Whenever I try to login in my Server I get following error
The remote computer that you are trying to connect to requires Network Level Authentication (NLA), but your Windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the Remote tab of the System Properties dialog box.
I cant connect to my server remotely using powershell and Remote registry(regedit) inspite of enabling TCP port 5986. Can any one suggest a solution.
There is an easy method to disable NLA via the Azure portal. You can navigate the Operation---Run command---select the DisableNLA script, then click Run button after finishing the run command script, restart your Azure VM for the change to take effect.
Alternatively, you also could invoke run command with PowerShell or Azure CLI.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/run-command
For example
Run these PowerShell scripts to disable or enable the NLA of the remote computer on the local machine with Invoke-AzVMRunCommand -ResourceGroupName '<myResourceGroup>' -Name '<myVMName>' -CommandId 'RunPowerShellScript' -ScriptPath '<pathToScript>' -Parameter #{"arg1" = "var1";"arg2" = "var2"}
$ComputerName = "remote computer"
# Getting the NLA information
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").UserAuthenticationRequired
# Setting the NLA information to Disabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
# Setting the NLA information to Enabled
(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -ComputerName $ComputerName -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)
# -Parameter #{"arg1" = "var1";"arg2" = "var2"}
Result
I'm trying to deploy multiple websites to a single host running IIS from TFS 2015. I'm trying to have all sites use the "Server Name Indication Required" option so that they all can run under the same IP address. (This setup works fine in IIS if I manually set everything up -- my question / problem comes from deploying from TFS 2015).
The FIRST site in the deploy chain works fine, but the any subsequent one seems to fail with the following error:
System.Exception: SSL Certificate add failed, Error: 183 Cannot create a file when that file already exists.
Each of the sites I'm deploying has a different SSL certificate and I've imported them all properly to the Local Machine\Personal store.
A screenshot of the release definition with the "IIS Web App Management" task highlighted is shown below.
Any suggestions on how to resolve this error within the release definition so that I can deploy cleanly without manual intervention?
I guess one thing I could try is to do ALL of the IIS management steps from PowerShell but was hoping to use the tools a little more fully rather than rolling new scripts to do what it seems that they SHOULD be able to do natively.
Any insight is appreciated.
The error message will appear if you try to bind the certificate to a port which is already binded to this or another certificate.
You can try to set different ports for the sites.
You can also try adding a step (Command line/Powershell step) to delete the existing binding before next deploy step if that does not affect the sites.
eg:
$> netsh http delete sslcert ipport:1.1.1.1:443
Reference below articles to delete the binding:
How to: Configure a Port with an SSL Certificate
Remove an SSL certificate from your server
How to remove SSL bindings using powershell
I got things working - but I had to basically eliminate the binding configuration from the WinRM - IIS App Management tasks. I kept everything the same but specified NO binding information at all in those tasks, then added a target machine power shell script that looked like this (thumbprints and site domains changed):
Import-Module WebAdministration
if ($null -eq (Get-WebBinding | Where-Object {$_.BindingInformation -eq "*:443:iddev.mydomain.com"}))
{
New-WebBinding -Name "Identity-B2B" -Port 443 -Protocol "https" -HostHeader "iddev.mydomain.com" -SslFlags 1
New-Item -Path "IIS:\SslBindings\!443!iddev.mydomain.com" -Thumbprint "88E811B7A9417DACAAAAAAAAAA1C36AA0BA238FF1E0F" -SSLFlags 1
}
if ($null -eq (Get-WebBinding | Where-Object {$_.BindingInformation -eq "*:443:iddev.myotherdomain.com"}))
{
New-WebBinding -Name "Identity-B2C" -Port 443 -Protocol "https" -HostHeader "iddev.myotherdomain.com" -SslFlags 1
New-Item -Path "IIS:\SslBindings\!443!iddev.myotherdomain.com" -Thumbprint "BE38195A2BBBBBBBBBBBBBBB1C2AB5762C9" -SSLFlags 1
}
I am starting to think that i'm really stupid.
Trying since 2 hours to create a vm from the section my discs with powershell. Everywhere in the internet i find information about creating a vm from existing vm images, but not from the my disks section. I mean this one:
How can i achieve this by the powershell?
I tried the following script, however i keep getting this error message and google seems useless, since there are tons of links relating how to create a vm image or how to upload it but not how to create a vm from an existing uploaded disk, nothing else.
My script i tried:
New-AzureVMConfig -Name "kentico1" -InstanceSize Medium -VMImageName "kenticovm-kenticovm-0-201408210905260518" -MediaLocation "https://rivirtualmachines.blob.core.windows.net/vhds/kenticovm-kenticovm-2014-08-21.vhd" | Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password "asldfj9283lj" | New-AzureVM -ServiceName "kentico" -ReservedIPName CMSIP -Location "West Europe"
And i keep getting this error
New-AzureVM : BadRequest: OSImage kenticovm-kenticovm-0-201408210905260518.vhd not found. If you are using
a VM image, it must be specified as VMImageName for the role, not as SourceImageName for OSVirtualHardDisk.
Can anybody help me?
Thank you in advance
best
laurin
Okey i figured it out:
New-AzureVMConfig -Name "kentico1" -InstanceSize Medium -DiskName "kenticovm-kenticovm-0-201408210905260518" | Add-AzureEndpoint -Name "HTTP" -Protocol "tcp" -PublicPort 80 -LocalPort 80 | New-AzureVM -ServiceName "kentico" -ReservedIPName CMSIP -Location "West Europe"
I have been asked to "help" a client migrate their on premise AD/Exchange 2010 implementation to the cloud (office 365).
i have no idea where to start and although I have watched quite a few videos on the topic via technet I feel I need some practical experience.
As such I was wondering if anyone knew of some step-by-step guides on how to setup a mock environment on windows azure (setting up a new AD server with multiple users) and then migrating that environment into office 365?
I would certainly recommend setting up a lab environment on Azure IaaS so that you can walk through the process.
Here's the basic process I use...
Set up a new Virtual Network via the Portal
Create an affinity group to ensure that resources are co-located
Create a storage account to host your VHD's
Create a PowerShell script to set up an AD VM
Install AD DS on the AD VM and configure your domain
Create PowerShell scripts for other domain-joined VM's
If you want federated authentication, create an AD FS VM
Create a VM to host DirSync
Configure directory synchronisation in Office 365
Install DirSync from the Office 365 portal on your DirSync VM
Create a VM to act as a test client or configure point-to-site VM and add an existing machine to your lab domain
Here's an example script to create an AD VM...
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile 'C:\Lab\credentials.publishsettings'
Set-AzureSubscription -SubscriptionName '{your Azure subscription}' -CurrentStorageAccount {your storage account name}
Select-AzureSubscription -SubscriptionName '{your Azure subscription}'
#Deploy the Domain Controller in a virtual network
#-------------------------------------------------
#Specify my DC's DNS IP (127.0.0.1)
$myDNS = New-AzureDNS -Name 'LabDNS' -IPAddress '127.0.0.1'
$vmname = 'LabDC'
# OS Image to Use
# Get the latest Windows Server 2008 R2 SP1 image
$family = "*Windows Server 2008 R2 SP1*"
$images = Get-AzureVMImage `
| where { $_.ImageFamily -like $family } `
| Sort-Object -Descending -Property PublishedDate
$image = $images[0].ImageName
Write-Host "Using image: " + $image
Read-Host "Continue or Ctrl-C to cancel"
$service = 'LabDomain'
$AG = 'LabAffinityGroup'
$vnet = 'LabNetwork'
$user = "LabAdmin"
$password = 'LabPassword123'
$subnet = 'Subnet-1'
#VM Configuration
$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |
Add-AzureProvisioningConfig -Windows -AdminUsername $user -Password $password |
Set-AzureSubnet -SubnetNames $subnet
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet
Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application?
I am familiar with the command to set the HTTPS Binding
appcmd set site /site.name:"A Site" /+bindings.[protocol='https',bindingInformation='*:443:www.mysite.com']
and how to obtain current mappings
%windir%\system32\inetsrv\Appcmd
but can not seem to find any way to map a site to a certificate (say the certificates hash for example)
The answer is to use NETSH.
For example
netsh http add sslcert ipport=0.0.0.0:443 certhash='baf9926b466e8565217b5e6287c97973dcd54874' appid='{ab3c58f7-8316-42e3-bc6e-771d4ce4b201}'
This helped me a lot: a simple guide, by Sukesh Ashok Kumar, to setting up SSL for IIS from the command line. Includes importing/generating the certificate with certutil / makecert.
http://www.awesomeideas.net/post/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx
EDIT: if the original URL is down, it's still available through the Wayback Machine.
With PowerShell and the WebAdministration module, you can do the following to assign an SSL certificate to an IIS site:
# ensure you have the IIS module imported
Import-Module WebAdministration
cd IIS:\SslBindings
Get-Item cert:\LocalMachine\My\7ABF581E134280162AFFFC81E62011787B3B19B5 | New-Item 0.0.0.0!443
Things to note... the value, "7ABF581E134280162AFFFC81E62011787B3B19B5" is the thumbprint for the certificate you want to import. So it needs to be imported into the certificate store first. The New-Item cmdlet takes in the IP address (0.0.0.0 for all IPs) and the port.
See http://learn.iis.net/page.aspx/491/powershell-snap-in-configuring-ssl-with-the-iis-powershell-snap-in/ for more details.
I've tested this in Windows Server 2008 R2 as well as Windows Server 2012 pre-release.
#David and #orip have it right.
However, I did want to mention that the ipport parameter specified in the example (0.0.0.0:443) is what the MSDN calls the "unspecified address (IPv4: 0.0.0.0 or IPv6: [::])".
I went looking it up, so I figured I'd document here to save someone else the time. This article focuses on SQL Server, but the information is still relevant:
http://msdn.microsoft.com/en-us/library/ms186362.aspx
Using the answers from this post, I created a single script that did the trick for me. It starts from the pfx file, but you could skip that step.
Here it is:
cd C:\Windows\System32\inetsrv
certutil -f -p "pa$$word" -importpfx "C:\temp\mycert.pfx"
REM The thumbprint is gained by installing the certificate, going to cert manager > personal, clicking on it, then getting the Thumbprint.
REM Be careful copying the thumbprint. It can add hidden characters, esp at the front.
REM appid can be any valid guid
netsh http add sslcert ipport=0.0.0.0:443 certhash=5de934dc39cme0234098234098dd111111111115 appid={75B2A5EC-5FD8-4B89-A29F-E5D038D5E289}
REM bind to all ip's with no domain. There are plenty of examples with domain binding on the web
appcmd set site "Default Web Site" /+bindings.[protocol='https',bindingInformation='*:443:']
If you're trying to perform IIS Administration without using the MMC snap-in GUI, you should use the powershell WebAdministration module.
The other answers on this blog don't work on later versions of Windows Server (2012)
Using PowerShell + netsh:
$certificateName = 'example.com'
$thumbprint = Get-ChildItem -path cert:\LocalMachine\My | where { $_.Subject.StartsWith("CN=$certificateName") } | Select-Object -Expand Thumbprint
$guid = [guid]::NewGuid().ToString("B")
netsh http add sslcert ipport="0.0.0.0:443" certhash=$thumbprint certstorename=MY appid="$guid"
If you need a named binding, replace netsh call with this:
netsh http add sslcert hostnameport="$certificateName:443" certhash=$thumbprint certstorename=MY appid="$guid"
With IISAdministration 1.1.0.0 (https://www.powershellgallery.com/packages/IISAdministration/1.1.0.0) you can use the following code to add a new HTTPS binding to a specific site:
$thumbPrint = (gci Cert:\localmachine\My | Where-Object { $_.Subject -Like "certSubject*" }).Thumbprint
New-IISSiteBinding -Name "Site Name" -BindingInformation "*:443:" -CertificateThumbPrint $thumbPrint -CertStoreLocation My -Protocol https
View existing bindings with
Get-IISSiteBinding -Name "Site Name"
Remove an existing binding with
Remove-IISSiteBinding -Name "Site Name" -BindingInformation "*:443:" -Protocol https -Confirm:$False