Windows 2012

Hot To Enable TLS 1.2 in Windows Server 2008 or 2016

by David Finley
CRM, CRM 2011, CRM 2013, CRM 2015, CRM 2016, Exchange Server, Windows 2012, Windows 2016

Hot To Enable TLS 1.2 in Windows Server 2008 or 2016 We previously had a post that handled this solutions called: How to Enable TLS 1.2 on Windows 2008 R2 This post is an update to how the enable and Mange TLS 1.2 on Windows Servers. The reason for the update is because we now use a free tool when we are managing our servers. But first some background. What you need to know about TLS 1.2 According to…https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/protocols-in-tls-ssl–schannel-ssp- TLS 1.2 client and server are enabled by default. But… https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity …says Turns out it is, but not enabled for SCHANNEL service Hence you MUST follow… https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Please articulate this! Say… You can enable and disable SSL 2.0 and 3.0 and TLS versions 1.0, 1.1, and 1.2 using Manage SSL Protocols in AD FS. On Windows Server 2016, to use TLS 1.2, you must explicity enable it by following instructions at… Read More »Hot To Enable TLS 1.2 in Windows Server 2008 or 2016

SmarterMail Force HTTPS

Setting up an HTTP/HTTPS redirect in IIS Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers. In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “yourdomain.com” will be redirected to “https://yourdomain.com” or “https://www.yourdomain.com” (depending on your choice) making the traffic encrypted between the server and the client side. Below are steps to setup a IIS HTTPS redirect: Download and install the “URL Rewrite” module. Open the “IIS Manager” console and select the website you would like to apply the redirection to in the left-side menu: Double-click on the “URL Rewrite” icon. Click “Add Rule(s)” in the right-side menu. Select “Blank Rule” in… Read More »SmarterMail Force HTTPS

How Install Disk Cleanup Tools Windows 2012 or Windows 2016

Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server. Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 1. Open a PowerShell with Administrator rights. 2. Exercute: Import-Module ServerManager Install-WindowsFeature Desktop-Experience That’s it. A Reboot of the Computer is required.

What Version of Windows PowerShell do I have running?

What Version of Windows PowerShell do I have running? How to determine what version of Windows PowerShell is installed on your windows server? Solution Open PowerShell and run $PSVersionTable.PSVersion You will then see the result displayed obviously.

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException

Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException This is a typical error for Modules that have been downloaded from the internet and are not given permission to run on the computer. The solution Really Easy. Open PowerShell Navigate to the directory in the error message that contains the Module you intend to run. Running a command like: cd C:\Users\administrator\Documents\WindowsPowerShell\Modules\ACMESharp\ Then Run the Command: Get-ChildItem . | Unblock-File This will set the module files to be able to be used by PowerShell That’s it. Now the module should run fine.

The trust relationship between this workstation and the primary domain failed Hyper-V Server

The trust relationship between this workstation and the primary domain failed When playing around with some Hyper-V servers that have been inactive for some time, we received an error: The cause of this is due to the fact that Active Directory is doing a lot more than simple user name and password storage. We found that a Hyper-V system that remains off for some time, then is turned on again can suffer this. The reason for this has to do with the way that some applications use the Active Directory. Take Exchange Server, for example. Exchange Server stores messages in a mailbox database residing on a mailbox server. However, this is the only significant data that is stored locally on Exchange Server. All of the Exchange Server configuration data is stored within the Active Directory. In fact, it is possible to completely rebuild a failed Exchange Server from scratch (aside… Read More »The trust relationship between this workstation and the primary domain failed Hyper-V Server

Moving Active Directory AD to a New Domain Controller DC

Since I don’t have to do this very often, but always seem to forget how to transfer the Schema Masterand Domain Naming Master, I decided to write it down, when it came up again as I transferred all the roles to my Windows 2012 server. The following three FSMO roles can be migrated from Active Directory Users and Computers. Right mouse click on the domain and select Operations Masters. There is one tab for each of the three FSMO roles: PDCRID Pool ManagerInfrastructure Master The following FSMO role can be transfered from Active Directory Domains and Trusts. Right mouse click on Active Directory Domains and Trusts, and select Operations Master.: Domain Naming Master For the Schema Master FSMO role, you first need to register a dll by executing the following command (Note: This only needs to be done once from an elevated command prompt.): c:\> regsvr32 schmmgmt.dll Then, you can add the Active Directory Schema Snap-In to a Microsoft Management Console (MMC). With… Read More »Moving Active Directory AD to a New Domain Controller DC

SQL 2014 'Agent XPs' componet is turned off when accessing Maintenance Plans

When trying to create a Maintenance Plan you get an error: ‘Agent XPs’ component is turned off as part of the security configuration for this server. A system administrator can enable the use of ‘Agent XPs’ by using sp_configure. For more information about enabling ‘Agent XPs’ see “Surface Area Configuration” in SQL Server Books Online. (Object Explorer) Details of the error are: =================================== Cannot show requested dialog. =================================== Unable to execute requested command. ——————————Program Location: at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ToolMenuItemHelper.OnCreateAndShowForm(IServiceProvider sp, XmlDocument doc) at Microsoft.SqlServer.Management.SqlMgmt.RunningFormsTable.RunningFormsTableImpl.ThreadStarter.StartThread() =================================== ‘Agent XPs’ component is turned off as part of the security configuration for this server. A system administrator can enable the use of ‘Agent XPs’ by using sp_configure. For more information about enabling ‘Agent XPs’, see “Surface Area Configuration” in SQL Server Books Online. (Microsoft.SqlServer.Management.MaintenancePlanWizard) ——————————Program Location: at Microsoft.SqlServer.Management.MaintenancePlanWizard.MaintenancePlanWizardForm.LoadData() at Microsoft.SqlServer.Management.MaintenancePlanWizard.MaintenancePlanWizardForm..ctor(XmlDocument doc, IServiceProvider serviceProvider) The Cause This is caused because the “SQL Server Agent” is not… Read More »SQL 2014 'Agent XPs' componet is turned off when accessing Maintenance Plans

Windows 2012 Turn off Password Complexity

How to disable (turn off) the default Windows 2012 Administrator Complexity 1. Open the Administrative Tool 2. This places you in the Administrative Tools section. Select Local Security Policy. ‘ 3. Change the password Must Meet Complex Requirements option to Disabled. In a Domain Environment, for an Active Directory Domain Server. In the Server Manager click on Tools and from the drop down click Group Policy Management Expand Forrest >> Domains >> Your Domain Controller. NOTE: There are some steps in the comments that some have made, that advise of additional steps at this point. Try without, but if you fail… have a look in the comments. Right click on the Default Domain Policy and click on the Edit from the context menu. Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy Double-click on the Passwords Must Meet Complexity Requirements option in the right pane. Select Disabled under define this policy setting: Click Apply then OK all the way out and close the GPO window. In order to… Read More »Windows 2012 Turn off Password Complexity

Windows 2012 R2 Remote Desktop Enabled Cannot RDP Connect

Windows 2012 RDP Remote Desktop Enabled but you Cannot Connect You find that after you enable the Windows 2012 RDP or Remote Desktop Connection features to allow you to remote desktop into your new server, you are still unable to connect to the server. The Cause By default on new installs of Windows 2012 R2 the server firewall is enabled for TCP IP on Remote Desktop User Mode In TCP-IP. The Fix Enable the rule that permits access through the Windows Firewall. 1. Search for Firewall and open “Windows Firewall and Advanced Security”. 2. Find the rule “Remote Desktop – User Mode TCP-in” and ENABLE Rule

ADFS Server on Windows 2012 R2 – AddressThe e-mail address of the userGiven NameThe given name of the userName

Setting up an ADFS 3.0 Server on Windows 2012 R2 On testing the setup, you receive an error that looks like this: dkYfAUMU0yl74SE4kki4WC2wzYiQ2c5ea3sOz/KMfAk=f1EHPUY2buvcksrq2PV4Jzz1gPzqqsJLte1AgpTWwtQ0MnKMgzgVQ5OTSTcElWugzU4m3nZFOz0OmR9nUd/KaKasgnv0kxKO7SjuQ09VTtcIblHBwr/sRe13Q5pb6LeWC17g5/STWC4JMy9MjQzk97WvBLtNjlV77tijW9EK5XTQAuUqyXfbZsPuMw9hLZ7YBEEWB8SEmopUHWVGcVYAEjl3eFk+jqbPmL71K9OdlBM0l0BuzK9vr1rppjBHKUoWP7nuhiY9oohaVkktUA4pI9DhWhMwVhGx3Yr8VYyZtI65LfeIyyz2MzEhcxuzkaxory4VQdxn4af4r534mP5W5w==MIIC2DCCAcCgAwIBAgIQfjdRsjCXc75E99PlMFiDijANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDEx1BREZTIFNpZ25pbmcgLSBpd2Vic2NybTE1LmNvbTAeFw0xNTAyMTgwNzQ3NTRaFw0xNjAyMTgwNzQ3NTRaMCgxJjAkBgNVBAMTHUFERlMgU2lnbmluZyAtIGl3ZWJzY3JtMTUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuThBgpEQ0IeqKWmaVdlY4idGsd7E/PiPdggk9Ol+wA/bYSSth4sHPOe2DWFu+IkgqaCKfZdCN6aI8TmQbfPjcqwlJSGqws2EFO/TULpbu/x1AwYV6J++BhpFD0iPbFPuypqGgC423+Z6RjP/99wU4tu5GtxvUD2L8iuW9AtXnZJy6MFDLmITVTWCzFQnPC7lGjY1mQ/XZXmidgq0f29qK1mvqGuwGT/BhQO1woj6O95gPhF3ZCMqW6h6ma0LjJhj1dR36NIs0k0sseUUjGbfOF81WZPm7e/HaDUJTF4ox51VIrf+Z7+HpUBCesYwFXhyCvYq6TIvY5NTkRWCKQ97mQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBl4L7NIWBeoeQRJg9RlkDzs2stg7Q+tZ6tminURNOC8ch0vhITbCq60uKXBzXn9LTHex1iXNlyZwI5YGXbw9pBsybDPDFxtyBGAwi/EX8Y0xe7ePGs7jNaGDMywFofP61g64HIAey6YjvKYFPxMqZmDBrzIhNnZ44f/o07TTOCdZJkqh5L/Qjilzfw2bwVg3uGaFthrn1LkL9xB82kuuXYW1QWe37Y9Gwf57qTQo56S44pxBB8loKn4hkNaRdKCgNCH7Ary3uLmmaFP/ETucAkIcy9Y/wr+TEzDVvGkRqCaWLUKeOumc+p026Jv3r/ba4Iq2njfat/pNv+dRIqt/PKMIIC3jCCAcagAwIBAgIQFOgcyJdf6pRLRqk+kAcU1zANBgkqhkiG9w0BAQsFADArMSkwJwYDVQQDEyBBREZTIEVuY3J5cHRpb24gLSBpd2Vic2NybTE1LmNvbTAeFw0xNTAyMTgwNzQ3NTVaFw0xNjAyMTgwNzQ3NTVaMCsxKTAnBgNVBAMTIEFERlMgRW5jcnlwdGlvbiAtIGl3ZWJzY3JtMTUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA539QwHAojXm5lcKoRAAe3yoOQxCbItjkgWsomRat9/E9o+tpszADLfO6KcyIwmxMdcN1mIPzEUzW/Fc5biMGCK2jSNCKN9HXiABUXJcRa+iZ7RN7eFdmKcLXRWaAeqb/l0icuSqbKxxCb3gFnQUxpRar7gZmS6xrnz0MBkRI7LXD/Mp6kU0VnfAMHQf33Wt1LXf/+w+l9V78o5b95OylPleRA6dplNfv60GLemmXY45VTpPlBDV0gFBrkYgmg7DPhR0U3MY1RYuUAsWx3htY7S4oNTEbl96Hyel6UPWiqaZFeeN+3aujABohgHM0vVVndswyxe2pnMZtieWJ+pP8yQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDjfiC4cMQ353SjBRAtbSH6hJ9zZ97yvguVNELyHojSUmi6VEHT6OWsntFWxPsGZvJ0Oq34KM4ZSrnq5QhrB4QuB26RLSw1yR9jBtZMTy/fGm4X25wczPCoZbkrySktPtyCVC3xJw6MKlwcZNGF/zOwoqjeY015Z4CGJsBijtd7MSBf+6ijAcGYdxC1bumB3vfsJ9bu1eVu9QRpDQm78zXpw/LBMj68RfiXz50WRlALa+ca7NqeVIKcSYx20JaSAoe6y1tWlAPVieGDpaXzpKFQ/fF1wIHjdc3euNeKAX/eaV56vCuBG4kwAjSSrawwt/nZ4nflpKVC8RLNgobeaDnTE-Mail AddressThe e-mail address of the userGiven NameThe given name of the userNameThe unique name of the userUPNThe user principal name (UPN) of the userCommon NameThe common name of the userAD FS 1.x E-Mail AddressThe e-mail address of the user when interoperating with AD FS 1.1 or AD FS 1.0GroupA group that the user is a member ofAD FS 1.x UPNThe UPN of the user when interoperating with AD FS 1.1 or AD FS 1.0RoleA role that the user hasSurnameThe surname of the userPPIDThe private identifier of the userName IDThe SAML name identifier of the userAuthentication time stampUsed to display the time and date that the user was authenticatedAuthentication methodThe method used to authenticate the userDeny only group SIDThe deny-only group SID of the userDeny only primary SIDThe… Read More »ADFS Server on Windows 2012 R2 – AddressThe e-mail address of the userGiven NameThe given name of the userName