How to map client certificates in IIS 7 through graphical user interface

This is a repost of a post from an old blog, made on July 20, 2012, that used to be on:

Original post:

As you may know if you want to map client certificates to IIS 7 for authentication purposes, you must use the editor by default, as described in this blog.

If you want to have the IIS 6 like option of mapping the certificates through UI, you cam checkout this blog, and download the ClientCertificateMapping extension for IIS 7.

After installing the extension you will get new Client Certificates option in the IIS right side window


which will open a window like this one


How to schedule SQL Server Express backups…

This is a repost of a post from an old blog, made on March 7, 2012, that used to be on:

Original post:

…or how to backup your Microsoft SQL Server databases when you don’t have any access to the db machine and db servers local storage.

I had to made and automate a backup of one of the databases that I use on my job today, but the problem was that the only acces I had to the database was with using a sql server authentication and I didn’t have all the permissions on the base or the server. So here are the steps how to backup your MS SQL database without the use of third party tools or SQL agent (which you can’t use in Express editions of SQL Server).

This will be accomplished using the sqlcmd utility which is a free tools that you get with your Server of Management Studio installation.

  1.  Create a sql script for backup using the BACKUP DATABASE statement, my script looks something like this:
    DECLARE @name NVARCHAR(256);
    set @name='\\server\shared_folder\your_db_' + CONVERT(VARCHAR(8), GETDATE(), 112) + '.bak'
    Backup Database your_db To Disk = @name;

    this will create backup file in format of your_db_YYYYMMDD.bak
    If you would like a different format of the date check this link for date formats.

  2. Create a bat file that you can put in Task Scheduler, you can put something like this in bat file:
    sqlcmd -S your_server -U username -P password -i C:\some_folder\your_sql_backup_script.sql

    Remember that if you’re using SQL Express you need to use your_server\instance_id to connect to the server.
    You can also use some other switches if you like:

    Microsoft (R) SQL Server Command Line Tool
    Version 10.50.1600.1 NT x64
    Copyright (c) Microsoft Corporation.  All rights reserved.
    usage: Sqlcmd            [-U login id]          [-P password]
      [-S server]            [-H hostname]          [-E trusted connection]
      [-N Encrypt Connection][-C Trust Server Certificate]
      [-d use database name] [-l login timeout]     [-t query timeout]
      [-h headers]           [-s colseparator]      [-w screen width]
      [-a packetsize]        [-e echo input]        [-I Enable Quoted Identifiers]
      [-c cmdend]            [-L[c] list servers[clean output]]
      [-q "cmdline query"]   [-Q "cmdline query" and exit]
      [-m errorlevel]        [-V severitylevel]     [-W remove trailing spaces]
      [-u unicode output]    [-r[0|1] msgs to stderr]
      [-i inputfile]         [-o outputfile]        [-z new password]
      [-f <codepage> | i:<codepage>[,o:<codepage>]] [-Z new password and exit]
      [-k[1|2] remove[replace] control characters]
      [-y variable length type display width]
      [-Y fixed length type display width]
      [-p[1] print statistics[colon format]]
      [-R use client regional setting]
      [-b On error batch abort]
      [-v var = "value"...]  [-A dedicated admin connection]
      [-X[1] disable commands, startup script, enviroment variables [and exit]]
      [-x disable variable substitution]
      [-? show syntax summary]
  3.  Put you bat file in Task Scheduler to run automatically.

Msg 3154, The backup set holds a backup of a database other than the existing database

This is a repost of a post from an old blog, made on March 15, 2012, that used to be on:

Original post:

I got asked for help today at work by a coworker who got the following error when trying to restore a database to a different already existing database:

System.Data.SqlClient.SqlError: The backup set holds a backup of a database other than the existing ‘database_name’ database. (Microsoft.SqlServer.Smo)

when trying to restore with script he would get something like this:

Msg 3154, Level 16, State 4, Line 1
The backup set holds a backup of a database other than the existing ‘database_name’ database.
Msg 3013, Level 16, State 1, Line 1
RESTORE DATABASE is terminating abnormally.

The solution for this is simple: you need to add WITH REPLACE option when restoring.

If you’re using script it should look something like this:

RESTORE DATABASE [database_name] FROM  DISK = N'C:\some_directory\backup.bak' WITH  FILE = 1,  NOUNLOAD,  STATS = 10

If you’re using GUI you need to mark the on the Options section.

Hyper-V server Event ID 3112: The virtual machine could not be started because the hypervisor is not running – How to fix

This is a repost of a post from an old blog, made on March 25, 2012, that used to be on:

Original post:

Today I was encountered with a problem with one of the computers that was running Windows Server 2008 R2 with Hyper-V. When I would try to start any of the virtual machines installed on it I would get the following error:

The virtual machine could not be started because the hypervisor is not running

I instinctively checked the BIOS if VT is enabled and it was.

When looking in the Event Viewer I would see Event ID 3112 so I started looking the Technet for other possible errors on that ID.

The problem for me was in BCD and Intel VT-d (Intel Virtualization Technology for Directed I/O), I needed to enable VT-d and put hypervisor in Boot Configuration Data to autolaunch with the following command (you need to runa cmd as an Administrator with elevated privileges):

bcdedit /set hypervisorlaunchtype auto

Here is a little checklist if you get this kind of error:

  1. Check if Intel VT or AMD-V hardware extensions are supported on your CPU and are enabled in BIOS
  2. Check if No eXecute (NX) for AMD and eXecute Disable (XD) for Intel CPU are enabled in BIOS
  3. Check your BCD with bcdedit (the problem with me was, that it was a classroom computer with dual boot Windows 7/Server 2008, and the BCD was changed with Win 7 reinstallation)
  4. Check if Intel VT-d is and Trusted Execution enabled/disabled (This one is little strange to me, because if you look here it states it needs to be disabled, but for me I had to enable VT-d in BIOS)
  5. Check if you enabled Hibernation or Sleep on your server, it changes your “hvboot” registry value. Try to start it in elevated Command Prompt with command:
  6. net start hvboot

Hope this helps somebody, because I got a little frustrated with this error today

FortiGate and iPad dial-up VPN IPsec phase 2 error: no matching gateway for new request

This is a repost of a post from an old blog, made on July 12, 2012, that used to be on:

Original post:

I was asked at work to connect the iPad of one of the employees to our company VPN on FortiGate and it took me some time to set it up right.

I was always getting “The VPN server did not respond” message on the iPad when trying to connect to the IPsec VPN. At the same time the log on the FortiGate would get IPsec phase 2 error messages with negotiate_error as Status and “no matching gateway for new request” as error reason.

After some searching on Google it turned out to be the problem with the peer ID settings on FortiGate and Group Name settings on iPad, they were not matched.

The group name on the iPad must match the peer ID on FortiGate, In my case that meant that my group name on iPad had to be the same as the username, because on Fortigate I had set the IPsec Phase 1 to accept peer ID from the dialup group.

So if you are having problems with setting the IPsec VPN between iPad or iPhone and FortiGate, and are having the same errors as me try one of these as solution:

  • either change your Phase 1 so it accepts any peer ID
  • either change your iPad group name in IPsec config to match the username you are using, if your Fortigate is set to accept peer ID in dialup group
  • either set Phase 1 on Fortigate to accept specific peer ID, for example “ipad” and set that as the group name on you iPad

Here is a Fortinet article on setting the iPhone and iPad Dialup User IPSec VPN