Microsoft Exchange and Active Directory Blog
In part 1, the root CA was installed, which will later be taken offline (i.e. shut down). Now, however, we will first take care of the sub-CA that is to be integrated into Active Directory. This is the second part of the PKI installation. The first step is to publish the certificate and the revocation list of the root CA in the Active Directory. The easiest way to do this is ... Read more
A certification authority is quickly installed under Windows Server. Essentially, the "Certification authority" role is added, "Next" is clicked a few times and you have a CA that can issue all possible certificates. So you have a PKI, which works, but is bad. A PKI and its CAs need to be well planned, and this involves ... Read more
From time to time it can be quite helpful to be able to access snapshots of drives, be it to quickly restore a file or to compare the contents of two files. A VSS snapshot can always be made accessible without having to restore the snapshot. However, there are two different ways, depending on the attributes ... Read more
Anyone who publishes Exchange servers and their web interfaces directly via port forward on the Internet may be familiar with the problem: Someone tries to guess the users and passwords or tries to access the mail accounts using brute force. Unfortunately, neither the Windows on-board tools nor Exchange Server offer the possibility to block the IP address after a few failed login attempts. Here ... Read more
Here is another small script from the "Quick & Dirty" series. The script can restart a server and sends a mail with the status: #Server restart $servername = "SERVER01" $to = "frank@frankysweb.de" $from = "rebooter@frankysweb.de" $smtpserver = "smtp.frankysweb.local" Send-MailMessage -To $to -From $from -SmtpServer $smtpserver -Subject "Restart for server $servername" -body "The server $servername ... Read more
Unfortunately, the IIS web server does not offer the option of automatically deleting older log files. Either you write log files to disk continuously, or only one with a selectable size. I have therefore created a small script which deletes the log files after a selectable period of time. The script is available for download: Using a scheduled task, the script can be ... Read more
I have always had the problem that VSS snapshots on servers were not cleaned up. At some point, the hard disk would fill up because the operating systems had countless snapshots that were never cleaned up. I have therefore created a small script that determines the number of active snapshots and the date of the first and last snapshot. $serverlist ... Read more
Today I just wanted to quickly request a certificate via certificate templates, but as it happens. The following error message: No certificate templates were found. You do not have sufficient rights to request a certificate from this certification authority, or an error occurred while accessing the Active Directory. I have a meaningful error message, but ... Read more
Anyone who has followed my howtos (Server 2008R2-Exchange 2010 and Server 2012-Exchange 2013) for an internal certification authority and SAN certificates may also want to issue certificates with a validity of more than 2 years. A validity of more than 2 years can already be specified in the certificate template. However, the certificates are still only valid for ... Read more
Today the problem occurred that the FileServer replication via DFS over a site-to-site VPN was extremely slow. Normally, the WAN connection has a bandwidth of 6 Mbit/s, which was also achieved when manually copying data. However, the DFS replication was bobbing along at a pitiful 20KBit/s. As this was an initial synchronization of the file servers, it should have been possible with ... Read more
