Kent – Page 7 – Kent Nordström

ISA 2006 Service Uptime 479 Days!

Posted on November 18, 2011 by Kent

I have one ISA 2006 still in production. It’s job is to run the site-to-site VPN connection between my remote backup site in Bollnäs and my main site in Söderhamn. It has now been running for more than 479 days and I do not see any reason for it to not continue running for many days to come.

ISA Service Uptime 479 days

One might think that I should patch this guy once in a while. But this is in my opionion a good example of… If it aint broken don’t fix it!.

The only allowed traffic in this ISA is the site-to-site VPN connecting my remote backup site to my main office. I don’t in this case feel that this ISA is insecure.

Installing TMG SP2 on UAG

Posted on October 28, 2011 by Kent

I get a lot of questions from my customers if they should install TMG SP2 on their UAG server. The short answer is Yes. The longer answer is…

The answer from Microsoft when asking about TMG SP2 support on UAG was… “Tested and fully supported coexistence of UAG SP1 and UAG SP1 UP1 with TMG SP2“. So you have to have UAG SP1 or higher before you install TMG SP2.

But what about the new Update1 to UAG SP1? Well if you plan to add both TMG SP2 and UAG SP1 Update1 to your UAG, the recommended install order is to first install the TMG SP2 and then Update 1 for UAG SP1.

Troubleshooting in FIM 2010 R2

Posted on October 23, 2011 by Kent

Anyone working with FIM today have at some point been forced to do some troubleshooting. In FIM 2010 R2 troubleshooting is made much easier. Let me show you an example.

In current version of FIM when ever an error occured while processing a request we would see the following screen.

FIM 2010 - Error Message

It doesn’t give much of a hint on what went wrong. In FIM 2010 R2 error messages has been enhanced throughout the whole product to make error tracking easier.

If we look at the new error message I get in FIM 2010 R2 it looks something like this.

FIM 2010 R2 - Error Message

Take a special note to the Correlation Id that is introduced in FIM 2010 R2. This Id will be found also in Event Viewer if you need to drill down and find the correlated error event. If the error comes from a custom workflow you have designed it will show the error message thrown by your code.

If the FIM Portal is used for self-service of some kind you will also appreciate the copy to clipboard and send email functionality the user will get directly from the error screen.

This is just one example on how the R2 release of FIM 2010 will make your life, as FIM admin, easier.

Microsoft Showcase – FIM and O365

Posted on October 20, 2011 by Kent

I recorded a short movie (in Swedish) for Microsoft Showcase a little while ago. Helena Mischel interviews me regarding a customer project were I used FIM to help a University move to Office365 with federation support.

If you are unable to view the Silverlight below, try this WMV version

“); // ]]>

I have also recorded a couple of movies talking about UAG. They will be up and running soon.

Slipstreaming TMG SP2

Posted on October 16, 2011 by Kent

If you would like to make a slipstreamed media of TMG including SP2 you need to first make sure it’s SP1 Update 1. Let me give you a quick guide on how to do this.

Get hold of your TMG DVD, remember that there are two versions Standard or Enterprise Edition.

Extract the content of the DVD to a folder (in my example D:TMG)

We need to download

TMG SP1 ( KB981324) – (in my example to D:SP1)
TMG SP1 Update 1 (KB2288910) – (in my example to D:Update1)
TMG SP2 (KB2555840) – (in my example to D:SP2)

Update 1 and SP2 is not in .msp format but in .exe so first you need to extract the msp using

“TMG-KB2288910-amd64-ENU.exe /t D:Update1”
“TMG-KB2555840-amd64-ENU.exe /t D:SP2”

Now we can start producing our slipstreamed DVD.

Open a command prompt and navigate to D:TMGFPC.
Add SP1 using
“msiexec /a MS_FPC_Server.msi /p D:SP1TMG-KB981324-AMD64-ENU.msp”
Add Update 1 using
“msiexec /a MS_FPC_Server.msi /p D:Update1TMG-KB2288910-amd64-ENU.msp”
Add SP2 using
“msiexec /a MS_FPC_Server.msi /p D:SP2TMG-KB2555840-amd64-ENU.msp”
Use your favorite ISO tool and make a DVD from the content of D:TMG

You now have a slipstreamed media of TMG that installs directly with version 7.0.9193.500.

Protected: Performance Improvements in FIM 2010 R2

Posted on September 20, 2011 by Kent

FIM training 6-8/12

Posted on September 8, 2011 by Kent

I have made room in my calendar and will be delivering FIM training in Stockholm, Sweden 6-8/12. The training will be at Labcenter. Please go to http://www.labcenter.se/lab/2105 and register. If you have trouble understanding how to register on this Swedish site please email sales@labcenter.se.

It’s a 3 day course as described in Mastering Forefront IM. Since FIM training is not that common I have decided that this session will be open for international attendees, therefor I will deliver in English if non-Swedish students attend.

The course is a variant of the training I have delivered for Microsoft, Partner Readiness in Sweden and Norway.

Hurry up and register before the seats are taken!

Reporting in FIM 2010 R2

Posted on August 3, 2011 by Kent

One of the greatest new features we will get in the R2 release of FIM 2010 is the new built-in reporting capabilities. In ILM and current version on FIM, customers were forced to buy 3:rd party addons to get some useful reports, in FIM R2 it’s finally built-in.

The reporting feature uses the datawarehouse function in System Center Service Manager, and the FIM license will allow you to install and use that feature of SCSM without any extra license costs.

There are two types of reports, “Membership Change Reports” and “Object History Reports” out-of-the-box. But since the data is stored SCSM’s DB and you also can extend what is stored, cu’s can make custom reports if they like.

Membership Change Reports

In these reports you will be able to see how group and set membership have changed and who made and/or approved the change.

Membership Change Report Example

Object History Reports

In these reports we can se changes to objects and key attributes over time.

Object History Report Example

As you can see these reports will together give you a very good historical view and traceability on your identity management.

If I look at my customers running FIM 2010 today, the new reporting features of R2 will be the main reason for them to hurry on and make the upgrade when R2 gets released.

konab.com is growing!

Posted on June 30, 2011 by Kent

My new blog has now been around for 6 months and looking at the statistics over this period the blog has an interesting visitor curve…

konab.com First 6 months

One might wonder… Where will this end…

To all of my visitors I hope you will all have a great summer and thanks again for visiting konab.com

Nokia E7 not working with Issuance Policies

Posted on June 12, 2011 by Kent

When using a Nokia E7 to synchronize with your Exchange server you might get into trouble if your certificates contains the Issuance Policies (Certificate Policies) extension.

Sniffing the traffic I found that when trying to connect the Nokia device sent an TLS Layer-1 Encrypted Alert (Hex 02 0A) and killed the TLS negotiation. Initially I was pretty sure I made some mistake when I installed my root CA certificate in the device, but after double-checking that, I was still unable to get the TLS handshake to work.

After a few hours of troubleshooting I found that the problem was that the certificate I used on my Exchange CAS server had an Issuance Policy referring to my CPS. In order for the Nokia E7 device to be able to consume any of my internal https sites I needed to change the certificate template and remove the Issuance Policy extension and renew my certificates used by my Exchange CAS and other internal websites.

After that the Nokia E7 was able to synchronize and access other internal https sites.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: