SSL wildcard certificate missing private key after vendor auto renewal

A vendor (in this case godaddy) auto renewed an existing wildcard SSL cert.  This was renewed against the original CSR of which the server no longer existed.

Upon import to a server (that already had the private key for the expiring certificate) it did not associate a private key and could not be used.  The vendor told us to “re-key” the certificate however this would invalidate the current, live certificate within 3 days.  We could not carefully plan and reconfigure all dependencies within 3 days.

Fortunately the simple was simple.  From a server that already has the private key from the previous certificate extract the thumbprint of the new certificate and run the following,

certutil -repairstore my {thumbprint}

This should locate the primary key and associate with the new cert.

SYSPREP Windows 10 errors

Windows 10 with the latest updates now appears to cause the SYSPREP to fail due to some of the installed apps.  The error log points you to the offending items in the system32\sysprep\panther\setuperr.log file.  I had to remove the packages one by one and SYSPREP would then fail at the next one in the list.

I only had 3 to remove to get SYSPREP working again using following PowerShell

Get-AppxPackage *candy* | Remove-AppxPackage
Get-AppxPackage *twitter* | Remove-AppxPackage
Get-AppxPackage *photos* | Remove-AppxPackage

Analysing Server 2012 R2 RDP Traffic

As part of a monitoring exercise we needed to monitor RDP usage on an RDS farm to get an idea of typical bandwidth consumption and impact as users print etc.

Using perfmon.exe add the following counter

RemoteFX Network/Total Sent Rate(*)

Set the graph scale to something to monitor (here is 100 Kbps). For real-time stats the histogram view is best used here.

To find the association between session number and user, make use of the qwinsta.exe command line utility

Other useful Performance Counters are explained here