Your IT, our business


Skip Navigation Links
Home
About Us
IT Support
Training
Consultancy
Hardware Sales
Authoring
Software Licensing
Case Studies
Blog


Case Studies

Friends International
Network Upgrade

Kensington Group
Relocation

Infobasis
Testing & Documentation

Oxford Tutorial College
Network Upgrade

ITEX
Training Partnership

Microsoft Press
Technical Authoring

Contact Us
Discuss the consultancy options that best work for you.

C7 Solutions Team Blog

 

Latest News
C7 Solutions and the Top 10 Microsoft Blogs
Brian Reid from C7 Solutions publishes to the Industry Insiders blog at Microsoft which has recently been named in the top 10 Microsoft blogs by Redmondmag.com.

Systems training is available at prices less than the UK at our partner offices in the UK Channel Islands. Enjoy the sun, the beautiful beaches and excellent technical training from C7 Solutions.


Microsoft Certified Partner

Microsoft Small Business Specialist

Friday, October 24, 2008

Enterprise Certificate Services and Terminal Services Gateway - Certificate Issuing for Internet Usage

To issue a certificate for the Windows 2008 Terminal Services gateway using your own intalled Enterprise Certificate Authority, out of the box you need to create a certificate request file, request the certificate from the Enterprise CA, install the issued certificate and map the certificate to the TS Gateway.

This can help you if you get errors such as -2146875377 or "the dns name is unavailable and cannot be added to the subject alternative name" or "denied by policy" errors.

In detail these steps are:
Create MMC Console for all steps
  1. On the TS Gateway Windows 2008 server, with the remote administration tools installed, click Start > Run and enter mmc.exe.
  2. Confirm the UAC prompt and add the following snap-ins: Certificate Authority (choose computer on which this role is installed), Certificates (for local machine), TS Gateway Manager.

Create a Certificate Request

  1. Expand Certificates (Local Computer)/Personal/Certificates and right-click Certificates>All Tasks>Advanced Options>Create Custom Request.
  2. Click Next on the Before You Begin page.
  3. Choose Web Server as the template. The template type that you chose is the 2nd most important choice you make in this process. Click Next.
  4. Click the Details down arrow and then click Properties.
  5. On the Subject tab, under Subject Name, select Common Name under Type and enter the URL that you will use across the internet to reach this TS Gateway. Click OK when the names you are using have been added to the list on the right of the dialog. The correct value for common name is the 1st most important choice you make here.
  6. Click Next.
  7. Enter a file name and click Finish.

Upload Certificate Request to Enterprise Certificate Authority

  1. Expand the Certification Authority node in the MMC you created above.
  2. Right-click the CA name and choose All Tasks>Submit New Request.
  3. Browse and select the request file created in step 7 in the previous section.
  4. Save the issued certificate with a .cer file extension.

Install the Certificate on the TS Gateway Server

  1. Expand Certificates (Local Computer)/Personal/Certificates and right-click Certificates>All Tasks>Import and click Next.
  2. Browse to the file created in step 4 in the previous section.
  3. Click Next twice.
  4. Click Finish. You will be told the import was successful.

Map Certificate to TS Gateway

  1. Expand TS Gateway Manager in the MMC.
  2. Right-click your TS Gateway server and choose Properties
  3. Select the SSL Certificate tab and ensure the "Select an existing certificate..." option is set.
  4. Click Browse Certificates and select the new certificate that you have just created
  5. Click Install and OK.

Then to finish, open Remote Desktop Connection tool (mstsc.exe) and connect to a Terminal Server using the Gateway option via the Options>Advanced>Settings dialog. To complete these steps you must also have created the policies for connection the the gateway.

permalink posted by Brian Reid : 8:49 AM 0 comments

Thursday, October 23, 2008

Enabling Previous Versions on Windows 2008 Server Core

Enabling Previous Versions for file shares on Windows 2008 when you have the full graphic's interface is easy to do - but what about if all you have is the command line as you get in Server Core.

To turn on Previous Versions (shadow copies) via the command line follow these steps:
  1. From the command line on the server type:
    vssadmin add shadowstorage /for=c: /on=c: /MaxSize=5GB
  2. This will enable shadow copies on the volume, and this might be enabled already (esp. if you have already run a backup on the server). This particular command will do copies for the shares on the C: drive, with the storage for the copies also on the C: drive, and limiting that storage to 5Gb. Any of these options can be changed.
  3. Enable remote management on the Server Core firewall (again this might have already been done):
    Netsh firewall set service RemoteAdmin
    Netsh advfirewall set currentprofile settings remotemanagement enable
    Netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
    Netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
  4. Then from a remote machine with the Task Scheduler MMC snap-in enabled, connect to the Server Core machine as an administrator level account and add the following scheduled task - 1 for each disk on the server:
    General>Name: Shadow Volume Copy
    General>User Account: Administrator level account (run whether logged in or not)
    Triggers>New: Weekly, 7am, Mon-Fri and Weekly, 12pm, Mon-Fri
    Actions>Start a program: %systemroot%\system32\vssadmin.exe
    Actions>Start a program>Arguments: Create Shadow /AutoRetry=15 /For=c: (changing C: if you have a different drive)
  5. Click OK and right-click the task and choose Run.
  6. Open a file share that is held on the Server Core machine and see if the Previous Versions tab shows a previous version having just been created.

permalink posted by Brian Reid : 2:47 PM 0 comments

Archive

March 2005 July 2005 February 2006 May 2006 November 2006 March 2007 May 2007 June 2007 August 2007 April 2008 May 2008 June 2008 September 2008 October 2008 November 2008 January 2009 February 2009 March 2009