Configure MSDTC using PowerShell

As of blackpearl v4.6.7, MSDTC is a requirement to deploy workflows.

http://help.k2.com/helppages/k2blackpearlGettingStarted4.6.5/webframe.html?msdtc.html

You can use the following script to automate the MSDTC configuration during VM provisioning.

Note: Execution policy might have to be changed to run this script. (Set-ExecutionPolicy RemoteSigned –Force)

# ———————————
# Enable MSDTC for Network Access
# ———————————
Write-Host “Enabling MSDTC for Network Access…” foregroundcolor yellow
$System_OS=(Get-WmiObject class Win32_OperatingSystem).Caption
If ($System_OS match “2012 R2”)
    {
    Set-DtcNetworkSetting DtcName Local AuthenticationLevel Incoming InboundTransactionsEnabled OutboundTransactionsEnabled RemoteClientAccessEnabled confirm:$false
    }
Else
    {
    .\ConfigureMSDTC.ps1 Out-Null
    }
    Restart-Service MSDTC
Write-Host “——MSDTC has been configured—–” foregroundcolor green

The above script uses the inbuilt cmdlet if your OS is Windows Server 2012 R2, else it will use the traditional approach of modifying the registry.

# Save the following script as a separate file: ConfigureMSDTC.ps1
$DTCSecurity “Incoming”
$RegPath “HKLM:\SOFTWARE\Microsoft\MSDTC\”

#Set Security and MSDTC path
                $RegSecurityPath “$RegPath\Security”
                Set-ItemProperty path $RegSecurityPath name “NetworkDtcAccess” value 1
                Set-ItemProperty path $RegSecurityPath name “NetworkDtcAccessClients” value 1
                Set-ItemProperty path $RegSecurityPath name “NetworkDtcAccessTransactions” value 1
                Set-ItemProperty path $RegSecurityPath name “NetworkDtcAccessInbound” value 1
                Set-ItemProperty path $RegSecurityPath name “NetworkDtcAccessOutbound” value 1
                Set-ItemProperty path $RegSecurityPath name “LuTransactions” value 1             

                if ($DTCSecurity eq “None”)
                {
                    Set-ItemProperty path $RegPath name “TurnOffRpcSecurity” value 1
                    Set-ItemProperty path $RegPath name “AllowOnlySecureRpcCalls” value 0
                    Set-ItemProperty path $RegPath name “FallbackToUnsecureRPCIfNecessary” value 0
                }
                elseif ($DTCSecurity eq “Incoming”)
                {
                    Set-ItemProperty path $RegPath name “TurnOffRpcSecurity” value 0
                    Set-ItemProperty path $RegPath name “AllowOnlySecureRpcCalls” value 0
                    Set-ItemProperty path $RegPath name “FallbackToUnsecureRPCIfNecessary” value 1
                }
                else
                {
                    Set-ItemProperty path $RegPath name “TurnOffRpcSecurity” value 0
                    Set-ItemProperty path $RegPath name “AllowOnlySecureRpcCalls” value 1
                    Set-ItemProperty path $RegPath name “FallbackToUnsecureRPCIfNecessary” value 0
                }

Setup groups and users in FileZilla Server and connect with ftpes

Following my earlier post on how to Install and configure an FTP server, this post describes on how to setup groups and users in FileZilla.

Open the FileZilla Server console by clicking on the taskbar icon.

Choose Edit->Groups->Add


 

Create a folder on one of your drives called Filezilla. Create a subfolder called clients. After the group has been added in the FileZilla console, select the group and configure it as follows

The path will be F:\Filezilla\clients\:u

:u represents to automatically select the subfolder based on the login username.

H represents the Home folder

Eg: If you create a folder as F:\Filezilla\clients\sujeeth, then the client with username ‘sujeeth’ will be automatically be mapped to that folder and it will be that login’s home folder.

 

To create an Alias, Click on Add and give local path. Right click on the path and select Edit aliases. So when the client login, they will see a folder called website, and when they upload the files, it will be stored in C:\autopublish

 

You can set the Speed Limits and IP Filter based on your requirements. After you create the group, you follow the same procedure to add the users. Any user that is member of a group will inherit all the settings of that group.

 

After you have setup the user, you can connect using FileZilla client on the remote machine with the following syntax

ftpes://<username>:<password>@<host IP address>/

eg: ftpes://sujeeth:pa55w0rd@207.46.222.11/

You have to use ftpes protocol because you have configured the FileZilla Server to force explicit SSL as per my previous post

 

Install and Configure FTP Secure (FTPS) or FTP-SSL using FileZilla

I am going to show you how to setup an FTP Secure (FTPS protocol) on Windows Server 2003 and have your own version of FTP server rather than default ftp in IIS.

FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection.

Please make sure you don’t have IIS FTP service enabled and running. If you have it running, please disable FTP service as we are going to use the same ports as a standard FTP

Download the latest version of FileZilla Server. At the time of writing, it was 0.9.33

Choose Standard install and proceed. This will install the Windows service for FileZilla and the GUI for administration.

After the Installation is completed, it is now to configuring the server. To start the Administration interface, Connect to 127.0.0.1 which is localhost on Port 10050 (you have given this during installation)


Setup your server as per the images. They are self explanatory.

We are going to have the FTP Secure to listen on port 21 which is the default FTP port.

Setup your own customised welcome message when the users logs in. Make sure you select to hide the message in log, because this might increase the log size.

Use * to bind all IP addresses on the local system. If your server has multiple IP addresses assigned, provide only the IP that you want to use

To have better control over security, Ban all IP addresses to connect and include only the IP address in the exclude list that want to connect. Separate the IP address with a space. Here I allowed google.com IP (209.85.229.103)

The next few settings are straight forward:

Enable logging to see who the usage and also enable deletion of older log files or else you will end up requiring huge disk space

Here you can set the download and upload speed limits if you wish to. Note that these limits are global settings, so they will take over individual user settings.

This is the main part where we configure an SSL certificate to set our server as FTPS. You can use a public certificate which you need to purchase. But for the demo purposes, I am going to use inbuilt certificate generator.

Provide your server IP address in the Common name

Go back to SSL/TLS settings and give the path to the generated certificate and a key password

And finally Autoban settings and we are done with Server Configuration.

Before you proceed to connect, make sure port 21, 990 and 3000-4000 are allowed on your firewall. This is very important.

In my next post, I will show how to setup groups and users in FileZilla Server and connect using FileZilla Client.

Free E-Learning of Hyper-V from Microsoft

Microsoft is providing free access to its e-learning collection of four online clinics.  These courses provides IT Professionals experienced in Windows 2000 Server or Windows Server 2003 with the knowledge and skills to implement and manage virtualization technologies.

Topics covered in the clinic within the collection include:

  • Introduction to Microsoft System Center Virtual Machine Manager 2008
  • Overview of Microsoft Application Virtualization
  • Overview of Terminal Services in Windows Server 2008
  • Overview of Hyper-V

Prerequisites:

  • Experience in planning, implementing, and supporting Windows Server–based networks, operating systems and platform infrastructure. This may include experience in Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
  • Knowledge of server virtualization and Hyper-V.
  • A Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003 credential or equivalent knowledge.

E-Learning:

  1. Clinic 5935: Introducing Hyper-V in Windows Server 2008
  2. Clinic 6334: Exploring Microsoft System Center Virtual Machine Manager 2008
  3. Clinic 6335: Exploring Microsoft Application Virtualization
  4. Clinic 6336: Exploring Terminal Services in Windows Server 2008

How to find Active Directory & Exchange Schema Version

Have you ever tried to find the current Schema Version of your Active Directory or Exchange. There is a very easy solution. I came across this article on Microsoft support written by Yuval Sinay MVP.

http://support.microsoft.com/kb/556086/en-us?spid=3198

 

Active Directory Schema commutability:
13 -> Windows 2000 Server
30 -> Windows Server 2003 RTM, Windows 2003 With Service Pack 1, Windows 2003 With Service Pack 2
31 -> Windows Server 2003 R2
44 -> Windows Server 2008 RTM

Exchange Schema commutability:
4397 -> Exchange Server 2000 RTM
4406 -> Exchange Server 2000 With Service Pack 3
6870 -> Exchange Server 2003 RTM
6936  -> Exchange Server 2003 With Service Pack 3
10628 -> Exchange Server 2007
11116 -> Exchange 2007 With Service Pack 1

Windows 7 – The future of Windows OS

A minimalistic variation of the Windows kernel, being developed for use in Windows 7 (codenamed MinWin)

Watch the video to know why it is called as Windows 7

It sounds similar to server 2008 core but server core constrains OS by server roles. It is aimed at componentising the Windows kernel – reducing the dependencies to reach the minimum set of components required to build a self-contained kernel, reducing the disk footprint and memory usage. Code compiles even without any extraneous components resulting in a stripped-down self-contained OS kernel image

Windows Server 2008 Core – CoreConfigurator

Server Core is a new installation option that is optimized by role which are easier to manage and maintain with increased reliability and security. It uses a CLI (mostly) and has no GUI Shell and is available for x86 and x64 (not Itanium), included in the Windows Server 2008 SKUs for web, standard, enterprise and datacenter editions.  

 

·      There is no way to upgrade from a previous version of the Windows Server operating system to a Server Core installation. Only a clean installation is supported.

·      There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core installation. Only a clean installation is supported.

·      There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008.

 

You can manage a server running Server Core installation in the following ways:

·      Locally and remotely using a command prompt. By using the Windows command-line tools at a command prompt, you can manage servers running a Server Core installation.

·      Remotely using Terminal Server. 

·      Remotely using Windows Remote Shell. By using another computer running Windows Vista or Windows Server 2008, you can use Windows Remote Shell to run command-line tools and scripts on a server running a Server Core installation.

·      Remotely using an MMC snap-in. 

MVP Guy Teverovsky has created a tool for Server 2008 Server Core.  It is the CoreConfigurator. Unfortunately he had to remove the posts about CoreConfigurator due to the contract with his employer, and the download of the tool is not working anymore. Lucky for those who downloaded it before. 

 

If you are not lucky enough to download this tool from Guy Teverovsky site, You will still be able to download this from following blog site

http://nopd.egloos.com/3684335

Or just use direct link

http://pds8.egloos.com/pds/200804/01/92/CoreConfigurator_1.0.139.zip

There is an equivalent Open Source Version of Core Configurator. This Tool is a collection of scripts which will help provision and configure a Base Windows 2008 Server Core installation, The Windows 2008 Server Core Configurator enables you to do all those configurations via a GUI easily!

Download it from: http://www.codeplex.com/coreconfig