If you see EDGE node registration in pending state like below
Run below command on NSX-T manager to get thumbprint
get certificate api thumbprint
35c035720be59bcec7dd9d8067335510e191cdcd06fc360ffd75162f84422c6b
Run below command on Edge machine using putty session.
join management-plane 192.168.0.45 username admin password Welcome@1989 thumbprint 35c035720be59bcec7dd9d8067335510e191cdcd06fc360ffd75162f84422c6b
System.Net.WebException: The request failed with HTTP status 400: Bad Request.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)
SCCM SUP and WSUS sync failed -> If you are seeing SCCM SUP and WSUS sync failed in WSUSCTRL.log then you need to make sure IIS is installed correctly in the WSUS server.
To verify you need to open IIS on the WSUS server and browse some IIS components like below.
If the page is not opening properly then you need to check IIS Role-> Features where have installed all roles and features are not specially Directory Browsing .
Reinstalled the missing components and did the proper binding and checked again it should work.
I fixed my similar issue after following similar steps
#PowerShell script to automate ESXI configuration part post new ESXI deployment
$vCenter= Read-Host "Enter vCenter Name"
$VCCred = Get-Credential
#Add ESXI Host
$ESXI1= Read-Host "Enter ESXI host Name"
$ESXICred= Get-Credential
$String= $ESXI1
$String.Substring(0,$String.Length-12) | Out-file 'C:\temp\output.txt'
$Prop= Get-Content -Path 'C:\temp\output.txt'
#Connect vCenter
Connect-VIServer -Server $vCenter -Credential $VCCred
#Collect Datacenter details
$Datacent= Get-Datacenter
#Prompt for to enter Datacenter Name, enter here short name inside *.........*,
$DCM= read-Host "*Enter DC shortname Name inside both*"
# String to remove extra character from DC that we are typing manually
$NTP= $DCM
$NTP.subString(1,$DCM.Length-2) |Out-file 'C:\temp\DCName.txt'
$DCName= Get-Content -Path 'C:\temp\DCName.txt'
Add-VMHost -Server $vCenter -Name $ESXI1 -Location $DCM -Credential $ESXICred -Force
Get NTP Server details
==================
# PowerCli command to COllect NTP server details from existing Datacenter >host
Get-Datacenter | Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Where-Object {$_.Name -imatch "$Prop"} |Get-VMhostNTPServer |Out-file 'C:\temp\NTPServer.txt'
$NTPServer= Get-Content -Path 'C:\temp\NTPServer.txt'
<#=============================
Get-Datacenter |Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Out-File 'c:\temp\VMhost.txt'
$NTPHost= Get-Content -Path 'C:\temp\vmhost.txt'
#>
#PowerCli command to add existing NTP server details into new ESXI host
Add-VMHostNtpServer -NtpServer $NTPServer -VMHost $ESXI1 | Where-Object {$_.Name -imatch "$ESXI1"}
# PowerCli command to Collect DNS Name, DNS IP, SearchDomain
Get-Datacenter | Where-Object {$_.Name -imatch "$DCName"} |Get-VMHost |Where-Object {$_.Name -imatch "$ESXI1"} | Get-VMHostNetwork | Select-Object DomainName, SearchDomain, DnsAddress |Out-file 'C:\temp\NetInfo.txt'
$NetInfo= Get-Content -Path 'C:\temp\NetInfo.txt'
# PowerCli Command to add DNS Address, SearchDomain
$vmHostNetworkInfo = Get-VmHostNetwork -Host $ESXI1
Set-VmHostNetwork -Network $vmHostNetworkInfo -DnsAddress '192.168.1.17','192.168.1.18' -SearchDomain temp.ads.com -DnsFromDhcp $false
#Put ESXI host into maintenance mode
=================================================
Set-VMHost -VMHost $vmhost -State "Maintenance"
What is AD RMS and how to configure ?
AD RMS enables you to protect your intellectual property through the integration of several features. In fact, in addition to a direct integration with Active Directory Domain Services (AD DS),AD RMS can also rely on both Active Directory Certificate Services (AD CS) and Active Directory Federation Services (AD FS).
AD CS can generate the public key infrastructure (PKI) certificates that AD RMS can embed in documents. AD FS extends your AD RMS policies beyond the firewall and supports the protection of your intellectual property among your business partners.
https://www.free-online-training-courses.com/active-directory-rights-management-services/
AD RMS Configuration step by step
1. Here I have three servers
1.0 Windows server 2K12R2 AD (FQDN:- srv.adds.com IP 192.168.1.13)
1.1 Windows server 2K12R2 ADRMS (Host Name:- NodeB.adds.com IP 192.168.1.16)
1.2 Windows server 2K12R2 Client (Host Name:- NodeA.adds.com IP 192.168.1.15)
2. First step we need to create a service account and AD (ADRMSSRV) .
Open DSA.MSC
select user>R.C and select new user > Enter all details
Set password and check mark on both user can't change password and password never expire
3. Second we need to create two groups in AD
Group name as below
a. ADRMS_Full
b. ADRMS_limited
Enter ADRMS_Full and click OK
Enter ADRMS_Limited and click OK
Next, add a few users to ADRMS_Full group, for this Demo I choose 4 of my Marketing users to join ADRMS_Full.
Select Group Name > R.C and click on members
Enter Users Name to whom you want to add in member list and click on check names
Next, add few users to ADRMS_Limited group, for this Demo I choose 4 of my Marketing users to join ADRMS_Limited.
Select Group Name > R.C and click on members
and follow the steps as follow above
4. Fourth steps now we need to created Host (AA) record on same AD server and assign ADRMS SRV IP (NodeB.adds.com)
Name as below
ADRMS
Open DNS > R.C on domain name select New Host
Enter ADRMS name in Name field and IP address
Next, log in to NodeB.adds.com to start Install and configure the AD RMS server role
Open Server Manager, click Manage, and then click Add Roles and Features, in the Add Roles and Features Wizard, click Next 3 times
Then click Next 4 times
Next, click Install to proceed…
Click Close when installation successful
Next, on the All Servers Task Details page, click Perform Additional Configuration
Select create new ADRMS root cluster >Next
Select use windows internal database on this server
Specify new created service AD ID (ADRMSSRV)
Select Cryptographic mode
Select use ADRMS centrally managed key storage
Enter password
21 – On the Cluster Address box, provide the following information, and then click Next to proceed :
– Connection Type: Use an unencrypted connection (http://)
– Fully Qualified Domain Name: ADDS.COM
– Port: 80
On the Licensor Certificate box, type ADDS NodeB, and then click Next…
Click on install
Now the installation part has been completed.
Next, open Internet Information Services (IIS) Manager…
In Internet Information Services (IIS) Manager, expand Sites\Default Web Site and click _wmcs, then under /_wmcs Home, double-click Authentication
Then right-click Anonymous Authentication and click Enable…
In the Connections pane, expand _wmcs and click licensing and double-click Authentication
Right-click Anonymous Authentication and click Enable, then close IIS Manager…
Next, lets configure AD RMS ADRMS_Full group for NodeB
In Server Manager, click Tools, and then click Active Directory Rights Management Services…
In the Active Directory Rights Management Services console, expand the NodeB node, and then click Security Policies and click on change super user settings
Select Super users and click on enable super users
]
Now click on Change super users group > Type ADRMS_full@adds.com
Note :- there should be with email ID
Open Active Directory Rights Management Services console, then click Rights Policy Templates node and then in the Actions pane, click Create Distributed Rights Policy Template
In the Create Distributed Rights Policy Template Wizard box, on the Add Template Identification information box, click Add
On the Add User Rights box, click Add, then on the Add User or Group page, type ADRMS_Limite
When ADRMS_Limited is selected, under Rights, click View. Verify that Grant owner (author) full control right with no expiration is selected, and then click Next…
– On the Specify Expiration Policy box, you can do settings and then click Next
On the Specify Extended Policy box, click Require a new use license every time content is consumed (disable client-side caching), click Next, and then click Finish.
Next step, lets configure the rights policy template distribution…
Now you need to create two folders in C:\
C:\RMSTemplates Full access to ADDS\ADRMSSRV
C:\DocShare Full access to ADDS\Everyone
On the ADRMS console, click the Rights Policy Templates node, and in the Distributed Rights Policy Templates area, click Change distributed rights policy templates file location, then in the Rights Policy Templates dialog box, click Enable Export…
Next, in the Specify Templates File Location (UNC), type \\NodeB\RMSTEMPLATES, and then click OK
Next, open Windows Explorer and navigate to the C:\rmstemplates folder, and verify that Test Full Access.xml is present
Next, on the ADRMS Console, click the Exclusion Policies node, and then click Manage application exclusion list
Actions pane, click Enable Application Exclusion…
Now All Done wait for next part
HPE MSA 2040 configuration Default IP range for HP SAN storage MSA 2040 is 10.0.0.1/2 You need to connect your laptop and storage with...
