Archive for the ‘Server 2008’ Category

Post-setup configuration

Posted: September 19, 2010 in Active Directory, Exchange Server, Server 2003, Server 2008, System Information
Tags: , , , ,
0


When the installations of both the internal Exchange organization and the Edge Transport

Server are finished, the “post setup” configuration can be started. As in Exchange Server 2007,

there are a couple of additions and changes in the configuration that have to be made to the

Exchange Server 2010 instance before mail can be sent or received from the Internet.

• Enter an Exchange Server 2010 license key.

• Enter accepted domains and setup email address policies.

• Configure a Send Connector to send e-mail to the Internet.

• Configure the Hub Transport Server to accept anonymous SMTP if an Edge Transport

Server is not used.

• Add a Certificate to the Client Access Server role.

• Configure the Client Access Server role.

Configuring Edge Transport Synchronization

Posted: September 19, 2010 in Exchange Server, Server, Server 2003, Server 2008, System Information
Tags: ,
0


The Exchange Server 2010 Edge Transport Server is not part of the internal

Active Directory and Exchange organization, and is typically installed in the network’s

DMZ. A mechanism obviously needs to be in place for keeping the server up to date with

information.

For example, for the recipient filtering in the Edge Transport Server to take place, the server

needs to know which recipients exist in the internal Exchange environment. The Edge

Transport Server also needs to have knowledge about the existing Hub Transport Server in

the internal Exchange organization, where the Edge Transport Server has to deliver its SMTP

messages to.

This information is pushed from an internal Hub Transport Server to the Edge Transport

Server by a process called “Edgesync”. Please note that for a successful synchronization from

the Hub Transport Server to the Edge Transport Server, you have to open port 50636 on the

internal firewall. This port has to be opened from the internal network to the DMZ and not

vice versa.

To setup an Edge Synchronization, a special XML file has to be created on the Edge Transport

Server. This XML fi le has to be imported to a Hub Transport Server on the internal network

creating a relationship between the Edge Transport Server and the respective Hub Transport

Server. Once that relationship is created, the Edgesync service can be started. To setup the

Edgesync service, please follow these steps:

1. Logon to the Edge Transport Server using an administrator account and open an

Exchange Management Shell;

2. Enter the following command:

New-EdgeSubscription –Filename <<filename.xml>>

Copy the <<filename.xml>> to a directory on the Hub Transport Server.

3. Logon to the Hub Transport Server using an administrator account and open an

Exchange Management Shell command prompt.

4. Enter the following command:

New-EdgeSubscription –Filename <<filename.xml>> -CreateInternetSe

ndConnector:$TRUE –Site “Default-First-Site-Name”

When successfully finished on the Exchange Management Shell command prompt, enter the

following command:

Start-EdgeSynchronization

The Edge Synchronization process should now successfully start.

5. On the Edge Transport Server, open the Exchange Management Shell and check if the

settings are identical to the settings on the Hub Transport Server.

When making changes to the internal Exchange organization, these changes will

automatically replicate to the Edge Transport Server in the DMZ.

Installing the Edge Transport Server role

Posted: July 20, 2010 in Active Directory, Exchange Server, Server 2003, Server 2008, System Information
Tags: , , ,
0


When all the prerequisite software for the Exchange Server 2010 Edge Transport Server role is

installed, you can move on to the Exchange server itself

1. Logon to the server with local administrator credentials, go to the installation media and

start the setup.exe installation program

2. Once all prerequisite software is installed correctly, the first two options are grayed out

and you can directly select “Install Exchange Server 2010”

3. On the Introduction Page click Next

4. Accept the License Agreement and click Next

5. Select whether or not you want to participate in the Error Reporting Feature and click

Next

6. On the Installation Type page select “Custom Installation” and click Next. If needed you

can select another directory where the Exchange software is installed

7. On the Server Role Selection page select the Edge Transport Server role. Notice that

when you select this role the other roles (Mailbox, Client Access & others) are grayed out

immediately. Click Next to continue.

8. The setup program will now perform a readiness to check to see if your server is capable

of running the Edge Transport Server role. When successfully completed click Install to

continue.

9. The Exchange binaries will now be copied to the local disk, the Management Tools will

be installed and the Edge Transport Server will be installed. This can take quite some

time to finish.

10. When finished you can continue configuring the Edge Transport Server using the

Exchange Management Console.

The Edge Transport Server is now installed, but not yet configured. It is possible to configure

everything, like the Accepted Domains, Send Connectors etc., manually using the Exchange

Management Console. An easier way is to use a synchronization process which synchronizes

information from the Hub Transport Server within the company’s Active Directory and

Exchange organization to the Edge Transport Server in the DMZ. This process is called the

Edge Transport Synchronization, or Edge sync.

How to Install Active Directory Lightweight Directory Services

Posted: July 19, 2010 in Active Directory, Exchange Server, Server 2008, System Information
Tags: , , ,
0


The Active Directory Lightweight Directory Services (AD LDS), previously known as Active

Directory Application Mode or ADAM, can be installed using the Windows Server 2008

Server Manager. To install the AD LDS follow these steps:

1. Logon to the server, click the Start button and select the Server Manager.

2. In the Server Manger, click “Roles” and in the action click “Add Roles”.

3. Click Next on the “before you begin” page.

4. On the “select server role” page, select the “Active Directory Lightweight Directory

Services” and click Next.

5. On the Introduction page, click Next.

6. On the Confirmation page, click Install.

7. On the Installation Results page, click Finish.

The Active Directory Lightweight Directory Services role is now installed and the server is

ready for the Edge Server Role.

How to View Personal Certificates via the Certificates Snap-In

Posted: May 23, 2010 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , ,
0
  1. Open an empty MMC console using START | RUN | MMC.
  2. From the console menu, select CONSOLE | ADD/REMOVE SNAP-IN. The Add/Remove Snap-in window opens.
  3. Click Add. The Add Standalone Snap-in window opens.
  4. Double-click Certificates to load the snap-in. If you are logged on with an account that does not have administrator privileges, the only option is to load the your own personal certificates. Otherwise, you get additional choices of computer and service certificates.
  5. With the snap-in loaded, save the console with a descriptive name, such as Cert.msc. You may want to save it in \WINNT\System32 along with the rest of the console files so that another administrator can use it. The console does not point at your specific certificate. It loads the certificates of the user who launches the console.
  6. Expand the tree to CertificatesCurrent User | Personal | Certificates. Certificates issued to you are listed in the right pane. The Intended Purposes column lists the certificate’s function. If you have ever encrypted a file, you will have at least one EFS certificate. The domain Administrator account will have two certificates, one for EFS and one for File Recovery (FR).
  7. Double-click a certificate to view the contents.

You can use the Certificates snap-in to obtain new certificates. This is not generally necessary for EFS certificates because the EFS service obtains the certificate automatically when you encrypt a file. If you want to designate more Data Recovery Agents, though, you’ll need to obtain File Recovery (FR) certificates for them. You can request them using the Certificates snap-in.

EFS only issues one self-signed FR certificate. In a domain, it is issued to the domain Administrator account. For a local machine, it is issued to the first user who logs on to the machine following Setup. You’ll need a Certification Authority (CA) to issue any further FR certificates.

Registry Keys Intended for Power Management

Posted: May 22, 2010 in Registry, Server 2003, Server 2008, System Information, Vista, Windows 7, Windows XP
Tags: , , , ,
2

In this section, we’ll discuss the registry keys that are used for power management. You may edit any of them using one of the registry editors.

Note Changing registry entries responsible for power management won’t have an immediate effect. Windows only reads settings from the registry when you log on, when you click OK in Control Panel, or when a Powerprof.dll function is called on to read the registry.

The registry keys used for power management are listed below.

  • HKCU\AppEvents\EventLabels\LowBatteryAlarm – descriptive name of a low battery-power-alarm event
  • HKCU\AppEvents\EventLabels\CriticalBatteryAlarm – descriptive name of a critical battery-power-alarm event
  • HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Default, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Default – filenames of the WAV files that will play as a low and critical power-alarm events
  • HKCU\Control Panel\PowerCfg\CurrentPowerPolicy – index of current user and machine power policy
  • HKCU\Control Panel\PowerCfg\GlobalPowerPolicy\Policies – the user global power policy (binary encoded data)
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Name – name of power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Description – descriptive string for power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Policies – user power policy n, where n = 0, 1, 2, etc. (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID – index of the last power policy in the lists of user and machine power policies (for example, if there are six user power policies and six machine power policies in the registry, the value of this key is 5)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMax – the maximum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMin – the minimum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy\Policies – the machine global power policy (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\n\Policies – machine power policy n, where n = 0, 1, 2, etc. (binary encoded data)

Perform a unattended Server Core install

Posted: May 21, 2010 in Server, Server 2008, System Information
Tags: ,
1


As with previous versions of the OS, you use an ‘‘unattend’’ file for a Server Core installation or a regular Windows Server 2008 image. The unattended server install enables you to perform most of the initial configuration tasks during Setup. The following section describes an unattended installation of the Server Core image. If you have a number of servers to install, the unattended installation of Server Core can provide a host of benefits.

There is no need to perform initial configuration using command-line tools because you can include options in the unattend file that will enable remote administration. Once Setup completes you will be able to connect with various tools and applications and continue to fine-tune and configure.

To install a Server Core installation by using an unattend file, do the following:

1. First create an .xml file titled unattend.xml. You can use any text editor or the Windows System Image Manager.

2. Next copy the unattend.xml file to a local drive or place it on a shared network resource.

3. Place the Windows Preinstallation Environment (Windows PE), Windows Server 2003, or Windows XP media in the machine’s CD drive and start your computer.

4. Next place the CD of the Server Core installation image of Windows Server 2008 into your disk drive. As soon as the auto-run Setup window appears, click Cancel. This will bring you to the command prompt.

5. Next, change to the drive that contains the installation media, enter the following command, and press Enter:

setup /unattend:<path>\unattend.xml

The <path> is the path to your unattend.xml file described in step 2. Setup will run to completion with whatever you have in the unattend.xml file.

Perform a Server Core install

Posted: May 21, 2010 in Server 2008, System Information
Tags: ,
0


To create a server running on Server Core installation you need to have the following handy:

■ The Windows Server 2008 installation media

■ The product key

■ A computer with the recommended configuration for a Server Core installation

Before you begin, make sure you have clean or newly formatted hard disks or volume that you can allow installation to format for you. You cannot upgrade from a previous version of Windows Server to a Server Core installation. You also cannot upgrade from a full installation of Windows Server 2008 to a Server Core installation. Only a clean installation is supported.

Be sure of your needs and configuration before you start. Once you start a Server Core installation you cannot go back later and try upgrading it to a full installation of Windows Server 2008 with the Windows UI. Microsoft does not support that route and you would have to blow away the Server Core installation and start all over again.

To install a Server Core installation, perform the following:

1. Insert the Server Core Windows Server 2008 installation media into the DVD drive.

2. The auto-run dialog box will now appear. Click the Install Now option.

3. The installation wizard takes you through the instructions to complete Setup.

4. After the installation, press Ctrl+Alt+Delete and click Other User. At the login enter Administrator with a blank password, and then press Enter. You will now be able to log in and you will have the chance to set a password for the Administrator account.

Partitioning hard-disk drives

Posted: May 21, 2010 in Server, Server 2008, System Information
Tags: ,
1

 

Give Windows Server 2008 a hand, and it takes an arm . . . or at least another drive. Installation assesses all the hard-drive resources in the system, and if you have two drives (or partitions), the OS attempts to use both. The first active partition gets snagged for the system files . . . the minimum required to raise the system to a point where you can run recovery tools or the Recovery Console. Windows Server 2008 calls this the system volume.

Windows Server 2008 then snags a second drive or partition and uses it for the boot files, the files needed to boot the rest of the operating system all the way to the desktop on which you can log in. Windows Server 2008 calls this volume the boot volume. (This is a reversal of the old naming convention for boot and system partitions.)

Two reasons exist for the dual-disk consumption. First, Windows Server 2008 is optimized to use more than one hard-disk drive. Second, a minimum boot disk can be configured to hold just the boot files and can be formatted as FAT or FAT32 instead of NTFS. The theory is that if you lose the base operating system — that is, if you cannot boot to the desktop — you can atleast boot to a DOS diskette and then, from DOS, copy new base files over the corrupt ones (or replace a defective drive). Many NT and NetWare systems have been configured this way. However, a well-designed and managed system need not retain a FAT boot disk, which, because of its poor security, is a risk to the entire system because it does not support file-level security.

Windows Server 2008, however, enables you to boot to the Boot Options console (whenever it detects a disaster). Here you have several options, such as Safe Mode with Networking, and from there you can attempt to boot without certain services and debug the problem after you have the OS up and running. You can also boot the Recovery Mode Console, which takes you to a command line that you can use to access NTFS partitions and the boot disks. The practice of leaving boot or system files on FAT volumes is old-fashioned — the result of bad memories from Windows NT days. We recommend the partition arrangement options described in the following sections.

Option 1: One HDD

This arrangement uses one hard-disk drive, which forces Windows Server 2008 to put both boot files and system files onto the same drive and partition. To use this option, follow these steps:

1. Configure the system with one hard-disk drive of about 12GB in size. (Microsoft’s official recommendation is to supply at least a 10GB partition, but with roles and features to be added, as well as patches and fixes and new features coming down the road, you need to leave room for expansion.)

2. Format the partition during the install as NTFS.

3. Have Windows Server 2008 choose the default partition name.

The pros of this partitioning option are as follows: First, you save on hard-disk drives. Second, you can mirror this disk for fault tolerance. (Unfortunately, you can mirror the disk only under hardware disk mirroring because Windows Server 2008 does not enable you to mirror a disk that was installed as a basic partition . . . even if you make the disk a dynamic disk.)

The negatives of this partitioning option are that, if you must format the system or boot volumes as FAT, you end up with a disk consisting of numerous partitions. This is not necessary on a server and can later lead to problems, such as no capability to mirror or diminishing hard-disk space and the advanced features of dynamic disks. You may also have trouble providing dual-boot capability, but dual boot is not recommended, and besides, you have no need to provide dual boot on a production server.

Option 2: Two HDDs

This arrangement uses two hard-disk drives: Windows Server 2008 puts boot files on one disk and system files on the second disk. To use this option, follow these steps:

1. Configure the system with two hard-disk drives of about 2GB each in size.

2. Format the drives as NTFS during the install.

3. Have Windows Server 2008 choose the partition names and the default and put the files where it needs to.

The positive aspect of this partitioning option, as far as we can tell, is that you have the option of leaving the boot volume formatted as FAT (or FAT32) and formatting the rest of the partitions and drives as NTFS.

The negatives of this partitioning option are that you use up a second drive for a small amount of hard-disk space, but if you are bent on dual or multi-boots, the second drive can hold the additional OS.

Although you have a performance incentive to use a second hard disk, the increased performance is not worth the effort and the second drive, considering the speed and response of modern hard disks. We are also talking about Server Core here and not Active Directory, LOB servers, SQL Server, or Exchange, which are built to take advantage of additional drives. You would be better off using a second drive as a mirror of the first to gain a fault-tolerance feature.

What Is Server Core?

Posted: May 21, 2010 in Server, Server 2008
Tags: , ,
0

The Server Core installation lets you install a minimal OS for running just the chosen server

roles that would not even need a GUI. This means that you don’t have the huge ‘‘attack’’ surface

that will ensue from all the service requirements. One more thing: Once you install just Server

Core you can stand your server up in a secure environment, both physical and online, and

worry only about securing the services you are actually running. Once Server Core has been

installed you can then open Server Manager (remotely or via scripting) and install, among many

others, the following server roles:

■ Active Directory Domain Services (AD DS)

■ Application Server

■ DHCP Server

■ DNS Server

■ File Services

■ Print Services

Here are some more benefits of the Server Core installation alternative:

■ Lower maintenance. You only need to maintain on the server what is actually installed

on the server. Why worry about maintaining File Services on a server that is nothing more

than a simple domain controller?

■ You need less disk space. The Server Core requires only about 1 gigabyte (GB) of disk

space to install and approximately 2GB for operations after the installation.

■ Less management. Management costs in realms like security, availability, and service

level are far less than previous installation scenarios. You would not have to worry about

supporting a bunch of services and code that you are not using.

Newer Entries