Hot To Enable TLS 1.2 in Windows Server 2008 or 2016 We previously had a post that handled this solutions called: How to Enable TLS 1.2 on Windows 2008 R2 This post is an update to how the enable and Mange TLS 1.2 on Windows Servers. The reason for the update is because we now use a free tool when we are managing our servers. But first some background. What you need to know about TLS 1.2 According to…https://docs.microsoft.com/en-us/windows/desktop/SecAuthN/protocols-in-tls-ssl–schannel-ssp- TLS 1.2 client and server are enabled by default. But… https://social.technet.microsoft.com/Forums/en-US/cb1a695b-a15c-4fa7-94f0-1aaa20c1279d/enabling-tls-12-on-windows-server-2012-amp-2016?forum=winserversecurity …says Turns out it is, but not enabled for SCHANNEL service Hence you MUST follow… https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs#enable-and-disable-tls-12 Please articulate this! Say… You can enable and disable SSL 2.0 and 3.0 and TLS versions 1.0, 1.1, and 1.2 using Manage SSL Protocols in AD FS. On Windows Server 2016, to use TLS 1.2, you must explicity enable it by following instructions at… Read More »Hot To Enable TLS 1.2 in Windows Server 2008 or 2016
Setting up an HTTP/HTTPS redirect in IIS Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers. In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “yourdomain.com” will be redirected to “https://yourdomain.com” or “https://www.yourdomain.com” (depending on your choice) making the traffic encrypted between the server and the client side. Below are steps to setup a IIS HTTPS redirect: Download and install the “URL Rewrite” module. Open the “IIS Manager” console and select the website you would like to apply the redirection to in the left-side menu: Double-click on the “URL Rewrite” icon. Click “Add Rule(s)” in the right-side menu. Select “Blank Rule” in… Read More »SmarterMail Force HTTPS
DNN Event ID 1310 after moving website to new server Exception message: Unsecured Passwords Format Detected
IIS throwing Event ID 1310 Exception message: Unsecured Passwords Format Detected The Error Message Exception information: Exception type: ConfigurationErrorsException Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider. The obsoleted password format is: Encrypted. For more information, see https://go.microsoft.com/fwlink/?linkid=834784. Request information: Request URL: Request path: User host address: User: Is authenticated: False Authentication Type: Thread account name: IIS APPPOOL\DefaultAppPool The Problem was actually simple and a “user error” We tried to connect the website up to the wrong database. i.e. When we copied the database and moved it, we inadvertently copied the wrong database. This caused the above error due to the fact that the machinekey data in the web.config file was wrong for the database. This caused the error 1310 to be thrown and the Application Pool associated with the new incorrectly setup site to stop. The fix. Connect to the… Read More »DNN Event ID 1310 after moving website to new server Exception message: Unsecured Passwords Format Detected
KB – Granting folder permissions to IIS application pools Skip to end of metadata Go to start of metadata Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name “Smartcrypt,” a security identifier with the name “Smartcrypt” is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console. This can be configured by selecting a folder in Windows Explorer and adding the “Smartcrypt” identity to the folder’s Access Control List (ACL). Open Windows Explorer Select the directory the Smartcrypt Manager is installed under (eg: c:\web\mds) Right click the directory and select Properties Select the Security tab Click the Edit button and then Add button Click the Locations button… Read More »Adding Application Pool Identity in IIS to a Folder
Windows Server 2016 Download Maps Manager Delayed Start Red in Server Manager Dashboard Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly.And it is because your MapsBroker stopped or never started to work. The good news for users of a system that ships in a state that throws an error is that the fix is quite simple. When you click on the service, you will see something like this. Even if you attempt to force a start, it does not resolve this issue. The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions. The Fix The simple fix is to disable this service. The easy way to do this is to: Open Windows Powershell Be sure to open this by right… Read More »Windows Server 2016 Download Maps Manager Delayed Start
Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server. Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 1. Open a PowerShell with Administrator rights. 2. Exercute: Import-Module ServerManager Install-WindowsFeature Desktop-Experience That’s it. A Reboot of the Computer is required.
Problem How to enable TLS 1.2 on Windows Server 2008 R2? Note: We have an update to this post that has a new and better solution. We now suggest you read: How to Enable TLS 1.2 in Windows Server 2008 or Windows Server 2016 Resolution QuoVadis recommends enabling and using the TLS 1.2 protocol on your server. TLS 1.2 has improvements over previous versions of the TLS and SSL protocol which will improve your level of security. By default, Windows Server 2008 R2 does not have this feature enabled. This KB article will describe the process to enable this. Start the registry editor by clicking on Start and Run. Type in “regedit” into the Run field (without quotations). Highlight Computer at the top of the registry tree. Backup the registry first by clicking on File and then on Export. Select a file location to save the registry file. Note: You will be editing the registry. This could have detrimental effects on… Read More »How to Enable TLS 1.2 on Windows 2008 R2