maandag 28 december 2009

Meer dan 2 downloads in internet explorer

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

To increase the number of files that you can download at one time to 10, follow these steps:
Start Registry Editor.
Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
On the Edit menu, point to New, click DWORD Value, and then add the following registry values:
Value name: MaxConnectionsPer1_0Server
Value data: 10
Base: Decimal

Value Name: MaxConnectionsPerServer
Value data: 10
Base: Decimal

Exit Registry Editor.
Back to the top
Internet Explorer 8.0
How to configure the connection limit by modifying a registry key
Start Registry Editor.
Locate the following key in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
On the Edit menu, point to New, click DWORD Value, and then add the following registry values:
Value name: iexplore.exe
Value data: 10
Base: Decimal

Note set this value to the connection limit that you want for HTTP 1.1 connections. By setting the value to 10, you increase the connection limit to 10.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
On the Edit menu, point to New, click DWORD Value, and then add the following registry values:
Value name: iexplore.exe
Value data: 10
Base: Decimal

Note set this value to the connection limit that you want for HTTP 1.1 connections. By setting the value to 10, you increase the connection limit to 10.
Exit Registry Editor.
How to configure the connection limit by using Group Policy
Click Start, click Run, type gpedit.msc, and then click OK.
Expand User Configuration, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Security Features, and then expand AJAX.
Set the Maximum number of connections per server (HTTP 1.0) and Maximum number of connections per server (HTTP 1.1) options to the settings that you want. You must update policies or restart the computer to apply these changes.

donderdag 1 oktober 2009

Hyper-V: Upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V

Hyper-V: Upgrade to Windows Server 2008 R2 from Windows Server 2008 with Hyper-V
In the following post I will describe three methods for upgrading from Windows Server R2 from Windows Server 2008 with Hyper-V. The methods described here are covered in MS Support KB 957256. After listing the methods I will describe why I prefer one of the methods.
Before you upgrade.
The upgrade process is not complex however you need to be careful. An important first step is to bring all of your virtual machines into a single state. You should review each virtual machine and establish a clean VM to be migrated. This VM must be in a shut down state. Your snapshots leading up to the current state must be merged since snapshots are not fully compatible.
Method 1
Perform an in-place upgrade of the parent partition from Windows Server 2008 to Windows Server 2008 R2. Note During the upgrade, the compatibility report will inform you that you must remove the Hyper-V role by using Server Manager before you continue with the upgrade. This is not necessary. However, before you continue with the upgrade, note the following:
All virtual machines must be shut down before the upgrade. The Saved States feature is incompatible between Windows Server 2008 and Windows Server 2008 R2. If the parent partition is upgraded with any virtual machines in a saved state, you must right-click the virtual machine, and then click Discard saved state to turn on the virtual machine.
Because the Snapshot functionality uses the Saved States feature, Snapshots are not fully compatible between Windows Server 2008 and Windows Server 2008 R2. Virtual machines will start successfully to the snapshot that was applied when the virtual machine was shut down before the upgrade. This is denoted in Hyper-V Manager by the green arrow under the snapshot that points to Now.To turn on the virtual machine with any other snapshot, follow these steps:Note The following steps assume that you have to continue using all snapshots configured for the virtual machine. If you no longer require snapshots, you can delete your snapshots by using Hyper-V Manager, and then shut down the virtual machine for the data to merge with the parent virtual hard disk.
Using Hyper- V Manager, right-click the snapshot that you want to apply, and then click Take Snapshot and Apply. This action will take a new snapshot from the currently applied snapshot. This new snapshot will now be compatible with Windows Server 2008 R2. If you select this option, any changes that you may have made to the state of the virtual machine since the last start will be saved.
After the new snapshot is taken, the virtual machine will go into a saved state. Right-click the virtual machine, and then click Delete saved state.
Turn on the virtual machine.
When the virtual machine has started, repeat these steps until there is a single snapshot remaining.
When you have reached the last snapshot, take a new snapshot to capture the current state of the virtual machine to have a Windows Server 2008 R2-compatible snapshot.
After the upgrade, update the Integration Services. To do this, open the Virtual Machine Connection window, and then click Insert Integration Services Setup Disk on the Action menu.Note On a Windows Server 2008 R2-based computer, the Integration Services for Windows Vista and Windows Server 2008 will be listed in Programs and Features as "KB955484".
Method 2
Migrate to another server: Export a virtual machine from a Windows Server 2008 server that has Hyper-V enabled, and then import it to a server that has Windows Server 2008 R2 with Hyper-V enabled. Note The virtual machine must be shut down before you export it. If you exported the virtual machine with a saved state, you cannot restore the virtual machine on Windows Server 2008 R2. To start the virtual machine after you import it to Windows Server 2008 R2, you must discard the saved state before you can turn on the virtual machine.If the virtual machine has snapshots, these snapshots must be merged before the export or you must use the steps from Method 1 to recover and re-create the snapshots.After you import the virtual machine, update the Integration Services. To do this, open the Virtual Machine Connection window, and then click Insert Integration Services Setup Disk on the Action menu.Note On a Windows Server 2008 R2-based computer, the Integration Services for Windows Vista and Windows Server 2008 will be listed in Programs and Features as "KB955484".
Method 3
Backup and Restore to new server: To use backup software that uses the Hyper-V VSS Writer, back up a virtual machine that is running on Windows Server 2008, and then restore it to Windows Server 2008 R2.After you restore the virtual machine, update the Integration Services. To do this, open the Virtual Machine Connection window, and then click Insert Integration Services Setup Disk on the Action menu.Note On a Windows Server 2008 R2-based computer, the Integration Services for Windows Vista and Windows Server 2008 will be listed in Programs and Features as "KB955484".
My Preference
Although Method 3 might take the longest it provides a number of safe guards.
It ensures you have a proper backup strategy.
It tests your backup strategy with little or no consequense.
You have a fall back position to the original server which is not altered during the process.
It simplifies the process of cleaning up the snapshots since the backup sees only one consistent state of the VM.
In any other of the three methods you should have a complete back up.
Jeff LoucksAvailable Technology

Gratis microsoft virusscanner

http://www.microsoft.com/security_essentials/default.aspx?mkt=en-us

donderdag 23 april 2009

setting up certificates exchange 2007

Client Access Server Certificates
By default, Exchange 2007 installs self-signed certificates that are acceptable for use on the Hub Transport and Edge Transport server roles in most situations. There are however one or two exceptions, such as using Edge Transport server features, namely domain security. However, the self-signed certificates are not suitable for Client Access Server features such as Outlook Anywhere and long-term use of Outlook Web Access. As a result, the self-signed certificates installed on Client Access Servers should be replaced. In my project scenario, the Client Access Server role and the Hub Transport server role coexisted on the same servers, so in effect, I also replaced the Hub Transport server certificate too.

Within the customer’s Active Directory environment there was an internal Windows-based Certificate Authority (CA) that was capable of issuing the required certificates. This was good to see, since there are many Microsoft products other than Exchange 2007 that require the use of certificates, such as Office Communications Server 2007 for example. Once the Windows CA had been set up, it was obviously free in monetary terms to create certificates using this method rather than purchasing them from a public CA. Of course, certificates issued by a public CA are required on the ISA Server since it was accepting public requests for services such as Outlook Web Access, Outlook Anywhere and so on.

To create new certificates for the Client Access Servers, the first thing that needs to be done is to generate a new certificate request using the New-ExchangeCertificate cmdlet. It is very important to understand the various names that this certificate will require. Since the certificate requires multiple names, the Subject Alternate Name attribute is used. On my certificates I ensured that the following names were present:

The FQDN of the server, such as hubcas1.neilhobson.com or hubcas2.neilhobson.com.
The NetBIOS name of the server, such as hubcas1 or hubcas2. This is not strictly required, but I always add it anyway as quite often I like to test and use Outlook Web Access simply by entering https://servername/owa. Adding the server’s NetBIOS name to the certificate makes sure that you do not get a certificate warning prompt when using the server’s NetBIOS name.
The accepted domain name for the organization (such as neilhobson.com) which in my example, only a single accepted domain name is in use. However, in cases where additional accepted domain names are present you need to cater for them. An easy way to do this in Exchange 2007 Service Pack 1 is to use the –IncludeAcceptedDomains parameter of the New-ExchangeCertificate cmdlet which ensures that all accepted domains that you have defined are included in the certificate request.
The autodiscover domain name, such as autodiscover.neilhobson.com. In fact, I used the new –IncludeAutodiscover parameter of the New-ExchangeCertificate cmdlet for this purpose. Like the –IncludeAcceptedDomains parameter, this ensures that the autodiscover name for any additional accepted domain names is included in the certificate request. You do not have to use this parameter. If you do get into the habit of using it you will not forget any additional domain names that might be required.
The name that users will use to access email remotely, such as email.neilhobson.com.
Had I been using a certain technology such as Windows Network Load Balancing (NLB), it would have been a requirement to include the NLB name in the certificate too if it was different to the remote access name, but this was not the case in my project. Just to elaborate on this a bit further, imagine that users externally typed email.neilhobson.com to access Outlook Web Access when working remotely. It makes sense, from a training perspective, to allow the users to type the same address into their browsers when working on the internal network. If using NLB, you could therefore make sure that the NLB name was set to email.neilhobson.com, to give users a consistent naming experience when accessing Outlook Web Access. However, if you had decided to implement a different name for Outlook Web Access via NLB internally, such as nlb.neilhobson.com, you would need to make sure that the name nlb.neilhobson.com was also included in the certificate names.

Creating The Certificates
To create the certificate request, I ran the New-ExchangeCertificate cmdlet with quite a few different parameters. The full cmdlet I used was similar to this:

New-ExchangeCertificate –GenerateRequest –Path c:\hubcas1.txt –SubjectName cn=hubcas1.neilhobson.com –DomainName email.neilhobson.com, hubcas1, hubcas1.neilhobson.com –IncludeAcceptedDomains –IncludeAutodiscover –PrivateKeyExportable $true

Let us now go through each parameter and discuss what it allowed me to do.

GenerateRequest: This allowed me to create a certificate request file rather than a self-signed certificate.
Path: Here I specified the file that was to contain the certificate request generated, namely c:\hubcas1.txt.
SubjectName: This parameter links the certificate with a server name and is in the style of an X.500 distinguished name. In my case, the certificate was issued to hubcas1.neilhobson.com.
DomainName: You will note that I ensured that the DomainName field contained the external access name, the NetBIOS name and the Fully Qualified Domain Name (FQDN). This means that all these names were present on the certificate.
IncludeAcceptedDomains: As I discussed earlier, I usually add this parameter to ensure that any additional domains defined as accepted domains within the Exchange 2007 configuration are added to the certificate.
IncludeAutodiscover: Like the accepted domains, I usually add this parameter to ensure that additional autodiscover domain names are added appropriately.
PrivateKeyExportable: This is useful tool to allow you to export the certificate, such as when you copy the certificate to an ISA Server.
Once I ran this command it completed and informed me of the certificate thumbprint and subject name. An example of this can be seen in Figure 26.


Figure 26: New-ExchangeCertificate Cmdlet

Running this cmdlet also created the file c:\hubcas1.txt on the Client Access Server. This is the familiar certificate request file, the contents of which will look similar to that shown in Figure 27.


Figure 27: Contents of a Certificate Request File

As I mentioned earlier, in my project, an internal Windows CA was present and was able to be used to create the certificates for the combined Hub Transport and Client Access Servers. To create the certificates I used the following process:

I first navigated to the web interface of the CA by bringing up a browser and going to http://server/certsrv. Here, ‘server’ should be replaced with the name of the server running the Windows CA. This brought up the welcome screen that you can see in Figure 28.

Figure 28: Windows CA Welcome Screen

From the welcome screen I chose the option to Request a certificate. This action brought up the Request a Certificate screen that you can see in Figure 29.

Figure 29: Windows CA Request a Certificate Screen

From the Request a Certificate screen, I chose the option to submit an advanced certificate request. This action brought up the Advanced Certificate Request screen that you can see in Figure 30.

Figure 30: Windows CA Advanced Certificate Request Screen

From the Advanced Certificate Request screen, I chose the option that starts with Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file. This action then brought up the Submit a Certificate Request or Renewal Request screen that you can see in Figure 31.

Figure 31: Windows CA Submit a Certificate Request Screen

In the Saved Request field, I pasted the contents of the certificate request file hubcas1.txt. I then made sure that the Certificate Template field was set to Web Server. The completed screen can be seen in Figure 32.

Figure 32: Windows CA Completed Submit a Certificate Request Screen

Once completed, I clicked the Submit button which resulted in the Certificate Issued screen that you can see in Figure 33. From here, I ensured that the DER encoded option was selected and then chose the Download certificate link that you can see on the same screen. I then saved the resulting certificate file, certnew.cer, locally onto the Client Access Server.

Figure 33: Windows CA Certificate Issued Screen

MS Exchange online test tool

Microsoft announced an online service for IT pros that enables them to test incoming e-mail traffic to Microsoft Exchange Server.

The tool, called Exchange Server Remote Connectivity Analyzer, was announced last week as a beta version. However, it's apparently been available as a test version since late last year.

The Microsoft Exchange team on Wednesday pointed to the availability of the beta version. The team's blog includes a video that demonstrates how the tool works, which can be accessed here.

The remote analyzer tool helps IT administrators assess server setup problems, particularly when e-mail clients located outside an organization's firewall are having problems trying to connect. While Exchange Server comes with its own test tools, those tools can only test traffic within an organization's firewall.

The Exchange Server Remote Connectivity Analyzer will test incoming e-mail traffic by simulating three client types, including Windows Mobile clients using Exchange ActiveSync, Outlook clients using Outlook Anywhere and clients that use SMTP.

You can run the tests for Windows Mobile and Outlook with autodiscovery turned either on or off.

The beta still has some usability limitations, and it requires certificates for some tests to work, according to the Exchange team blog. The team plans make those improvements in a future version, along with adding new tests for Exchange Web Services, IMAP, Outlook Web Access and POP.

The Exchange Server Remote Connectivity Analyzer tool, nicknamed "ExRCA," can be accessed for free online here.

dinsdag 10 februari 2009

Beschrijving voor do-it-yourself debug session

http://www.solsem.com/lab-setup.html

SETUP INSTRUCTIONS FOR WINDOWS OS INTERNALS LABS

Send questions to daves@solsem.com

BASIC SETUP:
  • Any 32-bit or 64-bit Windows client or server installation (XP or later, including Win7 betas)
  • One computer can be shared by 2 students, but 1 per student is better
  • The account that you will log into must be a member of the local administrators group and hav