Keith Smith - My Blog - Twitter @_KeithIT

Microsoft

Keith Smith - My Blog - Twitter @_KeithIT > Microsoft

Let's Encrypt redirect with KEMP load balancer

Sunday, November 10, 2019 - Posted by Keith A. Smith, in Network, Automation, Microsoft

PKI Management is a huge PITA, in a near future I will post how I've automated PKI renewals and installation of certificates. In this post I wanted share a method managing certificate renewals in an environment that has multiple web servers and a KEMP load balancer in front with a central server for certificate management. The Load balancer rules will send traffic with the /.well-known/acme-challenge/ to the certificate management server and all other 80 traffic gets redirected to 443.


You will need to create a virtual service with two subVS's.




Open the virtual service then add the first SubVSs





The first subVS weight should be 1100 and Not Available Redirection Handling Error code set to 302 and the Redirect URL set to https://%h%s.




The second SubVS has a weight of 1000 and has the IIS server I use to create my Let's Encrypt certs set as the real server.





Create a content rule named Lets_Encrypt, Rule Type is Content Matching, Match Type is Regular Expression, Header Field is left blank, Matching String is /^\/.well-known/ and ignore case is checked.




Now enabled Content Switching at the VS. I then added all my Content rules for my domains to the first SubVS so they will be redirected to HTTPS then I added the Lets_Encrypt Content Rule to the second SubVS.




To download the exported file, visit my github repo https://github.com/KeithIT-Dev/Kemp






-End

View Comments 0 Comments
Share Post   


Still a bunch of cool tools from Sysinternals

Friday, September 13, 2019 - Posted by Keith A. Smith, in Network, Microsoft


You can point your favorite browser to http://live.sysinternals.com/ to access to any Sysinternals tool. If you would like do it the "old school way" you can open up Windows Explorer (if you are on windows) and point it to \\live.sysinternals.com\ to browse and launch any Sysinternals app. These tools have been a staple for most of us that have been in field for a while now, it's good to see them still being developed.


-End

View Comments 0 Comments
Share Post   


Error Solved 0x80070490 while activating product key win server 2019

Friday, August 23, 2019 - Posted by Keith A. Smith, in Microsoft

If you are getting error 0x80070490 while trying to active windows server 2019 in the gui try running the following command from an elevated command prompt

slmgr.vbs -ipk ABCDE-FGHIJK-LMNOP-DX3G-QRSTV  <--(place your product key here)

It should be successful. As a side note, I have found parts of GUI in windows server 2019 don't function correctly. An example I've seen is that when installing windows updates after the updates have installed and you click the restart now button. It throws an error which causes the operator to restart the server from the start menu options. Maybe Microsoft will address these issues in the near feature via a patch of some type.

-End
View Comments 0 Comments
Share Post   


Unitrends to Nakivo

Wednesday, December 12, 2018 - Posted by Keith A. Smith, in Network, VMware, Microsoft

Six years ago I was still using LTO tapes as a primary backup method with backup exec to backup several terabytes of data from various servers. Some of the backups would take days to complete; some would complete successfully while others would complete with errors and on the flip side the recovery of data would take even longer than the backups would conclude with the high chance that the one wouldn't be able to recover anything at all. It was well past time to move from tapes to a D2D for backups; I started performing bake off's between may products at the time. The unitrends solution beat all the other D2D solutions by a wide margin, one of the many things that I liked about unitrends was that they didn't charge per client and they had an appliance that they had built and would support. As time had progressed the unitrends solution started to show it's age and has become very costly at renewal time, this is something that I've experienced multiple times as I've implemented the solution at many organizations.  The renewal costs have pushed many customers to go back to the drawing board (as a lot of customers had built their entire DR/BC plans around the unitrends solution) and evaluate other solutions. The unitrends solution had been a go-to for me for a long time when it came to designing DR/BC architecture; I now find myself saying goodbye to the unitrends solution in favor of the Nakivo for a D2D solution. The Nakivo backup and recovery solution is entirely web-based and comes as a virtual appliance, a package on a NAS or can be installed on a server you provision running *nix or windows. I've found the transition to quite pleasant, the support has been very knowledgeable, and the administration has been straightforward to navigate.


-End

View Comments 0 Comments
Share Post   


Powershell add A resource records to DNS

Tuesday, September 18, 2018 - Posted by Keith A. Smith, in Microsoft

I wanted to take sometime to write up a quick how to for adding A resource records into a windows DNS server via powershell. In my case this is something that must take place before you use a product like observium because it requires all the network devices to have A resource record in DNS. To create these records it's best to do it in via scripting, in this case powershell using the below 3 cmdlets:

Add-DnsServerResourceRecordA

Add-DnsServerResourceRecord

Get-DnsServerResourceRecord

 

For a single entry you can use the following in powershell

Add-DnsServerResourceRecordA -Name Device1 -IPv4Address 192.168.9.10 -ZoneName yourdnszonename.net-ComputerName ADServername

The command is broken down below:

Add-DnsserverResourceRecordA = This is the CMDLET used to add A resource record only

-Name = -Name of the A resource record

-IPv4Address = Is the ip address of the resource

-ZoneName = is the zonename you are adding your record to

-ComputerName = -ComputerName is the name for Dns Server

-CreatePtr = This is optional, if you want to create ptr (Reverse lookup record entry).

 

Note: To view the changes in DNS manager you will need to right click and refresh the zone, if you have already opened DNS manager.

For a multiple entry situation you would need to do the following in powershell

To add multiple resource record from csv file, Here is below step by step tutorial. I have saved excel file as csv. (and it is saved in c:\temp location)

Open up a spreadsheet program and name the first column Name (this is the name of the device) the next column should be named IPv4Address (here you would put the static ip of the device. You would need add all your devices in the aforementioned columns.

Once your csv file is completed fire up powershell and run the following (modified the below path as needed)
Import-Csv driveletter:\folder\DNSEntries.csv | ForEach-Object { Add-DnsServerResourceRecordA -Name $_.Name -IPv4Address $_.IPv4Address -ZoneName yourdnszonename.net -ComputerName ADServername}

 

Note: To view the changes in DNS manager you will need to right click and refresh the zone, if you have already opened DNS manager.


-End

View Comments 0 Comments
Share Post   


Page  123...4>