As I remember the PKI wasn't too bad, the hardest part was migrating it from
2003 to 2008 last year. We had set it up quite a while back. We're using it
for wireless authentication
-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: Monday, March 14, 2011 2:24 PM
Also, make sure to check my Edge Man blog for a ton of tips and tricks -
http://blogs.technet.com/b/tomshinder/
Like Exchange, DirectAccess isn't something you can just slap together - you
have to have a basic understanding of the underlying infrastructure, otherwise
you'll chase your tail
Additional, I never upgrade DC's.
It's not permissions. I moved a couple of GPO software assignments to 2008 R2
member servers and recreated the exact same permissions on those shares as are
on the DC and then made new GPO's pointing to those locations and they work
fine. I should have known
Am I right in assuming that MS desktop applications are all licensed on a
per-device basis? We have 70 licenses for Project which are available to
users coming through a Citrix infrastructure, with 1900 endpoints. Now,
given that each endpoint logs on to a Citrix server where Project is
available
Didn't I read somewhere that it was bad practice to have software
installation policies pointing to shares on DCs or the netlogon area? I
could be wronglong time since I used them, but I definitely moved my msi
files from the netlogon share to a file server for some reason in a previous
job.
Yea, it does seem like a bad idea. I should maybe just stop figuring out why
and migrate away. Not like I have that many, and they are not working anyway.
:)
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Tuesday, March 15, 2011 8:53 AM
To: NT System Admin Issues
Subject: Re: Sysvol
We purchase enough licenses so that each person who will potentially access the
MS application has a license. So we purchase fewer licenses of MS
Visio/Project/Access than the general MS Office Standard Suite. Access to
those applications is limited to a number of staff in a special group,
Hmmm. I don't know whether AppSense are trying to pull the wool over my eyes
then. They sent me this document
http://www.appsense.com/Files/Documents/Microsoft%20Application%20License%20Control%20%28US%29.pdf
which seems to indicate that *how the network is set up and how access is
provided to
W2K3 DFL FFL:
We created a GPO using a Windows 2003 GPMC. And modified the system.adm
file with the following:
POLICY !!NoViewOnDrive
#if version = 4
SUPPORTED !!SUPPORTED_Win2k
#endif
Talk to Microsoft. At least you'll get an MS answer.
James Rankin kz2...@googlemail.com 3/15/2011 9:04 AM
Hmmm. I don't know whether AppSense are trying to pull the wool over my eyes
then. They sent me this document
I had a bizarre problem somewhat like this when I upgraded my test domain.
Domain controllers lost the ability to apply machine group policy. User policy
applied fine.
It turns out that “bypass traverse checking” had somehow gotten turned off in
the domain controller default policy. This
Could you restrict access to the app using %username% instead of
%device%?
Don Guyer
Windows Systems Engineer
Datasafe Platform
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-293-4499
www.fiserv.com http://www.fiserv.com/
From: Tom
As far as I know applications are licensed on a per-seat and not a per-device
basis when they're used in a Citrix or Terminal Server environment (since
otherwise you could theoretically buy only one license for your Citrix/Termserv
and share it out to everyone). The per-device licensing is when
Can restrict on anything - user, group, OU, IP address, client name, time of
day, environment variable, processor type, WMI query, you name it. The
question is whether this would conform with the licensing model. I was
wondering if anyone had come across the same issues and gotten a definitive
On Tue, Mar 15, 2011 at 9:46 AM, James Rankin kz2...@googlemail.com wrote:
I was
wondering if anyone had come across the same issues and gotten a definitive
answer, but it looks like I'll have to get onto MS.
In my experience, if you keep asking MS licensing the same question,
eventually
VMDK.
We have two mailbox servers handling about 4000 mailboxes each. Each Exchange
server uses multiple storage groups with multiple databases spread across three
drive letters - one drive for log files, the other two for stores.
These three drive letters correspond directly to three VMDK
The way I understand it is, in a fat-client model, once you installed it
on the 71st computer, you'd be violating your licensing agreement.
In a Citrix environment, it would be available only to the users
restricted, so you should never go beyond that number. In that case, I
think it moves to
I think the array and your backup strategy is relevant tbh.
I'd also run Jetstress regardless of VMDK or RAW or iSCSI from guest to
ensure no nasty surprises.
Paul
-Original Message-
From: Kim Longenbaugh [mailto:k...@colonialsavings.com]
Sent: 14 March 2011 14:44
To: NT System Admin
I need to present possible solutions to provide the ability to stream
training and other corporate videos. Obviously I'm trying to avoid hosting
it internally. Any recommendations on hosting providers? I've already
identified Akamai and Amazon AWS as potential solutions. Any one with
experience
Hi Doug. I'm curious about your reasoning for not wanting to host it
internally. At first glance, I'd think keeping it local would be less of a
bandwidth impact than bringing it in from outside. I'm sure you have a good
reason... Why external instead of internal?
I've done a bunch of work with
+1
Tom does a great job posting relevant and useful DirectAccess info there.
-Malcolm
-Original Message-
From: Thomas W Shinder MD [mailto:tshin...@tacteam.net]
Sent: Tuesday, March 15, 2011 07:36
To: NT System Admin Issues
Subject: RE: DirectAccess HowTo?
Also, make sure to check my
- http://www.microsoft.com/windowsserver2008/en/us/licensing-rds.aspx
-
http://www.microsoft.com/licensing/about-licensing/product-licensing-overview.aspx
-
http://www.microsoft.com/licensing/about-licensing/volume-licensing-briefs.aspx#tab=2
I have two locations connected via VPN. The main location LAN is 172.16.x.x and
the remote location is 172.17.x.x.
I'd like users on the 172.17.x.x end to access a webserver on the 172.16.x.x
end but it doesn't work and I'm not sure why.
The users at the 172.17.x.x end have their Win2003
Awesome Ken! Thanks!
Do you backup with something like ESXRanger or Veeam?
If so, any issues with them backing up huge VMDKs?
Thanks,
Jon
On Tue, Mar 15, 2011 at 9:53 AM, Ken Cornetet ken.corne...@kimball.com wrote:
VMDK.
We have two mailbox servers handling about 4000 mailboxes each. Each
Is the routing distributed by the DHCP server ?
GuidoElia
HELPPC
_
Da: Bob Hartung [mailto:bhart...@wiscoind.com]
Inviato: martedì 15 marzo 2011 16.19
A: NT System Admin Issues
Oggetto: DNS Issue
I have two locations connected via VPN. The main location LAN is 172.16.x.x and
the
Yes.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
_
From: HELP_PC [mailto:g...@enter.it]
To: NT System Admin Issues
I answered to quick.
When you say the routing, I'm not sure what you mean. The webserver's address
is resolved through AD. And the individual subnets are sites in AD.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax:
Tracert the IP and see where it’s routed. We have a separate LAN that connects
via VPN and in order for the PCs to access exchange we placed a persistent
route in the route tables that point all email traffic through the VPN.
Thank you,
_
Cameron Cooper
Given that you have name resolution, and that you can ping the webserver on the
172.16.x.x subnet from the 172.17.x.x subnet, I don't believe this is a DNS
issue at all.
Also, since pings (and likely trace routes) are successful, routing is
correctly set up.
That leads to the conclusion that
Folks,
I am moving to KMS licensing here for Office 2010 and Windows 2008 servers.
The KMS host is a Windows 2008 R2 server.
I looks like all I need to do is add the licenses, then activate them? I have
a number of KMS codes each for Office 2010, Windows 2008, Windows 7, since we
purchase
On Tue, Mar 15, 2011 at 11:18 AM, Bob Hartung bhart...@wiscoind.com wrote:
I'd like users on the 172.17.x.x end to access a webserver on the 172.16.x.x
end but it doesn't work and I'm not sure why.
Explain doesn't work. Error message, timeout, what? What are you
entering as the URL -- name
Here's a sample trace...
C:\tracert win2k8-1
Tracing route to win2k8-1.wiscoind.local [172.16.1.6]
over a maximum of 30 hops:
11 ms1 ms1 ms InstagateAL.wiscoind.local [172.17.1.2]
2 *** Request timed out.
3 *** Request timed
What does doesn't work mean?
What errors?
*ASB *(Find me online via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...
*
On Tue, Mar 15, 2011 at 11:18 AM, Bob Hartung bhart...@wiscoind.com wrote:
I have two locations connected via VPN. The
That verifies routing is good.
Check the logs for your VPN device to see what’s happening to the http traffic.
It’s likely being dropped or blocked.
From: Bob Hartung [mailto:bhart...@wiscoind.com]
Sent: Tuesday, March 15, 2011 10:39 AM
To: NT System Admin Issues
Subject: RE: R: DNS Issue
I actually when trough that last week.
I had to open a case with Microsoft, ended up that I had an incorrect server
in DNS.
Here is a good reference:
Please refer to following document
*KMS Client Setup Key*
Trace through IP and see the difference
GuidoElia
HELPPC
_
Da: Bob Hartung [mailto:bhart...@wiscoind.com]
Inviato: martedì 15 marzo 2011 16.39
A: NT System Admin Issues
Oggetto: RE: R: DNS Issue
Here's a sample trace...
C:\tracert win2k8-1
Tracing route to
Tracert to 172.16.1.6 gets the same result.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
_
From: HELP_PC [mailto:g...@enter.it]
To: NT System Admin Issues
Try adding the IP of the webserver to the Hosts file.
Thank you,
_
Cameron Cooper
System Administrator | CompTIA A+ Certified
Phone: 847-890-4021 | Fax: 847-255-1896
ccoo...@aurico.com | www.aurico.com
From: HELP_PC [mailto:g...@enter.it]
Sent:
I've tried entering both the name and IP address of the webserver and get
connection fail in Internet Explorer. In FireFox, the error is Unable to
determine IP address from host name.
Telnet gets a connect failed.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
On Tue, Mar 15, 2011 at 11:52 AM, Bob Hartung bhart...@wiscoind.com wrote:
I've tried entering both the name and IP address of the webserver and get
connection fail in Internet Explorer. In FireFox, the error is Unable to
determine IP address from host name.
The Firefox error indicates a
I added the webserver to the hosts file and get Internet Explorerr cannot
display the webpage.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
_
From: Cameron
I'd be sure to verify what ports are being allowed through your VPN. What
is your VPN?
On Tue, Mar 15, 2011 at 11:52 AM, Bob Hartung bhart...@wiscoind.com wrote:
I've tried entering both the name and IP address of the webserver and get
connection fail in Internet Explorer. In FireFox, the
Telnet fails with both name and ip address.
NSLOOKUP resolves the name correctly.
FireFox gets The requested URL could not be retrieved when the ip address is
entered.
--
Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax:
Then the problem is likely an access list issue between the two subnets, not
a name resolution issue.
*ASB *(Find me online via About.Me http://about.me/Andrew.S.Baker/bio)
*Exploiting Technology for Business Advantage...
*
On Tue, Mar 15, 2011 at 12:02 PM, Bob Hartung
IP address restrictions on the site itself? Firewall rules?
On Tue, Mar 15, 2011 at 12:02 PM, Bob Hartung bhart...@wiscoind.com wrote:
Telnet fails with both name and ip address.
NSLOOKUP resolves the name correctly.
FireFox gets The requested URL could not be retrieved when the ip
Like Jonathan and I've been saying, check your VPN rules.
You've already stated that name resolution works, per this comment:
I can ping both the webserver's name and IP address from the
172.17.x.x PCs without problem.
From: Bob Hartung [mailto:bhart...@wiscoind.com]
Sent: Tuesday, March 15,
We use a couple of Instagates (eSoft) for VPN.
Looking at the VPN rules, they indicate All services are allowed.
I suspect the issue is related to rules as well. I've got a call into eSoft
tech support.
I'll update when I find out more.
Thanks.
--
Bob Hartung
Wisco
Just need to watch your licensing Groups. That one caught me.
http://technet.microsoft.com/en-us/library/ff793412.aspx
And remember, you do NOT put a license key in the clients. Just in the KMS
host. If you add them to the clients it makes them KMS Hosts, and you have lots
of little KMS hosts
Thanks, my KMS server is in group B, so it should handle my Windows 2008
Standard/Enterprise licenses.
I'm trying to enter Office 2010 codes, and only the first one worked (I used
the Office 2010 Key Management Service Host for the first key to get it going).
I thought I'd need slmgr.vsb
For office 2010, follow this:
http://technet.microsoft.com/en-us/library/ee624357.aspx
http://technet.microsoft.com/en-us/library/ee624357.aspxYou need a
separate install for the office 2010 activation. It's pretty straight
forward. I've also used the VAMT 2.0 tool to actually re-key and
Thanks - I took a look and it works for the first Office KMS code. So do I
need to run the keymanagementservicehost.exe for each Office 2010 key, or run
that once, the add more keys? My understanding was I use the utility to add
the first set of keys and let it activate as the Office KMS
Looks to me like the registry entries that are being modified are not in
the same location in W2k8.
Don Guyer
Windows Systems Engineer
Datasafe Platform
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-293-4499
www.fiserv.com
Sorry for the late reply-been really busy. If the checkbox was originally set
to allow exclusive access when the profile was created and you then change it
(uncheck the box), you will have to manually change the permissions as they are
already set. It only applies those permissions when the
On Tue, Mar 15, 2011 at 2:44 PM, Sam Cayze sca...@gmail.com wrote:
Yep, probably so. But it worked PERFECTLY :( I hammer
this machine will daily tasks and never seen an issue.
I bet it's not Internet Explorer that caused the crash, but Windows
Explorer the shell interface. I've generally
Harry,
So when you activated Office 2010 on your KMS host, you entered just one KMS
key, correct? What if you have keys for Professional, standard, then keys for
specific apps (like Visio or Project)? I have multiple license agreements
with different apps and versions of Office.
I just
Good thinking. Yet, I even killed Explorer manually so the installer didn't
have to.
Odd to say the least.
Addressing it later. I might image my machine and try to dig deeper on that
image at another time.
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent:
Tom,
I'm using one key for office 2010. I've yet to have the need to add an
additional key, but am curious on how to get this done. I'm sure I'm going
to need to add additional keys down the road.
On Tue, Mar 15, 2011 at 2:54 PM, Tom Miller tmil...@hnncsb.org wrote:
Harry,
So when you
Does anyone happen to know if you can create a single volume of, say,
500gb, assign it to a server, and then take 5 data volumes on that
server and enable shadow copies with each data volume configured to use
a maximum of 100gb on the 500gb volume for the shadow copy data?
It may be quicker to
Yes, you can do that.
Chris Bodnar, MCSE
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
From: Paul Hutchings paul.hutchi...@mira.co.uk
To: NT
School of about 110 workstations.
They have a Watchguard firewall doing no proxy's, connection limiting etc.
We had an IPRISM in the picture, pulled it out for testing
Verified all duplex speed settings.
One main HP 2848 switch at the core, all other switches connected via Fiber are
unmanaged.
I've learned recently that you can do what you mentioned. That's sort of
over-subscribing the space available for the VSS snaps.
What will happen is that VSS will start dropping the snaps if they grow to a
certain percentage of the available space. I've heard a value of around 90%,
but
Have you connected a machine directly to the cable modem and tested? Same
issue during the day?
Chris Bodnar, MCSE
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax:
I think you're on the right track looking at the firewall, since the problem
doesn't happen going to internal sites, which don't go across it.
Maybe the firewall is doing some sort of packet inspection which is taking some
time to complete but doesn't put much load on it.
It's odd that the
That is why you are supposed to have labs and test VMs.
Webster
From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Subject: IE9 on servers?
We are updating our Windows Server 2008 R2 build to include Service Pack 1.
During this effort, the question of why not include IE9 at the
Me personally - I would not put IE9 onto an image the day after it was released.
What Web says.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: Webster [mailto:carlwebs...@gmail.com]
Sent: Tuesday, March 15, 2011 5:48 PM
To: NT System Admin Issues
My desktop? Sure.
My server? Not yet. Haven't tested it. There is time.
On Tue, Mar 15, 2011 at 2:47 PM, Webster carlwebs...@gmail.com wrote:
That is why you are supposed to have labs and test VMs.
Webster
*From:* Malcolm Reitz [mailto:malcolm.re...@live.com]
*Subject:* IE9 on
How about a different perspective … I would ask, ‘what is the business
requirement to upgrade IE to version 9 ?’
No requirement, no install. If the previous version suffices and doesn’t
expose more of a vulnerability, then don’t fix what isn’t broken.
Erik Goldoff
IT Consultant
Systems,
Or: Is there a reason to even have/use the Internet on a server at all
(Hint: Usually NO).
IE upgrades on my servers is very low on my list.
From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Tuesday, March 15, 2011 5:08 PM
To: NT System Admin Issues
Subject: RE: IE9 on servers?
My larger client has 4 EQL boxes, and we have 2 running all VMDK and 2
running all RAW. Performance seemed just fine we had Exchange on the RAW and
then VMDK for the o/s. We recently upgraded them to Veeam Backups, and
wanted to take advantage of all that and migrated the Exchange into a vmdk
and
It's more then just IE, so long term I suspect the answer is maybe but not
yet.
On Tue, Mar 15, 2011 at 3:46 PM, Sam Cayze sca...@gmail.com wrote:
Or: Is there a reason to even have/use the Internet on a server at all
(Hint: Usually NO).
IE upgrades on my servers is very low on my list.
I run a similar setup as Ken's using strictly VMDK's. I'm inclined to think
putting the separating the logs and DB's into separate vmdk's but part of
the same VMFS would be good setup and possibly less latency. Although I
haven't seen a performance hit, I currently have the logs and db's as
I'd also use VMDKs. Your perf issue is around making sure you fix the VMDK
sizes. Don't use dynamically expanding ones. It's not supported and it's going
to be slow.
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: Jon D
AWS comes to mind. On premise the IIS Smooth Streaming stuff is slick.
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
From: Doug Hampshire [mailto:dhampsh...@gmail.com]
Sent: Tuesday, March 15, 2011 8:09 AM
To: NT System Admin Issues
Subject: Hosting
Yeah we have plugged in directly to the router, no issue,
Plugged in behind firewall, no issue
Behind iprism, no issue..
Its possible load, but when the issue is happening there is virtually zero on
the pipe, and once the speedtest page loads, I can get 50/5 no issue. Its
simply a delay in
+1
--
ME2
On Wed, Mar 9, 2011 at 7:04 AM, Miller Bonnie L.
mille...@mukilteo.wednet.edu wrote:
I think that checkbox for “grant exclusive rights” might be causing your
problem, as it will change the permissions.
In the AD profile definition, we use the UNC paths, such as
Have you run wireshark on one of the pc's? It might help. Might not
too but it's an avenue to try.
From: gswe...@acts360.com [mailto:gswe...@acts360.com]
Sent: Wednesday, 16 March 2011 12:40 PM
To: NT System Admin Issues
Subject: RE: Seriously Wierd Issue
Yeah we have plugged in
Yeah I am going to connect one to the main switch and turn on the monitoring
port tomorrow to see what we can see. Not sure what I am even looking for
though.
Greg Sweers
CEO
ACTS360.comhttp://www.acts360.com/
P.O. Box 1193
Brandon, FL 33509
813-657-0849 Office
813-758-6850 Cell
813-341-1270
5 Mar 2011 at 1:31 AM, David Lum david@nwea.org wrote:
Is there a better way to do this via login script while still using batch
(read: not VBS or PS)? Specifically avoid the drive mapping stuff. I have
tried variations on %0\..\ but I can't qiute get it to work as itbarfs on
the IF
This is part rant and part request for assistance.
Ok, so I'm sort of new to HP. I used to buy HP Netservers way back in the
day before they merged with Compaq, but switched to IBM back in 2006, and
haven't (seriously) touched any HP servers newer than the LC2000 series.
Enter a new job/new
79 matches
Mail list logo