In Part I, we covered the configuration of Active Directory and the SCCM Management Point Server as well as the SQL Server. In Part II, we will be covering the Certificate Configuration needed for System Center Configuration Manager 2012. This includes creating templates, Group Policies, and Certificate registration on the Management Point (MP).

As I mentioned in my initial post, I will be using HTTPS communication with certificates. If you are not going to utilize certificates, and will only use HTTP communication you will not need this information and can skip on over to Part III Installation. Everyone else, let’s keep going!

In order to use certificates, you’ll need a commonly trusted Certificate Authority in your domain. In my environment I have opted to setup an Offline Root Certificate Authority, as well as a Subordinate Intermediate CA that will distribute certificates to all of the clients on my domain via a Group Policy Object (GPO) at the root of my AD infrastructure. All of the servers trust the Root CA and the Intermediate CA via GPO.

If you need instructions on setting up your own, I highly recommend this article by Mark Kean. I used it to setup my infrastructure:

http://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/

Now we’ll talk about the templates we need to create. In a System Center environment, there are three types certificate templates that we will need:

Client Certificate
Web Server Certificate
Site Server Signing Certificate

Client Certificate – This is the certificate that will each server in the domain will register for and receive per GPO. Used to authenticate and exchange information the Management Point (MP). Also used by the MP to monitor the remote server’s status.

Web Server Certificate – This certificate will be installed on any site servers with the Management Point and/or Distribution Point Roles. It is used to encrypt data and authenticate clients. Configure this in IIS.

Site Server Signing Certificate – This is used to sign site policies. Configure this within SCCM.

Now that we know what templates we will need, here is what we’ll need to implement on our CA, clients, and SCCM host.

– Create the three new certificate templates on our issuing Intermediate CA
– Create an Auto-Enroll GPO for the Client Certificate template
– Register for Web Server and Site Server Signing Certificates on the MP

After these steps, we can move on to the Installation of SCCM 2012 with our PKI, templates, GPO’s and clients ready to roll.

Create these three new certificate templates on our issuing Intermediate CA

Client Certificate Template Creation

RDP to your Intermediate CA and launch Certification Authority (Start > Administrative Tools > Certification Authority). Expand out your CA tree and right-click Certificate Templates and click Manage.

Now right-click on Workstation Authentication and click Duplicate Template.

Make sure to use Server 2003, not 2008

In the Properties, name this ConfigMgr Client Certificate. Click on the Security tab, select the Domain Computers group and add the permissions of Read and Autoenroll, do not clear Enroll. Then click OK.


When you refresh your console, you will see that the new template is there.

Web Server Certificate Template

Still in Certification Authority, in the Certificate Templates list we’ll setup the next template.

Right-click on the Web Server template, and click Duplicate. On the General tab, change the Template Display Name to ConfigMgr Web Server Certificate.

Next, click the Subject Name tab, select the Supply in the request radio button.

Next click the Security tab, and add your SCCM server to the permissions list and add the Enroll permission. You should also remove the Enroll permission from Domain and Enterprise Admins. Then click OK.

If you were running a SCCM configuration with multiple sites and servers, it is recommended you create a SCCM Servers Active Directory Security Group. In our case, I am only going to have a single server so it makes sense to just assign the permissions to this single server than to create a group for one server.

Site Server Signing Certificate Template

Now we’ll create the final template, for the Site Server. There are a few extra steps here, so following these exact instructions is paramount.

Right-click on the Workstation Authentication template, click Duplicate. Rename the template ConfigMgr Client Distribution Point Certificate.

On the Request Handling tab select Allow private key to be exported.

On the Security tab add your SCCM server, and give the server Enroll permission. Click Apply, then OK.

Now if you look at the Certificate Templates Console you will see our three new templates.

Now we need to enable the templates for distribution. Close the Certificate Templates Console window and then right-click on the Certificate Templates folder in the certserv console and select New > Certificate to Issue

Select all three of the ConfigMgr templates we created then click OK.

They will then show up in the Certificate Templates listing. Once you verify that, close Certification Authority console.


Create an Auto-Enroll GPO for the Client Certificate template

Now we’ll need to create a Group Policy at the root of our domain so that every client will Autoenroll for the ConfigMgr Client Certificate.

Launch Group Policy Management on your Domain (Start > Administrative Tools > Group Policy Management). Right-click your domain and select “Create a GPO in this domain, and Link it here…” as we are going to create a new GPO and link it at the root. Name your GPO I named my policy “AutoEnroll ConfigMgr Client Cert“, then click OK.

Note – You can add these settings to your default domain policy if you would like, its up to you. I prefer separate policies for applications purely for aesthetic and organizational reasons.

Edit your newly created GPO. Navigate to: Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies. Right-click on Certificate Services Client – Auto-Enrollment and then click Properties. Change the Configuration Model: to Enabled, and check the Update certificates that use certificate templates. Then click Apply and OK.

If you recall, we configured the ConfigMgr Client Certificate Template earlier and we set the permissions for Domain Computers to Read, Enroll, and Auto Enroll. Now when you run a “gpupdate /force” or in 15 minutes when GP is re-applied, any machine on the domain communicating with the DC will request and receive a client certificate automatically that will be place in the Local Computer Personal Certificate Store.

 

Register for Web Server and Site Server Signing Certificates on the MP

Now we need to setup the appropriate certificates on our System Center Configuration Manager Management Point. The first thing you will need to do is reboot your SCCM server. This is so that it will pickup the permissions change that will allow it to register for the Web Server Certificate.

Once the reboot completes, RDP to your SCCM server click Start > Run.  Type mmc.exe and click OK.  Click File > Add/Remove Snap-In… Choose Certificates and click Add.  Choose Computer Account, click Next.  Choose Local Computer, click Finish.  Click OK, and then expand the Certificates tree to the Personal > Certificates folder.

You may notice that your SCCM server has Autoenrolled for and received its Client Authentication Certificate we just setup.

Right-click in a blank space and click All Tasks > Request New Certificate… 

You are presented with the Certificate Enrollment wizard.Click Next.

Leave the default here, and click Next.

At the Request Certificates part of the wizardcheck both the ConfigMgr Client Distribution Point Certificate and ConfigMgr Web Server Certificate. You will notice that under the Web cert, a prompt that says, ! More information is required to enroll for this certificate. Click here to configure settings. Click the link and setup your Certificate Properties.

We will be leaving the Subject name section blank, instead we will be configuring an Alternative name, by selecting DNS from the drop down menu, and then typing in the FQDN of our SCCM server, then click Add and then OK.

Then the warning field will disappear from the Request Certificates screen of the Certificate Enrollment wizard so we can press on. Click Enroll and then finish once the enrollment is successful.

Now we need to export the Client Distribution Point Certificate while we are in the Certificates Management console. Right-click the certificate and select All Tasks > Export.

Click Next at the Welcome Screen of the export wizard. Then on the Export Private Key  page change this to YES then click Next.

Next, select Personal Information Exchange – PKCS #12 (.PFX) and then click Next.

Set a password at the next page of the wizard. Make sure you don’t forget what you set, as we’ll need this later. Save the file to your desktop, I saved mine as SCCM DP Cert and finish the wizard. The close the MMC session. No need to save this console unless you want to have a shortcut to managing your Local Computer Certificates. Regardless of your choice here, your actions to this point will not be reverted.

The reason for this export is that we will later be importing this certificate into SCCM and we need to do so in pkcs12 format, with a password protected private key included.

The final piece of the Certificate puzzle is for us to assign the Web Server Certificate to the Default Website in IIS. Launch IIS Manager (Start > Administrative Tools > Internet Information Services (IIS) Manager). Navigate to the Default Website, right-click it and select Edit Bindings. Select the https binding and click Edit. The select the ConfigMgr Web Server Certificate and then click OK. I highly recommend viewing your certificate afterwards, checking the Details tab, to ensure you selected the correct one.

Note the WSUS Administration website is setup as a secondary site here. As a reminder, WSUS should be installed at this point and running on its own website. You will have issues if WSUS is running on your default site at this point. I highly recommend immediate remediation to your installation if this is the case.

Congratulations! Give yourself a pat on the back, you’ve now setup all the necessary components to run System Center Configuration Manager 2012 with secure communications leveraging your home-grown PKI. Setting up the infrastructure and following all of these steps is a difficult task to be sure, but hopefully this guide will make this a little bit easier for you to implement.

The purpose of Part II was to configure PKI settings specific to Configuration Manager 2012 in the most efficient means possible. To view Microsoft’s official TechNet article on PKI for Configuration Manager see this page:

http://technet.microsoft.com/en-us/library/gg682023.aspx

 

in Part I, I will be detailing the necessary steps to lay the foundation needed to install System Center Configuration Manager 2012 in your environment. I will be assuming a couple of things here. This series of blog posts assumes:

– You have a 2003/2008 Active Directory Domain in place
– You have Domain Admin rights to your domain
– You can install SQL Server without instructions
– You will be using a Primary Standalone Configuration
– You will be setting up or utilizing PKI for HTTPS communication

Here is what we will be covering in Part I:

– Preparation of Active Directory for SCCM installation
– Preparation of the System Center Servers

Preparation of Active Directory

The first thing that we need to is create the System Management object in ADSI.

Login to a Domain Controller and launch ADSI Edit (Start > Administrative Tools > ADSI) once the console loads, right-click on ADSI Edit, leave the defaults and click OK. Then navigate down to the CN=System object, right-click then select New > Object…

Select container, click Next.

At the next screen, enter System Management as the container Value.

Perform a quick refresh on the console (F5) and click on System. You’ll see that the container was created successfully.

Now, right-click on the System Management container we just created and click Properties. Click the Security tab, add your SCCM server, give it Full Control permissions. Then click Advanced then set the Apply to: This object and all descendant objects.Then Close ADSI Edit.

Next, we’ll need to Delegate Control of this container to the Computer Account of the SCCM server.

Open up AD Users and Computers (Start > Administrative Tools > Active Directory Users and Computers). Click View and then select Advanced Features. We’ll need this enabled for us to view the System Management container we just created.

Next browse to the System OU and then right-click on System Management > Delegate Control.

This will activate the Delegation Control Wizard, click Next.

You will be prompted on who to Delegate Control to. We want to give the SCCM Server this permission. Make sure you click on Object Types… and select Computers, then search for your server, and click Next.

We want to create a Custom Task.

We want this control to apply to this folder, its contents, and all child objects selected.

Make sure all three boxes are checked here, and then click Full Control.

Finish out the wizard.


While we are in Active Directory, we are going to go ahead and create two SCCM accounts. The SCCM Agent and the SCCM Service accounts. The SCCM Agent will be used to install the SCCM client on remote machines. This account will need administrator permissions to each server where the agent will be installed, so I am going to grant this user account Domain Admin rights. The SCCM Service account will be running the SQL Services on the remote SQL server.

I created a new user named, domain\sccm.agent and added this user to the Domain Admin group. I also created a user named domain\sccm.service. Also make sure that you select Password Never Expires on these accounts you’ll have an issue in the future at some point ;)

Now, we’ll need to extend the Active Directory Schema.

On your System Center Configuration Manager 2012 ISO, navigate to SMSSETUP > BIN > X64. In that directory there is a file named extadsch.exe, right-click that file and Run as Administrator.

Note – This can be ran from any machine on the domain as long as you have access to a Domain Controller. Also, you will need to either be logged in as a user that has Schema Admins permissions, or perform a Run As… as a user account with Schema Admin rights.

A command window will appear briefly and then disappear. Check C:\ExtADSch.log to confirm it completed successfully. Here is a sample of what a successful attempt looks like:

<08-05-2012 15:48:35> Modifying Active Directory Schema – with SMS extensions.
<08-05-2012 15:48:35> DS Root:CN=Schema,CN=Configuration,DC=DOMAINNAME,DC=local
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Site-Code.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Site-Boundaries.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Default-MP.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Device-Management-Point.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-MP-Name.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-MP-Address.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Health-State.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Source-Forest.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<08-05-2012 15:48:36> Defined attribute cn=MS-SMS-Ranged-IP-High.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Version.
<08-05-2012 15:48:36> Defined attribute cn=mS-SMS-Capabilities.
<08-05-2012 15:48:37> Defined class cn=MS-SMS-Management-Point.
<08-05-2012 15:48:37> Defined class cn=MS-SMS-Server-Locator-Point.
<08-05-2012 15:48:37> Defined class cn=MS-SMS-Site.
<08-05-2012 15:48:37> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<08-05-2012 15:48:37> Successfully extended the Active Directory schema.

<08-05-2012 15:48:37> Please refer to the ConfigMgr documentation for instructions on the manual
<08-05-2012 15:48:37> configuration of access rights in active directory which may still
<08-05-2012 15:48:37> need to be performed. (Although the AD schema has now be extended,
<08-05-2012 15:48:37> AD must be configured to allow each ConfigMgr Site security rights to
<08-05-2012 15:48:37> publish in each of their domains.)

If you see error 5’s in the log after attempting the schema extension, go back and make sure your user account is a Schema Admin. Domain Admin permissions will not suffice for this.

Congratulations! At this point, Active Directory is ready for SCCM 2012 installation.

Preparation of the System Center Servers

Before proceeding with my server configuration, it is important to understand what roles I am planning on implementing in my SCCM deployment. Below is a breakdown of how I am going to distribute the roles, note I am not going to be using all of the roles, just the ones I need:

SCCM Server Roles (10 total):

– Application Catalog Web Service Point
– Application Catalog Website Point
– Asset Intelligence Synchronization Point
– Component Server
– Distribution Point
– Endpoint Protection Point
– Fallback Status Point
– Management Point
– Site Server
– Site System

SCCM SQL Server (4 Roles)

– Component Server
– Reporting Services Point
– Site Database Server
– Site System

For more information on the Server Roles, see Microsoft’s SCCM 2012 Role Wiki.

Here is where we will make sure that our System Center server and backend SQL server are prepared for installation.

SCCM Server:

– Install Roles and Features
– Configure WebDAV
– Configure local firewall rules

Launch Server Manager, and install the Web Server (IIS) Role.

Make sure that you include all of the following components. I’ve added multiple screenshots here to make this easier to see what is needed.

Once the Web Server (IIS) Role installation has been completed.

You will also need to install the Windows Server Update Service (WSUS) Role. Install this role, but DO NOT configure it at this time. Cancel out of the WSUS Configuration Wizard that comes up after you have installed the role.

Very important, when installing the WSUS Role, make sure you install WSUS to a separate site, as SCCM will utilize the Default Website.

Next, we’ll need to install some Features we need.

From Server Manager, click Add Features. You will need to ensure all of the following are installed. If they are not, add them.:

-.NET Framework 3.5.1 Fetaures and ALL child objects, including WCF Activation and its child objects.
– Background Intelligent Transfer Service (BITS) and BOTH child objects
– Remote Differential Compression

Next, we’ll need to go into IIS Manager and configure WebDAV (Start > Administrative Tools > IIS).

Navigate to the Default Website, Select WebDAV Authoring Rules. On the WebDAV Authoring Rules page, click Enable WebDAV. Then you will need to click Add Authoring Rule…

Create a rule that allows Read access to All Content, for All Users and click OK.

Now you can close IIS Manager, as the IIS and WebDAV setup is complete.

Let’s move on to configuring the local Firewall. Launch the Windows Firewall with Advanced Security utility. (Start > Administrative Tools > Windows Firewall with Advanced Security)

Select Inbound Rules. Make sure that all three default WMI rules are Enabled. By default, these are disabled. WMI communication to the SCCM server is essential. These rules are:

– Windows Management Instrumentation (ASync-In)
– Windows Management Instrumentation (DCOM-In)
– Windows Management Instrumentation (WMI-In)

To Enable these rules, select them all, right-click and click Enable Rule… Once enabled, they will turn green.

Now we have everything we need on the SCCM server, we’ll move on to the SQL server.

SCCM SQL Server:

– Install SQL Server
– Configure local firewall ports
– Add SCCM MP to Local Administrators Group

The SQL Server will need to have Microsoft SQL Server 2008 R2 Standard Edition SP1 with at least CU4 installed minimum. I installed CU7, here is a link to where you can request the CU7 hotfix for download:

http://support.microsoft.com/kb/2507770

*Note – You can also use SQL 2008 Standard Edition at a specific patch level. Here are the Supported Configurations for Configuration Manager from Microsoft.

I am going to be using Reporting from within SCCM. If you are going to use the Reporting role for this server, make sure you install, but do not configure, the Report feature during the SQL installation.

Let’s move on to configuring the local Firewall. Launch the Windows Firewall with Advanced Security utility. (Start > Administrative Tools > Windows Firewall with Advanced Security)

Right-click Inbound Rules and select Create New Rule

Select Port

Leave TCP selected, and type in 1433, 4022. These are the two ports we need access to for SCCM, for SQL Server and SQL Server Service Broker respectively.

Allow the connection.
 

I applied my rule to all profiles, in case of any unforeseen Network Location Awareness NLA service errors.

Give your rule a name. I chose “SCCM_SQL_Ports” for mine.

The last thing we’ll need to configure is adding the SCCM server object to the Local Administrators Group on the SQL server. The SCCM server will need these rights to manipulate SQL Server and the Reporting services in the most efficient way. We also need to add the SCCM Service account to the Local Administrators Group so it can run SQL services.

On the SQL Server open Server Manager and then browse to Configuration > Local Users and Groups > Groups. Double-click the Administrators group, click Add… Then click Object Types… and include Computers. Enter in the SCCM server name and also enter in your SCCM Service user account, then click OK. Then OK again, close the Server Manager console.

Next you will need to set the SQL Services to run as the SCCM Service account. Click Start, then type in services.msc and press enter. You will need to right-click on the SQL Server (MSSQLSERVER) service and click Properties. Select the Log On tab and enter in the information on your SCCM Service user. Then click Apply and OK. You will need to repeat this task for Integration Services (if installed), Reporting Services, and the SQL Agent service.

At this point, Active Directory, the SCCM Server, and SCCM SQL Server are all ready for the System Center Configuration 2012 installation!

In Part II, I will be covering the Certificate Configuration then we’ll move on to the SCCM 2012 installation in Part III.

If you have any questions or comments, feel free to comment below or contact me.

For further information on System Center, you can reference Microsoft’s Official System Center documentation here.

 

For the past several weeks I have been working in development on a project to implement both Microsoft’s System Center Configuration Manger 2012 (SCCM 2012) and their new Anti-virus solution Microsoft System Center Endpoint Protection 2012 (SCEP 2012).

I used a combination of Microsoft’s official System Center documentation and the help of several independent blogs across the web. The SCCM blogs have been especially helpful to me in my endeavor and I hope that the information that I present will be helpful to someone as well.

As the project has unfolded, I have been taking detailed notes with screenshots on the configuration so that this can be transitioned to our production environment in a smooth fashion.

Here are some things that are specific to my SCCM implementation:

– Management Point (MP) and Clients will communicate via HTTPS
– This will be a Primary Standalone configuration with a backend SQL server
– This will be for servers only, no mobile clients or desktop based systems

We want to secure the communication on our network between the MP and clients to ensure we comply with security regulations. This will be a Primary Standalone as there is only one datacenter involved in this deployment, so this is the best choice for our scenario.

Due to the complexity involved in a SCCM deployment, I will be breaking up the project into several different sections. Here are the sections for reference:

Part I – Pre-Configuration
Part II – Certificate Configuration
Part III – Installation
Part IV – Hierarchy Configuration
Part V – System Configuration – Security and Roles
Part VI – System Center Endpoint Protection Manager Role and Agent Configuration
Part VII – Client Initialization, Reporting, and Closing Thoughts

As of 09/17/2012 the Blog Series on Configuration Manager 2012 and Endpoint Protection 2012 is now feature complete!

Have you ever found yourself having an issue with installing some software, configuring an application, or running into a software bug? I’ve run into these situations many times over the years. The normal progression is to try the action again, and if it fails, try the Google. If you are unable to locate a solution, you’ll then need to contact technical support. In most situations, you are presented with one of two options. You can call or email your technical support staff.

If you elect to call the technical support staff, one the first questions they will most likely ask (after what your name is) is, “What is the problem and how can we reproduce this issue?” From there you will have to verbally explain the issue. Sometimes this is simple, but what if the problem is more complex and requires multiple steps to reproduce, and what if within those steps there are details that are very specific to your problem? This can sometimes be difficult for you and the technical support staff to work together over the phone on achieving a resolution.

If you resort to emailing the technical support staff, and the issue is complex, you will  end up doing a lot of typing to explain your situation. Perhaps you would take multiple screenshots, crop them, etc. You’ll also have to give any specifics between screenshots if you have to click a menu item.

What if you could use a built-in utility that required no additional software, that could document your steps to reproduce your problem, that would be easy to email and send to a support person? That’s where Microsoft’s Problem Steps Recorder (PSR) comes in. To launch PSR, just click Start > Run. Then type in “psr.exe”. Alternatively you can click Start and then in the search box type in PSR. You will then see the PSR application on your desktop.

Then you can begin to reproduce your problem, by clicking the “Start Record” button, then proceed to perform the steps to get to your error. Then press the “Stop Record” key. Once you are finished you will be prompted to save the recording. At this point you’ll be prompted to save the file. Give it a name that makes sense and save this to an appropriate location. The name you give the file will be the name of the .zip folder and the MHTML within that folder will be named in this format: Problem_yyyy-mm-dd_miliary-time.mht

Here is some information that the file will include:

  • Screenshots of every click
  • Information on all keys typed
  • Your Operating System Version
  • The version of web browser

Armed with this utility, you can record your steps to reproduce your problem and submit the .zip file to your support staff, who will be able to resolve your issue faster with all the information in one simple document.

Another great use for this utility is for blogging. I have used this utility many times to blog about the steps needed to install some software or to configure an application. This is also helpful in writing documentation to help show someone else how to use a certain software program or navigate a website or in helping a friend or relative troubleshoot a technical problem.

Below is a test I completed for this post. I recorded the steps on going to www.google.com and searching for “Hello World”.

 

 

 

 

There have been people that have asked me about my recent weight loss, so I decided to take the opportunity to write out a blog post on it. There are many blogs, websites, diets, workout programs, workout machines, and so many other things out there all with the promise of helping you lose weight. All of these methods in their own way work, but here is what worked for me. Perhaps my story can help you.

First off, I’d like to say that I am a work from home Systems Administrator for a web hosting company. That means I sit in a chair in front of my computer all day. I have three children under 5 years old, so the ability to workout and go to a gym after work just wasn’t an option. Once the work day is over its dinner, bath, bills, a little time with the wife, and its time for bed. I am about 5’9″ and as of March 2012 I was somewhere around 230 pounds wearing size 38-40 pants. I knew I was overweight, but I felt I didn’t have time and I did not think my eating habits were that poor.

Back in March of this year, my wife convinced me to accompany her to a local Internal Medicine clinic. I weighed in at 228 pounds that day. We met with a physical trainer/dietician and discussed what are normal eating habits were. Here is what I told him:

 

Breakfast:

  • Waffles
  • Pancakes
  • Frozen sausage biscuits
  • Eggs
  • Occasionally some cereal

Lunch/Dinner:

  • Pizza
  • Chicken
  • Pasta/Spaghetti
  • Steak
  • Pork Chops
  • French Fries
  • Fast food items
  • Few other items I cannot recall

 

I also told him that I drank several sodas a day, mostly Mountain Dew, Diet Coke, and that I had Sweet Tea often.

I set a realistic three month goal of weighing 200 pounds by the end. My “pie in the sky” goal was 185 pounds, which at the time seemed impossible. Heck, getting down to 200 would be a huge battle itself!

I was given a fact sheet in the office of “Dr. Oz’s” recommended meals throughout the day. There were some good suggestions on what to order from fast food, should I have to do fast food. Along with complete meal planning guides. My nutritionist advised to eat 5 small meals a day, this would improve my metabolism and help me churn out the weight loss process more effectively. He also was not very happy with my diet and advised on making changes.

The clinic also ran some blood tests on me to check several key levels in my body. The results of which were to be mailed to me.

The clinic also prescribed me two medicines to give me a kick start in my weight loss goals:

Phentermine – A once daily tablet to assist in weight loss. Its primary objective is to suppress hunger. This is to be used together with a low calorie diet.

HCG – Human Chronic Gonadotropin. A self injection to be performed once per week. This is the same hormone that women have when they are pregnant. I read about this before taking it. There is a lot of information available about this, but it is not unsafe to take and there are studies showing it successful.

To recap, for $72 I met with a nutritionist, got a weigh loss diet plan, set a goal, got some medication to get me kick started, and I was out the door. Color me skeptical that anything would change.

*Note, I met with the doctor once a month at $72 a visit. We met three times @ $72 and one final time to do wrap up and second blood test, only a $25 co-pay. In total, $241 paid.

From that day forward I started some new habits. Here is what my routine would look like:

Daily:

  • 1 Phentermine capsule before breakfast
  • At least two 32 Oz waters with flavor mix from Target, a Diet Coke on occasion
  • No regular soda
  • No French Fries (for those that know me well, this seemed impossible)

Weekly:

  • Every Wednesday, perform HCG injection in stomach (thanks Holly! Glad my wife is an RN)

Breakfast:

  • 16oz Whey Protein Shake everyday (2 days a week I might eat 2 eggs as well or some cereal)

Lunch:

  • Chicken Wrap
  • Cheeseburger
  • Peanut Butter Sandwich
  • Kaishi Cereal
  • Sushi
  • Roast Beef Sandwich
  • Few other items

Dinner:

  • Grilled Chicken/Baked Chicken (Lots of chicken)
  • Asparagus (gasp! A vegetable)
  • Steak Wrap
  • Pork Chops
  • Lean cuisine pizza / one or two slices of chain pizza
  • Pasta (smaller quantities)
  • Corn on the cob
  • One dinner roll (keep night-time carbs to minimum)
  • Eating out? Just order a sandwich, burger or chicken, substitute vegetables for fries, drink water or diet coke

 

I’ve maintained this same routine since March. I stopped taking the appetite suppressant at the end of the second month as I no longer needed it. I had monthly check-in and weigh-ins with the nutritionist.

As of today I am at 188 pounds, that is a total weight loss of 40 pounds in just over a 3 month period. I have been off of HCG for over 2 weeks and by maintaining my diet, I have continued to lose weight. I went from a size 40 pants to a size 33-34, which I have been out of for years. I’m very happy I kept my “old” clothes because I needed them!

The important factor here is that I have not exercised at all. All of this has been from eating less, killing soda, adding in tons of water and protein. I feel healthier and plan on sticking with this for the long haul. In order to tone up and have better physical health I have been advised to start some sort of workout, whether that be walking or jogging a bit each day, nothing crazy (or insane-ity).

Hopefully this information will be helpful to people. Especially those that need a kick-start or a place to start with their weight loss plans.

 

My Blog is hosted with Cytanium. If you are looking to start your own personal blog and need hosting check them out. Easy to use interface and great pricing!

I wrote a blog post over at OrcsWeb that gives an introduction to SQL 2012 AlwaysOn Availability Groups (AAG). This post explains what AAGs are, some of the features, and what you need to get started.

You can find that post here.

 

I wrote a blog post over at OrcsWeb on setting custom SQL ports for multiple instances of Microsoft SQL Server to be accessed via SSMS. It walks through the troubleshooting process and how we resolved the issue.

 

You can find the post here.

Using the Windows Phone WordPress on my phone, to do a test publication.

Recently I wrote my very first “blog post”. It was a write-up on (warning to my non-tech friends, be prepared for something you aren’t going to understand) “Accessing SQL 2008 R2 Named Instances with SSMS, Remotely, on Custom Ports”. I’d like to reflect on that experience.

I already know the value of blogs. In working in the IT field, almost daily I owe thanks to someone who has ran into the exact same issue I am troubleshooting, blogged about it, and included a fix to my problem. But me, posting to a blog? It just didn’t sound like much fun. Here’s how it happened.

We encountered an issue outside of the norm that required several troubleshooting steps. Once we had resolved the problem, it was strongly suggested that the subject matter would “make a good blog post”. Giving into “peer pressure”, I decided to give it a shot. I started at the beginning of the problem, documented all the steps that our team took to troubleshoot the problem successfully. I also included some extra information, so that if someone encounters my post it may prove helpful.

Much to my dismay, it was actually an enjoyable experience. Here are some things I picked up on:

1) Blogging could be fun!
2) Blogging cemented my knowledge in the subject matter, and would do so in any other subject that I decided to tackle.
3) Blogging on the subject may help others resolve this same issue.

So I decided to setup this blog. I decided to go with a WordPress site, mostly because of the wealth of plug-ins.

I picked up a domain name from GoDaddy for $8, setup a new WordPress website with a Cytanium hosting account, and I had this blog up and running in 30 minutes or less! The experience with both GoDaddy and Cytanium was stellar.

My first blog post mentioned above will be available on the ORCS Web website once the new site goes live. I’ll be posting it here afterwards.