Archive for the ‘Server 2008’ category

Task Scheduler 2.0 Email

December 29, 2008

I was originally excited about the new Task Scheduler built into Windows Server 2008 & Vista….I liked the idea of being able to easily select an event from the Event Viewer and schedule a task to trigger when it occurred. I was thinking this would make a really easy way to monitor some simple server stats…for example, anytime a login (failed or successful) occurred I could have an email alert sent. This was nice for servers that I know people shouldn’t be physically logging into on a regular basis.

The part that sucks though is that from everything I’ve read the email is sent using NTLM authentication for Windows SMTP servers. If you’re not using Windows SMTP server the email will still be sent if the server allows anonymous access. Well, if you’re trying to use a non-Windows server on the Internet and it does not allow anonymous access, looks like you’re out of luck.

Time to redo that PowerShell script to email alerts.

For reference, here’s a Technet post with info about the email settings: http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/f087c57c-57b8-4c7f-ba2a-feb04c51f5ba/

Advertisements

IIS 7 Leaking Internal IP (PCI Audit)

December 5, 2008

While going through a PCI-DSS audit for the credit cards, I ran into several Windows 2008 servers running IIS 7 that were failling on an old IIS 4 problem…they were sending out the internal IP address in the HTTP Headers.

After much digging around trying to figure out the issue, I was directed to a poston the IIS Troubleshooting blog. One of the items on there clued me in. There is a known issue with using the rediect. I originally had the redirect in IIS configured to point to a folder on the system…when I replaced that with the full URL path, it fixed the issue. Hopefully this will save someone else the grief with trying to find this issue themselves.

SSL 3.0 in IIS 7.0

October 16, 2008

One quirk I recently ran into was regarding SSL version 3.0 in IIS 7.0. I was under the impression that IIS defaulted to SSL 3.0 and had 2.0 disabled…this is apparently not the case. While going through a PCI audit we found that the server was still accepting SSL 2.0 connections which is apparently against the PCI guidelines. So how to change this so SSL 2.0 is disabled:

  1. On the server, run REGEDT32
  2. Create or edit the following key to disable SSL 2.0:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
    “Enabled”=dword:00000000
  3. Reboot the server

image

SBS 2008 Partner Tour

September 12, 2008

So tonight we had the Microsoft Small Business Server 2008 Partner Tour. I’m still not sure why I’m still awake after going through about 6 hours of Power Point slides!

The start of the show, the vendor portion, was kinda slow as the vendors who were here really didn’t fit the crowd and it was obvious. I think I actually heard crickets when one was talking. I don’t want to mention them because they were all nice people but were just talking to the wrong crowd.

The actual Microsoft portion on SBS 2008 was really good. I will say that Kevin was one of the best people from the marketing side to present from Microsoft because he didn’t try to offer the Microsoft is perfect pitch but did admit to short comings in the products. I do wish the marketing/licensing part would have been shorter as there wasn’t really any new info but we spent a lot of time on it…a good portion was due to so called IT Pro’s who kept asking stupid questions that really made me wonder if they had ever looked at let alone used SBS before.

During the tech side we did get to hear about some neat little tricks and features that I hadn’t seen before. Just wish people didn’t keep asking the same questions over and over so we could have gotten through a lot more.

FTP & Firewalls

July 26, 2008

One of the little “gotchas” I ran into on my recent installing spree was with FTP on Windows Server 2008. The systems are all running on a private network as a database/application server but I still have the built in firewall enabled and to help reduce risk from users on the network doing something stupid.

While trying to download the application software from an FTP site, the vendor told me that the could connect to the server but the connection just died after that. The quick workaround was to have them just use the Network Places and connect to the FTP server that way which worked but took a lot longer to setup the connection vs. the good old command prompt FTP.

When I had time later I looked at the system and after a little troubleshooting realized that the firewall was actually blocking the command line FTP data. Odd that it blocks it while letting the Explorer FTP session through? Anyhow, simple fix was to go to the Firewall and add the FTP.exe app to the allowed programs and all worked well.

Seems blatantly obvious now looking back on it but at the time when doing 5000 other things, it was one of the little things that got me.

Online screencasts

July 21, 2008

Been a while since my last post mainly due to recent traveling and doing major system upgrades at various properties. Only two deployments left with the current upgrades and then all but one will be running Windows Server 2008 and a combination of Vista and XP workstations.

At one point I was looking for something online and came across this site and thought it was pretty cool. Haven’t had a chance to look at more than a couple of the videos but they seem to be very clear and easy to follow instructional’s for how to do things from installing a GoDaddy SSL certificate on IIS7 to installing SBS 2008, and even Bare-metal restore of SBS 2008.

The main site to see those listed above and the other videos they have is at http://www.netometer.com/video/index.php

Server Delays

June 7, 2008

Over a month ago I ordered a bunch of new servers from Dell. I’ve never had a problem with delays when ordering servers from them before but this one turned into a painful delay. After going through several delays in manufacturing we finally got the server about a month later. Turns out the issue was a simple one….finding a serial card that would work with Windows Server 2008! If I wanted a fiber NIC I could have had it next day…but an basic, old serial card…still not available. Go figure.

While I have no wish to keep serial interfaces around and really prefer them being replaced by USB or network interfaces, the fact remains that there is a LOT of legacy equipment out there (Most PBX, voicemail, and POS systems) that only uses a serial port for it’s interface.

Came across a cool product that enabled us to bypass the problem and remove the serial ports from the server and put them on the network. Using the Comtrol box also made things a little easier in that rather than having to run several serial cables from the phone and POS to the server, we were able to just put the Comtrol box next to the them and use the existing network connection to talk with the server.