Search This Blog

Thursday, January 8, 2015

Create a Certificate Template from Internal CA

We plan to setup ADFS for our test environment and we are require to get a certificate before configure ADFS. For Lab purpose, we are going to use Internal CA.Here is the step that we took

[Install CA roles]

Use Server Manager and Tick AD Certificate Services

  • Certificate Authority
  • Certificate Authority Web Enrollment

image

[ Create a Certificate Template]

1. Open MMC

2. Add Certificate Template | Duplicate Web Server Certificate Template

image

3. Modify the certificate templates

Compatibility- Maintain 2003

image

Request Handling – Tick Allow private key to be exported. Make sure you tick this as we need to export the certificate and import into other ADFS server.

image

Cryptography – Minimum key size - 2048

image

Security – Add Authenticated Users / Domain Users and set Enroll permission

image

Subject name – Supply in the request. (This option allow certificate template to visible when request from web browser)

image

General – Change your Certificate Template name

image

[ Publish Certificate Template]

1. Open Certificate Authority snap-in

2. Right click Certificate Template | New | Certificate Template to issue

image

3. Select the certificate template that you’ve created earlier

image

[ Verify and request certificate ]

1. Use browser and go to https://localhost/certsrv

2. Request a certificate | Advanced Certificate Request | Create and submit request to this CA

image

Check out below. We can select our own created certificate template. Let start to request a certificate with common name :- fs.ms4u.local, 2048 key size and mark key as exportable.

image

Install the certificate, export out using Certificate snap-in and install into each ADFS server and Web Proxy server.

That’s all for today and we have successful create own certificate template from internal CA. Next, we will setup ADFS farm and Web Proxy.

Posted by Lai Yoong Seng at 7:13 PM

Wednesday, January 7, 2015

Inventory Hyper-V Host Using Powershell

 

Serhat (one of Hyper-V MVP peer) has released a Powershell script to generate a Hyper-V Reporting to assist people to do virtualization inventory, capacity and general resource availability for stand-alone or Cluster Hyper-V environment and produce a HTML report. Here is a sample of my result when run on a stand alone Hyper-V Server

image

Result:-

image

image

image

Additional report can view from here

To get the script, please go to Technet Gallery and download:- https://gallery.technet.microsoft.com/Hyper-V-Reporting-Script-4adaf5d0

Posted by Lai Yoong Seng at 3:25 PM
Labels:

Monday, January 5, 2015

Hyper-V Manager Improvements–Window Server Technical Preview

 

Next stop, let check out Hyper-V Manager improvement in Windows Server Technical Preview.

1. Able to specify alternate credential support. You can specify another credential when want to connecting from Windows Server Technical Preview to remote host.

1

Connecting to remote host which joined to domain should be an easy step. The most tedious part is when Hyper-V host running in workgroup. Been trying hard for a resolution on this part and hope below step is informative for those who are trying to remote connect to Hyper-V Host running in workgroup .

winrm quickconfig

Winrm

On target server

Enable-PSRemoting
Enable-WSManCredSSP –Role Server

Server

Configure local policy-

Computer Policy | Administrative Templates | System | Credential Delegation |

- Allow delegating fresh credentials and

- Allow delegating fresh credential with NTLM only server authentication

Set to enabled and add WSMAN/computername to list of computer

4

3

On client

Enable-WSManCredSSP –Role Client –DelegateComputer *

Client

Reboot both computer before remote connect by using Hyper-V Manager.

2. Down level management. – You can use Hyper-V Manager from Windows Server Technical Preview to manage computer running Hyper-V on

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 8
  • Windows 8.1

3. Updated management protocol by using WS-MAN protocol. WS-MAN protocol by default is using port 80. Previously when want to use live migration, you’re require to set Constrained Delegation in Active Directory. But now just enabled CredSSP as listed above.

Posted by Lai Yoong Seng at 4:10 PM
Labels:

Hyper-V Integration Services Delivered Through Windows Update–Windows Server Technical Preview

 

Current version of Windows Server 2012 R2 allowed an administrator to install Integration Services by going through Virtual Machine Connection Console. Just click Action | Insert Integration Services Setup Disk. Then the system will bind vmguest.iso and allow users to install integration services. By installing integration services, it allow you to

Perform operating system shutdown

  • Time synchronization
  • Data exchange
  • Heartbeat
  • Backup (volume snapshot)
  • Guest services

image

Well, this is a bit troublesome and require an administrator action to run it from Hyper-V Manager Console. To save an effort, with Windows Server Technical Preview, an administrator no longer need to perform this manually. (Insert Integration Services Setup Disk is no longer available)

image

So how to install Integration Services Component?

All they need to do is update virtual machine with KB3004908. via SCCM, WSUS or Windows Update.

image

Pre-requisite before install KB 3004908

  • Windows Server 2012 R2 or Windows 8.1 – install update KB2919355
  • Windows 7 or Windows Server 2008 R2 – install SP1
  • Windows Server 2008 – install SP2

image

Posted by Lai Yoong Seng at 8:30 AM
Labels:

Sunday, January 4, 2015

Win 2016 TP3 : Hot Add and Remove For Network Adapter and Memory

[Update 31 August 2015]

 It is time to have a look on enhancement available for virtual machine hardware. Won’t it be great that we can hot add or remove hardware without shutting down virtual machine.

[ Memory ]
With Windows Server 2012 R2, we can decrease minimum memory and increase maximum memory when your virtual machine is configure to use dynamic memory. We love this feature however we cannot change the value when VM is configure to use static memory.
image

 With Windows Server Technical Preview Windows 2016 TP3, the game has change and now you can adjust the amount of memory assigned to a virtual machine while it is running, even if you haven’t enabled Dynamic Memory. This works for both generation 1 and generation 2 virtual machines.
image
You can increase and decrease the memory easily in startup memory without shutdown virtual machine.
Note:-
  • Guest operating system must be running Windows Server 2016 TP3
[ Network Adapter]
You can now add or remove a Network Adapter while the virtual machine is running, without incurring downtime. This works for generation 2 virtual machines running both Windows and Linux operating systems.
If you compare VM running in Windows Server 2012 R2 Hyper-V, you will notice on Network Adapter, Button “Remove” is dimmed when VM running.
image

However, Button “Remove” is available when VM running in Windows Server Technical Preview   2016 TP3 which allow us to add/remove network adapter without need to shutdown the VM.
image
Note:-
  • Only Generation 2 VM
  • Work either Windows or Linux VM
Posted by Lai Yoong Seng at 9:04 PM
Labels:
Subscribe to: Posts (Atom)