Monday, March 30, 2015

Upgrading to Windows 2012 R2 64-bit Part 2 of 2

I was waiting forever for the certificate to be sent by Geotrust last night.  Turned out that it was sent to the admin email account.  Grrr...

Anyway, I approved the certificate via email link this morning and received it in another email.  So to continue with the process, the following steps were needed:

  1. Install the certificate to IIS 8 -- https://www.digicert.com/ssl-certificate-installation-microsoft-iis-8.htm
  2. Download the intermediate certificates from Geotrust/RapidSSL (provided in the email link)
  3. Install the intermediate certificates to Windows 2012 -- https://support.godaddy.com/help/article/4951/installing-an-ssl-certificate-in-microsoft-iis-8?countrysite=ph
  4. Do a quick SSL health check -- https://www.sslshopper.com/ssl-checker.html
And SSL is now running correctly.

Upgrading to Windows 2012 R2 64-bit Part 1 of 2

I migrated the secondary server from Windows 2003 Standard 32-bit to Windows 2012 R2 64-bit since Win2003 is not supported anymore and it cannot handle SHA-2 SSL.  While my previous attempt to do the same on the virtual server went through like a breeze, doing it on the bare metal server took way much longer than I expected.

  1. The OS Reload took 2 hours to complete.
  2. Upon login, it looks like Softlayer did not install IIS by default unlike with the virtual server.  I had to manually search for the instructions and found this -- http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2.
  3. After loading the programs, got tons of IIS errors.  I did several tests and eventually came to the conclusion that the problem was .NET 4.5 was installed prior to installing IIS.  So it has to be reconfigured in order for IIS to recognize it.  In the old days, it was just a simple call of aspnet_regiis.exe.  But it looks like Win2012 does not support that anymore.  Instead, it uses something called dism.  This link solved it -- http://support.microsoft.com/en-us/kb/2736284.
  4. The above command also correctly installed the ASP.NET State Service.
  5. When the components look like they are working, I tried making test transactions.  I was getting some weird error message that I've never seen before.  After doing some Google research, and inserting lots of debug tracers, it turns out that Windows 2012 has IPv6 enabled by default.  So the Request.UserAddress was returning an IPv6 address instead of an IPv4 which, in turn, causes problem with the call to GeoIP.  The coding suggestion here worked -- http://www.4guysfromrolla.com/articles/071807-1.aspx.
  6. Then I installed the SMTP Server but could not log into it no matter what settings I was doing on the Firewall.  Then I remembered having this same problem a long time ago!  Its the McAfee Virus Scan that came with the bare metal server which was blocking SMTP access.  The virtual server does not come with McAfee so I did not have such problem.  Disabled spam checking at McAfee solved that.
  7. Now, I'm working on getting my SSL certificate re-issued under the newly loaded OS.  I followed this CSR generation instruction -- https://www.digicert.com/csr-creation-microsoft-iis-8.htm.  Now waiting for Geotrust to send me back my new certificate.
Sigh, the expected 2 to 3 hour maintenance is now running 6 hours and counting...

Saturday, March 14, 2015

Installing SMTP Service on Windows 2012

With Microsoft's impending end-of-life support for Windows 2003 and all the recent SSL attacks, it looks like moving to SHA-2, TLS1.x, etc. is inevitable.  I've previously  had an impossible time getting Dragonpay to work correctly on Windows 2008 R2 64-bit at Softlayer.  But this time around, when I had the OS reloaded for Windows 2012 64-bit, it was surprisingly smooth.  Granted that it took a little bit of getting used to the new interface, but it wasn't that much different from Windows 2008.

Figuring out where to find the SMTP service took a bit more of a challenge but I found this incredible and very detailed step-by-step guide that worked perfectly:

http://blog.hyperfive.com/2013/07/how-to-setup-internal-smtp-service-for.html