Posts

KMS not activating clients (Windows+Office)

Image
If you have a KMS server and the server is activated but it does not give out activation keys so your clients and servers end up getting the "Active Windows" watermark, there is a good chance that your KMS servers are outside of their KMS license. NOTE : Do not get mixed up between a KMS client and a KMS server, just because its a server does not mean its a KMS server, for a KMS server you need to have the CSVLK key installed on it, also ensure you do not installed a CLVSK on anything other that a KMS server. Also if you are using a MAK key you do not require a KMS servers, if you have an Enterprise you need a KMS activation key which can be obtained from the link below: https://docs.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys DO NOT install a CSVLK key on other devices, when you install a CSVLK key on a device not intended for KMS services then that server will also listen on the port TCP:1688 - which is a bad idea. To check this run this comm

Creating an "Apt Proxy Conf" File

Apt loads all configuration files under /etc/apt/apt.conf.d. You can create a configuration specifically for our proxy there, keeping it separate from all other configurations. Create a new configuration file named proxy.conf. sudo touch /etc/apt/apt.conf.d/proxy.conf Open the proxy.conf file in a text editor. sudo vi /etc/apt/apt.conf.d/proxy.conf Add the following line to set your HTTP proxy. Acquire::http::Proxy "http://proxy.server:port/"; Add the following line to set your HTTPS proxy. Acquire::https::Proxy "http://proxy.server:port/"; Save your changes and exit the text editor. Your proxy settings will be applied the next time you run Apt.

Signing code with Timestamp server......

Image
If you have a package and you need to get it signed so that it runs without warning then you need to code sign the package or for that matter any application with a timestamp code signing certificate, this is shown in the digital certificate tab on the file as shown below: When you examine this certificate you will notice is was signed back in 2015 for this application in question however with a timestamp certificate the expiry does not matter If you view the certificate you will notice it expired back in 2016 but for installing is still valid, this is because at time of signing it was valid, so when you run this it is looking that it was signed at the time it was produced. Get the timestamp URL Once you have chosen you code signing provider, for this example I will use Entrust you will get a URL link for code sign with, this link relevant to this example is shown below: https://www.entrust.com/knowledgebase/ssl/time-stamp-url When you look at the Entrust options you get a document sig

Privatelink DNS not resolving at all with local and Azure DC's?

Image
When you Privatelink DNS does not work and you are wondering why, first you need to assess the scenario: Storage Account that uses a private endpoint and a private DNS zone Conditional forwarders on-prem that ultimately point to  168.63.129.16  which is Azure DNS Conditional forwarders are AD Integrated therefore replicating to all DC's in the forest However when you try to resolve, or ping these addresses you get host no found, you do not get the reponse, however if you connect to Azure DNS from an Azure DC and perform these commands: nslookup server 168.63.129.16 testsite.blob.core.windows.net Correct response However if you do this from the domain controller either Azure or local you get  "no response" or "host not found" The flow path looks like this from clients: Client > DNS > DC > Azure DC > Azure DNS > Privatelink However you connection does not get to Privatelink for the record it fails well before that, well actually this is what is goin

Moving SCP/OutlookAnywhere to new DNS name

In this example we need to move the SCP and OutlookAnywhere from name from autodiscover.bears.local to autodiscover.a6n.co.uk Exchange has many components that make up the e-mail service, these are shown below, this guide will be focusing on the ones in bold, the other ones will not be updated with this guide, if you have a requirement for these services to be updated please see the end of the guide - the section updated "out of scope components" AutoDiscover https://autodiscover.a6n.co.uk/Autodiscover/Autodiscover.xml Exchange Control Panel https://grr-exch.bear.local/ecp Exchange Web Services https://grr-exch.bear.local/EWS/Exchange.asmx Exchange ActiveSync https://grr-exch.bear.local/Microsoft-Server-ActiveSync Offline Address Book https://grr-exch.bear.local/OAB Outlook Web App https://grr-exch.bear.local/owa MAPI over HTTP https://grr-exch.bear.local/mapi Outlook Anywhere grr-exch.bear.local WARNING : This is SSL traffic so ensure you have the new name i