Create a Certificate on your Root CA for Cisco VCS and VCSE

You will need to generate a CSR before running the commands below. Once you recieve your CSR.txt file, you will want to change the extension from .txt to .csr.

Then copy the *.csr file to your Root Certificate Authority Server in our case we are using Windows Active Directory Certificate Services.

Now let’s generate the X.509 Certificate for Cisco

Remote Desktop Connection (RDP) into your Root CA

Copy the CSR File to your desktop

Run Command Prompt as Admin

Then run the following command,

certreq -attrib “CertificateTemplate:TEMPLATENAME” -submit CSRFILENAME.csr

The bold will need to be changed on how your organization is setup. To find your Template name.

Open Certification Authority in Windows


Once opened you will find, Certificate Templates in your hierarchy.

This is where you want to choose and change the TEMPLATENAME

Once you run the CMD command, you will then choose your Root CA Computer and choose a Save Location for your *.cer. You will then copy the file over to your computer or server where the certificate is needed.

How to Generate a CSR for Microsoft IIS 8

 Open Internet Information Services (IIS) Manager

Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager.

2. Select the server where you want to generate the certificate

In the left Connections menu, select the server name (host) where you want to generate the request.

MS IIS8 Step3

3. Navigate to Server Certificates

In the center menu, click the Server Certificates icon under the Security section near the bottom.

MS IIS8 Step3

4. Select Create a New Certificate

In the right Actions menu, click Create Certificate Request.

MS IIS8 Step4

5. Enter your CSR details

In the Distinguished Name Properties window, enter in the required CSR details and then click Next.

MS IIS8 Step5

Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article.

6. Select a cryptographic service provider and bit length

In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next.

MS IIS8 Step6

Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility.

7. Save the CSR

Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish.

MS IIS8 Step7

8. Generate the Order

Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including:

-----BEGIN CERTIFICATE REQUEST-----
And
-----END CERTIFICATE REQUEST-----
MS IIS8 Step8

How to Install iOS Apps Directly via Browser (HTML)

If you create a <a href=”HTTP://DIRECTLY TO IPA FILE”></a> it will be a zip archive which is not what we want. We want to click a link apple pops up with an Install this app button.

To do this we must reference itms services in our a href and create an action for download to the manifest.plist file in HTML.

You will need to edit the manifest file to link to the *.ipa file generated by Xcode , once you have updated the manifest links. You will then use the code below to reference the manifest.plist file.

<a href=”itms-services://?action=download-manifest&url=https://yourlink/manifest.plist”>App Download</a>

You will then go to the link of your html file where you placed this <a href=””></a> and click it on your IOS device. You will then be prompted to install the app and if the links are correct in your manifest, it should install properly.

How to demote a Domain Controller (DC) in Windows Server 2012 Active Directory Domain Services (AD DS)

In previous versions of Windows Server to demote a domain controller you would use the DCPROMO.exe utility.  In Windows Sever 2012 the DCPROMO utility has been deprecated.

In Windows Server 2012 we will use Server Manager or PowerShell to demote the DC.  In this blog I will be using the GUI to demote the server manager. So let’s get started.

To demote a DC from AD DS complete the following steps:

Use Server Manager to remove the Active Directory Domain Services Role.

Launch Server Manager, select the Manage drop down menu, select Remove roles and features.

  1. Review the Before You Begin page, Click Next.
  2. On the Select installation type page ensure Role-based or feature-based installation radial button is selected, click Next.
  3. On the Select destination server page Select the desired server from the Server Pool.

Note:  The 2012 Server Manager allows roles and features to be installed remotely.

  1. On the Remove Roles and Features Wizard, click on the Active Directory Domain Services box to remove the check box.
  1. The Remove Roles and Features dialog box Remove features that require Active Directory Domain Service pops up, select Remove Features.
  2. On the Remove Roles and Features Wizard dialog box Validation Results box will appear.  The domain controller must be demoted before continuing.  Click on Demote this domain controller.
  1. On the Active Directory Domain Services Configuration Wizard enter the required credentials to demote this server, click Next.

Note:  To demote replica domain controller you must be at the least a Domain Admin to remove an entire domain from the forest or to demote the last DC of a Forest you must provide Enterprise Admin credentials.

Note:  Only select Force the removal of this domain controller if the DC and not communicate with the remaining DCs.

  1. On the New Administrator Password, enter and confirm the new local administrator account password, click Next.
  1. On the Review Options verify the information is correct and click Demote.

This will begin the demotion process.  To finish the demotion the server will automatically restart.

Note:  When the server restarts it will be a member of the domain that is was previously a domain controller in.

Note:  The Binaries for AD DS are still installed on the server.  If this server is not going to be promoted back to a domain controller in the future rerun the Remove Roles and Features Wizard to remove the AD DS Role from the server.

Verifying the Removal of AD DS

  1. Logon to the server hosting the DNS service for the domain using the Administrator account credentials.
  2. Launch the DNS console and verify the deletion of Service Records for the removed domain controller.

Active Directory Domain Services is now been removed from this server.

How to Transfer FSMO Roles to another Domain Controller

Recently we had replication issues with one of our customers domain controllers. Because of this we had to demote the domain controller and promote it to start replication again. The problem with this if a FSMO role is assigned to the domain controller you must transfer the role first.

Not sure what roles are assigned to a specific server?

Open Command Prompt as Administrator then type netdom query fsmo

Once you find the domain controller that is not replicating properly then find what FSMO roles are assigned to the DC. Next, you will want to transfer the roles away from the Domain Controller. To find the server that is not replicating properly.

Type: repadmin /showrepl

This will then show you the last attempt as successful or a problem has occured.

You can also check Event Viewer Application and System logs for additional replication details if it’s failing. Filter by Critical and Error.
  1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
  2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  3. Type roles, and then press ENTER.


    Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
  4. Type connections, and then press ENTER.
  5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.
  6. At the server connections prompt, type q, and then press ENTER.
  7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.
  8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Once the roles have been transferred, use
netdom query fsmo to double check the transferred role.

Access Restrictions on Microsoft Azure App Service.

We recently had a customer that wanted to use Cloud Flare as their Content Delivery Network, DNS provider. Although they wanted ALL traffic to be routed through Cloud Flare and any traffic not going thru cloud flare should be declined. You can do this thru access restrictions in Microsoft Azure.

Login to https://portal.azure.com

On the left Select App Services

Find and choose your app service for your business

Once you have choosen your app service you will want to then click Networking

Then find Access Restrictions and click Configure Access Restrictions

You will then select Add Rule then type in the Allow IP addresses and Deny all Rules.



How to find the which users have not logged in AD for 90 days?

You can do this through Powershell.

import-module activedirectory
$90Days = (get-date).adddays(-90)
Get-ADUser -properties * -filter {(lastlogondate -notlike “*” -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $True) -and (PasswordNeverExpires -eq $false) -and (whencreated -le $90days)} | select-object name, SAMaccountname, passwordExpired, PasswordNeverExpires, logoncount, whenCreated, lastlogondate, PasswordLastSet, lastlogontimestamp | export-csv c:\Scirpts\90days.txt

How to connect to Linux/Debian/CentOS using Putty

This question has been asked multiple times in my career. Sometimes, I overlook the basics but in my blog, NodeSea. We try to provide the beginners with the information necessary to succeed. NodeSea will provide both Beginner and Enterprise power users! If you have anything you’d like us to document upon, please contact us!

Let’s get started. To connect to a Linux server you will want to download a free program called Putty.

Windows 64-Bit (*.exe): https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe

All other versions: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Once you have downloaded Putty, open it. It should only take 30-60 seconds to download, dependent on Internet Speed of course.

Once you open Putty , it will look like this

All Linux OS will communicate on Port 22 , Although your Systems Administrator or hosting company may change this. You will need to find the Port if you cannot connect to SSH using port 22.

Next you will want to Type in the IP address then select Open

You will then receive a security prompt, select Yes.

Putty will then ask you for your Login As: (Username) and password. Once you type your username and press Enter the password field will popup. Normally this username is root

Type in your password then press enter.

You will now be connected to your Linux Server! Once the # appears your ready to type commands. Type df -h for disk information to make sure you are connected properly.

Stay tuned for more articles on how to manage your Linux Server!

How To Fix TF30063 Error – You Are Not Authorized To Access Team Foundation Service Error

Recently I was working with Microsoft Visual Studio 2017 and got the following error with TFS, which says, “You are not authorized to access Team Foundation Service”. The error code was TF30063. This was a surprise for me because it was working earlier. I do not have any clue about this.

This error was occurring when I was going to check in, pending changes in TFS.

Team Foundation Service error

“TF30063: You are not authorized to access xyz.visualstudio.com.”
As per my analysis, there could be so many reasons and it could be different for each. We can resolve this issue, using the following ideas

Team Foundation Service error

STEP 1

We can try to connect our project again, just click to icon next to Home icon and choose your project and then right click on project and click to Connect. This will be reconnected with project and we will able to access our project.



STEP 2

As we know, TFS is directly connect with IE browser. So, just open your Internet Explorer and logout with TFS account if you logged in.

After successfully logging out, you just need to login again with your TFS account in IE. Before logginin into IE, please check the version of IE browser. It should be above IE 9. Once you have successfully logged in with TFS in IE, go to Visual Studio and check  and the error will be gone.

Team Foundation Service error

STEP 3

We can also log in with TFS internally with Visual Studio. Go to View Menu, choose Other Windows, and then select Web Browser. You can directly access this browser using “Ctrl + Alt + R”.



It will open Web Browser inside Visual Studio. You just need to log in with your TFS account here. If you are able to login successfully, this issue will be gone.

STEP 4

Sometimes if you are working with multiple TFS account in the same system then TFS caches the credentials for those TFS accounts and throws the error when you are going to login or perform any activities with TFS account. So, for this you can clear the TFS cache and reconnect the TFS.

You can clear TFS’s cache from following location, just change the user name as per your system.

C:\Users\UserName\AppData\Local\Microsoft\Team Foundation\7.0\Cache

Once cache will delete, probably TFS will ask for credential to reconnect. You need to provide valid credentials and TFS will work.

Team Foundation Service error

STEP 5

If all above steps have failed to resolve this issue, I believe you just need to remove TFS server and add again with Visual Studio.



We can manage all TFS server from Team menu in Visual Studio. To manage server, just click to Manage Connections and here you will find all the added connection. Just remove appropriate one and add again.

Free SNMP/Network/Services Uptime Monitoring (PRTG)

I have worked with PRTG for more then 6 years. This company is very reputable and is great for monitoring uptime and service level agreements for services. It also allows you to configure a Mail Server to receive alerts via email/text message/etc. It’s also FREE, you can’t beat free!

You can specify domain accounts using LDAP for automatic account provisioning.

In the upper right you can review what services are online, down sensors, paused alerts etc.

You can also specify whatever sensor you wish using SNMP.

If you want to get really granular you can use SNMP to notify you of hardware failures!

https://www.paessler.com/prtg