Powershell : A simple use of DSC

I’m a great PowerShell fan, I think it’s the second best (or maybe first one) thing Microsoft bring to IT world – for me still the one and best is MS Exchange.
Some time ago MS introduced a thing called Desired State Configuration, as I’m correct it was with PS 3.0, for sure with PS 4.0.
You can read a lot of DSC just to google it or go to MS site. I won’t explain how DSC works and what is the pull server, how to enforce configuration compliance, etc …

For my compliance I’m using SCCM, however I found Powershell DSC really useful for my initial server configuration, so I’d like to share how easy and handy is to build some initial server configurations – “Make it smart, make it simpe” – from this starting point one can go wherever … sky is the limit ūüôā Continue reading

Case Study : Windows 2012 R2 – ping internally returns wrong IP on multihomed server

As system engineer I’m providing a 3rd level support in IT areas I work on. So one day a strange case came to me.¬† An issue was reported that on multi-homed Windows 2012 R2 server – this case was : 2 network interfaces on Windows 2012 R2 (I can imagine it can happen on 2+ network interfaces Windows 2008 or newer). So on mutlihomed Windows Server 2012 R2, when try to ping internally FQDN wrong IP is returned. Continue reading

MSA (Managed Service Account) and its younger brother gMSA

On Wojcieh.net blog¬†I found really nice tutorial how to create application user in Active Directory. So I’d like to write few words about¬†alternative way to create application users, by using¬†MSA or with Windows Server 2012 gMSA.

What is MSA ?

With Windows Server 2008 R2 Microsoft introduced “Managed Service Accounts” – to simplify account management for accounts, that used by¬†applications¬†on a different servers. In the old times,¬†administrators were creating standard domain users, add this users to local administrators group on the remote computers, assign the “Logon as a service” right and for most of the time set the password to never expire. Moreover if one¬†wanted to be more secure, the “Deny log on locally” right should also be modified. With MSA this was simplified and MSA offers automatic password management (passwords are updated automatically every 30 days) and simplified SPN management which can be delegated to other administrators. Continue reading

httperr.log – just another IIS log ?

Recently a friend reminded me few cases, we¬†were¬†analyzing, while I was working as messaging engineer. We had problems with¬†an application, which was using EWS (Exchange Web Service), trying to get free/busy information from exchange. Then IIS was becoming unresponsive and the only thing we could do was IIS reset. So we used “httperr.log” for the analysis and issue detection. Probably not many of you heard about it, but this log is really useful with issues related to web server.

Continue reading