How To, Tutorial

ACME DNS-01 basic Autorenewing Script for txt records on dns.he.net

Options are limited when you want to generate a free Let’s Encrypt SSL certificate using WIN-ACME and you can not or do not want to publish verification files on the server – especially if you want the certificates to be auto-renewed. Also, I must mention that the SSL is for a wildcard domain.

I have domain records hosted on dns.he.net (Hurricane Electric) which is a free dynamic DNS provider and it has been very reliable for – I don’t even remember how many years. My aim is to generate a Let’s Encrypt SSL certificate and enable auto-renewal using DNS-01 verification from a script.

I should indicate that I am doing this on a Windows 2012 server machine not a linux machine.

First we will create a TXT record on HE portal, lower the time to live value and set the record type as dynamic.

Adding TXT Record on HE.NET for acme-challenge.

Once that is done, we will click on the refresh icon to setup our secret key which is used to authenticate valid requests.

Press the refresh/renew icon.
Type your desired key and click on Submit.

Now we will work on the server to create a very basic BAT script file.

@echo off
curl -4 "http://%1:Abcdef12345@dyn.dns.he.net/nic/update?hostname=%2&txt=%3"

Also, we will download curl from https://curl.se/windows/ and extract the contents to the root of the folder where we will keep our script file. I will probably be okay with the hardcoded secret key in the script as I have only 2 domains and I will use same key on both. If you have multiple domains then you may have to improvise on this part. I will not bother as it is okay for my needs.

Now it’s time to run the wacs.exe application and when it will ask for the domain validation method, I will select option 8 (at the time of writing this) which is the verification using your own script. When it will ask for the arguments, use these in this order:

{RecordName} {Identifier} {Token}

If you followed all the instructions as I stated, it will now succesfully validate and issue certificates. Its up to you how you want to install them as the wacs.exe script has good options for that too.

Uncategorized

How utilize SSH tunnel for any remote service

This is something Advanced level so if you are a beginner, try to follow along and I will try to explain it in the easiest to understand way.

Why do we need SSH tunneling? Well, for me it makes it quite easy to manage the services from my private network to be available from the internet. All I need to do on my firewall is open or forward an open port to the SSH listening port on my SSH server. If you want to setup your SSH server, you may want to take a look at my other post.

In this post I will try to explain how to use RDP over SSH Tunnel. The idea is to access the RDP service on a Windows host from another computer without connecting to the RDP service port (by default 3389) using a SSH tunnel provided by an SSH server.

 

I am using PUTTY here.

  1. On the Client, open putty and scroll down on the left side and click on the + sign next to SSH to select Tunnels. Enter a port number higher than 1024 here which should not be same as any other running service on your (client) computer. I chose 2222 here and then enter the ip address of the host computer where you want to connect through tunnel (10.0.0.100 port 3389 providing RDP in our example) then click ADD.

     

     

  2. Now it should appear in the box above so scroll up on the left and click on Session.

     

     

  3. Now enter the ip address of the SSH server (10.0.0.2 and port 22 in our example) and click on OPEN.

     

     

  4. In the terminal window which just opened, enter the username and password for the SSH Server and keep it open.
  5. Now open mstsc.exe on your computer and use the localhost as the ip and 2222 (the one we chose in step 1) as the port and click on connect. You should see the login window and that’s it.

     

    Just remember to keep the Putty window open else the tunnel will drop and you will have to re-establish the connection. Have fun.

     

     

     

How To, Linux, Tutorial

How to setup a lightweight Linux (Ubuntu) based SSH server

This is not a beginner level process so if you do not know why you would need an SSH server, this post is not for you. Now that is out of the way, let’s begin:

  1. Grab ISO for ubuntu server from here
  2. Install it on your hypervisor or physical machine if you are old school in that way.
  3. Install openssh server:
    1. Sudo apt-get update
    2. Sudo apt-get install openssh-server
  4. Enable and Start the SSH service
    1. Sudo systemctl enable ssh
    2. Sudo systemctl start ssh
    3. (to check it is running) sudo systemctl status ssh

General/Misc, Networking

Affordable 10gig home network!

Phew! Its been so busy for the past few weeks! Okay okay, past few months!

Alright, its been a few years! Okay?

Yes, I am posting after a few years today and I am so excited to share this wonderful resource I found while researching about 10gig home network. Yes, that’s right, a 10 gig home network is not so “out of reach” for enthusiasts these days especially when enterprise networks are now deployed on 40 or 100 gig speeds. That leaves a lot of working used networking gear up for grabs on our very own “eBay”. Anyways, what I wanted to share was this forum post written by fohdeesha in so much depth that you can easily make up your mind what device is best for you.

Ruckus ICX 6450-48P Switch
ICX 6450-48P Switch

I decided to get myself a Brocade ICX6450 which needs a licence to unlock 10Gig speed for two of its four SPF+ ports. Don’t sweat, fohdeesha has us covered for that aswell, just get registered on Servethehome.com and he will help you.

So, what are you waiting for, go get a 10Gig device and rise above the 1gig realm.

General/Misc

Setting up and accessing Rogers Hitron cable modem in bridge mode

If you are like me and want to have more control over your home network then chances are you also want to put your ISP modem in bridge mode so that your own router could be used as a gateway.

Here is how to setup your modem in bridge mode:

1.Go to the device home page.

2.Log in using the credentials mentioned on the little fold out received with the device.

3.Click on Basic and find the option saying GATEWAY and Disable it. Modem will reboot now and will have its Wifi and other router features disabled. You can now connect it to your router as WAN access.

Gateway setting in Hitron modem
Gateway setting in Hitron modem

Here is how to access it while it is in bridge mode:

You can access the modem while it is in bridge mode by opening http://192.168.100.1

 

 

General/Misc, How To, Tutorial

[How To] Create Bootable Windows XP USB

Yesterday I ran into trouble while trying to install Windows XP on an old computer. The problem? Well I didn’t have a CD ROM drive on that computer and the only way to install was to use a bootable USB. I tried several well-known software tools available on the internet but somehow they didn’t work. May be because Windows XP was not designed to be USB bootable.

Finally I came across this amazing tool called rufus and it did it. The only other thing it needed was the ISO for Windows XP.

If you also want to make a Bootable Win XP USB, follow these steps:

Bootable WinXP USB
Howto Create Bootable USB Win XP

  1. Launch Rufus.
  2. Select your device from the drop down list.
  3. Click on the little CD Drive button and select the ISO file you want to use (Windows XP image)
  4. Hit Start button and off it goes.

Create Bootable USB Win XP

And you have your bootable Windows XP USB as simple as that.

General/Misc

How important to select the right stripe size for RAID-0

I was planning to setup RAID0 configuration for my lab machine and I was not sure which stipe size to go for especially in the world of SATA3 SSDs. But again, for a lab computer to install SSD will be overkill. I had all the questions in mind like What is the importance of selecting right stripe size, What is the correct stripe size, What should I set stripe size to, what should be the stripe size for raid0 configuration, Will there be a performance impact related to stripe size, What is the best stripe size for striping or what will be the best stripe size for raid0?

So I went an extra step and tried all the stripe sizes available to me and checked the transfer speeds (this is not the OS drive but a Data drive, the performance of the same configuration is little bit lower if used as the system drive – but is still better than single drive). Not only the right RAID stipe size but also the NTFS allocation unit size (shown below) also has effect on the volume transfer speed.

Choosing NTFS allocation unit size - devindersingh.ca
Choosing NTFS allocation unit size

Let me give an overview on these two things. For those of you who don’t know, setting up 2 or more hard drives in Raid 0, striping as it is called, is a bit of a risk since every thing which you save on the volume gets written on all the drives in parts. So, if one of the drives goes bad, all the data is lost. I would always use it for my lab machine as the data is not very important and critical and I do take daily backups.

What came out as a result was a sweet combination of the RAID0 stripe size and the NTFS allocation unit size (which we always leave at the default setting i.e. 4KB). Here is a list of hardware/software I used:

2 x 1TB SATA2 internal hard drives

Intel 41 chipset with ICH10R raid

Intel Quad core Q8300

16GB DDR3

Windows 7 x64 Ultimate

Intel rapid storage driver 11.7.0.1013

CrystalDiskMark 3.0.2 x64 (http://crystalmark.info/?lang=en) – for checking the transfer speeds

The drives are formatted and there is a single partition utilizing the whole space available.

I manually created the raid with different attributes for each test and collated the results in an excel file. Sharing it will be great idea as it might save someone trouble of doing the same thing for themselves. Here is the result:

Chart comparing various combinations of RAID stripe and NTFS allocation unit size - devindersingh.ca
Chart comparing various combinations

*All the data is in MBps

The value written as 4K-16K means 4K Raid stripe size and 16K NTFS allocation unit size. As you can see, for me the best combination for read and write speeds can be achieved by setting the Raid stripe size as 16K and NTFS unit as 8K, you want a different combination depending upon your needs. At the same time I would like to point out that your might get different outcome for a similar setup as it depends upon many other factors. This is just a basic idea to get started and I don’t have much experience in running benchmarks. I hope this will be helpful for someone. Please drop in your comments.

Microsoft

Installing Blackberry Enterprise Server Express–MS Exchange 2010

In order to install Blackberry enterprise server express on MS Exchange 2010 here is what needs to be done beforehand but not limited to:

  • A working MS Exchange environment
  • Download the BES Express (here)
  • Install MAPI package from: http://www.microsoft.com/en-ca/download/details.aspx?id=1004
  • Perform the Powershell commands on Exchange management shell as mentioned in the install notes for BES (here)
  • Do login with the user which has been created for the Blackberry serviceBESadmin

 

Run the installation and it will tell you what login you are using.

installation start
BES Installation start screen

Put in the information on EULA screen.

2 BES EULA
BES EULA screen

We will select the first option here as it is a new installation.

3 BES setup type
BES Select setup type screen

Next we will select the option Blackberry Enterprise Server and leave the defaults selected.

4 BES setup options
BES select setup options screen

Now it will run a check and make a preinstall checklist, if the MAPI package is not install, it will give you an error like this one:

5 BES Preinstall checklist
BES preinstall checklist

If you have already install then it should be all okay and we can click on Next. Now it will give us an option to install SQL server 2005 Express if no other database is going to be used. Some of us might have to select the other option in case there is already another SQL server which is going to be used instead. For this tutorial we will however use the default option.

6 BES database options
BES Database type screen

Now it will need us to provide the password for BESadmin account that we created and also we need to name the server in the bottom most field. Note that once a name is provided and we hit next, it is not easy to change this name by coming back as it turns gray. On next few screens we just need to click Next as it installs the necessary items and SQL server.

7 BES accounts and Folders
BES accounts and folders screen

8 BES install Summary screen
BES Install summary screen

9 BES Install progress 1
BES Install progress screen

9 BES install progress 2
BES installation complete

10 BES post-installation restart screen
BES post-installation restart confirmation

After the restart, installation will start automatically and it will create a database for the itself and since SQL is installed on the same machine, we will select the location as local.

11 BES database creation
BES database creation dialogue

12 BES post-reboot database information
BES Database information

Now we need to provide the information which becomes available after registering to download the BES installation file. Put in the information and click Next.

12.1 BES enter lic information
BES enter license information screen

We need to provide the exchange account information once again where it will check if the associated account has all the permissions as discussed in starting section of this tutorial.

12.2 BES provide Exchange information
BES Exchange information entry screen

Provide a password for SSL certificate and take a note of it.

13 BES administrative settings screen
BES Administrative settings screen

14 BES user password screen
BES select user name and password scren

We will use the local Blackberry Administration Service authentication as the Active directory authentication doesn’t work sometimes. You may use it if you want.

15 BES admin account
BES Admin account selection

Clicking next will start setting up the server and a summary screen will be shown at end. Click on Start services button to make the server functional or it will automatically start upon a restart.

16 BES final install summary
BES Final summary screen

It will give the links to access the Desktop and Admin management control pages along with an option to export the information to a file which will be handy in the future.

17 BES install complete
BES Installation completion screen

That concludes the installation of BES express in Windows Server environment. Creation and management of users will be discussed in another post.

Microsoft

Outlook 2003 – POP3 – Downloading duplicate mails

Today I got a mail from one of the clients saying his outlook is downloading same messaged again and again for the past couple of days and the mails are there even after deleting them number of times. I took remote of his computer and there were thousands of mails accumulated over the past couple of days.

This can happen due to a number of reasons including but not limited to:

  • Multiple mail forwards set
  • Multiple email accounts setup
  • Leaving a copy of mail on the server
  • Corrupt outlook installation
  • Connection issue (Internet and application)
  • Antivirus

In this case, the customer had around 63 mails to be downloaded, a slow internet connection and Kaspersky installed. When outlook was trying to download mails, the antivirus was kicking in and scanning the emails in the meantime the connection with pop server was getting timed out. Since, the connection was not getting properly closed, all those emails were again getting downloaded next time outlook was trying to sync.

To fix the issue, I turned off the antivirus and set outlook to download only headers, hit F9 and it worked like a charm. Once it had all the 63 mails downloaded, I scanned them manually with Kaspersky and then changed the outlook download setting to download full items. Monitored it for 4 hours and everything seemed okay.

General/Misc

Acer D2D erecovery corrupt

At a client location, I had to reimage an old Acer desktop computer. Installing it traditionally using the CD would have taken hours and then finding and installing the drivers. ALT+F10 usually works on Acers for factory restore but was not working on this computer. I checked in the disk management and the recovery partition was there. Using Hiren’s Boot Disc, I was able to mount the partition and see the files in it. Then the question was how to use it to restore, after a deep search on google, I followed these steps to make D2D work and do a factory restore:

  1. Confirm if the recovery partition is still there by going to Control panel > Administrator tools > Computer management > Disk management (Sometimes, a reinstallation or an attempt to do so may corrupt the partition)
  2. Once the partition is there, you can use any of those partition mounting tools available on the internet to mount the recovery partition and see if you are able to browse through the files and folders and also try to copy a file to your C drive to double confirm that the partition is okay and not only showing ghost files.
  3. If all looks good, browse the root of the recovery partition and you should be able to see these two files: mbrwrwin.exe & rtmbr.bin
  4. Now that all seems good, launch CMD and go to the drive letter of the mounted partition and type: mbrwrwin.exe install rtmbr.bin and hit enter. It will take some time and you will see some activity on the CMD window once finish, you can restart the computer and use the D2D recovery console.
  5. Immediately after you see the ACER logo on the screen, press and hold the ALT key on the keyboard and start tapping F10 until you see the Acer recovery wizard. You can follow the on screen prompts to recover your computer to the factory settings. One important thing to keep in mind is that it will delete everything on the C drive so you may keep your data on the D drive.

**This method has been tried and tested personally by me on 20 dec 2012 and found to be working. Before this, ALT + F10 was not working but worked on the first try afterwards.