For some reason, Windows Server 2008 using IIS 7 allows SSL 2.0 by default. Unfortunately, this means you will fail a PCI Compliance audit by default. In order to disable SSL 2.0 in IIS 7 and make sure that the stronger SSL 3.0 or TLS 1.0 is used, follow these instructions:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate the following registry key/folder:
- Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
- Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
- Enter Enabled as the name and hit Enter.
- Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn’t, right-click and select Modify and enter 0 as the Value data.
- Restart the computer.
- Verify that no SSL 2.0 ciphers are available at ServerSniff.net
Note: This process is essentially the same on an IIS 6 (Windows Server 2003) machine. Normally, the Server key under SSL 2.0 will already be created so you will just need to create a new DWORD value under it and name it Enabled.
For more information, read Microsoft’s Knowledge base article on how to disable SSL 2.0 and other protocols in IIS 7.
rPath put together a brief, informative and entertaining overview of cloud computing in the video “Cloud Computing in Plain English”. Take five, and watch the video below.
Late last year we began formally migrating over to Windows 2008, specifically addressing single points of failure. In our production data center we’ve recently deployed a fibre channel SAN, whereas Windows 2008 clusters have played very nicely, enabling our SQL instances to benefit from a more robust storage subsystem.
Tonight however, I began migrating a slightly older system, HP DL560s with an HP Modular Storage Array 500. After a brief six hours, tracking down updated drivers, firmware and iLOs + controller and array config utilities, I happen to find out Windows 2008 has dropped support for Parallel SCSI, in support for iSCSI, SAS and of course fibre channel. More info can be found here: http://support.microsoft.com/default.aspx/kb/947710
Therefore, if you’ve got legacy Direct Attached Storage (DAS) SCSI Arrays in use, they WILL NOT migrate to Windows 2008 clusters! So now I must revert back to W2k3 R2 SP2 – which still provides support for Parallel SCSI. Too bad, have really enjoyed my experience with W2K8 boxes of late, but it looks like W2K3 will have to live on for a while longer..
Posted in Computer Equipment, Infrastructure, Technology
Tagged DAS, Fibre Channel, HP DL560. Smart Array 500, iLO, iSCSI, Parallel SCSI, Persistent Reservations, SAN, W2K3, w2k8