How Do I Find/Change My IP Address?

KB ID 0000208

What’s an IP address?

An IP address is the address used on a network to find your PC, Server, Laptop, or Printer etc. It’s the networking equivalent of your house number and post code (or Zip Code for visitors from over the pond).

Do you want your PUBLIC or PRIVATE IP address? As we started to run out of addresses, there were a number of solutions that we came up with, one you will see below (DHCP) the other is NAT (Network Address Translation) that lets many IPs on a network share one (or more) public IP addresses on the internet. If you want to know your PUBLIC address (your address in on the internet) then simply see below;

Your Public IP Address Is: [user_ip]

Where does my IP address come from?

You get an IP address by two methods,

1. Statically Assigned: Your address never changes and is allocated to you manually.

2. Dynamically Assigned: Your machine gets its IP address automatically via a system called DHCP.

What does an IP address look like?

Most IP addresses in use today are IP version 4 and consist of 4 numbers separated by three full stops (or once again, periods, for overseas visitors).

An IP address 192.168.1.100

Is that all my computer needs?

NO! You need FOUR pieces of information to access the internet and work properly;

1. The IP address itself (i.e. 192.168.1.100) this is unique to every machine on the network.

2. The Subnet Mask (i.e. 255.255.255.0) this tells the machine how big the network it is on, is.

3. The Default Gateway, this is another IP address on the network that you need to go through to get off the local network, i.e. to access the internet.

4. The DNS IP address, this is another IP address of a machine that can translate IP addresses into names (e.g. translate www.bbc.co.uk to 212.58.246.159).

What’s my IP address?

1. Windows Key + R > type ‘cmd’ {Enter}

2. A Command Window will open, click within the box and you can type in commands, the command to show your IP address is ipconfig, but this WONT show us the DNS settings as well, to do that the command is “ipconfig /all“.

Note: If you have many network connections you will get results for them all, you may need to scroll up and down to find the right one.>

IP Problems

Problem 1: My machine has got an IP address that is 169.254.x.y (where x and y can be any number from 1 to 254).

Answer: This machine is set to get its IP address automatically via DHCP but it cant speak to the DHCP server, because either the DHCP server is down or there is no connection between the DHCP server and you.

Problem 2: My IP address shows as 0.0.0.0

Answer: You have been given a static IP address and someone on the same network is using the same address, this causes an IP conflict, change one of the IP addresses.

Find out if your IP address is statically assigned of dynamically assigned

The more eagled eyed of you will see on the ipconfig /all results above that this machine is disabled for DHCP so its dynamically assigned however, on your Windows machine do the following.

1. Windows Key + R > Tyoe ‘ncpa.cpl’ {Enter}

2. Your network connections window should open and locate the connection you are connecting with (you might have many, be sure to select the right one, i.e. you might have one for dial up, one for wireless, one for a VPN to the office etc). Right click the connection and select properties.

3. On the window that appears you may have to scroll down the list, we are looking for its TCP/IP (on newer machines it will be called “Internet Protocol Version 4 (TCP/IPv4)”, Select it and click properties.

4. Now you can see if your addresses are set statically or dynamically.

How to change your IP address

To change your IP address you first need to know if you have a static IP address or a Dynamically assigned one. (That’s why this section is below the one above).

1. If you have a static IP address, simply change it on the screen shown (diagram above).

2. If you have a Dynamic IP address, you can either reboot the machine in question or Click Start > run > cmd {enter}

3. A Command Window will open, click within the box and you can type in commands, the command to release your IP address is ipconfig /release

Then to get a new address type in ipconfig /renew

Related Articles, References, Credits, or External Links

NA

VMware – Replace the ESXi Certificate

KB ID 0000974 

Problem

ESXi comes with a self signed certificate, and for most people thats fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them.

Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self signed certificate with my new one.

Solution

Generating a Certificate Request From the ESXi Server

1. Before we start there are a couple of hoops to jump through, and a Windows machine (it does not mater which one), install the following tow pieces of software;

Microsoft Visual C++ 2008 Redistributable Package (x86) and Shining Light Productions installer for OpenSSL x86 version 0.98r (or later)

Accept all the defaults and it should install to C:OpenSSL-Win32 go there, and in the bin directory make a backup of the openssl.cfg file.

2. Open the original openssl.cfg file and delete everything out of it, then paste in the following text, replace the values in red with your own, and save the file.

[box]

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:PNL-ESX1, IP:10.254.254.12, DNS:PNL-ESX1.petenetlive.net

[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Teesside
localityName = Middlesbrough
0.organizationName = PeteNetLive
organizationalUnitName = Technical Services
commonName = PNL-ESX1.petenetlive.net

[/box]

3. Open a command window and execute the following three commands;

[box]

cd C:OpenSSL-Win32Bin
openssl req -new -nodes -out rui.csr -keyout rui-orig.key -config openssl.cfg
openssl rsa -in rui-orig.key -out rui.key

[/box]

You will notice rui.csr has been created in the bin directory this is the file you need to request your certificate, if you open the file with Notepad you can copy the text.

Submit the Certificate Request and Get an ESX Certificate From a Windows CA

4. Open the web console of your certificate services server (it needs to be running the Certification Authority Web Enrollment role). The URL is usually http://{servers IP or Name}/Certsrv. Select ‘Request a certificate’.

5. Advanced certificate request.

6. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

7. Paste in the text from your csr file (with no extra spaces!). Set the Certificate Template to ‘Web Server’ (the default lifetime for the Web Server template is 2 years. If you require longer, I suggest you clone the Web Server Template, change the lifetime and republish it in Active Directory Certificate Services).

8. Base 64 encoded> Download certificate.

9. Save the file as rui.cer and put it in the bin directory.

10. ESX needs the certificate to be in x509 format, so open a command window and execute the following commands;

[box]

cd C:OpenSSL-Win32bin
openssl x509 -in rui.cer -out rui.crt

[/box]

11. Enable SSH on your ESX Host.

12. Connect to the ESX host via SSH, and make a backup of the current keys (just in case).

[box]

cd /etc/vmware/ssl
mv rui.crt backup.rui.crt

mv rui.key backup.rui.key

[/box]

13. Using WinSCP copy the rui.crt and the rui.key files from the bin directory, to the /etc/vmware/ssl directory on your ESX host. WARNING: Set the copy type to ‘Text’ or ASCII or you may get some strange results.

14. Then either restart the management agents, or from your SSH session execute the following command;

[box]/sbin/services.sh restart[/box]

15. The simplest way to check is browse to the FQDN or your ESX host (the same name you used as the common name in step 2), and take a look at the certificate.

Related Articles, References, Credits, or External Links

NA

SBS Exchange Certificate Expired

KB ID 0000535

Problem

When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it.

Solution

1. Here you can see your certificate has expired.

2. Normally you need to access your certificate services web enrolment console to carry this procedure out. But when you navigate to https://localhost/certsrv you will probably see this:

Server Error in Application “SBS WEB APPLICATIONS”

Note: If web enrolment is installed, and you still cant access certificate services (CertSrv) then click here

3. You are seeing this error because certificate services might be installed, but the “Certificate Authority Web Enrolment” role service is not, you can add it from server manager.

4. Select it and follow the on screen prompts > Go and have a coffee.

5. Now you should be able to access the web front end.

6. To get a certificate we need a certificate request, you can write the powershell yourself like so:

[box] New-ExchangeCertificate -GenerateRequest -Path c:mail_yourpublicdomianname_co.csr -KeySize 2048 -SubjectName “c=gb, s=Your State COunty, l=Your City, o=Your Org, ou=Your Department, cn=mail.yourpublicdomianname.com” -PrivateKeyExportable $True [/box]

OR simply go here and let the good folk at Digicert do the heavy lifting for you.

7. Now you have the code, generate the request, on the Exchange server >  Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell > Execute the command you copied above.

8. This will dump the request on the C: drive (because in your command above you set the path to C:mail_yourpublicdomianname_co.csr) Locate it and open it with Notepad. Then select and copy ALL the text (copy as shown no extra spaces etc.)

9. If you have closed it down log into certificate services web access. Select “Request Certificate” > We will be submitting an advanced certificate request.

10. “Submit a certificate request by using………..”.

11. Paste in the text you copied at step 8, change the certificate template to “Web Server” > Submit.

12. Download the certificate.

13. Save it somewhere you can find it (the root of the C: drive is easiest, as you are going to be referencing it in a command shortly).

14. Job done, close the browser window.

15. Back at the Exchange Management Shell issue the following command:

[box] Import-ExchangeCertificate -Path c:the-name-of-your-cert.cer [/box]

As it imports it shows you the thumbprint of the certificate, mark this and copy it to the clipboard.

16. Now you have the certificate imported you can enable it, issue the following command:

[box] Enable-ExchangeCertificate -Services “SMTP,POP,IMAP,IIS” [/box]

It will ask you for the thumbprint > paste it in > when prompted enter “A” to confirm all.

17. That’s the job finished.

SBS2008 Unable to access Certificate Services

I’ve seen this on a few SBS2008 Servers, when you install the web enrolment service it installs into the servers “Default Web Site”, For any other Windows/Exchange combo that’s fine but SBS likes to do things its own way. It creates another web site called “SBS Web Applications” and uses that. That’s fine, but only one can be up and running at a time.

CertSrv The Webpage cannot be found

1. Warning: You are about to stop things like OWA briefly. From Administrative tools launch the Internet Information Services (IIS) Manager > Locate the SBS Web Applications site and click stop (right hand column) > then select the Default Web site and start it.

2. Select the CertSrv virtual directory.

3. You can now browse via http/https and this will open the site in your default browser. Don’t forget to stop the Default website, and restart the SBS Web Applications site when you are finished.

 

Related Articles, References, Credits, or External Links

NA

Cisco PRSM – Replace the Certificate Using Microsoft Certificate Services

KB ID 0001023 

Problem

Cisco PRSM gives you the ability to import certificates into it, but like other Linux distros does not give you the tools to generate the actual certificate request. The documentation tells you to use OpenSSL to this. I was just about to fire up a CentOS box when I remembered I did something similar for VMware 5.5 not so long ago, would the same procedure work here? Yes it did, and it’s a lot easier than growing a ginger ponytail, donning sandals and firing up Linux.

Solution

The following procedure was carried out on Windows Server 2012 R2. I want my certificate to have a common name of prsm.petenetlive.com (change your configs and commands accordingly).

1. Download and install the following.

Microsoft Visual C++ 2008 Redistributable Package (x86) and Shining Light Productions installer for OpenSSL x86 version 0.98r (or later)

2. Accept all the defaults and it should install to C:OpenSSL-Win32 go there, and in the bin directory make a backup of the openssl.cfg file.

2. Open the original openssl.cfg file and delete everything out of it, then paste in the following text, replace the values in red with your own, and save the file.

[box]

[ req ]
default_bits = 2048
default_keyfile = prsm.petenetlive.com.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:PRSM, IP:123.123.123.110, DNS:prsm.petenetlive.com

[ req_distinguished_name ]
countryName = GB
stateOrProvinceName = Teesside
localityName = Middlesbrough
0.organizationName = PeteNetLive
organizationalUnitName = Technical Services
commonName = prsm.petenetlive.com

[/box]

3. Open an administrative command window, issue the following three commands;

[box]

cd C:OpenSSL-Win32Bin

openssl req -new -nodes -out prsm.petenetlive.com.csr -keyout prsm.petenetlive.com-orig.key -config openssl.cfg

openssl rsa -in prsm.petenetlive.com-orig.key -out prsm.petenetlive.com.key

[/box]

Don’t worry if it says it cant read the openssl.cnf file

4. If you look in C:OpenSSL-Win32bin directory you will see the CSR (certificate request) has been generated.

5. Open the .csr file with notepad and copy all the text, (this is a request in PEM format). This is what you will give to your CA to request the certificate, copy that to the clipboard.

6. Connect to your Certificate Authority web enrollment portal > Request a certificate.

7. Advanced certificate request.

8. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

9. Paste in the PEM text you copied to the clipboard > Set the certificate template to ‘Web Server’ > Submit.

Note: Your CA may have a different template for web server certificates, if so use that one. If you don’t see web server either it’s not been published, or your user does not have rights to the certificate template.

10. Choose ‘Base 64 encoded’ > Download > Save the cert in the directory you were using earlier (you will see why in a minute) > I give it the same name as the common name on the certificate so I saved it as prsm.petenetlive.com.cer

11. Here it is, but there is still a problem with it, PRSM needs the certificate in x509 format, (it isn’t). But OpenSSL-Win32 can convert it for us.

How to Convert a Windows .cer file to an x509 .crt file

12. Open and administrative command window and issue the following two commands;

[box]

cd C:OpenSSL-Win32bin
openssl x509 -in prsm.petenetlive.com.cer -out prsm.petenetlive.com.crt

[/box]

13. Now it looks better, for PRSM we need this file AND we need the .key file, (not the one that ends in xxx-orig.key!) In the example below I’ve kept everything neat so the other file i need is prsm.petenetlive.com.key, (third one down).

14. Connect to PRSM > Administration > Server Certificates > Browse and select both files.

15. Install and Restart Server.

16. Restart.

17. Refresh your web session and you should now be using the correct certificate.

Related Articles, References, Credits, or External Links

NA