Hi All :
Web Application Proxy is a role service of the Remote Access server role in Windows Server® 2012 R2. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access your web applications from outside the corporate network. Web Application Proxy pre-authenticates access to web applications by using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.
This blog post will to teach you how to install WAP server to support external user through ADFS access internal website.
Please use Adobe Reader X or above version to open!
Enjoy!
Justin Gao
Microsoft (China)
IP Address Management (IPAM) in Windows Server® 2012 and Windows Server® 2012 R2 is an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers on your network and enables you to manage them from a central interface.
This post I will to show IPAM part 2 : How to using IPAM on the Windows Server 2012 R2 environment.
More information you can refer : http://technet.microsoft.com/en-us/library/hh831353.aspx
Please use Adobe Reader X or above version to open.
This post I will to show IPAM part 1 : How to deploy IPAM on the Windows Server 2012 R2 environment.
System Center 2012 R2 Configuration Manager released, this document will to show how to deploy System Center 2012 R2 Configuration Manager in the Windows Server 2012 R2 and Windows 8.1 environment. This post will including how to request and configure certificates part.
More detail information, please refer TechNet library : http://technet.microsoft.com/en-us/library/gg682041.aspx
Configuration Manager provides several methods that you can use to deploy an operating system. However, regardless of the deployment method that you use, there are several actions that you must take. These actions include:
This document will to show how to capture a reference computer , and made a OS package , and then implement Bare Metal computer to install OS.
1. Exchange 2007可以支持升级到Exchange 2010,但需要提前将Exchange 2007所有服务器环境升级至 SP2或以上版本。
2. Exchange 2007如果更新至SP2或以上版本,则建议按照以下顺序进行各角色的更新: CAS、UM、HUB、Edge、Mailbox。
3. 不支持从Exchange 2007本地升级至Exchange 2010的操作,因此需要在Exchange 2007环境中,全新部署Exchange 2010环境后进行数据迁移。在数据迁移后可以实现Exchange 2010和Exchange 2007环境的共存,或再将Exchange 2007环境卸载等操作。
4. 如果企业环境中已经包含多台Exchange 2007服务器角色,而迁移后的Exchange 2010环境也包含多台服务器角色,则升级相应角色时应遵循以下升级顺序:CAS、HUB、UM、Mailbox、Edge。
5. 当开始将你的组织升级至Exchange 2010时,你必须首先升级面对Internet(Internet-facing)的AD站点中的服务器,随后再升级非面对Internet的AD站点中的服务器。如果你的企业具有多个面对Internet的AD站点,则首先要升级的是启用了外部发现记录(External Autodiscover Record )的AD站点中的服务器,随后是其余面对Internet的AD站点中的服务器。
6. 如果你在全新的环境中部署了Exchange 2010,随后你将无法再添加Exchange 2007角色的服务器到该环境。如果你希望在Exchange 2010环境中添加Exchange 2007服务器,则首先你需要在Exchange 2007环境中部署Exchange 2010服务器,然后实现共存,至少保留一台Exchange 2007服务器,才能再随后添加Exchange 2007服务器角色。
7. 当你的环境处于Exchange 2007与Exchange 2010共存时,在同一个AD站点你需要每个Mailbox角色都有与之版本相对应的HUB角色存在。由于Exchange 2010 Exchange Server Object (XSO)模型的改变,Exchange 2010的HUB角色将不能传输从Exchange 2007 Mailbox服务器传递的数据。同样,Exchange 2007的HUB角色也不能与Exchange 2010的Mailbox服务器进行沟通。因此你需要一直保留Exchange 2007的HUB角色,除非在该AD站点中完全没有Exchange 2007的Mailbox角色。
8. Exchange 2010 管理控制台(EMC)没有32位版本,仅能部署在64位环境下的以下OS上:
l Windows Vista with SP2 for Management tools only installation
l 64-bit of Windows Server 2008 Standard or Enterprise with SP2
l 64-bit of Windows Server 2008 R2 Standard or Enterprise
l Windows 7
9. 在Exchange 2007和Exchange 2010共存环境下,两个版本的EMC均可以使用,但创建对象的操作,如新建邮箱或新建脱机通讯簿(OAB),只能在目标对象相同版本的EMC上执行。Exchange 2010的EMC可以查看Exchange 2007邮箱数据库,但无法管理。Exchange 2010的EMC无法启用或禁用Exchange 2007统一消息邮箱。Exchange 2010的EMC无法管理Exchange 2007的移动设备。
10. 在Exchange 2007和Exchange 2010共存环境下,要求查看对象的操作可以从任意版本的EMC执行到任意版本的Exchange对象,但以下情况例外:
l Exchange 2010 和 Exchange 2007 传输规则对象只能从其对应版本的 EMC 查看。
l Exchange 2010 和 Exchange 2007 服务器只能从其对应版本的 EMC 查看。
l Exchange 2010 EMC 中的队列查看器工具无法连接到 Exchange 2007 服务器以查看队列或邮件。
11. 不能在 Exchange 2010 和 Exchange 2007 之间使用邮件���踪配置任务。必须在 Exchange 2007 服务器中使用 Exchange 2007 邮件跟踪工具,在 Exchange 2010 服务器中使用 Exchange 2010 邮件跟踪工具。
12. 在Exchange 2007和Exchange 2010共存环境下,只能在Exchange 2007下呈现而不能在Exchange 2010环境下呈现的对象如下:
l Storage Groups
l Exchange Administrators
l WebDAV
仅能在Exchange 2010环境下呈现而不能在Exchange 2007环境下呈现的对象如下:
l DAG
l Certificate creation
l Database copies
l Federation Trust
l Sharing Relationships
l Sharing Policies
l OWA Mailbox Policies
l Customer Experience Program properties
13. 在将用户邮箱从Exchange 2007版本迁移至Exchange 2010版本的过程中,该用户的邮箱仍处于在线状态,即终端用户在邮箱被迁移过程中仍可以正常使用邮箱。但从Exchange 2003至Exchange 2010、Exchange 2010 至Exchange 2003、Exchange 2010至Exchange 2007的邮箱迁移过程中,邮箱均处于离线状态,即终端用户在邮箱被迁移过程中不可使用邮箱,直到该邮箱被完全迁移完成才能使用。
Last week , i test SCOM 2007 R2 RC , according to my wont, i prepare a test environment , one DC(Windows Server 2008) , one DB(Windows Server 2008 + SQL Server 2008) and one RMS(Windows Server 2008) role.
frist , i install OpsMgr 2007 R2 Database successfully , on RMS Server i install windows components :
when install phase , occur rolling back , setup unsuccess.
i checked log,
CAPACK: Extracting custom action to temporary directory: C:\Windows\Installer\MSI2532.tmp-\ CAPACK: Binding to CLR version v2.0.50727 Calling custom action WebCAManaged!Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction ConfigureAction: Error: Unknown error (0x80005000) StackTrace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.RefreshCache() at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile, String publicKeyToken, String version) at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session) Exception thrown by custom action: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.RefreshCache() at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.Install(String targetDir, Int32 portNumber, String rmsServer, Boolean windowsAuthOn, String rootWebConfigFile, String mobileWebConfigFile, String rssWebConfigFile, String publicKeyToken, String version) at Microsoft.MOM.Setup.WebConsoleCustomAction.WebConsoleCA.ConfigureAction(Session session) --- End of inner exception stack trace --- at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at Microsoft.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint) MSI (s) (D8:8C) [12:55:03:674]: NOTE: custom action _ConfigureAction.2FD07918_9082_437D_99BC_FD43602A4625 unexpectedly closed the hInstall handle (type MSIHANDLE) provided to it. The custom action should be fixed to not close that handle. Action ended 12:55:03: InstallFinalize. Return value 3. MSI (s) (D8:08) [12:55:03:694]: User policy value 'DisableRollback' is 0 MSI (s) (D8:08) [12:55:03:694]: Machine policy value 'DisableRollback' is 0 MSI (s) (D8:08) [12:55:03:716]: Executing op: Header(Signature=1397708873,Version=405,Timestamp=981100209,LangId=1033,Platform=589824,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1) MSI (s) (D8:08) [12:55:03:716]: Executing op: DialogInfo(Type=0,Argument=1033) MSI (s) (D8:08) [12:55:03:716]: Executing op: DialogInfo(Type=1,Argument=System Center Operations Manager 2007 R2) MSI (s) (D8:08) [12:55:03:717]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
I checked some document , i find this error source of IIS management compatibility , and i add this component , reinstall and successfully!
J
Justin Gao Microsoft(China)
Microsoft(China)
When you deploy System Center 2012 SP1 configuration manager on HTTP only mode, you will start to install client agent , but you may encounter this error :
"Couldn't verify 'X:\Windows\ccmsetup\MicrosoftPolcyPlatformSetup.msi' authenticode signature. Return code 0x800b0101" Like below picture :
When you to checking ccmsetup folder, you can see this new tool:
This issue occurs because the MicosoftPolicyPlatformSetup.msi file is signed with a digital certificate that does not have the proper timestamp attributes. More information please read :
Microsoft Security Advisory (2749655) Compatibility Issues Affecting Signed Microsoft Binaries : http://technet.microsoft.com/en-us/security/advisory/2749655
So you have two methods to resolved this issue:
Install the hotfix that is provided in this article before you install the System Center 2012 Configuration Manager Service Pack 1 client. This hotfix should be installed to all site servers. Note System Center 2012 Configuration Manager Service Pack 1 now includes hotfix 2801987. If you install System Center 2012 Configuration Manager Service Pack 1 by using media that you obtained on or after January 25, 2013, you do not have to install the hotfix that is described in this Microsoft Knowledge Base (KB) article.
Use Windows Update to install the following updates before you install the System Center 2012 Configuration Manager Service Pack 1 client:
Hi All:
Exchange Server 2013 preview published , all server components can install on the newest server OS (Windows Server 2012) . If you hope to try it ,you can download it from : http://technet.microsoft.com/en-US/evalcenter/hh973395.aspx?wt.mc_id=TEC_116_1_6
Today , I will to introduction how to installing Exchange Server 2013 preview .
My test lab environment OS is all Windows Server 2012 datacenter RTM , forest and domain level are Windows Server 2012.
The first phase is prepare AD , this phase need to running three commands :
1.PrepareSchema :
2.PrepareAD :
3.PrepareDomain :
When you finished AD preparation , now you will start to install Exchange Server 2013 preview . Because Exchange Server 2013 just have Mailbox and CAS roles , and Microsoft recommand first install Mailbox role .
Now insert Exchange Server 2013 Preview image to starting install.
"STOP!!!!!!!" I think you may to ask "You need to install Exchange requirements firstly".
The answer is NO , Exchange Server 2013 more simplifying the installation process. When you start to install , you will into Check for Update ? dialog box :
Check finished , will copy install file to local :
Copy finished , will into Introduction dialog box :
Click Next , will into License Agreement dialog box :
Accept and click Next , will into Error Reporting dialog box :
Select your option and click Next , will into Server Role Select dialog box , now you can select your need to installing Exchange role , Mailbox or CAS or both . By default , setup will automatically install Windows Server roles and features :
Click Next , will into Installation Space and Location dialog box :
Choose a location and click Next , will into Malware Protection Settings dialog box :
Select your option and click Next , will into CEIP dialog box :
Select your option and click Next will into Readiness Checks phase :
Check if OK you can click install to start installing process , waiting some 10 minutes, install finished :
Click complete , you can find Exchange Server 2013 preview shortcut in Start :
The last , Exchange 2013 have not EMC (Exchange Management Console) mmc snap-in console , in 2013 they called EAC (Exchange Admin Center) , you can throw web browse to access , the address is : http(s)://CAS(FQDN)/ecp .
Now you can build a test lab to testing more new features .
Enjoy !
Continue last blog post for Windows Azure Pack express deployment, this post will to show you how to reconfigure WAP website FQDN , Ports and Certificates.
The core phase including:
More information , please refer : http://technet.microsoft.com/en-us/library/dn528551.aspx
Endpoint Protection in System Center 2012 Configuration Manager (SCEP 2012) lets you manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
When you use Endpoint Protection with Configuration Manager, you benefit from the following:
Endpoint Protection installs its own client in addition to the Configuration Manager client. The Endpoint Protection client has the following capabilities:
In this document , I will to show how to enable Endpoint Protection Point and configure EP agent to client .
Today, Cumulative Update 3 for System Center 2012 R2 Configuration Manager released.
Regarding how to install CU3, please refer : http://blogs.technet.com/b/justin_gao/archive/2014/06/21/you-need-to-know-how-to-apply-cumulative-update-1-for-system-center-2012-r2-configuration-manager-kb2938441.aspx
When updated, the Administrator Console version is 5.0.7958.1401:
The Client version that is displayed on the General tab of the Configuration Manager Control Panel item or the Client Version field of device properties in the Administrator Console is 5.00.7958.1401:
AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud.
In Windows Server® 2012 R2, AD FS includes a federation service role service that acts as an identity provider (authenticates users to provide security tokens to applications that trust AD FS) or as a federation provider (consumes tokens from other identity providers and then provides security tokens to applications that trust AD FS).
Today's post I will to show how to use Active Directory Federation Services 3.0 to build a simply federation architecture for internal user. Regarding the external user supporting, please refer the Part 2.
The App-V 5.0 shared content store mode allows the computer running the App-V 5.0 client to run virtualized applications and none of the package contents is saved on the computer running the App-V 5.0 client. Virtual applications are streamed to target computers only when requested by the client.
The following list displays some of the benefits of using the App-V 5.0 shared content store:
App_client_setup_rds.exe /sharedcontentstoremode=1 /q
App_client_setup.exe /sharedcontentstoremode=1 /q
Note : You must perform a silent installation or the installation will fail.
When you use domain account to logon to the RDS server , you can see the published virtualization applications :
In SCS mode, you can not download virtualization applications to the local drive.
Apr.2rd Microsoft published Exchange Server 2013 Cumulative Update 1 (KB2816900) , you can download it from : http://www.microsoft.com/en-us/download/details.aspx?id=38176
More detail information , you can reference : http://support.microsoft.com/kb/2816900
Today, I will to show you how to apply Exchange Server 2013 CU1 on RTM environment.
My test environment have five servers:
Upgrade your Exchange 2013 server roles in the required order. First, upgrade Mailbox servers and then upgrade Client Access servers.
The first step is prepare your AD :
Insert Exchange Server 2013 CU1 image on DC server, use \setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms command to prepare AD shcema :
Then the Exchange Schema Version rangeUpper value will change to 15254 from RTM value 15137 :
And then use \Setup /PrepareAD /Organizationname:XXX /IAcceptExchangeServerLicenseTerms command to prepare AD :
Then the objectVersion value will change to 15614 from RTM value 15449 :
Prepare AD finished, will into Exchange Server 2013 Mailbox role upgrade phase.
The second step is upgrading Exchange Server 2013 Mailbox role:
If your environment have not DAG, you can install CU1 directly. Now facing DAG, you need to find PAM (Primary Active Manager) role use Get-DatabaseAvailabilityGroup <DAG name> -status | Format-List PrimaryActiveManager commad:
Then move all active databases to PAM server.
And Use Set-MailboxServer -DatabaseCopyAutoActivationPolicy:Blocked to prevent database move to target mailbox node:
Now you can install CU1 on non-PAM mailbox node, when apply finished, you can see this node will upgrade to CU1, version is 15.0 (Build 620.29) :
Restart this server , then use Set-MailboxServer -DatabaseCopyAutoActivationPolicy:Unrestricted command to unrestricted this node:
Move all databases from PAM node to new version mailbox server node.
Note: If your DAG have more nodes, you need first upgrade all non-PAM nodes and then upgrade PAM node.
Use Set-MailboxServer -DatabaseCopyAutoActivationPolicy:Blocked to prevent database move to PAM node, and then upgrading to CU1, when finished, use Set-MailboxServer -DatabaseCopyAutoActivationPolicy:Unrestricted command to unrestricted PAM node, then you can see upgrade result :
Now you can restart this server.
The third step is upgrading Exchange Server 2013 CAS role:
This step is no additional explanations, insert Exchange Server 2013 CU1 image on CAS server, click Setup.exe to upgrade, when it finished, you can see the result, and do not forget restart this server:
The last step is upgrading Exchange Server 2013 management console:
This step is no additional explanations, insert Exchange Server 2013 CU1 image on remote console server, click Setup.exe to upgrade, when it finished, do not forget restart this server.
Now Exchange Server 2013 RTM upgrade to CU1 finished.
Hi all :
Windows 8 and Windows Server 2012 was RTM , many people may hope deploy Windows 8 in their company . Now System Center 2012 Configuration Manager SP1 beta can support Windows 8 .
In this post , I will to show how to use System Center 2012 Configuration Manager SP1 Beta to deployment Windows 8 .
Including these parts:
This post not contain MDT 2012 part.
Please use Adobe Reader X or above version to open !
March 6th MSFT released System Center 2012 SP1 Cloud Services Process Pack. System Center Cloud Services Process Pack (CSPP) is Microsoft’s Infrastructure as a Service solution built on the System Center platform. With the System Center Cloud Services Process Pack, enterprises can realize the benefits of Infrastructure as a Service while simultaneously leveraging their existing investments in the Service Manager, Orchestrator, Virtual Machine Manager, and Operations Manager platforms.CSPP is an extension pack built on top of System Center. This release is compatible only with System Center 2012 and 2012 SP1. This release does not contain a new feature set from prior releases.
You can download it from this link : http://www.microsoft.com/en-us/download/details.aspx?id=36497
More details technology information , you can access TechNet library : http://technet.microsoft.com/en-us/library/hh562067.aspx
This document will introduction how to deploy System Center 2012 SP1 CSPP on System Center 2012 SP1 environment.
Software updates in System Center 2012 Configuration Manager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and maintain the stability of the network infrastructure. However, because of the changing nature of technology and the continual appearance of new security threats, the task of effective software update management requires consistent and continual attention.
This document will display how to enable software update point and configure software synchronization , create automatic deployment rule and so on .
System Center 2012 SP1 was GA ! I will continue to post SP1 related documents for your reference.
Now I will first to show you how to deploy System Center 2012 Configuration Manager SP1 on Windows Server 2012 and Windows 8 environment . And how to manage Unix/Linux and Mac client will post in the future.
Compliance settings in System Center 2012 Configuration Manager provides a unified interface and user experience that lets you manage the configuration and compliance of servers, laptops, desktop computers, and mobile devices in your organization. Compliance settings contains tools to help you to assess the compliance of users and client devices with regard to a number of configurations, such as whether the correct Windows operating system versions are installed and configured appropriately, whether all required applications are installed and configured correctly, whether optional applications are configured appropriately, and whether prohibited applications are installed. Additionally, you can check for compliance with software updates, security settings, and mobile devices. Configuration item settings of the type WMI, registry, script, and all mobile device settings in Configuration Manager let you automatically remediate noncompliant settings when they are found.
In this document , I will to show you how to implement a secure and standardization desktop configuration .
When you install Office Web Apps Server 2013 SP1 on Windows Server 2012 R2, and standalone to use OWA without Exchange, Lync and SharePoint.
You may encounter this error when you open the file:
When you look at the Event Log, you can see the Error Event ID 8115, from Office Web Apps, the general information is Could not contact WOPI End Point. Error details - 'NotImplemented url - https://XXXXX . ....'
To resolve this error, you may install Microsoft .NET Framework 4.5.2.
You can download it from this link : http://www.microsoft.com/en-us/download/details.aspx?id=42643
More information, please refer KB2901954 : http://support.microsoft.com/kb/2901954
System Center 2012 SP1 Beta announced , you can download them from this link : http://www.microsoft.com/en-us/download/details.aspx?id=34607
The Beta of System Center 2012 Service Pack 1 (“SP1”) enables System Center customers to jointly evaluate System Center 2012 with Windows Server 2012 and Windows 8.
For Configuration Manager SP1 Beta , the new features including :
This post , you can follow me to build a System Center 2012 Configuration Manager SP1 Beta on Windows Server 2012 and Windows 8 OS platform , including SQL Server 2012 being a database.
You can reference this document .
I believe you can easy to finished installation , now you need to configure and enable some options and roles .
More details , please reference this document .
This blog post I will show you how to implementing external user remote access Lync, at Lync Server 2013 environment, I will simulate external user through Lync Edge Server role to access Lync Server.
Certificates configure is very important.
More information you can access TechNet library : http://technet.microsoft.com/en-us/library/gg398918.aspx
CU2 for System Center 2012 Configuration Manager SP1 released, you can download it from MSFT Support website. http://support.microsoft.com/kb/2854009/en-us
Issues that are fixed
Failed to connect to share \\production\dfs\Virtual Applications\App Source : Error 0x80070520 Impersonation is reverted. Set the status of the entity Virtual Application 1 to Failed. Set the status of the job entity Virtual Application 1 to Failed. Microsoft.ConfigurationManagement.Migration.MigrationException: Failed to connect to share \\production\dfs\Virtual Applications\App Source : Error 0x80070520
Error Task Sequence Manager failed to execute task sequence. Code 0x80004005
WinHttpQueryHeaders() returns status code 404 (Not Found)SendWinHttpRequest failed. 80190194.DownloadFile failed. 80190194.Error downloading file from http://siteserver.contonso.com:80/SMS_DP_SMSPKG$/CAS0000A/sccm?/install_ipremote.cmd to C:\_SMSTaskSequence\Packages\CAS0000A\install_ipremote.cmdDownloadFiles failed. 80190194.
ERROR: The component item for SMS_STATUS_MANAGER in the master site control file does not contain property list items for a status filter named "SMS_STATUS_MANAGER", or those property lists are corrupt or badly formatted.
ERROR: Failed to configure sms ports '0x80020009'. ERROR: Failed to process port information. @@ERR:25011 Product: BGB http proxy -- Internal Error 25011. 80020009 Internal Error 25011. 80020009 CustomAction CcmCreateIISVirtualDirectories returned actual error code 1603