Category: Windows

Generating an IIS SSL Certificate Signing Request (CSR) using Microsoft IIS 7.x

  • Click Start.
  • Select Administrative Tools.
  • Start Internet Services Manager.
  • Click Server Name.
  • From the center menu, double-click the “Server Certificates” button in the “Security” section.

Microsoft IIS 7.x

  • Select “Actions” menu (on the right), click on “Create Certificate Request.”

 Create SSL Certificate Request

  • This will open the Request Certificate wizard.

IIS 7 SSL Distinguished Name Properties

  • In the “Distinguished Name Properties” window, enter the information as follows:
  • The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate. You will need to insure that the common name submitted in the CSR is the correct domain name / FQDN that you intend to use the certificate for. For Wildcard SSL certificates the common name should contain at least one asterisks (*) e.g. *,*,etc
  • Enter Organisation and Organisation Unit, these are your company name and department respectively.
  • Enter your City/locality, State/province and Country/region.
  • Click Next.
  • In the “Cryptographic Service Provider Properties” window, leave both settings at their defaults (Microsoft RSA SChannel and 2048) and then Click Next.

IIS 7 SSL Cryptographic Service Provider Properties

  • Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate.

IIS 7 SSL Certificate Request File Name

  • Click Finish.
  • Your new CSR is now contained within the file c:\certreq.txt
  • When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form – including
  • Click Next
  • Confirm your details in the enrollment form
  • Finish

To save your private key:

  • Go to: Certificates snap in in the MMC
  • Select Requests
  • Select All tasks
  • Select Export

We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can’t help! A floppy diskette or other removable media is recommended for your backup files. ** please note that this last step is not required but is recommended if you intend to make any changes to the site.


Reference Link –


+919840688822, +919003270444

Network Load Balancing in Windows Server 2016

Valuable Article


The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.

The servers in an NLB cluster are called hosts, and each host runs a separate copy of the server applications. NLB distributes incoming client requests across the hosts in the cluster.

In this example we’ll create NLB cluster from 2 nodes (nlb1 and nlb2) which will be hosting IIS site

Installing NLB Cluster and IIS roles

invoke-command nlb1,nlb2 {Install-WindowsFeature nlb -IncludeAllSubFeature -IncludeManagementTools}
invoke-command nlb1,nlb2 {Install-WindowsFeature nlb -IncludeAllSubFeature -IncludeManagementTools}

Creating NLB cluster

On any cluster node run following PowerShell command:

New-NlbCluster -InterfaceName ethernet -ClusterName 'iis_cluster' -ClusterPrimaryIP -SubnetMask -OperationMode Unicast

NLB cluster named IIS with IP,unicast mode is created

There are following operation modes:

View original post 484 more words

Five ways to improve Windows Server hardening

Server operating systems are complex platforms composed of many files and modules. This intricate arrangement makes a server OS versatile and powerful enough for various business processes, but it also provides hackers with numerous opportunities to exploit unpatched vulnerabilities or slip into the system through even the most innocuous of configuration settings. The results of a data breach or ransomware attack can devastate the business and its customers.

There are tried-and-true tactics to reinforce Windows Server security: patch management, ongoing malware detection, intrusion detection and prevention, and log file monitoring and analytics.

Take Windows Server hardening to the next level with added security in user accounts and Active Directory, limited administrative rights, features for virtualization protection and, of course, antimalware.




+919840688822, +919003270444

Windows IIS Troubleshoot in a easy way

HTTP requests often go into Isapi filters, and either never come back out, or become extremely slow or unresponsive. Using the underlying Enterprise Tracing for Windows (ETW), the Trace Diagnostics utility simplifies HTTP request-tracing. It includes several components, including IISREQMON, IISTRACE for the command-line and IIS Request Viewer (User Interface). The toolset will only install on Service Pack 1 or higher versions of Windows.

When an Internet Information Services (IIS) worker process has become unresponsive or slow, Trace Diagnostics is used to understand what requests are executing in that worker process. When an HTTP request is picked up by IIS, it may be handled by multiple components before a response is generated back to the client computer. If a request fails or becomes unresponsive as it makes its way through these components, error-reporting channels like the Windows Event Log and the HTTP Error Log might not provide enough detail to help you locate the source of the problem. That’s when tracing comes in handy.

Key features

  • Request Monitor is a command-line helper tool for working with currently executing requests in IIS 6.0 running on Microsoft Windows Server 2003 SP1 or later. It will help you determine what requests are executing in a worker process when it has become slow or unresponsive. When enabled, Request Monitor prompts worker processes to report statistics and details about every request in each worker process.
  • IISTrace is a command-line helper tool for requesting tracing in IIS 6.0 running on Microsoft Windows Server 2003 SP1 or later. IIStrace goes beyond iisreqmon. It allows you to view requests in an apppool and trace the events that occur in order to process those requests. This means you can identify flaws in customer code and provide them with guidance on making corrections.
  • IIS Request Viewer is a GUI that displays all currently running application pools, threads and currently executing requests per application pool. It uses the underlying tracing commands to create, start, refresh and stoptraces. It will display the Request ID, Client IP, State of the request and Time that the request has been taking.

These components of the Trace Diagnostics utility can help you determine root causes of HTTP request issues, specify which providers report events to ETW during a specific trace session, customize how much trace data providers report to ETW, determine which URLs to trace, thereby focusing your troubleshooting efforts on a specific application.



Find more PRO+ content and other member only offers, here.

From a high level, request-based tracing works like this:

  1. The administrator enables a tracing session on the IIS server from a command prompt.
  2. Enterprise Ttracing for Windows (ETW) notifies IIS providers to begin reporting trace events.
  3. A request enters the IIS worker process.
  4. The administrator stops the trace session and reviews the trace log to locate the source of the problem.
  5. Problems are typically identified by error events or a START event that does not contain a corresponding END event.

Since there are multiple tools within the Trace Diagnostics utility, each with their own specific attributes, I will only focus on using the GUI tool, IIS Request Viewer. To trace requests in using the IIS Trace tool:

  1. Go to Start-> Programs -> IIS Diagnostics (32bit) -> Trace Diagnostics -> IIS Request Viewer -> reqviewer.exe.
  2. Click File -> Retrieve Requests.
  3. Expand the left-hand navigation tree to view the different application pools running on your system.
  4. View the requests in the right-hand window.

If you get the common error below, set your TEMP system variable to something shorter, like C:Temp.

ERROR: Open TraceLogFile() failed (Win32 error -largeinteger – The path specified is invalid)

For more information, read Trace Diagnostics Known Bugs and How to Fix ‘Em.

Inside the IIS Diagnostics Toolkit

 How to install the Microsoft IIS Diagnostics Toolkit
 How to use SSL Diagnostics 1.0
 How to use Authentication and Access Control Diagnostics (AuthDiag) 1.0
 How to use Exchange Server SMTP Diagnostics 1.0
 How to use Log Parser 2.2
 How to use WFetch 1.4
  How to use Trace Diagnostics
 How to use Debug Diagnostics 1.0

About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment. He is also an independent consultant who specializes in the design, implementation and management of Windows networks.



+919840688822, +919003270444




Windows Crash dump troubleshoot in a easy way

Troubleshooting Windows Server hangs might be one of the toughest challenges a system administrator faces. When a server starts to hang, things can quickly go from bad to worse. Often, it is too late to set up counter logs to diagnose the problem in Microsoft’s Performance Monitor, more commonly referred to as Perfmon, or to use Task Manager to catch the culprit in the act. The server seems to freeze without any sign of what caused the problem, and you hit the reset button praying it will reboot.

Sound familiar?

What if, just like an airplane’s flight recorder, also known as the black box, you could replay the last few seconds of the server’s performance just prior to the lock-up?

This article describes how to use two of my favorite troubleshooting techniques, namely crash dump analysis and Event Tracing for Windows (ETW), to determine what caused your server to hang.

We will assume you have already installed the Windows debugger and set up your server for a manually initiated crash dump as described in this article.

Event Trace Sessions

The secret is the built-in Event Trace Sessions that Windows has provided since Vista and Windows Server 2008. One of these trace sessions is known as the Circular Kernel Context Logger, or CKCL for short. It provides a 2 MB circular buffer that continually tracks kernel performance statistics in memory.

It is possible to extract this buffer from a forced memory dump and reveal the last few seconds of kernel activity. Extracting the buffer extends the usefulness of a crash dump and provides a snapshot of the server at the time of the hang that includes a history of the last few seconds.

To enable the CKCL, you must select the kernel providers you want included in your trace. This can be accomplished by starting Computer Management or Perfmon to display Data Collector Sets, as seen below in Figure 1. You will then find Startup Event Trace Sessions, which lists the built-in event trace sessions, including the CKCL.

Next, you need to display the properties for the CKCL trace session by double-clicking it or right-clicking to select properties. On the Trace Providers tab, highlight the property called Keywords(Any) and click Edit… to select the providers you want to trace (e.g., process, thread, file).

Event Trace Sessions

Figure 1. Event Trace Sessions (click to enlarge)

Finally, on the Trace Session tab, select the Enabled checkbox.

Once you acknowledge the changes, you can right-click the CKCL trace session to select Start As Event Trace Session. This will start the CKCL trace session and list it under Event Trace Sessions, along with the other built-in sessions, all of which show a status of Running.

To automate the process of enabling and starting the CKCL after a reboot, you can use the following example Logman command in a script with the Task Scheduler. Use the Task Scheduler’s Actions tab to specify the script and the Triggers tab to specify on startup:

Logman start “Circular Kernel Context Logger” –p “Circular Kernel Session Provider” (process,thread,img,file,driver) -ets

That’s it. All you need to do now is sit back and wait for the next hang to occur. When it does, use the appropriate keystroke combinations (right Ctrl+ScrollLock twice) or NMI mechanism to manually force a system memory dump. Once the system reboots, you will be able to use the Windows debugger to analyze the memory dump.

Extracting performance data from memory dumps

The magical debugger extension that allows you to extract the Event Tracing for Windows performance data from the dump is called !wmitrace. There are two commands you’ll need to know:



Find more PRO+ content and other member only offers, here.

Figure 2. List ETW sessions captured in memory dump (click to enlarge)


!wmitrace.logsave [logger ID] [save location].etl

The first command, !wmitrace.strdump, is used to display all of the Event Trace Sessions running at the time of the forced memory dump. You will see the Circular Kernel Context Logger in addition to several others, each containing a “logger ID” to distinguish it from the rest. As you can see in Figure 2, the !wmitrace.strdump command reveals the CKCL has a logger ID of 0x02.

Figure 3. Extract performance data from memory dump (click to enlarge)

The command !wmitrace.logsave is then used to extract the ETW performance data from the specified session. In our example, the appropriate command to extract the CKCL buffers into an event trace log (ETL) file would be, as seen in Figure 3:

!wmitrace.logsave  2  c:\ckcl.etl

Once the performance data has been extracted, you can immediately leverage the Windows Performance Analyzer (WPA) or XPerf to study the data. As you can see below in Figure 4, WPA reveals potential disk and file utilization issues right before the hang:

Figure 4. Using WPA to analyze the extracted performance data (click to enlarge)


Figuring out what caused a Windows server to hang can be a daunting task. But with the right tools and techniques, you can leverage ETW and the Windows Debugger to extract kernel performance data from system memory dumps. You can then use WPA or XPerf to analyze the performance data to determine what led up to the server hang. Keep in mind that while this article uses the CKCL trace session in the examples, you can create your own ETW trace session with WPR or XPerf specifying additional providers and logging options.


Bruce Mackenzie-Low, MCSE/MCSA, is a master consultant at HP providing third- level worldwide support on Microsoft-Windows-based products, including Clusters, Performance and Crash Dump Analysis. With over 25 years of computing experience at Digital, Compaq and HP, Bruce is a well-known resource for resolving highly complex problems. He has taught extensively throughout his career, always leaving his audience energized with his enthusiasm for technology.



+919840688822, +919003270444

How to deploy office Word template via GPO in Windows 2012 R2

  • Create a network share on the server  and allow everyone read all permissions 

Create or modify a GPO for deployment

  • In the GPO go to User Configuration> Pref > Windows Settings > Files
  • Right Click Select New (Create several Task for different version of MS Office )

  • Now set your Source and destination file :

              “Source Files(s:) \\(server name)\WordTemplate\(Name of Template)”

              For MS Office 2013-2016
              “Destination file: %userprofile%\Documents\Custom Office Templates/                 (Name of Template)”

              For MS Office 2010
              “Destination file: %userprofile%\AppData\Roaming\Microsoft\Templates               \(Name of Template)”

  • Now in the same GPO go to Comp Config > Pref > Windows Settings > Registry
  • Right Click Select New  (Create several Keys for different version of MS Office)

  • Leave the action as update and leave hive as HKCU then in key path go to:

       For the Office 2010:   “SOFTWARE\Microsoft\Office\14.0\Word\Options”

       For the Office 2013:    “SOFTWARE\Microsoft\Office\15.0\Word\Options”

       For the Office 2016:   “SOFTWARE\Microsoft\Office\16.0\Word\Options”

  • Now enter the value name for the Registry key:


  • Now enter the value name for the Value Type:


  • Now enter the value name for the Value data:

        For the MS Office 2010


        For the MS Office 2013-2016

         “%userprofile%\Documents\Custom Office Templates”

Now in the same GPO go to Comp Config > Policies> Administrative Templates > System> Group Policy

  • Enable “Configure user Group Policy loopback processing mode”

  • Now either Test or deploy the font.