Page 16 – blog.azureinfra.com

Cross Forest Authentication part 2 – Creating trusts

By rzomerman | March 26, 2010 | No Comments | Active Directory, Windows 2008, Windows 2008 R2

In part of the the forest authentication blog post, we’ve seen that a particular path is used depending on Kerberos or NTLM authentication. We’ve also seen that domain controllers rely on other domain controllers of the forest to find the right domain (and thus object in the AD). The question now is, which domain controller of the other forest is used to authenticate the user? What happens during a trust creation, do we really need the PDC emulator? Will LMHOSTS still help us, like it did in the old days?

Those questions we will answer in this series of authentication across trusts part 2, 3 etc..

Server Core + network bindings

By rzomerman | March 20, 2010 | No Comments | Azure

When you want to control the bindings on a network card in Server Core (2008R2), your stuck with the registry editor. So how do you A: know what binding you want to remove, B: where to locate it, C: to disable it.. A is easy.. you want to remove, File and Printer Sharing, Client for […]

FIM RC1 U3 and admin rights

By rzomerman | February 18, 2010 | No Comments | Active Directory, Other, Windows 2008 R2

So I tried to install the FIM RC (u3) in a demo environment, and what a hush hush was that.. My setup was fairly easy, all (except SQL) on a single box.. offcourse reading is not my best skill, but the install went fine.. and the portal was ready for the administrator account (installed it with). It opened on the fim server without a problem, but getting it to work remotely, that was another problem..

The guide tells you to register SPN’s for the Kerberos to work if the FIM Portal and FIM service are on seperate servers, but ALSO if you want to use the FIM password reset extension.. however registering the http/servername to a service account renders the remote login useless.. you will receive an HTTP Error 401. The requested resource required used authentication.

If you where to google (or bing) on that error code the links tell you to disable Kernel Mode kerberos in IIS.. well that kinda did NOT do the trick either and although the Sharepoint site comes up then, the FIM portal dies..

Best Practices Analyser + MOSS

By rzomerman | December 7, 2009 | No Comments | Other, Windows 2008 R2

When installing MOSS in an 2008R2 environment, you will notice that the Best Practices Analyser for Sharepoint will not run.. now this is not only to the fact that the BPA is running on the 2008R2 environment, it’s when the entire sharepoint farm is running on 2008R2. One option is to have a single 2008/2003 server on the same farm and point to that, or wait for the next release of BPA for Sharepoint.

The error received would be: Failed to retrieve the configuration database connection string from machine ‘<insert machinename>’ due to the following error: Failed to retrieve the configuration database connection string from machine ‘<insert machinename>’

Missing some hours lately?

By rzomerman | October 21, 2009 | No Comments | Azure

Daylight saving time.. (DST).. some love it (due to some extra hours of sleep) some hate it.. because the have to program around it.. and so do the developers at Microsoft.. and then.. there are some countries that like to switch the dates they change the time (Argentina for example).. well all fuzzy logic if you ask me.. and so did the developers think.. and they accidently missed one date.. a date very close to come..(October 25th)

OWA 2010 Themes

By rzomerman | October 14, 2009 | No Comments | Azure

As you might of seen, the themes option is removed in Exchange 2010.. the old layout has been changed to some ugly yellow stylish look (probably to make it look like Office 2010.. ). Personally I do not like the yellow and have always used the Zune theme in Outlook 2007 (not that I like […]

Hyper-V 2.0 + NLB

By rzomerman | October 6, 2009 | No Comments | Azure

If you want to create an NLB on Windows 2008 R2 Hyper-V, you will notice that all previous blog posts around this topic will do you no good.. Although you can setup the NLB, network traffic will halt no matter what you do.. change the mac to static, revert it back etc etc.. seems Hyper-V version […]

Query AD for information

By rzomerman | September 1, 2009 | No Comments | Active Directory, Scripting

So.. been busy lately.. but here’s a new topic.. Windows 2008? R2? Kerberos? No.. it’s scripting..

I had a customer who wanted to extract information from AD by a custom application. Offcourse we could open port 389 and have them extract the info.. but perhaps it would be easier to just query the Global Catalog (if the info you want is in there)..

What's the next topic

By rzomerman | June 3, 2009 | No Comments | Other

Perhaps you dear readers want to know more about a specific thing? Take the poll .. and I will see what I can do 🙂

Group Policy Preferences & Drive Mappings

By rzomerman | June 3, 2009 | No Comments | Other, Windows 2008, Windows 2008 R2

When using GPP’s to map drives, some of you will notice that some drives are not correctly mapped on the clients. Some users will receive other network mappings (they “sort of” never heard of before) and some network connections are there, but will not be re-attached (device name is already in use).