Friday, January 18, 2013

Enable Auditing KCC in ServerCore

In a Windows Environment running Active Directory, Knowledge Consistency Checker (KCC) is responsible for creating connection objects and builds replication topology which is at the heart of Multi-Master Replication.

To audit if the KCC is up and running or actually the replication changes are occurring, We can enable auditing by changing a Registry Entry. But as I have a ServerCore running a Domain Controller I will do this on it

First Create a New PowerShell Session and then enter it.
Most of you will be familiar with PSDrives which are nothing but an abstraction which helps you see various datastores like Registry as Drives.

Now the HKLM:\ is the Drive for HKEY_LOCAL_MACHINE registry hive.
HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics is the Registry key where we need to change the "1 Knowledge Consistency Checker" property to any value between 0-5 where 0 is no auditing and 5 is the  maximum auditing messages. I will select 2 just in case.
Go ahead and change the registry as shown below (or any other method like remote registry)

This will just enable auditing no reboot required. Unfortunately, I think I can't test it as I have only One DC running in my test environment. But good to know this.

Tuesday, January 08, 2013

Enable-RemoteDesktop -computername DexServerCore

Now, Basically why to enable remote desktop on a ServerCore ? When you have already WinRM and PowerShell remoting already kicking.

Well, I honestly can't say why to enable it...cause I have the ServerCore machine sitting up on my Hyper-V Server and I could "connect" to it as easily. But it's good to know that it could be done.

With Server 2012 you could add a GUI or a Servercore...but there is something called Minimal Server Interface as well in Server 2012 (plus Server 2012 gives you ability to switch between all these installations too). So you might want to read up on this here . So a use scenario can be to add Minimal Server Interface on a remote host for the time being , Enable Remote Desktop  and perform Admin tasks which occur rarely.

How to Enable Remote Desktop ?

Well from what I could understand there are 2 registry entries which control this.
1. fDenyTSConnections under  'HKLM:\System\CurrentControlSet\Control\Terminal Server'. This Reg Entry tells if the Remote Desktop Connections are allowed to the Machine are not.

2. UserAuthentication under 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' . This Reg Entry if set to 1 indicates that "Only Secure Connections are allowed" and if set to 0 then it means "All Connections allowed".

Now , all the cool PowerShell kids (Guess I am ) would just open a PSSession to the remote machine and set these Reg Entries properly to allow Remote Desktop Connection. Legacy method would be to use remote registry to edit entries, but there is yet another way.....I stumbled across it recently on someone's blog (sorry! don't remember the blog address).

The above method is using WinRM to essentially call the scregedit.wsf script on remote machine dexservercore from my local machine.

Once done, fire up the mstsc.exe and connect to the remote machine, it prompts for the credentials.

So here it is Remote Desktop working on your Server Core.