Cannot display webpage after updating SSL Certificate

Check if the server certificate has the private key corresponding to it. Refer the below picture:

SSL Cert wo and wprivate key

If private key is missing, then you need to get a certificate containing the private key, which is essentially a .PFX file. There is a command that we could try to run in order to associate the private key with the certificate:

 C:\>certutil –repairstore my “‎1a 1f 94 8b 21 a2 99 36 77 a8 8e b2 3f 42 8c 7e 47 e3 d1 33”

 certutil repair

 Note: 1a 1f 94 8b 21 a2 99 36 77 a8 8e b2 3f 42 8c 7e 47 e3 d1 33 is the thumbprint of the certificate. Open the certificate and click on the details tab. Scroll down to find the thumbprint section. Select the thumbprint section and click on the text below. Do a “Ctrl+A” and then “Ctrl+C” to select and copy it. Below is a snapshot for your reference:

cert thumbprint 

If the association is successful, then you would see the following window:

successful cert repair

Redirecting OWA URL’s in Exchange 2010

Great blog post on redirecting OWA URL’s for Exchange 2010 on WS08 R2, tested and it works.

http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

Moving DHCP from Windows Server 2003 to Windows Server 2008

Microsoft Support KB article on moving your DHCP scope(s) using netsh – link

Windows server backup fails consistency check of the Exchange database

Trying to backup Exchange 2010 and purge transaction logs using the built-in Windows Server Backup app (Windows 2008).

– Backup completes but with warnings and log files won’t purge

-Found that the backup will run successful only if database files and the transaction log files on the same volume

Moved the transaction logs files via the EMC to the save volume as the databases and got past the consistency check failure issue, and got a good backup w/flushed logs.

Move WSUS SQL database to another location

When running WSUS on a Small Business Server, the default location is the C: drive, when that drive gets full you need to move the content and the SQL database. Below are the steps to move the SQL database to another location.

1. Open command prompt and type: net stop “update services”

2. Next, at the command promt type: net stop w3svc (if it is SBS 2008 it will also stop the Terminal Services Gateway, remember to restart)

3. Open Microsoft SQL Express Management Studio (if you don’t have this, go to http://tinyurl.com/ynl9tv to download) and connect to the MICROSOFT##SSEE database, which is the WSUS database and the SharePoint databases in SBS 2008. You can’t just connect to the database normally, you need to type this in server name area:   \.pipeMSSQL$MICROSOFT##SSEEsqlquery

1577_1

 4. Detach the SUSDB database, move the SUSDB folder to the new location and attach the database again with Management Studio

5. Restart the services: “update services”, “w3svc”, and “Terminal Services Gateway”

 

 

Disable SSL v2.0 in IIS

While going through a vulnerability scan for PCI compliancy, the report noted that IIS 7 on a Small Business Server 2008 was still using SSL v2.0 instead of SSL 3.0 or TLS 1.0. To disable SSL v2.0:

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry key:HKey_Local_MachineSystemCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server
  3. On the Edit menu, click Add Value.
  4. In the Data Type list, click DWORD.
  5. In the Value Name box, type Enabled, and then click OK.Note If this value is present, double-click the value to edit its current value.
  6. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
  7. Click OK. Restart the computer.

IIS negotiates the encryption with the client browser. An attacker could use a tool that tells the server it has only sslv2 (which is weaker) available. If you disable sslv2 it only uses v3 or tls, as requested by browser. A browser only supporting sslv2 would fail.

 This applies to Windows Server 2003, and Windows Server 2008, and both versions of SBS.

http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

Change default behavior for unidentified network in Vista/Windows Server 2008/Windows 7

I ran into an issue with a Hyper-V server with 6 NIC’s, some of the NIC’s in Network and Sharing center were being categorized as ‘unidentified network’ and giving the public designation. I could change it to private, but every reboot it would revert back. The issue with public network was that network discovery and file sharing was turned off, so even the NIC that was joined to the domain had little connectivity. Below fixed the issue.

You can change the security setting so that the network is not made public in the first place.

To do this on your local server or Vista/Windows 7 desktop , follow these steps:

1. Start –> run –> MMC –> press enter

2. In MMC console , from menu file select Add/Remove Snap-in

3. Select Group Policy Object editor –> Press Add –> select Local computer –> press OK –>press OK

4. Open Computer configration –>Windows Settings –>Security Settings –>select Network list manager policies
on the right Side you will see options for :

double click –>Unidentified networks

  Then you can select the option to consider the Unidentified networks as private and if user can change the
location

Product Spotlight: Windows SharePoint Services

SharePoint Services is a versatile technology included with Microsoft Windows Server 2008 that enables organizations of all sizes to increase the efficiency of business processes and improve team productivity. With tools for collaboration that help people stay connected across organizational and geographic boundaries, Windows SharePoint Services gives people access to documents and information they need.

wss1

Chief among the advantages of Windows SharePoint Services:

  • Provides a single workspace for teams to coordinate schedules, organize documents, and participate in discussions—within the organization and over the extranet.
  • Easily author and manage documents. SharePoint Services helps to ensure document integrity with the option to require document checkout before editing, provides the ability to view past revisions and restore to previous versions, and has the ability to set document-specific security.
  • Helps people and teams stay on task with a variety of communication features that let users know when actions are required or important changes are made to existing information or documentation, including announcements, sophisticated alerts, surveys, and discussion boards.
  • Provides creative forums for brainstorming ideas, building knowledge bases, or simply gathering information in an easy-to-edit format with new templates for implementing blogs and wikis (Web sites that can be quickly and easily edited by team members).
  • Increases productivity while mobile with enhanced support for synchronization; using Microsoft Office Outlook 2007 to manage document libraries, lists, calendars, contacts, tasks, and discussion board—even offline.

Built on Microsoft Windows Server 2008, Windows SharePoint Services also provides a foundation platform for building Web-based business applications that can flex and scale easily to meet the changing and growing needs of your business.  With a familiar, Web-based interface and close integration with everyday tools including the Microsoft Office system, Windows SharePoint Services is easy to use and can be deployed rapidly. Users can create workspaces and then publish, store, share, and keep track of information, workflow, and documents.

Windows SharePoint Services helps teams stay connected and productive by providing easy access to the people, documents, and information they need to make more informed decisions and get the job done. Enhancements in Windows SharePoint Services 3.0 make it easier than ever to share documents, track tasks, use e-mail efficiently and effectively, and share ideas and information.

Contact KTS today for additional details on how your business can benefit from Windows SharePoint Services!

See the rest of our latest newsletter here.

Sending email to certian domains does not work when you run Exchange Server 2007 on a Windows Server 2008-based computer

You may have trouble sending mail to certain domains while using Exchange Server 2007 on Windows Server 2008. The Queue Viewer displays the following status error for the domain in question:

“451 4.4.0 primary target IP address responded with “421.4.4.2 unable to connect.”attempted failover to alternate host, but that did not succeed.Either there are no alternate hosts, or delivery failed to all alternate hosts.”

This problem occurs because routers do not support the TCP autotuning settings in Windows Server 2008.

To disable autotuning, follow these steps:

Run CMD as Administrator

At the command prompt, type the following command, and then press ENTER:

netsh interface tcp set global autotuninglevel=disabled

This command disables the Receive Window Auto-Tuning feature.

Exit the Command Prompt window.

Restart the computer.