Windows Server 2016 Default Domain Policy Settings

Posted on by chris Posted in Active Directory No Comments ↓

Below you will see .htm reports of the Group Policy Management Console on a Windows Server 2016 Server immediately following a clean installation of Active Directory Domain Services.

Best practice in terms of GPO deployment, is to NEVER modify the default policies, unless absolutely necessary. It is rather recommended to create new policy’s to always augment this minimum policy rule-set. Read more about it here and here:

  • As a best practice, you should configure the Default Domain Policy GPO only to manage the default Account Policies settings, Password Policy, Account Lockout Policy, and Kerberos Policy“.
  • “As a best practice, you should configure the Default Domain Controllers Policy GPO only to set user rights and audit policies.”
  • “Do not modify the default domain policy or default domain controller policy unless necessary. Instead, create a new GPO at the domain level and set it to override the default settings in the default policies.”

If you find yourself in an AD environment where the Default Domain Policy has been heavily modified, and you need to get back to the what the original policy was, you can accomplish this by running the following commands:

dcgpofix /ignoreschema /target:Domain
dcgpofix /ignoreschema /target:DC

As always its a good idea to either document and/or backup the current GPOs.

Here are the Default Policies for review:

Default Domain Controllers Policy Default Domain Policy

Tagged with: , , , , , ,

Setting up Windows Root CA on CentOS 6.9 Linux server

Posted on by chris Posted in Certificate Services 1 Comment ↓

Hello and welcome.
It is that time for me to add a new article to the blog. I know, I KNOW.. Its been a long time.. I’m sorry…

In today’s blog post, I will be covering the process to setup a root certificate on a Linux host, and the process of generating a CSR and adding it to Apache.
There are many, many, many articles walking through the creation of a self-signed certificate on Linux. If there is any question to that, take a look here, here, here, or here; Just to name a few..
With that being said, there are very few articles that walk through the entire process of pulling a root certificate from a Windows Active Directory or Stand Alone CA, importing it into a linux host, and then creating a certificate for use on that linux host for Apache.

That is exactly what I’m going to cover today.

NOTE – This article is the culmination of piecing together several different articles from multiple website sources. My intent was to pull all of these different materials into one location for ease of reference. I will be incorporating several pictures and steps directly from those websites, and I have a reference link to that content in the source links below.

Assumptions:

  1. You have already built your physical/virtual machine
  2. You have setup apache and the service is running without issue
  3. You have iptables entries created to allow traffic for both http and https 
    # iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
  4. You have installed mod_ssl and openssl by running : 
    yum install mod_ssl openssl

Acquire the root certificate from ADCS

The first step and most important step for all of this magic to work, is we need to have the Root certificate loaded into the certificate store on our Linux host. Unfortunately, the formats of these certificates are not always compatible, so we need to make sure that the Microsoft PKCS #7 format is converted into the PEM format commonly used on linux hosts. After you have acquired your root certs from the CA, we need to convert them.

  1. After you receive the certificate from the CA, double-click on the certificate to open it.
    When you open the certificate, it appears as shown in the following screen shot:
  2. Locate the path of the certificate on your computer and double-click on the certificate again to open it.

  3. Select the Details tab.
  4. Click Copy to File.

  5. Click Next in the Certificate Export Wizard window.
  6. Select the Base-64 encoded x.509 (.CER) option. This converts the certificate to PEM format.
  7. Click Next.
  8. Click Browse and select a location to store the converted PEM
  9. Click Next.

  10. Click Finish.

    After converting the certificate to PEM format, the certificate has an extension .cer.
  11. To verify if the certificate is in PEM format, change the extension to .txt or .doc. The file must start with the line “ BEGIN CERTIFICATE”, as shown in the following screen shot:
  12. Using WinSCP, copy the converted .pem certs to: 
    /etc/pki/ca-trust/source/anchors
  13. Run the following commands to import the root certs into the certificate store. 
    # update-ca-trust enable

    followed by:

    # update-ca-trust extract
  14. Verify the root CAs are OK 
    # openssl verify LegacyIssuing.cer
LegacyIssuing.cer: OK

Create a CSR for the Linux Server
Next we have to generate a Certificate Signing Request to be submitted to the Microsoft CA, which will in turn generate a certificate for our website, which is then signed by the root CA, and trusted by the Linux host.

  1. # cd /tmp
# openssl req -nodes -newkey rsa:2048 -keyout service.something.key -out service.something.csr
  2. Copy the csr and key out to your windows machine via winscp.
  3. Open the CA website, and request a certificate
  4. Based on your specific implementation, you may need to submit an “advanced certificate request”
  5. Paste the contents from the CSR file into the box
  6. Retrieve the certificates from the site.

Import generated cert into linux certificate store

Now that we have our cert generated, we simply need to copy it back into our certificate store. For this, we will need the key, the cert and the csr files.

  1. Copy to the following paths: 
    cp service.something.cer /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/service.something.key
cp ca.csr /etc/pki/tls/private/service.something.csr
  2. Update the Apache SSL configuration file : 
    vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
    • Change the paths to match where the Key file is stored. If you’ve used the method above it will be 
      SSLCertificateFile /etc/pki/tls/certs/service.something.cer
    • Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is: 
      SSLCertificateKeyFile /etc/pki/tls/private/service.something.key
  3. Finally, Quit and save the file and then restart apache 
    service httpd restart

That’s it folks! You should now be able to connect to your ssl host, and not get prompted to accept that ugly self signed certificate. The only thing left to do, and setup a redirect to send all those ugly insecure connections to your new awesome https connection.. We’ll save that for another blog post!

Tagged with: , , , , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 6

Posted on by chris Posted in Microsoft No Comments ↓

Hello and welcome back to episode 6 of my 6 part series, where I explored the epic journey to Microsoft Ignite 2017, down in Orlando, FL at the Orange County Convention Center, Sept. 25th – Sept 29th. This is it. The final blog entry, this is what you’ve been waiting for. All of the juicy bits from the Microsoft Ignite Conference.

So, what are you waiting for.. Read on for more.

Beginning with the Keynote address, Satya Nadella framed this years MS Ignite as the Ignite of “Digital Transformation”.

“Digital technology is impacting all aspects of our society and economies, creating unprecedented opportunity for organizations of all sizes,” said Satya Nadella, CEO, Microsoft. “I’m optimistic and inspired by the ingenuity of customers, partners and developers everywhere that are pushing the frontiers of what’s possible with mixed reality and artificial intelligence infused across Microsoft 365, Dynamics 365 and Azure, to transform and have impact in the world.”

In my opinion, this isn’t entirely new stuff here, as Microsoft has been talking about “The Cloud”, and “Transformation”, for quite some time now. So, not too shocking here. Some other key take-a way’s were the replacement of Skype for Business with MS Teams, AI solutions, deeper integration between Microsoft 365 app and flow, Azure stack, as well as many others. If you’d like to read about all of the other announcements, click here. Or if you’d prefer, watch the entire keynote here:

 

Next, I’ll cover the sessions I attended this year.

The focus for Intertech is looking to leverage Azure in more of our day-to-day operations. We currently use Azure only as a sandbox, however, we are researching how we can harness the power and flexibility of Azure, while sprinkling in some DevOps to automate our process to promote from Dev to Prod. This means working with Visual Studio, and Team Services. Additionally, we leverage Office 365, so I also focused on sessions that revolved around Azure and Office 365 in general, but also specifically around Sharepoint and Exchange online. Additionally we use SCOM 2016 for monitoring and alerting of system issues within our network.

For the sake of keeping this blog post, under 50 pages, I will post the top 8 sessions I attended. I’ll give the brief summary of each session, add any notes or take-a way’s I had, provide a link to the session video, and any slides, if available.

As you will recall from Episode 5 of my series, I was interested in more then 8 sessions, but as I outlined, you cannot always get to every session you want to view. The sessions I was interested in, but failed to attend are listed below.

  • What’s new and upcoming in AD FS to securely sign-in your users to Office 365 and other applications
    • This session discusses incorporating new features from AD FS (Active Directory Federation Services) to be able to login from any location and any type of device.
      • Of interest was the discussion on supporting Windows Hello through ADFS.
    • https://youtu.be/set0NwKRW7c
    • Slide Deck
  • Accelerate your digital transformation with SharePoint and OneDrive
    • This session is a high level road map on Sharepoint and Onedrive for business. Also discussed are new features coming to both products in the near future.
    • https://youtu.be/fuo8ufWE_IQ
    • Slide Deck
  • Automate all things! Microsoft Azure continuous deployment
    • This session discussed and provided an example of setting up a release pipeline workflow to develop in Visual Studio, and promote to Azure leveraging Microsoft Visual Studio Team Services.
      • Great demo of using Team Services to setup CI, which shows a build process, and all of the features available within Team Services.
    • https://youtu.be/QgkiK961t5w
    • Slide Deck
  • Manage hybrid cloud and transform your workplace with PowerShell and Azure Automation
    • In-depth discussions on how to use Azure PowerShell on Windows, macOS, Linux, or from your browser with the Azure Cloud Shell.
      • Automation is essential for DevOps
    • https://youtu.be/oOiwcN6DAwQ
    • Slide Deck
  • Defense against the dark (cloud) arts: Azure security deep dive
    • Session covers the Microsoft Azure Cloud Security Platform.
      • Fantastic demos of a hack in progress, and how its mitigated.
      • Shows how to use Azure security center to create security policy for patching and protection
      • Shows how to leverage Office 365 Security and Compliance Center
    • https://youtu.be/avW67hLSOEQ
    • Slide Deck
  • Deploying and Managing Skype Room Systems and Microsoft certified devices
    • This in-depth session also walks through the details of how to properly set up your overall environment.
      • Also discussed specifics on tuning the room, and sizing the proper solution
    • https://youtu.be/yJln8gSbNvo
    • Slide Deck
  • Build your personalized and social intranet with SharePoint, Yammer, Delve, OneDrive and Teams
    • Hear how other companies built their intelligent intranets and learn how to use capabilities of SharePoint, OneDrive, Office Delve, Yammer, Microsoft Teams to create cohesive experiences.
      • Hub sites, themes and site design
      • Biz Apps, Flow integration to pipe data into pages
      • Story from Rick Garcia, United Airlines – Building 2016 on-prem farm, upgrading from SP 2010.
      • Story from Brian Duke, Thermo Fisher – Building new intranet
      • Story from Greg Nemeth, EY – Business transformation, vision for 2020 and beyond
    • https://youtu.be/N2V8L4U5cCs
    • Slide Deck
  • Case of the unexplained: Windows troubleshooting with Mark Russinovich
    • Finally, always a favorite of mine. In this session, see case studies on how to resolve system and application issues using the Systernals tools.
      • Uses the following tools: Process Explorer, Process Monitor, and Windows Debugger.
    • https://youtu.be/qouxznNC2XU
    • Slide Deck

List of the other sessions I had interest in, but couldn’t make it.

  • Anti-phishing with Office 365 Advanced Threat Protection
  • Azure hold’em DevOps
  • Azure Networking inside and out
  • Build a modern intranet: Real-world planning, information architecture, governance, and adoption
  • Build your personalized and social intranet with SharePoint, Yammer, Delve, OneDrive and Teams
  • Continuous delivery on Microsoft Azure using Visual Studio Team Services
  • Datacenter transformation – a roadmap for platforms, processes, and people
  • Deep-dive: Azure Active Directory Authentication and Single-Sign-On
  • Empower IT and developer productivity with Microsoft Azure
  • Expert-level Windows 10 deployment
  • Inside Exchange Online
  • Inside Microsoft Azure datacenter hardware and software architecture with Mark Russinovich
  • Learn best practices for SharePoint site owners
  • Manage SharePoint and OneDrive in Office 365: A field guide for administrators
  • Microsoft System Center 2016 in action: Customer use cases to implement today
  • Microsoft Azure and Office 365 together: The modern business development platform
  • Learn about our vision and upcoming innovations for Microsoft Remote Desktop Services
  • Locking down access to the Azure Cloud using SSO, Roles Based Access Control, and Conditional Access
  • Implement best practices with Office 365 Groups
  • The secrets to getting the best experience out of SharePoint Online
  • The Sysinternals tools make you better at your job

And with that, we have reached the end of this series. I hope you have enjoyed reading this blog series as much as I enjoyed creating it for you.

If you want to read any of the other posts in the series, check them out below:

Microsoft Ignite 2017: Journey of an IT Guy – Episode 1

Microsoft Ignite 2017: Journey of an IT Guy – Episode 2

Microsoft Ignite 2017: Journey of an IT Guy – Episode 3

Microsoft Ignite 2017: Journey of an IT Guy – Episode 4

Microsoft Ignite 2017: Journey of an IT Guy – Episode 5

Do you have any questions? Anything you feel I missed? Tell me about it in the comments below.

 

Tagged with: , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 5

Posted on by chris Posted in Microsoft No Comments ↓

Hello and welcome back to episode 5 of my 6 part series, where I explore the epic journey to Microsoft Ignite 2017, down in Orlando, FL at the Orange County Convention Center, Sept. 25th – Sept 29th. As you will recall from episode four, we explored places to eat around the conference center venue. In this month’s episode, and as promised, we will be covering the session catalog, and scheduler.

With that out of the way, lets get started.

What is the session catalog?

The session catalog is a listing of all of the sessions/topics you can attend while at the Microsoft Ignite conference. You can find the session catalog here.

As you can see from the above screenshot, there are currently 1,130 sessions in the catalog. Think of these “sessions”, as open discussions on topics, where both Microsoft engineers, and distinguished guests/volunteers will cover topics ranging from the very basic to the very deep in the weeds.

These sessions could be delivered in the following formats:

  1. Open forum Q/A, where the presenter launches the topic, and essentially asks for the participants to ask questions.
  2. Presentation style, where the presenter simply talks about the session topic and may or may not take questions
  3. A guest panel. A panel is when 2 or more experts on the topic, will round table discuss their experience with the topic, and usually do Q/A with the attendees.

What is the session builder/scheduler?

The session builder is a web based tool, located on the myignite portal, that is used for you to plan out what sessions you intend to attend. Essentially, you will add sessions you are interested in, and it will create an agenda of topics to attend while at the conference. Once you have completed your agenda, you’ll be able to export your schedule to your calendar and/or print it out

The session builder is located at the same URL for the session catalog. If you login with the account you used to register for Microsoft Ignite, you will now notice that you have a button to add sessions to your schedule.

 

How do I use the session builder?

Using the scheduler is easy. Simply find the sessions you want to attend, and click the button “Add to Schedule”. After you have added all of the sessions you are interested in, you can preview your agenda by selecting the link in the top navigation bar, and selecting “My Conference -> My Schedule

You will be presented with a page that is similar to mine below.

As you can see, I have a lot of overlapping sessions. That’s okay. I will pick the sessions I really want to see in person, and any of the other sessions I can’t attend, Microsoft will make available for viewing after the conference via the myignite website.

So how do I pick the sessions I want to see?

The session scheduler has a fantastic search feature. Simply input the terms your interested in in attending. You can search by topic, by presenter, or you can even refine results by using the filters on the left of the search window.

You can see below, I put in “Mark Russinovich” and I can see all of the sessions Mark is presenting in.

So to summarize:

  • The session catalog/builder is located on the MyIgnite website. You can also locate it via the Microsoft Ignite website here.
  • Do you have a question about a specific session, reach out to Microsoft via Twitter @MS_Ignite, or use the Microsoft Tech Communities – These locations are really good at getting back to people with questions about the conference. I asked a question via Twitter, when they were making the session catalog available, and they got back to me within the day. yay!
  • Watch the twitter feed and tech community for opportunities to meet up, and join into small round table discussions.
  • Keep an eye open for opportunities to join focus groups. If you receive an invitation to attend one, I’d highly encourage you to participate! These are great opportunities to ask questions and provide feedback to developers/engineers for a specific product. Its also a great opportunity to network with others.
  • Don’t worry about scheduling more than one session per time slot! While you obviously can’t be in multiple places at once, you may arrive to find a session room is full, or a session earlier in the day may leave you wanting more info on that topic in the afternoon. After the conference is over, you can always watch the sessions you missed on-demand via the myignite website.
  • Don’t worry about gaps in your schedule. You will want to leave time open to participate in Hands-on-Labs, networking with other attendee’s, and perusing the expo. Hands-on Labs are fun, self-paced, training, where you can experiment with different Microsoft tools, software, or solutions. You can work them into your schedule around any sessions on your list.
  • Finally – Remember, adding a session or lab to your agenda does not guarantee you a seat in the room. Seating is on a first-come, first-served basis.

That’s it for now! That was fun! I hope you have enjoyed this series meant to prepare you for the epic journey to Microsoft Ignite. This is the final blog entry until the conclusion of the conference. The next entry will be after I have returned from the Ignite conference, and I will cover all the sessions I attended. So, for now, I’ll leave you until the end of Sept.

As before, follow me on Twitter (@chrisrbmn), and keep an eye open for my tweets during the conference. I will be tweeting any Microsoft Ignite 2017 content, making daily updates, including but not limited to the keynote speech, along with any sessions I attend.

Do you have any questions? Anything you want me to add to the series? Tell me about it in the comments below.

Tagged with: , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 4

Posted on by chris Posted in Microsoft No Comments ↓

Hello and welcome back to episode 4 of my 6 part series, where I explore the epic journey to Microsoft Ignite 2017, down in Orlando, FL at the Orange County Convention Center, Sept. 25th – Sept 29th.

As you will recall from episode three, we explored airfare and travel to/from the conference center to your hotel and the airport. In this month’s episode, I had previously mentioned in episode three that we would cover the session catalog. I have had a change of heart in the past month, and thus decided that rules were meant to be broken; So instead of this months episode being all about the session catalog, we will instead discuss the local food in the fine city of Orlando, FL. So, with that out of the way, get back too it!

Grub

While I love to eat (Perhaps too much as my wife tells me) – I am not a food expert. I like what I like, and therefore I will give you my opinions on local eats, in the city of Orlando near the Convention Center. Some of these are local restaurants, some are national chains, which you may have tried yourself. I can guarantee all of these selections will at least fill your stomach.

Additionally, keep in mind, that these restaurants are primarily selected for dinner. (As they will be feeding lunch at the conference.)

In looking at restaurant near the convention center, there are hundreds of restaurants to sample. According to TripAdviser, there are at least 200 restaurants within 5 miles of conference center. So for the sake of not making this episode incredibly long, I will briefly cover 5 restaurants within 5 miles of the conference center. These are all my opinion, and on the bright side, my suggestions will give you at least 1 restaurant to try a day. That is, if you’ve never been to Orlando before, and are willing to take a chance off a blind recommendation! Heh – you’re adventurous aren’t you?

One other note – I’m basing my ratings and pricing off of ratings viewed on TripAdviser, and reviews I gathered off a local flog (food blog). So take it or leave it, here are my 5 suggestions. If you have any suggestions of your own, please feel free to share them in the comments below.

Restaurants Near Microsoft Ignite 2017

  1. Anthony’s Coal Fired Pizza
  2. Fogo De Chao
  3. Spencer’s
  4. Bonefish Grill
  5. Yard House

Anthony’s Coal Fired Pizza


Anthony’s is dubbed; “casual chain serving charred-crust pies, wings and subs in a modern setting.” According to TripAdviser, the food is a 4.5 out of 5, and expect to spend $10-30 bucks for a pizza pie. Learn More

Fogo De Chao


Fogo De Chao, is a Brazilian steak house. Bring your appetite, because you will leave this place absolutely stuffed. Servers (Called Gauchos), circle around your table, and continually fill your plate with different cuts of meat, until you set the colored dial on the table to red (Indication to stop) Word of caution, don’t over eat at the salad bar. According to TripAdviser, the food is a 4.5 out of 5, and I will personally give a thumbs up too. Expect to spend a little more here for a meal. A meal here will set you back $30-60. Learn More

Spencer’s


Spencer’s is an America Steakhouse nestled into the Hilton Orlando. Expect to bring an appetite, and a wad of cash, as its definitely on the pricier side if you’re on a budget. If you can swing it, it is definitely well worth the price. According to TripAdviser, the food is a 4.5 out of 5, and expect to spend $30-60 bucks. Learn More

Bonefish Grill


Bonefish Grill is an America Seafood restaurant. If you like seafood, you will like Bonefish. Ask for the swordfish, you wont regret it! According to TripAdviser, the food is a 4.5 out of 5, and expect to spend $10-40 bucks. Learn More

Yard House


And to round out the list, The Yard House is the quintessential burger joint. According to TripAdviser, the food is a solid 4 out of 5, and expect to spend $10-30 bucks. Learn More

Summary

That brings us to the end of episode 4! I know, this episode was a little light.. I promise, I’ll make it up with our next episode! Only 1 more episode remains prior to the conference. In the next episode, I will cover the conference agenda, the session catalog and the MyIgnite website. Also – Just a reminder, that while episode 5 will be released on August 24th, episode 6 will not actually be released until after the conclusion of the conference. I just don’t want you anxiously awaiting my September release on the 24th.. You should be out enjoying all there is to learn at the conference, just like me!

As before, follow me on Twitter (@chrisrbmn), and keep an eye open for my tweets during the conference. I will be tweeting any Microsoft Ignite 2017 content, making daily updates, including but not limited to the keynote speech, along with any sessions I attend.

That’s it for now! So, for now, I’ll leave you until August, 24th.

Do you have any questions? Anything you want me to add to the series? Tell me about it in the comments below.

Check out the rest of the posts in this series:

Microsoft Ignite 2017: Journey of an IT Guy – Episode 1

Microsoft Ignite 2017: Journey of an IT Guy – Episode 2

Microsoft Ignite 2017: Journey of an IT Guy – Episode 3

Tagged with: , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 3

Posted on by chris Posted in Microsoft No Comments ↓

Hello and welcome back to the 3rd installment of my 6 part series, where I explore the epic journey to Microsoft Ignite 2017, down in Orlando, FL at the Orange County Convention Center, Sept. 25th – Sept 29th.

As you will recall from episode two, we tackled registration and accommodations. In this month’s episode, we will discuss purchasing airfare and transportation to and from the conference center venue. With that out of the way, lets jump right in.

For the sake of this episode, I will assume that most of you are flying in for the entire conference, not including the pre-sessions. Obviously, if you are planning to attend a pre-session, you will want to adjust your dates accordingly. For the rest of us, we will likely be flying into Orlando on Sunday, September 24th, prior to the conference, and staying until Friday September, 29th, which is the last day.

Purchasing Airline Tickets for Microsoft Ignite 2017

Interestingly, most people I discuss travel with make airfare their top priority, and always rush to purchase airline tickets. I believe most people feel the common theme to purchasing airfare is synonymous with the adage, “the early bird gets the worm”. Meaning, the earlier you buy tickets the cheaper the tickets are. While this may have some truth to it, I have often found the sweet spot for airfare to be somewhere between 2-3 months out from your anticipated travel date, and for some odd reason, Tuesday’s and Wednesday’s always appear to be the days that airlines drop prices on tickets.

The reality is that airline ticket prices fluctuate from month to month. You should expect to budget $500 for a base economy round trip airfare.. Depending on the carrier you settle with, and any upgrades you may require, this price can increase further, especially when they add in taxes, etc. There are several app’s such as hipmunk, or hopper, which actually track airfare price changes on your behalf, and can send you notification, when the prices are at their lowest. I personally use hopper, as I find its interface to be easy on the eyes, and very intuitive.

I am very much a “less is more” kind of guy, as I remember back (dating myself here) to when airlines checked our bags for free, gave us a drink, and a snack/meal, at no additional cost. So when I fly today, I always eat early, arrive to the airport early (at least 2 hours), and only buy a beverage or snack in the terminal, prior to boarding the plane, because I prefer to not pay any more for services on the plane, which I still feel should be included at no cost. Anyways, I digress.

If you are checking a bag, expect to pay anywhere from $20 – $75 per bag, depending on its weight. If you are planning to carry on, make sure to check the airlines website, to get the bag’s maximum dimensions allowed for carry on. Almost all the airlines allow 1 carry on bag, and 1 personal item. (such as a backpack, or a purse.), anymore, and expect to pay either a fee for the carry on, or the airline may require you to check the bag.

Depending on how you feel about traveling through security, you may want to consider CLEAR, or TSA PreCheck. CLEAR and TSA PreCheck are expedited security screening programs, and work to expedite the security screening process, by registering and paying a fee. CLEAR, uses bio-metrics to verify your identity, and after you are authenticated you are allowed to use the TSA PreCheck line through security. On the other hand, TSA PreCheck allows you to preregister, complete a background check, provide fingerprints and after complete, you will receive a Known Traveler Number (KTN). This KTN can be including on your profile for any airlines, and it will be printed directly on your boarding pass. This allows you to receive expedited service via the TSA PreCheck line for any flights that participate.

The cost for each of these services is:

Additional Note – While PreCheck is often a savior and provides expedited service through security, keep in mind, anyone for any reason can be selected for further screening, so plan accordingly, and always expect the unexpected.

Transportation

Finally in this episode, lets briefly discuss transportation. Depending on your plans, and what you intend to see/do while in the Orlando area, you may or may not be interesting in renting a car to adventure around the city. If you do rent a car, expect to pay at least $300 for the week depending on who you use, and I would encourage you to prepay for the tolls as they quickly add up while driving around the city. If you are comfortable stopping for gas prior to returning the car, you will save a substantial amount over pre-paying for fuel. There are several gas stations within 10 miles of the airport, so finding a gas station prior to returning the rental, shouldn’t be a problem. Just don’t forget to fill up prior to returning the rental car, as they will slap you with a pretty hefty penalty for not returning the rental car with a full tank of gas.

Airport

It will take approximately 20 minutes to drive from the Airport to the Convention Center. All attendee’s are responsible for their own transportation to/from the Airport to their Hotel. For information on ground transportation options to and from the Orlando International Airport, click here.

Convention Center

If you booked your hotel via the Microsoft Ignite registration system as I highly encouraged you to do in Episode 2, you will be provided shuttle service between your hotel and the convention center. If not, and if you are not booked at one of the hotels listed on the MS Ignite Pricing page, you will likely need to either rent a car, or pay for taxi service to and from your hotel to the convention center.

Summary

So we’ve come to the end of episode three! We are half way to Microsoft Ignite! Wow, that was an adventure! So, for now, I’ll leave you until July, 24th. In the forth episode I plan to devote the discussion to the session catalog, and planning your agenda.

As before, follow me on Twitter (@chrisrbmn), and keep an eye open for my tweets during the conference. I will be tweeting any Microsoft Ignite 2017 content, making daily updates, including but not limited to the keynote speech, along with any sessions I attend.

Do you have any questions? Anything you want me to add to the series? Tell me about it in the comments below.

Tagged with: , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 2

Posted on by chris Posted in Microsoft No Comments ↓

Hello and welcome back to episode 2 of my 6 part series, where I explore the epic journey to Microsoft Ignite 2017, down in Orlando, FL at the Orange County Convention Center, Sept. 25th – Sept 29th.

Now begins the journey to make sure you have started/completed all of the following:

  • Registration and costs to the conference
  • Accommodations
  • Airfare
  • Transportation to/from you hotel
  • Food (Yes, you will need to eat)

I’ll take each of these, and break these out into their own discussion. Some of these we can tackle up front, others you may want to hold off on for now. Don’t worry, I’ll hold your hand the entire way…

Microsoft Ignite 2017 Costs and Opportunities

At this point, maybe you have registered/purchased your tickets to the conference via the Register URL. Fantastic, good for you. You’re all done, and I will see you there! Skip right down to the Accommodations section.

What if you haven’t? What should you select? Ohh, all the decisions. What you select largely depends on what you are looking to get out of the conference. Ignite offers all types of pre-day training opportunities, a test center, and a variety of different add-on / day to day passes for all aspects of attendance. Microsoft Ignite 2017 costs vary depending on what you are looking for.

Full Conference Pass – $2,220

So, lets say you want to attend the full conference for the week, and nothing more. Easy peasy. You want the “Full Conference Pass”; Select this during the registration, drop the $2220, and the hard work is done.

Convenience Pass – $490

What are these other selections though? Well, its pretty simple. The Convenience pass, gives you accommodations to the stay at the hotel that is directly connected to the conference center. It will cost ya an extra $490 dollars.

Women in Tech Pre-Day Session – $199

Are you a woman looking to patent something, or seeking assistance getting your business off the ground? Maybe you’d be interested in the Women in Tech Pre-Day session designed to assist you with your business ventures. This session takes place on Sunday the 24th, and will set you back $199.

Pre-day Training – $500

Are you seeking some additional hands on specialized training directly from the experts who created it? Sign up for Pre-day training, and select what you’d like to specifically cover. This training also takes place on Sunday the 24th, and will set you back $500 dollars.

Discounts

Looking to buy in bulk? Get a discount for buying 10 or more passes. Are you a student and academic faculty, you also qualify for discounted passes. Yay for school!

Single-Day Pass – $350 / Sessions and Expo Pass – $500

There are also single-day passes, which offer access to either the expo alone, or sessions and expo, each on a day by day basis. These are $350 and $500 per day respectively.

Accommodations

First and foremost, you’re going to want to secure a hotel room that is reasonably close to the Orange County Convention Center, and you will want to do this as soon as possible. These rooms sell out fast, and by fast, I mean like grease-lightning fast. Trust me, do not wait until a month or less to book a hotel. You will likely find that everything within 25 miles of the conference is sold out, and you may be driving in from a far away suburb. Take it from me, book early! You can wait on everything else, but book your hotel first.

Even better, book while registering for the conference! Microsoft has made it so easy to book accommodations to their conferences during the registration process. During the registration, you will be given an opportunity to book a hotel at the time of registration. I highly encourage you to do so. All the cool kids are doing it now, and so can you. I commend Microsoft for this. It makes it so much easier to book the conference and the accommodations at the same time, and takes a tremendous amount of burden off from you the attendee to try and find the best hotel in proximity to the venue. All the hotels they list are convenient to the venue, and you can be almost guaranteed that if Microsoft is listing it, they will have free bus/shuttle service to and from the conference. ANOTHER WIN!

To Recap

View the pre-conference and conference offerings, and decide what best fit your needs and budget. If you have opportunity, book accommodations at the same time you register for the conference. If you cannot: BOOK IT as soon as you have approval to do so.

So, we’ve come to the end of episode two of my six part blog series! I hope you’ve gained some new information. So, for now, I’ll leave you until June, 24th.

As before, follow me on Twitter (@chrisrbmn), and keep an eye open for my tweets both before and during the conference. I will be tweeting any Microsoft Ignite 2017 content, making daily updates, including but not limited to the keynote speech, along with any sessions I attend.

Do you have any comments or questions? Anything you want me to cover, or you feel I missed and want me to add to the series? Tell me about it in the comments below.

Tagged with: , , , , , ,

Microsoft Ignite 2017: Journey of an IT Guy – Episode 1

Posted on by chris Posted in Microsoft No Comments ↓

Good morning, good afternoon, good evening fellow blog readers, IT admins, DEVs and Intertech enthusiast!

Are you or any of your fine fellow IT experts excited and prepped to attend the Microsoft Ignite 2017 conference but don’t know what to do? or how to do it? Have you ever been to a conference? Well, look no further, because I have all you need right here.

Hello, my name is Chris Budde, and I am the Principal Engineer at Intertech in Eagan, MN. I have been working in the IT industry for 17 years now, and this will be my 3rd attendance to a Microsoft Ignite Conference. 5th conference in total.

This little gem here is my first episode of six monthly blog posts detailing my journey to Microsoft Ignite 2017 this year in Orlando, Florida. The conference is set to occur this year, Sept. 25th – Sept 29th down at the Orange County Convention Center.

The Purpose of this Series

The purpose of my Journey of an IT Guy series will be to:

  • Cover the several months of planning and preparations leading up to the Microsoft Ignite 2017 conference
  • Inform you of the essentials
  • Provide information from the sessions I attended during the conference

Don’t fret if you’re not technical. I do not intend to make these blog post overly in-the-weeds or highly in-depth. I do intend to scratch the surface, explore topics relevant to our company, and look into Cloud and DevOps opportunities which our consultants may find useful in the future.

Where possible, I will do my best to include direct links to Microsoft Ignite 2017 content, references to any available materials, twitter handles, presenters names, and any other details which I am authorized to share.

I intend to create a new blog post one time a month on or before the 24th of each month for the next 6 months leading up to start of the conference. After that, I’ll follow up with a summary of everything I took away after the conference concludes.

Please follow me on Twitter (@chrisrbmn), and keep an eye open for my tweets during the conference. I will be tweeting any Microsoft Ignite 2017 content, making daily updates, including but not limited to the keynote speech, along with any sessions I attend.

I think that’s it for now! So, for now, I’ll leave you until May 24th.

Do you have any questions? Anything you want me to add to the series? Tell me about it in the comments below.

Tagged with: , , , , , ,

SCOM 2016 – Linux Agent Deployment “Signed certificate verification operation was not successful”

Posted on by chris Posted in System Center No Comments ↓

Today, while trying to add my linux servers to my new SCOM 2016 environment, I ran into an interesting issue.

When deploying the agent to my CentOS 6.8 server, all was going fine, then suddenly *holy drama!* – the agent install fails, indicating “The SSL certificate could not be checked for revocation”
When clicking the details link, this is what is shown:

SCOM uses ssl to communicate via between the management server and the monitored system/server/client, etc. The problem I faced is that the server has a host name set to SERVER.DOMAIN-COOL.COM, and in order to authenticate successfully the HOSTNAME name MUST match the FQDN (fully qualified domain name) of the name that is resolved by SCOM. i.e. SERVER.DOMAIN.COM.

If you are facing this scenario and your UNIX/Linux server has a different hostname then what is in DNS you have two choices. Either you change the hostname on your server, which may or may not be an option, or you create a new certificate with the FQDN hostname and private key without touching the server name at all using the scxsslconfig tool. I decided to perform the latter. Just open the a shell and run…

/opt/microsoft/scx/bin/tools/scxsslconfig –h server –d domain.com -f –v

After executing the command, make sure to restart the agent.

/opt/microsoft/scx/bin/tools/scxadmin –restart

After the service is restarted head back to your SCOM console, and attempt to manage the linux server again.
This time it will complete successfully.

Tagged with: , , , , , ,

DPM, Windows Server Backup and “The backup storage location is invalid” error..

Posted on by chris Posted in Windows Server 2012 R2 No Comments ↓

While working with DPM, I came across an issue, where my internal backup of the DPM server, kept failing with “DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 546, WSB Error Code: 0x10851A0). (ID 30229 Details: Internal error code: 0x80990ED0)”

Upon closer inspection, when I launch an admin command prompt and attempt to perform a local backup using wbadmin:

wbadmin start systemstatebackup -backupTarget:c:

I receive the following error:
The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location.

wbadmin_fail

The solution to this issue, is to simply add a new key to the registry.
Create the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine.
 Create a key called "SystemStateBackup"
 Set the value of this entry as follows:
 Name: AllowSSBToAnyVolume
 Data type: DWORD
 Value data: 1

wbadmin_registry

Immediately after creating the key, the backups should complete successfully.

wbadmin_success

Tagged with: , , , , , ,
Top