NodeSea is the home for all resources and tools designed to help IT professionals succeed with Information Technology products and services. Our blog consists of Tutorials, Solutions and help. NodeSea also offers consulting for small-medium businesses. Contact us today!
The bold will need to be changed on how your organization is setup. To find your Template name.
Open Certification Authority in Windows
Once opened you will find, Certificate Templates in your hierarchy.
This is where you want to choose and change the TEMPLATENAME
Once you run the CMD command, you will then choose your Root CA Computer and choose a Save Location for your *.cer. You will then copy the file over to your computer or server where the certificate is needed.
Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.
2. Select the server where you want to generate the certificate
In the left Connections menu, select the server name (host) where you want to generate the request.
3. Navigate to Server Certificates
In the center menu, click the Server Certificates icon under the Security section near the bottom.
4. Select Create a New Certificate
In the right Actions menu, click Create Certificate Request.
5. Enter your CSR details
In the Distinguished Name Properties window, enter in the required CSR details and then click Next.
Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article.
6. Select a cryptographic service provider and bit length
In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.
Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.
7. Save the CSR
Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.
8. Generate the Order
Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
You will then go to the link of your html file where you placed this <a href=””></a> and click it on your IOS device. You will then be prompted to install the app and if the links are correct in your manifest, it should install properly.
In previous versions of Windows Server to demote a domain controller you would use the DCPROMO.exe utility. In Windows Sever 2012 the DCPROMO utility has been deprecated.
In Windows Server 2012 we will use Server Manager or PowerShell to demote the DC. In this blog I will be using the GUI to demote the server manager. So let’s get started.
To demote a DC from AD DS complete the following steps:
Use Server Manager to remove the Active Directory Domain Services Role.
Launch Server Manager, select the Manage drop down menu, select Remove roles and features.
Review the Before You Begin page, Click Next.
On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.
On the Select destination server page Select the desired server from the Server Pool.
Note: The 2012 Server Manager allows roles and features to be installed remotely.
On the Remove Roles and Features Wizard, click on the Active Directory Domain Services box to remove the check box.
The Remove Roles and Features dialog box Remove featuresthat require Active Directory Domain Service pops up, select Remove Features.
On the Remove Roles and Features Wizard dialog box Validation Results box will appear. The domain controller must be demoted before continuing. Click on Demote this domain controller.
On the Active Directory Domain Services Configuration Wizard enter the required credentials to demote this server, click Next.
Note: To demote replica domain controller you must be at the least a Domain Admin to remove an entire domain from the forest or to demote the last DC of a Forest you must provide Enterprise Admin credentials.
Note: Only select Force the removal of this domain controller if the DC and not communicate with the remaining DCs.
On the New Administrator Password, enter and confirm the new local administrator account password, click Next.
On the Review Options verify the information is correct and click Demote.
This will begin the demotion process. To finish the demotion the server will automatically restart.
Note: When the server restarts it will be a member of the domain that is was previously a domain controller in.
Note: The Binaries for AD DS are still installed on the server. If this server is not going to be promoted back to a domain controller in the future rerun the Remove Roles and Features Wizard to remove the AD DS Role from the server.
Verifying the Removal of AD DS
Logon to the server hosting the DNS service for the domain using the Administrator account credentials.
Launch the DNS console and verify the deletion of Service Records for the removed domain controller.
Active Directory Domain Services is now been removed from this server.
Recently we had replication issues with one of our customers domain controllers. Because of this we had to demote the domain controller and promote it to start replication again. The problem with this if a FSMO role is assigned to the domain controller you must transfer the role first.
Not sure what roles are assigned to a specific server?
Open Command Prompt as Administrator then type netdom query fsmo
Once you find the domain controller that is not replicating properly then find what FSMO roles are assigned to the DC. Next, you will want to transfer the roles away from the Domain Controller. To find the server that is not replicating properly.
Type: repadmin /showrepl
This will then show you the last attempt as successful or a problem has occured.
Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
Click Start, click Run, type ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.
At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Once the roles have been transferred, use netdom query fsmo to double check the transferred role.
We recently had a customer that wanted to use Cloud Flare as their Content Delivery Network, DNS provider. Although they wanted ALL traffic to be routed through Cloud Flare and any traffic not going thru cloud flare should be declined. You can do this thru access restrictions in Microsoft Azure.
Login to https://portal.azure.com
On the left Select App Services
Find and choose your app service for your business
Once you have choosen your app service you will want to then click Networking
Then find Access Restrictions and click Configure Access Restrictions
You will then select Add Rule then type in the Allow IP addresses and Deny all Rules.
This question has been asked multiple times in my career. Sometimes, I overlook the basics but in my blog, NodeSea. We try to provide the beginners with the information necessary to succeed. NodeSea will provide both Beginner and Enterprise power users! If you have anything you’d like us to document upon, please contact us!
Let’s get started. To connect to a Linux server you will want to download a free program called Putty.
Windows 64-Bit (*.exe): https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe
All other versions: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Once you have downloaded Putty, open it. It should only take 30-60 seconds to download, dependent on Internet Speed of course.
Once you open Putty , it will look like this
Next you will want to Type in the IP address then select Open
You will then receive a security prompt, select Yes.
Putty will then ask you for your Login As: (Username) and password. Once you type your username and press Enter the password field will popup. Normally this username is root
Type in your password then press enter.
You will now be connected to your Linux Server! Once the # appears your ready to type commands. Type df -h for disk information to make sure you are connected properly.
Stay tuned for more articles on how to manage your Linux Server!
Recently I was working with Microsoft Visual Studio 2017 and got the following error with TFS, which says, “You are not authorized to access Team Foundation Service”. The error code was TF30063. This was a surprise for me because it was working earlier. I do not have any clue about this.
This error was occurring when I was going to check in, pending changes in TFS.
“TF30063: You are not authorized to access xyz.visualstudio.com.” As per my analysis, there could be so many reasons and it could be different for each. We can resolve this issue, using the following ideas
We can try to connect our project again, just click to icon next to Home icon and choose your project and then right click on project and click to Connect. This will be reconnected with project and we will able to access our project.
As we know, TFS is directly connect with IE browser. So, just open your Internet Explorer and logout with TFS account if you logged in.
After successfully logging out, you just need to login again with your TFS account in IE. Before logginin into IE, please check the version of IE browser. It should be above IE 9. Once you have successfully logged in with TFS in IE, go to Visual Studio and check and the error will be gone.
We can also log in with TFS internally with Visual Studio. Go to View Menu, choose Other Windows, and then select Web Browser. You can directly access this browser using “Ctrl + Alt + R”.
It will open Web Browser inside Visual Studio. You just need to log in with your TFS account here. If you are able to login successfully, this issue will be gone.
Sometimes if you are working with multiple TFS account in the same system then TFS caches the credentials for those TFS accounts and throws the error when you are going to login or perform any activities with TFS account. So, for this you can clear the TFS cache and reconnect the TFS.
You can clear TFS’s cache from following location, just change the user name as per your system.
Once cache will delete, probably TFS will ask for credential to reconnect. You need to provide valid credentials and TFS will work.
If all above steps have failed to resolve this issue, I believe you just need to remove TFS server and add again with Visual Studio.
We can manage all TFS server from Team menu in Visual Studio. To manage server, just click to Manage Connections and here you will find all the added connection. Just remove appropriate one and add again.
I have worked with PRTG for more then 6 years. This company is very reputable and is great for monitoring uptime and service level agreements for services. It also allows you to configure a Mail Server to receive alerts via email/text message/etc. It’s also FREE, you can’t beat free!
You can specify domain accounts using LDAP for automatic account provisioning.
In the upper right you can review what services are online, down sensors, paused alerts etc.
You can also specify whatever sensor you wish using SNMP.
If you want to get really granular you can use SNMP to notify you of hardware failures!