at the CLI: net stats srv i’ve been looking for something like this for quite some time…much better than looking through system event logs. source: http://support.microsoft.com/kb/555737

registry keys disable_sslv2.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server] “Enabled”=dword:00000000 disable_weak_ciphers.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] “Enabled”=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128] “Enabled”=dword:00000000 alternatively, here’s how to enable TLS 1.2… enable_tls1.2.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS […]

in esxi 5.x this can be done from the DCUI (direct console user interface) as well as the CLI. from the CLI: /etc/init.d/hostd restart /etc/init.d/vpxa restart source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003490

list registered SPNs: setspn -L <hostname> add SPN: setspn -A <SPN> <hostname> example listing (domain controller): Registered ServicePrincipalNames for CN=DC-DEV,OU=Domain Controllers,DC=o365 ,DC=local: TERMSRV/DC-Dev.o365.local Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/DC-Dev.o365.local DNS/DC-Dev.o365.local HOST/DC-Dev.o365.local/o365.local GC/DC-Dev.o365.local/o365.local HOST/DC-Dev.o365.local/O365 ldap/DC-Dev.o365.local/O365 exchangeAB/DC-Dev.o365.local ldap/DC-Dev.o365.local/ForestDnsZones.o365.local ldap/DC-Dev.o365.local/DomainDnsZones.o365.local ldap/DC-Dev.o365.local/o365.local RestrictedKrbHost/DC-Dev.o365.local HOST/DC-Dev.o365.local ldap/DC-Dev.o365.local exchangeAB/DC-DEV TERMSRV/DC-DEV RestrictedKrbHost/DC-DEV HOST/DC-DEV/O365 HOST/DC-DEV E3514235-4B06-11D1-AB04-00C04FC2DCD2/fec2ebc2-bb43-49b0-bc78-291f975c51b b/o365.local ldap/DC-DEV/O365 ldap/fec2ebc2-bb43-49b0-bc78-291f975c51bb._msdcs.o365.local ldap/DC-DEV

to renew: open the certification authority mmc and right-click the CA object and choose All Tasks->Renew CA Certificate… to publish to Certification Authorities Container in AD: certutil -f -dspublish rootca.cer RootCA to publish to NTAuthCertificates in AD: certutil -f dspublish rootca.cer NTAuthCA use the pkiview.msc to easily check the status of the AD containers: once […]

to set up DHCP failover you’ll need the win8/win2012 version of RSAT. failover can then be configured via specific scopes or the entire IPv4 set of scopes by right-clicking in the MMC and choosing “Configure Failover”. if you have custom scope options they will cause a failure when setting up the failover relationship. this caused […]

first, to allow external Oof messages they’ll have to be allowed globally at: EMC Organization Configuration->Hub Transport->Remote Domains->Right-click on Default and choose Properties then choose “Allow external out-of-office messages only” ^the above change did not seem to take effect until both hub transport servers had been rebooted powershell script: Get-Mailbox -ResultSize Unlimited | where {$_.ExternalOofOptions […]

finally getting to play around with the vcsa… default credentials are “root” with the password “vmware”. by default the system will try to retrieve an IP address via DHCP. to configure the network settings from the command line run: /opt/vmware/share/vami/vami_config_net the appliance can be configured at https://vcsa.mydomain.com:5480 (just an example hostname). once within the web management […]

i was trying to remove an old test datastore earlier today and no matter what i tried was unable to. i verified there were no remaining vms or templates on the datastore. i manually deleted any folders i could (i could not remove the vmkdump folder). i tried unmounting first then deleting. i could not […]

windows server 2012 introduces a failover architecture for DHCP so recently i was looking into migrating off of our 2008 core DHCP server to 2012 r2 core. i did the migration about 2 weeks ago and it was simple and mostly painless except for one unforeseen hiccup (that was difficult to troubleshoot). first, i needed […]