Archive for category Windows

Azure Point-To-Site VPN – certificates

Vorhängeschloss und Schlüssel 01Let me set the expectation here, I am not going in depth on how to setup an Azure VPN as it has been referenced in many articles which could take you step by step on hot to configure your VPN tunnel to Azure cloud.

My main concern here are methods available in generating those certificates used in establishing that type of VPN. I have used a self signed certificate which works well in most instances but that could always be replaced by a publicly signed certificate to avoid uploading various root trusted certificates to Azure vNet.

The most common way is to use makecert.exe which comes as part of Windows SDK

Open a command prompt:

makecert.exe -sky exchange -r -n “CN=RootCertName” -pe -a sha1 -len 2048 -ss My

makecert.exe -n “CN=ClientCertName” -pe -sky exchange -m 96 -ss my -in “RootCertName” -is my -a sha1

With the introduction of new version of Powershell 4 with Windows 8.1 and Windows Server 2012 R2, we can now generate the self-signed certificate using a simple command without installing Windows SDK and makecert.exe

Using Powershell, run the following line:

New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\My -DnsName CertName -KeyLength 2048 -KeySpec KeyExchange

You can then export the .cer certificate which you can place in your Trusted Root Certification Authorities and upload to Azure.

Both processes work but you will need one of the OS’s highlighted above in order to use the Powershell command, you can install Windows Management Framework but that command wont be available to you on older versions of Windows.



Backing up network device storage using Windows Backup Utility

I had an issue where I was trying to backup a network storage device, there are many limitations to these device including the lack of flexibility in adding any extra functionality like including them in our daily backup.

These storage devices could only be accessed directly via their IP’s or mapped into a machine and backed up directly on that machine using mapped drives, but mapped drives only exist as long as your session is active, as soon as you log off the drive is disconnected.

There is a workaround, (in this scenario I am referring to the Backup utility that already comes installed on Windows 2003 or Windows XP)

    1. Map a drive to that network device and schedule your backup accordingly to backup that drive.
    2. After setting up the schedule task within your session, make note of the backup job name.
    3.Navigate to %Userprofile%\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\
    4. Find the Backup job name (.bks) and edit it with notepad. The file should contain the path to your backed up folder maintaining the mapped drive letter.
    5. Replace the drive letter (e.g X: ) with \\IP_address and save the file.

This would make sure your drive is backed up even if you don’t have an active sessions on the machine.

Leave a comment

Windows 2003 SP2 install fails …. Access Denied!

We have many servers in place which we had to install SP2 on but I have never seen this error before. I have searched the internet, it seems like a common problem but each one of them had a different fix, I won’t be trying them and I had to find a way of applying it.

I have enabled verbose logging during the install by adding /ER option on install. Many files were generated under the %windir% including updspapi.log, svcpack.log, spupdsvc.log, spuninst.log and setupapi.log.

Make sure you look through all log files and search for errors or failed processes, of course each of these files log have different information. In our case, I have searched for over a day through svcpack.log, even though it did mention the “Access Denied” message but it doesn’t show what the update.exe process was doing at the time.

Looking through updspapi.log shown a more accurate error and pin pointed the problem, like below:

#E065 Parsing DelReg section [Product.Del.Reg] in “e:\597b7ce178f8559b20eb\i386\update\update.inf” failed. Error 5: Access is denied.
#E064 Parsing install section [ProductInstall.GlobalRegistryChanges.Install] in “e:\597b7ce178f8559b20eb\i386\update\update.inf” failed. Error 5: Access is denied.
#-086 Deleting registry value “HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost\wugroup”
#E033 Error 5: Access is denied.
#E065 Parsing DelReg section [Product.Del.Reg] in “e:\597b7ce178f8559b20eb\i386\update\update.inf” failed. Error 5: Access is denied.
#E064 Parsing install section [ProductInstall.GlobalRegistryChanges.Install] in “e:\597b7ce178f8559b20eb\i386\update\update.inf” failed. Error 5: Access is denied.

The log snippet showing various errors during the install of SP2. The problem is in accessing part of the registery (HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost\wugroup). While checking the registry on the server it became apparent that neither Administrators or System had access to change any of the keys, hence the access denied message.

1 Comment

DNS Export ….. Import!

We all have seen what DNS could do for your environment especially if they are configured correctly. I had a lot of issues recently adding a new DNS server (Windows 2003) to our domain. It was an old server just barely capable of running the bare minimum (which was a mistake! I confess!).

After the initial DNS install, created the required zones hoping they would be populated from other DNS servers, but NO! The new server started updating its piers, hence losing all our DNS records within our environment in minutes. Luckily I don’t start any job unless I have some kind of a backup.

The backup I took was an export of our DNS records (right-clicking the zone and Export List…). We know there isn’t a way of importing records back into the same environment through the GUI. The exported file had to be restructured in order to be imported through a command line utility.

In order to import back into our Windows 2003 DNS server, we followed the procedure below:

1. Opened the text file from within MS Excel
2. Modified the file structure to have:
     a. Cell A – DNSCMD /RecordAdd
     b. Cell B – ZoneName
     c. Cell C – MachineName
     d. Cell D – RecordType(A,MX etc.)
     e. Cell E – IPAddress
3. Save the fie
4. Open it within Notepad and replace all comma’s with a single space using the find and replace functionality.
5. After saving the file, change the file extension to .cmd
6. Drag and drop the file into a command prompt window.

You will see all your records re-populating into your DNS.


Leave a comment