Windows 2008 R2 Certificate Servers

Similar Messages

• Problems with RH 8 and Windows 2008 64-bit servers with IIS7?

  I have been informed that my company's servers are being upgraded to Windows 2008 64-bit servers with IIS7, from Windows 2003 & IIS6. Probably will be online in April 2011.
  I have a project created using WebHelp, RoboHelp HTML v5. I have RoboHelp HTML v8 (haven't had a chance to use it yet). We are currently using IE7 on XP. Does anyone have any info on issues with RoboHelp v8 WebHelp projects running on Windows 2008 64-bit servers & IIS7 that I need to be concerned about? I thought I should convert the project developed using RH 5 to and RH 8 project, then FTP it to the new server when it becomes available.
  Any helpful info would be much appreciated.
  Thanks,
  Alden

  Acrobat 8 is not certified for Win7, particularly the x64 version. If you got the installation to go, the first step is to update AA8 to at least AA8.2. The x64 with XP required at least AA8.2 and I suspect that has not changed. I would suggest updating to the latest, either from the help menu (until no more updates are available) or by downloading the updates from the adobe.com>downloads page. For the latter, download ALL updates after your current version and install them in ORDER. They are not cummulative in most cases. You only need to reboot after the final update. The updates may get you going. If not, you may simply have to upgrade to AA9 or search for what others have been able to do in your situation.

• 802.1x PEAP Windows 2008 NPS Certificate

  I've setup a centrally switched SSID on a 5508 WLC utilising 802.1x PEAP authentication to a pair of Windows 2008 NPS which authenticate the PEAP username and password to our Active Directory domain.
  Currently the Windows 2008 NPS servers are utilsing a server certificate issued from our internal Certificate Authority with the certificate being presented to the device upon connection depending upon which server the WLC sends the authentication too. The servers names on the internally issued certificate are in the form of:
  Server01.domain.local
  Server02.domain.local
  Due to these certificates being internally issued certificates when some devices specifically Apple iPad and iPhones connect to the SSID initally they are prompted to accept the certificate but it is listed as not verified as its issued by an internal domain CA and not an external root certificate authority.
  I am going to be obtaining an external root CA issued certificate for both servers to replace the internally issued certifcates however I notice using the internal certificate if I connect a device to the SSID and accept the certificate of server with certificate name server01.domain.local and then if disable the ability for clients to connect to server01 the WLC will automatically forward the authentication connection to the next server on the list however as this server is presenting a different certificate "server02.domain.local" devices which are conducting certificate validation will fail to connect as the certificate does not match the previously accept certificate.
  Does anyone know a way around this?
  Will adding say server02.domain.local as an additional name to the certificate for server01.domain.local resolve this issue?

  Hi,
  Please confirm the Win7 clients has renew the certificate and deleted the old certificate. And confirm you are not using the default server certificate template.
  More information:
  Renew a Certificate
  http://technet.microsoft.com/en-us/library/cc730605.aspx
  NPS Server Certificate: Configure the Template and Autoenrollment
  http://msdn.microsoft.com/en-us/library/cc754198.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Best Practice - IPv6 Turn Off? Windows 2008 (and R2) Servers

  Hi,
  I work for a large organization.  We have close to 10,000 servers globally.  A question has come up if we should disable IPv6 on our Windows 2008 servers.  Our network is not yet capable of using IPv6.
  It seems like you have to go out of your way to disable IPv6; therefore, I would assume that it is best to leave IPv6 turned on.
  Does anyone have any thoughts about this.  It would be most helpful to have links to pros/cons - best practice.
  Thank you.

  No, do not disable IPv6. There is no reason to do so unless you have a very specific application issue which is highly unlikely (although there are a few documented ones out there).
  http://blogs.technet.com/b/ipv6/archive/2007/11/08/disabling-ipv6-doesn-t-help.aspx
  http://blogs.technet.com/b/jlosey/archive/2011/02/02/why-you-should-leave-ipv6-alone.aspx
  Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys
  Whoever marked this as an "answer" obviously doesn't remember that bad-old-days of "Everything's on by default! It just works!!" and the billions of dollars in lost productivity that ensued from the hundreds (thousands?) of exploits that followed this
  painfully short-sighted decision. You'd think Microsoft would have learned their lesson from the "IIS is on by default!" debacle, but that doesn't seem to be the case.
  Best practices for system administration say "turn off the services and protocols you don't use." As such,
  IPv6 should ALWAYS be disabled on servers and business workstations if you're not currently using it, just like any other protocol or service you haven't implemented or aren't using. Not using FTP? Don't install or enable
  an FTP server. Not using IPv6? Why would you have IPv6 enabled? Just because IPv6 is the newest, shiniest thing on the block doesn't mean you have to use, and it definitely shouldn't require you to start hacking about in the registry to turn it off.
  The only exception to this rule would be laptops or mobile devices where the user might (conceivably) take them into an IPv6 environment. Even then, though, you have to balance the "convenience" of not having to switch-on IPv6 against the risk that
  your unconfigured IPv6 stack might be exploitable by nefarious patries. Even so, the fact that almost nobody has switched their internal networks to IPv6 means that turning it off on laptops is still probably a "good idea." 
  For example, my laptop wireless interface might make sense to leave IPv6 enabled--I don't have any idea when I'll walk into an environment that uses IPv6 and want to use my wireless. But in the office when I'm hard-connected? We don't use IPv6 so it needs
  to be "off." Even if it's just a bit of code in the Windows firewall that can be used to say "just reject IPv6 traffic on x interface" is still a big improvement. An absolute home-run would be the addition of logic that allows Windows to dynamically disable
  IPv6 when there aren't any NICs or WNICs that are allowed to use it.
  Finally, none of this should be construed to mean I'm advising against implementing IPv6, because I'm not. However, like any major technology project you should plan carefully, making sure you understand ALL of the consequences (not just the marketing hype,)
  and making sure you'll be able to administer the changed environment as well as your administer the current one. You definitely should not let a vendor (of all things) force the decision to use it upon you because it's "on by default."

• No Sound on virtual Windows 2008 R2 terminal servers

  Hello. I have a hyper-v server with 3 terminal servers (in fact there are two hyper-v with a totall of 6 terminal servers).
  Hyper-V server is W2K8R2 and so are the terminal servers.
  Users connect to the terminal servers using RDP and are unable to play sounds locally on their thin and fat clients.
  I installed Desktop Experience and offcourse done the steps below.
  Win2008
  Start -> Run -> services.msc
  Change the Windows Audio service from 'Disabled' to 'Automatic' - and start it.  
  Lauch the Remote Desktop Session Host Configuration utility by going to START -> RUN/SEARCH -> and typing entering the following command: tsconfig.msc <ENTER>
  On the right-hand pane, double click on 'RDP-TCP'
  Select the 'Client Settings' tab
  Clear/Uncheck the Audio and video playback check box
  Log off the system and launch your RDP client.
  Before you connect to the system, click the Options button/arrow to expand the RDP session options.
  Click the ‘Local Resources Tab’ and under ‘Remote audio’ click the ‘Settings’ button.
  On the window that pops-up, under ‘Remote audio playback’ click ‘Play on this computer’ and click OK.
  Connect to the virtual machine and you now have sound!
  (quick test, you can use START -> RUN -> c:\windows\media\tada.wav  (it may prompt you to configure Media Player for first usage).
  After this, the users are still unable to play audio in their terminal session.
  They have boxes or headphones connected to their devices and are able to play audio local on their fat clients. (Windows pc's)
  Does anyone has more idea's?

  Hi Brinkman79,
  Please ensure that the "Audio service" is running , if it is not enabled please refer to following steps :
  To start the Windows Audio service
  1.On the RD Session Host server, open the Services snap-in. To open the Services snap-in, click Start, point to Administrative Tools, and then click Services.
  2.If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
  3.In the Services pane, right-click Windows Audio, and then click Properties.
  4.On the General tab, in the Startup type box, select Automatic, and then click Apply.
  5.Under Service status, click Start.
  6.Click OK to close the Windows Audio Properties dialog box.
  7.Confirm that the Status column for the Windows Audio service displays Started.
  http://technet.microsoft.com/en-us/library/dd759165.aspx
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 2008 r2 server - chkdsk loop - An unspecified error occurred (696e647863686b2e dee)

  Hi,
  One of our main windows 2008 r2 file servers (HP Proliant ML350 G6) seems to have a dirty d: drive.
  After every reboot, chkdsk runs on drive "d:" and stops with an unspecified error
  (696e647863686b2e dee) when checking indexes. After the error it continues to boot and start normally into windows. The d: drive looks ok, but when I run chkdsk in windows the chkdsk runs and stops at the same point without
  warning or anything else. The gui stops and exits, period. No message nothing.
  When I check the d: drive with "fsutil dirty query d:", the disk is marked as "dirty" ....
  The HP advanced Proliant diagnostic tools did not show any problems with the hardisks, I'm running latest HP drivers and firmwares on the server. Last but not least I don't have any special warnings/errors etc in the event viewer.
  Here is the output of chkdsk f.ex. in safe mode I did a few hours ago, the output/error is always identical:
  C:\>chkdsk d: /R /F /X
  The type of the file system is NTFS.
  Volume label is DATA.
  CHKDSK is verifying files (stage 1 of 5)...
    184832 file records processed.
  File verification completed.
    15624 large file records processed.
    0 bad file records processed.
    0 EA records processed.
    5 reparse records processed.
  CHKDSK is verifying indexes (stage 2 of 5)...
  10 percent complete. (182686 of 212928 index entries processed)
  An unspecified error occurred (696e647863686b2e dee).
  As of now, I have disabled the boot-time check on drive d: (with "chkntfs d: /x"), but I would prefer to restore it when the problem is fixed.
  I tried a lot of chkdsk and safe mode combinations, nothing helped. I don't have any clues ... so your help is really welcome.
  Thanks a lot!
  KInd regards,
  Didier

  Hi,
  There are multiple cause for the issue such as an improper shutdown sequence, or a more serious hardware problem that can indicate a failing drive.
  On NTFS volumes, the dirty bit is typically set only if the file system has detected potential corruption. In this case, an event is logged in the System event log. Please check the System event log for more information.
  Please refer to this kb article for more and detail information:
  http://support.microsoft.com/kb/322275/en-us
  Meanwhile, I am not sure if this is a harddisk issue, so i would suggest you could ask for the HP support.
  Thanks for your understanding.
  Regards.
  If you have any feedback on our support, please click
  here
  Vivian Wang

• Windows 2008 R2 SP1 Windows update not applicable

  HELP!!! We have 3 Windows 2008 R2 servers that were updated with SP1 back in March. Last month we noticed on our Retina audit that the three servers were missing several Windows critical patches that were released after SP1 was applied. WSUS did not report
  any missing patches for those three servers. When we tried to manually apply those missing patches we get the error message "This update is not applicable to your computer". After some troubleshooting we found that KB976932 (Service Pact 1) is not listed in
  installed updates. However, system property shows Windows 2008 R2 SP1 Enterprise Edition. We are certain that SP1 did NOT come pre-installed. Microsoft Baseline Security Analyzer detected no missing patches. Microsoft System Readiness Tool CBA logs show no
  errors. Ran SFC /SCANNOW and found no error also. Force install of the patches with command switch /wuforce, did not work we still get the same message patch not applicable. We compared our servers that are fully patched running Windows 2008 R2 SP1 against
  the three unpatched servers and found several dll and sys file's version to be different. Those dll and sys files are also the files that would have been updated by the critical patches. The only thing different between the fully patched Windows 2008 R2 SP1
  servers and the unpatch are the unpatch have no public internet access. We confirmed patches that were required prior to SP1 push are installed: KB2454826 KB2534366 KB2533552 KB976902 Confirmed: Partition with Windows 2008 R2 SP1 installed is set to "ACTIVE"
  Windows Event Collector service is started Windows Modules Installer is started Uninstalling SP1 is not possible because the KB976932 is not listed and verified "not hidden" in installed updates list. Rebuilding the three servers are the very last option,
  since they are critical. Other than the missing patches.... the servers are running great, we have no reported issues with the three servers. Attempt to reinstall SP1 failed after reboot, error 0X800F0826. If anyone has experience this problem and know of
  a solution please help.

  Hi,
  I would like to confirm that what updates are not applicable for your three Windows Server 2008 R2 SP1 servers?
  Based on the current situation, please run the System Update Readiness Tool as Meinolf Weber mentioned and check the CheckSUR.persist.log for the corrupted
  files. After that, please refer to the following Microsoft TechNet article for how to repair them.
  Advanced guidelines for diagnosing and fixing servicing corruption
  http://technet.microsoft.com/en-us/library/ee619779(WS.10).aspx
  Regards,
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Event ID 1202 0x534 on Windows 2008 R2 member server

  I'm getting the following error on two of my Windows 2008 R2 member servers, but not on my domain controllers. I've followed the instructions and found the account that is causing this issue. It's a local account in "logon as a service", but when
  I run MMC.exe to remove the account it's not there. How can I resolve this?
  Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done. Advanced help for this problem is available
  on http://support.microsoft.com. Query for "troubleshooting 1202 events". Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly
  caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: 1. Identify accounts that could not be resolved
  to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log The string following "Cannot find" in the FIND output identifies the problem account names. Example: Cannot find JohnDough. In this case,
  the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 2. Use RSoP to identify the specific User Rights, Restricted Groups,
  and Source GPOs that contain the problem accounts: a. Start -> Run -> RSoP.msc b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security
  Settings\Local Policies\Restricted Groups for any errors flagged with a red X. c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO".
  Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. 3. Remove unresolved accounts from Group Policy a. Start -> Run -> MMC.EXE b. From the File menu select "Add/Remove Snap-in..." c. From
  the "Add/Remove Snap-in" dialog box select "Add..." d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add" e. In the "Select Group Policy Object" dialog box click the
  "Browse" button. f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in
  step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.

  Good evening,
  The issue here is that there is a group policy pushing to that machine that is setting either user rights or restricted groups and it's trying to place a user account that no longer exist in Active Directory.
  To resolve this, you need to find the GPO that is applying to your machine and remove the account that is shown in SID format.
  If you have the permissions, you can run RSoP.msc to identify what GPOs are being applied.  If you drill down in your results to "Computer Settings->Windows Settings->Security Settings->Restricted Groups" You'll most likely find the issue there.
  -If you have found my posts to be helpful, or the answer, please mark this appropriately.  Thank you.
  Chris Ream

• 11g r2 Slow performance in windows 2008 R2

  Hi,
  I have installed 2Node RAC on windows 2008 R2 (IBM servers) with IBM SAN storage, everything went well and oracle is working fine but with performance issue.
  its Standard edition and we are using ASM for database storage.
  The problem is with performance, as i know installation take cares of all basic configuration to begin with, or do i need to perform some postinstallation in windows, this is my first installation on windows.
  We are facing performance issue here.
  what exactly i mean is, if i do a logical import on my laptop it finishes in 10 mins but the same import takes more than 20 mins on server. This server will be used for production use in few days, so please i need some help.
  Is there a way to monitor SAN usage in windows not the storage util provided by IBM.
  Thanks,
  Ajay Kumar

  AEzzy wrote:
  Hi Ajay
  Till now you didn't provide any information about how you trace this problem.
  I'll suggest if you take a snapshot before the import then one after you finish the import. after that get an ASH and AWR reports for these two snapshots.
  On the other hand is the two nodes private network on a physical isolated netwrok? or so they share the public network switches?
  Regards
  AminHi,
  I was doing couple of test, the problem is related to interconnect or RAC, if i shutdown one server then all process are fast including impdp. i tried this from both the servers by bringing down the alternative server.
  Initially we had used cross-cable for interconnect, but now we are using a100MBps dedicated switch, just for testing, once this works then we will upgrade the switch to 1GBps or create VLAN in existing.
  But even after having a dedicated 100MBps switch only for interconnect, same problem exists. i have taken Trace during the impdp process.
  trace from dm00 file
  Elapsed times include waiting on following events:
  Event waited on Times Max. Wait Total Waited
  ---------------------------------------- Waited ---------- ------------
  wait for unread message on broadcast channel
  1359 1.01 1056.87
  ges message buffer allocation 511 0.00 0.00
  library cache lock 20 0.00 0.00
  library cache pin 22 0.00 0.00
  rdbms ipc reply 19 0.00 0.00
  enq: PS - contention 181 0.00 0.07
  PX Deq: reap credit 3010 0.00 0.02
  PX Deq: Join ACK 270 0.00 0.39
  PX Deq: Parse Reply 271 2.52 7.16
  PX Deq: Execute Reply 181 0.00 0.03
  reliable message 552 0.12 0.33
  PX Deq: Signal ACK RSG 270 0.01 0.15
  asynch descriptor resize 44 0.00 0.00
  PX Deq: Signal ACK EXT 120 0.04 0.05
  IPC send completion sync 135 0.00 0.00
  PX Deq: Slave Session Stats 270 0.00 0.30
  row cache lock 35 0.00 0.00
  db file sequential read 1 0.51 0.51
  latch: ges resource hash list 3 0.00 0.00
  latch: shared pool 2 0.00 0.00
  90 user SQL statements in session.
  2022 internal SQL statements in session.
  2112 SQL statements in session.
  Trace file: slrhprod1_dm00_5208.trc
  Trace file compatibility: 10.01.00
  Sort options: default
  1 session in tracefile.
  90 user SQL statements in trace file.
  2022 internal SQL statements in trace file.
  2112 SQL statements in trace file.
  45 unique SQL statements in trace file.
  28261 lines in trace file.
  4218 elapsed seconds in trace file.
  Thanks,
  Ajay

• SharePoint 2013 Server OS upgrade from Windows 2008 R2 to Windows 2012 R2

  Is it possible to have SharePoint 2013 farm to have mixed version of OS (Windows 2008 R2 and Windows 2012 R2). 
  We have a request to upgrade our farm servers from WIN 2008 R2 to Win 2012 R2. We have 5 servers in farm - 
  2 App servers - running with Central Admin, Service Applications, User Profile
  3 Web Front End Servers- running web application, search and workflow manager
  the database layer is separate on sql 2012 R2
  We want to upgrade OS from windows 2008 R2 to windows 2012 R2 and SQL to SQL 2014. 
  What will be right approach to do OS upgrade in above scenario to minimize the impact of downtime.
  May be add windows 2012 based servers in farm one by one and replace the windows 2008 R2 based servers from server.
  Regards,
  Kunal Abrol

  Its possible, but I wouldn't recommend it.  The problem is that you can only install SharePoint 20103 on Windows Server 2012 r2 using the slipstreamed SP1 version.  I assume that you used the regular version to install on you Server 2008 r2 versions.
   Even if you upgrade those servers to SP1 there are some minor differences in the builds between slipstreamed SP1 and upgraded SP1.  So although it will work it isn't recommended.
  Also, you should be aware the upgrade of inplace SharePoint servers running Windows 2008 r2 to Windows 2012 r2 is not supported.  
  To upgrade to server 2012 you'll need to add 2012 servers to your environment using the slipstreamed version os SharePoint and then remove the old server 2008 r2 servers as soon as possible.  For the period of the upgrade you should be able to get away
  with running the farm in a mixed state.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Windows 2008 R2 not registering logon events to 2003 RDP sessions

  Hi,
  I have few windows 2008 R2 terminal servers which I use to RDP into other 2008/2003 servers.
  The audit policy for logon/logoff event for success of failure is setup for all servers via group policy.
  I've noticed when I log on to any 2003 server from 2008 terminal server there is no logon/log off event generated on the 2008 server.  There is related events on 2003 servers. This does not happen when I log on to 2008 servers from 2008 server.
  there is a related event created on both side.
  Any idea why there is no even created for 2008 to 2003 rdp sessions?
  Thanks in advance

  when pre-authentication is used, events are registered on both ends: client, when pre-authentication occurs and server, when client is completely authenticated on the server.
  > on the 2008 terminal server when RDP into 2003 from 2008,
  you should see, because starting with Windows Server 2008, RDP client always performs pre-authentication.
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Check out new:
  PowerShell FCIV tool.

• Unable to install SCCM client on Windows Server 2008 R2 - certificate permission error?

  I am trying to comply with corporate policy, which is, have an SCCM agent or client on every Windows device. I have successfully used the provided SCCM installer on other Windows 2008 R2 servers. However for one particular server I cannot get the SCCM agent
  to install successfully. I've searched forums and documentation, but can't find a solution. Part of the problem is the lack of feedback by SCCM on what is wrong. I think I have narrowed down the symptom to the following error messages from the "C:\Windows\CCM\Logs\ClientIDManagerStartup.log":
  [LOG[Certificate [Thumbprint C559304C1598F17641D0732EB9EB787169A25FA7] issued to 'SMS' doesn't have private key or caller doesn't have access to private key.
  [LOG[Failed in GetCertificate(...): 0x87d00281]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="ccmcert.cpp:2122">
  [LOG[CCMCreateAuthHeaders failed (0x8009200b).]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="clientauthutil.cpp:978">
  When I use the Certificates MMC snap in to look at installed certs on this Windows Server 2008 R2 machine, there are plenty of normal and expected certificates there. There is also a branch called SMS with hundreds of entries, I have no idea what that is.
  The above error seems to indicate a permissions issue. What do I do to fix this SCCM install? It seems like a server cert issue, not an SCCM issue, so I'm posting to the Windows Server forums.
  Thanks in advance.
  Thanks

  this maybe helpful...
  http://www.jamesbannanit.com/2011/04/certificate-requirements-for-sccm-2012/
  should be asked in SCCM forum...
  http://social.technet.microsoft.com/Forums/en-US/home?forum=configmanagerdeployment
  Best,
  Howtodo

• Update Windows Root Certificates in Windows 2008 R2 Disconnected Environment using WSUS

  Hi all, I need to update the root certs on all my WIndows 2008 R2 servers. They have no internet connectvity. I am aware of the issue described by
  KB931125 but I am not affected by it. My issue is that I would like the 2008R2 servers to update the roots certs form my WSUS servers. Is this possible?

  I would suggest that you identify the few individual root certificates that you need, and import them individually to those servers where they are needed.
  It is NOT possible to update root certificates from a WSUS server, except in the case of workstations that are being configured to install KB931125.
  Do NOT install KB931125 to a server operating system.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Installing SSL certificate Windows Server 2012R2 RDSH servers

  Hello,
  I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de
  Remote Desktop Session Host servers (farm).
  We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers
  i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)
  The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.
  Below the screenshot of the deployment settings.
  Can someone point me in the right direction for installing the certificate on the RDSH servers?

  Hi,
  Thank you for posting in Windows Server Forum.
  Basic requirements for Remote Desktop certificates:
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  Please follow beneath article for details.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Issue with VPN configuration in Windows 2008 r2 and 2012 Servers.

  Hello ,
  I hope you can help me to fix this issue, it's been 5 days since I a, trying to configure VPN in your 2008 and 2012 Servers. On both platform  (2008 and 2012) I am getting same error while configuring VPN (after role installation). 
  "Unable to load C:\Windows\System32\iprtrmgr.dll". So, I have removed IPv 6 entry from the registry and now able to start server (not sure what configuration it took automatically).  I tried to disable "Routing
  and Remote Access" service and got the same error while enabling "Routing and Remote Access" is running but VPN is still not functioning properly). 
  I am getting following error,
  ================================================
  Errors under the Event viewer (Remote access)
  1) --->>    CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user 10.0.0.1\chetan connected from 10.0.0.1 but failed an authentication attempt due to the following reason: The remote connection was denied because the user name and password
  combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
  2) ----->>   CoId={DF744409-02D7-4FF4-AD24-504F0C83E1AB}: The user connected to port VPN3-127 has been disconnected because the authentication process did not complete within the required amount of time.
  Errors under the Event viewer (Remote access)
  3) ---->>  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  ================================================
  I am using (MS-CHAP v2) + EAP (Authentication Method).  Please let me know if you need any additional information. 
  Thank you,

  I Guess this thread is not related to SQL Server .User is facing issue because of network or may be due to OS.I guess I will move this into windows forum.
  Moderators please move to Network forum
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers