WSUS : Enforce SSL Connectivity
- Created on Saturday, 19 May 2012 17:53
This simple PowerShell script will convert your WSUS install from HTTP to HTTPS; simply modify the server fully qualified domain name (FQDN). This is also usefule for HTTPS-based System Center 2012 Configuation Manager deployments.
Note that you also require the Execution Policy to be set to RemoteSigned (use the command 'Set-ExecutionPolicy RemoteSigned' to change this).
Import-Module webadministration
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "Ssl" -PSPath IIS:\ -Location "WSUS Administration/APIRemoting30"
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "Ssl" -PSPath IIS:\ -Location "WSUS Administration/ClientWebService"
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "Ssl" -PSPath IIS:\ -Location "WSUS Administration/DSSAuthWebService"
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "Ssl" -PSPath IIS:\ -Location "WSUS Administration/ServerSyncWebService"
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "Ssl" -PSPath IIS:\ -Location "WSUS Administration/SimpleAuthWebService"
cd C:\Program Files\Update Services\Tools
.\WSUSUtil.exe configuressl server.domain.net
Now browse to the WSUS Administration site in IIS and edit the HTTPS binding to use the correct certificate.
Add a commentConfigMgr 2012 : Client Install Error 26001
- Created on Friday, 18 May 2012 14:18
Following on from my HTTPS / PKI issues with Secondary Site servers I now hit a-n-other Configuration Manager problem which is HTTPS related!
In my client deployment settings I am specifying an additional installation property - CCMHOSTNAME<fqdn of external MP> when this is specified it allows clients to roam between IntRAnet and IntERnet management, therefore facilitating Internet Based Client Management.
The one caveat I seem to have found is that when you specify this switch the site servers where the client is connecting from must also be running HTTPS, otherwise you'll get an error in your Build and Capture / Image Deployment tasks: 'Error 26001. HTTPS communication protocol must be enabled when the client is Internet Enabled.'
I'll update when I have a workaround for this...
Add a commentConfigMgr 2012 : Build and Capture Fails with 0x80070002
- Created on Friday, 18 May 2012 12:04
Ran into this after redeploying my System Center 2012 Configuration Manager lab this week, it's easy to get caught out with this!
When the Build and Capture task gets started you may find the at the 'Apply Operating System...' step the task sequence fails almost immediately as below:
Read more: ConfigMgr 2012 : Build and Capture Fails with 0x80070002
Citrix : Profiling Microsoft Office 2010
- Created on Friday, 18 May 2012 08:26
Application Virtualisation is not a new technology, yet many companies are not using it. By placing an applictaion in a 'bubble' you can run, for example, different version of Microsoft Office on the same PC wihtout any problems - effectively because the application isn't actually installed.
For the purposes of this article I wanted to see how easy it would be to 'profile' (or package) Microsoft Office 2010 for streaming using XenApp 6.5, including configuring offline access.
Add a commentConfigMgr 2012 : Central Administration Site
- Created on Thursday, 17 May 2012 20:35
I'm currently working out a suitable design for a System Center 2012 Configuration Manager deployment. One of the first things that you need to decide is your site hierarchy, specifically should you implement a Central Administration Site (CAS) with Primary Site(s) model or simply a Primary Site with Secondray Site(s) model. You may be one of the 'lucky' few where your design is simple and will always remain so!
Having looked into this, and event tested both in a lab I thought I'd share my opinion and experiences, one thing I should make clear at this point in time - there is no single reason for considering whether or not to use a Central Administration Site, in fact sometimes there are political or business reasons to adopt this model regardless of any technical requirements.
Add a commentRecent Articles
- WSUS : Enforce SSL Connectivity
- ConfigMgr 2012 : Client Install Error 26001
- ConfigMgr 2012 : Build and Capture Fails with 0x80070002
- Citrix : Profiling Microsoft Office 2010
- ConfigMgr 2012 : Central Administration Site
- ConfigMgr 2012 : Prevent Configuration Manager Using a Hard Drive
- Vyatta : Slow Network Performance x-Subnet
- ConfigMgr 2012 : Secondary Site Distibution Point PXE Error 53
- NetScaler : Upgrading VPX 9.3 to VPX 10
- NetScaler : Configuring Access Gateway for Storefront 1.1
- NetScaler : Load Balancing Storefront 1.1
- Citrix : Deploying XenApp 6.5
- System Center 2012 : ConfigMgr E1000 PXE Boot Crash / Hang
- Exchange 2010 : How to Deploy a Mailbox Database Availability Group (DAG)
- NetScaler : Using VMACs for High Availability
