# Tuesday, July 24, 2007

Today I decided my efforts to get hands-on experience with Windows Server 2008 Beta 3 were noble as well as inefficient. To be honest, I don’t really think it’s inefficient in terms of getting to know the product better, but it is in terms of time management towards the exam on August 3rd.

How did I get to that conclusion? I was playing with DHCPv6 and DNS and all of a sudden I found myself reading an RFC (3596 for those interested). What was I doing? Getting DHCPv6 to lease addresses and see those addresses being registered in DNS, both the AAAA records and the PTR records. But I had a little trouble getting the ip6.arpa zone created (and in the end it turned out just to be a matter of knowing what exactly to type in the wizard). That was the detail, but I am also preparing for (just) a MCTS-exam on a broad range of topics and skills.

Anyway, this scenario will be the last “getting my hands in the dirt” for a while. After that, I will look in to the free E-Learning and the free E-Book, probably followed by working my way through IIS7. Based on all info I found, IIS7 is topic #1 on the 70-649.

There is just one possible topic I’m uncertain of: PowerShell. The PowerShell book is recommended Microsoft Press self-paced training products on the Prep-guide. However PowerShell isn’t mentioned in the skills tested and I haven’t read any comments about PowerShell questions in the various experiences. Does any of the 71-649 veterans care to drop a word on PowerShell?

Tuesday, July 24, 2007 10:21:59 PM (W. Europe Daylight Time, UTC+02:00)
# Monday, July 23, 2007

The new VM (to be named Win2k8-Full-01) installed overnight, first things first: VM additions and a larger screen size (going graphical now). Second, not being able to do a thing with DHCP on the core-install (Win2k8-Core-01) still bugged me and while in Initial Configuration Tasks on Win2K8-Full-01 I started looking around the roles and features. There it was under features: Remote Server Administration Tools, but no remote tool for DHCP *now what*… well I just installed the DNS Server tool. Next the system wanted to REBOOT ?!? WinNT 3.51 déjà vu, I hope these kinds of reboots won’t make the final product.

The DNS Server tool on Win2K8-Full-01 threw an error “A security package specific error occurred”. I only could stop, restart or pause the DNS Service over at Win2k8-Core-01 and view the DNS Event log. I tried to see what happened if I made changes to DNS on Win2k8-Core-01 using dnscmd. Again the changes didn’t show in the DNS Server tool (although they were visible in the DNS Event log). Time for an upgrade to an Active Directory environment, I installed the role Active Directory Domain Services (reboot again), dcpromo followed by an expected reboot. After the reboot, it was apparent that the roles DNS Server and File Services were installed at Win2k8-Full-01 too.

The thing I realized after kicking off dcpromo was I didn’t look at the domain functional level. I went with the Windows Server “Longhorn” forest functional level, which made the wizards questions about domain functional levels obsolete. Hence I looked it up; Appendix of Functional Level Features a link I think will be useful when going into the Configuring Server Roles (see prep-guide), which is pretty heavy on AD-stuff.

Next step, enlist the Win2k8-Core-01 in the newly created longhorn.local domain (use NETDOM JOIN). Sounds easy, but it wasn’t. The ADSL-router (being DHCP and DNS server) complicated things, so I had to switch to manually configure DNS registration over at Win2k8-Full-01 through netsh. Once I had that setup over IPv6, the join worked.

Unfortunately after the Win2k8-Core-01 joined the domain, I was still unable to connect to its DNS Server as it kept insisting on the error “A security package specific error occurred”. In the mean time, I also found the Core Server Step-by-Step Guide. Hindsight knowledge says I should have read this paper before getting my fingers in the dirt. Anyway I think I’ve played enough with this Core server thing towards the exam.

Next stop: DHCP, DNS and AD. Win2k8-Full-01 already acting a DC, DHCPv4, DHCPv6 and DNS. Threw the Win2k8-Core-01 from the disk and now installing Win2k8-Full-02. In the mean time watching TechNet Webcast: Technical Overview of Active Directory Domain Services in Windows Server 2008.

I also want to share this link: Exam impression by Lukas Beeler.

Monday, July 23, 2007 8:27:36 PM (W. Europe Daylight Time, UTC+02:00)
# Sunday, July 22, 2007

Commenting on my blog works again; Captcha issue resolved (a.k.a. disabled).

Didn't really do much in terms of preparation yesterday, just read over the IPv6 white paper. Today I fired up my Win2k8 Core VM and started to play around with IPv6. However, before getting to play, there was Product Activation. I had seen on one of the screencasts by Keith Combs that there is this vbs-tool (which you should probably know about on the exam): slmgr. Strange part was that when I checked the expiration date, it told me I had 26 days left, even though I had auto-activation on Internet connection checked when I installed. Well, must be one of those beta-thingies, but slmgr –ato toke care of the situation. Second thing I tried was installing the Virtual Machine additions. It didn’t auto-run, but manually going for setup.exe, installing and rebooting did give me the VW-additions.

Next I went through the commands and tools mentioned on the IPv6 config page. All well, I have ipconfig, route and netsh where the interface ipv6 will be important. Since IPv6 is said to be really easy auto configuring, I tried ping and it started with timed out requests. So much for easy, but knowing my environment (dual-homed Win2k8 VM with one interface connected on the physical interface of my Vista system and also a non-IPv6 ADSL-router plus a WinXP SP2 with IPv6 installed), I started troubleshooting with IPv4. Router okay, Vista okay, WinXP not okay (turned out to be the firewall, disabled it). Next I tried pinging the WinXP system again on IPv6, twice! The first Win2k8 VM always tried first on the non-connected interface (which has ZoneID 3), and then the connected interface with ZoneID 2. Same story when pinging the Vista host. Also Win2k8 quickly forgets the interface it used to successfully connect to the two clients. Forgetting about the interface to use is quickly solved by including the (local) zone ID though, which basically represents the interface trough which the other systems can be reached. So ping fe80::5581:4002:53a2:fef1%2 or something the likes based on your environment should prevent failure (or have a properly setup infrastructure ;) ) You can view what IPv6 knows about the surrounding network via netsh interface ipv6> show neighbors.

Pinging the Win2k8 WM from the two Windows clients didn’t work; again it’s the firewall which is enabled by default on Windows Server 2008. I disabled it through netsh firewall>set opmode DISABLE and pinging the connected interface worked, naturally pinging the disconnected interface doesn’t work as the server isn’t configured as router.

All of a sudden another question popped my mind (those poor 70-431 candidates completely taken by surprise): simulations!!! I didn’t read anything about them yet, so I Googled a bit and landed at Trika’s blog (where else ;) ): Are there simulations on the upgrade exams? No.

Afterwards I installed DHCP and DNS servers on the Win2k8 Core using ocsetup (warning: case-sensitve). DNS Server Service started, DHCP Server wouldn’t. The later indicating through net start “DHCP Server” it is disabled or has no associated devices. Trough netsh dhcp> I got the impression it needed Active Directory.

Not having a graphical UI in these circumstances is no help, so I wanted to see how far I could get from Vista… not far until I gave the administrator a password (not new to Windows Server 2008, but one to remember: a user account without password is inaccessible from the network (under the default policy settings)). Not much use either; I could initially connect with computer manager now, to have the errors thrown at my head one level deeper. I guess I will need a full install, partially to be able to manage the server and to be able to setup Active Directory. Now installing the new VM…

Sunday, July 22, 2007 11:48:50 PM (W. Europe Daylight Time, UTC+02:00)
# Saturday, July 21, 2007

Another day with some hours of preparation for the 70-649. Although I have enough resources to keep me company until August 3rd, I do still spend some time looking for real gems (and keeping a tap on the buzz for this wave of beta tests). It was through Technorati and Elan Shudnow’s Blog that I learned about Keith Comb’s Blahg. This particular nerd on the grid has a series of Screencasts (currently 5, with a duration between 5 and 18 minutes) on Windows Server 2008. From the looks of his blog, he’ll frequently pour out useful info, so his feed is added to my reader (and blogroll).

What did I do besides watching Keith’s screencasts? I compared the skills being measured between 70-648 and 70-649 (and thus added some topics to the list), have been reading through the reviewers guide and watching the IPv6 white paper as downloaded webcast (sit back and relax). I can recommend the downloaded version, it's easy to pause and if needed go back a slide, very welcome as it is nearly two hours of information. Second tip is about IPv4, if you feel your IPv4 kowledge is sub-optimal, first review your IPv4 stuff. It's on the skills list too and the webcast refers quite a bit to your IPv4 knowledge. From the webcast I learned there are parts of the white paper itself I will read for further understanding.

Saturday, July 21, 2007 12:18:03 AM (W. Europe Daylight Time, UTC+02:00)
# Friday, July 20, 2007

Okay, so 70-648 is a subset of 70-649? Well almost;

  • 70-648 has more skills on "Maintaining the Active Directory Environment"
  • There is a smal difference in skill when it comes to "Configuring the Active Directory Infrastructure"
  • 70-648 has the extra skills domain of "Configuring the Domain Name System (DNS)"

See the full compare in the table below (based on the prep-guides as they were on 2007-07-20). Changes are not likely during the beta round, which by the way ends August 3rd, but I'd be surprised if there were still seats to be taken. However, should you hit this page when the exams are live, be sure to check the (then) current skills at their respective links: 70-648 & 70-649

70-649 6416A 70-648 6415A 6416A
Configuring Network Access Configuring Network Access  
Configure Remote Access. X Configure Remote Access. X  
Configure Network Access Protection (NAP) components. X Configure Network Access Protection (NAP) components. X  
Configure Network Authentication. X Configure Network Authentication. X  
Configure data transmission protocols. X Configure data transmission protocols. X  
Configure wireless access. X Configure wireless access. X  
Configure certificate services. X Configure certificate services. X  
Configure DHCP. X Configure DHCP. X  
Configure IPv4 and IPv6 Addressing. X Configure IPv4 and IPv6 addressing. X  
Configure Routing. X Configure routing. X  
Configuring Terminal Services  
Configure Terminal Services Remote Programs. X      
Configure Terminal Services Gateway. X      
Configure Terminal Services load balancing. X      
Configure resource allocation for Terminal Services. X      
Configure Terminal Services licensing. X      
Configure Terminal Services client connections. X      
Configure Terminal Services server options. X      
Configuring a Web Services Infrastructure  
Configure File Transfer Protocol (FTP) Server. X      
Configure backup. X      
Configure Web applications. X      
Configure Application Pools. O      
Configure IIS components. X      
Publish IIS Web sites. X      
Migrate sites and Web applications. X      
Configure SMTP service. X      
Configure Universal Description, Discovery, and Integration (UDDI) service. X      
Configuring Security for Web Services  
Configure handlers to reduce attack surface. X      
Configure .NET Trust levels. X      
Configure authentication. X      
Configure rights. X      
Configure permissions. X      
Configure authorization. X      
Configure certificates. X      
Deploying and Monitoring Servers Deploying Servers  
Configure Windows Deployment Services (WDS). X Configure Windows Deployment Services (WDS). X  
Capture WDS images. O Capture WDS images. X  
Deploy WDS images. O Deploy WDS images. X  
Configure Windows Activation. X Configure Windows activation. X  
Create virtual machines. X Create virtual machines. X  
Configure Virtual Server settings. X Configure Virtual Server settings. X  
Install Windows Server Enterprise. X Install Windows Server Enterprise. X  
Install server core. X Install server core. X  
Configuring Server Roles Configuring Server Roles  
Implement server roles by using Server Manager. X Implement server roles by using Server Manager. X  
Configure ADLDS. X Configure ADLDS. X  
Configure ADRMS. X Configure ADRMS. X  
Configure the Active Directory server core. X Configure the AD server core. X  
Configure the read-only domain controller (RODC). X Configure the read-only domain controller (RODC). X  
Configure Active Directory Certificate Services. X Configure AD Certificate Services and PKI. X  
Configure Active Directory Federation Services (ADFS). X Configure Active Directory Federation Services (ADFS). X  
Maintaining the Active Directory Environment Maintaining the Active Directory Environment  
Configure backup and recovery. X Configure backup and recovery. O X
Perform offline maintenance. X Perform offline maintenance. O X
Configure custom application directory partitions. X Configure custom application directory partitions. O X
    Configure AD DS auditing. O X
    Configure audit policy by using GPOs. O X
    Monitor Active Directory. O X
Configuring the Active Directory Infrastructure Configuring the Active Directory Infrastructure  
Configure communication security for Active Directory. X Configure communication security for Active Directory.   X
Configure the global catalog. X      
    Configure authentication. X  
    Configuring the Domain Name System (DNS)  
    Configure zones. X  
    Configure zone resolution. X  
    Configure DNS client settings. X  
    Configure DHCP and WINS for DNS. X  
Friday, July 20, 2007 10:24:52 PM (W. Europe Daylight Time, UTC+02:00)
# Thursday, July 19, 2007

What's up with "Configure Windows Activation"?

The reviewers guide talks about Windows Activation Service and Windows Process Activation Service as if it is one thing. Search through the guide on WAS and WPAS (search case-sensitive, was is a pretty common word ;)). Now it could be that this is important, because from what I remember from the things I read on one of the links below, IIS7 is a very major topic. However, I still feel it's that nasty Windows Product Activation that is featured under "Configure Windows Activation". This feeling is based on the location in the prep-guide and this line in the reviewers guide.

In addition, because product activation can be done within a grace period (typically 30 days), and is not critical for the initial configuration of the server, the Activate Your Server command, present on the Manage Your Server window in Windows Server 2003, has been removed from Initial Configuration Tasks.

That's however all I found on product activationin the reviewer guide (maybe that, and how to invoke activation after deployment is all you need to know on the exam).

Experiences from others on 70-649 in general:

http://www.mcseboard.de/mcse-forum-pruefungen-33/mcse-mcsa-upgrade-2008-beta-pruefungen-117512.html (German; forum which had already 3 pages in the thread when I checked)




Thursday, July 19, 2007 11:47:37 PM (W. Europe Daylight Time, UTC+02:00)

Yesterday I registered for the transitioning beta-exam for MCSE 2003 to three MCTSes for Windows Server 2008, I also started my preparations towards this exam.

First thing, create a new virtual machine with Virtual Server 2005 and install Windows Server 2008 Beta 3 on it. This takes a while, so I started hunting for resources. By looking at the prep-guide you’ll learn that 70-649 is comprised of the exams 70-640, 70-642 and 70-643 (oh yeah, for the people transitioning their MCSA 2003, leave out 70-643).

I looked at the topics and most of them already are familiar from Windows Server 2003, but there were a few where I know I have to dig in to:

  • IPv6.
  • UDDI.
  • WDS (though my first guess I’ll find a lot of similarities with RIS).
  • Windows Activation (currently I just hate it, if it is what I think it is).
  • The whole story on Server Roles.

Some resources are directly pointed at from the prep-guide, others I already know and I think it’s useful to share them here. I’ll just restrict myself to the free resources:

IPv6-stuff start’s here, has a White Paper from MS and somehow I have a gut feeling this page will be important.

Windows Activation, I’m tapping a bit in the dark currently on what this is. My first (dreadful) guess is nagging product activation. But searching the Microsoft sites I also found some references to phrases like “Windows Activation Service” and “Windows Process Activation”. If anyone could shine a bit of light on the subject, you can comment on this blog for free.

Not free, but worth mentioning: 6416A, both as Instructor Led Training ($/€ = ?, Three day course) maybe at a CPLS near you or as E-Learning ($ 319.99, Three year subscription).

That’s it for now, though I have little time left for my preparations, I will blog about them as much as I can. Including other resources I encounter and the impression and result on the exam. So stay tuned on RSS or Atom.

Thursday, July 19, 2007 9:58:11 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, July 18, 2007

MCSA/MCSE 2003 invited to beta WS2008 transition exams...

Just scheduled mine, going to have a shot at 71-649 August 3rd (if I don't have to reschedule). The exam is called Transitioning your MCSE on Windows Server 2003 to Windows Server 2008 Technology Specialist. Smart move, not calling it upgrading, even though you get three MCTS certification from this one exam. Important to note, this exam is fully tied to your MCSE 2003 status. Don't have one? Don't go for this exam, you won't receive any credits from it.

Similar, there is a transitioning exam for MCSA 2003 as well: 71-648. It credits you for two MCTS certifications (yes a subset from the MCSE transition). Again, be MCSA, or you'll be wasting your time.

Want more details or the promo-code, go check out Trika's blog.
Meanwhile I've no time to delay building my Windows Server 2008 image Virtual Server and start looking for resources to aid me with my studies (as always, the prep guide will not be spelling out all you need to know, but I'll be checking it out anyway).


Wednesday, July 18, 2007 4:43:44 PM (W. Europe Daylight Time, UTC+02:00)
# Wednesday, July 11, 2007

Hmm, did this about half a year ago and didn't blog about it... stupid, because now I had to figure it out again. The unfortunate event was the phone on my PDA (T-Mobile MDA Vario II) had a bit of a malfunction. It either didn't connect to the GSM-network or when it did, calls would be disconnected after a couple of minutes. So I called T-Mobile and after having determined the problem was the phone (not the SIM), they collected it for repair. Naturally, I made a backup of my personal stuff and then removed the personal stuff and security settings from the device before it was picked up (hey, I do security training occasionally).

Well today I got my device back... software update, all information gone (but I have a backup)... I just had to restore my stuff and configure network settings and Exchange synchronization again. No problem until: 0x80072FD; indicating the certificate on the Exchange Server (my Small Business Server) was invalid.

The solution is to add my SBS self-signed certificate to the trusted root certificates of the PDA. How?

Well first make sure you environment is set up for synchronization. Not my issue, but it never hurts to check on it. See Petri for the overview.

Now obtain your SBS self-signed certificate, in all cases this will be located on the virtual directory Exchange on your web server. From IIS Manager you can directly export the certificate (without private key) to the required DER encoding. Execute following steps, which are derived from kb841060:

  1. Export the root certificate to a computer that is running Microsoft Windows in DER encoded binary X.509 format with a .cer file name extension.
  2. Create a root-folder Storage on the Windows Mobile device.
  3. Download and extract SmartPhoneAddCert.exe package on your Windows Computer.
  4. Use ActiveSync (Windows XP and earlier), Windows Mobile Device Center (Windows Vista) or the storage card to transfer the DER-encoded certificate and the SPAddCert.exe (from the downloaded package) to the \Storage folder on your Windows Mobile device.
  5. On your Windows Mobile device, start SPAddCert.exe from the \Storage folder. It will give a warning that the application is not verified (or something the likes), ignore the warning and proceed. The application will now show you the certificate you exported, continue by confirming all actions.
  6. Restart your device.
You can check the trusted root certificates under Settings, System, Certificates, Basic (in my case (Dutch) Instellingen, Systeem, Certificaten, Basis). After executing above procedure you should see the SBS-cert here.

I'm not sure if Windows Mobile 5 really required the restart, but that's because before I restarted I received the error 0x85010014 from ActiveSync on my SmartPhone. After restart (still the same error) it turned out to be a connection issue. Due to firewall restrictions I had to use another interface on my multi-homed SBS Server (hey, it's been a couple of months!!).

Next error I encountered from ActiveSync was 0x85020013, but since I had that funny feeling I mistyped my password (big fingers, small keys), that one was quickly resolved.

Device details:

Windows Mobile 5.1.195 (Dutch)

T-Mobile MDA Vario II (device modelnr: HERM300)

Hardware | ReSQueL | SBS
Wednesday, July 11, 2007 4:11:56 PM (W. Europe Daylight Time, UTC+02:00)

From Mary-Jo's blog: SQL Server 2008 ("Katmai") will be released launched February 27th 2008, together with Windows Server 2008 ("Longhorn") and Visual Studio 2008 ("Orcas").

Read also Microsoft's Press release.

<Update date="2007-07-12">

Old title: SQL Server 2008 release date: 2007-02-27

Something very stupid happened to me in the title before the update! I put in the current year, shame on me!

But wait, that's not all. There is also something about the distinction between launch and release (aka RTM), thanks to Euan Garden for pointing that out on his blog. The release of SQL Server 2008 is set for somewhere in the second quarter of 2008 (source Michael J. Murphy). So mixing up the words launch and release was my second stupid thing.


Technorati tags: ,
Wednesday, July 11, 2007 9:05:38 AM (W. Europe Daylight Time, UTC+02:00)