I used to use Dreamweaver all the time, it was used to design and build the site and handle all the uploads etc. Since I moved to WordPress I don’t use is as much. But it’s still a great code editor so I still fire it up on occasion. At least I did until this started happening;
To open “dreamweaver” you need to install the legacy Java SE 6 runtime.
Click “More info…” to visit the legacy Java SE 6 download website.
Solution
I’m a bit twitchy about Java, I need to tread a fine line between keeping updated, and still having a version that works with my clients firewalls. The amount of times things have ‘smashed’ because Java has updated for me are numerous. Java can turn a 25 second job into a two hour job.
So the thought of ‘downgrading’ to version 6 was not one I relished. But thankfully, if you avoid the Sun Java site and install the Apple Legacy Java package everything continues to work.
If you’re still having problems, see this article.
Related Articles, References, Credits, or External Links
The purpose of BranchCache is, (as the name implies) to cache files in branch sites, without the need for a local file server or DFS. There are essentially two deployment models, In Hosted Mode a server in the branch caches the files locally as they are requested by clients.
This works because the main file server provides a hash of the requested file, the branch server will download it, and if another client asks for the same file it can check the hash on it’s local copy to see if it’s been updated, if not it serves the file locally without the need to be downloaded again. As the branch connections are typically slower, this makes things a lot more efficient.
Note: You cannot deploy BranchCache on a RODC domain controller.
But what if there is no server onsite? Then you can use Distributed Mode, where every client can download and cache a copy, then the clien’s serve the files to each other.
Solution
Deploy The Main Office BranchCache File Server.
BrachCache for Network Files is a server role, select it and complete the Wizard.
You can carry out the following procedure with domain group policy, but it’s just as easy to setup in local group policy, on the file server. Windows Key + R > gpedit.msc > Computer Configuration > Administrative Templates > Network > Lanman Server > Hash Publication for Branch Cache.
Enable the policy and set to Allow hash publication for all share folders > Apply > OK.
Note: You have enabled Hashing for ‘All shares ‘so the next step is a moot point. If you selected ‘Allow hash publication only for shared folders on which BrancCache is enabled’, then you would definitely need to do the following!
Now on the ‘Shares’ select the caching option.
Enable BranchCache.
Now I’ve created a Domain Group Policy called ‘BranchCache Firewall Policy’. Because to serve files you need to enable a couple of pre-configured firewall rules.
Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules > Add Rule.
Enable the pre-configured rule for ‘BranchCache – Content Retrieval (Uses HTTP).
Repeat the procedure and also add a rule for ‘BrachCache – Peer Discovery (Uses WSD)’.
Deploy The Branch Office ‘Hosted BranchCache’ Server.
Just as you did at the main office, install the ‘Brach Cache for Network Files’ Role.
But this time install the additional BrachCache Server Feature.
The server will be serving files, so link the ‘BranchCache Firewall Policy‘ to the OU that contains the branch server. Then to start it servicing files, issue the following command;
[box]Enable-BCHostedServer -RegisterSCP[/box]
To make sure it’s running;
[box]Get-BCStatus[/box]
Ensure ContentServerIsEnabledhas been set to ‘True‘.
If you scroll to the bottom of the output, you can see where the cache is going to live, and what ‘percent’ of the drive size it can grow to. You can change these two values.
To Move BrachCache Folder Location
In this example I’ve got a volume on my Branch server, and I’ve created a folder on there to store my cached files in.
If your client machines are going to serve BranchCache files, you will need to link the ‘BrachCache Firewall Policy‘ you created above to the OU that contains the client PC’s in the branch site.
Create a new policy and link it to the OU that your branch client PC’s are in.
This week I’ve been working on changing the site over to https. Buying a digital certificate used to be an expensive long winded affair, but not anymore. A quick internet search turned up a 3 year SSL certificate for less than 15 quid.
Getting the certificate was the easy bit, getting it installed so that Apache would use it was another ‘challenge’. On a scale of one to ten, I’m about a three (on a good day) with Linux!
Before you start, you need to generate a CSR and send that to whoever you are going to buy your cert from
What about free Certs? There are some firms that offer free certs, some require you to install software that updates the cert every ninety days, other have a short lifespan. I’m not usually one to spend any money but for a fiver a year, why not?
Solution
Your certificate vendor will sent you your certificate, it will probably come with at least one other cert. In my case it came with three other CA Certs (a RootCA and two Intermediate CA Certs). If you are unfamiliar with certificates, here’s the two golden certificate rules;
You MUST trust the authority (CA), that issued the certificate, or issued the cert to the CA that issued the cert etc.
The NAME on the certificate, either the Common Name (CN), or the Subject Alternative Name (SAN). MUST match the address you are going to.
What you will find with these <ahem> cheaper certificates, is that you trust a CA, and that CA issues another CA Certificate, (to a subordinate CA), that Issues another CA Certificate (To a Subordinate CA), and that CA issues your certificate. All these certificates form a ‘chain’ and it looks like this;
OK why is that important? Well to trust your certificate, your visitors, (and Apache) need to be able to see all the certificates in this chain, right back to the RootCA certificate at the top (which they will trust, or there’s not much point selling them!)
Some vendors will give you a certificate bundle, mine did not so I had to make one (this is not hard to do, see below). But now when you make that certificate bundle, you will have a better understanding of what you are doing, (putting all the CA certs in the chain order, into one file).
Installing SSL Certificates Into Apache
Before you start you may need to install mod_ssl ‘yum install mod_ssl’ will do that 🙂
First you need to copy all the files into CentOS, I created a folder in ‘/etc/ssl/’ called ‘localcertificates’ and copied in the domain cert, the key file (that got generated when I made the CSR – See the link above). And I’ve copied in all the CA Certificates. (I use FileZilla to do this because it’s free, and easy to use).
Now Log into your CentOS server via SSH and navigate to this directory, then use the ‘CAT’ command to make a certificate bundle with all your CA Certificates, (notice the order, SubCA2 > SubCA1 > RootCA). Note: Your certificates will probably have different names.
[box]
cd /etc/ssl/localcerts
cat COMODORSADomainValidationSecureServerCA.crtCOMODORSAAddTrustCA.crtAddTrustExternalCARoot.crt > My-CA.ca-bundle
[/box]
Now in the same directory you will have another file called My-CA.ca-bundle. To get Apache to use the certificates you need to edit the httpd.conf file. In CentOS 7 that usually lives in ‘/etc/httpd/conf’. I use nano because it’s easier to edit files with, (yum install nano). Im also going to back-up the config up as well, in case something goes wrong!
[box]
cd /etc/httpd/conf
cp httpd.conf httpd.conf-old
nano httpd.conf
[/box]
Locate the part of the file that says ‘Listen *.80’ and place a line below it that says ‘Listen *.443’.
Scroll to the end of the file and paste in the following, (change the filenames to match your own).
Note: Make Sure the Logs folder exists in /var/www if you use the same paths as me! Also SSLCertificateChainFile will change in newer versions of Apache to SSLCACertificatePath.
You can now restart Apache and browse to https://www.your-site.com. It can take a little while before it’s back up!
[box]
apachectl restart
apachectl status
[/box]
Everything’s Broken Help!!
This is why we backed up the config, first if there’s a problem ‘apache status’ usually says ‘theres a problem on line XYZ of the httpd.conf file’, if you open it in a text editor that will point you to a resolution. If all else fails, you can restore the original config like so;
[box]
cd /etc/httpd/conf
cp httpd.conf-old httpd.conf
apachectl start
apachectl status
[/box]
How To Redirect All HTTP Traffic to HTTPS in Apache?
That’s even easier, if you have a virtual host for poor 80 already setup in https.conf then just add ‘ Redirect / https://www.your-site.com/’ to it. I did not, but adding one did not break/affect my site at all. After the text you pasted in above for the virtualhost for SSL just paste in a new one for http (TCP port 80).
If a large number of failed logon attempts occur within a certain period of time it could be an indication of a security threat, which is why it is important that organizations have a pro-active means of auditing and monitoring whenever this happens. There are a number of ways you can perform this audit, one of which is using the native tools. Here we will take you through the steps so that you know how to perform this audit when required:
Solution
Run gpmc.msc to Configure Group Policy Audit Settings
Edit domain’s Default Domain Policy in the Group Policy Management Editor.
Expand Computer Configuration>Windows Settings>Security Settings > Local Policies > Audit Policy and double-click ‘Audit logon events’.
In the Audit logon event properties, select the Security Policy Setting tab and select Success.
Open command prompt and run the command gpupdate/force to update Group Policy.
To know about the failed logon events, filter the Security Event Log for Event ID 4625.
Double-click on any event to see details of the source from where the failed logon attempts were made.
Conclusion
Regularly auditing failed logon attempts through monitoring your Security event logs is necessary for ensuring security and stability of Active Directory environments. Native tools allow you to view these Security event logs but it is perhaps not the most pro-active or user-friendly method. Many organizations find that it makes more sense to deploy an automated solution, like LepideAuditor Suite – Active Directory that provides in depth reporting and real time alerting.
As soon as you start publishing apps to your RDWeb server the ‘Remote Desktop’ icon disappears. Now there’s a good reason for this, it stops users having a desktop open, then opening apps on multiple different servers, and the whole thing turning into a resources nightmare. But what if you only have one RDS server?
Solution
To get the shortcut back you need to change a registry key. Navigate to;
At this point it’s worth noting that you might want to change the ‘name’ of the shortcut back to ‘Remote Desktop’.
You don’t need to restart anything, simply refresh the web page and the application will re-appear.
Remote Desktop Keeps Disappearing Again?
Each time there’s an update, or you publish some new applications it can revert back again. To stop this I simply create a Group Policy Preference, (make sure you have changed the key(s) before you do this).
Create or edit an existing policy that’s linked to the RDS server, and navigate to;
Computer Configuration > Preferences > Windows Settings > Registry > New > Registry Wizard > Another Computer
Navigate to the RDS server, you have set the registry keys on.
Select the ‘Name‘ and ‘ShowInPortal‘ Value > Make sure the policy is set to ‘update’.
Related Articles, References, Credits, or External Links
Why is it so difficult to remove Administrative tools! The one folder you might not want your users having access to is on everyones start menu by default? I’ve seen posts saying to change the permissions so users can’t run the snap-in’s in that folder, and other posts that suggest removing it from the ‘all users’ profile, and yet more posts that say remove it in preferences with a post Vista start menu. NONE OF THAT WORKED?
This solution is for Windows Server 2012 R2, if you’re running an earlier version then I invite you to post a decent solution a the bottom of the page.
What I did was create a Custom Start screen, then exported that to XML, then configured all my users to use that start screen.
Solution
Log in as an administrator, and tailor the start screen to how you would like if for your users.
Then open a PowerShell session and export the settings to an XML file. I’ve already setup a network share on the RDS server itself to store the XML file in, (grant users ‘read‘ rights to the share).
[box]
Export-StartLayout -Path \\{server-name}\{share=name}\{file-name.xml} -As xml
[/box]
Now on the GPO linked to your RDS Server(s) add the following;
[box]
Computer Configuration > Administrative Templates > Start Menu and Taskbar > Start Screen Layout
[/box]
Enable the policy, and point it to the file you exported above. Then either force a policy refresh or wait a while for the new policy to take effect.
Related Articles, References, Credits, or External Links
If you want to use digital certificates on your CentOS server, then you will need to generate a CSR. It does not matter if you want to purchase a publicly signed certificate, or even if you are going to sign your own. Below is how to generate a CSR for a single web host.
Note: Most cert vendors now require a minimum key length of 2048 so thats what I’m going to use. And I’m assuming you have openSSL installed (type ‘openssl version‘ to find out).
The CSR Generation process will begin and you will have to answer some questions;
[box]
Generating a 2048 bit RSA private key
.........................................+++
........................+++
writing new private key to 'www.YourSite.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:Teesside
Locality Name (eg, city) [Default City]:Middlesbrough
Organization Name (eg, company) [Default Company Ltd]:YourSite
Organizational Unit Name (eg, section) []:YourSite
Common Name (eg, your name or your server's hostname) []:www.YourSite.com
Email Address []:administrator@YourSite.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:YourSite
[/box]
This will actually create the CSR, now you need to get the text from the CSR, and sent it to your certificate vendor ,or sign it with your own CA.
You can stack Cisco 3750-X Switches in groups of up to 9 switches, and they can then be managed as one switch. Here I’ve got 2 switches.
Solution
Removing 3750-X Switches Stack Configuration
One of my switches had already been in a stack, so I needed to remove its stack configuration. It thought it was switch 4 in the stack so I issued the following commands;
[box]
Switch(config)# no switch 4 provision
Switch(config)# wr mem
[/box]
Cisco 3750-X Configure Stacking
Don’t connect any stacking cables yet, decide which switch is going to the the ‘master’ and log onto that switch, and issue the following commands;
[box]
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#switch 1 priority 15
Changing the Switch Priority of Switch Number 1 to 15
Do you want to continue?[confirm] {Enter}
New Priority has been set successfully
Switch(config)#do write mem
Building configuration...
[OK]
Switch(config)#do reload
Proceed with reload? [confirm] {Enter}
[/box]
When the switch reloads you will see.
[box]
Waiting for Stack Master Election...
SM: Waiting for other switches in stack to boot...
###############################################################
[/box]
At this point you can connect the stack cables and power on the second switch. With multiple switches connect each stack port one, to the switch below’s stack port two. Then on the last switch connect its stack port one back to stack port two on the top switch, (so there is a ‘ring’.)
If you have more than two switches you can set their priority (as you did above) priority 15 will always win the ‘elections’ and be the master switch, number the rest accordingly. The default is ‘1’ so if you don’t then it works out the order based on MAC addresses, (which is not good!).
When all the switches are booted, check all is well;
[box]
Switch#show switch
Switch/Stack Mac Address : 74a2.e69a.0c00
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 74a2.e69a.0c00 15 3 Ready
2 Member 204c.9e5f.4000 1 3 Ready
Switch#show ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
GigabitEthernet2/0/1 unassigned YES unset down down
GigabitEthernet2/0/2 unassigned YES unset down down
GigabitEthernet2/0/3 unassigned YES unset down down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet2/1/1 unassigned YES unset down down
GigabitEthernet2/1/2 unassigned YES unset down down
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset down down
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Switch#
[/box]
Make sure your stack cabling is OK;
[box]
Switch# show switch stack-ports summary
Switch#/ Stack Neighbor Cable Link Link Sync # In
Port# Port Length OK Active OK Changes Loopback
Status To LinkOK
-------- ------ -------- -------- ---- ------ ---- --------- --------
1/1 OK 2 50 cm Yes Yes Yes 1 No
1/2 OK 2 50 cm Yes Yes Yes 1 No
2/1 OK 1 50 cm Yes Yes Yes 1 No
2/2 OK 1 50 cm Yes Yes Yes 1 No
Switch# show switch stack-ring speed
Stack Ring Speed : 32G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWisePlus
Switch#
[/box]
If you are also using XPS redundant power cables remember that’s only supported for up to four switches, (without an extra XPS-2200 rack power unit). I power off the switches before I fit these.
Why do they have green and yellow ends: If you look on the switch you will see the ‘socket’ is marked with a yellow and a green ‘semi-circle’. that means a green end or a yellow end can be plugged into that socket.
That makes no sense, so anything can plug into anything, why colour code them? That’s because there is a different cable that has a ‘red’ end on it for plugging into an XPS-2200 rack power supply, like this;
Then to test your XPS Power Cables.
[box]
Switch>show env power all
SW PID Serial# Status Sys Pwr PoE Pwr Watts
--- ------------------ ---------- --------------- ------- ------- -----
1A C3KX-PWR-350WAC LIT18410MD4 OK Good Good 350/0
1B Not Present
2A C3KX-PWR-350WAC LIT18410JJ3 OK Good Good 350/0
2B Not Present
Switch#show stack-power neighbors
Power Stack Stack Stack Total Rsvd Alloc Unused Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ --- ---
Powerstack-2 SP-PSS Ring 700 320 380 0 2 2
Power Stack Port 1 Port 1 Port 2 Port 2
SW Name Status Neighbor SW:MAC Status Neighbor SW:MAC
-- -------------------- ------ ---------------- ------ ----------------
1 Powerstack-2 Conn 2:204c.9e5f.4000 Conn 2:204c.9e5f.4000
2 Powerstack-2 Conn 1:74a2.e69a.0c00 Conn 1:74a2.e69a.0c00
[/box]
Stack Power Profiles (Setting Up)
Stack Power Modes
Default (Power sharing Mode): All the power from all the power supplies, is aggregated together, and no power is reserved – if a power supply failed there is a chance that there might not be enough power.
Redundant Mode: The power supplied by the largest power supply in the stack, is taken away from the total power output in case there is an outage.
Stand Alone Mode: Stops a switch participating in a power stack completely.
Each mode can be configured to run strict, or non-strict, (with the exception of a stand alone mode).
Strict: If actual power drops below budgeted power, things may get powered down. Non Strict: Actual power can run above budgeted power, if that extra power is available.
Many moons ago I wrote a post about a problem where I had no RDP over a VPN connection, and all the hoops I jumped though to troubleshoot and fix the problem.
Today I had a similar problem, I was connected to a client via Cisco AnyConnect, and I had hair-pinned that traffic, from the client site, over an IPSEC VPN to their servers in the Data Center. Pings were successful, but not RDP.
To be honest this affects various types of TCP traffic, but it only ever seems to trip me up with RDP! In the past I used to ping and set the traffic to ‘not fragment’ and manually set the packet size, then I increased/decreased the packet size until I found the optimal MTU size like this;
But these are Windows options, how can I do the same thing on my Mac?
Solution
Well things on the Mac are even easier! It will even find the value for you, (in a manner of sorts). You set the minimum packet size, and the maximum packet size, and ask it to increment each ping packet by one. Below I’ve narrowed the scope to fit it on one screenshot;