How to Install a trusted certificate onto a FileZilla FTP server to enable FTPS (FTP over TLS)

I was recently helping troubleshoot an issue where as part of that I needed to get a 50GB SQL Database transferred from an interstate client onto our servers.  Both the client and us have a decent Internet Connection and we already had an FTP server in place but I was worried about the sensitive nature of the material we were transferring, so I set about enabling FTP over TLS on our FileZilla FTP Server using our Public CA Digital Certificate, the process took a little fiddling and I’ll outline it now. One thing I would highly recommend is re-exporting this Certificate with a different private key than what you would normally use as FileZilla unfortunately stores it in plain text.

openssl-commandsFirstly, you will need the OpenSSL windows binaries (available here).  Once downloaded, extract them to a handy place like c:\openssl and copy across your Certificate in PKCS#12 .pfx format (which is what our default format of the certificate is).  So we have .pfx inside c:\openssl. Now that we are ready, open an administrative command prompt and CD into C:\OpenSSL (handy tip, in Windows Explorer when you are in a folder you want to open a CMD prompt to, just type CMD into the address bar and hit enter).  Now there are two commands we will use with OpenSSL to convert and strip out what we need.

openssl pkcs12 -in <your.pfx>  -nocerts -nodes -passin pass:<yourpass> | openssl rsa -out <output.pem>

and

openssl pkcs12 -in <your.pfx> -clcerts -nokeys -passin pass:<yourpass> -out <output.crt>

filezilla-settingsOnce you have that, open both of them up in Notepad (or Notepad++), you will want to copy the Certificate extract from command two into the RSA Key we extracted in command one.  Once we have that save the file as <yourcertnamehere>.crt.  Open up FileZilla Server manager and go into Settings.  Under the FTP over TLS Settings page, select the Certificate we created earlier and enter the Private Key for the Certificate and click OK.  Now I’d recommend using WinSCP to connect as it trusts certificates already in the Windows Trusted Root CAs Store (FileZilla will always prompt to trust).

 

Checking the performance of your Windows Server 2012 Hyper-V Server with Performance Monitor and PAL

Windows Server 2012 brings some great improvements to Virtualization.  We’re currently running it in production and it works wonders, especially with the new Hyper-V Replica feature which is great and free way of implementing DR.  So now you’ve got that cluster running, how can we tell if it is performing well.   I recently stumbled upon PAL or Performance Analysis of Logs Tool, which is freely available from http://pal.codeplex.com/.  The tool comes with a Performance Monitor Template file that we can use to easily record the performance of a Hyper-V 2012 Server and get some visibility into our Servers.

pal_wizard

When it comes to Performance things we would want to look at would be Disk Performance, Memory and CPU but understanding what effect these have on Hyper-V isn’t always straightforward, thankfully PAL helps us being making it easy and straightforward.  So first off go and download it from codplex and install it onto your workstation on desktop PC (not on your Hyper-V Host).  Once installed, open it up.  We need to get our Perfmon template so go into the Threshold File tab and select “Microsoft Windows Server 2012 Hyper-V” from the Threshold file title, then choose Export to Perfmon template file. Get this onto your Hyper-V Host and open up Performance Monitor on the host we want to watch.

Open up Performance Monitor on our Hyper-V Host and open up Data Collector Sets, right click on User Defined and select New Data Collector Set.  We can call it Hyper-V Performance Counter Set or what every you wish, keep Create from a template (Recommended) selected.  Click next and then browse, selecting the  XML Template file that we exporter earlier from PAL.  Once you finish the wizard it will show up under the User Defined Data Collector Sets. You can now open up the properties and set it to run from 30 minutes to 1 hour depending on what you’re after.  It is best to run this during peak load times (so business hours).

avg_responseNow that you’ve collected the data you want to browse to it and copy the .blg file to your workstation (or where ever you installed PAL). Back to PAL, select the log file under the Counter Log tab, then move onto the Questions Tab where you need to specify things such as processors, total RAM, drive configuration to help specify thresholds for your performance report. Navigate to the other tabs if you wish to modify anything else and finally execute the report, this can be time consuming depending on how long you’ve captured performance data for (it took me around 20 minutes for a 1 hour capture). Once it has completed generating the report it opens up in your web browser.  Key things to look at are disk latency (as per the graph with RED being critical), memory and CPU issues.

That is a free and easy way to check on the health and performance of your new Hyper-V 2012 Cluster.  You can also use PAL for a Windows Server 2008 R2 Hyper-V Cluster and other services such as Exchange or SQL Server, you just need to select the right template.

How do you stop Server Manager from loading up at start-up on Windows Server 2012

For quite a few of our servers, we would rather not have the server manager boot up every time we login. The quick and easy way to stop it from appearing when you log in is to go into Server Manager, click on the Manage menu item, then go to Server Manager Properties. Once there, simply tick on Do not start Server Manager automatically at logon. That will prevent it from starting up every time.

 

Update WSUS 3.0 SP2 to support Windows 8 and Windows Server 2012 Clients

Just a quick one today.  Microsoft have released an update for those running WSUS 3.0 SP2 which allows you  to provide updates to clients running Windows 8 and Server 2012.  The update is available at this Knowledge Base Article for both 32 and 64 bit environments.

Also, no word yet on when they will be releasing a patch for the IE flaw (see here and here), but should be available over the next few days.

What is new with Hyper-V in Windows Server 2012

I’ve been reading a lot lately about what people have been saying about Microsoft’s latest go at a hypervisor and many say that now with Hyper-V 2012, Microsoft is catching up to VMware in the enterprise virtualization arena (one example from ZDnet).  So what is all the fuss about…really.  I’ll identify some of the key points of what Hyper-V 2012 is bringing to the virtualization world. To summarise:

  • 32 Virtual CPUs and 512GB to a Virtual Machine
  • VHDX File Format for Virtual Hard Disks (16TB of Storage)
  • Native NIC teaming
  • 64 Node Clustering
  • Cluster-Aware updating
  • Hyper-V Replica (Replication of Virtual Machines)

Two of my favourite additions though are the Cluster-Aware Updating and Hyper-V Replica features.
Cluster-Aware Updating helps to manage down time by maintaining availability during windows update time, so you pretty much schedule when you want the updates to occur and let the cluster take care of the rest, automatically moving Virtual Machines,  maintaining services and availability and then moving them back once the server has restarted and updates are completed. Hyper-V Replica, which performs asynchronous replication of VMs to a replica site (either stand alone or cluster).

The last point has been my biggest gripe with using Hyper-V, how do we achieve DR with a relative low-cost.  We already have all the hardware but the licensing and software costs to perform replication were astronomical.  Now our DR solution is quite straight forward and cost-effective thanks to Server 2012.

This post is by no means exhaustive, but simply the features that stand out to me, and the reasons as to why we are planning to move to Windows Server 2012 and Hyper-V 2012.

Upgrading your current KMS Server (Server 2008 R2) to support Windows 8 and Server 2012 activation

If you’re in an enterprise environment, chances are that you have a KMS server running (usually either Windows 7 or Server 2008 R2).  So now that Windows 8 and Server 2012 has hit VLSC for SA customers you’ll most likely want to begin testing and performing pilot deployments but we need to get our Key Management Server to accept these new clients.  If you have tried to activate your KMS keys with existing KMS hosts you will receive the following error message:

Error: 0xC004F050 The Software Licensing Service reported that the product 
key is invalid.

Thankfully for us, Microsoft has released an update that will upgrade Windows 7 or Server 2008 R2 KMS Hosts to support Windows 8 and Windows Server 2012, you can view the KB article by clicking here (KB2691586).  You will need to request the hotfix from the KB.  Once downloaded, open up an elevated command prompt and execute the update (which acts as a windows update package).  When it finishes installing you will need to restart your server.

Now that our server is back up, we need to replace the KMS Host key with one for 2012 or Windows 8.  Open an elevated command prompt and enter slmgr.vbs /upk which will show us Uninstalled product key successfully when complete.  Now we install our new key with slmgr.vbs /ipk product-key-here

You should now be presented with a product activated successfully window.  You can also run
slmgr.vbs /dlv and under description you should see VOLUME_KMS_2012.  Now you can start to activate your new Windows 8 and Server 2012 clients.