Hot To Enable TLS 1.2 in Windows Server 2008 or 2016 We previously had a post that handled this solutions called: How to Enable TLS 1.2 on Windows 2008 R2 This post is an update to how the enable and Mange TLS 1.2 on Windows Servers. The reason for the update is because we now use a free tool when we are managing our servers. But first some background. What you need to know about TLS 1.2 According to…https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/protocols-in-tls-ssl–schannel-ssp- TLS 1.2 client and server are enabled by default. But… https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity …says Turns out it is, but not enabled for SCHANNEL service Hence you MUST follow… https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Please articulate this! Say… You can enable and disable SSL 2.0 and 3.0 and TLS versions 1.0, 1.1, and 1.2 using Manage SSL Protocols in AD FS. On Windows Server 2016, to use TLS 1.2, you must explicity enable it by following instructions at… Read More »Hot To Enable TLS 1.2 in Windows Server 2008 or 2016
Setting up an HTTP/HTTPS redirect in IIS Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers. In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “yourdomain.com” will be redirected to “https://yourdomain.com” or “https://www.yourdomain.com” (depending on your choice) making the traffic encrypted between the server and the client side. Below are steps to setup a IIS HTTPS redirect: Download and install the “URL Rewrite” module. Open the “IIS Manager” console and select the website you would like to apply the redirection to in the left-side menu: Double-click on the “URL Rewrite” icon. Click “Add Rule(s)” in the right-side menu. Select “Blank Rule” in… Read More »SmarterMail Force HTTPS
KB – Granting folder permissions to IIS application pools Skip to end of metadata Go to start of metadata Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name “Smartcrypt,” a security identifier with the name “Smartcrypt” is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console. This can be configured by selecting a folder in Windows Explorer and adding the “Smartcrypt” identity to the folder’s Access Control List (ACL). Open Windows Explorer Select the directory the Smartcrypt Manager is installed under (eg: c:\web\mds) Right click the directory and select Properties Select the Security tab Click the Edit button and then Add button Click the Locations button… Read More »Adding Application Pool Identity in IIS to a Folder
Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server. Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 1. Open a PowerShell with Administrator rights. 2. Exercute: Import-Module ServerManager Install-WindowsFeature Desktop-Experience That’s it. A Reboot of the Computer is required.
What Version of Windows PowerShell do I have running? How to determine what version of Windows PowerShell is installed on your windows server? Solution Open PowerShell and run $PSVersionTable.PSVersion You will then see the result displayed obviously.
Windows PowerShell Module you receive NotSpecified: (:) [Import-Module], FileLoadException This is a typical error for Modules that have been downloaded from the internet and are not given permission to run on the computer. The solution Really Easy. Open PowerShell Navigate to the directory in the error message that contains the Module you intend to run. Running a command like: cd C:\Users\administrator\Documents\WindowsPowerShell\Modules\ACMESharp\ Then Run the Command: Get-ChildItem . | Unblock-File This will set the module files to be able to be used by PowerShell That’s it. Now the module should run fine.
Problem How to enable TLS 1.2 on Windows Server 2008 R2? Note: We have an update to this post that has a new and better solution. We now suggest you read: How to Enable TLS 1.2 in Windows Server 2008 or Windows Server 2016 Resolution QuoVadis recommends enabling and using the TLS 1.2 protocol on your server. TLS 1.2 has improvements over previous versions of the TLS and SSL protocol which will improve your level of security. By default, Windows Server 2008 R2 does not have this feature enabled. This KB article will describe the process to enable this. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field (without quotations). Highlight Computer at the top of the registry tree. Backup the registry first by clicking on File and then on Export. Select a file location to save the registry file. Note: You will be editing the registry. This could have detrimental effects on… Read More »How to Enable TLS 1.2 on Windows 2008 R2
The trust relationship between this workstation and the primary domain failed When playing around with some Hyper-V servers that have been inactive for some time, we received an error: The cause of this is due to the fact that Active Directory is doing a lot more than simple user name and password storage. We found that a Hyper-V system that remains off for some time, then is turned on again can suffer this. The reason for this has to do with the way that some applications use the Active Directory. Take Exchange Server, for example. Exchange Server stores messages in a mailbox database residing on a mailbox server. However, this is the only significant data that is stored locally on Exchange Server. All of the Exchange Server configuration data is stored within the Active Directory. In fact, it is possible to completely rebuild a failed Exchange Server from scratch (aside… Read More »The trust relationship between this workstation and the primary domain failed Hyper-V Server
Since I don’t have to do this very often, but always seem to forget how to transfer the Schema Masterand Domain Naming Master, I decided to write it down, when it came up again as I transferred all the roles to my Windows 2012 server. The following three FSMO roles can be migrated from Active Directory Users and Computers. Right mouse click on the domain and select Operations Masters. There is one tab for each of the three FSMO roles: PDCRID Pool ManagerInfrastructure Master The following FSMO role can be transfered from Active Directory Domains and Trusts. Right mouse click on Active Directory Domains and Trusts, and select Operations Master.: Domain Naming Master For the Schema Master FSMO role, you first need to register a dll by executing the following command (Note: This only needs to be done once from an elevated command prompt.): c:\> regsvr32 schmmgmt.dll Then, you can add the Active Directory Schema Snap-In to a Microsoft Management Console (MMC). With… Read More »Moving Active Directory AD to a New Domain Controller DC
When trying to create a Maintenance Plan you get an error: ‘Agent XPs’ component is turned off as part of the security configuration for this server. A system administrator can enable the use of ‘Agent XPs’ by using sp_configure. For more information about enabling ‘Agent XPs’ see “Surface Area Configuration” in SQL Server Books Online. (Object Explorer) Details of the error are: =================================== Cannot show requested dialog. =================================== Unable to execute requested command. ——————————Program Location: at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ToolMenuItemHelper.OnCreateAndShowForm(IServiceProvider sp, XmlDocument doc) at Microsoft.SqlServer.Management.SqlMgmt.RunningFormsTable.RunningFormsTableImpl.ThreadStarter.StartThread() =================================== ‘Agent XPs’ component is turned off as part of the security configuration for this server. A system administrator can enable the use of ‘Agent XPs’ by using sp_configure. For more information about enabling ‘Agent XPs’, see “Surface Area Configuration” in SQL Server Books Online. (Microsoft.SqlServer.Management.MaintenancePlanWizard) ——————————Program Location: at Microsoft.SqlServer.Management.MaintenancePlanWizard.MaintenancePlanWizardForm.LoadData() at Microsoft.SqlServer.Management.MaintenancePlanWizard.MaintenancePlanWizardForm..ctor(XmlDocument doc, IServiceProvider serviceProvider) The Cause This is caused because the “SQL Server Agent” is not… Read More »SQL 2014 'Agent XPs' componet is turned off when accessing Maintenance Plans
How to disable (turn off) the default Windows 2012 Administrator Complexity 1. Open the Administrative Tool 2. This places you in the Administrative Tools section. Select Local Security Policy. ‘ 3. Change the password Must Meet Complex Requirements option to Disabled. In a Domain Environment, for an Active Directory Domain Server. In the Server Manager click on Tools and from the drop down click Group Policy Management Expand Forrest >> Domains >> Your Domain Controller. NOTE: There are some steps in the comments that some have made, that advise of additional steps at this point. Try without, but if you fail… have a look in the comments. Right click on the Default Domain Policy and click on the Edit from the context menu. Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy Double-click on the Passwords Must Meet Complexity Requirements option in the right pane. Select Disabled under define this policy setting: Click Apply then OK all the way out and close the GPO window. In order to… Read More »Windows 2012 Turn off Password Complexity
Windows 2012 RDP Remote Desktop Enabled but you Cannot Connect You find that after you enable the Windows 2012 RDP or Remote Desktop Connection features to allow you to remote desktop into your new server, you are still unable to connect to the server. The Cause By default on new installs of Windows 2012 R2 the server firewall is enabled for TCP IP on Remote Desktop User Mode In TCP-IP. The Fix Enable the rule that permits access through the Windows Firewall. 1. Search for Firewall and open “Windows Firewall and Advanced Security”. 2. Find the rule “Remote Desktop – User Mode TCP-in” and ENABLE Rule
ADFS Server on Windows 2012 R2 – AddressThe e-mail address of the userGiven NameThe given name of the userName