Archive

Posts Tagged ‘Windows Server 2008 R2’

Creating a wildcard webserver certificate with your internal Microsoft CA

April 4, 2014 4 comments

It is sometimes necessary to issue a wildcard certificate from your internal Microsoft CA, I had such a requirement this week and thought it would make a nice blog post.

The post assumes you have a Enterprise CA already deployed and a web server template deployed and available for enrolment.

First we need to create the certificate request that will be issued to your CA.

1. Logon to a Windows 2008 R2 or Windows 7 domain member

2. Open the certificates MMC snap-in

 

image

 

image

 

image

 

image

 

image

 

Now create the certificate request

3. Right click the Certificates folder which is found under the personal folder

4. Select All Tasks > Advanced Options > Create Custom Request

 

image

 

5. In the Certificate Enrolment Wizard Click Next

image

 

6. In the Certificate Enrollment Page select Custom Request > Proceed without enrolment Policy and then select Next

 

image

 

7. In the Custom Request Page select (No template) Legacy Key from the drop down and then select Next

image

 

8.On the Certificate Information Page select the Details link, then select the Properties button

image

 

9. On the General tab complete the Friendly name field and optionally you can add a description for the certificate.

 

image

 

10. Select the Subject tab and fill in the relevant information as described below

 

Field

Value

Description

Common Name

*.contoso.com

The name of the certificate. This field is used to identify the certificate. Adding the * before the domain name indicates a wildcard certificate for that domain.

Organizational Unit

IT

The name of the OU. In most cases this is the IT department

Organization

Contoso Corp

The name of the Organization where the certificate is for.

Location

Seattle

The location of the registered location of the organization.

State

WA

The County/State of your organization

Country

US

The country of your organization

 

image

 

image

 

11. Select the Extensions tab

12. In Key usage select Digital and Key encipherment

 

image

 

13. On the Private Key tab set the key size to 4096 and select the option Make private key exportable.

 

image

 

14. Under Key type select Exchange

15. Select OK

 

image

 

15. On the certificate Information page select Next

image

 

16. Save the request file

image

SNAGHTML2cebb4ae

 

That’s the certificate request file done, which was nice and easy even though there was a number of steps, we next need to use this request to generate the rest of the certificate on the CA.

 

17. Browse to your internal CA web enrollment pages

18. Select Request a certificate

image

19. Select advanced certificate request

 

image

 

20. Select the Submit a certificate request link

 

image

 

21.Open the previously created request file in notepad and copy all the data in it to clipboard.

22. Past the clipboard into the Saved Request box

23. Select the web server template

24. Click submit

25. You might get a popup box asking for confirmation, select yes

image

image

 

When the CA done it’s job it will offer you the ability to download the certificate

26. Select Base 64 and select Download certificate

 

image

 

Now back in the local machines Certificate snap-in

27. Right click the Certificates folder in the personal folder store and select import and import the file you downloaded from the CA

 

image

SNAGHTML2cf4fb12

image

image

 

Now check in the certificate store you should be a valid certificate with a private key

 

SNAGHTML2cf6087b

Advertisements

Can’t Join to a Windows 2008 R2 Cluster “The Computer is Joined to a Cluster”

Well here was an interesting one, I build two brand new cluster nodes and attempted to create cluster but when I selected the two nodes the UI proved an error with “The Computer “NAME” is Joined to the cluster”

This was weird as I had one just build them, anyway it turns out the the Cluster service was set to automatic whereas it should have been disabled, go figure something must have changed when I was not looking……

 

Change the service to disabled and you are all set

SNAGHTMLb290ec

 

image

Windows 2008 R2 SP1 WDS Server will not start in a timely fashion

July 1, 2011 1 comment

So today was interesting and it is true you learn something every day… I deployed a domain controller yesterday with DNS and WDS (Windows Deployment Service) to support my Microsoft Virtual Machine Manager 2012 deployment in the lab. However I hot an issue where the WDS server would not start, it popped up an error saying “The service did not respond to the start request in a timely fashion.” NICE!!

 

image

The event log was not much help, just giving me a Event ID 257 containing Error Information:0xFFFFFBB3

image

After a little head scratching, I ran the below command to disable the WDS server from listening on port 67 which is the port DHCP would use and as it is on the same computer it would cause some conflict.

wdsutil /set-server /UseDHCPPorts:No /DHCPOption60:yes

Still not luck and finally I found this blog that shows someone else hitting the same issue.

The server this is installed on is also fitting with two six core processors with hyper threading, providing 24 cores to the host OS. There appears to be a bug where the maximum number of processors is 20 before the service will not start.

To resolve:

Change the number of used processors used :

From a command prompt run the below command and reboot

bcdedit /set {current} numproc 2

image

Just like magic it is all up and running Smile

image

 

To revert the changes back:

bcdedit /deletevalue {current} numproc

 

Now I can continue……….