How to setup Microsoft Web Application Proxy

Microsoft Web Application Proxy [WAP] is a new service added in Windows Server 2012 R2 that allows you to access web applications from outside your network. WAP functions as a reverse proxy and an Active Directory Federation Services [AD FS] proxy to pre-authenticate user access.

Web Application Proxy Overview

vBoring Blog Series:

  1. How to setup Microsoft Active Directory Federation Services [AD FS]
  2. How to setup Microsoft Web Application Proxy

Requirements:

  • The only hard requirement of WAP is having an AD FS server. Refer to step 1 for setting that up.
  • WAP cannot be installed on a server that AD FS is installed on. They must be separate servers.

Installing the Web Application Proxy Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Microsoft Web Application Proxy 1 - Add Roles and Features

Read more…

How to setup Microsoft Active Directory Federation Services [AD FS]

In this post I will be installing and configuring the Active Directory Federation Services [AD FS] server role. AD FS is able to provide Single-Sign-On [SSO] capabilities to multiple web application using a single Active Directory account.

vBoring Blog Series:

  1. How to setup Microsoft Active Directory Federation Services [AD FS]
  2. How to setup Microsoft Web Application Proxy

Install the AD FS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

AD FS 1 - Add Roles and Features

Click Next:

AD FS 2 - Before you Begin

Read more…

Deploy and Configure WSUS on Server 2012 R2

Windows Server Update Service [WSUS] is a server role that serves as a repository for Microsoft product updates on your network. Instead of every computer on your network downloading updates directly from Microsoft you can deploy a WSUS server so the updates are downloaded once and distributed to your environment from the WSUS server.

In this post I will be deploying WSUS Server 2012 R2 in a domain environment, using the Windows Internal Database (WID), and using Group Policy to have my computers connect to WSUS instead of Microsoft Updates.

Single WSUS Server

Read more…

VMware VCSA 6: FSCK Failed on Boot

This past weekend I decided to do some rewiring of my home lab and  accidentally pulled the power to the host that my VCSA was running on. While booting my VCSA 6 was booting back up I received the following error:

VCSA Boot Error 1 - VCSA Boot Error

Read more…

Upgrade to Veeam Availability Suite v9

It is finally here! Veeam Availability Suite v9 is released and is ready for deployment. You can upgrade your current installation as long as you are running Backup & Replication 7.0 Patch 4 through version 8.0 (any patch level) and for Veeam ONE version 7.0 & 8.0. In this post I will be upgrading my v8 installation to v9.

What’s New:

There are many new features added in v9, check out the links below to see whats new:

Read more…

Deploying Veeam Availability Suite – Backup & Replication

Veeam Availability Suite contains a backup & replication solution (Veeam Backup & Replication) and a monitoring & reporting tool (Veeam ONE). I wanted to try out a few backup solutions in my lab environment and decided to start with Veeam due to the popularity and ease of use. In this post I will be deploying Backup & Replication and configuring a backup job.

Simple Deployment
Simple Deployment

Read more…

Updating vCenter Server Appliance 6.0 to Update 1 & 1b

VMware released vSphere 6.0 Update 1 on September 10th, 2015 and Update 1b on January 7th, 2016. In this post i’ll go through how to upgrade VCSA 6.0 to Update 1 & 1b.

In my environment I have the Platform Services Controller [PSC] embedded with the VCSA. If you deployed an external PSC separately from vCenter then this post will still work for you! The upgrade procedure is the exact same on both the vCenter and PSC just upgrade the PSC first before vCenter.

vCenter Server Appliance 6.o Update 1 Release Notes:

  • Customer Experience Improvement Program: The Customer Experience Improvement Program (CEIP) provides VMware with information that enables VMware to improve the VMware products and services and to fix problems. When you choose to participate in CEIP, VMware will collect technical information listed below about your use of the VMware products and services in CEIP reports on a regular basis. This information does not personally identify you. For more details, see the vSphere Documentation Center.
  • Feature Enhancement: Suite UI is now enabled by default for the vSphere Web Client.
  • Support for SSLv3: Support for SSLv3 has been disabled by default.
  • vCSA Authentication for Active Directory: VMware vCenter Server Virtual Appliance (vCSA) has been modified to only support AES256-CTS/AES128-CTS/RC4-HMAC encryption for Kerberos authentication between vCSA and Active Directory.
  • Hybrid Cloud Manager: Hybrid Cloud Manager has been updated for vSphere, and can be accessed directly from the home page of vSphere Web Client.
  • FT-vSAN Interoperability: vSAN and FT work together.
  • Appliance Management user interface: Appliance Management has a new user interface, written in HTML5.
  • Backup and Restore with external PSC: vCenter Server deployments with external PSC, also called MxN have support for backup and restore.
  • Platform Services Controller UI: The Platform Services Controller now provides UI option to view, renew and replace certificates. For more details see Explore Certificate Stores from the Platform Services Controller Web Interface
  • Installation and Upgrade using HTML 5 installer: The following installation and upgrade scenarios are supported for vCenter Server using HTML 5 installer:
    • Installation using HTML 5 installer and target as vCenter Server is supported
    • Upgrade using HTML 5 installer and target as vCenter Server is not supported
    • Upgrade using command line and target as vCenter Server is supported
  • Resolved Issues: This release of vCenter Server 6.0 Update 1 addresses issues that have been documented in the Resolved Issues section.
  • Full release notes can be found here

vCenter Server Appliance 6.o Update 1b Release Notes:

  • ESXi 6.0 Update 1b enables support for TLS versions 1.1 and 1.2 for most of the vSphere components without breaking the previously supported compatibility/interoperability. Some of the vSphere components that still support only TLS version 1.0 are listed here:
    • vSphere Client
    • Virtual SAN Observer on vCenter Server Appliance (vCSA)
    • Syslog on vCSA
    • Auto Deploy on vCSA
    • Auto Deploy/iPXE

    The ESXi 6.0 Update 1b now supports all TLS versions 1.0, 1.1, and 1.2 with the exceptions listed above. See Knowledge base article 2136185 for the list of supported TLS protocols.

  • Support for the Advanced Encryption Standard (AES) with 128/256-bit key length is added for RPC header authentication in the NFS 4.1 Client.
    Note: See resolved Security Issues section for more information.
  • This release of ESXi 6.0 Update 1b addresses issues that have been documented in the Resolved Issues section.
  • Full release notes can be found here

Read more…