I've been trying to figure out how to do this much of this afternoon, so it's very possible I'm missing something simple.
I need to create a self-signed certificate on Windows Server 2012 R2 that is SHA256, 2048 bit, and doesn't expire for four years.
From my searching I see that PowerShell (PS) is the way to go, and see a reasonable number of examples - none of which have everything I need.
For example I tried searching for the PS command New-SelfSignedCertificate and adding the "-NotAfter" option, but I get the error message "A parameter cannot be found that matches parameter name 'NotAfter'."
Even though I see "[-NotAfter]" here: https://technet.microsoft.com/en-us/itpro/powershell/windows/pkiclient/new-selfsignedcertificate (and that article has a March 2017 update)
I've tried a couple PS scripts people wrote, those seem to work with a 1+ year date, but they all don't work with one of the above criteria and, in any event, don't show up in IIS 8.5 for me to bind them to a site (I'm creating on the server).
$psversiontable on the server gives "PSVersion" = 5.0.10586.117
Thanks in advance for the help!
New-SelfSignedCertificate (PKIClient module) cmdlet with advanced parameters is available starting from Windows Server 2016. The article you've mentioned applies to Server 2016 only.
In Windows 2012/2012 R2 you only have this thing: New-SelfSignedCertificate (PKI module). It is useless.
You can try to use CertReq utility instead, but it is not automation-friendly.
Related
I'm simply trying to open Powershell on my server. It opens for about 5 seconds and then closes, not showing any error before it closes or anything. The only thing I can see is in the Windows Powershell Event Log is that it gives the following error:
"Settings: Path cannot be the empty string or all whitespace."
I'm running WMF 4, Server 2012 R2, Exchange Server 2016 (not that I think that has anything to do with it). Any other post I've seen when I google " Powershell Path cannot be the empty string or all whitespace" always seems to have to do with someone programming. I'm just trying to open powershell.
Turns out it was a group policy setting, specifically "Computer Configuration\Policies\Windows Components\Windows Powershell\Turn on Powershell Transcripting." It had been turned on in our domain because Powershell V5 is being/has been pushed out to everyone (except for our Exchange Servers). Once I changed the setting on a GPO closer to my Exchange Servers, did a gpupdate, then restarted the server, it started working again just fine.
Also, whoever downvoted my question, would you be so kind to explain why it was downvoted? Or are you just going to be a drive by downvoter?
I have developed a large PowerShell script that has been refined on a Windows 7 64bit box and now I intend to run it on a Windows server 2008 r2. Assuming the PowerShell versions are the same, will there be any major issues with syntax in-between Win 7 and WS 2008 R2?
The script checks a lot of WMI and registry keys like GWmi Win32_NetworkLoginProfile and Get-Itemproperty -Path Registry::HKLM\Software\Microsoft\"Windows NT"\CurrentVersion\winlogon\
Most PowerShell information is driven towards managing servers so I assume I will be safe, but I want to see if you all can help me learn some lessons before I start banging my head against the wall.
Thanks
There are no syntax differences between PowerShell on Windows 7 and PowerShell on Windows Server 2008 R2. You may encounter differences in existing services, WMI classes, and registry keys, though.
First you should test it on a virtual machine to see if it works or not. Then try it on the physical machine. If it doesn't work, modify the code to the specific registry keys.
The short answer is yes. I run PSv4 on both my desktop and one of my servers running 08. Be sure to import the correct modules (if any) and allow for RPC in your firewall (And winrm) if applicable. One note- depending on what you run with the server, commands and functions are only as good as the version you run against (even when invoked). I ran into this problem as I scripted in v4 and environmentally my firm is almost all v2. Enabled -verbose error output and test in virtual machines or a loner laptop. (This is what I did). Good luck!
I have a windows server 2012 machine, that is being used an certificate authority (using SCEP).
What is the default message digest algorithm ?
Is it possible to configure it to use a different one ?
I've being looking in documentation, but failed to find any way to do so.
Thanks
I was able to find how to do this.
You need to edit the registry and change the entry under:
HKLM\System\CurrentControlSet\Services\CertSvc\Configuration\\CSP\HashAlgorithm
to the algorithms you wish to use.
Usually I can find an answer to PowerShell questions by researching forums and adapting. However, after searching high and low, I cannot find an answer.
I am logged in as a domain administrator working on two enterprise servers in a test domain. $Server2003 is Windows 2003 server running PS v2. $Server2008 is Windows 2008 R2.
Problem: When I am working from $Server2003 I cannot use any commands to access or verify information on $Server2008. This error happens regardless of who the administrator is.
I have used PowerShell fairly extensively in our environments and haven't run into this error before. The error is not present when running commands from $Server2008 on $Server2003. In addition the error is not present when running commands from a production domain. I can also ping the 2003 or 2008 server regardless of which machine I am logged in as.
Examples:
From $Server2008: ping $Server2003 - returns pings
From $Server2003: ping $Server2008 - returns pings
From $Server2003: test-path \\$Server2008\D$\ - Get-ChildItem : Cannot find path '\\$Server2008\D$\' because it does not exist
From $Server2008: test-path \\$Server2003\D$\ - True
The commands I want to run are a lot more complex than test-path; however, if I cannot get the simple command to work I doubt I'll have much luck with a complex one.
The two servers have the same domain, are in the same forest, and have the same domain controllers.
Any ideas where to start?
EDIT: Wanted to add that I have tried using test path from Server2003 to a different 2008 server located in our dev environment (same domain) and it runs the test-path and commands successfully.
can you access the 2008 server remotely by other means? Like the Services MMC? Also, what if you create a share on 2008 rather than rely on the admin share?
The cannot find path error means that it doesn't exist or you don't have permissions. Does it work from a dos prompt?
UPDATE
I just noticed that you used single quotes, the variable will not expand. Enclose it in double wotes and try again
I have installed Powershell V2 on 2 machines and run Enable-PsRemoting on both of them. Both machines are Win 2003 R2 and are joined to the same active directory domain and I can successfully run commands remotely. So PS remoting is working between the local server and remote server.
But when I try to access a share on a 3rd server (dir \someOtherServer\builds), which is also Win 2003 R2 and joined to the same active directory, I get the error:
Get-ChildItem : Cannot find path '\someOtherServer\builds' because it does not exist.
So what does it take to get this "hop" to work? Is it the delegation settings (in the active directory) to the remote machine? Are there any settings that can be done when creating a PSSession that will make the hop to work?
I addressed this issue for Workgroups in a blog post. I think the info should apply to domains but I haven't tested in a domain. Anyway, see if it helps. FYI, the solution involves Enable-WSManCredSSP and the Authentication parameter to Enter-PSSession.
It's can be many causes of that. If kerberos auth, check the time on all servers. It must be sync. It may be DNS resolution problem. Need more detailed problem description/
Sorry fo bad english :). If something wrong, please correct me :)