Dean Leong - Technologies Journal

Saturday, March 12, 2016

Retrieve BIOS embedded Windows product key

Image result for Windows 10 product key

New PC shipped with windows OEM version from vendor no loner comes with Certificate of Authenticity attached, instead, PC manufacture embedded the windows key into BIOS or EFI.

Please read the link below carefully to understand your downgrade rights, https://www.microsoft.com/OEM/en/licensing/sblicensing/Pages/downgrade_rights.aspx#fbid=OtIyotJ5rw5

So, I just ordered a new PC that comes with windows 10 but due to some application compatibility, the software only support windows 8.1. So i have to downgrade and format the PC to windows 8.1.

I need a product key but it is embedded with the BIOS. I downloaded this tool to get they key, https://neosmart.net/OemKey/ . This product key can be used to re-install window 10 or downgrade to 8.1 with a clean windows setup CD.

Image result for Windows 10 product key

Wednesday, March 9, 2016

AWS Simple AD–change subnet

i was working on a AWS project and setting up a workspace (desktop on the cloud) and 1 of the pre-requisite is active directories. I am using AWS in Sydney region. I setup my active directories (Simple AD)and realized AWS workspace does not support Sydney region on availability zone b and c, only availability Zone A is supported. I get error message like below when i tried to register workspace using my simple AD directories on availability zone b and c,

“

Unsupported Subnet

The selected directory was created in a subnet that is not supported by the WorkSpaces service, and cannot be registered. Please try with a different directory or contact the AWS Support Team on the community forums and via AWS Premium Support.

“

Workaround:

I've logged a support call with AWS support but the answer i get back is not possible to change the directories subnet. The workaround is to create a new AD connector. Make sure the AD connector is on the correct subnet (availability zone A)

make sure

- connected directory DNS is the same as simple AD

- NETBIOS name is the same as simple AD

- username and password – which is the user with domain admins rights in simple AD

- DNS must matched. you can get DNS by going into workspace – directories and expand the directories,

Once the AD connector is configured, you can now register the workspace with the new AD connector and start workspace.

It is an additional monthly charges but since my workspace also required MFA, which only support AD connector, hence this is ok for me.

Thursday, December 3, 2015

Linux Services - From Oracle Linux 6 to Oracle Linux 7

Oracle Linux 7 is based on Fedora19, where the previous Oracle Linux 6, 5 are based on Red hat Enterprise. The switch from sysvinit to systemd is now part of the Enterprise Linux distributions. Below is just some simple commands to start/stop services

Starting and stopping service

#systemctl stop httpd

#systemctl start httpd

#systemctl restart httpd

#systemctl status httpd

Autostart service when boot, chkcofig replaced with

# systemctl start dbora.service

# systemctl enable dbora.service

List of services currently running

systemctl list-units --type service

I’ll update this post when new commands discovered.

Thursday, November 19, 2015

Reset Windows Server Admin Password

Unfortunately, today you’ve forgot the windows server password but good news is, Microsoft make it easy for you to reset the admin password. All you need is the Windows Server CD.

I tried on my test VM, which is a domain controller, and it works too! As this a test VM, this is the only domain controller server.

1. Boot off the Windows disk and select the “Repair your computer” option from the lower left-hand corner.

2. Follow through until you get to the option to open the Command Prompt

3. Backup and move the utilman.exe file with the command below,

Note: for some system, you may change the c: to d:, you’ll need to know where is the windows file.

# MOVE C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.bak

4. Now copy the cmmd.exe and rename it Utilman.exe:

# COPY C:\Windows\System32\cmd.exe C:\Windows\System32\Utilman.exe

5. Reboot your machine. When its done booting up again and you are at the Logon screen, click on the Ease of access icon.

6. At the command prompt, to change the password type:

# net user administrator *

7. Once you press enter you will asked to set a new password and then confirm it, when entering your new password don’t worry if you can’t see them as you type, they are invisible, they are however being saved.

8. Once you’re logged in again, go to C:\Windows\System32\, delete the Utilman.exe and then rename Utilman.exe.bak back to plain old Utilman.exe.

Tuesday, September 8, 2015

Chrome version 45 and weak Diffie-Hellman public key

You upgraded chrome.

It's important to understand changes being made to the browser before installing updates.

Chrome 45 blocks all https connections when the cipher suite is diffie-hellman and the DH keysize is < 1024 bits.

Solutions:

1. Upgrade your web server to use 2048-it Diffie-Hellman group.

2. Temporary solutions for Chrome

- open CMD/DOS
- Navigate to the directory where chrome.exe lives and then paste:

chrome.exe --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

More info for Weak Diffie-Hellman and the Logjam Attack:

https://weakdh.org/

Sunday, July 12, 2015

Removing Corrupted Shadow Copies

Sometimes, corrupted shadow copies cannot be deleted by issuing the "vssadmin delete shadows /all" command. Instead, you receive the error:

"Error: Snapshots were found, but they were outside of your allowed context. Try removing them with the backup application which created them."

Corrupted VSS stores in C:\System Volume Information and might taken up large amount of disk space.

Solutions:

Launch an elevated command prompt on the Agent machine(s) involved and type the following:

# diskshadow

# list shadows all

# delete shadows set {id of shadow to be deleted if selective deletion is to be performed}<enter>

# delete shadows all {if all shadows are to be deleted}.

This will delete the corrupted shadow copies.

Saturday, June 6, 2015

Microsoft Reverse Proxy – IIS ARR (Application Routing Request)

Many of you already familiar with the concept of reverse proxy – A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests to the proxy may not be aware of the internal network. As Forefront TMG 2010 is becoming end of life, at the moment only supported Reverse Proxy solution from Microsoft is IIS ARR.

My most favour feature is it capable of doing routing based in URL request. If you are running multiple web servers like me, you’ll end up having a large pool of public IP address NAT to each web server. With ARR, we only need a single public IP, based on the URL header, it will redirect you to the server/server farm, and is easy for me publish/unpublish my web servers. It others feature like

- Hide the characteristic of the origin server

- Load balancer

- SSL offload

- Caching

Prerequisites to Install IIS ARR

1. The IIS ARR server need not be domain joined. It's your choice to decide if you want to domain join this server or not.

2. The IIS ARR server should have two NICs, one for the internal network and the other for the external network.

3. If you're not using an internal DNS server, you should update the HOSTS file on the IIS ARR server so that it can perform name resolution for the internal CAS and the published Exchange namespaces.

4. For SSL binding, 1 public IP and port 443 can only bind to 1 certificate, so make sure you use wild card certificate. If you are hosting multiple domain, you can either use SAN certificate or use multiple IP for each different certificate.

Install ARR

1. Install IIS on Windows Server 2012R2 with all defaults, nothing too smart.

2. Use Microsoft Web Platform Installer to install IIS ARR 3.0

3. You’ll get the first installation screen, telling you it will install 2 features:

4. Hitting “Install” will show you the features you’re about to install. That’s 4 components all together:

5. Click “I Accept” and enjoy the commercial content from Microsoft whilst the installation is taking place:

6. When the installation is finished, You’ll see it has installed four components:

7. Open IIS Manager, and you’ll see you have two new features:

· “Server Farms” under the server node.

· “Web Platform Installer” in the management node.

SSL Binding

1. Import your external certificate to the server:

2. Navigate to your default website in IIS Manager and click “Bindings”:

3. You’ll see it has only the HTTP binding. Click “Add” to edit the HTTPS binding:

4. Choose “HTTPS” from the drop down menu, then choose your External certificate, and press “OK”:

5. This completes the SSL certificate configuration of the web site.

Note: Remember the rule for SSL - 1 public IP and port 443 can only bind to 1 certificate, so make sure you use wild card certificate. If you are hosting multiple domain, you can either use SAN certificate or use multiple IP for each different certificate.

Publishing website via MS IIS ARR

1. From IIS, Right click Server farm and “Create Server farm”

2. Enter a server farm name, for naming conventions, make it the same as your public name.

3. On this screen, make sure the server address is correct and reachable, otherwise you might want to create a host entry. Make sure the http and https port is correct then click “Add” and finished.