Replacing the default (self signed) certificate on a RD Session Host server

Many times I wanted to get rid of that annoying certificate warning message when I make a RDP connection to a RD Session Host server or a workstation. If you are using RDP inside an Active Directory network, the warning is gone, because the connection is using kerberos for security, but if you are connecting from outside to the inside, well…you will be prompted to accept the server certificate, and this is because the certificate is self signed and is not trusted. The following method works for clients OS (Win XP, Vista,7) too, not just for RD Session Host servers.

To install a trusted certificate I will use a script that I found on Microsoft technet. For this guide an Enterprise Internal CA will issue the certificates since is cheaper and much easy to work with, but if you have a lot of external clients a commercial certificate is recommended. To start we need to request and install a certificate on the local computer store on the RD Session Host server. For that open the Certificates Store console (Start > Run > mmc), select Certificates and click the Add button. On the wizard that just popped-up choose Computer Account > Local Computer. Continue reading “Replacing the default (self signed) certificate on a RD Session Host server” »

Share

Creating a Windows Server 2008 R2 Failover Cluster

I hear you…you want your SQL, DHCP, Hyper-V or other services to be highly available for your clients or your internal users. They can be if you create a Windows Failover Cluster and configure those services in the cluster. By doing that if one of the servers crashes the other(s) one will take over, and users will never even notice. There are two types of Failover Clusters: active/active and active/passive. In the first one (active/active) all the applications or services running on the cluster can access the same resources at the same time, and in the second one the applications or services running on the cluster can access resources only from one node, the other one(s) is/are in stand-by in case the active node is fails.

Continue reading “Creating a Windows Server 2008 R2 Failover Cluster” »

Share

Configuring DKIM signing in MDaemon

DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.
To configure and use DKIM: 
  1. The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server.
  2. Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message.
  3. The receiving server obtains the signature from the “DKIM-Signature” header and verifies it using the signer’s public key. Continue reading “Configuring DKIM signing in MDaemon” »
Share

MDaemon 10.x: Running WorldClient under IIS7.5 on Windows 2008

Procedure

  1. Install the Web Server Role with ISAPI Extensions and ISAPI Filters (for exact steps please consult your Operating System documentation)
  2. Open the IIS console
    1. Click Start
    2. Click All Programs
    3. Click Administrative Tools
    4. Click Internet Information Services (IIS) Manager
  3. On the Connections pane, expand the [Machine_name] node
  4. Right click on Sites
  5. Click Add Web Site Continue reading “MDaemon 10.x: Running WorldClient under IIS7.5 on Windows 2008” »
Share

Load Balanced IIS behind ldirectord loadbalancer

Cluster Nodes Configurations (IIS6/7 Real Web Server Configuration)

1. Create text file by using Notepad and name it "check.txt"
2. Fill this file with "webserverisworking" string.
3. Move file to "C:\inetpub\wwwroot" or anywhere your web files are.

If you are using Windows XP/2003 IIS web server then you should do these steps:

1. Install "Microsoft Loopback Adapter" by using "Add Hardware" icon in Control Panel.
2. Set IP to 10.10.10.53
3. Set Subnet Mask to 255.255.255.0
4. Don't Set Gateway or DNS
5. Done! Continue reading “Load Balanced IIS behind ldirectord loadbalancer” »

Share

Many-To-One Mappings IIS

Many-to-one Client certificate mapping is used by the Internet Information Services (IIS) to associate an end user to a windows account when the client certificate is used for the user authentication. The user session is executed under the context of this mapped windows account by IIS. For this to work we need to ensure that the certificate to account mapping is configured correctly in IIS.

In IIS 6.0, the user had the option to configure Many-to-One client certificate mapping through the IIS Manager User Interface. In IIS 7/7.5, we don’t have such an interface for either One-to-One or Many-to-One mappings. This post talks about the Configuration Editor IIS 7/7.5 extension that can be used to achieve the mappings either for One-to-One or Many-to-One. Here we will talk in specific about Many-to-1 mapping.

IIS 7 or IIS 7.5 Schema

This is the schema for the IIS Client Certificate Mapping authentication feature in IIS 7 or IIS 7.5.
Prerequisites

These are the prerequisites needed for this walkthrough.
1.We have installed IIS Client Certificate Mapping module on the server.
2.A Web Site is configured with an HTTPS binding which can accept SSL connections.
3.We have a client certificate installed on the client.
4.IIS 7 Administration Pack is installed on the IIS 7.0 server. NOTE: Configuration Editor is shipped by default on IIS 7.5.

Walkthrough

Step 1:

1. Launch the IIS manager and select your web site which is being configured for client certificate authentication.

2. In the features View select Configuration Editor under Management section in the Features View.
3. Go to "system.webServer/security/authentication/iisClientCertificateMappingAuthentication" in the drop down box as shown below:

You will see a window to configure Many-to-One or One-to-One certificate mappings here. This is the UI provided through Configuration editor from where we can setup all the mapping configurations.

4. We can go ahead and modify the properties through this GUI.
•Set enabled to true
•Set manyToOneCertificateMappingsEnabled to True
•Select manyToOneMappings and click on the extreme end at the Ellipsis button to launch the new window for configuring mappings.

5. Under this new window go ahead and Add a new item. You can modify the properties from within the window as shown below:

6. Click on the Ellipsis button for rules and this will give you an option to add multiple patterns for matching based on certificate properties.

So here above we have two entries for rules for mapping the certificate. In the above case we are using two different fields named Subject and the Issuer in the certificate field and based on the matchcriteria property map the certificate to the account mydomain\testuser.

Shown below is how the final mapping for a specific windows account looks like. As you can see there are two entries for rules for this account.
Similarly we can have other mappings for various accounts based on the fields “Issuer” and “Subject” in the Certificate.

Download the details with screenshot from here configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5

Relevant Sources:

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

http://blogs.iis.net/webtopics/archive/2010/04/27/configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5.aspx

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

Share

Windows Apache SSL

Step 1 – What You Need

A copy of Apache that includes SSL support.
A copy of OpenSSL.
An openssl.cnf file.

The copy of Apache that I had installed on my machine did not include SSL support, so I moseyed on down to the Apache download page. You’ll notice on that page that there are files named something like apache_2.2.11-win32-x86-openssl-0.9.8i.msi, as well as files named something like apache_2.2.11-win32-x86-no_ssl.msi. You need to have the openssl version installed, not the no_ssl version (duh). I couldn’t find any reliable info on manually adding SSL support to a no_ssl install, so I simply downloaded the most up-to-date version of the openssl installer and ran it. It successfully upgraded my version of Apache without overwriting any of my existing config files.

The nice thing about that installer is that it includes a copy of OpenSSL, so you don’t need to download that separately.

Finally, you need an openssl.cnf file, which doesn’t come with the package. I downloaded one that works from Neil’s site. If that link is broken you can find a copy attached to this blog post. I have Apache installed in C:\Apache\, which means that I can find OpenSSL in C:\Apache\bin\, so I copied the openssl.cnf file into that directory.
Step 2 – Create a Self-Signed Certificate

This step will create a number of files related to your certificate. Each of those files has the same name, with a different extension. In the example commands below I’ve used the name bob. Feel free to replace that with anything you like.

Share

Ozeki NG MySQL Connectivity Parameters

Databse connection

===========================

Driver={mySQL ODBC 5.1 Driver};Server=192.168.0.100;Port=3306;Option=4;Database=mydb;Uid=userdb;Pwd=putmypwd;

Sending-Polling

============

SELECT id,sender,receiver,msg,msgtype,operator FROM ozekimessageout WHERE status=’send’

Sending-sending

=============

UPDATE ozekimessageout SET status=’sending’ WHERE id=’$id’

Sending-Sent

==============

UPDATE ozekimessageout SET status=’sent’, senttime=’$senttime’ WHERE id=’$id’

Sending-Not sent

===========

UPDATE ozekimessageout SET status=’notsent’ WHERE id=’$id’

SQL for receiving

==============

INSERT INTO ozekimessagein (sender, receiver, msg, senttime, receivedtime, msgtype, operator) VALUES (‘$originator’,’$recipient’,’$messagedata’,’$senttime’,’$receivedtime’,’$messagetype’,’$operatornames’)

Share

Canon scanner N340P/ N640P problem on windows 7 or vista Operating System

I was trying to use my old scanner Canon flatbed scanner "CanoScan N 640P ex" model. The driver installation didn't give any compatibility issue. However, after the OEM driver installed and tried to scan something- I was receiving this error-

canocraft cs-p 3.8 profile not found error code 0x24050010

After googling got it up & running :). So here goes the tid bits-

One:: log out of your user account it will not run in the user account.
Two:: log in to admin account then unzip the file in to a blank folder you should have disk one two three.
Three:: open the folder names disk one.
Four:: right click on the file that say's setup.exe right click it. then select properties then on the tabs click on compatibility tab
Five:: check run this program in compatibility mode for : select in the drop down box windows 2000 then click apply
Six:: click on the setup.exe file and run it.
Seven:: when the setup is done check mark i will start my computer me self. the finsh.
Eight:: after the box is gone restart the computer.
Nine:: log back in admin account and load the CanoCraft CS-P 3.8 do a preview scan you should have a preview show up.
Ten:: you get a preview page then test for a save file jpg what I did.
Then when thats done log out and back to your user account. scan all you want. Note do not !!! add it as a device it will blue screen you "blue screen of death"

Share

How to enable automatic logon in Windows 2003 Advanced Server

Use Registry Editor (Regedt32.exe) to enable automatic logon

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows

To enable automatic logon, follow these steps:

  1. Start Regedt32.exe, and then locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  2. Using your account name and password, double-click the DefaultUserName entry, type your user name, and then click OK.
  3. Double-click the DefaultDomainName entry, type the domain name, and then click OK.
  4. Double-click the DefaultPassword entry, type your password, and then click OK.

    Note If the DefaultPassword value does not exist, follow these steps:

    1. Click Add Value on the Edit menu.
    2. In the Value Name box, type DefaultPassword, and then click REG_SZ for the Data Type
    3. Type your password in the String box, and then save your changes.

    Also, if no DefaultPassword string is specified, Windows automatically changes the value of the AutoAdminLogon key from 1 (true) to 0 (false), which disables the AutoAdminLogon feature.

  5. Click Add Value on the Edit menu, enter AutoAdminLogon in the Value Name box, and then click REG_SZ for the Data Type.
  6. Type 1 in the String box, and then save your changes.
  7. Quit Regedt32.
  8. Click Start, click Shutdown, and then click OK to turn off your computer.
  9. Restart your computer and Windows. You are now able to log on automatically.

NOTE: To bypass the AutoAdminLogon process, and to log on as a different user, hold down the SHIFT key after you log off or after Windows restarts.

Src: http://support.microsoft.com/kb/310584

Share