Instead of hunting down Domain Controllers in ADSS and replicating each manually after some last-minute changes, you can run the following repadmin command to run a sync against all the connections:
repadmin /syncall /APed
The /APed stands for All-partitions, Push, Enterprise-cross-sites and Distinguished names.
This will replicate all domain controllers simultaneously.
If you ever want to query AD for Certification Authorities, skip ADSI Edit… there’s a quick way to do it using certutil. Here’s how:
certutil -config – -ping
Note the extra empty dash between -config and -ping is needed to query the list of CAs.
Credit for the useful command goes to colleague and UC ninja Jeff Carlson.
Recently I came across an issue where the Edge server would not replicate the topology. After spending some time looking through firewall ACLs, NAT exemptions, packet captures and the rest of the usual networking stuff, it turns out the problem was WAY more obscure than simple connectivity…
If your Edge server’s Trusted Root CA store contains over 100 entries, the SChannel security package will truncate this list internally and depending on where your internal Root CA sits in the alphabetical order, it could be truncated and affect the ability to replicate the Lync topology over HTTPS 4443.
To resolve this issue, there are two options:
1. Delete unnecessary certificates from the Trusted Root CA store of the Edge server. This could potentially affect federated partners depending on which Root CAs you delete, but is a quick and easy way to fix the problem.
2. Edit the registry on the Edge server to add a DWORD value, SendTrustedIssuerList, to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL key and assign it a value of 0. This will prevent schannell.dll from truncating the Root CA list from the edge server, and allow validation tests to pass.
This was taken from the Technet’s Lync Forums here
Being on Windows 8’s lock screen will automatically turn your display off after 1 minute regardless of your power settings. Even if you have your screen set to never turn off, the lock screen will override that setting and turn off displays after the minute passes.
To enable the setting under Display for Advanced Power Options, do the following registry change under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7
Change Attributes from 1 to 2
Open the Advanced Power Options for your profile and you will now see the option. Enjoy!
Windows 8 now introduced taskbar options when using multiple displays! You can set it to show all programs, show only those which are active on the display, or just turn the feature off (but WHY would you do that?).
The Dell PERC H200 is a very basic RAID controller that does not have battery-backed cache, and therefore does not let you enable Write Caching within the OS. Writes using the H200 adapter can be very slow, so much that Windows Updates could take 2 to 3 hours on a RAID1!
To force enable write cache on an H200 adapter (at your own risk), do the following:
Just found out that if you are running Windows 8 with the Hyper-V Platform installed, some important settings in your “Processor Power Management” section under Power Options go missing. This is because Hyper-V decides to keep your CPU clocked at 100%.
This is obviously bad if you’re on a laptop, since your CPU will no longer clock itself down when not in use, and your battery will drain considerably faster.
Unfortunately, the only way to re-enable power management for your CPU is to uninstall the Hyper-V Platform from the OS. More of a reason for me to keep using VMware then…
To set the timezone on a Server Core 2008 R2/2012, or any other version if you fancy CLI, use the following:
TZUTIL /G to list the current timezone
TZUTIL /L to list all available timezone settings
TZUTIL /S “Central Standard Time” to set your timezone to CST as example
Also useful is the w32tm tool to change settings around the Windows Time Service, such as setting up a manual NTP peer or forcing a time resync.
If you’re reading this, chances are that you just installed Windows Server 2012 in the recommended instance of Server Core, and upon boot, you get the nice little cmd.exe window but nothing else. Here’s how you get started using PowerShell cmdlets to configure it:
Rename: Rename-Computer computername
Reboot: Restart-Computer
Configure an IP: New-NetIPAddress -IPAddress x.x.x.x -InterfaceAlias “Ethernet” -DefaultGateway x.x.x.x -AddressFamily IPv4 -PrefixLength 24 (or whatever your subnet mask is)
Configure a DNS server: Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses x.x.x.x
Join a domain: Add-Computer -DomainName domain.com
You can start using Server Manager after that to install roles and features, and configure them. If you can’t use Server Manager remotely, you might want to run Configure-SMRemoting.exe -enable and maybe disable/modify the Windows Firewall rules using MMC from another system
So it has been a little over three months since I last posted, and having left off before starting to explain a simple WPA Enterprise implementation, I will now continue.
I’ll assume you already have a Domain Controller setup with a Certification Authority, and Internet Authentication Service, since that will be the key around authenticating our users and computers.