Wednesday 9 October 2013

SSL Certificates: CSR Decoder to Verify Settings

When it comes to creating a certificate request sometimes we can miss a character or typo something.

If the processing takes longer than expected and the certificate provider does not provide much more than a "Processing" status it may be a good idea to verify the settings in the CSR file.

The CSR Decoder site can do that:

We hit a snag with a CSR that was taking too long and sure enough there was a typo in the common name that caused it to hang up.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 7 October 2013

Hyper-V Cluster: An error occurred while creating the cluster: Unknown error (0xc0000133)

We had just finished walking through all of the steps to set up two nodes for a Server 2012 RTM Hyper-V cluster when we got hit with the following error:

image

Create Cluster Wizard

An error occurred while creating the cluster.

An error occurred while creating the cluster 'TD-12Cluster'.

Unknown error (0xc0000133)

Our initial searches turned up very little when we included Hyper-V and Cluster in our terms.

The error code however turned up a tie into time synchronization.

These nodes were set up using Windows Server 2012 Standard in Server Core mode. And, we had missed step 9 in SConfig: Date & Time!

The time zone was incorrect on both nodes.

We also noticed that the time on the test network was about 9 minutes out from our own. So, we had missed configuring the time service on the physical DC to poll the Canadian pool.ntp.org servers.

  • Blog post here: Preparing A High Load VM For Time Skew
    1. Elevate a command prompt
    2. w32tm /config /syncfromflags:manual "/manualpeerlist:0.ca.pool.ntp.org,0x1 1.ca.pool.ntp.org,0x1 2.ca.pool.ntp.org,0x1 3.ca.pool.ntp.org,0x1"
    3. w32tm /config /update
    4. net stop w32time && net start w32time
    5. w32tm /resync /force
    6. w32tm /query /source
      1. Should be 0.ca.pool.ntp.org

Once we had the domain time in order and the nodes synchronized to the DC we were able to successfully stand up the cluster in Failover Cluster Management.

image

In the end not referring to our process manuals was the key. ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 3 October 2013

SMB Kitchen Crew Chat Today

Sharing here because the #1 chat topic is always virtualization so thought some here might be interested.

We're holding one of our regular SMBKitchen Crew chats at 1600Hrs MST today.

At this chat we'll talk about the latest small business IT issues, answer your questions and make sure that you're aware of the latest stuff that we've published. Hope you can join us!

Click this link https://meet.lync.com/harborcomputerservices/amy/C2YB9SVC

I will be involved in this public chat today to talk a bit about what has been published by me already and to answer any questions that you may have along with the rest of the Crew!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Attitude and Gratitude

To date I don’t believe I’ve ever crossed the line into political commentary.

No, this is not about what is happening South of the border (being in Canada that).

This is about our own little world here in St. Albert. We have been supporting the St. Albert Youth & Community Centre for quite a few years now.

In fact, we did what we could for them in the way of time and product as the service they provided to the youth of St. Albert touched very close to home for me.

Attitude

The attitude is in how we take full and complete responsibility for what we do in our business, in our community, and within our own personal lives.

This attitude seems to be a direct antithesis to the prevalent “blame anyone but me” we see in the news, politics, and unfortunately in business.

We seem to live in an era where the word “responsibility” is a four letter one.

The local St. Albert administration pulled a significant chunk of the Youth Centre’s (YC) funding last year. So, when the YC got into a bit of a spat with the landlord over who should fix the very leaky roof (not drips but _gallons_ the standoff ended with the YC needing a new home.

When the City Council pulled funding last year the YC decided to keep in trying to serve the Youth of St. Albert. They worked very hard to build funding from other sources to replace the well over $110K they lost from the City.

Unfortunately, due to the pulled funds when the row with the landlord came to a finish the YC did not have sufficient funds in place to find a new location.

The City Council’s and Mayor’s spin on the loss of the YC was sad to see. At no point did this council or mayor take responsibility for the fact that they pulled the funding needed for the YC to survive in a new location. It was the landlord’s fault that the YC needed to close.

We picked up the last of their equipment this Monday as they closed up shop. It was a sad day for the both of us but most especially for the youth that no longer have a safe place to go.

And, it was a first-hand experience of how folks in politics can seemingly spin anything to defer responsibility for something they were a party to. This truly saddens me as well.

Gratitude

And finally, when we receive a referral either from a client or fellow IT Provider we make a point of offering some form of thanks.

Gratitude, that is being thankful for the business referred to us is a very important thing. Folks did not have to reach out to us in the first place or could have gone somewhere else with the business.

Thus, when we reach out and bring another IT firm, or specialized service firm, or whatever they may be doing into the mix one would expect at least a “Thank you” or even a small finder’s fee to toss in the company coffee fund.

When that does not happen then what are we to think?

Suffice it to say we would probably be taking those kinds of needs to another company a lot more willing to “partner” in the true meaning of the word.

Author’s node: Yeah, it’s been a bit of a tough week.

Thanks for reading. Our clients and you make things all the more worth it to keep plugging along. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

CryptoLocker Word Of Caution

One of the things we have done from the get-go when it comes to setting up ShadowProtect to stream backups to either a drive set connected to a standalone Hyper-V host or to the standalone DC in a Hyper-V cluster setting is to set the shares to allow the Domain Admin MOD.

Inheritance on the folder’s NTFS permission set is removed/copied out then Domain Users/Machine Users group will get removed altogether.

We do this for a number of reasons

  • Users cannot connect to the ShadowProtect images
    • They are password protected and are using at least AES128bit
  • Users cannot delete the images

While we are into our client’s servers on a regular basis sometimes the occasional domain admin account password will expire in the interim.

ShadowProtect will start failing to back up to the shared folder as a result of not being able to log on so a small bonus in the mix.

We are seeing CryptoLocker problems abound lately where someone clicks on a link in an e-mail or is drawn to a compromised site. What that means is that _any_ file/folder set the user has permissions to access and modify may end up encrypted by the malware.

The _only_ way to “recover” from this situation is via Shadow Copies or backup.

If the backup drive and/or backup folder destinations for those ShadowProtect backup files, or any other product that lays down files for backup, is open for users to access then we all know what can happen.

Point of order: Any backup product that uses the volume snapshot service should have its backup times staggered over the Volume Shadow Copy snapshots as having two snapshots running simultaneously could end up with data toast on both sides.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer