One of the great sessions I sat in on at Tech Ed this week was stretching a Windows 2008 R2 Hyper-V Failover Cluster across sites. With this ability, you could actually implement a Hyper-V cluster where you could migrate or even Live Migrate VMs across sites. With this area’s propensity for Hurricanes, this will be a very popular topic for me over the next few months. While this technology is possible today, it’s also very complicated and can be very expensive to implement. First your WAN connection...
Recently while making some changes for a client, I accidently dug myself into a pretty deep hole. I was trying to explicitly deny a certain user from reading a few group policies including the Default Domain Policy. When I went in to make the change I accidently denied Authenticated Users rather than the AD user object. This of course made the GPO inaccessible to all users including any with domain admin rights. The policy could no longer be modified in the GPMC and worse, changes could not be made...
In the last few months, we moved our Active Directory to Windows 2008 R2. We also recently deployed ISA 2006 to front end for all of our internet facing web services including SharePoint, Team Foundation Web Services, and a few others. To allow employees the ability to change passwords externally or after an expiration using ISA, we implemented LDAPS pre-authentication. We have ISA deployed in the single NIC configuration where it lives in the perimeter network (DMZ) since we are already using a...
Today I’m adding some redundancy to the storage paths in our Hyper-V environment. We have 2 Windows 2008 R2 Server Core host servers running the Hyper-V role attached to an Equal Logic iSCSI SAN. Each host has 3 network cards attached the iSCSI VLAN but only 2 are used for host connections. The third NIC is being used as a Microsoft Virtual Switch Adapter on the iSCSI VLAN for the VM guest operating systems to make direct connections to the SAN and use host invisible storage. NOTE: Host invisible...
The best practice for publishing an Internet facing SharePoint site is to use ISA as a reverse proxy solution to provide an additional layer of security between the SharePoint portal and the end user. This eliminates any traffic originating from the Internet from ever reaching the internal protected network. Instead the traffic terminates in the DMZ at the ISA server and it in turn performs Active Directory or Forms Based authentication through LDAP, LDAPS, or Radius. It then proxies the content...
Recently, I had an enterprise customer who was experiencing intermittent and random slow logins across the network by users with Windows XP workstations on a Windows 2003 network. The customer had been fighting this issue for over 2 years and had allocated plenty of different resources towards it throughout that time frame. Upon first diagnosing the issue, corrupt profiles, corrupt group policy objects, or even network infrastructure all came to mind. The first course of action was to actually find...