Installing Active Directory Users and Computers for Windows 2008

From server manager, go to Features, then add

Expand:

• Remote Server Administration Tools
• Role Administration Tools
• Active Directory Domain Services Tools

and then check Active Directory Domain Controller Tools

it includes:

• Active Directory Users and Computers
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• ...

Server 2008 R2 Instructions:

Under Role Administration Tools, expand

• AD DS and AD LDS Tools
• AD DS Tools
• AD DS Snap-Ins and Command-Line Tools.

Reference: http://serverfault.com/questions/108866/how-to-install-active-directory-users-and-computers-for-windows-2008

Creating Root Certificate Authority using Debian to implement PEAP authentication on Microsoft NPS Radius

############# Creating Root Certificate Authority over Debian #############

By default - CA.pl (and CA.sh for that matter) together with openssl.cnf are set up so that everything happens in the local directory - with the CA store in ./demoCA. This isn't so very useful. So - let's make some decisions.

Our CA certificate will have a life of 10 years
Our SSL certificates will have a life of 2 years
We will store the CA information in /etc/ssl/ca (alongside the other ssl files).

#############  Changes to CA.pl
Locate the variables at the top - DAYS and CADAYS. Change these lines to look like:

    $DAYS="-days 730";     # 2 year
    $CADAYS="-days 3650";  # 10 years
$CATOP="/etc/ssl/ca";

############# Changes to openssl.cnf
The first change must match the $CATOP variable from CA.pl - we need to change the dir variable so that it looks like

dir = /etc/ssl/ca

We should also set the default number of days to match $DAYS:

default_days = 730

Generating the CA certificate and storage area
cd testCA/
 /usr/lib/ssl/misc/CA.pl -newca

HINT: Your new cacert.pem file is now in /etc/ssl/ca/cacert.pem and can be distributed for installation in browsers etc.

############# Generating a certificate request
To create any server certificate for any reason, like PEAP or WEB servers

/usr/lib/ssl/misc/CA.pl -newreq

HINT:  The vital point is that the CN of the certificate must be the domain name of the site you wish to secure. You can use *.example.com for a wildcard certificate
HINT: This will generate a newkey.pem and a newreq.pem. newkey.pem you need to keep for later - newreq.pem you would send off for signing - in this case to yourself - but you could also use it for purchasing a real certificate.

############# Signing a certificate request
Given a newreq.pem in the current working directory run
/usr/lib/ssl/misc/CA.pl -sign

HINT: This will sign the request and generate a newcert.pem with the signed certificate. You will have to enter the password for your CA key which you supplied when creating the CA key, certificate and store.
HINT: It's better to rename those files to something useful:

mv newcert.pem NPS_RADIUS_04.cert
mv newkey.pem NPS_RADIUS_04.key

############# Removing passphrase
Note - your certicate's key has a passphrase assigned during the -newreq phase. If you want your software to autostart this won't work - since it prompts for the password. To remove a passphrase:
openssl rsa -in NPS_RADIUS_04.key -out NPS_RADIUS_04.nopass.key

############# Installing the issued certificate in Windows 2008
openssl pkcs12 -export -out cert+key.nopass.p12 -in NPS_RADIUS_04.cert -inkey NPS_RADIUS_04.nopass.key

should convert the cert and key into a PKCS#12 file, which Windows will probably have an easier time dealing with.


References:
http://www.debian-administration.org/articles/618

How to create a self-signed SSL Certificate using openssl

Just refer to that very good page: http://www.akadia.com/services/ssh_test_certificate.html

I followed that manual to create a certificate to be used for Radius Server PEAP

Running Windows 8 on ESXi 5.0

After failure to install Windows 8 on ESXi 4.1 and 5.0, finally I installed it following the virtuallyGhetto article
http://www.virtuallyghetto.com/2012/02/how-to-run-windows-8-consumer-preview.html

and through the article, the patch ESXi500-201112001 should be installed on ESXi 5.0.

and this is how to install it via command line after putting the host in maintenance mode:

esxcli software vib install --depot=/vmfs/volumes/datastore1/ESXi500-201112001.zip

While you can download ESXi500-201112001.zip from http://www.vmware.com/patchmgr/download.portal

Create Your Own Custom ESXi Image Using ESXi Customizer

ESXi 5.0 and the missing Intel 82579 was an issue with me installing ESXi 5.0 on Lenovo ThinkCenter M Series, but I manage to solve the issue by customizing the ESXi 5.0 after following the guide show in the following link

http://www.yoyoclouds.com/2012/08/create-your-own-custom-esxi-image-using.html


Hint: That Intel 82579 also exists in Dell OptiPlex 790 and 990 as well.

Connect to openvpn past enterprise firewall

The proper way is to do this :

1. Setup openvpn to use tcp instead of udp on any port (1194 is default)
2. Setup port forwarding to forward external 443 port to internal 1194 port.
3. If the web browser on client side is using a proxy setup the openvpn client to use the proxy server for connection.
4. Setup client to use tcp and port 443.

Then connect.

Reference: http://superuser.com/questions/303198/connect-to-openvpn-past-enterprise-firewall

USB support for ESX/ESXi 4.1 and ESXi 5.0

ESX/ESXi 4.1 and ESXi 5.0 supports USB device passthrough from an ESX or ESXi to a virtual machine.

 

This article provides information on:

• USB device passthrough requirements and limitations
• How to add a USB controller and a USB device.

Follow vmware article at http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1022290

Thick-provisioned disk to thin, in ESX 4.1

On ESXi 4.1 Copying virtual machines machines using Veeam FastSCP (Free version), if the copied machine disk was thin-provisioned, the pasted machine will be thick, so one solution is use the following command

vmkfstools –i <srcDisk> -d thin <dstDisk>

but don't forget to edit the <dstDisk> to indicate <dstDisk-flat>

Recreating a missing virtual machine disk (VMDK) descriptor file

Powering on the virtual machine fails with the error: The file specified is not a virtual disk (15) or Recreating a missing virtual machine disk (VMDK) descriptor file follow links below from the VMware knowledge base

http://kb.vmware.com/kb/1002511
http://kb.vmware.com/kb/1016838

While following the steps, you may find the scsi controller is "lsisas1068" which is not supported as virtual controller in the command vmkfstools, so you can use "lsilogic" instead like I did with my Windows 2008 and it worked just fine.

HINT:
scsi0.virtualDev = "lsisas1068"
This new controller is only available with virtual hardware 7
it is a good choice for Windows 7 and 2008 R2

Windows Server 2008: Allow multiple Remote Desktop sessions per user

Remote Desktop/Terminal Services has two settings for multiple sessions. You can either allow multiple sessions per user (in which case if you log in twice, you'll get two sessions), or force a single session per user (in which case you can only log in once and subsequent sessions will be redirected to the original session.

To change this setting, you'll need to perform a registry change. The following steps describe the process:

1- Start Registry Editor (by default, this is located at c:\windows\regedit.exe).
2- Go to the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
3- If the fSingleSessionPerUser value doesn't exist, create a new DWORD value named fSingleSessionPerUser
4- Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
0x0 -- Allow multiple sessions per user
0x1 -- Force each user to a single session
5- Enter the new setting, and then click OK.

Reference: http://www.thomasmaurer.ch/2010/10/windows-server-2008-allow-multiple-remote-desktop-sessions-per-user/