Good article:
http://msdn2.microsoft.com/en-us/library/ms165700.aspx
SQL Server 2005 Merge Replication
http://softwarex-nz.blogspot.com/2006/04/sql-server-2005-merge-replication.html
Wednesday, September 27, 2006
Thursday, September 21, 2006
Kerberos
To disable Kerberos authentication on IE browser:
- In Internet Explorer, click Internet Options on the Tools menu.
- Click the Advanced tab, click to select the Enable Integrated Windows Authentication uncheck box in the Security section, and then click OK.
It will force IE use NTLM protocol instead Kerberos in case if web site use "Integrated Windows Authentication"
references: http://support.microsoft.com/kb/299838/EN-US/
Enabling Kerberos Event Logging on a Specific Computer:
http://support.microsoft.com/kb/262177/EN-US/
Introduction to Kerberos:
http://web.mit.edu/kerberos/www/dialogue.html
http://www.faqs.org/faqs/kerberos-faq/general/index.html
How to set SPN:
From description of "List Web part for Microsoft Dynamics CRM"
If using a Network Service or a Local account for the SharePoint Products and Technologies application pool identity, there should only be SPNs for the host headers under the computer account. If using a domain user for the application pool identity, all of the SPNs should be under the domain user’s object.
Kerberos and application pools:
About local accounts and default services:
http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch07n.mspx
Monday, September 18, 2006
Virtual Server 2005
WinImage version 8.0 can mount and create VHD images from physical machine.
Good article - but a little bit old - about P2V and V2P conversion: http://www.dbazine.com/sql/sql-articles/cook14
Good article - but a little bit old - about P2V and V2P conversion: http://www.dbazine.com/sql/sql-articles/cook14
Thursday, September 14, 2006
Link to good SharePoint Blogs
List of active SharePoint 2007 blogs:
http://jopx.blogspot.com/2006/08/moss-2007-office-2007-and-_115575552994200500.html
http://jopx.blogspot.com/2006/08/moss-2007-office-2007-and-_115575552994200500.html
Friday, September 08, 2006
Source KDC Event 20
"The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public key infrastructure. The chain status is in the error data."
Try to fix it by: certutil -dcinfo deleteBad
MS Article 555151
The problem was showen on a DC system event log, previously it was different CA installed in the domain. Did delete all old CA as recommended in 555151, but actually created a new CA on DC first. So far after runnig certutil I still can see old certificates.
Try to fix it by: certutil -dcinfo deleteBad
MS Article 555151
The problem was showen on a DC system event log, previously it was different CA installed in the domain. Did delete all old CA as recommended in 555151, but actually created a new CA on DC first. So far after runnig certutil I still can see old certificates.
Thursday, September 07, 2006
MS Terminal Server 2000/2003
If a client can not access the terminal server and you have a message:
"The remote session was disconnected because the local computer's client access license could not be upgraded or renewed. Please contact the server administrator."
Delete the key HKLM\SOFTWARE\Microsoft\MSLicensing
"The remote session was disconnected because the local computer's client access license could not be upgraded or renewed. Please contact the server administrator."
Delete the key HKLM\SOFTWARE\Microsoft\MSLicensing
Wednesday, September 06, 2006
SpiceWorks
Cool network management software - to enable discovery for XP sp2 PC:
netsh firewall set service remoteadmin enable
should get "ok" as a response
If you still can not discover the machine:
netsh firewall set service remoteadmin enable
should get "ok" as a response
If you still can not discover the machine:
- Check WMI configuration. It easily can be done by msinfo32.exe utility, for remote access to WMI run:
>msinfo32.exe /computer machinename for example:
>msinfo32.exe /computer sir01 - If you can not connect, you need to check DNS PTR records (pointers) for the machine, if the PTR wrong delete it, and on the machine run: >ipconfig /registerdns It should resubmit the machine to DNS. (check DNS A records too)
- To troubleshoot WMI see MS article http://support.microsoft.com/default.aspx?scid=kb;en-us;875605
Friday, September 01, 2006
Kerberos
KDC - key distribution center - belongs to domain
Timesync is very important for Kerberos authentication
kerbtray.exe clean ticket cache - from resource kit
Kerberos KDC - port 88
SPN - service principal name
To check SPN for a service use ADSI Edit and go to the object and property and EDIT "servicePrincipalName"
to enable index on database migrated from 2000 to 2005 run
sp_fulltext_database 'enable'
Timesync is very important for Kerberos authentication
kerbtray.exe clean ticket cache - from resource kit
Kerberos KDC - port 88
SPN - service principal name
To check SPN for a service use ADSI Edit and go to the object and property and EDIT "servicePrincipalName"
to enable index on database migrated from 2000 to 2005 run
sp_fulltext_database 'enable'
Subscribe to:
Posts (Atom)