Process to Fix RDP issue due to Expired Certificate

Process to Fix Remote Desktop issue due to Expired Certificate.

To check the certificate is expired or not follow the below steps.

Go to RUN prompt and Type MMC that will open the Microsoft Management Console. 

 

From MMC we need to add the Certificates Snap in to check the Local System Certificate store.

Below Snap Show the Current Certificate available on the server and its Expiry details under the Remote Desktop Certificate store.

As it’s expired we need to generate a new Self signed certificate.

To create a new Certificate we need IIS Manager

Open the IIS manager and go to the Server root

After opening the root, we will see the features available, we need to select the Server Certificate Feature and have to open it.

Once we open the Server Certificates feature, it will show if any certificates are already available in the store, if not empty store will be shown as shown below.

To Create a new Certificate we need to click on Create Self-Signed Certificate.

As shown below need to Provide a Friendly Identification name for the certificate and select the Personal Option below.

Once we click on OK, it should be able to generate a new self signed certificate, but sometime we get a Access denied error, this we will get because of permission issues on the Machine Key Folder.

To fix the Access denied Error, we need to go to the folder location of “MachineKeys” “C:\ProgramData\Microsoft\Crypto\RSA”

Select the Machine Keys folder and go to Properties> Security Tab & select the Administrators group and provide full permissions to the group

After Providing the rights, apply the rights.

After Providing right go back to server Certicates & create the Selfsigned certificate.

Provide the Details and click on ok as shown below, now it should be able to create a new certificate.

Once the Certificate is generate, it will be available in the Server Certificates store as shown below.

Now we need to Export the same from the store & save that locally.

As shown below provide the location, where the certificate should be saved & also provide any password to access that cert.

Here in this case, we have saved the cert on the desktop.

Double click on RDP cert which will take us to import wizard.

Select the Local Machine and click on next & then next.

Provide Password the same one which was given while exporting the cert.

In the next step we need to select the Remote Desktop Store, where this certificate should be imported.

Click on Finish, which will import the certificate.

Cross check the new certificate, should be available in the Certificate MMC & check the properties. Which should be as shown below.

Go to Details Tab as shown below.

Select the Thumbprint and copy the Thumb print value.  & paste the Thumb print value in the command line, because that Thumbprint value will have some ASCII characters hidden in it.

Copy the thumb print value in command prompt and remove all the gaps and question mark as below.

After removing the spaces, please copy the  hash value and keep it.

Now we need to use that new cert hash value and replace the same in the WMI Name space using the below command, because as the old certificate value will be there in the name space, that should be replaced with the new value, so that server will start using the new cert hash value and get authenticated. If we don’t perform this step, server will keep on using the old has value, so we will not be able to use the new cert, even if this cert is available in the store. So to replace the old has value we need to use the below command.

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGener
alSetting Set SSLCertificateSHA1Hash="NEW-CERT-Hash-Value"

By following the above steps, certificate issue will get fixed. If you have any queries or doubts on the same let me know.

Running Dell DSET Report remotely using DSET Colletor on the ESX/ESXI Hosts

Running Dell DSET Report remotely using DSET Colletor on the ESX/ESXI Servers

Install DSET collector
Source: http://support.dell.com/support/edocs/SOFTWARE/dset/3.2/EN/ug/pdf/ug.pdf

Permanently Installing DSET and Generating Report on Windows Operating System

Before installing DSET, make sure that the installation prerequisites are met. For more information, see "Installation Prerequisite For Windows Operating System".

Using GUI For Windows Operating System

To permanently install DSET on Windows operating system:

1. Run the Dell_DSET_(Version Number).exe file. The Welcome to the Dell System E-Support Tool (3.2) Installation Wizard window is displayed.
2. Click Next The License Agreement is displayed.
3. Select I accept the license agreement and click Next. The Readme Information is displayed.
4. Click Next. The Installation Type window is displayed.
5. Select Install DSET Components and click Next. The Select Installation Type window is displayed.
6. Select one of the following options and click Next
• DSET Collector and DSET CIM Provider (default)
• DSET Collector
• DSET CIM Provide

The Destination Folder window is displayed.
7. Click Browse and select the folder to install DSET or use the default location and click Next.
The User Information window is displayed.
NOTE: The default location for Windows (x86) systems is C:\Program Files\Dell and
For Windows (x86_64) systems is C:\Program Files (x86)\Dell.
8. Enter the following:
• Full Name — Enter your full name.
• Organization — Enter your organization information.
9. Click Next. The Ready to Install the Application window is displayed.
10. Click Next.The Updating System window is displayed indicating the installation status. After installation, the Dell System E-Support Tool (3.2) has been successfully installed window is displayed.
11. To generate the report and/or upload (optional step):

• Run and Collect DSET Report — Select this option to generate the report.
• At request upload the report to Dell Technical Support — Select this option to upload the report to the Dell Technical Support when requested.
12. Click Finish to close the installer. DSET is now installed in the local system and if you have performed step 11, the report is also generated and/or uploaded.

We Can Run DSET Collector from the remote System

To run the report on a remote system, provide the Fully Qualified Domain Name (FQDN) or IP address of the remote system and administrator credentials.

Run the below command this will run the Deset report on the remote system and will store the report on the local system from where we are running this report.

C:\Program Files\Dell\AdvDiags\DSET\bin>DellSystemInfo.exe -s -u -p -d hw,sw -r C:\temp\dset.zip

Build light weight Active Directory 2008 server core in easy way

Build your Active directory  server just with 512Mb ~ below 1GB RAM.
Before knowing this please let me give you some details & benefits of using 2008 server core configurations.

There are many benefits of running Server Core instead of a Full installation. Below are the benefits which can be claimed by implementing the server core technology.

• Greater stability. Because a Server Core installation has fewer running processes and services than a Full installation, the overall stability of Server Core is greater. Fewer things can go wrong, and fewer settings can be configured incorrectly.
• Simplified management. Because there are fewer things to manage on a Server Core installation, it's easier to configure and support a Server Core installation than a Full one—once you get the hang of it.
• Reduced maintenance. Because Server Core has fewer binaries than a Full installation, there's less to maintain. For example, fewer hot fixes and security updates need to be applied to a Server Core installation. Microsoft analyzed the binaries included in Server Core and the patches released for Windows Server 2000 and Windows Server 2003 and found that if a Server Core installation option had been available for Windows Server 2000, approximately 60 percent of the patches required would have been eliminated, while for Windows Server 2003, about 40 percent of them would have.
• Reduced memory and disk requirements. A Server Core installation on x86 architecture, with no roles or optional components installed and running at idle, has a memory footprint of about 180 megabytes (MB), compared to about 310 MB for a similarly equipped Full installation of the same edition. Disk space needs differ even more—a base Server Core installation needs only about 1.6 gigabytes (GB) of disk space compared to 7.6 GB for an equivalent Full installation. Of course, that doesn't account for the paging files and disk space needed to archive old versions of binaries when software updates are applied. See Chapter 2 for more information concerning the hardware requirements for installing Server Core.
• Reduced attack surface. Because Server Core has fewer system services running on it than a Full installation does, there's less attack surface (that is, fewer possible vectors for malicious attacks on the server). This means that a Server Core installation is more secure than a similarly configured Full installation.

Possible Usage Scenarios

Consider again the nine server roles you can install on Server Core:

• AD DS
• AD LDS
• DNS
• DHCP
• File Services
• Print Services
• Streaming Media Services
• Web Server (IIS)
• Hyper-V

This list of roles should immediately suggest some possible usage scenarios for Server Core within your organization. Here are some ways that you could use Server Core to make your network more secure, more reliable, easier to manage, and easier to maintain:

• Infrastructure servers. Domain controllers, DHCP servers, and DNS servers are the backbone of your network. Running these roles on Server Core can strengthen this backbone in every way.
• Branch office servers. Because Server Core installations are more secure and require fewer software updates than Full installations, they are ideal for use in remote locations, such as branch offices where you have few (or no) information technology (IT) staff and less physical security than at your head office location. For example, you might deploy a Server Core installation as a read-only domain controller with BitLocker for added security at a branch office.
• Server consolidation and testing. Because Hyper-V is a supported role on Server Core, you can use Server Core to consolidate multiple servers onto a single system while still keeping them isolated. This can help lower your TCO by reducing your hardware requirements and your power, cooling, and management costs. Server Core running Hyper-V also provides a convenient environment for deployment testing.
• Extending hardware life. Because Server Core has lower disk and memory requirements than Full installations, you may be able to get more life out of old systems. For example, when you need to upgrade your e-mail or database servers, those boxes could be moved down the line to become network infrastructure servers running Server Core.

Now our AD installation starts
how to setup domain control using Command prompt.Before planning to implement a domian controller there are some prerequisites which are mandatory.

1)IP address
2)


At command prompt type
netsh interface ipv4 show interfaces

This will show all the network interfaces that available in the server. Please keep note on idx number of the interface that you need to assign the ip in our case its 10
netsh interface ipv4 set address name="10" source=static address=10.0.0.15 mask=255.255.255.0 gateway=10.0.0.1
in here I wanted to apply ip address 10.0.0.15 to the interface. Here you can see after the command the server got the new ip address

Next step was to assign DNS server ip 10.0.0.15
netsh interface ipv4 add dnsserver name="10" address=10.0.0.15 index=1

• Now its ready for the DC install. Now we need to create unattend answer file for the domain install

notepad unattend.txt
then you need to type the file with the requirement
[DCINSTALL]
UserName=administrator
NewDomain=forest
NewDomainDNSName=Testlab.edu
Password=Pa$$w0rd
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=domain
DatabasePath="%systemroot%'NTDS"
LogPath="%systemroot%'NTDS"
SYSVOLPath="%systemroot%'SYSVOL"
InstallDNS=yes
ConfirmGC=yes
SafeModeAdminPassword=Pa$$w0rd
RebootOnCompletion=yes
Below is the unattend note snap, this will install domain testlab.edu with DNS

You can execute it from command line
dcpromo /answer:c:\unattend.txt

it will take some time to install and after install it will automatically restart. After restart its done. Now you have DC with Server 2008 core.
If you have nay question feel free to ask me on jakkireddy8@gmail.com