Search results for 'app:weblogs' matching tags 'Security', 'windows server', 'General', and 'Hyper-V'

Exchange 2010 Service Pack 2 available

TBittner — Mon, 05 Dec 2011 06:00:00 GMT

You can download it from here

http://www.microsoft.com/download/en/details.aspx?id=28190

Exchange 2010 SP2 is a complete installation software pack, so for new Exchange installations, you can use it to start with from scratch.

Also when you use it for updating your current installations, be aware that you need Schema- and/or Organisaiton Administrator rights, because it contains a Schema update for your Active Directory.

And this Schema update needs to be execute in the domain where the Schema Master Role exist. So run setup /prepareAD not in the domain where you operate your Exchange Servers, it will not work. You need to go to the root domain, if there is the Schema Master or you have to move the Schema Master on to a domain controller in the domain where you operate your Exchange environment.

And remember that you should wait for replication across your AD after you’ve performed the Exchange 2010 SP2 Schema update.

During you’re waiting for replication, you can use the time to install the ‘IIS 6 WMI Compatibility’ feature. It is mandatory for your following Exchange 2010 SP2 installation, because of the new ‘Outlook Mini’ feature, which requires this feature on your CAS server roles.

Schedule

5 minutes for /prepareAD
15 minutes for replication (more if you have higher replication times set on your site links)
5 minutes for feature prerequisits
30 minutes for finishing SP2 setup per system

so you should be through with it within a hour for your first system and schedule 30 minutes for every following systems …

Reboot after SP2 installation should not be necessary.

And think about to disable Anti Virus Scanning on the box you’re going to perform Exchange 2010 SP2 Setup for upgrade.

Read the prerequisits before starting your installation

http://technet.microsoft.com/en-us/library/bb691354.aspx

Exchange for Hosters

TBittner — Tue, 30 Aug 2011 05:00:00 GMT

As you know, this feature was removed from the current version of Exchange. There are some features back with Exchange 2010 SP1 back not as we had it in the past with legacy versions.

Now with Exchange 2010 SP2 we will get back functionality on a standard On-Premise Exchange environment.

Read

http://blogs.technet.com/b/hameroff/archive/2011/08/08/so-you-want-to-host-exchange.aspx

and

http://blogs.technet.com/b/exchange/archive/2011/08/30/exchange-server-2010-sp2-and-support-for-hosting-exchange.aspx

Architecting a Microsoft Private Cloud

TBittner — Thu, 14 Jul 2011 05:00:00 GMT

There are many definitions for cloud computing, but one of the more concise and widely recognized definitions comes from the National Institute of Standards and Technology (NIST). NIST defines five essential characteristics, three service models and four deployment models.

Microsoft Services has designed, built and implemented a Private Cloud/IaaS solution using Windows Server, Hyper-V and System Center. Their goal throughout articles over a four-part series will be to show how to integrate and deploy each of the component products as a solution while providing the essential cloud attributes such as elasticity, resource pooling and self-service.

Start here with the first article and follow next articles to come.

NetApp Storage Systems in Microsoft Systems Environment

TBittner — Tue, 03 May 2011 05:00:00 GMT

NetApp published a new article and guide how their storage environment and solutions work in Windows Systems architectures and infrastructures.

The article gives you a lot valued information about how it works with Domain Controllers in Active Directory in many aspects, for example, it describes how NetApp storage server discovery and redirecting DC/KDC/LDAP services.

The document describes how NetApp storage systems work seamlessly in the Microsoft Windows environment and how they enable administrator to effortlessly manage data by making use of standard Microsoft services and features such as Active Directory, IntelliMirror, Volume Shadow Copy, Access-Based Enumeration, Offline File Caching, Auditing, Distributed File System (DFS), File Screening, and CIFS Virus Protection.

TR-3367 - NetApp Storage Systems in a Microsoft Windows Environment

Update for Hyper-V BPA available

TBittner — Fri, 25 Feb 2011 06:00:00 GMT

There is now an update for Hyper-V BPA available which fixes a few issues and handles the new Dynamic Memory and RemoteFX features under Service Pack 1.

This update is for Windows Server 2008 R2 with and without SP1.

http://support.microsoft.com/kb/2485986

Secure Access to your Cloud Services

TBittner — Tue, 22 Feb 2011 06:00:00 GMT

Moving to the Cloud is going on and so we will have more and more On-Premise and Cloud environments living site by site.

Securing access to Cloud Services will be more relevant for the future.

A great article on this topic has been published by Yuri Diogenes, Senior Security Support Escalation Engineer on Microsoft Forefront Team.

http://technet.microsoft.com/en-us/magazine/gg607680.aspx

Configure the Forefront TMG 2010 to allow DPM 2010 communication

TBittner — Wed, 20 Oct 2010 05:00:00 GMT

The DPM agent uses various ports and protocols to connect with the DPM server. The Forefront TMG needs to be configured to allow the DPM server to communicate through those ports. The complete list of ports that are used by DPM are documented at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=118620).

Use the following procedures to configure the Forefront TMG to work with DPM:

Define protocols for DPM in Forefront TMG
Add a computer rule for the DPM server
Create an access rule for DPM traffic
Configure registry settings on the Security Server and the DPM server

To define protocols for DPM in Forefront TMG

Open the Forefront Threat Management Gateway console.
In the console tree, expand the node for TMG Server, and then click Firewall Policy.

In the right pane, click Toolbox, expand Protocols, click New, and then click Protocol.

The New Protocol Definition Wizard appears, and you can define a new DPM Agent Coordinator protocol (TCP, outbound, port range 5718) as follows:

In the New Protocol Definition Wizard, type DPM Agent Coordinator, and then click Next.
On the Primary Connection Information page, click New.
In the New/Edit Protocol Connection dialog box, choose a Protocol type of TCP, a Direction of Outbound, and a Port Range (both From and To) of 5718. Click OK.
Click Next twice, and then click Finish to close the New Protocol Definition Wizard.

In the right pane, click New, and then click Protocol.

The New Protocol Definition Wizard appears, and you can define a new DPM Protection Agent protocol (TCP, outbound, port range 5719).
In the right pane, click New, and then click Protocol.

In the New Protocol Definition Wizard, define a new DPM Dynamic Ports protocol (TCP, outbound, port range 50000-50050).

Note

You need approximately 50 ports in the unreserved dynamic port range between 49152 and 65535. For more information about this range, see the Internet Assigned Numbers Authority Web Site (http://go.microsoft.com/fwlink?LinkId=22654).
1. In the New Protocol Definition Wizard, type DPM RPC, and then click Next.
2. On the Select Server page, click Add interfaces manually.
3. On the Adding Interfaces to the Protocol Definition page, click Add.
4. In the Add/Edit Interfaces dialog box, under Interface UUID type {12345778-1234-abcd-ef00-0123456789ac}. Under Interface Name, type RPC for DPM, click OK, and then click Next.
5. Click Finish to close the New RPC Definition Wizard.
In the top pane, click Apply to save changes and update the configuration.

To add a computer rule element for the DPM server

In the right pane of the Forefront TMG console, click Toolbox, expand Network Objects, click New, and then click Computer.
In the New Computer Rule Element dialog box, type a Name for the DPM server, and then under Computer IP Address, type the server’s IP address. Click OK.
In the top pane, click Apply to save changes and update the configuration.

To create an access rule for DPM traffic

In the right pane of the Forefront TMG console, click Tasks, and then under Firewall Policy Tasks, click Create Access Rule.
The New Access Rule Wizard appears. Type a name for the access rule (such as Allow DPM Traffic), and then click Next.
On the Rule Action page, click Allow, and then click Next.
On the Protocols page, under This rule applies to, choose Selected protocols, and then click Add.
- DPM Agent Coordinator
- DPM Dynamic Ports
- DPM Protection Agent
- NetBIOS Datagram
- NetBIOS Name Service
- NetBIOS Session
- Ping
- RPC (all interfaces)
- DPM RPC
On the Access Rule Sources page, click Add.
- Expand the Networks node, click Local Host, and then click Add.
- Expand the Computers node, click the name of your DPM server, and then click Add.
On the Access Rule Destinations page, click Add.
- Expand the Networks node, click Local Host, and then click Add.
- Expand the Computers node, click the name of your DPM server, and then click Add.
On the User Sets page, accept the default (All Users). Click Next, and then click Finish.
Under All Firewall Policy, right-click the DPM access rule, and then click Properties.
In the Properties dialog box, click Protocols, click RPC (all interfaces), click Filtering, and then click Configure RPC protocol.
In the Configure RPC protocol policy dialog box, clear the Enforce strict RPC compliance check box. Then click OK twice.
Under All Firewall Policy, if the DPM access rule is not the first listed, right-click the DPM access rule, and then click Move Up. Repeat until the rule is the first listed.
In the top pane, click Apply to save your changes and update the configuration.

Warning

Use the following procedure to modify registry settings on TMG and the DPM server. Modify the registry with care. Serious system-wide problems might occur if you modify the registry incorrectly. To correct such problems, you may need to reinstall the operating system software on these servers.

To configure registry settings on the TMG and the DPM server

Log on to the server as domain administrator.
Click Start, click Run, type regedit, and then click OK.
In the left pane of Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc.
Right-click the Rpc node, click New, and then click Key. Type Internet as the name of the key.
Configure the following values for the Internet key:

Ports REG_MULTI_SZ 50000-50050

PortsInternetAvailable REG_SZ Y

UseInternetPorts REG_SZ Y
To apply the registry settings, close Registry Editor and then restart the server.

Running, Filtering and Saving Scans in Best Practise Analyzer

TBittner — Sat, 25 Sep 2010 05:00:00 GMT

Who knows the Best Practise Analyzer for Exchange (ExBPA) is already familiar exporting scan results to other file formats to save or achive. The Best Practise Analyzer (BPA) coming with Windows Server 2008 R2 Server Roles doesn’t have this opportunity to save the scan reports form the Server Manager Console.

But if you use PowerShell for BPA, you can export your scan report to advanced HTML. There are detailed articles on TechNet describing all the functions and options you have with BPA on Windows Server 2008.

Details here