Enrollment policy server URI

If you try to request a certificate from non-domain joined machine using the certificates snap-in (CertMgr.msc) then you need to install on the server hosting your Certificate Authority the following components:

(maybe you need just one of them but I’ve installed both)

and then enter its URI in the following format:

https://<FQDN>/ADPolicyProvider_CEP_Kerberos/service.svc/CEP

How to configure RDG behind NAT

(As a recent promise to myself I put down every successfully solved problem anyhow worth to share)

This week problem was to make working the Remote Desktop Gateway located behind a NAT. Here’s the lesson learned:

  • Issue an SSL certificate with subject matching public DNS name (FQDN)
  • Use default port 3389/TCP otherwise SSL certificate name won’t match FQDN returning an error:

    The computer can’t verify the identity of the RD Gateway.

    or if you put it to current user’s Trusted Root Certification Authorities:

    Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match.

  • Publish HTTPS port 443/TCP as well otherwise connection won’t be established returning another meaningless error:

    Your computer can’t connect to the remote computer because the RDG server is temporarily unavailable.

That’s all, folks!

How to re-create symlinks of VM configs in Hyper-V using PowerShell

Hyper-V keeps VM configs at %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\ as a symlink to the original location.

You may get them broken due to various reasons, e.g.:

  • Server disaster
  • Upgrade to next version of OS/Hyper-V and then rollback
  • Migration

To restore functioning you need to create a symlink for each xml config, i.e.:

mklink %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\{guid}.xml d:\MyVM\Virtual Machines\{guid}.xml

But how to automate this if you have tens of VMs? Here’s the command:


Get-ChildItem -Recurse *.xml | New-Symlink -LiteralPath { Join-Path -Path '%ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\' -ChildPath $_.Name } -TargetPath { $_.FullName }

How to select Azure subscription if you have more than one using PowerShell

If you have more than one Azure subscription in your account and try to upload a vhd using the instruction:

  1. Get-AzurePublishSettingsFile
  2. Import-AzurePublishSettingsFile d:\credentials.publishsettings
  3. Add-AzureVhd -LocalFilePath d:\my.vhd -Destination http://example.com/blob/container

You may get an error saying that selected account doesn’t have given blob.
That’s because the first subscription is selected by default and the target blob is in the another one.

To select the proper subscription use the following command:

Get-AzureSubscription | Select -Last 1 | Select-AzureSubscription

(For instance, the last one).

Could not load file or assembly ‘Microsoft.AnalysisServices, Version=11.0.0.0

If you’re getting the following error upgrading TFS 2012 RTM to ver. 2012.3:

TF255356: The following error occurred when configuring the Team Foundation databases:
TF400711: Error occurred while executing servicing step Upgrade Warehouse for component UpdateWarehouseVersion during FinishInstallUpdates: Could not load file or assembly ‘Microsoft.AnalysisServices, Version=11.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91‘ or one of its dependencies. The system cannot find the file specified.. For more information, see the configuration log.

then just install Microsoft SQL Server 2012 Analysis Management Objects from Microsoft SQL Server 2012 Feature Pack (expand the Install Instructions node).

Note that you may need to restart tge setup wizard, or even server itself before error will gone.

How to issue a self-signed certificate

To have a properly working SSL web site you have to assign a SSL certificate to it. A real one costs real money. Easily especially for development to issue a self-signed one.

To create certificates I will use MakeCert.exe that is shipped with Windows SDK (usual path is %ProgramFiles%\Microsoft SDKs\Windows\v7.1A\Bin\).

First step: create a certificate at TempCA.cer with subject name CA=TempCA with private key kept in TempCA.pvk:

makecert -n “CN=TempCA” -r -sv TempCA.pvk TempCA.cer

Second step: create a certificate at SignedByCA.cer in container SignedByCA with subject name CN=example.com (probably should correspond to the web site address) signed by root authority certificate TempCA.cer with private key at TempCA.pvk and save it into the store named My for CurrentUser:

makecert -sk SignedByCA -n “CN=example.com” -iv TempCA.pvk -ic TempCA.cer SignedByCA.cer -sr CurrentUser -ss My

Third step: generate Personal Information Exchange (.pfx) file at TempCA.pfx from certificate TempCA.cert and private key TempCA.pvk (with no password):

Pvk2Pfx -pvk TempCA.pvk -spc TempCA.cer -pfx TempCA.pfx -f

See MSDN for more details.

Давно я не прикасался к блогу

Прошел больше полугода как я не прикасался к блогу. Столько событий произошло, и ещё больше вскоре произойдет. Но писать об этом как-то не хочется.
И дело даже не в том, о чём писать, а просто не хочется. Есть желание, но нет ни привычки, ни потребности.
Потребности так, как скажем, программировать. Прошло около месяца как я в очередной раз бросил дописывать Опердень, в этот раз – по совершенно объективной причине бессмысленности в виду отсутствия покупателя. Так чуть ли не каждый день в голове вертелось ощущение “творческой неудовлетворенности”. Получается, программировать для меня творчество, а писать, даже о том, что программирую, – нет. Но тем не менее постараюсь как-то это наладить.

TDD kata by implementing LINQ

I just discovered that what I’m writing right now is a new TDD kata. Very interesting and useful TDD kata.
Interesting because usual C# developer uses LINQ extension methods on every day basis and it is interesting to re-implement by your own what you use so often.
Useful by the same reason, and also if you have a project stuck with .NET 2.0 then you’re getting a nice, written by yourself, fully tested LINQ extension methods replacement.
Sounds cool! Doesn’t it?

So here’s the kata description:

  • Start up with simple methods such as Count(), Where() and Select()
  • End up with complex methods such as GroupBy() and Aggregate()

The Cult of Legacy

In our company’s software development devision due many reasons, most of them are hidden to me, we evidently do face The Cult of Legacy:

  • You can discuss anything but not Legacy
  • You can criticize anything but not Legacy
  • You can refactor anything but not Legacy
  • You can rework anything but not Legacy
  • You can fix anything but not Legacy

Something is rotten in this state of Denmark,  definitely.