IT Consultant Everyday Notes

Just some problems/solutions storage

Lync: Request certificate for Reverse Proxy

First of all, Microsoft has an article for that.

But, the article did not work for me – Entrust needed additional fields (like Country, Locality) filled and for some reasons all my CSRs had 1024 key request even though I put 2048 in MMC Wizard.

Finally I decided to do it old way, via .inf file and certreq tool.

here is .inf file I created:

SNAGHTML4b3b961

Note: the CSR requests SHA-1 certificate. Microsoft supports SHA-1 until 2017. You can tweak it to request SHA-2 cert.

PKI: How to clean faulty Certificate Request

I recently needed to update an Entrust certificate on my Lync Reverser Proxy. Lync does not have a Wizard to generate CSR so I used Microsoft KB https://technet.microsoft.com/en-us/library/gg429704(v=ocs.15).aspx to generate it. Unfortunately KB does not say you need to add Country, Locality and other information and CSR generated failed on Entrust. I added information, but in this case CSR failed because of key length – it has 1024 even though I put 2048. so I end up with several faulty CSRs. How to clean them out? Google search brought me some powershell scripts. Looked a bit too complex. Finally I found an answer on ExpertExchange.

You can basically use certificates MMC (local machine store) and delete unwaneted CSRs there. After that remove CSR files from location where you saved them.

SNAGHTML4a65622

Networking: How to control source IP on multi-IP adapter

In some cases I need to bind multiple IP addresses to a single adapter.

 

like this:

SNAGHTML3f24e8bc

How to control which of them will be used as a source? It can be necessary let say for firewall rules.

The matter in fact there is RFC 3484 describing set of rules.

Since Server 2008 SP2 Microsoft offers a mechanism of control. Instead of adding additional IPs via GUI you need to use NETSH command and skipassource flag like this:

Netsh int add address <Inetrface name> <IP address> skipassource=true

IP addresses left can be used as a source as per RFC.

I found this advice here

SCCM 2012: SUP does not synchronize updates

I noted my ADR did not created a Software Group for Patch Tuesday. I checked Software Updates and found fresh updates were not sync’ed on schedule. Manual sync did not help either.

Resolution: remove Classifications from SUP properties, wait while it will be sync’ed to WSUS. Add classification again and restart Update Synchronization.

In my case fresh updates were synchronized successfully after that.

Windows 10: Change One Drive location

I have W10 on couple of my machines and left default One Drive location one one of them. As a result it quickly filled the drive. Tried to find a way to change OneDrive cash location drive but without success until find the following article:http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_files/cannot-change-or-move-default-folder-for-onedrive/f769a16c-26b1-41cc-89d3-a0737a01837a

 

Hare is the way:

  • First, go to Add or Remove Programs in the control panel and find Microsoft OneDrive
  • Right click and uninstall 
  • Reboot (This might not be necessary, I did it for luck) – UPDATE:  Yes, it’s necessary. Hat tip to oblio9. 
  • Go to C:\Windows\SysWOW64 and run OneDriveSetup.exe – Here’s the full path if you just want to cut and paste into in Win-R: C:\Windows\SysWOW64\OneDriveSetup.exe

SCCM 2012: Application Catalog WebService Point failed with “Parameter set cannot be resolved using the specified named parameters.”

 

I tried to install the abovementioned role using Powershell. I followed Microsoft example letter by letter but it still failed with a nasty PowerShell error “Parameter set cannot be resolved using the specified named parameters.”

SNAGHTML53b83032

Finally I found a spreadsheet on http://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0CDYQFjAE&url=http%3A%2F%2Fcm12sdk.net%2F%3Fwpdmact%3Dprocess%26did%3DMTQuaG90bGluaw%3D%3D&ei=ZVvBVMLiMIacyAT174JY&usg=AFQjCNG9mVW1L-nWqtbI813UbYzrFKCXlQ&bvm=bv.83829542,d.aWw

 

and put parameters EXACTLY in the order mentioned there. (I know, it is crazy). Surprisingly, the cmdlet works now .

SNAGHTML53bae000

Azure Automation: Send Email from Azure Automation Script via GMAIL

I am working with Azure Automation scripts. One of them stops all my Lab VMs after working hours to save some money. Script is based on one from Automation Gallery, but I wanted to add a notification feature.

There are several posts about using O365 for this, but I do not think it is a good idea since 0365 is not free.

I tried Outlook.com (AKA Hotmail) first, trying to stick with Microsoft platform, but did not get any success (authentication kept failed for me). So, the second choice was Gmail.com. From some posts I understood Azure does not have root certificates from GMAIL CA and SSL connection does not work. To workaround the issue I downloaded Google root certificate and created a Certificate Asset in Automation console

SNAGHTML9554a11d 

Interesting enough I do not need to use it in my script apparently simply existence of it is enough….

Here is the script to check if all machines are in stop(Deallocated) state and send email otherwise. The script uses a PS Credential Asset: ‘Azure Credentials’ and my MSDN Platform subscription.

I created a test account at Gmail: azure.automation.service@gmail.com and add an Automation Asset (PS Credentials) including Gmail user name and password – “Gmailcreds” that allows do not put user name/password in the script.

workflow test-mail
{  
   $Cred = Get-AutomationPSCredential -Name ‘Azure Credentials’
   $Gmailcreds = Get-AutomationPSCredential -Name ‘Gmailcerds’
   Add-AzureAccount -Credential $Cred
   Select-AzureSubscription -SubscriptionName “MSDN Platforms”   
   $vms = Get-AzureVM
   $ss=””
   ForEach ($vm in $vms ) {
      if ($vm.Status -ne “StoppedDeallocated”) {$ss=$ss+$vm.name+” – “+$vm.Status + “`r`n”}
   }
   if ($ss -ne “”) {
      $mail_body= ‘Attention! One or more VMs are in a state other than “Stopped (Deallocated)”‘ `
      +”`r`n”+$ss
      Send-MailMessage -SmtpServer smtp.gmail.com -Port 587 -Credential $Gmailcreds `
         -UseSsl -From ‘azure.automation.service@gmail.com’ -To ‘alex.ignatenko@onx.com’ `
         -Subject ‘Alarm: Azure Automation – Running VM!’ -body $mail_body
   }
}

This script can be added to schedule to run every night.

Server 2003: Migration to Azure

In my test Lab I migrated Server 2003 VM to the Cloud. The matter in fact it is not enough just copy VHD to Azure using

Add-AzureVhd [-Destination] <Uri> [-LocalFilePath] <FileInfo> [[-NumberOfUploaderThreads] <Int32> ] [[-BaseImageUriToPatch] <Uri> ] [[-OverWrite]] [ <CommonParameters>]

command in Azure PowerShell

It as also necessary to add the copied disk to inventory using:

Add-AzureDisk [-DiskName] <String> [-MediaLocation] <String> [-Label <String> ] [-OS <String> ] [ <CommonParameters>]

In my case the script looks like

SNAGHTML8b4564ad

 

The information was found in Sandrino’s blog here: http://fabriccontroller.net/blog/posts/migrating-your-windows-server-2003-workloads-to-microsoft-azure/

Lync: Script: Get-CsConnections.ps1 – See User Connections, Client Versions, Load Balancing in Lync Server

An old script, but never saw it before for some reasons – it allows to see Client versions and user distribution per Front-end Server. I use it during FE updates, to be sure there is no user connected to an updated FE.

original is here

 

SNAGHTML44045511

Windows 8.1: Disable first logon animation

Raphael Perez published a reg key to disable the animation. It can be distributed as an SCCM package during OSD:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableFirstLogonAnimation”=dword:00000000

The command line that Raphael used was a follows …

regedit.exe /S Disable_First_Run_Animation.reg

Full article

Follow

Get every new post delivered to your Inbox.