I have 3 main sites, each have a WAN connection which is good but not great, and internet connections.
I have just built a WSUS 3.0 SP2 on windows 2008 R2 boxes in each region.
I want to configure one as the primary and the other 2 as downstream boxes, saving WAN/internet bandwidth.
There doesn't seem to be a way to configure these to 'report' into the main box, and download the approved patches without using the WAN link.
Is there some obvious setting I am missing, enabling these as replica does everything I need apart from the download source.
I'm not quite understanding how you're expecting a remote WSUS server to communicate with the primary except via the WAN link?
As far as configuring a WSUS server as a downstream server, that's covered in the WSUS Deployment Guide, and is presented in the setup wizard. (Option 1: Get updates from Microsoft; Option 2: Get updates from another WSUS server). See Configure and Manage Replica Servers for more information.
Related
The problem statement:
Suppose there are 20 windows machines within a local network. One of the machines serves as the server and hosts the database. Now, the other 19 machines have the access to read from the server machine, but the server machine does not have username and password for any of the other 19 machines.
I have to update a desktop application installed on all the machine. There is a spring-boot application, hosted on the server machine which downloads the build. Now, as soon as I download the build I have to notify all the other 19 machines that build has been downloaded so that they can read and update themselves.
Solution 1: Install a windows service which will poll the server and check if updates are available.
Solution 2: Host a POST web API on the 19 machines and notify them by making a post call. I think installing IIS or Tomcat on every machine is not viable.
Is there any other optimal solution for notifying the client?
Note: We cannot take the RDP and neither have credentials but we can make use of already deployed windows application on the other 19 clients.
Solution 3: If your machines share the same domain, use msi install packages to update software all across domain by using Group Policy. It's common way.
Solution 4: Launch desktop application directly from server shared folder. It works good while server machine is always accessible and application is not too heavy for your LAN.
Here you need some care about writing new application files while it running on client computers. Good way is to keep a different folders for different versions and launch with shortcut pointing to latest one:
v1.3\app files here
v1.4\app files here
v1.4.6\app files here
v1.7\app files here
app.lnk → v1.7\app.exe
client machines launch the application with app.lnk.
Upd: if you update application when nobody works (see 1am…2am), you can omit all of this versioning stuff.
Solution 1: It work as well. You can use NSSM to easily launch your update script or exe-file as a Windows service.
I would use a windows service or a scheduled task (both could be the same application you provide, but with some arguments). It frequently checks if a new version is available (maybe only once a day).
If you only have a short time frame when the new version has to be installed on all machines you could also provide an installation date with the new version. (Maybe the check will be done through a REST api where the client sends the current installed version number and the server answers with an status code 200 and the body is either empty or provides an json object containing the new version number, the due date and the download url.)
Then the client can already download the new version and make it available on the machine, but it triggers the installation only when the due date is reached. This check of the due date can happen more often, cause all informations are already on the client machine and can be done locally.
Hello Stack Overflow community, I am encountering the following errors when I try to add a node to my local computer cluster using Microsoft HPC Pack 2016:
Could not contact node 'NODE-A08' to perform change. Identity check
failed for outgoing message. The expected DNS identity of the remote
endpoint was 'HEAD-NODE01' but the remote endpoint provided DNS claim
'NODE-A08'. If this is a legitimate remote endpoint, you can fix the
problem by explicitly specifying DNS identity 'NODE-A08' as the
Identity property of EndpointAddress when creating channel proxy.
Could not contact node 'NODE-A08' to perform change. The management
service was unable to connect to the node using any of the IP
addresses resolved for the node.
Ultimately I would like to write and test my own MPI programs while using HPC Pack as my cluster manager, but I cannot seem to get past this preliminary step of setting up my cluster.
Through my research in to the issue I have found "Identity check failed for outgoing message..." to be a well documented error related to Windows Communication Foundation (WCF). My understanding is that it occurs when the common name (CN) of the endpoint computer's certificate does not match its DNS identity.
The solutions that I found where lines of code for people writing their own programs, however those solutions do not apply to HPC Pack because I cannot access its source code directly.
Some additional information specific to my situation:
the certificates used by both the head node and the node were issued
individually by a trusted domain
all computers are connect to one enterprise network
the head node's PC name is 'HEAD-NODE01'
the node's PC name is 'NODE-A08'
these errors occur during the provisioning stage of adding a node
the errors are displayed in the provisioning log within HPC Pack
2016's user interface
I was successful in pinging each computer from the other
both computers display the proper DNS IP address when I use command
prompt
the head node is running Windows Server 2012 R2
the node is preconfigured to be a workstation node and is running
Windows 10 Enterprise
Any help would be greatly appreciated. I have looked for a few days and in a lot of places for an answer, but I have not been very successful. Thank you very much in advance!
Subject names of both SSL certificates must be identical
Actually i have following step by step from http://www.windowsazure.com/en-us/manage/services/sql-databases/getting-started-w-sql-databases/ to create database and etc.
But when i try to login using username and password which i have configured,message error appear " Failed to retrieve connection information. Try to login again. "
I have configure firewall before to allowed my public ip to access the database.
How to solve my problem ?
Thanks
Clear your cookies and browsing history and contact Microsoft support if this persists after some time (like an hour)
That is very interesting problem.
What about checking connection with Microsoft SQL Server (can be Express edition).
If you configured firewalls then you should be able to access Azure database via Microsoft SQL Server Management Studio from your system with no problems.
Alternatively you could check Visual Studio. But I am not sure if Visual Studio Express edition can connect to Azure databases (you might need some paid version).
If you still have some connectivity issue using SQL Management Studio then that would indicate some networking problems between your place and Azure data centre. In that case I would recommend spinning up another Azure database (for very short time) in different data centre, set up firewalls and see if that will work.
EDIT
Any way to configure Firewall for Azure ?
Firewall to database cannot be configured at a level of individual databases; it needs to be configured at a level of server.
In Windows Azure Management portal, go to Database tab and then select database server:
Once you in server dashboard, select configuration top tab. You can change DB Server firewall allowed IP addresses under Allowed IP Addresses
In the same section there is Current Client IP Address which tell you the current IP. That very handy when you work with VPN or change your network quite often.
Allow popups. Chrome was blocking this from me.
I am working on a large application in team environment. We use to Team Foundation Server to control source code with VS2010.We are using LAN to connect TFS which works great in an small office but now we need to connect TFS through Internet.
What actually I want to know that we have many developers they reside in different location worldwide. We want to download there work directly in the TFS server through Internet like LAN. We will have also connect LAN users who work on this application and want to connect both kind of users parallel.
Note: WE DON'T WANT TO USE VPN.
Is there any possibility to do this kind of work in TFS? Any Help will be appreciated.
You can definately expose TFS over the internet. TFS is basically a set of web services hosted in IIS, just make your server internet-visible and you're set.
There are some security best practices you probably want to consider though:
1) You should configure an SSL cert in IIS and connect to TFS using HTTPS (an option when connecting in VS).
2) You should place your SQL Server database on a separate machine that is not directly exposed to the internet (but is visible to the Application Tier server). SSRS should reside on the AT server, the DB and SSAS should be on the Data Tier server.
I am working with a team of 5 developers at a small company. There are 3 who work here and 2 work remotely. Currently, we are using Assembla with Trac for source control. We are working on a ASP.NET MVC web site. We are not hosting our production environment right now. I am setting up a BuildServer with Teamcity!! I have it working right now on my locally on my laptop. Should we host our own buildserver or pay some else?
TeamCity is pretty good for small shops such as yours. Hosting your own really shouldn't be bad in terms of setup and cost. As long as your remote colleagues can access it without issue and it fulfills your requirements, go for it.
I'd recommend hosting it closer to your version control server so that it can obtain the sources and perform builds faster. If you host your own version control server, either install TeamCity on the same machine (if the hardware allows it) or put it in the same network. You will also need to install build agent(s) somewhere and a database server (as the internal database may lack the performance and reliability). In a small shop a standalone server would handle all of it (TeamCity Server + Build Agent + MySQL database). In a long term buying a server and hosting it by yourself would be much cheaper than paying some hosting provider each month for a virtual or dedicated server with limited resources. It would also simplify upgrading if it becomes necessary.
TeamCity server by itself is a web application hosted on the Tomcat server. It's accessed via the web interface from the browser. If you have an external IP address on the server, just configure the Tomcat to listen on that address and TeamCity will become accessible from all over the world (don't forget to configure the security).