Always Upgrading Blog

A blog (mostly) about Enterprise IT upgrades.

Publish New CRL From an Offline Root CA

If you’ve been following best practices, you likely have a multi-tiered Microsoft PKI with an offline root CA. In this case you’ll have to publish a new Certificate Revocation List using your offline CA server and install this on your online CA server. The following article outlines the steps involved in completing this process.

Generating the new CRL Using the Offline CA

First, you’ll need to power up your offline CA. Once it’s finished booting, navigate to C:\windows\system32\certsrv\certenroll and rename your current CRL (filename may vary, but should be the only file in this folder with a *.crl extension) to *.crl.old.

Publish CRL

Read more →

Fixing a Stalled NetApp SMVI Backup

Snapshots in RVTools

If you’re running a NetApp & VMWare environment and are using SMVI for your backups, you’ll occasionally come across a stalled SMVI backup when looking in vCenter. You’ll also notice a bunch of SMVI snapshots (like those above) when looking in RVTools for old snapshots like the good little VMware administrator you are… :)

Read more →

Updating and Extending Monitoring Dashboards

Old Dashboard

We’ve been using (a now somewhat antiquated version) of Op5 for monitoring at work for as many years as I can remember. We needed a nice simple, no-login whilst on the WAN, dashboard to display the current status of our servers on TV screens in each of our IT office locations around the globe. Our original Op5 implementer pointed us towards the merlin-dashboard by Mattias Bergsten which fit our requirements perfectly.

Read more →

Using Packet Tracer with the CBTNuggets CCNA (200-301) course

Rack Layout

I was keen to follow through the hands on examples of the CBTNuggets course but didn’t fancy the capital outlay involved with purchasing the necessary equipment, so I built my own rack layout using Cisco’s excellent Packet Tracer software. I know that the course includes a number of virtual labs, but something just sticks in your memory better if you have to make all the connections between devices yourself.

Read more →

Replace Domain Controller With Same Hostname and IP Address

Backup NPS

We have a large number of network devices at work that are using our Domain Controllers for DNS resolution, RADIUS and DHCP. As well as a number of on premise systems which are binding to hostnames for LDAP authentication. Whilst it would totally be possible to go through all of these and change the configuration to use new servers, sometimes it’s just easier to replace the 2008R2 Domain Controllers with a new 2019 Domain Controller with the same hostname and IP address.

Read more →

Change Primary and Secondary DNS servers With Powershell and VMware PowerCLI

Incompatible Message

As I’m in the process of wiping and reloading a bunch of 2008R2 domain controllers with Server 2019, I created a handy Powershell script to change the primary and secondary DNS server settings. This is useful to ensure the primary DNS server is not set to a server that will be offline. I discovered the hard way that when reloading a server with the same hostname and IP, that DNS will not gracefully utilise the secondary DNS server if the primary IP is responding but not answering DNS queries (as is the case before DNS is reinstalled when the 2019 server is promoted).

The script takes advantage of the VMware PowerCLI to retrieve Windows server names on a per VMware Cluster basis, these are then cycled through and the DNS settings updated for each.

Read more →

Backup and Restore ESXi if Incompatible When Upgrading to 6.5

Incompatible Message

As part of the seemingly never ending upgrade cycle, the last of the VMware ESXi 5.5 stragglers are being upgraded. If you’ve been through this before, you’ll probably already know that if you’ve previously upgraded a host from an older version of ESXi to 5.5 you will likely get an incompatible warning like the image above when you try to apply your Upgrade Baseline for ESXi 6.5.

Read more →

Ad Replication - FRS to DFSR Migration

Migration Complete

I’m sure with Microsoft announcing the End of Life of Server 2008R2 on January 14th 2020 many people are looking around and still seeing it all over the enterprise. You may still be running domain controllers on 2008R2 which are using FRS for AD replication and are looking to move these to 2019 or similar and finding that it’s unsupported until you’ve migrated your AD replication from FRS to DFSR.

If this is your situation, this guide should help you get them migrated over to DFSR. The method below provides for some rollback options if required, please see the full migration guide from Microsoft for more information. I’d recommend at least scanning through this document before you proceed with the steps below.

Read more →