Always Upgrading Blog

If you’ve been following best practices, you likely have a multi-tiered Microsoft PKI with an offline root CA. In this case you’ll have to publish a new Certificate Revocation List using your offline CA server and install this on your online CA server. The following article outlines the steps involved in completing this process.

Generating the new CRL Using the Offline CA

First, you’ll need to power up your offline CA. Once it’s finished booting, navigate to C:\windows\system32\certsrv\certenroll and rename your current CRL (filename may vary, but should be the only file in this folder with a *.crl extension) to *.crl.old.

If you’re running a NetApp & VMWare environment and are using SMVI for your backups, you’ll occasionally come across a stalled SMVI backup when looking in vCenter. You’ll also notice a bunch of SMVI snapshots (like those above) when looking in RVTools for old snapshots like the good little VMware administrator you are… :)

We’ve been using (a now somewhat antiquated version) of Op5 for monitoring at work for as many years as I can remember. We needed a nice simple, no-login whilst on the WAN, dashboard to display the current status of our servers on TV screens in each of our IT office locations around the globe. Our original Op5 implementer pointed us towards the merlin-dashboard by Mattias Bergsten which fit our requirements perfectly.

I came across the following error when trying to install the VMware PowerCLI tools today, which appears to be related to requiring TLS 1.2 now.

A common task for Linux/VMware administrators is adding a new virtual disk to a Linux VM and expanding the filesystem to utilise the free space. Below is a quick guide on how to complete this task.

I was keen to follow through the hands on examples of the CBTNuggets course but didn’t fancy the capital outlay involved with purchasing the necessary equipment, so I built my own rack layout using Cisco’s excellent Packet Tracer software. I know that the course includes a number of virtual labs, but something just sticks in your memory better if you have to make all the connections between devices yourself.

We have a large number of network devices at work that are using our Domain Controllers for DNS resolution, RADIUS and DHCP. As well as a number of on premise systems which are binding to hostnames for LDAP authentication. Whilst it would totally be possible to go through all of these and change the configuration to use new servers, sometimes it’s just easier to replace the 2008R2 Domain Controllers with a new 2019 Domain Controller with the same hostname and IP address.

As I’m in the process of wiping and reloading a bunch of 2008R2 domain controllers with Server 2019, I created a handy Powershell script to change the primary and secondary DNS server settings. This is useful to ensure the primary DNS server is not set to a server that will be offline. I discovered the hard way that when reloading a server with the same hostname and IP, that DNS will not gracefully utilise the secondary DNS server if the primary IP is responding but not answering DNS queries (as is the case before DNS is reinstalled when the 2019 server is promoted).

The script takes advantage of the VMware PowerCLI to retrieve Windows server names on a per VMware Cluster basis, these are then cycled through and the DNS settings updated for each.

As part of the seemingly never ending upgrade cycle, the last of the VMware ESXi 5.5 stragglers are being upgraded. If you’ve been through this before, you’ll probably already know that if you’ve previously upgraded a host from an older version of ESXi to 5.5 you will likely get an incompatible warning like the image above when you try to apply your Upgrade Baseline for ESXi 6.5.

I’m sure with Microsoft announcing the End of Life of Server 2008R2 on January 14th 2020 many people are looking around and still seeing it all over the enterprise. You may still be running domain controllers on 2008R2 which are using FRS for AD replication and are looking to move these to 2019 or similar and finding that it’s unsupported until you’ve migrated your AD replication from FRS to DFSR.

If this is your situation, this guide should help you get them migrated over to DFSR. The method below provides for some rollback options if required, please see the full migration guide from Microsoft for more information. I’d recommend at least scanning through this document before you proceed with the steps below.