Microsoft ended support for Windows Server 2003 on July 14th, 2015

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/

Since by design, you cannot recover from a CA root certificate expiring, sometimes you need to limp along, and continue to issue certs even though you cannot necessarily revoke them, because the CRL published in Active Directory is now incorrect, or offline.
While we can argue all day about the benefits/detractors of this, here it is:
To bring the CA Root back online after the Root certificate expires, issue these commands in an elevated powershell:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Now, go back to the drawing board, and PLAN your PKI implementation, and DON’T LET YOUR CA ROOT CERTIFICATE EXPIRE!!!

Incidentally, once you’ve fixed your certificate snafu, to stop ignoring offline CRLs, do this in an elevated command prompt:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Terminal Services can only print to your LPT printers (with proper driver installed on the server). In order to print to network printer or USB printer,

1. Install the printer normally (connecting via TCP port or USB port) and make it a shared printer (ie. \\COMPUTERNAME\PRINTER)
2. Install ANOTHER instance of the printer, using the LPT1: (or LPT2:) port
3. Launch an administrative command prompt, and map the LPT port to the shared printer instance:

net use lpt1: \\COMPUTERNAME\PRINTER /persistent:yes

Now, you have an LPT: printer. If you set it as your default printer you can print locally, and Terminal services should now allow you to print from your TS session, as well.

I’ve run into this a couple times recently after clients have been migrated to Office 365. Office 365 by default sends messages in the Transport Neutral Encapsulation Format (TNEF) format. This is a rich text format and some email servers aren’t able to interpret it, and will therefore replace attachments with winmail.dat files (very common with clients on Macs). The fix is to use PowerShell to change disable TNEF. There is a TechNet article that shows you how to disable TNEF for when sending to specific domains or email addresses, but in my opinion that’s not acceptable for a client because they will need to contact us to have it changed every single time they encounter someone who cannot receive attachments from them. The fix is to connect to Office 365 via PowerShell and then do one of the following…

Option 1: Disable for Specific Domain (example uses wyldehare.com as the domain you are sending to)
1. New-RemoteDomain -DomainName wyldehare.com -Name WyldeHare
2. Set-RemoteDomain -Identity WyldeHare -TNEFEnabled $false
3. Get-RemoteDomain -Identity WyldeHare| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)

Option 2: Disable for Specific Email Address
1. No point in doing this since the email server is usually what causes this.

Option 3: Disable Globally (recommended)
1. Set-RemoteDomain Default -TNEFEnabled $false
2. Get-RemoteDomain -Identity Default| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)

The change does not take immediately. I have not seen it documented anywhere, but I do know it doesn’t take place immediately. I had a client test this right after I made the change and it didn’t work, so I had them try again in the morning and it worked. I would guess at somewhere between 15 minutes and a few hours.

We’ve also run into some issues recently where users have been receiving winmail.dat attachments.  This is usually caused in cases where the client has the SMTP proxy enabled on their WatchGuard.  By default, the SMTP proxy strips some of the headers out of the email that identify it as a Rich Text Formatted email. If the email client does not have the header information needed to interpret the winmail.dat attachment, the email client cannot display the proper formatting of the email, and incorrectly displays the attachment as a winmail.dat file.  To resolve, do the following…

1. Start Policy Manager for your XTM device.
2. Double-click the SMTP-Proxy used for inbound email.
   Or, right-click the SMTP-proxy and select Modify Policy.
   The New/Edit Policy dialog box appears with the Policy tab selected.
3. Adjacent to the Proxy action drop-down list, click View/Edit Proxy.
   The SMTP Proxy Action Configuration dialog box appears.
4. From the Categories tree, select Headers.
5. In the Pattern text box, type each of these patterns and click Add to add them to the Rules list.
   • X-MS-Has-Attach:*
   • X-MS-TNEF-Correlator:*
   • X-MimeOLE:*
6. From the If matched drop-down list, select Allow.
7. From the Categories tree, select Content Types.
8. In the Pattern text box, type application/ms-tnef and click Add.
   The pattern appears in the Rules list.
9. From the If matched drop-down list, select Allow.
10. From the Categories tree, select Filenames.
11. In the Pattern text box, type winmail.dat and click Remove.
    The winmail.dat pattern is removed from the Rules list.
12. From the None matched drop-down list, select Allow.

Now, having said that, we had a client *not* using the SMTP proxy have a similar issue.  This client has Securence for SPAM filtering and there is a feature you can enable within Securence that attempts to extract the contents of Winmail.dat when necessary.  To enable, go to Settings -> Filters -> Winmail.dat Extraction.

Upgrading Your Skills to MCSA Windows Server 2012

Lots of Hyper-V, lots of DAC, and lots of powershell.
Learn it, know it, live it. ;)

I recently wanted to make a screen recording for a demo. I downloaded and installed CamStudio, and frankly, I’m *amazed* at how well it works.
You not only want this, you need it. Go download it now.
http://sourceforge.net/projects/camstudio/?source=dlp

HAHAHAHAHAHAHA
Told ya.
Here it comes, check this out. If you work in the technology field, you need to read this:
http://dmarc.org/

Registration just opened for the annual Twin Cities TechPulse event www.tctechpulse.com. Please register as soon as possible as it will fill quickly and there are limited spots available. I know you would enjoy this free event and would come away with some great information. This year if you bring a guest(s) who has never been before, we will give you an extra raffle ticket for each attendee to win one of the great prizes we will be giving away (iPads, Xbox, Laptops, LCD TVs, etc.) Just remember to have them register as a guest of SCC (Brian Hershey).

The event is April 17th in St Paul. It’s an educational event with break-out sessions covering different technology & business subjects along with a great keynote speaker, free breakfast & lunch and over $25,000 in prize giveaways.

I recently needed to migrate 7 different websites, with content, from IIS6 to IIS7.
Rather than copy everything by hand, and re-setup all the site bindings, and data sources, I decided to try using msdeploy, from http://www.iis.net

From the old server running IIS6, I ran this command first:
msdeploy -verb:getDependencies -source:webserver60
This displays all site dependencies for the IIS6 server. You need to make sure that all dependencies are installed on the new destination server. **

After insuring that all dependencies were installed, I issued this command from the new IIS7 server, to see what would happen without *actually* changing anything:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto <strong>-whatif</strong> > msdeploysync.log

Then, to actually fire the command, and migrate the websites, I ran this:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto > msdeploysync.log

YMMV, I’ll try to help if you get stuck. Let me know how it goes.

** Also, here’s the link I used to install ASP.Net 1.1 on Windows Server 2008. Thanks, Bill. You rock.
http://blogs.iis.net/bills/archive/2008/06/02/installing-asp-net-1-1-with-iis7-on-vista-and-windows-2008.aspx

Export the DHCP database from Windows 2003:
1. On the Windows 2003 DHCP server, navigate to a command prompt
2. Type the following Command: netsh
3. Type the following Command: DHCP
4. Type the following Command: server <\Name or IP Address>
5. Type the following Command: export c:\dhcpexportfile all

Note You must have local administrator permissions to export the data.

Import the DHCP database to the Windows 2008 DHCP server:
1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. Install the DHCP Role on the server.
3. Stop the DHCP server service on the server. To do this, follow these steps:
a. Log on to the target DHCP server using an account that is a local Administrator.
b. Click Start, click Run, type cmd in the Open box, and then click OK.
c. At the command prompt, type net stop DHCPserver, and then press ENTER.
d. Type exit, and then press ENTER.
4. Delete the DHCP.mdb file from c:windowssystem32DHCP folder.
5. Start the DHCP server service.
6. Right-click on the Command Prompt (cmd) and select “run as administrator”.

Note You must have local administrator permissions to import the data.
7. Type the following Command: netsh
8. Type the following Command: DHCP
9. Type the following Command: server <\Name or IP Address>
10. Type the following Command: import c:\dhcpexportfile
11. Restart DHCP and verify the database has moved over properly.