Migrate DHCP Scope(s)

Migrate DHCP KB ID 0001792

Problem

If you have a lot of DHCP scopes, options, or reservations, then manually creating them on your new DHCP servers can be a both a time consuming and tedious process. If only there was an easier way?

Migrate DHCP with Netsh

Below you can see an example, where  I have many scopes and lot’s of settings that would be painful to have to recreate from scratch. This example is on Server 2008 R2,but your source server could be server 2000, (or newer) the export procedure is the same.

Open an administrative command window, and issue the following  command.

[box]

netsh dhcp server export C:\dhcp-export.txt all

[/box]

Now on the source DHCP server I’m stopping and disabling the DHCP SERVER service, you might want to wait until, you are about to authorise the new 2022 DHCP server to minimise downtime, before doing this in production.

Copy the exported text file from the old DHCP server, to the new server.

Migrate DHCP: Install DHCP on Windows Server (via PowerShell)

Open an administrative PoweShell window, and issue the following  command.

[box]

Install-WindowsFeature DHCP -IncludeManagementTools

[/box]

Then import the settings with the following command.

[box]

netsh dhcp server import C:\dhcp-export.txt all

[/box]

Go to Administrative Tools > DHCP > You should see your migrated information in here, the DHCP scopes will be down (because the server has not yet been authorised in AD). Right click the server name, and select Authorise.

Note: At this point ENSURE the old DHCP server has had its DHCP server service stopped and disabled.

Wait a few seconds and then restart the DHCP Server service, (this can be done as shown below).

After a few seconds, the new scopes should be up and getting served.

Related Articles, References, Credits, or External Links

NA

FortiGate Certificate Import Errors

FortiGate Certificate KB ID 0001791

Problem

A colleague messaged me last week because he could not import a certificate on a FortiGate (that had been exported from a Cisco ASA). He was seeing this error;

Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert.

FortiGate Certificate Problems

A brief Google led me to ask “Is the FortGate licensed or on a Free/Trial license?” As that can produce this error {apparently}. But for us this was not the problem.

This was happening because the ASA (like Windows) exports its certificates in ‘base64‘ encoding and the FortiGate does not like that, so it throws its toys out of the pram. Firstly ENSURE you exported the certificate as a PKCS12 file like so,

Otherwise the certificate will NOT be exported with its private key, and if you import a certificate into a FortiGate without the private key you will get this error;

Certificate file is duplicated for CA/LOCAL./REMOTE/CRL cert.

We now have a copy of our exported ‘base64 encoded’ certificate. (Note: It has no file extension, don’t panic!) If it was extracted from Windows, it might have a .PFX extension. If yours does, simply use the following commands with that file extension.

And put it on a machine that has OpenSSL installed, or if like me you’re a macOS user copy it there, (OpenSSL is installed by default). Firstly we have to decode the extracted certificate;

[box]

openssl base64 -in /Users/petelong/Dropbox/PNL-EXPORTED-CERT -d -out /Users/petelong/Dropbox/PNL-DECODED-CERT

[/box]

Now we have decoded that certificate, we can extract the private key with the following command.

[box]

openssl pkcs12 -in /Users/petelong/Dropbox/PNL-DECODED-CERT -nocerts -out /Users/petelong/Dropbox/PNL-PRIVATE-KEY.pem

[/box]

Then to extract the identity information use the following command.

[box]

openssl pkcs12 -in /Users/petelong/Dropbox/PNL-DECODED-CERT -clcerts -nokeys -out /Users/petelong/Dropbox/PNL-IDENTITY-CERT.pem

[/box]

Import FortiGate Certificate

Now that you have those TWO files you can import them into your FortiGate, like so.

Related Articles, References, Credits, or External Links

NA

Migrate From Server 2012 to Server 2022 Domain Controllers

Server 2012 DC to Server 2022 DC KB ID 0001790

Problem

I get asked about this quite a lot. In the past most of the queries were about moving from Server 2008 to Server 2022, if that’s what you are after then simply go here. This article is purely for the introduction of, and migration to Windows Server 2022 Domain Controllers. And it assumes your current domain controllers are Windows server 2012 (or 2012 R2).

Adding a Server 2022 Domain Controller

Once you have a Windows Server 2022 box stood up and fully updated, ensure it is added to the domain as a member server. Then from Server Manager > Manage > Add roles and features.

Next > Next > Next  Next > Select “Active Directory Domain Services” > When prompted select ‘yes‘ to add the required services.

Next > Next > Next > Install > Close.

Click the ‘Warning Triangle‘ > Promote this server to a domain controller.

Next.

Enter the DSRM Password > Next.

That’s fine (if you’re worried see the link below) >Next.

Windows – A Delegation For This DNS Server Cannot Be Created

Next.

I’m accepting the default AD install locations > Next.

Next (forestprep and domainprep is all done for you now).

Next.

Install.

When complete the server will reboot.

View Server 2022 Domain Controller

You should now see the new domain controller listed in Active Directory

At this point I’m moving all the FSMO roles to the new Windows 2022 server.

Windows Server – Locating, Transferring, and Seizing FSMO Roles

Demoting the 2012 Domain Controller(s)

WARNING: Before proceeding, make sure anything on your network that may be using this server for DNS has been pointed to your new domain controllers. Don’t forget to change the DNS servers that are being distributed via DHCP, (update your DHCP scopes). And change your new domain controllers to look at themselves for DNS not the domain controller(s) you are about to demote!

Over on your 2012 domain controller > Server manager > Manage > Remove roles and features.

Next > Untick ‘Active Directory Domain Services’ > Demote this domain controller > Next.

Tick  ‘Proceed with removal‘ > Next.

Untick ‘Remove DNS delegation’ > Next.

Set a new local administrator password for this server to use after it has been demoted (as it will be a member server at that point). You can of course still log into it as the domain admin. > Next > Demote.

When complete, the server will reboot.

You can now (if you wish raise your domain functional level). Note: Check you meet all the prerequisites for doing so, personally I rarely update them until I have a specific need to do so.

Once you are confident all your domain controllers in the domain have replicated, you can then update the forest functional level if you wish to do so.

Related Articles, References, Credits, or External Links

NA

Completely Remove Teams From macOS

 Remove Teams KB ID 0001789

Problem

I started to notice the performance in my Microsoft Teams was getting ‘very sketchy’, this week while in the office a colleague on the same teams call as myself told me my speech in the call was lagging about 10 seconds behind my actual speech!

So I thought I’d remove and reinstall MS Teams, Uninstalling the application is simple as peas! But I wanted to remove EVERYTHING to give me a better change of solving the problem. Because ‘most’ application leave settings and data all over the place, (in case you ever reinstall them.)

Remove Teams

Obviously if you are running MS Teams close down the application first, then in finder navigate to application > Locate Microsoft Team.app and ‘Move to Bin’. You may be asked to provide you password.

Remove Teams (Data and Settings)

Whilst still in Finder, Go > Go to Folder > Paste in ~/Library/Caches/

Locate com.microsoft.teams and delete it. (Note: on older version there may be other com.microsoft.teams.{name} entries, if so delete those as well.

Then as before Go > Go to Folder > Paste in ~/Library/Application Support/Microsoft/ and delete the Teams folder.

Note: If you have any Teams custom backgrounds these live in here, so back them up see Microsoft Teams: Custom Background Images for more information

If you just want Microsoft Teams gone, then that is the task complete, but I needed a fresh install so I downloaded and reinstalled the latest version.

Fingers crossed MS Teams has behaved itself since, If you have any other comments, or solutions to Teams being ‘laggy‘ or running slowly please post them below.

Related Articles, References, Credits, or External Links

Download Teams for macOS