Archive for the ‘Windows Server 2008 R2’ Category

HOWTO Use Powershell to Enable Remote Desktop on another Computer

May 15, 2012
$remoteComputerName = "my_remote_computer"
# Connect to another computer and start the remote registry service 
( Get-WmiObject -computername $remoteComputerName Win32_Service -filter "Name='RemoteRegistry'").startservice()
( Get-WmiObject -computername $remoteComputerName Win32_Service -filter "Name='RemoteAccess'").ChangeStartMode('Manual') 
( Get-WmiObject -computername $remoteComputerName Win32_Service -filter "Name='RemoteAccess'").startservice()

Creating Windows Server 2008 DNS Zones to Resolve External URLs to Internal IP Addresses

November 18, 2011

In our public-facing website environment we resolve URLs via our gateway to a hardware load balancer, and then on to our web front-end SharePoint 2010 servers. This all works well, and externally we can resolve www.mydomain.com. Internally however, I wanted to resolve the same URL to my internal IP addresses without having to hack hosts files or make other nasty changes.

This can be done via Windows 2008 DNS server when creating a default primary authorative zone. Normally you would create a zone for mydomain.com and then add a host entry for “www”. This would however have the effect that the DNS server became authoratative for the entire mydomain.com domain, which I did not want as there are other mydomain.com addresses that our environment does not host.

The solution is to create a primary DNS zone matching the full URL, www.mydomain.com.

DNS primary zone entry

DNS primary zone entry

Then, you create a blank A record pointing to the internal IP address of your website:

Create a blank A record

Create a blank A record

This A record becomes the default entry for the zone, so internal requests for www.mydomain.com will resolve to your A-record, but any requests for other URLS in the mydomain.com space will be forwarded via normal DNS processes.

HOWTO: Enable Kerberos Logging via PowerShell

May 1, 2011

Our servers still have a RegEdit policy lock-down in affect. Yes, it is still silly. PowerShell however is allowed 🙂

Turning on Kerberos logging allows you to view detailed information on any Kerberos errors in the Windows event log via the System log. There is a Microsoft Knowledgebase article about how to turn it on, but that requires Regedit access. You can, however, turn this on via PowerShell. When the kerberos logging is turned on, check the Windows System event log for entries. The change is instantaneous – you do not need to log off or reboot to see the event logging.

# Get the value of the Kerberos logging property
Get-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

If you do not have this key, it will return no data. However, if you do have this key it should return something similar to:

PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

*snip*

LogLevel : 1
# Add the log level key for Kerberos logging
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1" -PropertyType dword
# Enable Kerberos logging
Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "1"
# Disable Kerberos logging
Set-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name "LogLevel" -value "0"

Windows Server 2008 R2 Hyper-V Guests Lose Network Connectivity Temporarily

March 12, 2011

This seems to be a problem that has existed in all versions of Hyper-V. I have experienced this in the both Windows Server 2008 and Windows Server 2008 R2 versions.
I have two Hyper-V 2008 R2 servers with a couple of Windows Server 2008 R2 guests. If I set up a ping as follows:
ping -t myserver.thedomain
I get solid ping responses, but randomly I will get either a timeout and/or a “network route could not be made” message. This is particularly the case when the Guest OS tries to access another resource via the LAN. The connection does get reestablished, but this causes havoc for any services that rely on a good constant connection i.e. pretty much everything.
The issue seems to involve network interface cards (NICs) and their drivers that do not process Checksum Offloads correctly.

On my servers I have the following configuration:

NIC 1 – Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
NIC 2 – Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller

NIC 1 is my management LAN NIC and is dedicated to the virtual server parent. It does not participate in any traffic with the Guest OS’. NIC 2 is my Virtual LAN NIC and is dedicated to the Guest OS’ i.e. the “Allow management operating system to share this network adapter” is un-ticked. I believe this to be adequate best-practice (more NICs would be better for redundancy and performance) as it makes sure you can always access your Host OS even if the Guest VLAN NIC is getting slammed.

NIC 2 (my VLAN NIC) is where the workaround needs to occur. I disabled the following “advanced” networking options:

  • IPV4 Checksum Offload
  • Large Send Offload (IPv4)
  • TCP Checksum Offload (IPV4)
  • UDP Checksum Offload (IPV4)

From this list, it appears the issue is to do with the way the Offload is occurring – possibly just for IPV4 but perhaps IPV6 as well. Regardless, as soon as I disabled these settings it resolved my connectivity problems straight away. I also tried the latest driver version of the NIC but that didn’t resolve the issue.

HOWTO: Disable the Windows Server 2008 Loopback Check via PowerShell

December 23, 2010

Our servers have a RegEdit lock-down in affect. Yes, it is silly. PowerShell can do the job though!

# Get the value of the LSA keys
Get-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa

# Disable the loopback check
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword

HOWTO: Set your Windows Proxy Server Settings via PowerShell

December 10, 2010

The following PowerShell script will set your proxy server registry settings for Internet Explorer.

set-itemproperty -path "hkcu:Software\Microsoft\Windows\CurrentVersion\Internet Settings" -name ProxyServer -value "http=proxy-url:port;https=proxy-url:port;ftp=proxy-url:port;socks=proxy-url:port;" -type string