Microsoft Exchange and Active Directory Blog
The problem does not really fit here, but maybe it will help someone. The following problem occurs with users who have not logged on to VMware View Horizon Desktops for a long time: The logon of the Group Policy Client service has failed. Access denied The error occurs because the NTUser.dat file within the user profile is corrupt. ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
I hate it when applications are started automatically when I log on to a system, including the server manager. If you don't want the server manager to start automatically when you log on, you can either deactivate the corresponding task in the task scheduler or apply a GPO to all servers: To do this, simply create a new GPO on a domain controller. Read more
In the last part of this series of articles, we will deal with the publication of certificates and revocation lists via HTTP. Part 1 and part 2 can be found here: https://www.frankysweb.de/server-20082012-pki-installieren-teil-1/ https://www.frankysweb.de/server-20082012-pki-installieren-teil-2/ First create a new share on the server that will later deliver the revocation lists and certificates via HTTP. I have created the share in the last ... Read more
In part 1, the root CA was installed, which will later be taken offline (i.e. shut down). Now, however, we will first take care of the sub-CA that is to be integrated into Active Directory. This is the second part of the PKI installation. The first step is to publish the certificate and the revocation list of the root CA in the Active Directory. The easiest way to do this is ... Read more
A certification authority is quickly installed under Windows Server. Essentially, the "Certification authority" role is added, "Next" is clicked a few times and you have a CA that can issue all possible certificates. So you have a PKI, which works, but is bad. A PKI and its CAs need to be well planned, and this involves ... Read more
From time to time it can be quite helpful to be able to access snapshots of drives, be it to quickly restore a file or to compare the contents of two files. A VSS snapshot can always be made accessible without having to restore the snapshot. However, there are two different ways, depending on the attributes ... Read more
Anyone who publishes Exchange servers and their web interfaces directly via port forward on the Internet may be familiar with the problem: Someone tries to guess the users and passwords or tries to access the mail accounts using brute force. Unfortunately, neither the Windows on-board tools nor Exchange Server offer the possibility to block the IP address after a few failed login attempts. Here ... Read more
Here is another small script from the "Quick & Dirty" series. The script can restart a server and sends a mail with the status: #Server restart $servername = "SERVER01" $to = "frank@frankysweb.de" $from = "rebooter@frankysweb.de" $smtpserver = "smtp.frankysweb.local" Send-MailMessage -To $to -From $from -SmtpServer $smtpserver -Subject "Restart for server $servername" -body "The server $servername ... Read more
Unfortunately, the IIS web server does not offer the option of automatically deleting older log files. Either you write log files to disk continuously, or only one with a selectable size. I have therefore created a small script which deletes the log files after a selectable period of time. The script is available for download: Using a scheduled task, the script can be ... Read more
