Mac: No Captive Portal

KB ID 0001780

Problem

I was on a train today, and they were offering free Wi-Fi but despite me being able to connect, I had no internet access. This has happened a few times to me and it’s when I need to connect to a captive portal to get internet access, then no captive portal ever appears.

Note: A captive portal is just a pop up window that you usually see on ‘Free‘ wifi services, so you can ‘Pay‘ for connection, by giving them your details (name, email etc).

No Captive Portal: Solution

Now I could connect with my Android phone and that has a hotspot so I knew the problem was on my Mac, and I had my work iPhone in my bag I could also connect to that and get 4G. But I wanted to bottom out the problem in case I was ever stuck.

Open your network preferences > Select the Wifi connection > Advanced.

Firstly let’s try the obvious, locate the entry that matches the SSID you are trying to connect to , and Delete it  > OK > Try again?

In my case the problem was being caused by the fact I had static DNS entries (Google’s DNS servers), this is why the captive portal was never being shown. You cant do a DNS lookup, before you have internet access, and if your DNS servers are on the internet, you can’t resolve the private URL of the captive portal!

Delete all the static DNS entries (dont panic! you will get the correct one dynamically allocated to you.) Once you’ve removed them all > OK  > Try again.

Fixed.

Related Articles, References, Credits, or External Links

NA

Windows Server 2022 SFTP

KB ID 0001779

Problem

Note: This will also work on Server 2019

There’s really no excuse to be using FTP any more, it’s insecure and your username, passwords and data are sent in clear text! So let’s put the secure in FTP and deploy Windows Server 2022 SFTP instead! 

Note: Yes there’s FTPS as well (and it’s not the same), that adds a secure layer to the old FTP protocol. SFTP is a completely different protocol and it runs on top os SSH (TCP Port 22).

Deploy Windows Server 2022 SFTP

Firstly let’s check what version of OpenSSH server is available to us, then install that version (in this example 0.0.1.0)

[box]

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

[/box]

Now start the service, and set the service ‘Startup type’ to automatic, so it will start when the server boots up.

[box]

Start-Service sshd

Set-Service -Name sshd -StartupType 'Automatic'

[/box]

Assuming you have the Windows Firewall on, we need to allow TCP port 22 though the local firewall.

[box]

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe"

[/box]

To be honest, that is the SFTP server up and running. Now you will need a user to access the service with. This can either be a LOCAL user on the SFTP server itself…

 …or a Domain User (if you joined the SFTP Server to be a Domain Member).

Windows Server 2022 SFTP Upload Folder and File Locations

Be default each user that connects will have a folder created for them under the C:\Users folder that belongs to them. Some people might not like it in that location, (but remember we are essentially dealing with a *nix program here, and thats how *nix behaves).

Setup a Windows Server 2022 SFTP Default Root Folder

If you want to have another folder as the root folder (remember then everyone is then using the SAME folder!) Then create that folder.

Then edit;

[box]

C:\ProgramData\SSH\ssd.conf

[/box]

Note: Remember ProgramData is a hidden folder so you might not be able to see it!

Locate ChrootDirectory and remove the word ‘none‘ after it, and then paste in YOUR folder path. Finally REMOVE the hash (or pound if your American) symbol from the start of that line (as illustrated). Dont forget to save the file and restart the ssh service (Restart-Service sshd).

ALWAYS test that it works from the same subnet first, (to save really annoying your firewall admin). Here I’m uploading a test text file using the FileZilla client from another server.

And to prove it’s not ‘smoke and mirrors‘ here’s the file.

So now to make the server available to the outside world then, you either need to ‘Port Forward TCP Port 22’ from a public IP address to their servers internal IP address, or if the server has its own public IP (or you have one free). Create a static one-to-one NAT on the firewall, and allow TCP traffic on port 22 inbound.

Related Articles, References, Credits, or External Links

NA

Download VMware Converter

KB ID 0001778

Problem

NOTE Conveter 6.3 can now be downloaded directly from VMware!

If you try and Download VMware Converter, you will find VMware ‘pulled‘ the files because of a zero day exploit that’s associated with the software, the VMware official posting you can find here. (they are working on publishing a replacement.)

Download VMware Converter

If you are adamant you want to use this tool and accept the risks associated with doing so Download the newest version here.

Related Articles, References, Credits, or External Links

NA

Upload Files to VMware Datastore Fails

KB ID 0001777

Problem

Whilst attempting to upload an ISO into a VMware datastore this morning, I got this error;

The operation failed for an undetermined reason. Typically this problem occurs due to certificates that the browser does not trust. If you are using self-signed or custom certificates, open the URL below in a new browser tab and accept the certificate, then retry the operation.

Solution

I’ve encountered this exact problem once before here: VMware: ISO Upload or Deploy OVA Fails ‘Undetermined Reason’ It happens because you do not trust the CA that signed the certificate that vSphere is using. Go back to the initial logon page and click ‘Download Trusted Root CA Certificates‘. Note: if you have a stupid browser that tries to open the file (I’m looking at you Microsoft Edge!) Then choose ‘Save target as’ and save the zip file containing the root CA Certificates.

Open the Zip file and choose the Windows or Mac version and locate the file that has the CRT extension, (the other file is a certificate revocation list, and you don’t need this). Double click the certificate and choose ‘Install Certificate‘.

Select ‘Local Machine‘.

Select the option to choose which store to use and put it in ‘Trusted Root Certification Authorities‘  > Then complete the import wizard, (and ensure it says import successful). Then restart your browser, log back into vSphere and try again.

Related Articles, References, Credits, or External Links

NA

Cisco to FortiGate Command Conversion

KB ID 0001776

Problem

Bah what the hell is ‘show run‘? If you’ve spent years on Cisco IOS and ASA/Firepower, then FortiGate can be a little confusing. Hopefully this Cisco to FortiGate list below will make it a little easier.

Cisco to Fortigate Translation

Cisco Command FortiGate Command
Basic commands
show run show full-config
show version get system status
show ip interface brief show system interface
show run interface x/x show system interface <port #>
show interface x/x get hardware nic <port #> / diagnose hardware deviceinfo nic
show ip arp diagnose ip arp list
show mac address-table diagnose switch mac-address list | grep -i mac
show lldp neighbor diagnose lldprx neighbor summary
show ip nat translation get system session list
show vlan diagnose switch vlan list
show failover diagnose system ha status
copy running-configuration startup-configuration execute backup config
reload execute reboot
ping x.x.x.x execute ping x.x.x.x
Basic Routing Commands
show ip route get router info routing-table all
show ip route x.x.x.x get router info routing-table details x.x.x.x
sh ip route summary get router info routing-table all
show  run | sec route-map show router route-map
show run | sec ip prefix-list show router prefix-list
OSPF Commands
show ip ospf neighbor get router info ospf neighbor
show ip ospf neighbor details get router info ospf neighbor detail all
BGP Commands
show ip bgp summary get router info bgp summary
show run | sec router bgp show router bgp
show ip bgp neighbor x.x.x.x routes get router info bgp neighbors x.x.x.x routes
show ip bgp neighbor x.x.x.x advertised-routes get router info bgp neighbors x.x.x.x advertised-routes
show ip bgp neighbor x.x.x.x received-routes get router info bgp neighbors x.x.x.x received-routes
show ip bgp x.x.x.x get router info bgp network x.x.x.x
VPN Commands
show crypto isakmp diagnose vpn ike gateway list
show crypto ipsec sa diagnose vpn tunnel list

Please comment below if you want to add any I’ve missed.

Related Articles, References, Credits, or External Links

NA