As I am sure you are all aware Secure Sockets Layer (SSL) version 2 certificates are a risk. This protocol is known to have cryptographic weaknesses as well as other exploitable vulnerabilities.

To ensure that your Microsoft IIS Servers do not publish these you can perform the following registry tweek.

1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key: HKey_Local_Machine \ System \ CurrentControlSet \ Control \  SecurityProviders \ SCHANNEL \ Protocols \ SSL 2.0 \ Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK. Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to “0″.
7. Click OK. Restart the computer.

You can download a .reg script below that will save you a few minutes.
disable_sslv2_server.reg

I have recently worked on a Data Center migration that involved changing the whole IP address range for the site, this process went quite smoothly really.  One thing that caught me out was when the primary IP address of the RSA Authentication Manager server was changed all of the other servers could not longer authenticate even though the DNS records still existed and resolved to the new server IP address.

The work around it quite simple but does contain a number of steps, it does work though!

Stop Services

1. Select Start | All Programs | RSA Authentication Manager Control Panel
2. Select Start & Stop RSA Auth Mgr Services
3. Click Stop All
4. Click OK
5. Click Edit
6. Uncheck Automatically start services on system startup
7. Click OK

Update Replica

1. Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
2. Highlight the Primary Server
3. Click Details
4. Change the Name and/or the IP addresses of the Primary ACE/Server configuration
5. Click OK to the notice that you have changed the Name and now must change the system name

Update Server

1. Change the name or IP address on the Primary Server Operating system, and reboot the machine
2. Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
3. Click OK to the “The name and/or IP address of this Primary RSA ACE/Server has changed successfully” dialogue

Start Services

1. Select Start | All Programs | RSA Authentication Manager Control Panel
2. Select Start & Stop RSA Auth Mgr Services
3. Click Start All
4. Click OK
5. Click Edit
6. Check Automatically start services on system startup
7. Click OK

Other Updates

1. New sdconf.rec files must be generated for all agent hosts and delivered to the agent hosts, replacing the existing file
2. Select Start | All Programs | RSA Authentication Manager
3. Select Agent Host | Generate Configuration Files | All Agent Hosts
4. Click OK
5. Click Yes
6. Click OK
7. Copy the newly created sdconf.rec to the SYSTEM32 folder on all agent hosts

One thing I can never remember quickly is slash notation, it is not difficult but I just can’t seem to remember it quickly!  So here is a quick reference guide.  In slash notation, a single number indicates how many bits of the IP address identify the network the host is on. A netmask of 255.255.255.0 has a netmask of 8 + 8 + 8 = 24.
For example, writing 192.168.42.23/24 is the same as specifying an IP address of 192.168.42.23 with a corresponding netmask of 255.255.255.0. Often you have to enter the netmask as slash notation, an easy task with the usual 255.255.255.0. However if your network doesn’t have 255 hosts, for example only 8 hosts, then the netmask will be 255.255.255.248.

The following table lists the variable length subnets from 1 to 32, the CIDR [3] representation form (/xx) and the Decmial equivalents. (M = Million, K=Thousand, A,B,C= traditional class values)