Your IT, our business


Skip Navigation Links
Home
About Us
IT Support
Training
Consultancy
Hardware Sales
Authoring
Software Licensing
Case Studies
Blog


Case Studies

Friends International
Network Upgrade

Kensington Group
Relocation

Infobasis
Testing & Documentation

Oxford Tutorial College
Network Upgrade

ITEX
Training Partnership

Microsoft Press
Technical Authoring

Contact Us
Discuss the consultancy options that best work for you.

C7 Solutions Team Blog

 

Latest News
C7 Solutions and the Top 10 Microsoft Blogs
Brian Reid from C7 Solutions publishes to the Industry Insiders blog at Microsoft which has recently been named in the top 10 Microsoft blogs by Redmondmag.com.

Systems training is available at prices less than the UK at our partner offices in the UK Channel Islands. Enjoy the sun, the beautiful beaches and excellent technical training from C7 Solutions.


Microsoft Certified Partner

Microsoft Small Business Specialist

Monday, June 23, 2008

SSTP (SSL VPN) on SBS 2008 RC0

Updated 31st March 2008: Please see http://www.c7solutions.com/blog/2009/03/configuring-sstp-vpn-on-small-business_31.aspx as this new article replaces the below, as the below refers to a pre-release version of SBS 2008. The working instructions for configuring SSTP on SBS 2008 is much more complicated than the steps below.

SSL based VPN's are great. In short it is VPN without firewall or NAT issues (both of which you get with PPTP and IPSec VPN's). But the current release of SBS 2008 (RC0) does not enable SSTP VPN's by default. It uses RRAS, so SSTP is possible, but it is not as easy as it first looks!
  1. Ensure that you have run the connecting to the internet wizard, and that you are using a third party certificate (as there are less steps if you do this).
  2. Enable remote access from the SBS Console > Network > Connectivity page.
  3. Add some SSTP ports to the VPN in the Routing And Remote Access management program. Right-click Ports and choose Properties and enable SSTP for remote access inbound connections. Leave PPTP enabled as Windows XP does not support SSTP VPN tunnels (only Vista SP1 does at this time).
  4. View the properties of your certificate and note down the Thumbprint value.
  5. Ensure that this certificate is associated with 0.0.0.0:443 and [::]:443: certificate bindings on the server. Type "netsh http show ssl" from elevated command prompt to get this information. You typically get four entries with IP:port being the first line of each. Check for IP:port reading "0.0.0.0:443" and [::]:443 as this shows the IPv4
    and IPv6 mappings for SSL certificates on the server. Ignore the :8172 and :987 entries (these are for IIS Management Service and companyweb).
  6. For both "0.0.0.0:443" and [::]:443 make a note of the Certificate Hash. It needs to be the same for both and the same as the earlier Thumbprint value (ignore any spaces).If not see
    http://blogs.technet.com/rrasblog/archive/2007/11/08/configuring-iis-on-the-sstp-server-implications-and-how-to-resolve.aspx for instructions on resetting this, noting that you need to ensure that the correct certificate is bound to the SBS Web Applications website on the SBS 2008 server (in IIS manager).
  7. Install the "Certificate Authority Web Enrollment" role service to Active Directory Certificate Services snapin within Server Manager. This adds a virtual directory to the default website in IIS called CertEnroll which contains the certificate revocation list for the certificate you are using. Only do this if you are using the built in default issued certificate. If you are using certificates from a third party then you need to ensure you can reach
    their CRL publishing site without issue - see the certificate details for information on the CRL publishing site location.
  8. Expand the Certificate Authority on your server and right-click Revocated Certificates. Under tasks choose Publish. This updates the CRL with the new publishing location that SSTP needs to connected to. Again, use a third party certificate to make this easy!
  9. On a Vista SP1 client create a new VPN connection and in properties > networking ensure that the Type of VPN is set to SSTP (for normal use set this to Auto, and it will find the best (starting with PPTP), but for testing set it specifically to SSTP). Also ensure that the name of the server you are connecting to is the same name that the certificate uses for the certificate common name.
  10. Connect the VPN and all should work.

Labels: , , , , , ,

permalink posted by Brian Reid : 9:34 AM 0 comments

Monday, June 16, 2008

Hyper-V Not Booting From ISO Images

I got error 0xc00000e9 when attempting to boot into a new guest Hyper-V image, using an ISO image as my boot CD. Using the real CD in the host worked fine.

So I downloaded the ISO again and all was well this time - must have been a dodgy download - now to go play with Windows Small Business Server 2008.

Labels: , , , ,

permalink posted by Brian Reid : 6:08 PM 0 comments

Saturday, June 14, 2008

Hyper-V on the Dell Optiplex

With the correct BIOS settings enabled on a E8500 processor (see http://processorfinder.intel.com/ for the processors that support EM64T, Virtualisation and Execute Disable which is needed for Hyper-V to work), and with them and the Trusted Execution property set to On in the BIOS I got the following errors with Hyper-V RC1 on Windows 2008 Enterprise Server RTM (running Server Core):

  • Hyper-V launch failed; Either VMX not present or not enabled in BIOS.
  • Hyper-V launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by Hyper-V.

Fixed this by rebooting and pressing F2 to enter the BIOS and disabling the following settings

  • Security > Execute Disable (set to Off)
  • Performance > Virtualization (set to Off)
  • Performance > VT for Direct I/O Access (set to Off)
  • Performance > Trusted Execution (set to Off)

Press Esc and save settings. When the server reboots do a hard power off. Power on, and then in the BIOS again ensure that the following is set:

  • Security > Execute Disable (set to On)
  • Performance > Virtualization (set to On)
  • Performance > VT for Direct I/O Access (set to On)
  • Performance > Trusted Execution (set to Off)

Press Esc and save settings. Hard power off again once the server reboots. Turn power on and let computer boot normally.

At this point I got an Hyper-V error in that the entries in the event log above did not appear anymore, but were replaced by an error indicating that Hyper-V was not installed.

So I removed Hyper-V by running:

  • ocsetup Microsoft-Hyper-V /uninstall

and reboot.

Reinstall Hyper-V by downloading the latest build and install it using:

  • wusa

or if you have the latest build already installed, then reinstall using:

  • ocsetup Microsoft-Hyper-V

Labels: , , , , , ,

permalink posted by Brian Reid : 8:55 AM 1 comments

Archive

March 2005 July 2005 February 2006 May 2006 November 2006 March 2007 May 2007 June 2007 August 2007 April 2008 May 2008 June 2008 September 2008 October 2008 November 2008 January 2009 February 2009 March 2009