Certificate (password-less) based authentication in WinRM

This week the WinRM ruby gem version 1.8.0 released adding support for certificate authentication. Many thanks to the contributions of @jfhutchi and @elpetak that make this possible. As I set out to test this feature, I explored how certificate authentication works in winrm using native windows tools like powershell remoting. My primary takeaway was that it was not at all straightforward to setup. If you have worked with similar authentication setups on linux using SSH commands, be prepared for more friction. Most of this is simply due to the lack of documentation and google results (well now there is one more). Regardless, I still think that once setup, authentication via certificates is a very good thing and many are not aware that this is available in WinRM.

This post will walk through how to configure certificate authentication, enumerate some of the “gotchas” and pitfalls one may encounter along the way and then explain how to use certificate authentication using Powershell Remoting as well as via the WinRM ruby gem which opens up the possibility of authenticating from a linux client to a Windows WinRM endpoint.

 

Continue Reading

Deploying Skype for Business 2015, including Edge and Reverse Proxy Servers

I was given the task of deploying a full-blown on-premise deployment of Skype for Business Server 2015 for a small company. The deployment also included an Edge Server and a Reverse Proxy server (IIS with ARR). In this blog post I’ll discuss the deployment process in general, and also the problems (and solutions) that were discovered during/after the deployment. I’ll end the post with some check-up/misc. information.

Continue Reading

Repadmin – Active Directory Replication Tools

In this post, we’ll learn about Repadmin command, it’s the Active Directory Replication Tools used to check Active Directory replication between Active Directory Domain Controller. Repadmin is a command line tool introduced by Microsoft in Windows Server 2003 R2 and still actively used in latest version of Microsoft e.g. Windows Server 2012 R2, etc to replicate AD data. In the old post, we already learned the steps to promote a Domain Controller using PowerShell command.

Continue Reading

Configure Skype for Business Server 2015 Hybrid for Office 365 operated by 21Vianet

With Skype for Business hybrid deployments, you can have some of your Skype for Business users on-premises, and other users in Skype for Business Online, both sharing the same domain. This can make it easier to provide Skype for Business services to users of your organization in different geographic locations or users that connect remotely. You can also take advantage of Skype for Business hybrid configurations as a migration path to Office 365. This section describes hybrid configurations for Skype for Business Server 2015. 

Continue Reading

Step-By-Step: Setting up Active Directory in Windows Server 2016


There are interesting new features now made available in Windows Server 2016 such as time based group membership, privileged access management, and others. Most will be covered in future posts. This post will detail how to install active directory on Windows Server 2016.

Before the AD install however it is important to understand what is the minimum requirement to install windows server 2016. Details are as follows:

Continue Reading