Dark Developments Where Knowledge Meets Power

30Aug/110

WIN2008 – Install Active Directory

Posted by Dark#Basics

Windows Server 2008 - Installing Active Directory
Active Directory is one of the core elements when using Windows Server. Active Directory provides the structure to centralize the network management and store information regarding the network resources across a domain. Domain Controllers keep al this information centralized and available to all network users.

Using the Graphical User Interface
In Windows Server 2008, just like previous server operating Systems, you can run DCPROMO to promote the server to Domain Controller and install Active Directory. Do note that Windows Server 2008 does require the server role Active Directory Domain Services. This is also installed using DCPROMO or pre-adding the role using Server Manager.

To run DCPROMO, enter Run and open DCPROMO. Alternative you can click on the DCPROMO link from Server Manager.

If AD-DS is already installed, the Active Direcotry Domain Services Installation Wizard will appear immediately or after a short while. If AD-DS isn't installed, this Active Directory Domain Services will be installed before the Active Directory Domain Services Installation wizard will appear.

Click Next on the welcome screen to start the wizard.

In the Operating System Compatibility window, read the information and click Next to continue.

Next is the Deployment Configuration window. Depending on what you are planning to do you'll need to select an option.

  • Existing forest - Add a domain controller to an existing domain - When there already is a forest and you want a backup domain controller.
  • Existing forest - Create a new domain in an existing forest (This server will become the first domain controller in the new domain). - If you want the new domain to be a child of an existing domain, select this option. For example, you could create a new domain named hq.root.local as a child domain of the domain root.local.
  • Create a new domain in a new forest - Select this option if this is the first domain in your organization or if you want the new domain the be completely independent of your current forest.

Enter a name for the new domain and click Next. Do not use single label domain names such as "mydomain" or similar. You MUST pick a full domain name such as "mydomain.local" or "mydomain.com" and so on.

Select the appropriate forest function level. Windows 2000 is selected by default, this means you can add Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. The Windows 2000 forest functional level provides all Active Directory Domain Services features that are available in Windows 2000 Server. If you have domain controllers running later versions of Windows Server, some advanced features will not be available on those domain controllers while this forest is at the Windows 2000 functional level. The Windows Server 2003 forest functional level provides all features that are available in Windows 2000 forest functional level, and the following additional Domain Controller running Windows Server 2003 and Windows Server 2008. Windows Server 2008 functional level does not provide any new features over the Windows 2003 forest functional level. However, it ensures that any new Domain Controller is running Windows Server 2008, which does provide unique features.

If no DNS server has been configured, the wizard will offer to automatically install DNS on this server. The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.

You'll get a warning telling you that the server has dynamically assigned IP address(es). Mostly because IPv4 isn't manually configured or we IPv6 did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning.

You'll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.

If necessary change the paths of the AD database, log files and SYSVOL folder. For example for large deployments use a different disk, RAID,... Carefully plan your DC configuration to get the maximum performance.

Enter the Restore Mode Administrator Password. Do not use the regular administrator's password and securely store it. With this password you'll be able to restore Active Directory when things go bad.

Review your selections and click Next. It is also possible to export the settings for future use in unattended installs.

The wizard will create the domain, when finished you'll need to press Finish and reboot the computer.

Using the Command Line Interface
DCPROMO will accept command line switches, and if provided correctly, it will use them to perform the required tasks.

Select All Code:
1
DCPROMO /unattend /replicaOrnewDomain:newDomain /replicaDomainDNSName:root.local /ConfirmGC:yes /username:root.local'administrator /Password:P@ssw0rd /safeModeAdminPassword:P@ssw0rd1

It is also possible to use an unattended or answer file. The file is a text file that provides automated user input for each page of the Active Directory Installation Wizard.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
[DCINSTALL]
UserName=administrator
UserDomain=root.local
Password=P@ssw0rd1
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=NewDomain
DatabasePath="%systemroot%'NTDS"
LogPath="%systemroot%'NTDS"
SYSVOLPath="%systemroot%'SYSVOL"
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=P@ssw0rd1
RebootOnCompletion=yes

After creating the unattended file start the DCPROMO process.

Select All Code:
1
DCPROMO /unattend:C:\
29Aug/110

CITRIX – Installing Citrix XenApp on Linux

Posted by Dark#Basics

CITRIX - Installing Citrix XenApp on Linux
Citrix XenApp (formerly Citrix WinFrame Server, Citrix MetaFrame Server and Citrix Presentation Server) is a thin client product that allows users to connect to their corporate applications. XenApp can either host applications on central servers and allow users to interact with them remotely or stream and deliver them to user devices for local execution.

Installing XenApp Package
You need to obtain the Citrix XenApp package. Citrix offers an RPM, but for the purposes of this page, I’m recommending the tarball. Thus, these instructions will be based off of the tarball offered by Citrix Xen App Server. If needed you can still obtain the Citrix XenApp tarball by going to www.citrix.com/ and selecting Downloads.

One we've downloaded the package we'll need to unpack it. Go to the location where you saved the tarball and unpack it.

Now run the installation file of the package called setupwfc in the Terminal.

When starting the installation we'll need to provide a setup option. When installing the package select 1, if you're removing the package for some reason use option 2.

The following is providing the directory location where Citrix XenApp needs to be installed. In my case I use the default settings, so I just press Enter. The package will be installed in the home folder of the current user if the current user isn't root. If the user is root the package will be installed in /usr/lib/ICAClient.

If it's a fresh installation you'll probably get the following. Press Enter to create the needed directory.

Press Y and Enter to start the installation.

Accept the License Agreement by choosing option 1.

To integrate the XenApp client with KDE and GNOME, which means adding a launcher, enter Yes.

Firefox Preferences
Now that we've installed the XenApp plugin we'll need to setup a preference in Firefox. Go to Edit, Preferences and select the Applications tab. To use ICA-files from firefox, edit the Open With from Linux ICA and change it to /home/username/ICACLient/wfica.sh or /usr/lib/ICAClient/wfica.sh.

AAA Certificate Services
It is possible that when opening the Citrix Metaframe you'll get an error regaring the AAA Certificate Services. To resolve this issue you'll need to download the AAA Certificate and install the certificate. The certificate can be found on globaltrustpoint.com. After downloading the certificate, copy it to the cert-sa folder in the ICAClient parentfolder.

www.globaltrustpoint.com/x509/x509trustcenter_list.jsp?trustcenter=Comodo+CA+Limited&authority=CN%253DAAA%2BCertificate%2BServices%252C%2BO%253DComodo%2BCA%2BLimited%252C%2BL%253DSalford%252C%2BST%253DGreater%2BManchester%252C%2BC%253DGB#10

Filed under: Uncategorized No Comments
26Aug/110

WIN2008 – Windows Updates

Posted by Dark#Basics

Windows Server 2008 - Windows Updates
To keep a pristine, up-to-date, bug free and secure server farm we'll need to update our systems. By default Windows Updates is disabled for every Server Operating System. There are four predefined modes:

2 - Notify before downloading any updates and notify again before installing them. When Windows finds updates that apply to this computer, an icon appears in the status area with a message that updates are ready to be downloaded. Clicking the icon or message provides the option to select the specific updates to download. Windows then downloads the selected updates in the background. When the download is complete, the icon appears in the status area again, with notification that the updates are ready to be installed. Clicking the icon or message provides the option to select which updates to install.

3 - (Default setting) Download the updates automatically and notify when they are ready to be installed. Windows finds updates that apply to your computer and downloads these updates in the background (the user is not notified or interrupted during this process). When the download is complete, the icon appears in the status area, with notification that the updates are ready to be installed. Clicking the icon or message provides the option to select which updates to install.

4 - Automatically download updates and install them on the schedule specified below. Specify the schedule using the options in the Group Policy Setting. If no schedule is specified, the default schedule for all installations will be everyday at 3:00 AM. If any of the updates require a restart to complete the installation, Windows will restart the computer automatically. (If a user is logged on to the computer when Windows is ready to restart, the user will be notified and given the option to delay the restart.)

5 - Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates. With this option, the local administrators will be allowed to use the Automatic Updates control panel to select a configuration option of their choice. For example they can choose their own scheduled installation time. Local administrators will not be allowed to disable Automatic Updates' configuration.

Using the Graphical User Interface
Right click on Computer and select Properties.

In the overview select Windows Update.

As you can see Windows Update is disabled. Click View advanced options to get a detailed option overview.

Select the appropriate mode and confirm using OK.

Using the Command Line Interface (Windows Server Core ONLY)
Setting Windows Updates on Server Core is done with the scregedit.wsf script and specifying the correct mode. Because Windows Explorer isn't installed on a Server Core the notification balloons aren't shown. So there are two possible modes left namely 4 and 5. But because Server Core doesn't have a Control Panel option 5 isn't available as well.

When you want to enable Automatic Updates you may select scenario 4 and restart the Windows Updates Service by typing:

Select All Code:
1
2
3
cscript scregedit.wsd /AU 4
net stop wuaeserv
net start wuaserv

SCregEdit.wsf doesn't offer you a method to specify a scheduled time to reboot the machine when updates require a reboot. By default a Windows Server 2008 Server Core installation with Automatic Updates enabled will automatically download updates and install updates at 3:00 AM and reboot if necessary. This might not be the desired behaviour.

Disabling Automatic Updates and the Windows Automatic Updates Service can be done by typing:

Select All Code:
1
2
cscript scregedit /AU 1
net stop wuauserv

It is possible however to preform an on-demand check for updates.

Select All Code:
1
wuauclt /detectnow

TIP: It is also possible to set the Automatic Updates by using Group Policies using WindowsUpdate.admx. Another way to customize the behaviour is using WSUS. Or editing the registry entries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update.

25Aug/110

WIN2008 – Installing Language Pack(s) MUI

Posted by Dark#Basics

Windows Server 2008 - Installing Language Pack(s) MUI
Working internationally we often are asked to install multiple MUI (Multi User Interfaces) or Language Packs to support different regions. Also it is quit common to install the operating system in the US-English version and then apply a language pack or MUI. For Windows Server 2008 these language packs are provided in .CAB file extension.

The language packs can be download from the Download Center from Microsoft here. Download the appropriate file for you, remember you'll need to take in account the language needed and the type of system namely x86, x64 or Itanium.

Within Windows Server 2008 it is possible to use a new command line tool which allows us to install the language packs.

Installing Language Packs using GUI
It is possible to install the language pack using the GUI of lpksetup. First we'll need to start-up an instance of lpksetup and select Install Languages.

Next we'll browse to the correct path where the language packs are located and select the Select Folder.

Indicate which language packs that we want to install. If you've selected the packs of your choice continue by pressing Next.

Read and Accept the license and press Next.

We'll get an overview of the packs that need to install. Press Install to start the installation procedure.

After the installation has completed we'll indicate that we'll change the interface language and if necessary preform the same change on the system accounts.

As you'll see, we'll need to Log Off before the changes are in effect.

De-installing or adding more language packs can be done in the same manner.

Installing Language Packs using CLI
The command line let’s you install a single or even multiple language packs at once.

Select All Code:
1
lpksetup.exe /i en-US /p C:\languagepacksfolder\

De-installation of the package can also be done with the command line interface.

Select All Code:
1
lpksetup.exe /u en-US

Note: This also applies to Windows 7 Ultimate or Enterprise. Windows 7 language packs are available for computers that are running Windows 7 Ultimate or Windows 7 Enterprise. The Windows 7 language packs can be installed only from the Optional Updates section in Windows Update. However, these language packs are not available on the Microsoft Windows Server Update Services (WSUS) server or through the Microsoft Download Center.

More Information: technet.microsoft.com/en-us/library/cc766010%28WS.10%29.aspx www.microsoft.com/download/en/details.aspx?id=22681

25Aug/110

CITRIX – SSL ERROR 82

Posted by Dark#Basics

Publishing applications over the Citrix XenApp platform is easy but what do you do when the client gets prompted with SSL Error 82 ?

"Cannot connect to the Citrix Presentation Server.
SSL Error 82: The security certificate "<TheNameOfYourCertificateAuthority>" is not suitable for use in SSL connections. Reason: Unsuitable Netscape Usage Extension field."

Easy, just install a version of the Presentation Server Client (higher than 10.0).

More Information: support.citrix.com/article/CTX113002

24Aug/110

WIN2008 – Product Activation

Posted by Dark#Basics

Windows Server 2008 - Product Activation
Microsoft Server 2008 needs to be activated before you can get the Microsoft Updates. For the activation you'll need the appropriate product code. There are two different licence methods namely MAK and KMS.

MAK or Multiple Activation Key allows a predetermined number of activations. The number depends on the type of agreement you have with Microsoft. In addition this license type requires your system to connect to a Microsoft activation server of Microsoft. After the activation no further communication with Microsoft is needed.

With KMS or Key Management Service you are able to complete activations on your local network, eliminating the need to connect to Microsoft for product activation.

Activation using the Graphical User Interface
To activate your product using the GUI, right click on Computer and select Properties.

In the overview select Change product key.

Next type in the correct product key and press Next.

If all goes well you'll and the product is successfully activated you'll be greeted with Activation Successfully. Note that also an additional add is placed in the computer overview.

Activation using the Command Line Interface
Activating the product using the CLI is quit straight forward. Step one is defining the product key and the final step is activating the product, both commands use the slmgr.vbs script.

Select All Code:
1
2
slmgr.vbs -ipk "productkeyhere"
slmgr.vbs -ato

Additional information: www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx

24Aug/110

CISCO – Static VLAN Configuration

Posted by Dark#Basics

Cisco - Static VLAN Configuration
As most of you know a VLAN or Virtual Local Area Network is a group of hosts with a common set of requirements that communicate as they are on the same broadcast domain, regardless of there location. It essentially allows machines to be grouped together even if they aren't attached on the same network switch.

VLANs are used to segment services that are normally provided by routers. VLANs address issues such as security and network management. By definition, switches do not bridge IP traffic between VLANs as it would violate the VLAN broadcast domain principle.

By using VLANs, one can control traffic patterns and react quickly to relocations. VLANs provide the flexibility to adapt to changes in network requirements and allow for simplified administration.

VLAN Memberships
There are two common approaches to assign VLAN membership namely using Static VLANs and Dynamic VLANs.

Static VLANs are also referred as post-based VLANs. As a device enters the network, the device automatically assumes the VLAN of the port. If the user changes ports and needs access to the same VLAN, the network administrator must manually make a port-to-VLAN assignment for the new connection.

Dynamic VLANs are created through the use of software. With a VLAN Management Policy Server (VMPS), an administrator can assign switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device. As a device enters the network, the device queries a database for VLAN membership.

Adding a VLAN

Select All Code:
1
2
3
4
ExampleSwitch#config t
ExampleSwitch(config)#vlan 666
ExampleSwitch(config-vlan)#name Employees
ExampleSwitch(config-vlan)#end

Static VLAN Configuration

Select All Code:
1
2
3
4
ExampleSwitch(config)#interface fa 0/1
ExampleSwitch(config-if)#switchport mode access
ExampleSwitch(config-if)#switchport access vlan 666
ExampleSwitch(config-if)#end

Managing VLANs
After configuring a VLAN, you can validate the configuration by using different show commands.

Show VLAN brief gives an overview of the defined VLANs, there status and the ports.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
ExampleSwitch#show vlan brief
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
666  Employees                        active    Fa0/1
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

Show vlan id gives an overview of the status and ports for the specified vlan id.

Select All Code:
1
2
3
4
5
6
7
8
9
ExampleSwitch#show vlan id 666
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
666  Employees                        active    Fa0/1
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
666  enet  100666     1500  -      -      -        -    -        0      0

Show vlan name gives an overview of the status and ports for the specified vlan name.

Select All Code:
1
2
3
4
5
6
7
8
9
ExampleSwitch#show vlan name Employees
 
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
666  Employees                        active    Fa0/1
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
666  enet  100666     1500  -      -      -        -    -        0      0

Show interfaces switchport gives a detailed overview of the settings for the specified interface.

Select All Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ExampleSwitch#show interfaces fa 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 666 (Employees)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Filed under: Cisco, Networking No Comments
23Aug/110

WIN2008 – Rename Computer

Posted by Dark#Basics

Windows Server - Rename Computer
By default a fresh installation of an OS has a generated computer name, in 99% of the cases you want to rename the device.

Rename a computer by using the GUI
Enter the start menu, right click on Computer and select Properties. Next select Change settings and in the following screen select the option Change. Now you're able to edit the computer name. When you're satisfied with the new name press OK until you're back on the desktop. Do note that you'll need to restart Windows Server before the changes take effect.

Renaming by using the command line interface
Renaming a device can also be done by using the CLI with netdom. Netdom does need the current name of the server, the name can be found by using the %computername% environment variable.

Select All Code:
1
netdom renamecomputer theoldname /newname thenewname

Next, reboot the machine to let the changes take effect.

Select All Code:
1
shutdown -r -t 0

TIP: You can add additional info in the computer name. For example DDV-WIN2K8-AD means the server is from the company DarkDevelopments (DD), virtualised (V), runs Windows 2008 (2K8) and is used as Primary Domain Controller for Active Directory (AD).

23Aug/110

WIN2008 – Network Interfaces: Static, DHCP & Rename

Posted by Dark#Basics

Windows Server 2008 - Network Interfaces: Static, DHCP & Rename
The best practice regarding IP's for servers is providing them with a static IP. Preferred in a different range than the clients or an IP out of the DHCP-scope, if it isn't possible to comply with one of these two I suggest you define a static IP on the server and exclude or reserve that IP in the DHCP-server for the server in question.

Using the Graphical User Interface
Defining a static IP using the GUI is pretty straight forward. First go to the Network and Sharing Center and select the Manage network connections. Finally right-click on the interface and select Properties.

Scroll down to the IPv4 and select Properties. When using a static IP select to option 'Use the following IP address' and provide the IP-address, subnet mask and Default gateway. You can also define the DNS server by selecting 'Use the following DNS server addresses' and insert one or more DNS server IP-addresses.

Enabling DHCP again for the IP address and DNS can be accomplished by selecting 'Obtain an IP address automaticly' and 'Obtain DNS server address automaticly'.

It is also possible to rename the interface by right clicking the interface and selecting Rename.

Using the CLI
The above can also be done by using the command line interface for example when running a Server Core version of Windows Server or just because you don't want to use the GUI.

First of is getting an overview of the interfaces that are available for IPv4, this can be done by running netsh interface ipv4 show interfaces. You'll get an overview of the current interfaces index, status, name, ... The second part is defining the static IP, this can be accomplished by running netsh interface ipv4 set address. The third command is setting the static DNS by running netsh interface set dns.

Select All Code:
1
2
3
netsh interface ipv4 show interfaces
netsh interface ipv4 set address name="interfacename" source=static address=IPADDRESS mask=SUBNETMASK gateway=GATEWAY
netsh interface ipv4 add dnsserver name="interfacename" address=DNSSERVER index=INDEX

Select All Code:
1
2
3
netsh interface ipv4 show interfaces
netsh interface ip set address name="interfacename" static ipaddress subnetmask gateway
netsh interface ip set dns "interfacename" static dnsserver

DHCP can be enabled for IP and DNS by using netsh as following.

Select All Code:
1
2
netsh interface ip set address "interfacename" dhcp
netsh interface ip set dns "interfacename" dhcp

It is also possible that you want to rename the interface name. This can be accomplished using the following command.

Select All Code:
1
netsh interface set interface name="interfacename" newname="newname"

22Aug/110

WIN2008 – Installation

Posted by Dark#Basics

Windows Server 2008 - Installation
Boot up from the WIN2008 DVD, if necessary change the boot order or select the correct boot device. After the files are loaded we'll need to select the language to install, time and currency format and the keyboard input. After selecting the appropriate settings click Next and Install Now.

In the next screen you will be asked to select the appropriate operating system. Depending on your needs and future plans select your version, click Next, accept the License and click Next again. To continue a clean installation select the Advanced option.

The next item is choosing the installation type, it is possible doing an upgrade using the Upgrade button. Do note that this is only available for certain versions.

Next up is the selection of the hard disk where the OS needs to be installed. If needed use the Advanced option to create, delete, format, extend,... the partition(s). After selecting the appropriate partition select Next.

Now the installation will begin the installation of the operating system. When the installation is finished the machine will be rebooted automatic.

When the operating system is booted for the first time you'll be greeted with an error message that says that the user password needs to be changed. Do note that the referred user is the local administrator! After selecting OK you'll be able to provide a new password, insert it two times and press Enter or the arrow icon.

Congratulations, the installation has finished. You have a new Windows Server 2008!