Changes for page Windows Server 2012 R2
Last modified by Sebastian Marsching on 2022/05/29 14:04
From version 6.1
edited by Sebastian Marsching
on 2022/05/29 12:51
on 2022/05/29 12:51
Change comment:
There is no comment for this version
To version 9.1
edited by Sebastian Marsching
on 2022/05/29 14:04
on 2022/05/29 14:04
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -1,6 +1,6 @@ 1 1 {{toc/}} 2 2 3 -Also refer to the [Active Directory page ](https://sebastian.marsching.com/wiki/Windows/Active_Directory).3 +Also refer to the [[Active Directory page|doc:Windows.Active_Directory.WebHome]]. 4 4 5 5 # Useful Resources 6 6 ... ... @@ -89,7 +89,7 @@ 89 89 90 90 If you want to force clients to use SSL for some of the services, you should also follow the [instructions on TechNet](http://technet.microsoft.com/en-us/library/bb633246.aspx). 91 91 92 -This leaves us with only one problem: If you want to connect from the WSUS console on the same host, you have to use the regular host name of the server, not the virtual host name for WSUS. However, you cannot use SSL for the connection, because the name in the certificate will not match (after all it is using the virtual host name). If you force SSL like described in the [TechNet](https://sebastian.marsching.com/wiki/TechNet)article, the connection from the local host will not work. This is the point where the trouble starts and while trouble-shooting this, I messed up the configuration where WSUS would not work at all. If this happened to you as well, see the [[instructions below||anchor="configuring-wsus-with-ssl-what-to-do-if-you-messed-up"]] on how to fix things.92 +This leaves us with only one problem: If you want to connect from the WSUS console on the same host, you have to use the regular host name of the server, not the virtual host name for WSUS. However, you cannot use SSL for the connection, because the name in the certificate will not match (after all it is using the virtual host name). If you force SSL like described in the TechNet article, the connection from the local host will not work. This is the point where the trouble starts and while trouble-shooting this, I messed up the configuration where WSUS would not work at all. If this happened to you as well, see the [[instructions below||anchor="configuring-wsus-with-ssl-what-to-do-if-you-messed-up"]] on how to fix things. 93 93 94 94 This problem is caused because by default NTLM authentication does not work if the client is the same host and the request uses a host name that is different from the system's host name (or FQDN). There are [two](http://support.microsoft.com/kb/896861) [articles](http://support.microsoft.com/kb/926642/en) in Microsoft's knowledge base and a [more detailed blog post](http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx) describing this problem. The solution is adding your virtual host-name (`wsus.example.com` in the example) to the list of allowed host names. This list is stored in `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0` and is a Multi-String Value with the name `BackConnectionHostNames` and taking one host name per line as a value. You edit the registry using the registry editor or [using the PowerShell](http://sharepointadam.com/2010/07/20/add-backconnectionhostnames-to-the-registry-via-powershell/). After making this change, you should restart the server. Maybe it is sufficient to restart IIS, but I did not test this. 95 95 ... ... @@ -162,7 +162,7 @@ 162 162 163 163 This issue has also been discussed in the [TechNet forum](http://social.technet.microsoft.com/Forums/windowsserver/en-US/c472c3d2-0a12-4883-a86c-4340ffa3d49e/disabling-disk-write-cache-for-a-windows-server-2012-domain-controller-running-as-a-hyperv-guest). 164 164 165 -I got the warning message mentioned earlier on a DC running in as a guest under Linux KVM on Ubuntu 12.04 LTS. So it seems that Linux KVM is correctly reporting that the write-cache cannot be disabled, at least when using up-to-date virtio drivers. In fact current versions of Linux KVM will also handle the write-through flag on write operations correctly and tell the disk controller or hard disk to commit the changes to disk before reporting success, irrespective of the [cache settings ](https://sebastian.marsching.com/wiki/Linux/KVM#disk-cache-settings).165 +I got the warning message mentioned earlier on a DC running in as a guest under Linux KVM on Ubuntu 12.04 LTS. So it seems that Linux KVM is correctly reporting that the write-cache cannot be disabled, at least when using up-to-date virtio drivers. In fact current versions of Linux KVM will also handle the write-through flag on write operations correctly and tell the disk controller or hard disk to commit the changes to disk before reporting success, irrespective of the [[cache settings|doc:Linux.KVM.WebHome|anchor="disk-cache-settings"]]. 166 166 167 167 # Installing an SSL certificate for Remote Desktop 168 168