Network Administration & Consulting Services

Secure Socket Tunneling Protocol (SSTP) is a new form of (SSL-based) VPN tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. 

SSTP provides a mechanism to encapsulate PPP traffic over the SSL channel of the HTTPS protocol.  The use of PPP allows support for strong authentication methods such as EAP-TLS.  The use of HTTPS means traffic will flow through TCP port 443.  Secure Sockets Layer (SSL) provides transport-level security with enhanced key negotiation, encryption, and integrity checking. 

SSTP supports multiple authentication methods such as passwords, smart cards, certificate-based and "One Time Password" authentication.

SSTP has integrated NAP support for client health check, by using the NPS (Network Policy Server - ex-IAS) for authentication and authorization.  

Client/Server Requirements

SSTP is available through the Windows Server 2008 Routing and Remote Access VPN Server.  IIS is not required for running SSTP, since RRAS listens to HTTPS connections directly over HTTP.SYS.

Only clients running Windows Vista SP1 are able to create SSTP-based VPN tunnels.

Additional reading:

• Step by Step Guide: Deploying SSTP Remote Access 
• Screencast: Deploying SSTP Remote Access
• Technet June 2007 Cable Guy SSTP article

Source:http://trycatch.be/blogs/roggenk

Microsoft Exchange Server 2007 Service Pack 1 introduces many new features for each server role. Lets

• New deployment options: You can now install Exchange 2007 SP1 on a server that is running Windows Server 2008
  
• Client Access Server Role Improvements: We’ve added an UI to manage POP3 / IMAP4, OWA improvements, Active sync improvements with the addition of for example remote wipe information and much more
  
• Transport: Enhancements to message processing and routing functionality on the Hub Transport role.
  
• Mailbox Server Role Improvements: Public folder management in the Exchange Management console, mailbox management improvements, etc...
  
• High Availability: In SP1 we will introduce the Standby Continuous Replication in addition to LCR and CCR, further more we support the WS2008 Failover clustering and we improved the Exchange management console.
  
• Unified Messaging Server Role: Unified Messaging has been improved and has added new features in Exchange 2007 SP1. To use some of these features, you must correctly deploy Microsoft Office Communications Server 2007 in your environment.
  

As you can see we have made a lot of improvements onto Exchange Server 2007 with this Service Pack and especially for the Unified Communication Role.

Exchange Server 2007 Unified Messaging combines voice messaging, fax, and e-mail into one Inbox, which can be accessed from the telephone and the computer. Unified Messaging integrates Exchange Server 2007 with the telephony network in your organization and brings the features found in Unified Messaging to the core of the Exchange Server product line.

• For more information about Unified Messaging, see Unified Messaging.
• For more information about how to plan for Unified Messaging, see Planning for Unified Messaging Servers.
• For more information about how to deploy Unified Messaging, see Deploying Server Roles.
• For more information about how to manage Unified Messaging, see Managing Unified Messaging 

DNS provides the name resolution services required by Active Directory.  The DNS server in Windows Server 2008 complies with the set of Requests for Comments (RFCs) that define and standardize the DNS protocol.
Because the DNS Server service is RFC compliant and it can use standard DNS data file and resource record formats, it can work successfully with most other DNS server implementations, such as DNS implementations that use the Berkeley Internet Name Domain (BIND) software.

The DNS Server service in Windows Server 2008 includes some new and enhanced features described below.

1. Background zone loading

A DNS server running Windows Server 2008 now loads zone data stored in AD DS in the background while it (re)starts, so that it can respond immediately to requests for data from other zones.  Because the task of loading zones is performed by separate threads, the DNS server is able to respond to queries while zone loading is in progress.  Let's have a look at the startup sequence:

• The DNS server starts, it first enumerates all zones to be loaded.
• It loads root hints from files or AD DS storage. 
• All file-based zones (stored in files rather than in AD DS-integrated) are loaded.
• The DNS server begins responding to queries and remote procedure calls (RPCs).
• All AD DS-based zones are loaded afterwards, by one or more threads spawned.

Because the task of loading zones is performed by separate threads, the DNS server is able to respond to queries while zone loading is in progress.

2. GlobalNames Zone

This new feature provides single-label name resolution for large enterprise networks that do not deploy Windows Internet Name Service (WINS) and where using DNS name suffixes to provide single-label name resolution is not practical.

When the GlobalNames zone is deployed, single-label name resolution by clients works as follows:

1. The client's primary DNS suffix is appended to the single-label name and the query is submitted to the DNS server.
2. If that FQDN does not resolve, the client requests resolution using its DNS suffix search lists .
3. If none of those names resolve, the client requests resolution using the single-label name.
4. If the single-label name appears in the GlobalNames zone, the DNS server hosting the zone resolves the name. Otherwise, the query fails over to WINS.

The GlobalNames zone provides single-label name resolution only when all authoritative DNS servers are running Windows Server 2008.  No changes to client software are required to enable single-label name with this feature.

How to setup GlobalNamesZones (GNZ) in 3 steps:

1. To get GNZ functionality for a given domain or forest, all authoritative DNS servers must be running Windows Server 2008.
   
2. Create an Active Directory integrated zone called GlobalNamesZone. 
   
   Don't forget to choose the appropriate storage method and replication scope for this zone.
   Recommendation: Create the new "GlobalNames" zone as AD DS‑integrated zone, stored in the forest-wide DNS application partition (replicating to all domain controllers that are DNS servers in the forest).
   
   dnscmd ServerName /ZoneAdd GlobalNames /DsPrimary /DP /forest
   
3. Enable the GlobalNames Zone functionality on the DNS Server.
   
   Ensure that the GlobalNamesSupport registry setting has been enabled on all DNS servers, using dnscmd as follows:
   
   dnscmd ServerName /config /EnableGlobalnamesSupport 1

For more information: DNS Server GlobalNames Zone Deployment white paper

Continue on source: http://trycatch.be/blogs/roggenk 

The Infrastructure Planning and Design series is the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies; each guide addresses a unique infrastructure technology or scenario. All guides share a common structure including:

• Definition of the technical decision flow through the planning process.
• Listing of decisions to be made and the commonly available options and considerations.
• Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.
• Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.
• These guides complement product documentation by exposing and focusing on infrastructure design options.

Guides Available in This Release

SoftGrid Application Virtualization Guide

Microsoft SoftGrid® Application Virtualization is the only virtualization solution on the market to deliver applications that are never installed, yet securely follow users anywhere, on demand. It dramatically improves IT efficiencies, enables much greater business agility, and provides a superior end-user desktop experience. The Infrastructure Planning and Design Series: SoftGrid Application Virtualization assists designers in the infrastructure planning process for SoftGrid by providing a clear and concise workflow of the decisions and tasks required for each method. This guide enables you to plan the infrastructure required for meeting your application virtualization service goals.

Windows Server Virtualization Guide

A virtualized computing environment can improve the efficiency of your computing resources by utilizing more of your hardware resources. Windows Server virtualization enables you to create a virtualized server computing environment using a technology that is part of Windows Server 2008. The Infrastructure Planning and Design Series: Windows Server Virtualization guide discusses Microsoft virtualization options using Windows Server virtualization in Windows Server 2008 and Microsoft Virtual Server 2005 R2 SP1. The guide explains design considerations at critical decision points and helps with plans for an optimized server virtualization architecture to meet organizational goals for performance and consolidation.

Where to Find the Beta Program

The Infrastructure Planning and Design Series beta releases for SoftGrid Application Virtualization and Windows Server Virtualization are available as open beta downloads.

To join the Infrastructure Planning and Design beta, follow these steps:

1) Visit the Microsoft Connect Web site (http://connect.microsoft.com).

2) Click Invitations on the Connect menu.

3) Sign in using a valid Windows Live ID to continue to the Invitations page.

4) Enter your Invitation ID in the box. Your invitation ID is: IPDM-QX6H-7TTV

5) Click Go.

If you have not previously registered with Microsoft Connect, you might be required to register before continuing with the invitation process.

If the link in step 1 does not work for you, copy the full link and paste it into the Web browser address bar.

There has been quite some noise around the talk that Eric Traut (Distinguished Engineer) give at the University of Illinois. During his talk Eric showed something is called MinWin which is a stripped kernel of Windows 7 that will be the basis of our future products. Not just the Windows OS but it's also the OS used for media centers, for servers, for small embedded devices . However MinWin is internal-only and won’t be productized as such.

MinWin is 25 MB on disk; Vista is 4 GB, Traut said.  The MinWin kernel does not include a graphics subsystem in its current build, but does incorporate a very simple HTTP server. The MinWin core is 100 files total, while all of Windows is 5,000 files in size.  This is something big, the kernel is so small that there is no graphical subsystem, in the screenshot below you see that when booting the Logo is build from ASCII characters. Pretty cool.

If you only want to see the MinWin demo, istartedsomething.com has an 8-minute excerpt

Further Eric also explains that in the Windows Server Virtualization technology we expose Hypercall's which can be compared to kernel calls and earlier this week we announced that those Hypercall API's will be available viaOpen Specification Promise. Read more about that at the Windows Virtualization Team Blog

I encourage you to watch the full video of Eric Traut’s talk ,because he explains our Virtualization technology more in depth.

Gmail is getting support for IMAP clients like Outlook,Thunderbird, and the iPhone. This means that Gmail users will no longer limited to the Gmail.com user interface or to the weak integration they can get from clients using the much more rudimentary POP email protocol.

There's no word on the official rollout schedule for IMAP support. Some users have it, some don't. I do. Don't ask me why. To see if you have support, click on the "Settings" link and then see if you have a "Forwarding and POP/IMAP" tab.

SyncToy 2.0 Beta for Windows is available as a free download from theMicrosoft Download Center. The easy to use, customizable application helps you copy, move, rename, and delete files between folders and computers.

There are files from all kinds of sources that we want to store and manage. Files are created by our digital cameras, e-mail, cell phones, portable media players, camcorders, PDAs, and laptops. Increasingly, computer users are using different folders, drives, and even different computers (such as a laptop and a desktop) to store, manage, retrieve and view files. Yet managing hundreds or thousands of files is still largely a manual operation. In some cases it is necessary to regularly get copies of files from another location to add to primary location; in other cases there is a need to keep two storage locations exactly in sync. Some users manage files manually, dragging and dropping from one place to another and keeping track of whether the locations are synchronized in their heads. Other users may use two or more applications to provide this functionality.

Geert Baeke writes: "Creating a failover cluster with iSCSI disks is quite simple but there is one thing you need to be sure of: support for persistent reservations by your iSCSI target. I tried to create a failover cluster with iSCSI disks served off an OpenFiler target but that did not work.

But how do you know it will not work? Well, the good thing is thatWindows Server 2008 has a Cluster Validation tool that will tell you if your configuration is supported. Click the images below to see parts of the validation tool." (more)

The DHCP Server Callout DLL helps to filter out DHCP requests based on MAC address. When a device or computer tries to connect to network, it first tries to obtain an IP address from the DHCP Server. The Callout DLL (read: hook-in DLL) also works and should continue to work on Windows Server 2008.

The DHCP Server Callout DLL checks if this device MAC address is present in known list (text file) of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP address or the device requests will be ignored based on the action configured by administrator.

MAC address based filtering will allow network administrators to ensure that only a know set of devices in the system are able get ip address from DHCP Server. This DLL will help administrators to enforce additional security into network. After installation, both the DLL (MacFilterCallout.dll) and the installation/configuration instructions (SetupDHCPMacFilter.rtf) are available under %windir%\system32.

Download here
Additional reading: DHCP Team blog

On monday November 12th, Barcelona will be filled with more than 5000 people, attending Microsoft's flagship event for IT Professionals in Europe: TechEd ITForum. The 2007 edition was sold out way in advanced and based on the session content, promises to be a very exciting week. From monday through friday, IT professionals can get technical in-depth content ranging from Windows Server 2008 to System Center.

Want to get in the mood? Check out the pre-conference videos here: http://www.mseventseurope.com/teched/07/itforum/news/Pages/PreInterviews.aspx or check out Daniel and Tony (also from The Netherlands) in their preview movie, as they will be the hosts for this year's Virtual Teched: http://www.mseventseurope.com/Downloads/Teched/07/LiveITF/ITF_Hosts.asx.

Barcelona will be the official launch event for the three new System Center products; Virtual Machine Manager 2007, Data Protection Manager 2007 and Configuration Manager 2007.

Install this update to resolve an issue where Omniquad Firewall and TT Firewall Version 2.0.3 fail to install on systems running Windows Vista.
Update for Windows Vista (KB942089) 
Update for Windows Vista for x64-based Systems (KB942089)

Install this update to resolve an issue where an indexing service query, using a LIKE predicate, returns an incorrect result on a system running Windows Vista.
Update for Windows Vista (KB940069)
Update for Windows Vista for x64-based Systems (KB940069) 

Install this update to resolve an issue where a duplicate or incorrect date is displayed on the Windows Vista Sidebar Calendar gadget.
Update for Windows Vista (KB943544)
Update for Windows Vista for x64-based Systems (KB943544)

Install this update to resolve an issue where connecting to a non-UNC (Uniform Naming Convention) printer fails on a system running Windows Vista.
Update for Windows Vista (KB941542)
Update for Windows Vista for x64-based Systems (KB941542)

Install this update to resolve an issue where the computer continually restarts with Microsoft Windows Pre-installation Environment (Windows PE) 2.0 on an AMD Barcelona processor, and the Operating System Capabilities ( _OSC ) method enabled in the BIOS.
Update for Windows Vista (KB942813)
Update for Windows Vista for x64-based Systems (KB942813)

This is a reliability update. Install this microcode update to improve the reliability of systems with Intel processors.
Update for Windows XP (KB936357)

Install this update to resolve an issue where files fail to download when using Internet Explorer 7 on a system running Windows XP Service Pack 2.
Update for Windows XP (KB932823)

Microsoft today announced that it will extend the Open Specification Promise to the hypercall application programmer’s interface (API) within Windows Server virtualization (codename Viridian), and will be available when Windows Server virtualization is released to manufacturing (RTM). In the interim, today Microsoft posted an updated draft of the hypercall API to Microsoft’s website www.microsoft.com/windowsserver2008/virtualization so that partners can continue to have early access to this important development interface. Microsoft first distributed hypercall API draft documentation to attendees of Windows Hardware Engineering Conference 2006.

The hypercall API enables partners to develop solutions with Windows Server virtualization allowing customers to achieve dynamic IT environments.   These APIs are available for use by any organization seeking to integrate or extend their software with Windows Server 2008 and Windows Server virtualization.

“The majority of our customers have mixed-source environments, and they want their platform vendors to make things work together,” said Roger Levy, senior vice president and general manager, Open Platform Solutions at Novell.  “That’s why we entered into a technical collaboration agreement with Microsoft.  As a result, Novell is the first vendor to develop and ship technology that will allow a paravirtualized Windows Server 2008 to be hosted as a guest on the Xen hypervisor.  Microsoft’s decision to put the hypercall API under their Open Specifications Promise will make it even easier for Novell, our customers and partners, and the entire open source community to develop high-quality virtualization solutions that deliver true interoperability between Windows and Linux.”

“Citrix is committed to the delivery of value-added virtualization solutions for  the Windows platform, so interoperability with Microsoft’s virtualization solutions is key to our success.  This is made possible by Microsoft’s  open and progressive approach to licensing key technologies such as its VHD image format and the Windows Server Virtualization hypercall API,” said Simon Crosby, CTO, Virtualization & Management Division, Citrix. “This will allow us to ensure that virtual machines created on XenServer will be compatible with Microsoft WSV when it is delivered as a component of Windows Server 2008.”

Microsoft is taking a step further in its commitment to interoperability by extending the Open Specification Promise to the hypercall API within Windows Server virtualization. With the OSP, any individual or organization is free to implement, commercialize and modify Microsoft’s virtualization format technology for free, now and forever. In October 2006, Microsoft expanded its commitment to interoperability by applying the OSP to Microsoft’s Virtual Hard Disk (VHD) image format.

As a reminder, Windows Server virtualization is scheduled to RTM within 180 days of the RTM of Windows Server 2008, which is currently scheduled for Q1 2008.

Windows XP and Windows Server 2003 contain the WMI (Windows Management Instrumentation) Wmic.exe command-line utility. By using Wmic.exe we can get a lot of information about computer (server).

To display the local computer name and serial number of Main Board I’ve created a very simple script, SerNum.bat. SerNum.bat contains: