Puppet – Join machine to the Windows AD Domain

geekdudes

install powershell module

puppet module installpuppetlabs-powershell
Under modules/module name/manifests folder create manifest file,password is encrypted with Hiera,after machine is joined to domain, it will be rebooted.
class domain_membership (
  $domain = 'ad.contoso.com',
  $username = 'administrator',
  $password = lookup('password'),
  $secure_password = false,
  $machine_ou      = 'OU=test,DC=ad,DC=contoso,DC=com',
  
){

$code = " 
$secStr=ConvertTo-SecureString '${password}' -AsPlainText -Force; 
if (-not $?) { 
write-error 'Error: Unable to convert password string to a secure string'; 
exit 10; 
} 
$creds=New-Object System.Management.Automation.PSCredential( '${username}', $secStr ); 
if (-not $?) { 
write-error 'Error: Unable to create PSCredential object'; 
exit 20; 
} 
Add-Computer -DomainName ${domain} -OUPath $_machine_ou -Restart -Force -Cred $creds; 
if (-not $?) { 
write-error 'Error: Unable to join domain'; 
exit 30; 
} 
exit 0"

#
# Use the Josh Cooper PowerShell provider
#
exec { 'join_domain':

command => $code,
provider => powershell,
logoutput => true,
unless => "if ((Get-WMIObject Win32_ComputerSystem).Domain -ne '${domain}') { exit 1 }",
}

}

View original post

How to increase disk size of Trend Micro IWSVA (InterScan Web Security Virtual Appliance)

vTechDummies

Trend Micro IWSVA is a web proxy that has lots of security feature such as antivirus, antimalware, but it is also a web filter, similar to WebSense Web Filter where URL categories can be blocked to protect the end users, and of course to avoid browsing non-productive web sites inside the company. However, if you download the VMware image, the disk image is quite small and could get full easily if your environment has lots of user and HTTP traffic to process, and of course, logs as well.

Below is a procedure to increase the disk size in a VMware vSphere environment.

1. Check first the partition disk size usage using the command: df -lh

The most common partition that becomes full is: /dev/mapper/IWSVA-app_data

2. Check the directory sizes that are mounted on /dev/mapper/IWSVA-app_data such as:

* /var
* /var/iwss/tmp/tmpfs
* /var/iwss/tmp/v_tmpfs

The most common directory inside /var that becomes…

View original post 327 more words

Best practices for DNS settings on DC and domain members.

ABHIJIT'S BLOG

Information:
The following information explains the Best practices for DNS client settings on Domain Controller and Domain Member.

Domain controller with DNS installed:
On a domain controller that also acts as a DNS server, recommended that you configure the domain controller’s DNS client settings according to these specifications:

IP configuration on domain controller:

  • In single DC/DNS in a domain environment,  DC / DNS server points to its private IP address (not to loopback 127.x.x.) as preferred DNS server in TCP/IP property.
  • If multiple DCs that’s the DNS servers are in a domain environment, recommendation to have all DCs point to ANOTHER/REMOTE DC’s IP address as preferred DNS and then point to it’s private IP address as an alternate DNS.
  • Each DC has just one IP address and one network adapter is enabled (disable unused NICs).
  • IPv6 should not be disabled on DC’s NIC card. Set it to “obtain IPV6 address automatically” and “obtain…

View original post 186 more words

Apache Varnish ssl

You want to use apache with varnish and ssl. Let´s start.


First install Varnish 6

Please Look here for install Varnish on Ubuntu/Debian

https://packagecloud.io/varnishcache/varnish41/install#manual-deb

replace trusty with bionic

root@remote:~# cat /etc/apt/sources.list.d/varnishcache_varnish60.list
deb https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main
deb-src https://packagecloud.io/varnishcache/varnish60/ubuntu/ bionic main

 

Install Varnish 6

apt-get install varnish

2018-10-05 09_39_15-root@remote - byobu

 

 

start and enable Varnish as service

sudo systemctl start varnish.service

sudo systemctl enable varnish.service

2018-10-05 09_40_55-root@remote - byobu

Attention look here for more information about Varnish and Systemd

https://docs.varnish-software.com/tutorials/configuring-systemd-services/

Next Step we configure Varnish

 

systemctl edit varnish.service

 

Insert following, feel free do adjust your memory settings

[Service]
ExecStart=
ExecStart=/usr/sbin/varnishd -a :6081 -f /etc/varnish/default.vcl -s malloc,256m -p first_byte_timeout=600

2018-10-05 09_52_54-root@remote - byobu

we create a full replacement of varnish.service

systemctl edit --full varnish.service

Make your changes and save the file. After saving we reloading the systemd config

systemctl daemon-reload

 

You can also adjust /etc/varnish/default.vcl for Browser caching or anything else
https://konkretor.com/2017/05/29/leverage-browser-caching-with-varnish/

 

That´s it for install and adjust Varnish

Install Apache with SSL

apt-get install apache2

 

We create a redirect from http to https

vim /etc/apache2/sites-available/redirect.conf

 

<Virtualhost vhost.example.com>
ServerName vhost.example.com
DocumentRoot /var/www/html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
</Virtualhost>

 

We create a new vhost file with rondtrip.conf, we running the static site with port 8080

vim /etc/apache2/sites-available/roundtrip.conf

 

<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

 

We create a new vhost file for ssl

vim /etc/apache2/sites-available/ssl.conf

 

<VirtualHost *:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/sslcert.key
SSLCertificateFile /etc/ssl/private/sslcert.crt
# SSLCertificateChainFile /eDigiCertCA.crt
</VirtualHost>

 

we delete the default site, we don´t need it

rm /etc/apache2/sites-enabled/000-default.conf

 

We are enable the apache config

a2ensite redirect.conf
a2ensite ssl.conf
a2ensite roundtrip.conf

We are enable port 8080

vim /etc/apache2/ports.conf

add

Listen 8080

Enable some modules that we need

a2enmod proxy
a2enmod proxy_http
a2enmod headers

Check your Apache Config

apachectl configtest

Restart your Apache

systemctl restart apache

 

That´s it!

Xen vhd to vmdk

Converting from a Xen Server to a VMWARE Server isn´t easy. Normal you can use VMWARE Converter it works fine with Windows. Linux loves Clonezilla but only with one disk. My situation is a Linux vm with multiple disk with LVM.

What we need:

  • QEMU disk image utility for Windows

https://cloudbase.it/qemu-img-windows/

  • enough disk space
  • winscp
  • putty

 

Shutdown your vm. Login to your xen machine and figure out which disk you need.

See  “How to find the disk associated to a VM from XenServer CLI”
https://support.citrix.com/article/CTX217612

xe vm-disk-list vm=test_lvm

xen_list_disk.png

copy the vhd files that you found with vm-disk-list to your migration machine.

 

I have used the powershell to convert my two vhd disk

.\qemu-img.exe convert -f vpc 9438a581-017f-4069-b7cd-09b5e330954c.vhd -O vmdk test_lvm_sda1.vmdk -p

2018-09-27 13_18_28-pc-678 - Remotedesktopverbindung.png

It takes a few minute. After migration copy your new vmdk file to your vmware storage.

Attach the disk to your vm and choose IDE and not SCSI. Note the sequence from your old xen disk. Should be in the same order

fire it up 🙂

 

 

 

vmware converter permission to perform this operation was denied

User Account Control: Run all administrators in Admin Approval Mode

This affects how UAR works and can block remote local admin connections.
This can be changed in Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options
Set it to Disabled, requires a reboot

 

2018-09-07 13_16_33-XenCenter.png

 

found here

https://www.jonathanmedd.net/2013/12/vmware-converter-permission-to-perform-this-operation-was-denied.html

WSUS MMC (Konsole) Reset

Windows SBS and Essentials Blog

Stellt man in der WSUS Konsole unter Update Services / WSUS Servername / Updates / All Updates die Anzeige des Status von Failed or Needed auf Any, kann es dazu kommen das die WSUS Konsole nicht mehr in der Lage ist alle vorhandenen Updates an zu zeigen, was sich in einem Timeout darstellt.

Unglücklicher Weise merkt sich die WSUS Konsole diese Einstellung und so ist es nicht mehr so einfach möglich zur alten Anzeige zurück zu kehren. Daher habe ich mit dem Process-Monitor von Sysinternals mir die WSUS MMC angeschaut und festgestellt, dass die Einstellungen beim beenden der MMC in folgendem Verzeichnis abgelegt werden.

image

Löscht man die Datei wsus im Verzeichnis …

del %USERPROFILE%appdataroamingmicrosoftmmcwsus

… dann startet die WSUS Konsole wieder mit den Standard-Einstellungen.

image

Enjoy it, b!

View original post