Virtually Boring

How to setup Microsoft Active Directory Certificate Services [AD CS]

March 15, 2016March 15, 2016 by Daniel

Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.

In this post I will be setting up a single AD CS server on my domain and configuring group policy to auto enroll my servers. For an enterprise environment you will deploy subordinate CA’s and shut down your root CA for security. For more information about this setup click here: PKI Design Options

Installing the AD CS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Click Next:

How to setup Microsoft Web Application Proxy

March 6, 2016 by Daniel

Microsoft Web Application Proxy [WAP] is a new service added in Windows Server 2012 R2 that allows you to access web applications from outside your network. WAP functions as a reverse proxy and an Active Directory Federation Services [AD FS] proxy to pre-authenticate user access.

vBoring Blog Series:

Requirements:

The only hard requirement of WAP is having an AD FS server. Refer to step 1 for setting that up.
WAP cannot be installed on a server that AD FS is installed on. They must be separate servers.

Installing the Web Application Proxy Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

How to setup Microsoft Active Directory Federation Services [AD FS]

August 7, 2017March 2, 2016 by Daniel

In this post I will be installing and configuring the Active Directory Federation Services [AD FS] server role. AD FS is able to provide Single-Sign-On [SSO] capabilities to multiple web application using a single Active Directory account.

vBoring Blog Series:

Install the AD FS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Click Next:

Deploy and Configure WSUS on Server 2012 R2

February 25, 2016February 23, 2016 by Daniel

Windows Server Update Service [WSUS] is a server role that serves as a repository for Microsoft product updates on your network. Instead of every computer on your network downloading updates directly from Microsoft you can deploy a WSUS server so the updates are downloaded once and distributed to your environment from the WSUS server.

In this post I will be deploying WSUS Server 2012 R2 in a domain environment, using the Windows Internal Database (WID), and using Group Policy to have my computers connect to WSUS instead of Microsoft Updates.

Single WSUS Server

VMware VCSA 6: FSCK Failed on Boot

February 22, 2016 by Daniel

This past weekend I decided to do some rewiring of my home lab and accidentally pulled the power to the host that my VCSA was running on. While booting my VCSA 6 was booting back up I received the following error:

fsck failed. Please repair manually and reboot. The root file system is currently mounted ready-only. To remount it read-write do:
bash# mount -n -o remount,rw

VMware Guest Customization – Could not parse or process the unattend answer file

February 18, 2016February 16, 2016 by Daniel

While deploying a virtual machine from template I received an error when guest customization was running: Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for components [Microsoft-Windows-Shell-Setup]. Per VMware KB 2008221 a ‘wrong product key‘ could cause this. Coincidentally I created and used a brand new Guest Customization for this deployment. Turned out I used a Server 2012 Datacenter KMS key instead of the Server 2012 R2 Datacenter KMS key (Microsoft KMS Keys). I deleted the VM and redeployed after correcting the Guest Customization thus solving the problem!

Upgrade to Veeam Availability Suite v9

February 5, 2016January 14, 2016 by Daniel

It is finally here! Veeam Availability Suite v9 is released and is ready for deployment. You can upgrade your current installation as long as you are running Backup & Replication 7.0 Patch 4 through version 8.0 (any patch level) and for Veeam ONE version 7.0 & 8.0. In this post I will be upgrading my v8 installation to v9.

What’s New:

There are many new features added in v9, check out the links below to see whats new:

Deploying Veeam Availability Suite – Veeam ONE

February 5, 2016January 11, 2016 by Daniel

Veeam Availability Suite contains a backup & replication solution (Veeam Backup & Replication) and a monitoring & reporting tool (Veeam ONE). In this post I will be deploying Veeam ONE Monitoring and configuring it to monitor my VMware vCenter environment.

Veeam ONE - Typical Deployment — Typical Deployment

Deploying Veeam Availability Suite – Backup & Replication

February 5, 2016December 27, 2015 by Daniel

Veeam Availability Suite contains a backup & replication solution (Veeam Backup & Replication) and a monitoring & reporting tool (Veeam ONE). I wanted to try out a few backup solutions in my lab environment and decided to start with Veeam due to the popularity and ease of use. In this post I will be deploying Backup & Replication and configuring a backup job.

Updating vCenter Server Appliance 6.0 to Update 1 & 1b

March 22, 2016November 30, 2015 by Daniel

VMware released vSphere 6.0 Update 1 on September 10th, 2015 and Update 1b on January 7th, 2016. In this post i’ll go through how to upgrade VCSA 6.0 to Update 1 & 1b.

In my environment I have the Platform Services Controller [PSC] embedded with the VCSA. If you deployed an external PSC separately from vCenter then this post will still work for you! The upgrade procedure is the exact same on both the vCenter and PSC just upgrade the PSC first before vCenter.

vCenter Server Appliance 6.o Update 1 Release Notes:

Customer Experience Improvement Program: The Customer Experience Improvement Program (CEIP) provides VMware with information that enables VMware to improve the VMware products and services and to fix problems. When you choose to participate in CEIP, VMware will collect technical information listed below about your use of the VMware products and services in CEIP reports on a regular basis. This information does not personally identify you. For more details, see the vSphere Documentation Center.
Feature Enhancement: Suite UI is now enabled by default for the vSphere Web Client.
Support for SSLv3: Support for SSLv3 has been disabled by default.
vCSA Authentication for Active Directory: VMware vCenter Server Virtual Appliance (vCSA) has been modified to only support AES256-CTS/AES128-CTS/RC4-HMAC encryption for Kerberos authentication between vCSA and Active Directory.
Hybrid Cloud Manager: Hybrid Cloud Manager has been updated for vSphere, and can be accessed directly from the home page of vSphere Web Client.
FT-vSAN Interoperability: vSAN and FT work together.
Appliance Management user interface: Appliance Management has a new user interface, written in HTML5.
Backup and Restore with external PSC: vCenter Server deployments with external PSC, also called MxN have support for backup and restore.
Platform Services Controller UI: The Platform Services Controller now provides UI option to view, renew and replace certificates. For more details see Explore Certificate Stores from the Platform Services Controller Web Interface
Installation and Upgrade using HTML 5 installer: The following installation and upgrade scenarios are supported for vCenter Server using HTML 5 installer:
- Installation using HTML 5 installer and target as vCenter Server is supported
- Upgrade using HTML 5 installer and target as vCenter Server is not supported
- Upgrade using command line and target as vCenter Server is supported
Resolved Issues: This release of vCenter Server 6.0 Update 1 addresses issues that have been documented in the Resolved Issues section.
Full release notes can be found here

vCenter Server Appliance 6.o Update 1b Release Notes:

ESXi 6.0 Update 1b enables support for TLS versions 1.1 and 1.2 for most of the vSphere components without breaking the previously supported compatibility/interoperability. Some of the vSphere components that still support only TLS version 1.0 are listed here:
- vSphere Client
- Virtual SAN Observer on vCenter Server Appliance (vCSA)
- Syslog on vCSA
- Auto Deploy on vCSA
- Auto Deploy/iPXE
The ESXi 6.0 Update 1b now supports all TLS versions 1.0, 1.1, and 1.2 with the exceptions listed above. See Knowledge base article 2136185 for the list of supported TLS protocols.
Support for the Advanced Encryption Standard (AES) with 128/256-bit key length is added for RPC header authentication in the NFS 4.1 Client.
Note: See resolved Security Issues section for more information.
This release of ESXi 6.0 Update 1b addresses issues that have been documented in the Resolved Issues section.
Full release notes can be found here