The Network Administrator

Get-ExchangeServer | select name, admindisplayversion | ft -AutoSize

I wrote an article on deploying an IIS 6 Reverse Proxy several months ago using managed Fusion. This article will discuss using the built in IIS 7.5 rewrite functions to deploy a reverse proxy.

Prerequisites

From the IIS 7.5 web server, download the following.

1. IIS 7 with ASP.NET role service enabled.
2. URL Rewrite Module installed (version 2.0 is required if you want to complete the part about response rewriting)
3. Application Request Routing version 1.0 or version 2.0 installed

Enabling Reverse Proxy functionality

Reverse Proxy functionality is disabled by default, so you must begin by enabling it.

1. Open IIS Manager
2. Select a server node in the tree view on the left hand side and then click on the "Application Request Routing" feature:
   
3. Check the "Enable Proxy" check box. Leave the default values for all the other settings on this page:
   

The Rules (web.config from the root of the rewrite site)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webserver>
    <rewrite>
      <rules>
                <clear />
                <rule name="rule1" stopProcessing="true">
                    <match url="abc/123/qsc" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                        <add input="{HTTP_REFERER}" pattern="^http://www.thenetworkadministrator.net.*$" />
                        <add input="{HTTP_REFERER}" pattern=http://a.thenetworkadministrator.net/1 />
                        <add input="{HTTP_REFERER}" pattern=http://b.thenetworkadministrator.net/2 />
                        <add input="{HTTP_REFERER}" pattern=http://c.thenetworkadministrator.net/3 />
                        <add input="{HTTP_REFERER}" pattern=http://d.thenetworkadministrator.net/4 />
                     </conditions>
                    <action type="Rewrite" url=http://backendserver/urlname />
                </rule>
                <rule name="RequestBlockingRule1" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{URL}" pattern="*/abc/123/qsc*" />
           
                    </conditions>
                    <action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission to view this directory or page using the credentials that you supplied." />
                </rule>
                <rule name="rule2">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{HTTP_HOST}" pattern="a.thenetworkadministrator.net" />
                    </conditions>
                    <action type="Rewrite" url=http://backendserver/urlname/{R:1} />
                </rule>
      </rules>
    </rewrite>

    <defaultDocument>
      <files>
        <clear />
        <add value="default.aspx" />
        <add value="Default.htm" />
        <add value="Default.asp" />
        <add value="index.htm" />
        <add value="index.html" />
        <add value="iisstart.htm" />
      </files>
    </defaultDocument>
  </system.webServer>
</configuration>

One other suggestion is to make extensive use of Fiddler 2, this will help you out with troubleshooting various issues.

New-ManagementRole -name "Mail Recipients Custom" -Parent "Mail Recipients"

Get-managementRoleEntry "Mail Recipients Custom\*" | where { $_.Name –ne "Set-User"} | Remove-ManagementRoleEntry

Set-ManagementRoleEntry "Mail Recipients Custom\Set-User" -Parameters Identity,Title,Department

Get-managementRoleEntry "Mail Recipients\Get-*" | Add-ManagementRoleEntry -Role "Mail Recipients Custom"

New-ManagementRoleAssignment -name "test" -Role "Mail Recipients Custom" –user UserName

new-managementroleassignment -role "View-Only Recipients" –user UserName

https://ServerName.DomainName.com/ecp ,  Manage My Organization, My Organization, Mailboxes, search mailboxes.

Patching SharePoint is a two-step process. The updated binaries are first installed and then psconfig must be run to update the SharePoint databases. PSconfig no longer runs automatically after an update is installed. The SharePoint binary files are updated with the patch but the databases are not automatically upgraded. SharePoint runs in a compatibility mode that still allows the sites to function with the older version databases.

You can also run the following commands to determine if you need to complete the update process with PSCONFIG:

• Launch an elevated (Run as Administrator) SharePoint 2010 Management shell from start, All Programs, Microsoft SharePoint 2010 Products, SharePoint 2010 Management Shell.
• Once the shell opens, type the following command followed by enter:
  (get-spserver $env:computername).NeedsUpgrade

If the result of this command is True, then you need to complete the steps below. If the result is False then no further action is needed, if you are encountering similar events the cause will most likely not be resolved by the following steps.

In order to update the SharePoint databases, you must manually run the PSconfig utility. To run the utility:

1. Open an Administrative command prompt.
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
3. Run PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

Note: The Companyweb site will be inaccessible while the command is running. It is best to run the command after business hours. The amount of time the command takes to run will vary on the size of the database and the speed of the machine. On a reference machine with 8 logical processors, 32GB of RAM and a 2GB content database, the command took approximately 5 minutes to execute.

Don’t forget the apply the Cumulative update packages for Microsoft SharePoint Server 2010 after installing service pack 1.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;2536599

First configure DB Mail, http://blog.sqlauthority.com/2008/08/23/sql-server-2008-configure-database-mail-send-email-from-sql-database/

Run this query

EXEC master.dbo.xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'SOFTWARE\Microsoft\MSSQLServer\SQLServerAgent', N'UseDatabaseMail', N'REG_DWORD', 1 

Download iperf-2.0.5-cygwin
From a local client computer open a command prompt and run this command, C:\temp\iperf-2.0.5-cygwin\iperf.exe -c 123.333.222.1 -P 10
From a remote server open a command prompt and run this command,
C:\Users\infoshare>C:\tmp\iperf-2.0.5-cygwin\iperf.exe -s -P 10
————————————————————
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)

Remember, you may need to open port 5001 inbound in your local software firewall and or in the hardware firewall.

As we now have instances which can be booted from EBS (hurray for that), you’re root is also increased to 30gb. But sometimes this still isn’t enough. Here is how you can increase your root partition drive using the AWS Console.

1. login to  your AWS Console
2. Go to [Instances], right click your instance and select [create image (EBS AMI)]
   This will make a backup (just in case)
3. Your instance will reboot, and come up again when the image is created. After that stop your instance (do not terminate it )
4. Next is to go to [Volumes], you will see a 30Gib volume somewhere which is attached as /dev/sda1 to your instance 

   Right click it and select [Create Snapshot from this volume].

5. Next, go to [Snapshots]. Right click the snapshot that you created in the previous step and select [Create Volume from Snapshot], you can then specify how big this volume has to become (for example 50 Gib).
6. After the volume is created go back to volumes again. You will see a volume which is as large as you specified in the previous step. The status of this volume is “available”.
   Now select the volume which is currently attached to your instance. It is the one you located in step 4. Right click it and and select [Detach Volume], it will then become available.
7. Now select your newly created volume, right click it and select [Attach Volume]. Select your instance (which will have a status of “stopped”). In the textbox “Device” type: /dev/sda1. Now click [Attach]
8. Fire up your instance and log in.
9. Open up computer management and select [Disk Management] (underneath the option [storage]). You will see that your root partition has some more space behind it.
10. Right click your root partition and select [Extend Volume], walk through the wizard. Eventually your root partition will be extended.



Export SSL Certificate from IIS

• Export your certificate from IIS 7 WITH the private key.
• make sure to check the option PKCS #12 (.pfx)
• I also checked the checkbox for “Include all certificates in the certification path if possible”

Here is a link for a tutorial on how to export your certificate

http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm

Now you should have your pfx file.

Convert the PFX file to PEM format

Next you will need to convert the PFX file to a valid pem format for the ELB.  In order to do this you will need the utility OpenSSL.

If you don’t have OpenSSL installed. You will need to. You can download the version (32 bit or 64 bit) you need below:

http://www.slproweb.com/products/Win32OpenSSL.html

There is a great post online that already explains how to do this which can be found here

http://www.petefreitag.com/item/16.cfm

For the ease of reading and to explain a bit futher I took the commands from the link above and insert them here as well.

First thing you need to do is open the windows command prompt and get to the directory where openssl is (if you did not put it in your PATH)

Command 1

# Export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem

it will prompt you for an Import Password. I entered in the one I created when I exported the cert from IIS

Command 2

# Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

it will prompt you for an Import Password: I entered in the one I created when I exported the cert from IIS.
Then it will prompt you for a PEM passphrase. Enter one if you’d like, then confirm it

Command 3

# This removes the passphrase from the private key so Apache won’t
# prompt you for your passphase when it starts
openssl rsa -in key.pem -out server.key

It will prompt for a pem passphrase. This would be the passphrase you created after command number 1 (if you did)

Upload the PEM format SSL into the Elastic Load balancer

Now it’s time to take the files you created from openssl and copy and paste them into the Elastic Load Balancer. I just uploaded it via the AWS Console Management UI. However they do have api tools as well you can do this with.

I configured the following on the ELB:

• Microsoft IIS HTTP 80 for Load Balancer port to 80 EC2 instance Port
• Microsoft IIS HTTPS 443 for Load Balancer port to 80 EC2 Instance Port

When prompted for the certificate keys do the following:

• Open the file server.key that was created from above with openssl and paste into the Private Key textbox
• Open the file cert.pem that was created from above with openssl and copy the text from —-BEGIN till the end of the file and paste that into Public Key Certificate textbox

Note: I did not put anything into the certificate chain

Finish configuring the rest of your Elastic Load Balancer

In my case I wanted to go from version 3.9 to 3.13

From the appliance console type these two commands.

apt-get update

apt-get install opsview

http://www.youtube.com/watch?v=BHATeW3CcgE

I read recently AppAssure was named Bronze Backup and Disaster Recovery Product of the Year by Storage Magazine.  Replay 4 provides recovery from a server disruption. Replay 4 is a server-based, disk imaging solution that automatically and continuously snapshots your entire Windows application server.

Replay 4 products including Replay for Windows, Replay for Exchange, Replay for SQL, Replay for Hyper-V, and  VMware ESX.

Only Replay 4 Features Continuous Backup with:

• 8Gb / Minute backup and recovery speeds
• Block level snapshots with incremental forever data capture
• Integrated deduplication reduces backup storage foot print by 80% or more
• Flexible disaster recovery options including bare metal restore and failover virtual machines
• Server rewind feature gives you the ability to roll back to any point-in-time, and recover the entire server or individual files, emails, SharePoint and SQL objects
• Application-aware modules check data consistency to ensure successful recoveries every time
• Cost-effective remote office protection
• Integrated replication to reduce storage costs and enable off-site and cloud-based backups
• Centralized enterprise console to manage a large number of servers and desktops