Thursday 27 October 2016

Citrix Studio - Change Hypervisor Connection

In Citrix Studio, it is possible to create a new hypervisor connection, and move the VMs to that new connection. The reason new connection be created and we move VMs to that connection can be varies – from commissioning new vCentre server to changing to a new hypervisor platform (from Microsoft Hyper-V to VMware vSphere).

This post will explain on how to change the connection from current to a new one. The connection needs to be already established prior to implementation of this steps.


  1.  RDP to Citrix Studio server, and launch PowerShell. Add Citrix snap-in by following below command.


    Command : asnp citrix*







  2. Identify current and to be used Broker Connection IDs by using below command. In this example, I want to change from Hypervisor Connection UID 1 to Hypervisor Connection UID  3Command : get-BrokerHypervisorConnection
Share:
           , ,       No comments    

Monday 24 October 2016

PowerShell - To Perform DNS Resolution Check-Up

So this is my second PowerShell script created by me. The first one was so simple and I use it in my XenDesktop environment. This script on the other hand, is aprt of my initiative in performing Active Directory clean-up in my environment. 

The task of the script is simple - check the IP address of a machine name, then check the hostname of that IP address. 

- If the machine name (A host record) and the hostname (PTR record) is similar, we are good. 
- If the machine name (A host record) and the hostname (PTR record) is different, error prompted
- If the machine name (A host record) is available but the hostname (no PTR record) is not, error prompted
- If the machine is not avaiable (no A host record), error prompted.

I use $PSScriptRoot so the location of the script is dynamic, it does not necessarily need to be put at a specific location.

This is only part 1. I wish to add more features so it could be better next time.



############################################################
#
#       This script is created by Heiry Zulkifli, in order to check DNS resolutions for hostnames.
# www.datakraf.co.nz
#
#######################################################################

Function FunctChkIPAdd ($Machine)
{
Try
{
$arr = [System.Net.Dns]::GetHostAddresses($Machine)  | findstr "IPAddressToString"
$SplitArr = $arr -split ': '
$IPAdd = $SplitArr[1]
$ErrorCode = 0
RETURN $ErrorCode, $IPAdd
} Catch {
$ErrorCode = 1
RETURN $ErrorCode, $IPAdd
}
}
Function FunctChkHostname ($IPAdd)
{
Try
{
$arr = [System.Net.Dns]::GetHostbyAddress($IPAdd) | findstr "{}"
$SplitArr = $arr -split ' '
$FQDN = $SplitArr[0]
$SplitArr2 = $FQDN.Split('.')
$Hostname = $SplitArr2[0]
$ErrorCode = 0
RETURN $ErrorCode, $Hostname
} Catch {
$ErrorCode = 2
RETURN $ErrorCode, $Hostname
}
}
$strFileName = "$PSScriptRoot\result.txt"
if (Test-path $strFileName) {remove-item $strFileName}
"MACHINENAME IP ADDRESS HOSTNAME STATUS" >$strFileName
write-host ("Script starts...")
write-host ("Performing Flush DNS...")
ipconfig /flushdns
write-host ("Flush DNS completed")
write-host (".")
write-host (".")
write-host (".")

forEach ($Machine in get-Content $PSScriptRoot\machines.txt)
{
  write-host ("Checking $Machine")
$ResultIPAdd = FunctChkIPAdd ($Machine)
If ($ResultIPAdd[0] -eq 0)
{
$ResultHostName = FunctChkHostname ($ResultIPAdd[1])
$Result = $ResultHostName[0]
IF ($Result -eq 0)
{ $IPAdd = $ResultIPAdd[1]
$HostName = $ResultHostName[1]
IF ($Machine -eq $HostName)
{
$info = "$Machine $IPAdd $HostName | OK"
} ELSE {
$info = "$Machine $IPAdd $HostName---------------| ERROR - Maching Different With Hostname"
}
} ELSE {
$info = "$Machine $IPAdd -------------------------------------------| ERROR-HostName Not Found"
}
} ELSE {
$info = "$Machine ----------------------------------------------| ERROR-machine Name Not Found"
}
$info >> $strFileName
$hostname=""
write-host (".................................Completed")
}
write-host (".")
write-host (".")
write-host (".")
write-host ("Script completed. Please check result.txt")



When launches...




Example of result.txt

Share:
           ,       No comments    

Thursday 20 October 2016

Certificate Authority – Requesting, Downloading, Installing, and Binding Certificates

Certificate Authority is a server role introduced by Microsoft, to issue digital certificates to target recipients. These digital certificates enable the environment to communicate securely between each other.


This post illustrates on how to :-
  1. Request certificate from an internal root CA
  2. Download the certificate from internal root CA
  3. Install the certificate to server
  4. Bind the certificate to HTTPS protocol

However, this post won't explain on how to install internal CA server. you may refer here for that. So let's get started.



Request Certificate From an Internal Root CA

  1.  Launch IIS Manager








  2. Click at the server name. Inside the working space area, locate Server Certificate feature, and double click at it / right click | open feature




  3. Click at Create Certificate Request...




  4. Put in all needed info, and click Next




  5. Select crypto service provider and bit length, click Next




  6. Specify the location of the certificate request file. In can be in TXT file. Click Finish.




  7.  CR file can be found at the location stated earlier.





Download the Certificate From Internal Root CA
  1.  Access to CA web enrollment address




  2.  Click at Request a certificate




  3.  Click at advanced certificate request.




  4.  Click at Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.




  5.  Open previously created CR file, copy the content...




  6.  Paste it inside the Saved Request. Change the Certificate Template to SSL template, and click Submit




  7.  Click Yes.




  8.  Click at Download certificate




  9.  Certificate downloaded.






Install the Certificate To Server
  1.  Launch IIS Manager, click at the server name, and open Server Certificates feature




  2.  At Action column, click at Complete Certificate Request




  3. Locate the cert (*.cer) previously downloaded, provide friendly name (usually I put the server name), and ensure the store is set to Personal. Click OK.




  4.  Installing...




  5.  Certificate Installed.





Bind the certificate to HTTPS protocol

  1.  Launch IIS Manager, navigate to <serverName> | Sites | Default Web Site (or any different name if applicable).





  2.  At Action column, click at Bindings...





  3. Click at https, and click at Edit...





  4.  Change the SSL certificate to previously installed certificate, then click OK.





  5.  Click Close.





  6.  The server is now good to use HTTPS protocol.

Share:
           ,       No comments    

Monday 17 October 2016

Installing an Internal CA on Server 2012

Certificate Authority is a server role introduced by Microsoft, to issue digital certificates to target recipients. These digital certificates enable the environment to communicate securely between each other. 

Installing an internal CA server is not too hard and pretty much straight forward I believe. 




Description :
Installing an Internal CA on Server 2012.





How To Do :


  1.  Launch Server Manager, Go to Manage | Add Roles and Features






  2.  Click Next >





  3.  Ensure Role-based or feature-based installation is chosen, and click Next >




      
  4.  Ensure the target server is selected from the server pool, and click Next >





  5.  Check / tick Active Directory Certificate Services role





  6.  The Add Roles and Features Wizard appeared. Click at Add Features button.





  7.  Click Next > 





  8.  Select additional features if needed, then click Next >





  9.  Click Next >





  10.  Check / tick Certificate Authority role service





  11.  To enable web enrollment, Certificate Authority Web Enrollment role service needs to be enabled as well. Check / tick at it, then click Next > 





  12. Once all confirmed, click Install





  13. Installing...





  14.  At Server Manager, hover to Notification, and click at at Post-Deployment Configuration to configure Certificate Services role.





  15.  Click Change... if you want to change the credential used, then click Next >





  16. Select which role services need to be configured, in this case the first two.





  17.  Specify type of CA to be configured, either Enterprise CA or Standalone CA. Click Next > once done.You may refer to below links for better understanding :








  18.  Specify whether the server should be a Root CA or Subordinate CA. In this case, Root CA is chosen as this is the  first CA in the environment. Click Next > 





  19.  Specify whether to create a new private key or to use existing private key. You may refer to below link for better understanding on Private Key. Click Next > once done.






  20.  Choose Cryptographic provider, key length, and hash algorithm. Refer to below link for more info on cryptography. Click Next > 






  21.  Specify the name of the CA, then click Next >





  22.  Specify the validity period of the Certificate, then click Next > 





  23.  Specify the database locations, then click Next >





  24.  Review the information populated, then click Configure.





  25.  Configuring...





  26. Done, click Close.





  27.  CA Configured.

Share:
           ,       No comments