Category Archives: Technology

Get Started with Active Directory Certificate Services

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Today I happened to read about Active Directory Certificate Services while setting up certificate based authentication between SCOM agents in DMZ and the management servers. I felt I should jot down the stuff I’ve read about AD CS in layman terms so that it helps a newbie (like me) to quickly get started with Certificate Services.

What is Active Directory Certificate Services?

Active Directory Certificate Services provide services to issue and manage digital certificates used by either software applications, computers or users to ensure authenticity between the two communicating parties.

It involves a Certificate Authority which will receive certificate requests, verify the information in the request and identity of the requestor and issue the certificates. It can also revoke the issued certificates if needed and it publishes the revoked certificates to a location called Certificate Distribution Point (CDP) and periodically updates clients with the changes made to Certificate Revocation List (CRL).

How do I install Certificate Authorities?

Certificate Authorities are generally maintained by third party Certificate Authorities like VeriSign, GoDaddy, Comodo, etc. However, for internal use, CAs can be installed by the individual firms within their domain or forest. Internal CAs are cheaper to configure and unlike certificates issued by external CA, there is no cost for certificates issued by internal CAs.

CA is a windows component in Windows 2003 Server which can be installed through Add/Remove Components feature in Add or Remove Programs wizard. And in Windows 2008 servers, it is a server role that can be installed through Server Manager.

Are there any types of CAs?

Yes, CAs are of two types – Enterprise CA and StandAlone CA.

  • Enterprise CA allows creation of custom templates for certificates but StandAlone CA do not.
  • Enterprise CA let you leverage AD services (e.g., Kerberos authentication and Group Policy) to automate many of the tasks associated with PKI.
  • Computers part of a domain automatically trust certificates issued by the enterprise CA in the domain. In case of StandAlone CA, you must explicitly add the CA’s self-signed certificate (Root Certificate) to the Trusted Root CAs store on each computer in the domain.
  • Enterprise CA allow you to automate certificate request and approval process whereas the certificate requests have to be manually approved for issuing a certificate in case of StandAlone CA.
  • Enterprise CA stores its certificate information in AD and they have to be configured as domain controllers.
  • StandAlone CA stores its certificate data in a shared folder which can be accessed through a Web URL (Default: http://<CAServerName>/CertSrv).
  • Also, Enterprise CAs have been tested for clustered installations.

What are the methods available to request a certificate?

A certificate can be requested from Certificate Authority in three methods:

  1. Using Certificate wizard that comes in IIS 6.0 and using Server Certificates feature in IIS7
  2. Using web URL of CA (Default: http://<CAServerName>/CertSrv)
  3. Creating a INF file with the certificate properties and submitting the request using CertReq.exe command line tool.

What are the consoles available for managing Certificate Servers and Clients?

Certification Authority console: It is a MMC snap-in used to configure CA properties, issue and manage certificates, publish CRLs, etc.

Certificates Console: The MMC snap-in allows you to browse the certificates stores (Personal, Trusted Root CA, Third-Party Root CA, etc.) of a user or a computer and import/delete certificates.

Certificate Templates console: The MMC snap-in allows you to create and manage certificate templates.

***Liked it? Click the facebook like button below and share it with your friends!!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Import calendar items from a pst to another

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Every year I create a new pst and make it default to receive emails from exchange server.  Now the new pst starts receiving new emails / calendar items but you will be loosing the  calendar items from last year’s pst.  You might be needing the recurring calendar items.  Here is how you can import calendar items from a pst to another.

From outlook select File | Import and Export

From the wizard select Import from another program or file and clik Next

Then select Personal Folder File(.pst) and click Next

Browse to location where the last year pst is and select one of the Options and click Next

Select Calendar from the pst and choose to Import items into the same folder in and click Finish.

Your calendar items will be copied over from last year’s pst to the one you selected

All the calendar items are copied over but it should not be problem… the ones that occur in the past are anyway not going to give you reminders again.  The recurring items would be the ones that reminds you.

***Liked it? Click the facebook like button below and share it with your friends!!

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Recover data using @XREF

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

During a cube’s maintenance I accidentally cleared a slice of data and realized that after a day.  Meanwhile users have been loading their budgets.  So restoration of database from the backup wasn’t an option.  I have to recover only the partial loss of data and was thinking of various ways I could achieve it.  I could use a DATAEXPORT / report script / partitions / @XREF.  I chose @XREF to be the savior and here is how I did it.

Created a fresh database from the backup.  Then a location alias is setup on the production database.  Made a calc script in the production database to pull the data from the backup database.  Here is the calc script…

FIX ("member from Dim3", @IDESCENDANTS ("Dim4"))
"member from Dim2" = @XREF (Location Alias);
ENDFIX

Dim3 & Dim4 in FIX were sparse dimensions so I did not have the block creation problem.  Else we would have to use CREATENONMISSINGBLK etc to work around it.  Also the @XREF was straight forward, no member selection parameters as the two outlines were same.

Once this is done we have to test & validate the data.  I did that by building a difference cube.  Make a fresh cube and copy over the outline from any of the two cubes above.  Setup two location aliases one for each of the databases above.   Add a new dimension and two children to it as below.

Difference Dimension

Difference Dimension

Now open a excel & pull data from the difference cube and you should see all zeros.  If you see any numbers being retrieved then the data isn’t tallied.  Since there were loads after the maintenance I did see some numbers but you can zoom in and know if those were differences from the budget or something else.

To know more on @XREF & difference cubes you can click on the links below…

Difference Cubes: Making Testing Fast & Easy

Calculating Across Cubes: Using @XREF

***Liked it? Click the facebook like button below and share it with your friends!!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Persistence of disabled Allow connects

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
ESSbase – v11.1.1.3
DBAG – Release 11.1.1 – Page# 635
 
To disable connections to an application we would uncheck the option Allow connects on the application properties.  DBAG states the persistence of this disabled option as below:
 

Connections are disabled until any of the following actions occur:

  • The application is stopped and restarted.
  • An administrator re-enables connections.

I had to disable connections to an application & tried to test option1.  I had stopped the database, stopped the application, started the application back & found that the option is still unchecked which is in contrary to option1.

To further test it, I had restarted the ESSbase service & found that the option has been checked now.  To confirm the behavior I had tested it again & the results are same.  So here is what I concluded:

Connections are disabled until any of the following actions occur:

  • The ESSbase (not application) is stopped and restarted.
  • An administrator re-enables connections.

**DBAG could be right & our ESSbase environ might be mischievous, who knows!!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)