July 14, 2011
at 10:40 am
(General)
Update: I found that my core switch was the problem. Replaced, and it’s working.
Problem:
Switch is a generic 24-Port Gigabit network switch, no routers between hosts, no gateways except to exit my subnet and to the Internet.
I currently have a physical machine running Windows 2003 R2 Standard, running as a small DHCP, DNS, and AD Server.
I have two pysical machines running ESXi Hypervisor. On one of the ESXi servers I am running four virtual machines. They work fine. On the other I just setup a single virtual machine for now, and it is running Windows 2003 R2 and RIS+WDS (WDS Mixed Mode).
I then boot a laptop on the same network, hit F12 for network boot menu in the BIOS choose Network and hit enter, the laptop gets a DHCP address and then tries to Forward me to the ProxyDHCP running on the WDS server. It fails, “WDS Service could not be found.” Then it prompts me to hit F12 to actually start the RIS+WDS Menu, hit that, and it crashes, cannot find \Boot\BDE.
I then setup a VM on the same ESXi host as the WDS server, boot up a new VM and hit F12, instant gets DHCP, no forward to ProxyDHCP bullshit and hit F12 again to start menu. Works great.
I then setup a VM on the opposite ESXi host as the RIS+WDS server. Same results as the laptop.
Seems to only work within the same vSwitch. So I changed out network cards as it was easy, and no huge configuration changes. Same results.
I then did the following on the Windows 2003 R2 DHCP server:
“Running WDS in a mixed mode configuration, and after reading everything needed to add PXEClient to a domain controller running the DHCP service in Windows 2003 R2.”
This post helped out quite a bit: http://felixyon.blogspot.com/2010/12/remote-installation-service.html
Did nothing, and I have since removed the option.
I then decided to take ten minutes and swap out the core switch that I am using, dropped in a Cisco I have lying around and cleared the config, setup as a flat switch same as the other, tried the laptop, instant DHCP, no ProxyDHCP loads menu, done.
Tried the VM that was not working, instant done. Tried the VM that was working, still is.
It seems that this switch is blocking DHCP requests after the first has passed and will not allow clients that just got a DHCP address to hit another DHCP server to get PXE details.
Comments
March 9, 2011
at 8:57 am
(How To)
Starting with this virtual machine that I previously installed Active Directory on, next I am going to setup a simple Certificate Services service. This should usually be installed on a very secure machine in your organization as it will hold all of the private keys and be able to generate the public keys used in your network and possibly used on external services if you so wish.
Start by going to Control Panel, and Add or Remove Programs.
Click Add/Remove Windows Components, check the box next to Certificate Services. A dialog will appear with a warning as per the photo below.
Be sure you read this warning, and click Yes to continue. Then click Next.
Select ‘Enterprise root CA’ and click Next.
You will be asked for the ‘Common name for this CA:’ type in the computers name. In our case from the last walk through this was “default-fm878pv” which I did not change. If you did not change the name to something more meaningful, you can cancel out now and change it.
Click Next. Click Next again to accept the database paths. You will be asked for the Windows 2003 CD now. Insert it and click OK. After the file copy, you may be presented with this.
Click OK.
In this walk through we will enable Web Enrollment. As we might use it later for smart cards and such.
Back at the Add or Remove programs screen, click Add/Remove Windows Components again click ‘Application Server’ but do not check it, then click Details.
Click on ‘Internet Information Services (IIS)’ but do not check it and click Details.
Scroll down and check the box next to ‘World Wide Web Service’ and click OK. Click OK again. Then click Next. If you removed the 2003 CD, you will need it again.
Reboot the server.
Open a Command Prompt and type ‘certutil -vroot’ as shown in the photo below and hit Enter.
Open Internet Explorer on the server, or another workstation on the network, and connect to the server via name or IP address and browse to /certsrv like shown below in the photo.
If you see this, your web enrollment is working.
You can administrate your Certificate Services install, through Administrative Tools.
You can now use EFS with certificates on your Active Directory client machines. You will now want to look up how to issue administrator certificates to decrypt files encrypted by employees or users that you need access to as the network admin and such.
Comments
March 4, 2011
at 12:09 pm
(How To)
I will try to include as many screen shots as possible, to help those that are learning, or are new to installing Active Directory.
This install was performed on a virtual machine running Windows 2003 R2 Standard. The install will be similar to the install on Windows 2000.
We start off with a fresh install. Close the configure your server wizard. We are going to do this manually.
Assign a static IP address to this server, and then for the machines DNS servers primary, type in it’s own IP address. I did this while installing Windows.
Next we need to give this machine a DNS suffix. Choose the same one that you will name the domain. I’m going to use testdomain.home because this is an example setup, and I choose the .home TLD because it is not valid on the internet and will never conflict with a real domain and cause internal network problems like browsing around websites.
If you were to choose say, yahoo.com for your domain name, your clients would not be able to get to the real yahoo.com because your DNS server will resolve it to your Active Directory server and not to the Yahoo servers.
To do this, right click My Computer from the Start Menu, and choose Properties. Select the Computer Name tab at the top, and then click Change. On the Computer Name Changes dialog, click the More button and type in your suffix and click OK.
Restart the server.
Login to the server and start off by making this a DNS server for Active Directory and clients.
Go to Start Menu, Control Panel, Add/Remove Programs. Click on Add/Remove Windows Components on your left. Scroll down to Networking Services and highlight it, don’t check the box next to it, and click Details. Check the box next to Domain Name System (DNS) and then click OK then click Next. Insert the CD if asked, and click OK.
After the files copy, click Finish and close the Add/Remove Programs window.
Go to Start Menu, Administrative Tools, DNS. Right click on Forward Lookup Zones and choose New Zone. Click Next, choose Primary Zone, click Next. When asked for the Zone Name you must type the same one you did for the Computer Name Suffix in the previous steps.
Click Next and then Next again to accept the filename. When asked for the Dynamic Update, choose ‘Allow both nonsecure and secure dynamic updates’. (We will secure this later). Click Next. Then Finish.
Right click on the Reverse Lookup Zones and choose New Zone. Click Next, then Primary zone, then click Next.
Type in the first portions of your networks IP space and click Next, then Next for the filename, and then click ‘Allow both nonsecure and secure updates’. (We will secure this later). Click Next. Then Finish.
Restart the server.
Open a Command Console and type in ‘nslookup’. You should get something similar to the following:
If you get an error, your DNS server is not working correctly yet, and it has to be working to proceed.
Click Start Menu, Run. Type in ‘dcpromo’ and click OK.
Click Next, Next, and Next again for new domain, Next for new forest. When asked for the Full DNS name type in the same you have been for the above steps.
Click Next after typing your DNS name. It will then test your DNS server. You can change the NetBIOS name or leave default and click Next. Default NTDS paths and click Next. Accept defautl SYSVOL and click Next. Click Next again and then Permissions for 2003 and Higher only and click Next. Choose a password for recovery mode, and click Next. Next again and the process starts.
When it’s all done, click Finish, and Restart.
Click Start Menu, Administrative Tools, DNS. Click and then Right click on your domain under Forward Lookup Zones and choose Properties. To the right of Type click Change. Click the check box, Store the zone in Active Directory click OK and then Yes then change the dynamic updates drop down box to Secure Only and then click OK.
Do the same for the Reverse Lookup Zone. Click and then Right click your network subnet, and click Properties. Change the type to Store in Active Directory. And then dynamic updates to Secure only and click OK.
You now have a domain controller to join clients to. Make sure the clients are using the domain controller as their DNS server.
Comments
February 25, 2011
at 9:59 am
(General)
This is the driver you will need if you want to connect your HTC EVO or other HTC devices to a computer running Windows Vista x64 or Windows 7 x64.
You will need this if you want to root it manually as well.
HTC EVO x64 Driver
Comments
January 29, 2008
at 8:52 am
(General)
Before we begin, make sure the phone has a data plan activated and that you can browse the internet using Internet Explorer on the phone.
If your Microsoft Exchange 2003 Server is using Forms Based Authentication, and you are using SSL with the forms based (You SHOULD WHY ARE YOU NOT USING SSL!!!?) then you will need to either get a certificate from a 3rd party that is trusted by the device, or you will need to transfer the certificate authority’s root certificate to the phone and intregrate it with the Windows OS on the phone.
Because we are cheap, we are going to use our own certificate and save ~$60.00 a month.
You will need to use Internet Explorer and web browse to your Certificate Server on your network. Usually it will be something like, http://adserver/certsrv replace http with https if you use SSL on that server (You should be anyway.) and replace adserver with the name of the server running IIS and Certificate Services.
At the bottom of the webpage, click on Download a CA certificate, certificate chain, or CRL. After the next page loads, click on Download CA certificate at the bottom. You will be presented with a file download dialog, save the file where you can find it later.
Close Internet Explorer and then plugin the MDA Phone into your computer with the USB cable. Make sure you have ActiveSync installed from Microsoft. Navigate to the My Computer, and you should have a new device called ‘Mobile Device’ or something similar. Nice big orange thing.
Copy the certificate into that device, under the My Documents folder on the device. Then on the device itself, use the File Explorer to find the certificate file, and click on it and choose Yes to import the certificate.
Now you can proceed to setting up ActiveSync on the phone device itself to connect to your Microsoft Exchange 2003 server.
Comments
