# Sunday, July 22, 2007

Commenting on my blog works again; Captcha issue resolved (a.k.a. disabled).

Didn't really do much in terms of preparation yesterday, just read over the IPv6 white paper. Today I fired up my Win2k8 Core VM and started to play around with IPv6. However, before getting to play, there was Product Activation. I had seen on one of the screencasts by Keith Combs that there is this vbs-tool (which you should probably know about on the exam): slmgr. Strange part was that when I checked the expiration date, it told me I had 26 days left, even though I had auto-activation on Internet connection checked when I installed. Well, must be one of those beta-thingies, but slmgr –ato toke care of the situation. Second thing I tried was installing the Virtual Machine additions. It didn’t auto-run, but manually going for setup.exe, installing and rebooting did give me the VW-additions.

Next I went through the commands and tools mentioned on the IPv6 config page. All well, I have ipconfig, route and netsh where the interface ipv6 will be important. Since IPv6 is said to be really easy auto configuring, I tried ping and it started with timed out requests. So much for easy, but knowing my environment (dual-homed Win2k8 VM with one interface connected on the physical interface of my Vista system and also a non-IPv6 ADSL-router plus a WinXP SP2 with IPv6 installed), I started troubleshooting with IPv4. Router okay, Vista okay, WinXP not okay (turned out to be the firewall, disabled it). Next I tried pinging the WinXP system again on IPv6, twice! The first Win2k8 VM always tried first on the non-connected interface (which has ZoneID 3), and then the connected interface with ZoneID 2. Same story when pinging the Vista host. Also Win2k8 quickly forgets the interface it used to successfully connect to the two clients. Forgetting about the interface to use is quickly solved by including the (local) zone ID though, which basically represents the interface trough which the other systems can be reached. So ping fe80::5581:4002:53a2:fef1%2 or something the likes based on your environment should prevent failure (or have a properly setup infrastructure ;) ) You can view what IPv6 knows about the surrounding network via netsh interface ipv6> show neighbors.

Pinging the Win2k8 WM from the two Windows clients didn’t work; again it’s the firewall which is enabled by default on Windows Server 2008. I disabled it through netsh firewall>set opmode DISABLE and pinging the connected interface worked, naturally pinging the disconnected interface doesn’t work as the server isn’t configured as router.

All of a sudden another question popped my mind (those poor 70-431 candidates completely taken by surprise): simulations!!! I didn’t read anything about them yet, so I Googled a bit and landed at Trika’s blog (where else ;) ): Are there simulations on the upgrade exams? No.

Afterwards I installed DHCP and DNS servers on the Win2k8 Core using ocsetup (warning: case-sensitve). DNS Server Service started, DHCP Server wouldn’t. The later indicating through net start “DHCP Server” it is disabled or has no associated devices. Trough netsh dhcp> I got the impression it needed Active Directory.

Not having a graphical UI in these circumstances is no help, so I wanted to see how far I could get from Vista… not far until I gave the administrator a password (not new to Windows Server 2008, but one to remember: a user account without password is inaccessible from the network (under the default policy settings)). Not much use either; I could initially connect with computer manager now, to have the errors thrown at my head one level deeper. I guess I will need a full install, partially to be able to manage the server and to be able to setup Active Directory. Now installing the new VM…

Sunday, July 22, 2007 11:48:50 PM (W. Europe Daylight Time, UTC+02:00)
# Saturday, July 21, 2007

Another day with some hours of preparation for the 70-649. Although I have enough resources to keep me company until August 3rd, I do still spend some time looking for real gems (and keeping a tap on the buzz for this wave of beta tests). It was through Technorati and Elan Shudnow’s Blog that I learned about Keith Comb’s Blahg. This particular nerd on the grid has a series of Screencasts (currently 5, with a duration between 5 and 18 minutes) on Windows Server 2008. From the looks of his blog, he’ll frequently pour out useful info, so his feed is added to my reader (and blogroll).

What did I do besides watching Keith’s screencasts? I compared the skills being measured between 70-648 and 70-649 (and thus added some topics to the list), have been reading through the reviewers guide and watching the IPv6 white paper as downloaded webcast (sit back and relax). I can recommend the downloaded version, it's easy to pause and if needed go back a slide, very welcome as it is nearly two hours of information. Second tip is about IPv4, if you feel your IPv4 kowledge is sub-optimal, first review your IPv4 stuff. It's on the skills list too and the webcast refers quite a bit to your IPv4 knowledge. From the webcast I learned there are parts of the white paper itself I will read for further understanding.

Saturday, July 21, 2007 12:18:03 AM (W. Europe Daylight Time, UTC+02:00)
# Friday, July 20, 2007

Okay, so 70-648 is a subset of 70-649? Well almost;

  • 70-648 has more skills on "Maintaining the Active Directory Environment"
  • There is a smal difference in skill when it comes to "Configuring the Active Directory Infrastructure"
  • 70-648 has the extra skills domain of "Configuring the Domain Name System (DNS)"

See the full compare in the table below (based on the prep-guides as they were on 2007-07-20). Changes are not likely during the beta round, which by the way ends August 3rd, but I'd be surprised if there were still seats to be taken. However, should you hit this page when the exams are live, be sure to check the (then) current skills at their respective links: 70-648 & 70-649

70-649 6416A 70-648 6415A 6416A
Configuring Network Access Configuring Network Access  
Configure Remote Access. X Configure Remote Access. X  
Configure Network Access Protection (NAP) components. X Configure Network Access Protection (NAP) components. X  
Configure Network Authentication. X Configure Network Authentication. X  
Configure data transmission protocols. X Configure data transmission protocols. X  
Configure wireless access. X Configure wireless access. X  
Configure certificate services. X Configure certificate services. X  
Configure DHCP. X Configure DHCP. X  
Configure IPv4 and IPv6 Addressing. X Configure IPv4 and IPv6 addressing. X  
Configure Routing. X Configure routing. X  
Configuring Terminal Services  
Configure Terminal Services Remote Programs. X      
Configure Terminal Services Gateway. X      
Configure Terminal Services load balancing. X      
Configure resource allocation for Terminal Services. X      
Configure Terminal Services licensing. X      
Configure Terminal Services client connections. X      
Configure Terminal Services server options. X      
Configuring a Web Services Infrastructure  
Configure File Transfer Protocol (FTP) Server. X      
Configure backup. X      
Configure Web applications. X      
Configure Application Pools. O      
Configure IIS components. X      
Publish IIS Web sites. X      
Migrate sites and Web applications. X      
Configure SMTP service. X      
Configure Universal Description, Discovery, and Integration (UDDI) service. X      
Configuring Security for Web Services  
Configure handlers to reduce attack surface. X      
Configure .NET Trust levels. X      
Configure authentication. X      
Configure rights. X      
Configure permissions. X      
Configure authorization. X      
Configure certificates. X      
Deploying and Monitoring Servers Deploying Servers  
Configure Windows Deployment Services (WDS). X Configure Windows Deployment Services (WDS). X  
Capture WDS images. O Capture WDS images. X  
Deploy WDS images. O Deploy WDS images. X  
Configure Windows Activation. X Configure Windows activation. X  
Create virtual machines. X Create virtual machines. X  
Configure Virtual Server settings. X Configure Virtual Server settings. X  
Install Windows Server Enterprise. X Install Windows Server Enterprise. X  
Install server core. X Install server core. X  
Configuring Server Roles Configuring Server Roles  
Implement server roles by using Server Manager. X Implement server roles by using Server Manager. X  
Configure ADLDS. X Configure ADLDS. X  
Configure ADRMS. X Configure ADRMS. X  
Configure the Active Directory server core. X Configure the AD server core. X  
Configure the read-only domain controller (RODC). X Configure the read-only domain controller (RODC). X  
Configure Active Directory Certificate Services. X Configure AD Certificate Services and PKI. X  
Configure Active Directory Federation Services (ADFS). X Configure Active Directory Federation Services (ADFS). X  
Maintaining the Active Directory Environment Maintaining the Active Directory Environment  
Configure backup and recovery. X Configure backup and recovery. O X
Perform offline maintenance. X Perform offline maintenance. O X
Configure custom application directory partitions. X Configure custom application directory partitions. O X
    Configure AD DS auditing. O X
    Configure audit policy by using GPOs. O X
    Monitor Active Directory. O X
Configuring the Active Directory Infrastructure Configuring the Active Directory Infrastructure  
Configure communication security for Active Directory. X Configure communication security for Active Directory.   X
Configure the global catalog. X      
    Configure authentication. X  
    Configuring the Domain Name System (DNS)  
    Configure zones. X  
    Configure zone resolution. X  
    Configure DNS client settings. X  
    Configure DHCP and WINS for DNS. X  
Friday, July 20, 2007 10:24:52 PM (W. Europe Daylight Time, UTC+02:00)
# Thursday, July 19, 2007

What's up with "Configure Windows Activation"?

The reviewers guide talks about Windows Activation Service and Windows Process Activation Service as if it is one thing. Search through the guide on WAS and WPAS (search case-sensitive, was is a pretty common word ;)). Now it could be that this is important, because from what I remember from the things I read on one of the links below, IIS7 is a very major topic. However, I still feel it's that nasty Windows Product Activation that is featured under "Configure Windows Activation". This feeling is based on the location in the prep-guide and this line in the reviewers guide.

In addition, because product activation can be done within a grace period (typically 30 days), and is not critical for the initial configuration of the server, the Activate Your Server command, present on the Manage Your Server window in Windows Server 2003, has been removed from Initial Configuration Tasks.

That's however all I found on product activationin the reviewer guide (maybe that, and how to invoke activation after deployment is all you need to know on the exam).

Experiences from others on 70-649 in general:

http://www.mcseboard.de/mcse-forum-pruefungen-33/mcse-mcsa-upgrade-2008-beta-pruefungen-117512.html (German; forum which had already 3 pages in the thread when I checked)

http://www.techlog.org/archive/2007/06/08/windows_server_2008_upgrade_ex

http://blogs.infosupport.com/ericd/archive/2007/07/17/Exam-70_2D00_649.aspx

http://blog.tiensivu.com/aaron/archives/1171-Took-71-649-will-be-70-649-today-Upgrading-MCSE-2003-to-2008.html

Thursday, July 19, 2007 11:47:37 PM (W. Europe Daylight Time, UTC+02:00)

Yesterday I registered for the transitioning beta-exam for MCSE 2003 to three MCTSes for Windows Server 2008, I also started my preparations towards this exam.

First thing, create a new virtual machine with Virtual Server 2005 and install Windows Server 2008 Beta 3 on it. This takes a while, so I started hunting for resources. By looking at the prep-guide you’ll learn that 70-649 is comprised of the exams 70-640, 70-642 and 70-643 (oh yeah, for the people transitioning their MCSA 2003, leave out 70-643).

I looked at the topics and most of them already are familiar from Windows Server 2003, but there were a few where I know I have to dig in to:

  • IPv6.
  • UDDI.
  • WDS (though my first guess I’ll find a lot of similarities with RIS).
  • Windows Activation (currently I just hate it, if it is what I think it is).
  • The whole story on Server Roles.

Some resources are directly pointed at from the prep-guide, others I already know and I think it’s useful to share them here. I’ll just restrict myself to the free resources:

IPv6-stuff start’s here, has a White Paper from MS and somehow I have a gut feeling this page will be important.

Windows Activation, I’m tapping a bit in the dark currently on what this is. My first (dreadful) guess is nagging product activation. But searching the Microsoft sites I also found some references to phrases like “Windows Activation Service” and “Windows Process Activation”. If anyone could shine a bit of light on the subject, you can comment on this blog for free.

Not free, but worth mentioning: 6416A, both as Instructor Led Training ($/€ = ?, Three day course) maybe at a CPLS near you or as E-Learning ($ 319.99, Three year subscription).

That’s it for now, though I have little time left for my preparations, I will blog about them as much as I can. Including other resources I encounter and the impression and result on the exam. So stay tuned on RSS or Atom.

Thursday, July 19, 2007 9:58:11 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, July 18, 2007

MCSA/MCSE 2003 invited to beta WS2008 transition exams...

Just scheduled mine, going to have a shot at 71-649 August 3rd (if I don't have to reschedule). The exam is called Transitioning your MCSE on Windows Server 2003 to Windows Server 2008 Technology Specialist. Smart move, not calling it upgrading, even though you get three MCTS certification from this one exam. Important to note, this exam is fully tied to your MCSE 2003 status. Don't have one? Don't go for this exam, you won't receive any credits from it.


Similar, there is a transitioning exam for MCSA 2003 as well: 71-648. It credits you for two MCTS certifications (yes a subset from the MCSE transition). Again, be MCSA, or you'll be wasting your time.


Want more details or the promo-code, go check out Trika's blog.
Meanwhile I've no time to delay building my Windows Server 2008 image Virtual Server and start looking for resources to aid me with my studies (as always, the prep guide will not be spelling out all you need to know, but I'll be checking it out anyway).

 

Wednesday, July 18, 2007 4:43:44 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, July 11, 2007

Hmm, did this about half a year ago and didn't blog about it... stupid, because now I had to figure it out again. The unfortunate event was the phone on my PDA (T-Mobile MDA Vario II) had a bit of a malfunction. It either didn't connect to the GSM-network or when it did, calls would be disconnected after a couple of minutes. So I called T-Mobile and after having determined the problem was the phone (not the SIM), they collected it for repair. Naturally, I made a backup of my personal stuff and then removed the personal stuff and security settings from the device before it was picked up (hey, I do security training occasionally).

Well today I got my device back... software update, all information gone (but I have a backup)... I just had to restore my stuff and configure network settings and Exchange synchronization again. No problem until: 0x80072FD; indicating the certificate on the Exchange Server (my Small Business Server) was invalid.

The solution is to add my SBS self-signed certificate to the trusted root certificates of the PDA. How?

Well first make sure you environment is set up for synchronization. Not my issue, but it never hurts to check on it. See Petri for the overview.

Now obtain your SBS self-signed certificate, in all cases this will be located on the virtual directory Exchange on your web server. From IIS Manager you can directly export the certificate (without private key) to the required DER encoding. Execute following steps, which are derived from kb841060:

  1. Export the root certificate to a computer that is running Microsoft Windows in DER encoded binary X.509 format with a .cer file name extension.
  2. Create a root-folder Storage on the Windows Mobile device.
  3. Download and extract SmartPhoneAddCert.exe package on your Windows Computer.
  4. Use ActiveSync (Windows XP and earlier), Windows Mobile Device Center (Windows Vista) or the storage card to transfer the DER-encoded certificate and the SPAddCert.exe (from the downloaded package) to the \Storage folder on your Windows Mobile device.
  5. On your Windows Mobile device, start SPAddCert.exe from the \Storage folder. It will give a warning that the application is not verified (or something the likes), ignore the warning and proceed. The application will now show you the certificate you exported, continue by confirming all actions.
  6. Restart your device.
You can check the trusted root certificates under Settings, System, Certificates, Basic (in my case (Dutch) Instellingen, Systeem, Certificaten, Basis). After executing above procedure you should see the SBS-cert here.

I'm not sure if Windows Mobile 5 really required the restart, but that's because before I restarted I received the error 0x85010014 from ActiveSync on my SmartPhone. After restart (still the same error) it turned out to be a connection issue. Due to firewall restrictions I had to use another interface on my multi-homed SBS Server (hey, it's been a couple of months!!).

Next error I encountered from ActiveSync was 0x85020013, but since I had that funny feeling I mistyped my password (big fingers, small keys), that one was quickly resolved.

Device details:

Windows Mobile 5.1.195 (Dutch)

T-Mobile MDA Vario II (device modelnr: HERM300)

Hardware | ReSQueL | SBS
Wednesday, July 11, 2007 4:11:56 PM (W. Europe Daylight Time, UTC+02:00)

From Mary-Jo's blog: SQL Server 2008 ("Katmai") will be released launched February 27th 2008, together with Windows Server 2008 ("Longhorn") and Visual Studio 2008 ("Orcas").

Read also Microsoft's Press release.

<Update date="2007-07-12">

Old title: SQL Server 2008 release date: 2007-02-27

Something very stupid happened to me in the title before the update! I put in the current year, shame on me!

But wait, that's not all. There is also something about the distinction between launch and release (aka RTM), thanks to Euan Garden for pointing that out on his blog. The release of SQL Server 2008 is set for somewhere in the second quarter of 2008 (source Michael J. Murphy). So mixing up the words launch and release was my second stupid thing.

<Update/>

Technorati tags: ,
Wednesday, July 11, 2007 9:05:38 AM (W. Europe Daylight Time, UTC+02:00)
# Tuesday, July 10, 2007

Clinic 7045: What's New in Microsoft® SQL Server™ 2008

While I was over at Arlindo's Blog for VRMCplus, I couldn't resist clicking SQL Server 2008 in his tag-cloud. Next I grabbed my passport (euh LiveID) and headed to the 1.5 to 2 hour eLearning module (content will be available on your LiveID for a year).

Little topic overview:

  • A lot on Database Engine and SSRS, less on SSIS and SSAS.
  • FILESTREAM and spatial datatypes, as well as the other datatype enhancements/additions.
  • Mentioning the new management capabilities and how this fits in with MS-initiatives like DSI.
  • Mentioning the development features and integration (think ORM, EDM and LINQ).
  • New to me (hadn't noticed it before); Security Auditing for Data Protection. This will be quite useful when you can't (due to vendor support restrictions) implement auditing based on altered table definitions, check constraints and triggers. Or now don't want with SQL2k8 because it will be faster to implement ;).
  • Improved integrations with Office 2007 (and SharePoint).
Technorati tags: ,
Tuesday, July 10, 2007 1:00:15 PM (W. Europe Daylight Time, UTC+02:00)
 #
 

Found and installed it two hours ago, a must have for working with Virtual Server 2005, it combines the functionality of VRMC and the Admin-site in one easy to use application. For more info and download, visit Arlindo's Blog. Don't forget, on Vista (with UAC) you still need run as Administrator, just like the "normal" VRMC and the Virtual Server Administration Website.

Technorati tags:
Tuesday, July 10, 2007 11:02:21 AM (W. Europe Daylight Time, UTC+02:00)