I’ve been testing out Server 2012 and at one occasion I wanted to install WSUS role on my test server. The installation went smoothly but the post install configuration failed miserably with cryptic errors in the setup log.
I tried with many things suggested on the net… Both with internal and external database, but always failed.

One solution that worked for me is doing a manual installation and performing the post installation configuration with PowerShell. How the heck does this makes a difference – ask Microsoft.

Here is how to install WSUS with external database. I already installed SQLExpress on the machine so why not use it 🙂

Install-WindowsFeature -Name UpdateServices-Services,UpdateServices-DB -IncludeManagementTools

Running post installation configuration form PowerShell (wsusutil.exe is at C:\Program Files\Update Services\Tools):

.\wsusutil.exe postinstall SQL_INSTANCE_NAME="HOSTNAME\SQLEXPRESS" CONTENT_DIR=C:\WSUS

For those interested to use Windows Internal Database, just run:

Install-WindowsFeature -Name UpdateServices -IncludeManagementTools

As same as before, after installation run post install configuration by issuing:

.\wsusutil.exe postinstall CONTENT_DIR=C:\WSUS

Of course replace “HOSTNAME\SQLEXPRESS” with your DB instance, and path to your content dir.

Few days ago there was a sale on Namecheap.com and i got a domain for a 0.89$. Mostly because DynDns.com has drastically shrunk canceled  their free services, I wanted it for personal use for my home machine that gets IP dynamically. Since I’m a fan of DD-WRT and have been using it for quite a while on my home router, I wanted it to update my DNS record when its IP changes. Out of the box DD-WRT doesn’t support Namecheap’s DDNS service but can be customized to work with it.

After an hour or so of testing and googling, here is the only configuration that i managed to get working on latest release of DD-WRT v24-sp2 (05/27/13) std (SVN revision 21676).

DDNS Service: Custom
DYNDNS Server: dynamicdns.park-your-domain.com
Username: yourdomain.com
Password: password you got from namecheap ddns service
Hostname: hostname or enter @ if you want to point directly to your domain

URL: /update?domain=yourdomain.com&password=1111111111111111111&host=

Note: Don’t enter anything after &host= even if you have a subdomain.

Capture

One of our lab networks has access to internet only through SOCKS proxy provided by our contractor. That works fine in most cases, but not for OpenSUSE’s package manager (zypper) since there is practically no support for SOCKS proxies .

One easy and fast workaround is to setup a local HTTP proxy server that will redirect all traffic to specified parent SOCKS proxy. From what I’ve read, Squid doesn’t support SOCKS proxy parent, and honestly i didn’t want to go with it as it seemed like an overkill.

Simple solution was Polipo; small, fast and easy to setup proxy server that supports SOCKS parent proxy. RPM package was already available in SUSE’s repository, downloaded it on another machine, SCPed it to a OpenSUSE box, set a few things and viola.

For the quickest and simplest setup i added these three parameters in /etc/polipo/config file.

daemonise = true
socksParentProxy = "proxy.hostname.or.ip:proxyport"
socksProxyType = socks5

Run polipo. Optionally you can add Polipo to Cron so it will start with the system.

 

Few days ago I installed Hyper-V Server 2012, Microsoft’s free virtualization platform and the equivalent of VMware ESXi.
The very first thing that I was stuck with is that Hyper-V Manager available through RSAT doesn’t have an option to mount an ISO or capture a drive from a machine on which is running. Instead it gives you drives of the Hyper-V host, and that would of course require you to have an ISO or the disc itself present on the host.

For most of us this is very inconvenient, we like the ability to mount an ISO from a network share or our machine. One would think, this a Windows box, no problem, i will map a network drive with my ISOs. The mapping would succeed, but mapped drive (letter) will not be visible in Hyper-V manager when trying to mount an ISO. Ok, the next step that the one would consider is mounting from UNC share directly, but that would also fail, with the message “‘VM’ failed to add device ‘Virtual CD/DVD Disk'” & “User account does not have permission required to open attachment”.

hyperv1

The cause of this is that the Hyper-V is intended to run with VMM Library Server and to mount files from it, not any random share. To circumvent this:

  • You need to assign full NTFS and share permissions to computer account of Hyper-V on a shared folder with ISO’s you want to mount.
  • In AD on the computer account of Hyper-v machine delegate specific service ‘cifs’ to the machine you want your ISO’s mounted from, microsoft calls this constrained delegation.

Here is step by step procedure for the constrained delegation:

  1. Go to Active Directory Users and Computers
  2. Find the Hyper-V server computer account and open up its properties.
  3. Go to Delegation tab.
  4. Select Trust this computer for delegation to the specified services only radio button.
  5. Click the Add button.
  6. Click the Users or Computers… button.
  7. In the Add Services window, click Users or Computers and enter the computer account that will  act as a library server and click OK.
  8. Select the cifs Service Type and click OK.

The resulting setup should look something like this:

Constrained delegation

You could reboot the Hyper-V server just for the good measure.

I’ve ran in to the mentioned issue yesterday, our WDS stopped working just out of the blue. To make it more convenient , only few days after i experimented with PxeLinux one the WDS…

TFTP open timeout

After some googleing it turns out that culprit is the DNS server role located on the same box. Apparently DNS server is randomly allocating ports (2500 of them) in the range of 49152-65535 which can overlap with WDS range, which by default operates from 64001 to 65000.

On Server 2008 R2, the simple solution is to change dword value of “UdpPortPolicy” to 0 – located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WDSServer\Parameters.
Which will make WDS server check if the port is already in use before trying to use it.

There is no “UdpPortPolicy” parameter on Windows Server 2008, so the solution would be to broaden the port range of WDS server. You could do it through Server manager, under network properties of WDS server, or by command prompt
wdsutil /set-Server /Transport /StartPort:50000 /EndPort:65000

Microsoft KB article for more info: http://support.microsoft.com/kb/977512

     Secure Shell or SSH is a highly versatile application layer network protocol used for secure communication between networked hosts (in Server/client model).   Designed as a replacement for telnet with Public-key cryptography  for data confidentiality on unsecured networks ie. Internet.
SSH is most popular on Unix like systems and used for remote administration, tunneling, TCP and X11 forwarding and even file transfer (SFTP and SCP).  This post will focus on SSH on windows as I mostly work with it,  and for me one of the most interesting features – the SSH tunneling / TCP forwarding.

 

Needed software

Most popular flavor on POSIX systems is OpenSSH, that includes ssh (the client),  sshd (the SSH server daemon),  scp, sftp and others.
On Windows: You can actually go with the same OpenSSH package under Cygwin (Unix-like environment for Microsoft Windows).
There are of course some Windows native servers and clients, notable:
KpyM Telnet/SSH Server, freeSSHd, the unbeatable PuTTY and its many forks with my favourite being KiTTY.
DD-WRT and Open-WRT feature Dropbear SSH server and client for its light use of resources.

 

Local port forwarding

Local port forwarding enables you to tunnel TCP traffic from your machine to ssh server or remote network that ssh server has access to.
SSH client  on your local machine listens on specified port and forwards all TCP traffic to the specified destination address and port.

For example: VNC Viewer (with traffic destined to localhost on port 5900 > SSH client listening on port 5900 and forwarding traffic to the specified IP and port on server side of the tunnel -> server ->  Other hosts that server has access to (optional).

 
Note that local port is arbitrary port number as long as you can specifiy it in software that you wish to tunnel.
 
Continue Reading

Some time ago i needed to convert a large number of rar archives to 7z but unfortunately 7-Zip doesn’t have convert archive feature. So, I’ve made a little AutoIT script that finds specified arhives and runs 7zG.exe commands to extract and compress them again into given format. At some point i added GUI for ease of use and this is the result:

Bulk 7-Zip Converter is written in AutoIT and requires 7-Zip for operation. Released under GNU LGPL license.

Currently it doesn’t support explorer integration, but I may add it at some point in time.

Compiled 32-bit binary.

Compiled 64-bit binary.

Source Code Bulk 7-Zip Converter v1.0.au3