Re: Windows Server 2012 as host Or Debian Jessie?
It really depends on what you are most comfortable with but if it was me I wouldn't be looking to use debian just to run Xen. If you want Xen then run Xenserver, there is really no reason not to these days. It has the latest kernels and Xen version built into 6.5 and unless you want support it is free.
I have got a brand new server with 16Tb Hard drive and 64Gb RAM. I have the following two openstions:
Option One:
- Windows Server 2012 as a host and using hyperv run Windows Server 2012 and another debian webserver as a guest.
Option Two:
- Debian Jessie as host and using Xen Windows Server 2012 and another Debian webserver as a guest.
I'm familier with both side virtualizations. I already have two Windows server 2012 licenses. But i cannot decide which opetion to choose.
This topic first appeared in the Spiceworks Community
Similar Messages
-
Windows Server 2012 Virtual Machine Failure
I am running Windows Server 2012 R2 Host machine. In Hyper-V, I created a WS 2012 VM. The VM starts out OK, but after a few hours of work (configure and install SharePoint 2013), starts throwing errors (Machine had to re-boot). Eventually, the VM becomes
unstable and unable to re-boot. Last attempt threw this error in Hyper-V Event Manager:
'BISP2013' has encountered a fatal error. The guest operating system reported that it failed with the following error codes: ErrorCode0: 0x7A, ErrorCode1: 0x400207A0, ErrorCode2: 0xC0000185, ErrorCode3: 0x57BA6860, ErrorCode4: 0x40F4234. If the
problem persists, contact Product Support for the guest operating system. (Virtual machine ID 7E140D89-25B9-4D3B-835B-7BB882C629BB)
This has happened on multiple attempts occasionally ending with Error 0Xc000021a. Creating WS 2012 R2 VMs does not present this problem.
Any suggestions greatly appreciated.
MarioHi Mario,
This should not happen here .
My suggestion is to download a new server2012 ISO and reinstall .
Also please refer to following "best practice configurations for sharepoint 2013":
http://technet.microsoft.com/en-us/library/ff621103(v=office.15)
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
USB Pass-Through From Windows 8.1 Host To Windows Server 2012 R2 VM
I want to be able to connect with a Windows Mobile Device through Windows Mobile Device Center, within a Virtual Machine. When connecting through the Hyper-V Manager and through Remote Desktop, under "Other supported RemoteFX USB devices",
I can see the Symbol USB Sync Cradle. In the VM, in Device Manager, I don't see a USB connection. In the VM, I don't see any meaningful errors in the Event Viewer.
Host: Windows 8.1 Enterprise Hyper-V on a Domain. Upgraded from Windows 8.1 Pro. When this computer was originally installed with Windows 8 Pro, Hyper-V was enabled. I removed Hyper-V, and installed VMWare Player, because I wanted
USB Pass-through. I then uninstalled VMWare and installed VirtualBox. Recently, I uninstalled VirtualBox, upgraded to Windows 8.1 Enterprise, and enabled Hyper-V.
Virtual Machine OS: Windows Server 2012 R2 on a Workgroup. Started out with being a VMWare VM, using VMWare Player. Moved to VirtualBox. USB Pass-through was working in both those virtual environments. Used Disk2VHD to convert the
VM to a VHDX file.
On the Host:
Windows Mobile Device Center is connected to a Motorola Windows Mobile Device (MC959X) sitting in a Symbol USB Cradle. The OS on the scanner is Windows Embedded Handheld 6.5 Classic CE OS 5.2.29217 (Build 29217.5.3.12.26). Advanced Networking
(USB to PC) is not enabled.
Enabled RemoteFX.
In the RDP file, and in the Registry, added the GUID's for:
WPD "{eec5ad98-8080-425f-922a-dabf3de3f69a}";
Windows Mobile "{6AC27878-A6FA-4155-BA85-F98F491D4F33}";
USB Device "{88BAE032-5A81-49f0-BC3D-A4FF138216D6}";
Windows CE USB Device "{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}";
GUID_DEVINTERFACE_USB_DEVICE "{A5DCBF10-6530-11D2-901F-00C04FB951ED}"
Ran "sfc /scannow"
All Microsoft Updates are current.
What am I missing?I hope it's something like that. Those features have been installed. Here's what PowerShell shows is installed:
PS C:\Windows\system32> Get-WindowsFeature |Where {$_.Installed -eq "True"} | ft DisplayName, Installed
DisplayName
Installed
File and Storage Services
True
File and iSCSI Services
True
File Server
True
Storage Services
True
Remote Desktop Services
True
Remote Desktop Licensing
True
Remote Desktop Session Host
True
Web Server (IIS)
True
Web Server
True
Common HTTP Features
True
Default Document
True
Directory Browsing
True
HTTP Errors
True
Static Content
True
HTTP Redirection
True
Health and Diagnostics
True
HTTP Logging
True
Performance
True
Static Content Compression
True
Security
True
Request Filtering
True
Windows Authentication
True
Application Development
True
.NET Extensibility 3.5
True
.NET Extensibility 4.5
True
ASP.NET 3.5
True
ASP.NET 4.5
True
ISAPI Extensions
True
ISAPI Filters
True
Management Tools
True
IIS Management Console
True
.NET Framework 3.5 Features
True
.NET Framework 3.5 (includes .NET 2.0 and 3.0)
True
.NET Framework 4.5 Features
True
.NET Framework 4.5
True
ASP.NET 4.5
True
WCF Services
True
TCP Port Sharing
True
Ink and Handwriting Services
True
Media Foundation
True
Remote Server Administration Tools
True
Role Administration Tools
True
Remote Desktop Services Tools
True
Remote Desktop Licensing Diagnoser Tools
True
Remote Desktop Licensing Tools
True
SMB 1.0/CIFS File Sharing Support
True
User Interfaces and Infrastructure
True
Graphical Management Tools and Infrastructure
True
Desktop Experience
True
Server Graphical Shell
True
Windows PowerShell
True
Windows PowerShell 4.0
True
Windows PowerShell 2.0 Engine
True
Windows PowerShell ISE
True
WoW64 Support
True -
Using Windows Server 2012 per-User RDS CAL on Server 2008 R2 Session Host
I have a Remote Desktop Licensing Server setup on my domain controller running Windows Server 2012 R2. I have installed a
’Windows Server 2012 Remote Desktop Services per-User CAL’ there and activated the licensing server already.
Currently I use ONLY Windows Server 2008 R2 machines as RDS Session Hosts (in the future I plan to transition them to 2012 R2, hence the CAL I bought is
already in the newest version).
I have already configured my WS 2008 RDS Session Hosts: set
Per-User licensing mode and specified license server address. The connectivity between my Session Host(s) and my License Server seems to be ok as the
Remote Desktop Session Host Configuration window on the Session Host correctly lists the 2012 per-user
license (CAL installed on server) from the license server.
On the License Server I can also see event logs entries (in
Microsoft-Windows-TerminalServices-Licensing/Admin), indicating that the user has been issued a license.
The issue I am having is that the license being issued is
2008 Per User CAL license (Build-in OverUsed - temporary) and not the 2012 Per User CAL license which is the only license installed on the server. According to the RDS CAL interoperability matrix at
social.technet.microsoft.com/wiki/contents/articles/14988.rds-and-ts-cal-interoperability-matrix.aspx, I was expecting the 2012 license to be backward-compatible with 2008 client (and that
in the absence of legacy licenses, the (only) 2012 license would be used for all clients connecting to the licensing server)
Before I bought my license, I found this document:
download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/WindowsServerRDS_VLBrief.pdf
which says that - "newer version RDS CALs can be used with an older version of the server software" (In section FAQ, Q4), which means to me that
the 2012 license would work as-is for the 2008 Server and gives me flexibility when upgrading to the new server version.
How can I make this CAL work in my environment?
Note:
I have already explicitly disabled
Prevent license upgrade Group Policy setting which I assumed would fix the issue but nothing has changed.
Then I have enabled License server security group Group Polity setting
and added computers from my domain to RDS Endpoint Servers AD group. I have also created new AD group called
Terminal Server Computers and added the computer accounts there, but it changes
nothing. Reference - technet.microsoft.com/en-us/library/ee791761.aspx , technet.microsoft.com/en-us/library/cc725704.aspx and blogs.msdn.com/b/rds/archive/2009/09/17/control-the-issuance-of-rds-cals.aspx.
I found one potential ‘workaround’ which involved manually downgrading my CAL license by calling
Microsoft Clearinghouse. I am very reluctant do to so because, as I upgrade parts of my infrastructure to Server 2012, I’d need to then ask Microsoft to manually upgrade a part of my license back as well.
Am I missing something? What should I do to get my 2012 CAL to be issued to 2008 R2 serverHi, I have tried several other possibilities.
I change expire date for my temporary assigned license (2008 CAL overused). It can be done, by changing Active Directory user properties – msTSExpireDate. When I restart my Session Host server and logged again, my license was renewed
for next 60 days (event ID - 4145).
I also delete information about license for this user (clear msTSExpireDate and msTSLicenseVersion). And the license was successfully removed from License Manager. After another SH restart it gets the same – 2008 overused – license
(event ID 4143 - license server has successfully issued …)
I now, that changing info in AD attributes is a little trick, and this is not a real value - only a reference, but it was useful to delete or change expiration date of license. But it didn’t change type of license as I expected.
Reference -
http://discussions.citrix.com/topic/243320-windows-2008-licensing-questions/
To TP:
I have found your post with information:
If you have a Server 2012 RD Licensing server you may install your 2012 RDS CALs on it (no downgrade necessary) and then set your Server 2008 R2 RDSH to
use the 2012 RDL server. The 2012 RD Licensing server will automatically issue the CALs as 2008. -
https://social.technet.microsoft.com/Forums/windowsserver/en-US/6046ded1-96bf-4d79-89ce-38aac2a6694e/can-we-use-windows-server-2012-rds-cal-license-in-rds-2008-r2-server?forum=winserverTS
And it showing my situation in brief. I also found
similar problems, but the solutions don’t meet my expectations.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/dcfb1966-89a8-4b5d-bf5a-ff03ac0b7a66/rds-cal-licenses-not-recognized?forum=winserverTS
– “sudden all of the CALS were available”
https://social.technet.microsoft.com/Forums/windowsserver/en-US/f1228599-8452-4a3e-a263-061de14bfcfe/server-2012-rds-builtin-overused-cals-issue?forum=winserverTS
– “this should go away after a while”
Is there a way to determine this time you mentioned before? Or should I just wait patiently… -
Re-use Hyper V VM built in Windows Server 2008 R2 host in a new Windows Server 2012 host
Hi Forum members,
I was assigned a Windows Server 2008 R2 host machine with Hyper-V which I used to build many VM's for testing. This host machine now is going to be replaced with a new Windows Server 2012 host machine. Is it possible for me to continue
to use those VM's without any migration (e.g. is it possible to import or simply move the *.vhd + *.avhd files from the 2008 Server to 2012 Server and use them)?
Thanks and Regards,
HienThat is the official statement of 'support'
They will run, and you may need to do some custom configuration (such as using a legacy nic) but you can't call MSFT support and say your Server 2003 VM is broken on Hyper-V 2012 R2
The act of importing the configuration and linking to the VHD and snapshots will work.
The act of booting the VM and having the OS in the VM 100% happy is not automatic, but should work.
It becomes a question of where do you place the risk.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
Windows Server 2012 The licensing mode for the Remote Desktop Session Host server is not configured
Hi
I have a standard Windows Server 2012 that is hosted in the cloud by a hosting provider -
This server has been up and running fir 6 months - recently we have been getting a warning
"The licensing mode for the Remote Desktop Session Host server is not configured" - The Remote Desktop Session Host server is within its grace period, but the RD Session Host server has not been configured with any license server.
Yet, we only use this with 2 connections as part of the standard licence agreement and this server is not used as a user's desktop only an ftp and web server- do therefore we do not need to purchase any cal licences (we have another server with the same
hosting company that does not have this issue and has been up for 18months)
Please can someone advise how I resolve this issue, the hosting company states that I must resolve it as they only host and resell the server licence
Thank-you
Richard SteeleHi Richard,
You need to uninstall Remote desktop session host feature. After removing it, you will default two connections which does not need to purchase RD CALs'.
Thanks,
Umesh.S.K -
Using NIC Teaming and a virtual switch for Windows Server 2012 host networking and Hyper-V.
Using NIC Teaming and a virtual switch for Windows Server 2012 host networking!
http://www.youtube.com/watch?v=8mOuoIWzmdE
Hi thanks for reading. Now I may well have my terminology incorrect here so I will try to explain as best I can and apologies from the start.
It’s a bit of both Hyper-v and Server 2012R2.
I am setting up a lab with Server 2012 R2. I have several physical network cards that I have teamed called “HostSwitchTeam” from those I have made several Virtual Network Adaptors such as below
examples.
New-VMSwitch "MgmtSwitch" -MinimumBandwidthMode weight -NetAdaptername "HostSwitchTeam" -AllowManagement $false
Add-VMNetworkAdapter -ManagementOS -Name "Vswitch" -SwitchName "MgmtSwitch"
Add-VMNetworkAdapter -ManagementOS -Name "Cluster" -SwitchName "MgmtSwitch"
When I install Hyper-V and it comes to adding a virtual switch during installation it only shows the individual physical network cards and the
HostSwitchTeam for selection. When installed it shows the Microsoft Network Multiplexor Driver as the only option.
Is this correct or how does one use the Vswitch made above and incorporate into the Hyper-V so a weight can be put against it.
Still trying to get my head around Vswitches,VMNetworkadapters etc so somewhat confused as to the way forward at this time so I may have missed the plot altogether!
Any help would be much appreciated.
Paul
Paul EdwardsHi P.J.E,
>>I have teams so a bit confused as to the adapter bindings and if the teams need to be added or just the vEthernet Nics?.
Nic 1,2
HostVMSwitchTeam
Nic 3,4,5
HostMgmtSwitchTeam
>>The adapter Binding settings are:
HostMgmtSwitchTeam
V-Curric
Nic 3
Nic 4
Nic 5
V-Livemigration
HostVMSwitch
Nic 1
Nic 2
V-iSCSI
V-HeartBeat
Based on my understanding of the description , "HostMgmtSwitchTeam and
HostVMSwitch " are teamed NIC .
You can think of them as two physical NICs (do not use NIC 1,2,3,4,5 any more , there are just two NICs "HostMgmtSwitchTeam and
HostVMSwitch").
V-Curric,
V-Livemigration , V-iSCSI ,
V-HeartBeat are just VNICs of host (you can change their name then check if the virtual switch name will be changed )
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Windows Server 2012 R2 Session Host Server Temp Profile issue.
HI,
I successfully Deployed Windows server 2012 r2 Terminal services with High Availability.
After Rebooting Session Host Server i am facing Temp Profile issue. After i Deleted registry and rebooting server and tried to login again but same popup message you have login with temp profile.
Any suggestions or any hints would be GREATLY appreciated
/HRhow did you delete the profile?
also are you using UPD disks?
What errors are shown in the event log if any?
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn: -
Hi All,
I am using a Windows server 2012 Standard. When i leave my session idle for more than 20 min it disconnects and post more 20 minutes my session is logged off.
I know this setting can be changed from Remote desktop session host configuration in Windows server 2008 R2. But this option "Remote desktop session host configuration" is not there in Windows server 2012. Does any one have an idea where do i go
and edit these settings in the Server 2012 o/s ?
Also the Remote session shadowing option is also not available when i right click a user in the task manager. Any idea on an alternate method in Windows server 2012 ?
Gautam.75801Exactly WHERE are the W2K12 R2 equivalent GPO settings to W2K8 R2 GPO settings of "Set time limit for disconnected sessions" and "set time limit for active but idle Remote Desktop Services
sessions"? Microsoft changed the remote desktop/terminal services around.
Appreciate it.
Matt
Policy Path
Scope
Policy Setting Name
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User
End session when time limits are reached
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Machine
End session when time limits are reached
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User
Set time limit for disconnected sessions
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Machine
Set time limit for disconnected sessions
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User
Set time limit for active but idle Remote Desktop Services sessions
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Machine
Set time limit for active but idle Remote Desktop Services sessions
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
User
Set time limit for active Remote Desktop Services sessions
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Machine
Set time limit for active Remote Desktop Services sessions
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Hosting SharePoint 2013 and content separation (Windows Server 2012)
I have a windows 2012 server which hosts a ASP.NET 4.5 MVC website.
I am interested in installing SharePoint 2013 on the same standalone server (which is a virtual cloud server, and easily scalable). I would like to be able to create separate instances of sharepoint for each of my customers (around 10), and provide them
with a custom URL ie. customer.abc.com (where abc.com is my domain). These sites will be created programmatically when a user signs us to my site (they only require basic SharePoint functionality, i.e. the creation of team sites, notifications etc.)
So:
1) Can I install SharePoint 2013 at no extra cost on windows server 2012? (what are the limitations)
2) Is it possible to create separate instances of sharepoint 2013 (in terms of config and content DB's)
3) I'm sure there are many but what are some other considerations1) With SharePoint Foundation, SharePoint itself does not cost anything, but you must purchase User CALs for employees of your company, and User CALs for non-employees or a Windows External Connector license.
2) No, you need to use multi-tenancy instead - http://www.harbar.net/articles/sp2010mt1.aspx
Note that you must have Active Directory in this environment and the Server 2012 VM you currently have must be joined to the Active Directory domain.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Failed to install windows server 2012 in virtual machine hosted in window 8.1
I installed Hyper-V in windows 8.1, then when I tried to install windows server 2012 R2 or windows server 2008 R2 in virtual machine, I got the following error:
the following is my virtual machine setting:
is there anyone an help to resolve it? thank you very much.Hi,
Good to hear that you have solved this issue. Thanks for sharing as it would be helpful to anyone who encounters similar issues.
Best regards,
Susie -
Learning Windows server 2012 R2 & 2012 core
Hi,
How do i configure a fast and standard solution with 1domain (Windows
Server 2012 R2) and 1subdomain(Windows Server 2012 Core) implemented with a webserver and security for dns?
ThxHi
Maybe this can help,
Nslookup test:
cmd => nslookup => set type=mx => host.net.
Organizational unit:.be
Active directory users and computers openen => rmb op domeinnaam => new => organtizational unit aanmaken => Protection uitvinken
Computer Manueel toevoegen aan domein:
1)DNS veranderen naar 192.168.1.1 van het domein zelf
2)Add-Computer -domainname host -cred administrator@host -passthru -verbose
GPO voor chrome installeren:
1)Group policy management => in OU PC's => new policy aanmaken
2)rmb policy en klik edit
3)onder computer => software => new package => pad ingeven waar je msi bestand hebt gezet van chrome => \\S1\netlogon\msi\chrome.msi
4)client heropstarten en aanmelden met domeingebruiker => powershell => Restart-Computer
5)mapje waar MSI in zit => security => domain controller (user) toevoegen met volledig beheer
GPO voor browser block chrome:
3)block listed urls..
4)op client gpupdate
Failed login events:
1)Group policy instellen op OU Servers: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ ==> Failed logins aanzetten
2)gpupdate /force
1)powershell
2)get-windowsfeature => install-windowsfeature SMTP-Server
3)Internet information services => S1 => Domain RMB => properties => Acces tab => Relay => Add => Group computers => IP: 192.168.1.1 subnet 255.255.255.0 => Ok => ok
3b)Eens afmelden en aanmelden met fout wachtwoord zodat er een log geschreven wordt met audit failure in de security log van event viewer
4)Eventviewer security log => op failed audit log RMB => attach => Geef andere naam => next => next start program => program: powershell.exe =>
open the propery dialog aanvinken
5)Run wheter user is logged in or not aanvinken => tabke conditions: start the task only if AC power afvinken! => ok => paswoord administrator ingeven
6)powershell: get-executionpolicy => resultaat moet remotesigned zijn => view tabke => script pane aanzetten =>
Script geven: $smtpServer = ìsmtp2.school.beî
$msg = New-Object Net.Mail.MailMessage
$smtp = New-Object Net.Mail.SmtpClient($smtpServer)
$msg.From = ì[email protected]î
$msg.ReplyTo = [email protected]î
$msg.To.Add([email protected]î)
$msg.subject = ìhacking attempt?î
$msg.body = ìlogin/pwd failure on S1.î
$smtp.Send($msg)
7)Script opslaan in mapje op C schijf => powershell cd naar mapje met script => ls commandoTo configure the time source for the forest
8)Task scheduler openen => naar event viewer tasks => login => rmb properties => actions => powershell.exe edit => add arguments: -command "C:\Script\login.ps1" => ok => password admin ingeven
9)Testen
*Op welke manier kan je je MX records controleren met NSLOOKUP
cmd => nslookup => set type=mx => host.net.
*Commando powershell om Client toe te voegen aan het domein:
Add-Computer -domainname host -cred administrator@host -passthru -verbose
Best practice analyzer:
1)Server manager => klik op dns en op ADDS => Scroll naar onder tot bij BPA => Task start scan => bekijk resultaten:
Vraagje: Welke suggesties zou je kunnen oplossen:
DNS server should have scavenging enabled
De PDC emulator master moet geconfigureerd worden
1)To configure a domain controller in the parent domain as a reliable time source
*W32tm /config /reliable:yes /update
2)To configure the time source for the forest
*w32tm /config /computer:s1.host.net /manualpeerlist:ntp.belnet.be /syncfromflags:manual /update
Tijd moet gelijk zijn van S1 en S2!!
Corefig opstarten in powershell:
1)cd C:\corefig
2)execution policy aanpassen: Set-ExecutionPolicy bypass
3).\corefig.ps1
4)naam veranderen in corefig
Commando om S2 toe te voegen aan het domein in de OU servers:
1)DNS instellen
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.1
2)Toevoegen aan OU servers
Add-Computer -domainname sdhost -cred administrator@host -OUPath "OU=Servers,OU=OU,DC=Host,DC=net"
Herstarten
OPPASSEN HIERMEE ALS S2 ZELF DC MOET WORDEN!
Voorzie je server van de DNS-rol via windows powershell:
1)Import-Module Servermanager
2)Get-WindowsFeature
2)Add-WindowsFeature "DNS" -restart
Remoteaccess:
S1 remote access geven voor administrators bij active directory
view => advanced features enablen
=> Remote management users => HOST\Administrator toevoegen met full rechten
=> Remote Desktop users => HOST\Administrator toevoegen met full rechten
Bekijk welke firewall regel op dit moment Remote Management nog blokkeert en laat
die communicatie toe:
1)Op S2 in powershell: Configure-SMRemoting.exe -enable
2)op S1 => Server manager => manage => add servers => S2 ingeven => ok
3)Active directory installeren op s2 via add roles (via S1)
4)S2 promoveren to domain controller
5)credentials van s1 gebruiken => naam subdomain 'premium'
6)DSRM passwoord: P0wnerken
7)PREMIUM
DNS instellen van s2 zelf
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.2
C2)DNS server instellen op S2 : 192.168.1.2
Toevoegen aan domein premium.host.net => inloggen met admin account van s2 domein
herstarten van C2
Maak†van†deze†tweede†server†nu†een†domeincontroller†voor†het†nieuwe†domein
ìpremiumî.†Daar†zijn†twee†werkwijzen†voor.†Zoek†deze†methodes†op†en†noteer†deze
summier†hieronder:
- Werken met DCPROMO.exe
- Werken met GUI vanop S1
Je†mag†zelf†kiezen†welke†methode†je†toepast.†Noteer†hier†wel†de†commandoís†die†je
toepast:
Werken met GUI: new existing domain to current forest => naam PREMIUM
Netwerkkaarten toevoegen:
VCLOUD => Niet customizen!!!
Firewall disablen S2:
netsh firewall set opmode disable
Op S1 => chrome => ip in url : https://192.168.1.150:446 => proceed => logingegevens:
naam: openfiler
pass: password
Services => CIFS / NFS => Enable => Start
manage volumes => 1GB volume => start cyl = 1, end cyl = 128 => ongeveer 1GB
Add volume group => NFS als naam en 1GB volume toevoegen => Add volume => naar onder scrollen:
Naam: NFS
Bestandssysteem: EXT4 kiezen
*Add new physical volume 10GB: MINSTENS 35 CYLINDERS TUSSENLATEN!!!!
Start cyl = 164, end cyl = 1469, is ongeveer 10GB
Volume groups => Nieuwe aanmaken met SMB als naam => Add volume => volume selecteren en toevoegen => naar uw smb volume group gaan
=> SMB volume kiezen => naam: SMB => MAX Geheugen => EXT4 bestandssysteem
1)Clocksettings zetten via ntp server: ntp.belnet.be (Moet gelijk zijn met domaincontroller waarin je hem toevoegd)
2)DNS zetten van S2
Hostname: of
Primary DNS: 192.168.1.2
Secondary DNS: 192.168.1.1
Gateway: 192.168.1.254
3)Accounts:
Expert view!
*Use windows domain controller and authentication aanvinken
Security Mode: Active directory
Domain / workgroup: PREMIUM
Domain controllers: s2.premium.VAhost.net
ADS realm: PREMIUM.HOST.NET
Join domain: aanvinken
Administrator username: Administrator
Administrator password: Azerty123
*Naar onder scrollen tot kerberos 5: Aanvinken
Realm: premium.host.net
KDC: s2.premium.host.net
Admin server: s2.premium.VAhost.net
Share aanmaken:
1)Shares => klikken op SMB / NFS => Nieuwe subfolder aanmaken: SMBshare / NFSshare
2)subfolder klikken => maak share => bij rechten naar beneden scrollen => Domain admins: PG & RW, Domain users: RO
3)Update
Systeem beveiliging:
1)system => Network access configuration => Nieuw netwerk toevoegen
Name: Sharenetwork
Network/host: 192.168.1.0
Netmask: 255.255.255.0
Type: Share
2)Update
Protocol aanzetten:
Shares => subfolder smbshared => Volledig vanonder scrollen => SMB/CIFS protocol op rw zetten
Connect to share met:
root
Azerty123
Connect Z-schijf met SMB share:
1)RMB op SMB share
2)Map network drive
3)Pad SMB share intypen
4)connecten met share account of finish 1)Private storage en manueel ip adres ingeven
Beveiliging backup:
1)Active directory van S1
2)OP s1 zelf volledig nieuwe OU: "TEMP Accounts" aanmaken => accidentally delete afzetten!!
3)2USers aanmaken die lid zijn van de groep ("member of") Guest
4)Op S1 => C schijf => nieuwe map map aanmaken en delen
5)Op advanced sharing van gedeelde map => Guest 1 Full control => Everyone alleen read rechten
6)Testen op client of je op Guest1 tekstbestand kan aanmaken en via Guest2 op die share map niet.
7)Als het werkt Guest1 verwijderen en bekijk sharing permissions op Guest1 map
*Wat stel je vast bij verwijderen Guest1 via active directory:
De guest account wordt vervangen door een ander account met een lange naam
die full control heeft over de map
8)Guest1 terug opnieuw aanmaken, wat stel je vast?
Guest1 heeft geen rechten meer over de map en de aangemaakte account blijft staan
Recycle BIN:
1)Open Active directory administrative center
2)Klik op uw domein links
3)Rechts => enable Recycle Bin
4)Verwijder Guest1 op AD
5)Guest1 komt te staan bij deleted users/objects op Recycle Bin
6)Mogelijkheid om te restoren
7)Delete OU Temp accounts => Lukt niet onmiddellijk => Omdat er nog objecten in zitten
*Zoek op welke technieken je kan toepassen om een backup te nemen van je Active Directory. Bekijk uiteraard ook welke 2 manieren
er zijn om een backup van je AD terug te plaatsen (Authoritative en non-authoritative):
-13.1.1 Authoritative Restore
Dit proces herstelt de AD na bc een wijziging die ongedaan gemaakt moet worden.
AD wordt hersteld vanaf de backup, de backup overschrijft dan alle andere DC's met eventuele nieuwere informatie.
-13.1.2 Non-Authoritative Restore
Terugzetten van gegevens van de backup. Nadien ontvangt de DC updates van andere DC's die gemaakt zijn sinds de backup.
Backup S1:
Eerst probleem openfiler oplossen:
1)openfiler opstarten vanuit vmcloud
2)cd /etc/samba
3)vim smb.conf (toevoegen: strict allocate = yes) => eerst i voor insert => opt einde escape => :wq voor opslaan
4)/etc/init.d/smb restart
Backup zelf
1)Install windows backup in server manager => add roles => features
2)Open windows backup
3)Action => backup once
4)Different options => Custom kiezen => System State backuppen
5)Remote disk kiezen
6)pad share: \\of\smb.smb.SMBshare
7)Als backup mislukt, de aangemaakte files door de backup manueel verwijderen en backup terug opnieuw proberen
!!!Als openfiler ineens verdwijnd van domein, moet je de tijd nakijken van beiden systemen (moeten gelijk zijn met max 5min verschil)
Restore backup (authoritatief ingesteld)
http://technet.microsoft.com/ru-ru/library/cc816878(v=ws.10).aspx
1)Herstart de domeincontroller in Directory Services Restore Mode Remotely
=> run => Msconfig.msc => stapkes staan in url: http://technet.microsoft.com/ru-ru/library/cc794729(v=ws.10).aspx
2)Restore uw ADDS van je backup a.d.h.v. een non-authoritatieve restore.
Dit zorgt ervoor dat de domeincontroller terug in de staat komt waarop de objecten die verwijderd zijn
er terug bijstaan.
http://technet.microsoft.com/ru-ru/library/cc794755(v=ws.10).aspx
in cmd:
=>wbadmin get versions -backuptarget:\\of\smb.smb.SMBshare
=>wbadmin start systemstaterecovery -version:12/03/2013-12:37 -backuptarget:\\of\smb.smb.SMBshare -quiet
3)Markeer objecten als authoritatief zodat ze niet worden overschreven bij het restoren door synchronisatiefouten
tussen de verschillende domeinen.
http://technet.microsoft.com/ru-ru/library/cc816813(v=ws.10).aspx <== hieraan beginnen
=> open run => ntdsutil
=> activate instance ntds => enter
=> authoritative restore => enter
=> restore subtree "OU=Stagiairs,DC=Host,DC=net" => enter
=> quit => enter
=> Start terug op met de domaincontroller in normale modus dus dsrm opstartmode uitschakelen: Safe boot uitvinken
Nakijken of beide OU's Stagiairs en Guests er nog staan
(In dit geval is OU guests wel verwijderd doordat we maar 1 DC hebben dus de informatie
wordt niet gesynchroniseerd met een 2de DC)
- Debian Machine toevoegen:
Netwerkgegevens: NIC0 / Private management network / static - manual / IP = 192.168.1.3
Als Machine aangemaakt is, nieuwe netwerkkaart toevoegen:
NIC1 / Private storage network / static - manual / IP = 172.16.0.13
op Debian machine:
1)su - => enter => pass: Azerty123 => enter
2)commando: pico /etc/network/interfaces
Voeg volgende lijntjes toe aan het bestand
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254
iface eth1 inet static
address 172.16.0.13
netmask 255.255.255.0
CTRL + O (opslaan) => CTRL + X (afsluiten)
3)pico /etc/resolv.conf
veranderd de bestaande lijntjes naar deze:
domain host.net
search host.net
nameserver 192.168.1.1
4)ifdown / ifup van eth0/eth1
IPV6 instellen:
Zelf gekozen ULA subnet:
fdac:1fff:b0b0 (tot dit gedeelte mag random gegenereerd worden vanaf 'fd')
Subnet 1: fdac:1fff:b0b0:4bd0:: /64
Subnet 2: fdac:1fff:b0b0:4bd1:: /64
/sbin/ip
Remote settings toewijzen voor domain users aan clients (en eventueel toevoegen aan domein als dit nog niet gebeurt is)
IPV6 instellen via Netwerkinstellingen (Default gateway openlaten)
NIC0 NIC1
S1: fdac:1fff:b0b0:4bd0::1 /64 fdac:1fff:b0b0:4bd1::11 /64
dns: ::1 dns: fdac:1fff:b0b0:4bd1::11
S2: fdac:1fff:b0b0:4bd0::2 /64 fdac:1fff:b0b0:4bd1::12 /64
(dns: ::1) (dns: fdac:1fff:b0b0:4bd1::12)
Openfiler: fdac:1fff:b0b0:4bd0::150 /64 fdac:1fff:b0b0:4bd1::1 /64
S3: fdac:1fff:b0b0:4bd0::3 /64 fdac:1fff:b0b0:4bd1::13 /64
C1: fdac:1fff:b0b0:4bd0::101 /64
dns: S1
C2: fdac:1fff:b0b0:4bd0::102 /64
dns: S2
Voor windows server core:
*powershell
netsh interface ipv6 add address "Ethernet" fdac:1fff:b0b0:4bd0::2
netsh interface ipv6 add address "Ethernet 2" fdac:1fff:b0b0:4bd1::12
Voor linux: (zowel openfiler als debian)
VOOR DEBIAN 7 (alleen ifup commando gebruiken niet ifdown):
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::3/64 dev eth0 (voor debian)
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::13/64 dev eth1 (voor debian)
of statisch in /etc/network/interfaces:
iface eth0 inet6 static
address fdac:1fff:b0b0:4bd0::3
netmask 64
iface eth1 inet6 static
address fdac:1fff:b0b0:4bd1::13
netmask 64
pico /etc/resolv.conf => lijntjes toevoegen
=> domain host.net
=> search host.net
=> nameserver 192.168.1.1
=> nameserver fdac:1fff:b0b0:4bd0::1
VOOR OPENFILER eth0: vim /etc/sysconfig/network-scripts/ifcfg-eth0
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd0::150/64
VOOR OPENFILER eth1: vim /etc/sysconfig/network-scripts/ifcfg-eth1
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd1::1/64
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::150/64 dev eth0 (voor openfiler)
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::1/64 dev eth1 (voor openfiler)
Risico's gedeelde application pool:
-1 proces per application pool (=>zwaar proces dat veel resources nodig heeft)
(als dit proces vastloopt alle websites geimpacteerd)
-gebruikers kunnen in principe aan elkaars bestanden
1)IIS installeren op S2 via server manager op S1
2)Role services in setup, volledig vanonder => management service aanvinken (dit staat remote management toe)
3)Op S1 Web server zoeken en enkel van IIS de management console installeren zodat IIS van S2 beheerbaar is
4)Powershell op S2:
Invoke-command -ScriptBlock{Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1}
Invoke-command -ScriptBlock {Set-Service -name WMSVC -StartupType Automatic}
Invoke-command -ScriptBlock {Start-service WMSVC}
In IIS manager op S1 => Add connection => S2.premium.sdhost.net => account: administrator van S2
In IIS Manager => Sites => new Website, 2 website aanmaken
-'klant1.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant1 => hostname = Klant1.host.net
-'klant2.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant2 => hostname = Klant2.host.net
In DNS A-record toevoegen:
-hostname: www
-IP: 192.168.1.2
Voor toegang via IPv6 ook een AAAA-record toevoegen:
-hostname: www
-IP: fdac:1fff:b0b0:4bd0::2
Voor elke site ook een een CNAME-record aanmaken:
-Alias name: klant1, FQDN: www.host.net
-Alias name: klant2, FQDN: www.host.net
In deze standaardopstelling schuilen enkele risicoís. Geef twee risicoís die de huidige
configuratie (gedeelde application pool) met zich mee kan brengen:
- Als je een website hebt die zwaar CPU belastend is (zoals foto's herschalen) heeft dit ook effect op je andere websites
- Omdat je websites binnen dezelfde apppool zitten hebben ze eenzelfde identiteit en kun je geen aparte permissies opzetten.
GROUP MANAGEMENT SERVICE ACCOUNT:
New-ADServiceAccount IISPool1 -DNSHostName s1.amhost.net -PrincipalsAllowedToRetrieveManagedPassword Administrator -KerberosEncryptionType RC4, AES128, AES256
Install-ADServiceAccount IISPool1
Maybe you can do this tutorial to, it is a tuto for learning DFS & DNSSEC..
Wat betekent de optie “dnssecok”
-> Deze optie stelt de dnssecOK bit in voor deze query
-> Dit verteld de server that de client dnssec verstaat en dat deze server hiervan gebruik kan maken met deze client
Krijg je een bevestiging dat dit een secure antwoord is? (RRSIG)
-> Neen want de zone is nog niet gesigneerd
Controleer of de client C1 ingesteld is om secure responses af te dwingen bij zijn DNS
caching server: get-dnsclientnrptpolicy. Resultaat?
-> Het resultaat is niks, vermoedelijk omdat er geen instellingen zijn hiervoor
Probeer opnieuw een request op C1 voor S1 met ResolveDNSName. Is het signeren
van de zone voldoende om secure antwoorden te krijgen op de client?
-> Er komt opnieuw geen RSIG record dus dit is niet voldoende
Om secure DNS responses op de client voor het domein securezone.lab af te dwingen
wordt in het domein Host.net een GPO ingesteld. (nieuwe GPO voor hele domein).
zoek op en stel deze GPO in voor responses van securezone.lab.
-> default domain policy -> Edit => -> Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
"In the details pane, under Create Rules and To which part of the namespace does this rule apply, choose Suffix from the drop-down list and type sec.contoso.com next to Suffix."
"On the DNSSEC tab, select the Enable DNSSEC in this rule checkbox and then under Validation select the Require DNS clients to check that name and address data has been validated by the DNS server checkbox."
"In the bottom right corner, click Create and then verify that a rule for sec.contoso.com was added under Name Resolution Policy Table."
=> GPupdate /force uitvoeren
=> Dan kan de policy bekeken worden
Je zorgt er uiteraard ook voor dat deze policy toegepast werd op de client (C1) en controleer dit opnieuw met get-dnsclientnrptpolicy.
=> GPupdate /force
=> get-dnsclientnrptpolicy => levert hetzelfde resultaat als op de server
Opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Wat krijg je als antwoord te zien? Wat is de oorzaak?
(Distribueer) Kopieer de trust achor data van de secure.lab zone op S2 naar S1 en importeer die op de DNS van S1 als trusted anchor. (keysetsecurezone.lab)
http://technet.microsoft.com/en-us/library/hh831411.aspx
opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Krijg je nu een (beveiligd antwoord)?
->Ik krijg nu een beveiligd antwoord van de DNS server gesigneerd door securezone.lab met geldigheidstermijn
p23 Distributed File System
Installeer op beide server de “file services role”.
-> Add roles and features
-> File services
-> DFS
Maak een namespace aan (DOCUMENTATION) in je domein hOst.net. Stel de sharepermissions zo in dat de groep ‘auteurs’ schrijfrechten heeft. gewone gebruikers
mogen enkel leesrechten hebben.
-> DFS manager
-> Namespaces => Add namespace
maak een folder aan in de namespace DOCUMENTATION met als naam PDF
-> Add folder
maak een tweede target aan voor de PDF folder
-> Add target to folder
stel replicatie in tussen de twee folder targets. De inhoud wordt vanaf nu dus gesynct.
-> Automatisch bij 2de target volg de wizard
Welke andere stappen zijn nodig om een volledig redundant DFS systeem op te zetten?
-> De folder moeten via DFS geschared staan
-> De replicatie moet ingesteld worden
maak een diagnostisch raport aan over hoe replicatie gebeurt, en corrigeer eventue vastgestelde problemen.
-> Rechtermuisknop op de replication object
-> Create diagnostic report
-> kies de reports
stel quota’s in. In de map PDF maak je een subfolder CATALOGS aan, maar zorg dat die niet groter dan 10MB kan worden. Stel hiervoor een harde limiet in.
-> install FSRM bij file services
-> klik quotas => add quota => kies het bestand
-> nieuwe quota => 10mb hard aanvinken
-> save
http://technet.microsoft.com/en-us/library/cc875787(v=ws.10).aspx
omdat we willen vermijden dat de volledige bandbreedte ingenomen wordt door DFS,beperken we de replication speed tot 2MBps.
-> Klik op de replication -> rechterkolom kies vor edit replication group
-> Stel de 2MBps in -
ASA and RADUIS on Windows server 2012
hi i have ASA5505 i want to get the Authentication from Raduis Server using NPS on windows Server 2012 i test the Raduis Server over "Kerio Control VMware Virtual Appliance" its work Perfect for testing my Setting on Raduis but with the ASA5505 i get this message "Error authentication rejected aaa failure"
Running Config
: Saved
ASA Version 9.1(3)
hostname NazcoFW
domain-name default.domain.invalid
enable password XgEKS9WizHnI9IUJ encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XgEKS9WizHnI9IUJ encrypted
names
interface Ethernet0/0
switchport access vlan 22
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 12
interface Ethernet0/3
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 32
shutdown
interface Vlan1
nameif NAZCO
security-level 100
ddns update hostname OSI
dhcp client update dns server both
ip address 172.16.200.1 255.255.255.0
interface Vlan12
nameif outside4
security-level 0
ip address 172.16.4.254 255.255.255.0
interface Vlan22
nameif Outside20
security-level 0
ip address 172.16.20.254 255.255.255.0
boot system disk0:/asa913-k8.bin
ftp mode passive
dns domain-lookup NAZCO
dns server-group DefaultDNS
name-server 10.1.1.1
name-server 10.1.2.1
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network HP5220
host 10.10.10.105
object network ak20
host 10.10.10.110
object network hp5520
host 192.168.2.105
object network HP7000
host 192.168.2.106
object network HP5520
host 192.168.2.105
object network ak04
host 10.10.10.110
object network HP400
host 192.168.2.107
object network out04
range 192.168.2.200 192.168.2.220
object network AK04
host 10.10.10.110
object network oooo
subnet 10.10.10.0 255.255.255.0
object network 444
host 10.10.10.110
object network OSITOINT
subnet 10.10.10.0 255.255.255.0
object-group network OSItoOUT04
network-object object out04
access-list outside20_access_in extended permit icmp any4 any4
pager lines 24
logging enable
logging asdm-buffer-size 512
logging trap informational
logging asdm informational
logging host NAZCO 10.10.10.10 17/6161
logging debug-trace
logging permit-hostdown
mtu NAZCO 1500
mtu Outside20 1500
mtu outside4 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-721.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (NAZCO,outside4) source dynamic any interface dns
nat (NAZCO,Outside20) source dynamic any interface dns
route Outside20 0.0.0.0 0.0.0.0 172.16.20.1 1
route outside4 0.0.0.0 0.0.0.0 172.16.4.1 11
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 NAZCO
snmp-server host NAZCO 10.10.10.196 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity fru-insert
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
telnet timeout 5
ssh scopy enable
ssh 172.16.200.0 255.255.255.0 NAZCO
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access NAZCO
dhcp-client update dns server both
dhcpd dns
dhcpd update dns both
dhcpd address 172.16.200.20-172.16.200.89 NAZCO
dhcpd dns 172.16.20.1 172.16.4.1 interface NAZCO
dhcpd lease 1048575 interface NAZCO
dhcpd update dns both interface NAZCO
dhcpd enable NAZCO
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
username admin password bZmVDHuxUzzxS3yz encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
class class-default
user-statistics accounting
service-policy global_policy global
prompt hostname context
service call-home
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:357b7c6f861e8aa9bb3a3674a789b39b
: end
asdm image disk0:/asdm-721.bin
no asdm history enableHi
Looks like the AAA configuration is set for local
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
Change it to Radius
aaa-server Keefa-Raduis protocol radius
aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
key *****
radius-common-pw *****
for example :
aaa authentication telnet console Keefa-Raduis LOCAL
Now when you will do telnet to using Radius credentials, Its Should work, If radius goes down you can use LOCAL username and password as fallback method.
Cheers!
Minakshi(Do rate the helpful post) -
How to install Windows Server 2012 as a Virtual Machine on Window 7 64 bit machine
Hi All,
I need to install virtual Window Server 2012 on Window 7 machine(8gb ram,64 bit machine).
Please give me the list of required softwares to install. If possible the please give download link as well.
Thanks
mitSince you're on Windows 7 I'd probably go for using VirtualBox
https://www.virtualbox.org/ to host the virtual machine.
Downloading 2012 depends what you're after really, if you've got TechNet / MSDN then you can download it from there, otherwise you'd need to have a licenced copy. You can download 180 day evaluation versions from the Microsoft website here :
2012 - http://technet.microsoft.com/en-gb/evalcenter/hh670538.aspx
2012 R2 -
http://technet.microsoft.com/en-gb/evalcenter/dn205286.aspx -
We have a problem with one of our deployments of Windows Server 2012 Hyper-V with a 2 node cluster connected to a iSCSI SAN.
Our setup:
Hosts - Both run Windows Server 2012 Standard and are clustered.
HP ProLiant G7, 24 GB RAM, 2 teamed NIC dedicated to Virtual Machines and Management, 2 teamed NIC dedicated to iSCSI storage. - This is the primary host and normaly all VMs run on this host.
HP ProLiant G5, 20 GB RAM, 1 NIC dedicated to Virtual Machines and Management, 2 teamed NIC dedicated to iSCSI storage. - This is the secondary host that and is intended to be used in case of failure of the primary host.
We have no antivirus on the hosts and the scheduled ShadowCopy (previous version of files) is switched of.
iSCSI SAN:
QNAP NAS TS-869 Pro, 8 INTEL SSDSA2CW160G3 160 GB i a RAID 5 with a Host Spare. 2 Teamed NIC.
Switch:
DLINK DGS-1210-16 - Both the network cards of the Hosts that are dedicated to the Storage and the Storage itself are connected to the same switch and nothing else is connected to this switch.
Virtual Machines:
3 Windows Server 2012 Standard - 1 DC, 1 FileServer, 1 Application Server.
1 Windows Server 2008 Standard Exchange Server.
All VMs are using dynamic disks (as recommended by Microsoft).
Updates
We have applied the most resent updates to the Hosts, WMs and iSCSI SAN about 3 weeks ago with no change in our problem and we continually update the setup.
Normal operation
Normally this setup works just fine and we see no real difference in speed in startup, file copy and processing speed in LoB applications of this setup compared to a single host with 2 10000 RPM Disks. Normal network speed is 10-200 Mbit, but occasionally
we see speeds up to 400 Mbit/s of combined read/write for instance during file repair
Our Problem
Our problem is that for some reason all of the VMs stops responding or responds very slowly and you can for instance not send CTRL-ALT-DEL to a VM in the Hyper-V console, or for instance start task manager when already logged in.
Symptoms (i.e. this happens, or does not happen, at the same time)
I we look at resource monitor on the host then we see that there is often an extensive read from a VHDX of one of the VMs (40-60 Mbyte/s) and a combined write speed to many files in \HarddiskVolume5\System Volume Information\{<someguid and no file extension>}.
See iamge below.
The combined network speed to the iSCSI SAN is about 500-600 Mbit/s.
When this happens it is usually during and after a VSS ShadowCopy backup, but has also happens during hours where no backup should be running (i.e. during daytime when the backup has finished hours ago according to the log files). There is however
not that extensive writes to the backup file that is created on an external hard drive and this does not seem to happen during all backups (we have manually checked a few times, but it is hard to say since this error does not seem leave any traces in event
viewer).
We cannot find any indication that the VMs themself detect any problem and we see no increase of errors (for example storage related errors) in the eventlog inside the VMs.
The QNAP uses about 50% processing Power on all cores.
We see no dropped packets on the switch.
(I have split the image to save horizontal space).
Unable to recreate the problem / find definitive trigger
We have not succeeded in recreating the problem manually by, for instance, running chkdsk or defrag in VM and Hosts, copy and remove large files to VMs, running CPU and Disk intensive operations inside a VM (for instance scan and repair a database file).
Questions
Why does all VMs stop responding and why is there such intensive Read/Writes to the iSCSI SAN?
Could it be anything in our setup that cannot handle all the read/write requests? For instance the iSCSI SAN, the hosts, etc?
What can we do about this? Should we use MultiPath IO instead of NIC teaming to the SAN, limit bandwith to the SAN, etc?Hi,
> All VMs are using dynamic disks (as recommended by Microsoft).
If this is a testing environment, it’s okay, but if this a production environment, it’s not recommended. Fixed VHDs are recommended for production instead of dynamically expanding or differencing VHDs.
Hyper-V: Dynamic virtual hard disks are not recommended for virtual machines that run server workloads in a production environment
http://technet.microsoft.com/en-us/library/ee941151(v=WS.10).aspx
> This is the primary host and normaly all VMs run on this host.
According to your posting, we know that you have Cluster Shared Volumes in the Hyper-V cluster, but why not distribute your VMs into two Hyper-V hosts.
Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster
http://technet.microsoft.com/en-us/library/jj612868.aspx
> 2 teamed NIC dedicated to iSCSI storage.
Use Microsoft MultiPath IO (MPIO) to manage multiple paths to iSCSI storage. Microsoft does not support teaming on network adapters that are used to connect to iSCSI-based storage devices. (At least it’s not supported until Windows Server 2008 R2. Although
Windows Server 2012 has built-in network teaming feature, I don’t article which declare that Windows Server 2012 network teaming support iSCSI connection)
Understanding Requirements for Failover Clusters
http://technet.microsoft.com/en-us/library/cc771404.aspx
> I have seen using MPIO suggests using different subnets, is this a requirement for using MPIO
> or is this just a way to make sure that you do not run out of IP adressess?
What I found is: if it is possible, isolate the iSCSI and data networks that reside on the same switch infrastructure through the use of VLANs and separate subnets. Redundant network paths from the server to the storage system via MPIO will maximize availability
and performance. Of course you can set these two NICs in separate subnets, but I don’t think it is necessary.
> Why should it be better to not have dedicated wireing for iSCSI and Management?
It is recommended that the iSCSI SAN network be separated (logically or physically) from the data network workloads. This ‘best practice’ network configuration optimizes performance and reliability.
Check that and modify cluster configuration, monitor it and give us feedback for further troubleshooting.
For more information please refer to following MS articles:
Volume Shadow Copy Service
http://technet.microsoft.com/en-us/library/ee923636(WS.10).aspx
Support for Multipath I/O (MPIO)
http://technet.microsoft.com/en-us/library/cc770294.aspx
Deployments and Tests in an iSCSI SAN
http://technet.microsoft.com/en-US/library/bb649502(v=SQL.90).aspx
Hope this helps!
TechNet Subscriber Support
If you are
TechNet Subscription user and have any feedback on our support quality, please send your feedback
here.
Lawrence
TechNet Community Support
Maybe you are looking for
-
Major features of Liquify Filter in CS6 are not working properly.
The Liquify filter in PS 13.0 x64 does not work correctly. The Forward Warp, Magnify and Hand tools work okay, but the rest of them procuce the same strange effect of a jumbled combination of swirl and black on white dot patterns. ending with a circ
-
HT4890 How do I see what photos are in Icloud?
How do i see what photos are in icloud? I have duplicate photos appearing in my photo library and in another folder underneath the photo library on my Iphone5. This is killing my free space and i cant delete them from the phone because I dont have t
-
Default varient for a particular report
hi guys, First of all wish you all a prosperous, healthy and productive 2007. Can anybody help me to a set a varient as a default for a particular report. For example, I create a new varient ztest for a KSB1 report. Each time when go to the trascati
-
IOS 5.1.1 Rename..Keypad not retracting.
I recently updated to iOS 5.1.1 and found a glitch.. itz when you open a folder on the homescreen...and then when you edit the name of the folder the keypad comes up...however ,,,it does not retract back again unless -Lock/unlocked- Apple....Please c
-
InvocationTargetException acting odd
If I invoke a java.lang.reflect.Method and that method throws InvocationTargetException then surely the first stack frame of ite.getCause() should be the method that I invoked, except that's not happening! In fact the frames returned seem to be nothi