Hello EE,

I have a script to add ips to a blacklist in IIS , which works great . Thing is , I cannot locate the config file where the ip address that i denied in /system.webServer/security/ipSecurity > i is . I thought it was the applicationhost.config  in C:\Windows\System32\inetsrv\config\ but it is not there . The ip address shows in the IIS interface . This is windows server 2012 R2 , IIS 8.5

Invoke-Command -computername $node1 -credential $cred -scriptblock {
	Param($ip)
	add-webconfiguration /system.webServer/security/ipSecurity -location "IIS:\Sites\" -value @{ipAddress=$ip; allowed="false"} -pspath IIS:\
} -ArgumentList $ip

Select all Open in new window

My Hyper-V Host is running Windows Server 2012 R2 Datacenter, and on here I have about 15 VMs.

I just purchased a Windows Server 2019 Datacenter license. I'm ready to start creating 2019 VMs but I am not ready to rebuild the host with Server 2019. Is that a requirement for activating VMs running Server 2019? I believe best practice is to install Server 2019 Datacenter on the host, activate it using the unique activation key; then, any VMs I create on that host are activated using AVMA (Automatic Virtual Machine Activation) https://docs.microsoft.com/en-us/windows-server/get-started-19/vm-activation-19

But in my scenario, the host is running Datacenter 2012 R2. My plan was to (one at a time) start creating VMs running 2019 to replace the older VMs running 2012. (For example, I have a file server VM running 2012. I am going to create a new VM running 2019, configure it the same was as my 2012 VM and then decommission (delete) the 2012 VM). The end result is that one at a time, the VMs get replaced with new VMs. But the host (at least for now) will continue running 2012.

Is there another way to activate the VMs when the host is not running the first 2019 Datacenter instance? Can I create my first 2019 server as a VM and use that VM as the 'server' from where all of the other VMs are activated using AVMA? Or does AVMA only work if it can authenticate (activate) against a host that is ALREADY running (and activated) with 2019 datacenter? I am probably…

We are having an issue with an app that allows users to work on their timesheet in the accounting software remotely from their phones.

 It used to work fine until there were OS updates to the phones.

I was told by the accounting program's support that I had to do the following for the phone app to work.

Customer will need to do the following for the SSL certificate on their server:
Disable SSL2, SSL3, TLS1
Enable TLS 1.1 and 1.2:


What I do not understand is where to make these changes.  I tried using a program called Crypto which allows you to enable and disable protocols on the server from a GUI but when I made the suggested changes we could not login to the accounting software from our desktops, and the app still did not work.

My question: Is there a difference with disabling the listed protocols in Server 2012 vs. doing it in the SSL certificate that is installed for the app?

If so, where do I go to make the protocol changes in the SSL certificate?

The server running the accounting program and the SSL certificate is a 2012 R2 server.

Any help is appreciated.

we have been asked to implement a skype for business server for one of our clients.

I will confess straight away that I have no experience with skype at all, so my initial request will be somewhat fundamental!

Having looked at a few videos of the installation and setup of skype for business server, they all seem to imply that we need a complete new server. My question is therefore, do we need to purchase a complete new server along with windows server OS, or can we add this to an existing server?

The client in question already has 2 servers, one is a windows 2012 server running hyperv, which supports a domain controller / file server, and one additional file server. In addition we have a stand alone exchange 2010 server.

Would skype for business server run on say the lesser used file server, or even our domain controller, or would we need to add additional hardware whit Windows server OS etc to host this facility.

Any advice very much appreciated.

Many thanks.

We are attempting to add permission to an Active Directory service account to read a custom attribute in our Active Directory schema that has the confidential bit set. We attempted to use ldp.exe to add read permission for that attribute but but that didn't work.  Also attempted to use DSACLS to grant a group access to the attribute, and that also didn't work (from https://www.experts-exchange.com/questions/28987629/AD-Custom-Attribute-with-confidential-bit-add-security-group-to-read-it.html).  

Environment is Server 2012 R2 with domain functional level of 2008 R2.

WE allowed our RDP  license to expire and now cannot get in , it there a way to get in to the server to allow us to apply a license ?
RDPPPPPPCapture.PNG

Do any of you use quotas for user home.drives on your file servers. Can this throw up any specific challenges and what storage quotas do you allow them. I can see benefits in such an approach for capacity planning

what best practices can you suggest for the following storage dilemma. One of our partners has a windows 2012 R" file server with a data drive of 500 GB. It is used as a file server for the various departments across their organisation. It forever balances somewhere between 95% (20 GB free on a good day) used space and full, leading to service issues, e.g. users being unable to save documents. The IT team who look after the server have reservations that increasing the size of the data drive will just lead to more bad practice on the teams who save data on there, and anything they grant will eventually get filled again and encourage poor records keeping, e.g. not deleting unused historical records. Whereas I can sympathise with this viewpoint, on the flipside its a critical resource for doing business, so if its unavailable it causes major problems. What would you suggest from a strategic viewpoint to resolve this. If you have been in a similar quandary, what decisions were made and by whom. It seems an unhappy truce at present.

DB2 10.5 on Windows Server 2012 R2

This question came up in a conversation and I want to make sure my answer is correct.  If you have this query...

SELECT 
     ORDER_ID, 
     ORDER_ZIP, 
     ORDER_ADDRESS, 
     ORDER_LAST_NAME, 
     ORDER_NAME,
     ORDER_HASH,
     CREATED_TS
FROM
     ORDERS 
WHERE 
     CREATED_TS >= CURRENT TIMESTAMP - 6 MONTHS
     AND ORDER_HASH IS NULL 
ORDER BY 
     CREATED_TS DESC
FETCH FIRST 1000 ROWS only

Select all Open in new window

Will DB2 get all the orders for last 6 months, sort them by CREATED_TS, and then return the first 1000 rows or will it grab the first 1000 rows  for last 6 months, order them by CREATED_TS and return them?

I would think it has to grab all the orders for last 6 months, sort them and then return the data, otherwise it is not a true sort by CREATED_TS.  

Is that correct?

Thank you!

Jim

I have 4 windows server 2012 R2 servers in my domain which are not getting updated gp policy.  when running gpresults on them they are all showing AD / Sysvol mismatch errors.  They are not DCs.  All DCs do not have this error, and are replicating properly. All other computers in this domain are pulling correct and updated GP.  

I have tried removing them from the domain and readding.  I have installed KB KB2919394.  with no luck.  thanks.

Do files on a windows/ntfs drive leave any clues on the last time they were backed up and if so what particular attribute would that be - regardless of backup software & solution in operation.

Hi Experts,

We are planning to demote a server running Windows Server 2012 R2 which is also a Domain controller. (i.e removing AD domain services etc and shutting down the server).

This server is also a Network policy server and was wondering if it’s possible to export then import the network policy server configuration onto another server that is already a network policy server? (IE. So that the network policy / radius clients etc on the server that is due to be de-commissioned will carry on working on the other server so the  service is not disrupted)

Thanks

Hello all,
I am having to migrate a master domain controller from a Windows 2012 R2 server to a Windows 2016 server (both are standard OS) due to a failure on that 2012 R2 and the age of the server.  This server is running AD, DNS, DHCP, and WSUS
When I did a 2008 to 2012 R2 migration I did the following steps:
1)  dcdiag /v /c /e on old server
2)  Fix issue on above.
3)  Ensure AS integrated zones on DNS
4)  Bring new server (with temporary name and IP address) into AD
5)  Copy all folders and files necessary to new server.
6)  Transfer Global Catalog
7)  Transfer FSMO Roles
8)  Transfer DNS
9)  Transfer DHCP
10)  dcpromo (demote) old server
11)  Run metadata cleanup
12)  Change IP address and name of new server
13)  Deal with all shares, etc. on new server.

Are these steps all the same or are there extra steps that I am missing?
Also I have never had to transfer WSUS.  When do I do this in these steps and what are the steps to do this?

Thanks,
Kelly W.