Monday 16 December 2019

Creating a CSR


Use the instructions on this page to create your certificate signing request (CSR) and then to install your SSL certificate in IIS 8 on Windows Server 2012 or IIS 8.5 on Windows Server 2012 R2.
1.     To create your CSR via IIS 8 and IIS 8.5: How to Create Your CSR on Windows Server 2012.
2.     To install your SSL certificate, via IIS 8 and IIS 8.5: How to Install and Configure Your SSL Certificate on Windows Server 2012.
Step 1: Create Your CSR in IIS 8 or IIS 8.5 on Windows Server 2012
1.     From the Start screen, find Internet Information Services (IIS) Manager and open it.
2.     In the Connections pane, locate and click the server.
3.     In the server Home page (center pane) under the IIS section, double-click Server Certificates


4.     In the Actions menu (right pane), click Create Certificate Request

5.     In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.
Common name:
The fully-qualified domain name (FQDN) (e.g., www.example.com).
Organization:
Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit:
The name of your department within the organization. This entry will usually be listed as "IT", "Web Security", or is simply left blank.
City/locality:
The city where your company is legally located.
State/province:
The state/province where your company is legally located.
Country/region:
The country/region where your company is legally located. Use the drop-down list to select your country.
6.    

7.     On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.
Cryptographic service provider:
In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length:
In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).
8.    

9.     On the File Name page, under Specify a file name for the certificate request, click the  …  button to specify a save location for your CSR.
Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32

10.   When you are done, click Finish.
11.   Open the CSR file using a text editor (such as Notepad), then copy the text (including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags) and paste it into the DigiCert order form. 

12.   After you receive your SSL certificate from DigiCert, you can install it.
Posted by ventej.blogspot.com at 11:22 0 comments
Labels:

Creating a CSR and Installing and configuring your SSL


Step 1:Creating a CSR 


Step 2: Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012 


Detailed Steps are provided at the Certificate Authority site. refer here
Posted by ventej.blogspot.com at 11:18 0 comments
Labels:

Quick Shortcut in Windows 10 - Recording sessions

Windows key + shift-S

You can also use keyboard shortcut Windows key + shift-S to capture a screenshot with Snip & Sketch. Your screen will dim and you'll see Snip & Sketch's small menu at the top of your screen that will let you choose with type of screenshot you want to capture.

Alt + Print Screen

To take a quick screenshot of the active window, use the keyboard shortcut Alt + PrtScn. This will snap your currently active window and copy the screenshot to the clipboard. You'll need to open the shot in an image editor to save it.

PSR.exe to record steps to reproduce a problem
Posted by ventej.blogspot.com at 10:50 0 comments
Labels:

To Check FSMO Roles from DC

Flexible Single Master Operations specialized domain controller roles, how to check if you have multiple DCs - a quick glimpse

From command prompt:
netdom query fsmo

C:\Windows\system32>netdom query fsmo
Schema master                ****01P.ABCD.COM
Domain naming master  ***02P.ABCD.COM
PDC                                    ***01P.ABCD.COM
RID pool manager            ***01P.ABCD.COM
Infrastructure master        ***01P.ABCD.COM
The command completed successfully.

Posted by ventej.blogspot.com at 10:49 0 comments
Labels:

Sync all Domain Controllers

Using Command Prompt from DC:

repadmin /syncall /APeD

------------------------------------------------------------------------------------------
The flags in the following list are supported.
• /a Aborts, if any server is unavailable.
• /A Synchronizes all naming contexts that are held on the home server.
• /d Identifies servers by distinguished name in messages.
• /e Synchronizes domain controllers across all sites in the enterprise. By default, this command does not synchronize domain controllers in other sites.
• /h Displays Help.
• /i Iterates indefinitely.
• /I Runs the repadmin /showrepl command on each server pair in the path instead of synchronizing.
• /j Synchronizes adjacent servers only.
• /p Pauses after every message to allow the user to abort the command.
• /P Pushes changes outward from the specified domain controller.
• /q Runs in quiet mode, which suppresses call back messages.
• /Q Runs in very quiet mode, which reports fatal errors only.
• /s Does not synchronize.
• /S Skips the initial server response check.

Ref. From https://technet.microsoft.com/en-us/library/cc835086(v=ws.11).aspx

--------------------------

Replication summary:

repadmin /replsum

Posted by ventej.blogspot.com at 10:42 0 comments
Labels:

To check to which Domain Controller the end nodes are connected

From command prompt type:
Set l

Output>> 
C:\Users\Rinith >set l
LOCALAPPDATA=C:\Users\Rinith\AppData\Local
LOGONSERVER=\\HQABCD

Check Operational Group Policy from DC:
From Event Viewer
>>Applications and Services Logs >> Microsoft >> Windows > GroupPolicy >> Operational >> Filter Event ID 5310

Result:
Account details:
            Account Name : CN=**01P,OU=Domain Controllers,DC=ABCD,DC=COM
            Account Domain Name : ABCD.COM
            DC Name : \\**01P.ABCD.COM
            DC Domain Name : ABCD.COM

Posted by ventej.blogspot.com at 10:41 0 comments
Labels:

Resolution: Windows 10 Hello - Group Policy PIN and fingerprint gray out

Requirement:

Allow user to logon with PIN or Fingerprint via Group Policies

Resolution:

Create GPO



 Some of the commands to troubleshoot in case policies won’t replicate to the end nodes:

Logon to DC and open Active Directory PowerShell Module as administrator and execute below commands and compress the output folder c:\Ms-log and send by mail:

Cd \

md MS-log

Get-ADDomain | fl Name, DomainMode > C:\ms-log\DFL.txt

Get-ADForest | fl Name, ForestMode > C:\ms-log\FFL.txt
 
Get-ADDomainController -Filter * | select Name, OperatingSystem, IPv4Address, Site > C:\ms-log\dclist.txt

Netdom query fsmo > C:\ms-log\fsmo.txt

Repadmin /showrepl * /csv > C:\ms-log\showrepl.csv

Gpresult /h C:\ms-log\GPR001.html

auditpol.exe /get /category:*  >  C:\ms-log\audit.txt

dfsrmig.exe /getglobalstate > c:\MS-Log\dfs.txt 

logon to client open CMD as admin and execute below

gpresult /h c:\gpr-client.html  


For more information:

https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli
https://www.tenforums.com/tutorials/107441-enable-disable-users-sign-windows-10-using-biometrics.html
Posted by ventej.blogspot.com at 10:40 0 comments
Labels:

Monday 26 August 2019

Start/Stop VMs during off-hours solution in Azure Automation, Log Analytics




To automate the start and stop of the VMs hosted on Azure we need to consider two things, i) Automation Account and ii) Log Analytics Workspace

Scenario:


Set up the first solution deployment to start few VMs at 6 AM and stop them at 6 PM from Monday to Friday.

Then you would make the second solution deployment to start the other few VMs at 10 AM and stop them at 10 PM from Sunday to Thursday.

Please read through the steps, as you would have to specify the resource group/s you want this action to be taken, and you would also have to exclude the VMs on which you don’t want the solution.


For example, if you have 20 VMs in one resource group, but you only want the first 8 VMs to be started and stopped by the solution, you would have to specify the Resource Group name during deployment process and a list of the excluded VMs (VM9, VM10, VM11 … VM20).  This way, the solution will only affect (start and stop) VM1, VM2, VM3… VM8.

I have used the naming convention ‘StartStopVMDaily-IRIS-AA’, where IRIS stands for the project vendor and AA stands for Automation Account, and for ‘StartStopVMDaily-IRIS-LA’ LA stands for Log Analytics. Make sure both automation account and log analytics have the  same resource group name.
To summarize following are the process:
All services>> Automation Accounts>> click Add 

Add automation account name and fill in other relevant details for - ‘StartStopVMDaily-IRIS-AA’  and click create.



Then let’s go to the service, ‘log analytics workspaces’ via All services>> Log Analytics workspaces:

Click Add. 




Fill in sensible details for ex: 

 StartStopVMDaily-IRIS-LA >> Subscription: Enterprise >> Resource Group: provide resource group name of the hosted VMs >> Location: West Europe >> Pricing Tier: Free (select what suites you) and click OK.
After creation of Log Analytics workspaces, click on 'StartStopVMDaily-IRIS-LA' which has been just created (as highlighted below).



Click workspace summary





from Overview window click 'Add' option from the marketplace search window, type 'Start/Stop VMs during off-hours' 








and click Create  



as soon as create button is clicked >> from 'Add Solution' space select workspace as 'StartStopVMDaily-IRIS-LA' >> automation account as 'StartStopVMDaily-IRIS-AA' >> configuration: configure parameters >>



parameters:

vm runbook: target resourceGroup Names: wildcard '*', * is applicable to all resource groups, else specify correct resource group where the VMs reside >> VM Exclude List (list of VMs which needs to be excluded>>  enter the VM names in the space provided. For more than one VM enter with coma >> enter schedule daily start and stop time (specify correct time zone >> select email functionality if required and specify a valid email address.>> click ok and click create.

Click log analytics workspace 'StartStopVMDaily-IRIS-LA' which we just created. and click workspace summary



Selecting the graphical ‘startstopvmview’ provides a historical summary of the schedules.



If you may want to modify the schedules to recur automation weekly or monthly based on your requirement following Home>> Automation Account >> select the required automation account (for ex: ‘StartStopVMDaily-IRIS-AA’) >> click Schedules >> Scheduled-StartVM or Scheduled-StopVM


Settings:


 You may include or exclude VMs by modifying the variables:


Automation Accounts >> StartStopVMDaily-IRIS-AA >> Variables

Select External_ExcludeVMNames and modify the Value (VMNames described under it)


Reorganize automation account and log analytics @your Azure portal favourites:
Deploy the solution twice based on the above scenario.


I hope the above depicted pictures are self-explanatory.
Have a great time J.

also read@Microsoft documentation

Posted by ventej.blogspot.com at 12:33 0 comments
Labels:
Subscribe to: Posts (Atom)