Archive for March, 2011

MOR 152 – Hellooooooo, Mr. Wilson!

Podcast March 27th, 2011

Recorded: March 27, 2011
Your Hosts: Keith Albright and Steve Murawski

Show Length:1:13:33

Topics/Links:

Read the full show notes here.

Website Picks

Sorry, none this week.

Listen Now:

Download Here

MOR 151 – Author, Author!

Podcast March 26th, 2011

Recorded: March 20, 2011
Your Hosts: Keith Albright and Steve Murawski

Show Length:1:16:25

Topics/Links:

Read the full show notes here.

Website Picks

Sorry, none this week.

Listen Now:

Download Here

SCCM 2012–Moving Backwards In Time

Servers March 24th, 2011

System Center Configuration Manager 2012’s 2nd Beta is out for download.. but don’t bother if you are running a patched or current SQL Server…

It appears that the Configuration Manager team decided to step back in their support of current database servers.  Starting with Configuration Manager 2007 R2, the following were supported:

  • SQL Server 2005 with SP2 or SP3
  • SQL Server 2008, SP1, or SP2
  • SQL Server 2008 R2

According to the beta System Requirements documentation (remember this is beta, which in Microsoft parlance means bug fixes, not a lot of changes, etc..)

Configuration Manager requires 64-bit SQL Server 2008 Standard Edition or SQL Server 2008 Enterprise Edition, running Service Pack 1 with at least Cumulative Update 10 . Other versions of SQL Server, such as SQL Server 2008 with Service Pack 2 or SQL Server 2008 R2, are not supported.

If you are looking for something that is not so picky, but get’s you a good bit of the functionality, I’ve started to look at Admin Arsenal.  I’ve just downloaded one of their products and I’ll get a chance to look deeper later, but it seems to be a bit lower friction.

On a side note.. the guys at Admin Arsenal are supporting this year’s PICC event.

OCS 2007 R2 Certificates

Scripting, Servers March 16th, 2011

Situation:

Some of our internal certificates for OCS were coming due for replacement.  I did a simple web search for “Find all certificates for Office Communication Server 2007 R2” and I got very little help..

And of course, OCS does not support wildcard certs Sad smile (but does take wildcards in Subject Alternative Names (SAN).. go figure..)

So for those who just want a reference of what certs are used where.. (Subject Name (SN) and Common Name (CN) are used somewhat interchangeably.. Common Name is the most import item to OCS)

Outcome (it’s not pretty folks…):

I give you (working from the outside in):

  1. Edge Server

    1. Description:
      1. The first cert needed is a Web Conferencing Edge Server. 
      2. SAN Required – No.
      3. These are public facing certs, so you’ll likely want to get these from a cert provider.
      4. Even if you are issuing them yoursefl, you’ll notice that these cert requests are generated offline, as the edge server is usually in a restricted portion of the DMZ without direct access to your internal CA.
    2. Example:
      1. SN: webconf.mindofroot.com
    3. Command:
      1. To create the cert request: LcsCmd /cert /action:request /friendlyname:”Web Conference Edge” /sn:webconf.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /fileName:”C:\CertHold\webedge.req” /L
      2. To import the response: LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /assign:true /Components:DP /L
    4. Description:
      1. The second cert required is for Audio/Video Authentication Edge Server.
      2. SAN Required – No.
      3. This is used for internal communication to the rest of the OCS infrastructure.
      4. If you are using an internal cert, you will have to install the certs on the cert chain as well to make them trusted on this server.
    5. Example:
      1. SN: av.mindofroot.com
    6. Command:
      1. LcsCmd /cert /action:request /friendlyname:”AV Edge” /sn:av.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /fileName:”C:\CertHold\avedge.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /assign:true /Components:MR /L
    7. Description:
      1. The third cert is required for the Internal Edge. 
      2. SAN Required – No.
      3. This is for encrypting and decrypting traffic between external clients and the “next hop” server (usually the director or pool).
      4. This can be an internally issued cert.
    8. Example:
      1. SN: internaledge.internal.mindofroot.com
    9. Command:
      1. LcsCmd /cert /action:request /friendlyname:”Internal Edge” /sn:internaledge.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /fileName:”C:\CertHold\internaledge.req” /L

      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /assign:true /Components:INTERNAL /L

    10. Description:
      1. The fourth cert required covers the Access Edge.
      2. SAN Required: Possible, if there are additional domains covered for external access.
      3. This is for the default SIP.yourdomain.com address.
    11. Example:
      1. SN: sip.mindofroot.com
      2. SAN: sip.acoupleofadmins.com
    12. Command:
      1. LcsCmd /cert /action:request /friendlyname:”Access Edge” /sn:sip.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /san:sip.mindofroot.com, sip.acoupleofadmins.com /fileName:”C:\CertHold\accessedge.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\accessedge.cer” /assign /Components:AP /L

  2. Reverse Proxy

    1. Description:
      1. The Reverse Proxy provides a way for external users to access content, expand address lists, and otherwise do things require more access.
      2. SAN Required – Maybe.
    2. Example:
      1. SN: ocsweb.mindofroot.com
    3. Command:
      1. LcsCmd /cert /action:request /friendlyname:”Web Proxy External” /sn:ocsweb.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /fileName:”C:\CertHold\webproxyext.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /L
  3. CWA Server

    1. Description:
      1. The CWA certificate supports IM, PSTN call in, desktop sharing, etc..
      2. SAN Required – Yes.
      3. Note – The DNS name cwa.yourdomain.com might be behind a reverse proxy.. in that case, you might need two certs (an internal and a public cert).
    2. Example:
      1. SN: cwa.mindofroot.com
      2. SAN: im.mindofroot.com, cwa.acoupleofadmins.com, im.acoupleofadmins.com
    3. Command:
      1. LcsCmd /cert /action:request /online:false /friendlyname:”CWA” /sn:cwa.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /san: im.mindofroot.com, cwa.acoupleofadmins.com, im.acoupleofadmins.com /fileName:”C:\CertHold\CWAext.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CWAResponse.cer” /assign:true /L
  4. Director

    1. Description:
      1. SN set to the FQDN of the director.
      2. SAN Required – Yes, set to the SIP DNS for each domain. 
    2. Example:
      1. SN: director.internal.mindofroot.com
      2. SAN: sip.mindofroot.com
    3. Command:
      1. LcsCmd /Cert /Action:request /online:true /assign:true /ca:MOR-CA.internal.mindofroot.com\MOR-CA /caAccount:MOR\Admin /caPassword:P@ssword1 /friendlyname:”MOR-Director SIP”/sn:director.internal.mindofroot.com /OU: IT /org:MOR /city:SomeWhere /state:Else /country:US /san:*.mindofroot.com /L
  5. Mediation Server

    1. Description:
      1. The Mediation Server coordinates enterprise voice traffic
      2. SAN Required – No.
    2. Example:
      1. SN: mediation.mindofroot.com
    3. Command:
      1. LcsCmd /cert /action:request /online:true /friendlyname:Mediation Server /sn:mediation.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /fileName:”C:\CertHold\mediation.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /assign:true /L
  6. Front End Server

    1. Description:
      1. SN set to the FQDN of the enterprise pool name or server. 

      2. SAN Required – Yes, set to any alternative DNS names for the pool and server. 
    2. Example:
      1. SN: pool1.intranet.mindofroot.com
      2. SAN: pool1.mindofroot.com, sip.mindofroot.com, myfrontendserver.intranet.mindofroot.com
    3. Command:
      1. LcsCmd /Cert /Action:request /online:true /assign:true /ca:MOR-CA.internal.mindofroot.com\MOR-CA /caAccount:MOR\Admin /caPassword:P@ssword1 /friendlyname:“MOR-FE Front End SIP” /sn:pool01.internal.mindofroot.com /OU: IT /org:MOR /city:SomeWhere /state:Else /country:US /san:*.mindofroot.com, myfrontendserver.intranet.mindofroot.com /L
  7. Group Chat

    1. Description:

      1. The Group Chat cert should reference the DNS for the Group Chat server.
      2. SAN required – Maybe, if you have multiple DNS entries for group chat.
    2. Example:
      1. SN: groupchat.mindofroot.com
      2. SAN: groupchat.acoupleofadmins.com
    3. Command:
      1. LcsCmd /cert /action:request /online:true /friendlyname:”Group Chat Server” /sn:groupchat.mindofroot.com /ou: IT /org:MOR /city:SomeWhere /state:Else /country:US /san:groupchat.mindofroot.com.com, groupchat.acoupleofadmins.com /enableClientEKU:TRUE /fileName:”C:\CertHold\groupchat.req” /L
      2. LcsCmd /cert /action:ImportResponse /fileName:”C:\CertHold\CAResponse.cer” /assign:true /L

Licensing in Any World

Servers, Vendors March 14th, 2011

Brian Lewis (IT Pro Evangelist for Microsoft) recently blogged about licensing in a virtual world.  He made some interesting points about Datacenter edition licensing as VM density grows.

All that talk of licensing reminded me of a tool I’ve used to manage and license machines in my network – the Volume Activation Management Tool (VAMT) version 2.0.  Version 2.0 has some updated features, including managing Office 2010 licensing in addition to Server 2008 R2 and Windows 7.  There is a version 1.1 of the tool that will manage licensing for Vista, Server 2008, Win 7, and Server 2008 R2.

MOR 150 – Nerd Fight!

Podcast March 13th, 2011

Recorded: March 13, 2011
Your Hosts: Keith Albright and Steve Murawski (Special Guest Appearance by Keanu Reeves)

Show Length:1:06:03

Topics/Links:

  • We discuss Chapter 7 – Networking
    • OSI Model
    • Physical/Logical Network Diagrams
    • Designing and maintaining a clean architecture
    • Terminology
    • Protocol selection and vendor interoperability
  • VLAN’s as a security model – Nerd Fight between Keith and Steve – Send in your opinions on the topic to Feedback [at] MindOfRoot.com

Read the full show notes here.

Website Picks

Steve – PICC Conference

Listen Now:

Download Here

2011 Scripting Games Are Coming!

Scripting March 10th, 2011

2011 Scripting Games

Grab this badge here!

The 2011 Scripting Games start on April 4th.

This year is the first year that all the scripts must be in PowerShell.

If you are not familiar with the Scripting Games, they are two weeks of real world inspired challenges that allow you to demonstrate your scripting chops.  Every day a new challenge (or event) is revealed.  There are two categories, Beginner and Expert, so there are challenges for everyone, no matter how experienced.

After each event is revealed, competitors can submit their scripts to the Scripting Games PoshCode repository, where an internationally recognized judges will score every submission (guess what.. I’m a judge this year..).  After the event closes, an “Expert Solution” will be provided as a sample of the event could be solved, including an explanation on how they got there.

If you are new to scripting, this is a great way to get started, no pressure, with real examples and solutions from recognized experts.

If you really want to find out more about how the even runs, take a look at last year’s events and solutions.. 

Or check out the 2011 Scripting Games Study Guide.

This is a great opportunity to flex your scripting might or start building your scripting muscles..

Hope to see you there!

MOR 149 – Default Denied

Podcast March 6th, 2011

Recorded: March 6, 2011
Your Hosts: Keith Albright and Steve Murawski
Show Length: 56:01

Topics/Links:

  • Remember the Default Deny rule
  • iSCSI and Hyper-V Troubles
  • VMWare and Windows Server 2008 R2 video problem
  • DNS and Office Communication Server
  • Meeting Room A/V Project
  • What to do when a machine loses secure channel to DC
  • Neighbors Laptop virus woes

Read the full show notes here.

Website Picks

Keith – http://www.youtube.com/watch?v=vPnehDhGa14&feature=player_embedded – From DOS 5 to Windows 7 – An Upgrade story

Listen Now:

Download Here

blank