certreq -new –f request.inf certnew.req

Important! This command uses the information in the Request.inf file to create a request in the format that is specified by the RequestType value in the .inf file. When the request is created, the public and private key pair is automatically generated and then put in a request object in the enrollment requests store on the local computer.

Step5:Submit the request and obtain certificate

Open a elevated command prompt. At the command prompt, type the following command, and then press ENTER:

certreq -submit certnew.req certnew.cer

Important! certnew.req is generated in the previous command. certnew.cer is the certificate you are looking for.

An alternative way of submitting certificate to CA

  1. Open Certificate Authority
  2. Right Click on CA Server>All Task>Submit a New request
  3. Point to the location of certnew.req file
  4. Save Certificate As certnew.CER file into the preferred location

Step6:Convert certificate into .pfx format

Import the certificate certnew.cer into a server or an admin workstation

1. On the head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

3. In Available snap-ins, click Certificates, and then click Add.

4. Select Computer account, and then click Next.

5. Select Local computer, and then click Finish.

6. If you have no more snap-ins to add to the console, click OK.

7. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

8. In the details pane, click the certificate you want to manage.

9. On the Action menu, point to All Tasks, and then click Import. The Certificate Export Wizard appears. Click Next.

10. Browse to location of certnew.cer file

11. Import Certificate

To export a certificate in PFX format using the Certificates snap-in

1. On the head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

3. In Available snap-ins, click Certificates, and then click Add.

4. Select Computer account, and then click Next.

5. Select Local computer, and then click Finish.

6. If you have no more snap-ins to add to the console, click OK.

7. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

8. In the details pane, click the certificate you want to manage.

9. On the Action menu, point to All Tasks, and then click Export. The Certificate Export Wizard appears. Click Next.

10. On the Export Private Key page, click Yes, export the private key. Click Next.

11. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX). Click Next.

12. On the Password page, type and confirm the password that is used to encrypt the private key. Click Next.

13. Follow the pages of the wizard to export the certificate in PFX format.

Step7: Import Certificate into TMG Array

Log on to the TMG Server

Open FF TMG 2010 Console

Click on System>Click Server that is one of the array member>Click Import Server Certificate from the task pan>Browse location of the certificate import certnew.PFX format certificate

Click Ok.

Click refresh on the systems

Step8: Repeat the entire steps into all array members

Step9: Refresh Array members and check system

image2

Check TMG related services.

image3

Special thanks to Raihan Al-Beruni

Windows Server 2012 Release Candidate Build 8400 in VMware Workstation Technology Preview 2012

This procedure describes how to install Windows Server 2012 in VMware Workstation. The following versions are used:

  • VMware Workstation Technology Preview 2012 e.x.p Build-646643
  • Windows Server 2012 Release Candidate Datacenter Build 8400

In VMware Workstation Technology Preview 2012 create a new VM with the following settings:

  • New Virtual Machine
  • Custom (advanced)
  • Workstation Tech Preview
  • Select “I will install the operating system later”
  • Select “Microsoft Windows” and select as version “Windows 8 x64”
  • Set the Name and Location
  • Minimal 1 processor, 1 core
  • 2048 MB memory
  • Select “Use network address translation (NAT)”
  • Select “LSI Logic SAS”
  • Create a new virtual disk
  • SCSI
  • 60 GB disk size
  • Leave default disk file
  • Finish
  • After the VM is created, edit virtual Machine settings and browse for the Windows Server 2012 ISO in the the CD/DVD option

image

Edit the VMX file  and add the following line to the end to of the VMX file:

vmGenCounter.enable = FALSE

During the installation choose for the Windows Server 2012 Release Candidate (Server wit GUI)

Special thanks to my colleague Ivo Beerens

Free e-book: Introducing Windows Server 2012

Microsoft has released a free e-book entitled “Introducing Windows Server 2012”.

The Introduction:
“…Windows Server 2012 is probably the most significant release of the Windows Server platform ever. With an innovative new user interface, powerful new management tools, enhanced Windows PowerShell support, and hundreds of new features in the areas of networking, storage, and virtualization, Windows Server 2012 can help IT deliver more while reducing costs. Windows Server 2012 also was designed for the cloud from the ground up and provides a foundation for building both public and private cloud solutions to enable businesses to take advantage of the many benefits of cloud computing.

This book represents a “first look” based on the public beta release of Windows
Server 2012 and is intended to help IT professionals familiarize themselves with
the capabilities of the new platform. Although certain features may change
between now and RTM, much of the basic functionality likely will remain as
described here, meaning that most of what you learn from reading this book will
continue to benefit you as you begin to evaluate and deploy Windows Server
2012 in your own environment…”

Just click the picture to download the book

image