Are you over 18 and want to see adult content?
More Annotations
A complete backup of https://erica.biz
Are you over 18 and want to see adult content?
A complete backup of https://meubilair.org
Are you over 18 and want to see adult content?
A complete backup of https://krampouz.com
Are you over 18 and want to see adult content?
A complete backup of https://nietzsche.ru
Are you over 18 and want to see adult content?
A complete backup of https://ataxia.org.uk
Are you over 18 and want to see adult content?
A complete backup of https://homecleaningkw.com
Are you over 18 and want to see adult content?
A complete backup of https://paydayloans2018.com
Are you over 18 and want to see adult content?
A complete backup of https://beligas.org
Are you over 18 and want to see adult content?
A complete backup of https://plusport.ch
Are you over 18 and want to see adult content?
A complete backup of https://du-home-internet.org
Are you over 18 and want to see adult content?
A complete backup of https://movingworlds.org
Are you over 18 and want to see adult content?
A complete backup of https://houseofbeautyworld.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of mollisonkeightley.com
Are you over 18 and want to see adult content?
A complete backup of fivescarynights.com
Are you over 18 and want to see adult content?
A complete backup of thekatrinaruthshow.com
Are you over 18 and want to see adult content?
Text
templates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is ESTABLISHING A GCP VPN TUNNEL TO AZURE VIRTUAL WAN; ACTIVE This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPC and Azure’s Virtual WAN VPN Gateway, propagating routes dynamically via ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN 4 thoughts on “ Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration ” Anthony March 25, 2021 at 12:53 pm. Hi Jack, thanks for a well organized post. Were following an hub and spoke VNET architecture, We’ve already created these VNETs and have assigned CIDR addresses. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave.SCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. WARNING: SHORT FILE NAME CREATION SHOULD BE DISABLED Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.. Severity: Warning Short file name creation should be disabled. What is short file name creation? Back in the good ol’ days of windows, filenames were limited to a format of 8 characters for the name, a USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is ESTABLISHING A GCP VPN TUNNEL TO AZURE VIRTUAL WAN; ACTIVE This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPC and Azure’s Virtual WAN VPN Gateway, propagating routes dynamically via ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN 4 thoughts on “ Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration ” Anthony March 25, 2021 at 12:53 pm. Hi Jack, thanks for a well organized post. Were following an hub and spoke VNET architecture, We’ve already created these VNETs and have assigned CIDR addresses. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave.SCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. WARNING: SHORT FILE NAME CREATION SHOULD BE DISABLED Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.. Severity: Warning Short file name creation should be disabled. What is short file name creation? Back in the good ol’ days of windows, filenames were limited to a format of 8 characters for the name, a USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is ESTABLISHING A GCP VPN TUNNEL TO AZURE VIRTUAL WAN; ACTIVE This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPC and Azure’s Virtual WAN VPN Gateway, propagating routes dynamically via ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN 4 thoughts on “ Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration ” Anthony March 25, 2021 at 12:53 pm. Hi Jack, thanks for a well organized post. Were following an hub and spoke VNET architecture, We’ve already created these VNETs and have assigned CIDR addresses. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave.SCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. WARNING: SHORT FILE NAME CREATION SHOULD BE DISABLED Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.. Severity: Warning Short file name creation should be disabled. What is short file name creation? Back in the good ol’ days of windows, filenames were limited to a format of 8 characters for the name, a USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? FORD EXPLORER SPORT 2013 Marcia December 4, 2014 at 6:02 pm. Just bought a used 2013 explorer and no door code was given to me. I looked for the number way under the steering wheel area as directed above. The code listed there consisted of : 2 letters. 3 numbers. 1 letter. 3 numbers. There is HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. JUNE | 2021 | JACK STROMBERG This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPN Gateway and Azure’s Virtual WAN VPN Gateway, enabling route HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave. CHEAT SHEET ON AZURE SUBNETTING 2 thoughts on “ Cheat sheet on Azure Subnetting ” Tony January 27, 2021 at 1:43 pm. The size of the AzureFirewallSubnet subnet is /26. For more information about the subnet size, see Azure Firewall FAQ. – per the documentation may want to update from /25 ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN 3 thoughts on “ Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration ” Anthony March 25, 2021 at 12:53 pm. Hi Jack, thanks for a well organized post. Were following an hub and spoke VNET architecture, We’ve already created these VNETs and have assigned CIDR addresses. USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. HOW TO UPDATE HOME ASSISTANT DOCKER CONTAINER Deploy the container. Make sure your replace the name and value of the image with the values in the previous step. In addition, ensure you specify the correct path to where you existing configuration files exist to have the container load your existing configurations. sudo docker run --init -d --restart=always --name="home-assistant" -e "TZ USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. JUNE | 2021 | JACK STROMBERG This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPN Gateway and Azure’s Virtual WAN VPN Gateway, enabling route HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave. CHEAT SHEET ON AZURE SUBNETTING 2 thoughts on “ Cheat sheet on Azure Subnetting ” Tony January 27, 2021 at 1:43 pm. The size of the AzureFirewallSubnet subnet is /26. For more information about the subnet size, see Azure Firewall FAQ. – per the documentation may want to update from /25 ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN 3 thoughts on “ Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration ” Anthony March 25, 2021 at 12:53 pm. Hi Jack, thanks for a well organized post. Were following an hub and spoke VNET architecture, We’ve already created these VNETs and have assigned CIDR addresses. USING AZURE HYBRID CONNECTION MANAGER TO REACH One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. HOW TO UPDATE HOME ASSISTANT DOCKER CONTAINER Deploy the container. Make sure your replace the name and value of the image with the values in the previous step. In addition, ensure you specify the correct path to where you existing configuration files exist to have the container load your existing configurations. sudo docker run --init -d --restart=always --name="home-assistant" -e "TZ USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant UPGRADING NETWORK POLICY SERVER FROM SERVER 2008 R2 TO Synopsis: This tutorial will cover a basic “upgrade” path to go from Server 2008 R2 to Server 2012 R2. This tutorial assumes you have a single Network Policy Server and you are wishing to reuse the same machine name, IP, and settings. In environments needing high availability, you will need to complete each of the steps below, adding/removing each server being upgraded from your networkSCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
WARNING: SHORT FILE NAME CREATION SHOULD BE DISABLED Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.. Severity: Warning Short file name creation should be disabled. What is short file name creation? Back in the good ol’ days of windows, filenames were limited to a format of 8 characters for the name, a USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. SYSTEM CENTER 2012 R2 13 thoughts on “ System Center 2012 R2 – The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database ” G-Man December 9, 2014 at 7:03 pm. Great article and a terrific help for those of us trudging through SCCM for work, a fantastic effort mate! 1 thing I did notice in my instance is that I had to POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE Install Z-Wave JS Integration. I would recommend a full refresh of the web page for Home Assistant and then navigate back to Configuration -> Integrations. Click the Add Integration button and search for Z-Wave JS. Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant UPGRADING NETWORK POLICY SERVER FROM SERVER 2008 R2 TO Synopsis: This tutorial will cover a basic “upgrade” path to go from Server 2008 R2 to Server 2012 R2. This tutorial assumes you have a single Network Policy Server and you are wishing to reuse the same machine name, IP, and settings. In environments needing high availability, you will need to complete each of the steps below, adding/removing each server being upgraded from your networkSCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input. USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
WARNING: SHORT FILE NAME CREATION SHOULD BE DISABLED Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.. Severity: Warning Short file name creation should be disabled. What is short file name creation? Back in the good ol’ days of windows, filenames were limited to a format of 8 characters for the name, a USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. SYSTEM CENTER 2012 R2 13 thoughts on “ System Center 2012 R2 – The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database ” G-Man December 9, 2014 at 7:03 pm. Great article and a terrific help for those of us trudging through SCCM for work, a fantastic effort mate! 1 thing I did notice in my instance is that I had to POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? JUNE | 2021 | JACK STROMBERG This is a quick reflection of the steps I took to establish two IPSec tunnels between GCP’s VPN Gateway and Azure’s Virtual WAN VPN Gateway, enabling route HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA Goal of this tutorial. This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARMtemplates in Azure.
HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A Joe user September 3, 2020 at 4:44 pm. HOW TO CREATE A BOOTABLE BIOS FLASH USB MEMORY KEY. 1. Attach a USB memory key to your Windows system, then format the USB memory key. Note: A medium formatted with NTFS or exFAT is not supported by this Flash Update process. DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
UPGRADING NETWORK POLICY SERVER FROM SERVER 2008 R2 TO Synopsis: This tutorial will cover a basic “upgrade” path to go from Server 2008 R2 to Server 2012 R2. This tutorial assumes you have a single Network Policy Server and you are wishing to reuse the same machine name, IP, and settings. In environments needing high availability, you will need to complete each of the steps below, adding/removing each server being upgraded from your network MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 30 seconds. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. HOW TO HIDE USERS FROM THE GAL IN OFFICE 365 SYNCHRONIZED 39 thoughts on “ How to hide users from the GAL in Office 365 synchronized from on-premises ” gdogg121 October 3, 2018 at 10:44 am. Hello, I tried this. I also ran a manual Address List update using PowerShell by giving myself the Address List Manager role. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave. UPGRADING NETWORK POLICY SERVER FROM SERVER 2008 R2 TOSTANDALONE NPS SERVERWINDOWS SERVER NPS Synopsis: This tutorial will cover a basic “upgrade” path to go from Server 2008 R2 to Server 2012 R2. This tutorial assumes you have a single Network Policy Server and you are wishing to reuse the same machine name, IP, and settings. In environments needing high availability, you will need to complete each of the steps below, adding/removing each server being upgraded from your network HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input.SCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
SYSTEM CENTER 2012 R2 13 thoughts on “ System Center 2012 R2 – The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database ” G-Man December 9, 2014 at 7:03 pm. Great article and a terrific help for those of us trudging through SCCM for work, a fantastic effort mate! 1 thing I did notice in my instance is that I had to POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? SYSVOL AND GROUP POLICY OUT OF SYNC ON SERVER 2012 R2 DCS 66 thoughts on “ SYSVOL and Group Policy out of Sync on Server 2012 R2 DCs using DFSR ” Alex August 25, 2014 at 6:18 am. Beautiful article but you need to mention that the DFS Replication service needs to be stopped in advance and then started during the process, you can check with Microsoft article (which failed to mention about that as well but mentioned the steps we need to run the ERROR: DHCP: CREDENTIALS FOR DNS UPDATE SHOULD BEDHCP DNS DYNAMIC UPDATEDHCP UPDATE DNS RECORDSLINUX DHCP DNS SERVERWINDOWS DHCP NOT UPDATING DNSDNS NOT UPDATING FROM DHCP Jack Post author December 11, 2014 at 4:02 pm. Hi Vitality, You will need to restart the service so that it runs under the credentials of the new user account. Downtime should be very minimal, especially if you have DHCP clustered in Server 2012. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave. UPGRADING NETWORK POLICY SERVER FROM SERVER 2008 R2 TOSTANDALONE NPS SERVERWINDOWS SERVER NPS Synopsis: This tutorial will cover a basic “upgrade” path to go from Server 2008 R2 to Server 2012 R2. This tutorial assumes you have a single Network Policy Server and you are wishing to reuse the same machine name, IP, and settings. In environments needing high availability, you will need to complete each of the steps below, adding/removing each server being upgraded from your network HOW TO VALIDATE NUMERIC-INTEGER INPUT IN C SAHIL ROHILLA April 23, 2021 at 11:35 pm. The above discussion was helpful. I was able to do my homework. This allows only positive values and asks for user input again if the negative value or character values are input.SCCM 2012 R2
Symptom: When trying to deploy System Center Configuration Manager 2012 R2, you receive the following status under the Prerequisite Check of the deployment. Configuration Manager Setup requires that the site server computer has administrative rights DEPLOYING PALO ALTO VM-SERIES ON AZURE At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the Palo Alto to allow it to route traffic properly on your Virtual Network (VNet) in Azure. The steps outlined should work for both the 8.0 and 8.1 versions of the Palo Alto VM-Series appliance. Please note, this tutorial also assumesyou
USING FIDDLER TO DEBUG SAML TOKENS ISSUED FROM Double click fiddlersetup.exe. Agree to the End User License Agreement. Set the installation directory and click Install. Close the setup wizard. Launch Fiddler. Click Cancel if prompted about AppContainers. With Fiddler open click on Tools -> Telerik Fiddler Options. Click on the HTTPS tab and check Decrypt HTTPS traffic andclick OK.
SYSTEM CENTER 2012 R2 13 thoughts on “ System Center 2012 R2 – The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database ” G-Man December 9, 2014 at 7:03 pm. Great article and a terrific help for those of us trudging through SCCM for work, a fantastic effort mate! 1 thing I did notice in my instance is that I had to POWERSHELL COMMAND TO FIND ALL DISABLED USERS IN ACTIVE 4 thoughts on “ PowerShell command to find all disabled users in Active Directory ” abbas July 16, 2015 at 2:21 pm. Hi Jack, thanks for that lovely website. I am trying to use you above command but need to drill a bit down to a specific ou other wise I will have tones of results. and can I make the query save my result into a text file? SYSVOL AND GROUP POLICY OUT OF SYNC ON SERVER 2012 R2 DCS 66 thoughts on “ SYSVOL and Group Policy out of Sync on Server 2012 R2 DCs using DFSR ” Alex August 25, 2014 at 6:18 am. Beautiful article but you need to mention that the DFS Replication service needs to be stopped in advance and then started during the process, you can check with Microsoft article (which failed to mention about that as well but mentioned the steps we need to run the ERROR: DHCP: CREDENTIALS FOR DNS UPDATE SHOULD BEDHCP DNS DYNAMIC UPDATEDHCP UPDATE DNS RECORDSLINUX DHCP DNS SERVERWINDOWS DHCP NOT UPDATING DNSDNS NOT UPDATING FROM DHCP Jack Post author December 11, 2014 at 4:02 pm. Hi Vitality, You will need to restart the service so that it runs under the credentials of the new user account. Downtime should be very minimal, especially if you have DHCP clustered in Server 2012. HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI Select the Restart button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes. Click OK to Restart. Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave.ENTERPRISE PKI
Synopsis: After the first year of deployment of one of my two-tier Enterprise PKI environments, I noticed that certificates were generating weird errors, new certificates could not be issued automatically, nor could certificates be requested manually.. Here is an image of what the subordinate certificate authority looked like in Server Manager; showing CDP Location #1 expired. USERACCOUNTCONTROL ATTRIBUTE/FLAG VALUES Here is a comprehensive list of UserAccountControl attribute/flag values I have come across when working on LDAP projects. ENABLING SSL ON WINDOWS SERVER UPDATE SERVICES (WSUS Login to your WSUS server. Open up Server Manager. Select Tools -> Internet Information Services (IIS) Manager. Generate a SSL certificate. Click on your Server and select Server Certificates. If you have your own PKI environment, follow these steps, if not, jump to step three. Click Create Domain Certificate on the right side. ADFS RELAY STATE GENERATOR I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. DEPLOYING CISCO VIRTUAL APPLIANCES (NGFWV) ON AZURE 5 thoughts on “ Deploying Cisco Virtual Appliances (NGFWv) on Azure ” Sara McCormick July 19, 2019 at 1:26 pm. I want to thank you for this post and the ARM template! It has saved me an amazing amount of work. For any future users, I’d like to point out one small bug inthe template.
USING TERRAFORM WITH AZURE VM EXTENSIONS Using VM Extensions with Terraform to customize a machine post deployment. Continuing along the lines of customizing a virtual machine post deployment, Azure has a handy dandy extension called CustomScriptExtension. What this extension does is allow you to arbitrarily download and execute files (typically PowerShell) after avirtual machine has
HOW TO INSTALL IIS ON SERVER 2012 AND SERVER Here is a tutorial on how to install IIS on Server 2012 and Server 2012 R2. The installation process for this is very straight forward and does not differ much from Server 2008 R2. CONFIGURING EXTERNAL TIME SOURCE ON YOUR PRIMARY DOMAIN 23 thoughts on “ Configuring external time source on your Primary Domain Controller ” Pingback: Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2 | Jack Stromberg Alex December 18, 2014 at 7:10 am. Tried this, on 2008R2 DC all went fine, but when i do run first command to check the source (::GetCurrentForest().RootDomainSQL SERVER 2008 R2
Symptom: When changing an SSL certificate inside of the SQL Server 2008 R2 Reporting Services Configuration Manager, you receive the following error:. Create certificate binding. When you click on “Tell me more about the problem and how to resovle it.” you receive the following: Microsoft.ReportingServices.WmiProvider.WMIProviderException: An SSL binding already exists forJACK STROMBERG
A SITE ABOUT STUFF
Menu Skip to content* Home
* ADFS Relay State Generator* ASCII Table
* Browser Info
* Gallery
* HTML Encoder/Decoder* NSLookup
* O365 Smart Link/SSO Link Generator* SPF Generator
* Subnet Calculator
* Uptime Percentage Chart * Base64 Encoder-Decoder * Caesarian Shift (Rot-n)* Hashing
* URL Encoder/Decoder * Hexadecimal Converter * Letters/Numbers Encoder/Decoder * MAC Address Lookup * What’s My IP Address* Contact
ESTABLISHING AN AWS VPN TUNNEL TO AZURE VIRTUAL WAN; ACTIVE/ACTIVEBPG CONFIGURATION
3 Replies
This is a quick reflection of the steps I took to establish two IPSec tunnels between AWS’ VPG and Azure’s Virtual WAN VPN Gateway, propagating routes dynamically via BPG and ensuring High Availability. The design itself is a bit interesting since AWS and Azure differ on how connections are established to remote peers. When everything is said and done, you’ll end up with a diagram that conceptually looks something like this: NOTE: IT IS RECOMMENDED TO START WITH THE VIRTUAL WAN SIDE FIRST SINCE YOU CANNOT MODIFY THE IP ADDRESS OF A CUSTOMER GATEWAY IN AWS CREATE AZURE VIRTUAL WAN AND VIRTUAL WAN HUB On the Azure side, first we need to create a Virtual WAN resource and a Virtual WAN Hub, which will contain our VPN Gateway. If you have already created these, you can skip to the next session. First, click the “Hamburger” icon and select CREATE A RESOURCE Search for VIRTUAL WAN and select it from the list in the marketplace.Select CREATE
Specify the resource group and region you wish to deploy the Virtual WAN resource to. Specify a name for your Virtual WAN resource and click REVIEW + CREATE Click CREATE to start provisioning the Virtual WAN resource. Once the resource is created, click GO TO RESOURCE to navigate to your Virtual WAN resource. On the Virtual WAN resource, select NEW HUB from the top menu. Specify the name of the Hub and an address space that can be used for all the networking components Virtual WAN will deploy into the Virtual Hub. Click NEXT : SITE TO SITE > On the SITE TO SITE tab, toggle YES that you want to provision a VPN Gateway, and specify the scale units you need. Click the REVIEW + CREATE button when done. Click the CREATE button to start provisioning the Hub and VPN Gateway. Please note this can take up to 30 minutes to complete. CONFIGURE CUSTOMER BGP IP ADDRESS FOR VIRTUAL WAN VPN GATEWAYINSTANCES
Once provisioning is completed, navigate back to the Virtual WAN resource. You can do this by clicking the “Hamburger” icon and searching for VIRTUAL WAN Select your Virtual WAN resource. You should now see your Virtual WAN Hub resource you provisioned. Select the Virtual WAN Hub. On the Virtual WAN Hub, click on the VIEW/CONFIGURE link. On the VIEW/CONFIGURE Gateway Configuration blade, specify 169.254.21.2 as the CUSTOM BGP IP ADDRESS for INSTANCE 0 and 169.254.22.2 as the CUSTOM BGP IP ADDRESS for INSTANCE 1. Notate the Public IP address uses for Instance 0 and 1 and then click EDIT and CONFIRM to apply the changes. CREATE VIRTUAL WAN VPN SITE On the Virtual WAN Hub, click CREATE NEW VPN SITE Specify a name for your VPN Site to define the connection connecting to AWS. Click NEXT : LINKS > On the LINKS tab, add two entries with the following values (to tell VWAN how to connect to each of the AWS Site-to-Site connections). Note: this is very similar to AWS’ Customer Gateway section.Link 1:
* Link Name; AWS_Tunnel1* Link Speed: 1000
* Link Provider Name: AWS * Link IP address: 1.1.1.1 (this is a placeholder value until we configure the AWS side) * Link BGP address: 169.254.21.1* Link ASN: 64512
Link 2:
* Link Name; AWS_Tunnel2* Link Speed: 1000
* Link Provider Name: AWS * Link IP address: 1.1.1.2 (this is placeholder value until we configure the AWS side) * Link BGP address: 169.254.22.1* Link ASN: 64512
Click NEXT: REVIEW + CREATE >Click CREATE
Click GO TO RESOURCE once the links have finished being created. CONFIGURE PHASE 1/2 PROPOSALS Select your Virtual WAN hub on the Virtual WAN Overview blade. Check the box for the new VPN SITE NAME and click the CONNECT VPNSITES button
Specify the following configuration:* Protocol: IKEv2
* IPSec: Custom
* IKE Phase 1:
* Encryption: GCMAES256 * GCM algorithm is more efficient and can improve throughput on theAzure Gateways
* Integrity/PRF: SHA256 * DH Group: DHGroup14 * IKE Phase 2 (ipsec): * IPSec Encryption: AES256 * AWS does not support GCM algorithm for IPSec integrity at time of writing this, but if it is available, you may want to opt for that * IPSec Integrity: SHA256* PFS Group: PFS14
Click CONNECT
CONFIGURE AWS
PREREQUISITES
This guide assumes you have a VPC already (in my case, mine is called AWS-OHIO-VPC), a corresponding set of subnets for your servers, and a route table associated to your VPC. Note: An AWS VPC is the equivalent of a VNet in Azure. One thing that is different between AWS and Azure is that in AWS you do not need to specify a subnet for your Gateways (i.e. “GatewaySubnet”). CREATE THE CUSTOMER GATEWAYS Customer Gateways in AWS are the equivalent of a local network gateway that you’d associate to a connection for a traditional VPN Gateway in Azure. It is also the equivalent of a defined Site Link for Azure’s Virtual WAN VPN configuration. In this section, you will need to create two Customer Gateways. Specify the corresponding instance value obtained from the CONFIGURE CUSTOMER BPG IP ADDRESS section. When creating the Customer Gateways ensure DYNAMIC routing is enabled and the BGP ASN is specified as65515.
Configuration for the second Customer Gateway using the Instance 1 Gateway Public IP address.*
CREATE A VIRTUAL PRIVATE GATEWAY Next we need to create an AWS Virtual Private Gateway. This is the equivalent of Azure’s VPN Gateway. CREATE VPN CONNECTIONS We need to create two VPN Connections, each VPN Connection linked to its corresponding Customer Gateway and VPC. On the Inside IPv4 CIDR for Tunnel 1 on the first VPN Connection, ensure you use 169.254.21.0/30 as the BGP Peer addresses and 169.254.21.4/30 for the second tunnel. Due to the way that the VPN Connection works, we are using a placeholder value of 169.254.21.4/30 tunnel, which will never be used in practice since we cannot point it to leverage Azure’s secondary VPN Gateway instance. This value must be specified as if we define the secondary BGP Peer address that will be created for the secondary instance in VWAN, you will receive an error that overlapping address space exists between this VPN Connection and the secondary VPN connection we create in AWS. When creating the second VPN connection, ensure 169.254.22.0/30 is specified for Inside IPv4 CIDR for Tunnel 1 and 169.254.22.4/30 is specified for Inside IPv4 CIDR for Tunnel 2 (which is again a placeholder value that won’t be used). CONFIGURE ROUTE TABLE TO PROPAGATE ROUTES To allow the learned routes from BGP propagate to the VPC, you need to enable route propagation on your Route Table. Navigate to ROUTE TABLES and select your Route Table and click the ROUTE PROPAGATION tab and select EDIT ROUTE PROPAGATION Check the PROPAGATE box and click SAVEUPDATE AZURE
UPDATE AZURE SITE LINK IP ADDRESSES As per the CONFIGURE PHASE 1/2 PROPOSALS section for Azure Virtual WAN, you specified 1.1.1.1 and 1.1.1.2 as a placeholder value for the Public IP addresses of the AWS VPN Gateway instances. We will need to update these addresses with the proper values. Naviate to your Virtual WAN instance and select your Virtual WAN hub Select VPN (SITE TO SITE) and choose click on the SITE NAME youcreated
Click on the three dots (ellipsis) for AWS_Tunnel1 and click EDITLINK.
Specify the proper IP address for Tunnel 1 on AWS Site-to-Site connection 1. Click CONFIRM. Click on the three dots (ellipsis) for AWS_Tunnel2 and click EDITLINK.
Specify the proper IP address for Tunnel 1 on AWS Site-to-Site connection 2. Click CONFIRM.VERIFY CONNECTIVITY
On the Azure Side, you should see the VPN Site’s Connectivity statuschange to CONNECTED
You can also select a Virtual Machine that may have it’s virtual network attached to the VWAN Hub and validate you see learned routes from the VWAN Hub (and AWS) propagated into the VNet. TIP: You can see the same route twice as we have both VPN Gateway instance BGP Peers actively connected to AWS. In the event you lose a peer, you would only see one route to one gateway listed. On the AWS side, you can validate for each Site to Site VPN connection that you see TUNNEL 1‘s status as UP and TUNNEL 2‘s status as DOWN (remember, Tunnel 2 will always be listed as down because a fictitiousBGP is specified).
Here you can see the secondary Site-to-Site connection with the same status: UP for Tunnel 1, DOWN for Tunnel 2 * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Microsoft Azure, Networking
on March 18, 2021
by Jack .
HOW TO UPGRADE HOME ASSISTANT Z-WAVE INTEGRATION TO Z-WAVE JS FORDOCKER
Leave a reply
If you’ve been following my last two tutorials (Home Assistant + Docker + Z-Wave + Raspberry Pi | Jack Stromberg and How to update Home Assistant Docker Container | Jack Stromberg)
on running Home Assistant via Docker and how to keep the container updated, you may have noticed that 2021 has been a big year for larger changes, with a surprising change coming to how Home Assistant handlesZ-Wave Devices.
In Home Assistant v2021.2, Home Assistant announcedthe
Z-Wave integration as deprecated in favor of a new integration called Z-Wave JS. In Home Assistant v2021.3, many fixes were implemented, with the notable limitation of Door Sensors being removed.SO WHY THE CHANGE?
As per the Home Assistant v2021.2 announcement:
More and more people were concerned about the future of Z-Wave with Home Assistant; meanwhile the Z-Wave JSproject was rapidly
growing and gathering a large community around it. Long story short: Home Assistant and Z-Wave JS teamed up! And a lot of contributors jumped on the train! This new integration is based on the same base principles as the OpenZWave integration: It is decoupled from Home Assistant. Instead of MQTT, the Z-Wave JS integration uses a WebSocket connection to aZ-Wave JS server.
This means, in order to use this new integration, you’ll need to run the Z-Wave JS server that sits in between your Z-Wave USB stick and Home Assistant. There are multiple options available for running the Z-Wave JS server, via Docker or manually, and there is also a Home Assistant add-on available. SO HOW DO I UPGRADE? This article reflects the steps I took to update my Z-Waveimplementation.
ENSURE YOU ARE RUNNING HOME ASSISTANT V2021.3.2 OR GREATER This will ensure you have support for most all sensors. You can find your Home Assistant version by selecting the CONFIGURATION gear on the left menu, and then selecting INFO Here you should see the version of Home Assistant (in my case2021.3.2)
If you are not running the latest version, you can follow my upgrade steps here: How to update Home Assistant Docker Container | JackStromberg
CREATE A BACKUP
It’s rather critical to create a backup, especially in this case if you need to roll back to the older OpenZWave integration if you find many of your devices not being compatible. One downside in not using Home Assistant’s OS is you don’t have the “Supervisor” option to create a full backup. To complete this step, I’d recommend checking out this blog post here which provides several options: Backing up Home Assistant | Tinkering with Home Automation (ceard.tech) Alternatively, you can be extremely lazy and less cautious by simply copying the configuration folder containing your docker config: sudo cp /home/docker/home-assistant/ /home/docker/home-assistant-backup/ -R UPDATE YOUR OPERATING SYSTEM Execute the following commands against your machine: sudo sh -c 'apt update && apt upgrade' Make sure you restart your machine to ensure your kernel updates tothe latest version:
sudo shutdown -r -t now DOCUMENT Z-WAVE ENTITY IDS The easiest way to do this is to navigate to DEVELOPER TOOLS (hammer icon on the left menu) and then type NODE_ID into the ATTRIBUTEScolumn’s filter.
In this case, you’ll want to write down the node_id and the name of the entity it maps to. If you want to do this quickly, you can single click on the table, press Control + A to select all contents, or cmd+a on a Mac, and copy the contents into Word or Excel (Excel worksremarkably well).
DOCUMENT & COMMENT Z-WAVE STICK HARDWARE ID AND NETWORK KEY SSH to your server and find your configuration.yaml file (if using my tutorial it should be /home/docker/home-assistant/configuration.yaml).Open the file in vi
sudo vi configuration.yaml Find the section of code labeled zwave: and copy the information (we’ll need it later) as well as comment out the following lineslike so:
#zwave:
# usb_path: /dev/ttyACM0 # network_key: "0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99" Type :WQ to write the changes to the file and quit vi UNINSTALL Z-WAVE INTEGRATION Navigate to CONFIGURATION -> INTEGRATIONS Click the three dots on the Z-WAVE integration and select DELETE Click OK when prompted Click OK on the prompt that you should restart home assistant (it won’t restart home assistant at this point) RESTART HOME ASSISTANT While we can restart Home Assistant from the web UI, we need to ensure that the Docker container running home assistant no longer needs access to your Z-Wave stick directly (Z-Wave JS Server will be what interfaces with the device directly). In this case, you will need to SSH into your Home Assistant server and stop / remove / start the container accordingly. STOP THE DOCKER CONTAINER sudo docker stop home-assistant REMOVE THE CONTAINER sudo docker rm home-assistant DEPLOY THE NEW CONTAINER CONFIGURATION, WHICH REMOVES ANY DEVICE MAPPINGS TO YOUR Z-WAVE STICK/DEVICE sudo docker run --init -d --restart=always --name="home-assistant" -e "TZ=America/Chicago" -v /home/docker/home-assistant:/config --net=host homeassistant/raspberrypi4-homeassistant:stable INSTALL Z-WAVE JS SERVER Create a new directory for the zwave-js server configuration files sudo mkdir /home/docker/zwave-js/ Run the docker container (the first port listed is for the Z-Wave JS Web Interface, the second port is the Z-Wave JS WebSocket listener) sudo docker run -d --restart=always -p 8091:8091 -p 3000:3000 --device=/dev/ttyACM0 --name="zwave-js" -e "TZ=America/Chicago" -v /home/docker/zwave-js:/usr/src/app/store zwavejs/zwavejs2mqtt:latest CONFIGURE Z-WAVE JS SERVER Navigate to the JS Web Server http://serverIP:8091/settings On the settings page, enter the following configuration values (ensuring you substitute in the correct values obtained in theprevious steps)
* Serial Port: /DEV/TTYACM0 * Network Key: AABBCCDDEEFF00112233445566778899 * Take your existing network key you obtained earlier and remove the 0x and “s to only leave one long hex string. For example:* Before
* 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99* After
* AABBCCDDEEFF00112233445566778899 * Log Enabled: DISABLED (TOGGLED SHOULD BE GRAYED) * Commands Timeout: 30 SECONDS * Disable MQTT Gateway: CAN BE ENABLED IF YOU HAVE NO USE FOR MQTT Click the HOME ASSISTANT menu and set the following: * WS Server: ENABLED* Server Port: 3000
Click SAVE
VERIFY YOU SEE DEVICES Click on the CONTROL PANEL icon on the top left of the Z-Wave JS Web UI. Verify that you see the amount of devices you previously had. At this point, I would recommend waiting a few minutes / possibly hours to let the table populate with all the device information. INSTALL Z-WAVE JS INTEGRATION I would recommend a full refresh of the web page for Home Assistant and then navigate back to CONFIGURATION -> INTEGRATIONS Click the ADD INTEGRATION button and search for Z-WAVE JS Click Submit to accept the URL as-is (assuming you are running the container on the same server running the Home Assistant container; if not, you can specify the IP address of the server hosting the Z-Wave JS Server container as well). If all went well, you should see your Z-Wave devices and you can click FINISH (Note: I wouldn’t worry about specifying Areas since it’s likely you have no idea what device is what at this point) UPDATE YOUR Z-WAVE DEVICE NAMES IN HOME ASSISTANT The last step is to update your device names to match your existing device names. To do this, on the Configuration -> Integrations page, select the devices link on the Z-Wave JS integration tile Next, select one of the items in your list. In my case, I’m going to select the first 1000W Dimmer I have. On the device, you should see Node ID. This can be looked up on your list of devices you exported in the previous steps. Click the Device Name (in my case 1000W Dimmer) and specify the correct information for the device. Once done, click UPDATERINSE AND REPEAT
Go through each of the devices you have and update their corresponding names. If you click Advanced settings, you can specify the area forthe device as well.
CONGRATS!
If you’ve made it this far, you have successfully migrated to the latest Z-Wave integration for Home Assistant! * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Raspberry Pion March 9, 2021
by Jack .
HOW TO GENERATE BASE64 ENCODED SSL CERTIFICATES VIA POWERSHELL FORAZURE
Leave a reply
BACKGROUND
Many Azure services allow you to bring your own SSL Certificate to the cloud. While Azure provides an easy way to create and deploy resources through ARM templates, specification of what SSL certificate is a little less trivial since it’s not as easy to specify an exported PEM or PFX file. In this case, Azure may look for the certificate in a base64 encoded format, so the certificate can be passed as a string (or list of characters) into the template. GOAL OF THIS TUTORIAL This tutorial will walk through the commands needed to generate a self-signed certificate that is base64 encoded via PowerShell (Option 1) or base64 encode an existing PFX (Option 2), so that the certificate can be passed as a parameter into ARM templates in Azure. OPTION 1: GENERATE AND ENCODE A SELF-SIGNED CERTIFICATE GENERATE A SELF-SIGNED CERTIFICATE $selfSignedCert = New-SelfSignedCertificate -DnsName *.azurewebsites.net -NotAfter (Get-Date).AddYears(2) EXPORT THE SELF-SIGNED CERTIFICATE INTO PFX FORMAT FROM CERTIFICATEMANAGER
$pwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText Export-PfxCertificate -cert $selfSignedCert.PSPath -FilePath "selfSignedCertificate.pfx" -Password $pwd CONVERT THE CERTIFICATE TO BASE64 ENCODING $pfxBytes = Get-Content "selfSignedCertificate.pfx" -Encoding Byte ::ToBase64String($pfxBytes) | Out-File "selfSignedCertificate.txt" OPTION 2: ENCODE FROM A PRE-EXISTING PFX FILE CONVERT THE CERTIFICATE TO BASE64 ENCODING $pfxBytes = Get-Content "selfSignedCertificate.pfx" -Encoding Byte ::ToBase64String($pfxBytes) | Out-File "selfSignedCertificate.txt"RESULT
At this point, if you open selfSignedCertificate.txt, you should see a long list of characters compromised of letters, numbers, and a few symbols, which is your base64 version of your certificate. See example below (…s denote I removed a large portion of the text, you won’t see that in your file). MIIKcQIBAzCCCi0GCSqGSIb3DQEHAaCCCh4EggoaMIIKFjCCBg8GCSqGSIb3DQEHAaCCBgAEggX8MIIF+DCCBfQGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAij81GovXchnAICB9AEggTYvVQbLThNVlLYiivGlD0uSASG3g6OaY9xF+c0BfZ1ZCHGKKQ3705CDkIy4.......jx9lSOAForjR+e1nNaBFfMGy+ONccoS0lnWvFIgggZG8RCZx2jQGMnPQdm4hPdmL3j2pUPMDswHzAHBgUrDgMCGgQUJpp3pnPr5/NXgyhYzi+rGzVkCJMEFBsqGkHSsFZaBXQ/bvR5DnhzgaekAgIH0A== This text can be used-as within your templates now (although, in general, try to never code these values into your templates, these values should be passed as parameters into the template). * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Microsoft Azure, Powershell
on March 3, 2021
by Jack .
CHEAT SHEET ON AZURE SUBNETTING2 Replies
Here’s a quick cheat sheet on recommended subnet sizing for Azure. Items in BOLD are subnet names reserved by the platform for their corresponding service. GATEWAYSUBNET – /27 – https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub Point-to-Site (P2S) addressing (VPN or VWAN) – Requires a non-vnet address space – depends on how many P2S clients – https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about#gwsku AZUREBASTIONSUBNET – /27 – https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal#createhost Azure Virtual WAN Hub – /24 – https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal#hub AZUREFIREWALLSUBNET – /26 – https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet ROUTESERVERSUBNET – /27 – Quickstart: Create and configure Route Server using Azure PowerShell | Microsoft Docs Application Gateway – /24 per deployment – https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview#size-of-the-subnet > Note: Previously, this was a minimum of a /27, however per 1TR6-BCG > health advisory , starting > with API version 03-01-2021 (mid-late May 2021 ), Application > Gateway v2 (Standard_v2, WAF_v2 SKUs) can only be deployed in a > subnet with a minimum /24 subnet prefix. A /24 subnet prefix will > allow 256 IP addresses for the Application Gateway. We’re adding > this new requirement to ensure the subnet has sufficient IP > addresses for the gateway to undergo maintenance updates without > impacting the available capacity. If you’re planning to deploy > multiple Application Gateways in a subnet, your subnet will need at > least 256 IP addresses per Application Gateway.>
> For example, if you plan to deploy two Application Gateway v2s in a > subnet, your subnet will need a subnet prefix of /23, which has a > total of 512 IP addresses. You won’t be able to deploy a third > gateway in that subnet as each gateway then would have fewer than > 256 IP addresses. Azure AD Domain Services (AADDS) – min /28 – Network planning and connections for Azure AD Domain Services | Microsoft Docs Azure SQL Managed Instance (SQL MI) – min /27 – https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-determine-size-vnet-subnet App Services (Web Apps, Functions, API Apps) – min /27 – https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet App Service Environment – /24 – https://docs.microsoft.com/en-us/azure/app-service/environment/network-info Logic Apps integration service – /27 – https://docs.microsoft.com/en-us/azure/logic-apps/connect-virtual-network-vnet-isolated-environment#set-up-network-ports API Management – min /29 – https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet#–subnet-size-requirement Azure Kubernetes Service (AKS) – depends on node count – https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni#plan-ip-addressing-for-your-cluster Azure Container Instances (ACI) – /29 – https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet Azure Databricks – Requires 2 subnets (Public/Private) – min oftwo /26 –
https://docs.azuredatabricks.net/administration-guide/cloud-configurations/azure/vnet-inject.html#virtual-network-requirements Azure NetApp Files – /28 – https://docs.microsoft.com/en-us/azure/azure-netapp-files/azure-netapp-files-delegate-subnet Azure Dedicated HSM – /28 – https://docs.microsoft.com/en-us/azure/dedicated-hsm/networking#subnets Azure VMware Solutions – /22 – https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-network-checklist#routing-and-subnet-considerations * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Microsoft Azure, Networking
and tagged azure
, networking
on July 20, 2020
by Jack .
HOW TO UPDATE HOME ASSISTANT DOCKER CONTAINER3 Replies
Continuing from my previous guide on how to setup Home Assistant + Docker + Z-Wave + Raspberry Pi,
this tutorial will show you how to update Home Assistant to the latest version. Updating Home Assistant to the latest version is critical to ensure you have the latest bug fixes, integrations, and securitypatches.
> Note: during the update your devices will continue to work fine, but > please note any automations or access to the application will not be > available, so it’s recommended to do this during a time that you > know no automations will be running. VALIDATE YOUR CURRENT VERSION Navigate to the Developer Tools section of Home Assistant. Here you can validate the latest version you currently have deployed. GET THE CURRENT NAME OF YOUR CONTAINER AND VERSIONsudo docker ps
In running this command, note the NAME of your container as well asthe IMAGE.
STOP AND DELETE THE CONTAINER Replace the name of the container in the command below with the valueyou had.
sudo docker stop home-assistant sudo docker rm home-assistant PULL THE LATEST CONTAINER FROM DOCKER HUB Replace the value below with your IMAGE value you documented in theprevious steps.
sudo docker pull homeassistant/raspberrypi4-homeassistant:stable DEPLOY THE CONTAINER Make sure your replace the name and value of the image with the values in the previous step. In addition, ensure you specify the correct path to where you existing configuration files exist to have the container load your existing configurations. sudo docker run --init -d --restart=always --name="home-assistant" -e "TZ=America/Chicago" --device=/dev/ttyACM0 -v /home/docker/home-assistant:/config --net=host homeassistant/raspberrypi4-homeassistant:stable VALIDATE YOUR VERSION NUMBER After a few minutes, navigate back to the Developers Tools page. Upon load, you should now be on the latest version of Home Assistant.NOTES:
You can find the latest, stable, and development builds out on docker hub here: https://hub.docker.com/u/homeassistant For example, for raspberrypi4 builds, here you can validate the versions of all the different containers offered: https://hub.docker.com/r/homeassistant/raspberrypi4-homeassistant/tags * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Uncategorizedand tagged
container , docker
, home assistant
, raspberry pi
, update
on March 11, 2020
by Jack .
HOME ASSISTANT + DOCKER + Z-WAVE + RASPBERRY PI4 Replies
NOTICE: HOME ASSISTANT HAS RELEASED A NEW INTEGRATION CALLED Z-WAVE JS. YOU SHOULD BE USING THAT INTEGRATION VS THE OLDER Z-WAVE INTEGRATION THAT THIS ARTICLE COVERS. I WILL BE UPDATING THIS GUIDESOON.
A few years back I had a SmartThings Hub and for the most part it worked great. It was simple to setup, can be accessed anywhere, and for the most part automatically updated itself. Unfortunately, with the acquisition of it by Samsung, it seems to have turned into bloatware with poor responsiveness, the mobile application’s UI is horrific, and they have a less than desirable security/privacy policy. Luckily, the open source community has thrown together Home Assistant, an open source home automation project backed by hundreds/thousands of individuals. Over the years, they have now brought native support for mobile devices, at time of writing this there are 1500+ integrations for dang near any device, and the software puts you in control of who has access to and where your data is accessible. The one trade-off though is while Home Assistant works well and is very extensible, the documentation and usability of the application can be overwhelming to understand for someone new to home automation, unfamiliar with Linux/Open Source technologies, or new to debugging/command line interfaces. In this case, I’ve tried to document a crash course in getting Home Assistant up and running as quickly as possible for those that want to get started with Z-Wave devices and Home Assistant.HARDWARE
You can leverage pretty much any hardware with Home Assistant, but here are the two items I used in my venture. Home Assistant has a full list of recommendations for what hardware to use for Home Assistant (https://www.home-assistant.io/getting-started/#suggested-hardware) as well as what Z-Wave controllers are supported (https://www.home-assistant.io/docs/z-wave/controllers/). * RaspberryPi 4 Model B * Home Assistant will run on any version of Raspberry Pi, but it is recommended to use version 3 or 4 for best performance. In this guide, I use a Raspberry Pi 4 for reference. Below is a link to the Raspberry Pi kit, which contains everything you need to get started. * https://www.raspberrypi.org/products/raspberry-pi-4-desktop-kit/* Z-Wave USB Stick
* I used a Zooz Z-Wave Plus S2 USB Stick*
https://www.z-wave.com/shop-z-wave-smart-home-products/smart-accessories-smart-usb-zooz-zooz-z-wave-plus-s2-usb-stick UPDATE YOUR RASPBERRY PI First things first, update your Raspberry Pi with the latest updates. Open up Terminal or SSH to your Raspberry Pi and execute the followingcommand:
sudo apt-get update && sudo apt-get upgrade PREPARE YOUR Z-WAVE USB STICK Plug in your Z-Wave USB stick. Once plugged in, we need to find the device path so that we can reference it for Home Assistant. Execute the LSUSB command to find your device ID. In this case, you can see my device ID begins with 0658. root@raspberrypi:/dev# lsusb Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 0658:0200 Sigma Designs, Inc. Aeotec Z-Stick Gen5 (ZW090) - UZB Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Next, let’s find what the device path is for the USB stick. You can do this by executing the following command: DMESG | EGREP ‘0658|ACM’ Please note, if you purchased a difference device, 0658 may be a different number. In this case, you can see my device is presented on TTYACM0. root@raspberrypi:/dev# dmesg | egrep '0658|acm' usb 1-1.2: New USB device found, idVendor=0658, idProduct=0200, bcdDevice= 0.00 cdc_acm 1-1.2:1.0: ttyACM0: USB ACM device usbcore: registered new interface driver cdc_acm cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adaptersINSTALL DOCKER
Home Assistant doesn’t require Docker, but by leveraging Docker you can easily copy/backup your configuration and simply redeploy the container if something goes wrong. As updates are made, you can simply remove your container and redeploy. To install Docker, execute thefollowing command:
curl -sSL https://get.docker.com | sh DEPLOY HOME ASSISTANT DOCKER CONTAINER Once Docker is installed, you can deploy the container from Docker Hub. Docker Hub is a public repository that has tons of different prebuilt containers to deploy. Here you can find the official homeassistant containers: https://hub.docker.com/u/homeassistant To deploy the container, execute the following line, replacing the following variables with your desired configuration: * –name=”THE NAME OF YOUR CONTAINER“ * -e “TM=YOURTIMEZONE“ * TZ Database column here contains a list of acceptable values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones * –device=/DEV/TTYACM0 * This allows the container to leverage the Z-Wave USB device. Make sure you specify the path to your device found in the previous step * -v /HOME/DOCKER/HOME-ASSISTANT:/config * This is the path that the home assistant configuration files should be stored to. You can specify a fileshare or other path to place your configuration files. * –net=host homeassistant/RASPBERRYPI4-HOMEASSISTANT:STABLE * The first half of this is the container you wish to deploy and the second half is the version. You can find all of Home Assistant’s official containers here: https://hub.docker.com/u/homeassistant sudo docker run --init -d --restart=always --name="home-assistant" -e "TZ=America/Chicago" --device=/dev/ttyACM0 -v /home/docker/home-assistant:/config --net=host homeassistant/raspberrypi4-homeassistant:stable SETUP HOME ASSISTANT Give the container a few minutes to deploy and configure itself for the first time. After a few minutes, try opening your web browser and navigating to the IP address assigned to your machine, using port number 8123: http://192.168.1.2:8123/ When the page loads, it should first ask for your Name, Username, and Password. This is the username and password you will use to login toHome Assistant.
Next, specify the location of where your Home Assistant deployment is located. Oddly enough, you cannot type in a location, but you can place the pin near your location by dragging the map around and clicking once to set the pin. Once you click Next, Home Assistant may have already found a few devices connected to your network. You can add them now or skip andadd them later.
TELL HOME ASSISTANT TO USE YOUR Z-WAVE USB STICK Although we granted access to the container to use the Z-Wave USB Stick, you need to tell Home Assistant how to leverage the device. To do so, you will need to open up Terminal or SSH to your machine and edit the configuration.yaml file to point to the device. Before we get into modifying the configuration.yaml file, first execute the following command to generate a Z-Wave Security Key. This key may be required by Z-Wave security devices (Door Locks, Keypads, etc), as an extra layer of security. More information on this can be found here: https://www.home-assistant.io/docs/z-wave/adding#network-key Execute the following command via Terminal or SSH: cat /dev/urandom | tr -dc '0-9A-F' | fold -w 32 | head -n 1 | sed -e 's/\(..\)/0x\1, /g' -e 's/, $//' Once you execute the command, it should give you a string of characters that look something like: > “0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, > 0x0C, 0x0D, 0x0E, 0x0F, 0x10” Next, we need to edit the configuration.yaml file, which can be found in the path specified when the Docker container was deployed (using the -v parameter). For the purpose of this article, /home/docker/home-assistant/configuration.yaml is where the file is located. Using your favorite text editor, add the following lines ofcode:
zwave:
usb_path: /dev/ttyACM0 network_key: "0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10" configuration.yaml file with Z-Wave configuration Once saved, go back to Home Assistant and click the GEAR icon and then select SERVER CONTROLS Select the RESTART button to restart Home Assistant. Any time you make a change to the configuration.yaml file, you will need to restart Home Assistant to pickup the configuration changes.Click OK to Restart
Upon restart, navigate back to the Gear icon and you should see a new entry in the Config portal for Z-Wave. If you do not see the “Z-Wave” section, scroll down to the troubleshooting step at the end of this article.ADD A Z-WAVE DEVICE
Once you see that your Z-Wave network has started, adding a device is a piece of cake. First click the ADD NODE button. When you click the button, nothing will happen, but go ahead and put your device in inclusion mode. Once the device is in inclusion mode, Home Assistant should automatically add the device. At this point, if you navigate back to CONFIGURATION (Gear icon) andselect DEVICES
You should see your newly added Z-Wave device! At this point, you can select the Device to give it a friendly name or start to work on building your own home automation actions. Hope this helped! If you have any comments or suggestions on how to improve this guide, please drop it below. TROUBLESHOOTING MISSING Z-WAVE CONFIGURATION The first time I ran through this, I noticed I was missing the Z-Wave configuration tile after making changes to the configuration.yaml file. It turned out I specified the wrong device path in the configuration file. To verify, you can check the logs from your Docker container by executing the following command in your Terminal or via SSH. (Replace home-assistant with the name of your container if you specified something else) sudo docker logs home-assistant In my case, I had the following error: 2020-02-16 21:08:01 INFO (MainThread) Setting up scene.homeassistant 2020-02-16 21:08:02 INFO (MainThread) Z-Wave USB path is /dev/ttyACM01 2020-02-16 21:08:02 ERROR (MainThread) Error setting up entry Z-Wave (import from configuration.yaml) for zwave Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/openzwave/option.py", line 78, in __init__ raise ZWaveException(u"Can't find device %s : %s" % (device, traceback.format_exception(*sys.exc_info()))) openzwave.object.ZWaveException: "Zwave Generic Exception : Can't find device /dev/ttyACM01 : " During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/config_entries.py", line 215, in async_setuphass, self
File "/usr/src/homeassistant/homeassistant/components/zwave/__init__.py", line 369, in async_setup_entry config_path=config.get(CONF_CONFIG_PATH), File "/usr/local/lib/python3.7/site-packages/openzwave/option.py", line 81, in __init__ raise ZWaveException(u"Error when retrieving device %s : %s" % (device, traceback.format_exception(*sys.exc_info()))) openzwave.object.ZWaveException: 'Zwave Generic Exception : Error when retrieving device /dev/ttyACM01 : ' Here you can see I accidentally specified /dev/ttyACM01 vs /dev/ttyACM0. Simply updating the configuration.yaml file with the correct device path solved the issue. * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Linux, Raspberry Pi
and tagged home
assistant , raspberrypi , Tutorial
, z-wave
on February 24, 2020by Jack .
HOW TO CREATE A BOOTABLE USB DRIVE TO FLASH A LENOVODEVICE’S BIOS
6 Replies
This tutorial will review how to create a bootable USB drive to flash the fimrware/bios on your Lenovo device. Before we begin, Lenovo offers three different downloads for Firmwaretoday:
* Windows installer/flash utility (.exe) * CD ISO version (.iso) to burn to a disk * USB Flash Package (.zip) While the USB Flash Package (.zip) is exactly what we are looking for, by default if you just drag the files onto your USB drive, it won’t boot to the flash utility. In this case, the instructions below will show you have to make the drive bootable and then launch the USB FlashPackage.
MAKE A BOOTABLE DRIVE First, you will want to download a copy of the Rufus utility. This utility is an open source utility for Windows only, but will allow you to make a bootable USB drive. You can obtain a copy of the utility here . Rufus’ website can officially be found here: https://rufus.ie/ Once installed, open the application. SELECT YOUR USB DEVICE you wish to flash (note this will erase all data on your device) and set the BOOT SELECTION to FREEDOS. Once your Device and Boot selection has been set, go ahead and click START to flash the device. You will be prompted to confirm you are OK with erasing the device. Go ahead and click OK if you are sure you have selected the correct device in the prior step. Once completed, you should see a green bar that says READY. This is kinda misleading, wish it would say completed, but your device should be flashed at this point. DOWNLOAD THE RIGHT FIRMWARE FROM LENOVO As mentioned earlier, Lenovo offers 3 different types of downloads on their website. You will want a copy of the zipped installer as shown in the screenshot below. Once downloaded, navigate to where you downloaded the zipped file, right click, and select EXTRACT ALL… If you don’t see Extract All… then try downloading a copy of 7-Zip, which is a fantastic free archiver solution that can open all types of compressed files (zip,7zip, tar.gz, etc)
In this picture, we show right clicking the zipped folder and clicking Extract All… on the file. In this picture, we are selecting the folder to where the extracted files should go. COPY THE EXTRACTED FILES TO YOUR BOOTABLE USB DRIVE Once you have extracted the files from the zipped folder from Lenovo, you will want to copy and paste the files from the extracted directory to the bootable USB drive. To show visually, I opened two file explorer windows, one in the directory of the extracted firmware and the other on the bootable USB drive. I simply dragged and dropped the files from the firmware directory to the bootable USB drive. When you try to copy the files from the firmware directory to the bootable USB drive, you will be prompted to replace AUTOEXEC.BAT. Make sure to REPLACE THE FILE IN THE DESTINATION as this will execute the command to launch the flash2 utility, which actually writes the firmware to the device. PLUG IN THE DRIVE AND SET THE DEVICE TO BOOT TO IT At this point, you should have a bootable USB device that you can now plugin to your Lenovo device. You can unplug it from your client machine and plug it in to your Lenovo device. Make sure you set your Lenovo device to boot from the USB drive (this can usually be set by pressing the F1 or F2 keys during the post screen).WHAT TO EXPECT
Upon boot, you should be greeted by the Lenovo flash utility, which will ask if you want to update your device. Please note, that in my experience, once I select yes the device needed to reboot several times and may boot into the BIOS. The utility will tell you when everything is completed, so make sure you don’t power down your device or unplug your USB drive after the first or second reboot, make sure you wait things out. As with updating any firmware, make sure you don’t do this in a storm or on a device with low battery as you ensuring little chance of disruption as possible is absolutelycritical.
SUMMARY
At this point, you should have a bootable USB drive created by Rufus and FreeDOS that can be paired with Lenovo’s firmware to go around and flash your devices. Hope this helps! * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Uncategorizedand tagged bios
, bootable usb
, Firmware
, flash
, lenovo
on February 2, 2020
by Jack .
SETTING UP AN EMAIL SERVER ON A RASPBERRYPI (POSTFIX+DOVECOT+MARIADB+ROUNDCUBE)18 Replies
There’s a few things in this journey that you should be aware of when running your own mailserver before we begin. * Invest in a static public IP * Don’t open mail relay * Leverage proper DNS records to help mitigate your email from beingmarked spam
* Leverage something to scrub your email * Don’t open mail relay * Don’t open mail relay * Verify your domain or IP address hasn’t been placed on ablacklist from
a previous owner
In my career in doing IT, handling email is one of the most tidiest tasks to setup/maintain due to so many moving pieces; many of which may be out of your control. Dealing with spam, blacklisting, having emails non-deliverable for several reasons, handling dns records, certificates, etc…. it’s sometimes worth paying a few extra bucks to have someone else host your email and have peace of mind the message will be delivered. That being said, if you have the extra time on your hands and like the challenge of solving problems, here’s a quick way to get started.PREAMBLE
This guide took me several hours to compile through trial and error. If you have any thoughts, notice any errors/typos, or have ideas on how to further secure/optimize, please leave feedback below to further improve this guide. Thank you and good luck on the deployment of yourmail server!
ASSUMPTIONS
* You have previously followed my guide on building a LEMP stack * You are running Ubuntu or Debian as per the above guide (you can still follow this guide, you may have to slightly change which commands you use for your distribution — configuration should remainthe same though)
DNS
Let’s first start at getting your DNS records configured properly. This guide will talk about configuring MX, SPF, and PTR records. We won’t be covering Domain Keys in this article, maybe in a separate article if someone donates to my paypal on the right side of thewebsite
MX RECORD
Via your nameservers, add a new mx record for your domain name. Here’s a list of tutorials for some of the major domain registrars:* GoDaddy
* Name.com
* NameCheap
* Domain.com
SPF RECORD
Contrary to many websites that say you need to create a “SPF” record type, the SPF record type was never ratified by RFC standards. In this case, the proper way to create a SPF record is via a TXT record with the SPF value (as per RFC 7208).
You can leverage my SPF generator to create a new TXT record in the root of your domain.PTR RECORD
To help decrease the odds of your emails being labeled as spam, I’d recommend creating a PTR record that will resolve your IP address to a DNS name (we call this a reverse lookup). For example, if my mail server’s domain name was mail.mydomain.com and it resolved to 123.123.123.123, I would create a PTR record for 123.123.123.123 that points to mail.mydomain.com. In many cases, you will need to either work with your ISP (Internet Service Provider) or domain registrar if you own your own IP block to make changes to the record for your IP address block. When you are ready, you can leverage the NSLOOKUP command on Windows to validate the name from the IP address. nslookup 123.123.123.123 Or on linux you can leverage the HOST command to verify the reverselookup as well:
host 123.123.123.123GET THE OS READY
Download the latest packages and actually perform any updates. sudo sh -c 'apt update && apt upgrade' PREPARE MARIADB FOR VIRTUAL USERS/ALIASES One of the primary reasons we need to configure a database is it is what will contain the information about all of our users and their corresponding email addresses (aliases). To do so, we need to create 3 new tables inside of a new database. Login to the database sudo mariadb -u root -p CREATE THE DATABASE, DATABASE USER, AND TABLES Create a new database for our users (in this case, I’m calling the database mailserver). Note: This command must be run in the context of mariadb, this is not a bash command. create database mailserver; Create a new user called mailuser, grant them access to the entire database, require the user to only create connections from 127.0.0.1 (localhost), and specify a password for the user. GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'mysupersecretpassword'; Execute the following command to apply the changesFLUSH PRIVILEGES;
Create a table for each of the domain names we will leverage for ouremail addresses.
CREATE TABLE `mailserver`.`virtual_domains` ( `id` int(11) NOT NULL auto_increment, `name` varchar(50) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Create a table that will hold each of the users that will needmailboxes.
CREATE TABLE `mailserver`.`virtual_users` ( `id` int(11) NOT NULL auto_increment, `domain_id` int(11) NOT NULL, `password` varchar(106) NOT NULL, `email` varchar(100) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `email` (`email`), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Create a table that will hold aliases (additional email addresses) fora particular user.
CREATE TABLE `mailserver`.`virtual_aliases` ( `id` int(11) NOT NULL auto_increment, `domain_id` int(11) NOT NULL, `source` varchar(100) NOT NULL, `destination` varchar(100) NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; INSERT A NEW USER INTO THE DATABASE First, we need to add our first domain name into the domains table INSERT INTO `mailserver`.`virtual_domains`(`name`)
VALUES
('mydomain.com');
Second, we need to create the user. Replace mysupersecretpassword withyour password.
INSERT INTO `mailserver`.`virtual_users` (`domain_id`, `password` , `email`)VALUES
('1', ENCRYPT('mysupersecretpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'myuser@mydomain.com'); Third, we can optionally specify an alias (secondary email address)for the user.
INSERT INTO `mailserver`.`virtual_aliases` (`domain_id`, `source`, `destination`)VALUES
('1', 'firstname.lastname@mydomain.com', 'myuser@mydomain.com'); Type EXIT once you are done to leave the context of MariaDB. INSTALL PACKAGES FOR POSTFIX AND DOVECOT Postfix is what we call a Mail Transport Agent (MTA) and is responsible for actually sending/receive the messages from the internet. Later, we will talk about Dovecot which will be our MDA (Mail Delivery Agent) (what actually interacts with the mailbox). The following command will install postfix, dovecot, and pull the packages to interact with MySQL. Although these are labeled MySQL, they should interact fine with MariaDB. sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql During the installation of Postfix, you will be prompted to configure the connection type to the mail server. In this case, select INTERNET SITE for the mail configuration. On the second installation prompt, it will ask for the domain name used in receiving email. In this prompt, specify one of the domain names you will be using for your users. For example, if your email addresses are going to be firstname.lastname@mydomain.com you would specify MYDOMAIN.COM for this prompt. Don’t worry if you have multiple email addresses, we will cover that later on. CONFIGURE POSTFIX TO LEVERAGE MARIADB First, let’s create a backup of the Postfix configuration, so we have a baseline to refer back to. sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bak Copy the following configuration and replace the domain name example.com with yours. Credit to linodefor
sharing their configuration as it not only defines integration into a database, but also hardens the Postfix deployment. # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_namebiff = no
# appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/mydomain.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/mydomain.com/privkey.pemsmtpd_use_tls=yes
smtpd_tls_auth_only = yes smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous# Authentication
smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client.# Restrictions
smtpd_helo_restrictions =permit_mynetworks,
permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname smtpd_recipient_restrictions =permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination smtpd_sender_restrictions =permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_relay_restrictions =permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydomain = mydomain.com myorigin = $mydomain mydestination = localhostrelayhost =
mynetworks = 127.0.0.0/8 /104 /128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all # Handing off local delivery to Dovecot's LMTP, and telling it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp # Virtual domains, users, and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-users.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-mailbox-aliases.cf, mysql:/etc/postfix/mysql-virtual-mailbox-users.cf # Even more Restrictions and MTA params disable_vrfy_command = yes strict_rfc821_envelopes = yes #smtpd_etrn_restrictions = reject #smtpd_reject_unlisted_sender = yes #smtpd_reject_unlisted_recipient = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtp_always_send_ehlo = yes #smtpd_hard_error_limit = 1 smtpd_timeout = 30s smtp_helo_timeout = 15s smtp_rcpt_timeout = 15s smtpd_recipient_limit = 40 minimal_backoff_time = 180s maximal_backoff_time = 3h # Reply Rejection Codes invalid_hostname_reject_code = 550 non_fqdn_reject_code = 550 unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 Next, we need to create the mappings of domain names, users, and aliases. In the same directory as the main.cf (/etc/postfix) we need to first create a file that will tell postfix how to lookup what domain names exist. You can open the documents with your favorite text editor; I use vi since it’s universally installed. sudo vi /etc/postfix/mysql-virtual-mailbox-domains.cf Press I to get vi into insert mode and paste the following, replacing the password with the mailuser we specified earlier in this tutorial.user = mailuser
password = mysupersecretpasswordhosts = 127.0.0.1
dbname = mailserver query = SELECT 1 FROM virtual_domains WHERE name='%s' Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Next, we will create another file that is used to lookup each user’smailbox.
sudo vi /etc/postfix/mysql-virtual-mailbox-users.cf Press I to get vi into insert mode and paste the following, replacing the password with the mailuser we specified earlier in this tutorial.user = mailuser
password = mysupersecretpasswordhosts = 127.0.0.1
dbname = mailserver query = SELECT email FROM virtual_users WHERE email='%s' Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Last, we will create another file that is used to map an alias to auser’s mailbox.
sudo vi /etc/postfix/mysql-virtual-mailbox-aliases.cf Press I to get vi into insert mode and paste the following, replacing the password with the mailuser we specified earlier in this tutorial.user = mailuser
password = mysupersecretpasswordhosts = 127.0.0.1
dbname = mailserver query = SELECT destination FROM virtual_aliases WHERE source='%s' Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Restart the Postfix service for the changes to take effect sudo service postfix restart Next, to enable port 587 and 465 to connect securely with email clients, we need to modify /etc/postfix/master.cf. First, let’s create a backup of the master.cf file. sudo cp /etc/postfix/master.cf /etc/postfix/master.cf.bak Next, we need to modify the master.cf file. Modify the document (mostly uncomment many of the lines) to look similar to the codebelow.
sudo vi /etc/postfix/master.cf submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Restart the Postfix service for the changes to take effect sudo service postfix restartCONFIGURE DOVECOT
Now that we have our MTA configured, we now need to configure our MDA. You can think of Postfix as a shipping center and Dovecot as the courier, who interfaces directly with your mailbox. Roundcube will be our MUA (mail user agent) that interfaces with Dovecot to display your mail. The goal for this section is to ensure Dovecot requires SSL. First, we’ll create backups of each of the Dovecot configurationfiles
sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig sudo cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig sudo cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig sudo cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig sudo cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig sudo cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig Execute the following command to enable support for imap and lmtp (pop3 can be added, but ensure you install the dovecot-pop3d package). sudo sed -i '/^\!include_try \/usr\/share\/dovecot\/protocols.d\/\*.protocol/a protocols=imap lmtp' /etc/dovecot/dovecot.conf Next, we need to edit /ETC/DOVECOT/CONF.D/10-MAIL.CONF to define where mailboxes are stored. Execute the following commands: sudo sed -i 's/mail_location = mbox.*/mail_location = maildir:\/var\/mail\/vhosts\/%d\/%n\//g' /etc/dovecot/conf.d/10-mail.conf sudo sed -i 's/^#mail_privileged_group = mail/mail_privileged_group = mail/g' /etc/dovecot/conf.d/10-mail.conf Next, we need to make directories for each of your domain names. Execute the following command for each of your domain names. sudo mkdir -p /var/mail/vhosts/example.com Now we need to create a user and group called vmail, assigned with an id of 5000, and set the directory with the owner of vmail sudo groupadd -g 5000 vmail sudo useradd -g vmail -u 5000 vmail -d /var/mail sudo chown -R vmail:vmail /var/mail Next we need to edit the user authentication file (/ETC/DOVECOT/CONF.D/10-AUTH.CONF) to tell Dovecat to leverage MariaDB for our users. Execute the following commands: sudo sed -i 's/^#disable_plaintext_auth = yes/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf sudo sed -i 's/^#auth_mechanisms = plain login/auth_mechanisms = plain login/g' /etc/dovecot/conf.d/10-auth.conf sudo sed -i 's/^!include auth-system.conf.ext/#!include auth-system.conf.ext/g' /etc/dovecot/conf.d/10-auth.conf sudo sed -i 's/^#!include auth-sql.conf.ext/!include auth-sql.conf.ext/g' /etc/dovecot/conf.d/10-auth.conf Once we have the authentication file configured, we need to update the sql driver (/ETC/DOVECOT/CONF.D/AUTH-SQL.CONF.EXT) to point to our mailboxes. You will need to uncomment the passdb section and uncomment the userdb driver that is static. sudo vi /etc/dovecot/conf.d/auth-sql.conf.ext Press I to get vi into insert mode and paste the followingconfiguration
# Authentication for SQL users. Included from 10-auth.conf.#
#passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext args = /etc/dovecot/dovecot-sql.conf.ext}
# "prefetch" user database means that the passdb already provided the # needed information and there's no need to do a separate userdb lookup. ##userdb {
# driver = prefetch#}
#userdb {
# driver = sql
# args = /etc/dovecot/dovecot-sql.conf.ext#}
# If you don't have any user-specific settings, you can avoid the user_query # by using userdb static instead of userdb sql, for example: #userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n}
Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. The final Dovecot file we need to modify will set our database settings (/ETC/DOVECOT/DOVECOT-SQL.CONF.EXT). Execute the following commands to uncomment the correct settings. Note: be sure to replace the password with the database password we configured earlier. sudo sed -i 's/^#driver = /driver = mysql/g' /etc/dovecot/dovecot-sql.conf.ext sudo sed -i 's/^#connect =/connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mysupersecretpassword/g' /etc/dovecot/dovecot-sql.conf.ext sudo sed -i 's/^#default_pass_scheme = MD5/default_pass_scheme = SHA512-CRYPT/g' /etc/dovecot/dovecot-sql.conf.ext sudo sed -i '/^#password_query = \\/i password_query = SELECT email as user, password FROM virtual_users WHERE email=\x27%u\x27;' /etc/dovecot/dovecot-sql.conf.ext After making the changes to the dovecot-sql.conf.ext file, next we need to change the owner and the group of the dovecot folder to thevmail user:
sudo chown -R vmail:dovecot /etc/dovecot sudo chmod -R o-rwx /etc/dovecot Next, we need to disable the unencrypted versions of IMAP and SMTP. sudo vi /etc/dovecot/conf.d/10-master.conf We need to edit the /ETC/DOVECOT/CONF.D/10-MASTER.CONF file and set ports to 0 to disable non-encrypted imap/pop3. Find SERVICE IMAP-LOGIN { and make it look like the following. service imap-login { inet_listener imap {port = 0
}
inet_listener imaps {port = 993
ssl = yes
}
# Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster.}
service pop3-login { inet_listener pop3 {port = 0
}
inet_listener pop3s {port = 995
ssl = yes
}
}
In the same file, find SERVICE LMTP { and replace the whole block down to the third } with the following:service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet#address =
#port =
#}
}
In the same file, find SERVICE AUTH { and replace the whole block down to the third } with the following:service auth {
# auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups.#
# The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure.#
# To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb {mode = 0600
user = vmail
#group =
}
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth {mode = 0600
user = postfix
group = postfix
}
# Auth process is run as this user.user = dovecot
}
In the same file, find SERVICE AUTH-WORKER { and replace the whole block down to the } with the following: service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user.user = vmail
}
Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Last, we need to tell dovecot where our SSL certificate is for encryption. We will modify the /ETC/DOVECOT/CONF.D/10-SSL.CONF file. Make sure to update the directory with the correct path for yourcertificates.
Execute the following commands, replacing sudo sed -i 's/^ssl = yes/ssl = required/g' /etc/dovecot/conf.d/10-ssl.conf sudo sed -i 's/^ssl_cert = .*/ssl_cert = <\/etc\/letsencrypt\/live\/mydomain.com\/fullchain.pem/g' /etc/dovecot/conf.d/10-ssl.conf sudo sed -i 's/^ssl_key = .*/ssl_key = <\/etc\/letsencrypt\/live\/mydomain.com\/privkey.pem/g' /etc/dovecot/conf.d/10-ssl.conf Last, restart devocot to enable all of our changes. sudo service dovecot restartCONFIGURE ROUNDCUBE
INSTALL DEPENDENCIES FOR ROUNDCUBE Roundcube requires several PHP PEAR modules. To install the bare minimum featureset, execute the following command: sudo apt-get install php7.3-mbstring php-pear php-net-idna2 php-net-smtp php-mail-mime CREATE A DATABASE FOR ROUNDCUBE First, we need to create a new database and user for Roundcube. We can do this by logging into MariaDB and executing the create and grantcommands.
sudo mariadb -u myusername -p CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost IDENTIFIED BY 'myreallyreallysecretpassword';FLUSH PRIVILEGES;
exit
REQUEST SSL CERTIFICATES FOR ROUNDCUBE We will want to ensure all traffic to and from the client is encrypted in transit when trying to access Roundcube. To do this, I leverage Let’s Encrypt, which will allow you to request a free SSL certificate. If you have your own SSL certificate, go ahead and copy it to a location on the server so we can reference it later. sudo apt-get install certbot sudo certbot certonly --authenticator standalone -d webmail.mydomain.com --pre-hook "service nginx stop" --post-hook "service nginx start" CREATE A DIRECTORY FOR ROUNDCUBE We will need to create a directory that will hold Roundcube’s files to serve to the web. Let’s create a new directory to serve these files and limit permissions to www-data. sudo mkdir /var/www/webmail.mydomain.com sudo chown -R www-data:www-data /var/www/webmail.mydomain.com COPY ROUNDCUBE FILES TO THE WEB DIRECTORY We will need to grab the latest copy of Roundcube’s code to run the website. Note: please ensure you substitute the correct version for Roundcube when executing the commands below as the version listed in the guide will likely be out of date as time goes on:cd /tmp
wget https://github.com/roundcube/roundcubemail/releases/download/1.4.1/roundcubemail-1.4.1.tar.gz tar -xf roundcubemail-1.4.1.tar.gz mv roundcubemail-1.4.1 /var/www/webmail.mydomain.com POPULATE THE SQL DATABASE You will need to execute the following SQL command to populate your Roundcube database with the tables needed to run Roundcube. To do so, execute the following commands. sudo mariadb roundcubemail < /var/www/webmail.mydomain.com/SQL/mysql.initial.sql INSTALL ROUNDCUBE DEPENDENCIES Roundcube doesn’t ship with several javascript dependencies. To ensure the Roundcube pages load properly, you will need to execute the following command to pull down the javascript dependencies. sudo php /var/www/webmail.mydomain.com/bin/install-jsdeps.shCONFIGURE NGINX
Let’s configure NGINX to point to our web directory for the website. When doing so, it is very important you protect your installation by preventing access to some sensitive files from the web. First, create a virtual-host file within the nginx sites-availablefolder:
sudo vi /etc/nginx/sites-available/webmail.mydomain.com Press I to get vi into insert mode and paste the following. Note: Please replace the values with the path to your SSL Certificate wegenerated earlier.
##
# You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure#
# In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team.#
# This file will automatically load configuration files provided by other # applications, such as Drupal or WordPress. These applications will be made # available underneath a path with that package name, such as /drupal8.#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.##
# Default server configuration#
server {
listen 443 ssl;
listen :443 ssl;
server_name webmail.mydomain.com; ssl_certificate /etc/letsencrypt/live/webmail.mydomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/webmail.mydomain.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; ssl_prefer_server_ciphers on;ssl_stapling on;
ssl_stapling_verify on; ssl_trusted_certificate /etc/letsencrypt/live/webmail.mydomain.com/chain.pem; # SSL configuration#
# listen 443 ssl default_server; # listen :443 ssl default_server;#
# Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332#
# Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782#
# Self signed certs generated by the ssl-cert package # Don't use them in a production server!#
# include snippets/snakeoil.conf; root /var/www/webmail.mydomain.com; # Add index.php to the list if you are using PHP index index.php index.html index.htm; # Revoke access to sensitive files and directories location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {deny all;
}
location ~ ^/(config|temp|bin|SQL|logs)/ {deny all;
}
# pass PHP scripts to FastCGI server#
location ~ \.php$ { include snippets/fastcgi-php.conf;#
# # With php-fpm (or other unix sockets): fastcgi_pass unix:/run/php/php7.3-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000;}
# deny access to .htaccess files, if Apache's document root # concurs with nginx's one#
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
Press : and then type WQ and press enter to Write the changes to the file and Quit in vi. Last, we need to create a link of the virtual host file to /etc/nginx/sites-enabled. You will need to execute the following commands to create the link as well as restart nginx to apply thechanges.
sudo ln -s /etc/nginx/sites-available/webmail.mydomain.com /etc/nginx/sites-enabled/webmail.mydomain.com sudo service nginx restart RUN THE ROUNDCUBE INSTALLER At this point, if you navigate to https://webmail.mydomain.com/installer, you should see the Roundcube Webmail Installer page. You should see a series of items show OK, NOT AVAILABLE, or NOT OK. You will need to remediate any items that show NOT OK for Roundcube to successfully run. In this installer, I primarily focused on Step 1 (Checking the environment) and Step 2 (Checking the database). Once both show OK (don’t worry about if email is successful or fails (likely it is failing still), move the installer directory to your home drive to secure the environment (IT IS VERY DANGEROUS TO LEAVE THIS PAGE!!! DON’T SKIP THIS STEP). sudo mv /var/www/webmail.mydomain.com/installer ~ UPDATE ROUNDCUBE CONFIGURATION I couldn’t get Roundcube to actually work during the installation with this setup until I manually specified a few items via the Roundcube configuration file. Within the /VAR/WWW/WEBMAIL.MYDOMAIN.COM/CONFIG/CONFIG.INC.PHP file, ensure you have the following code snippets to allow Roundcube to properly authenticate to your mailserver. sudo vi /var/www/webmail.mydomain.com/config/config.inc.php Ensure you have the following code snippets (typically there is a section under // IMAP that has the config we can start with). To do so, press I to get vi into insert mode and paste the following.$config = 993;
$config = 'imaps://localhost';$config = '%d';
$config = array(
'ssl' => array( 'verify_peer' => true, 'verify_peer_name' => false,),
);
// SMTP
$config = 'ssl://localhost';$config = 465;
$config = 'LOGIN'; // Required if you're running PHP 5.6 or later$config = array(
'ssl' => array(
'verify_peer' => true, 'verify_peer_name' => false,),
);
Press : and then type WQ and press enter to Write the changes to the file and Quit in vi.VERIFY
At this point, you should be able to login to https://webmail.mydomain.com and send/receive email! As with all technology, ensure you keep up-to-date with all the latest security patches to keep your environment stable and secure. If you made it to this point, were able to successfully send/receive mail via Roundcube, pat yourself on the back and grab a fine beverage!TROUBLESHOOTING
Here are some useful commands to help troubleshoot your deployment. SUDO POSTQUEUE -P can be used to check if any pending emails arequeued.
SUDO POSTMAP -Q MYDOMAIN.COM MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-MAILBOX-DOMAINS.CF can be used to validate what domain names are accepted. You should receive the valueof 1 if it exists.
SUDO POSTMAP -Q EMAIL1@MYDOMAIN.COM MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-MAILBOX-USERS.CF will validate if a user account exists with the specified email address. You should receive the value of the email address of the user if it exists. SUDO POSTMAP -Q ALIAS@MYDOMAIN.COM MYSQL:/ETC/POSTFIX/MYSQL-VIRTUAL-MAILBOX-ALIASES.CF can be used to validate the alias of an email address. You should receive the email address of the user account if it does map back to another user. TAIL -F /VAR/LOG/MAIL.LOG can be useful watching how emails are handled by postfix/dovecot to troubleshoot how messages are beinghandled
ROUNDCUBE INSTALLATION INSTRUCTIONS (documentation): https://github.com/roundcube/roundcubemail/wiki/Installation * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Linuxand tagged dovecot
, mailserver
, MariaDB
, postifx
, raspberrypi
, roundcube
, Tutorial
on January 9, 2020
by Jack .
USING AZURE HYBRID CONNECTION MANAGER TO REACH RESOURCES ON-PREMISES WITHOUT VPN CONNECTIONSLeave a reply
One of the hidden gems of Azure is HCM (Hybrid Connection Manager), which addresses the issue of Azure’s App Services (Web App, API App, Functions) having the ability to connect to resources hosted in other Azure environments, clouds, or on-premises. In many cases, VPN or ExpressRoute connectivity may be overkill or not a possibility in establishing connectivity to the requested service. The great thing is Hybrid Connections is all the traffic will be egress TCP 443 traffic to Azure via TLS 1.2, which can easily attest to the needs of many secured environments and not require ports to be opened inbound intothe environment.
There are two ways to leverage Hybrid Connections for App Services inAzure:
* Via WCF Hybrid Relays * Via Hybrid Connections For the purposes of this article, we are going to cover how to connect to a web service “on-premises” via the HCM Agent. While we are using a Web App as an example, keep in mind that this concept can be applied to all App Services such as Web Apps, API Apps, Logic Apps, and Azure Functions. In addition, this article will make a call to a web service on-premises, however keep in mind that HCM is able to connect to any TCP service such as MSSQL, MySQL, Oracle, Web Services, custom TCP service, mainframes, etc.TUTORIAL
To begin, we will first deploy a Web App from the Azure Portal to give us access to the Hybrid Connection Manager blade. NOTE: You can leverage any App Service to create the hybrid connection manager instance, but you must be on a paid tier (Free tier will not work). * Login to the Azure Portal (portal.azure.com)
* Select ALL SERVICES -> APP SERVICES -> click + ADD * Fill out the required information, ensuring you are on a plan greater than Free. Select REVIEW + CREATE and CREATE Once deployed, navigate to your Web App, select NETWORKING, and click on CONFIGURE YOUR HYBRID CONNECTION ENDPOINTS On the Hybrid connections screen, click on DOWNLOAD CONNECTIONMANAGER.
> NOTE: This is the agent you will need to install in the environment > that contains the service you are trying to access. The agent itself > can be deployed on any machine as long as the machine can access the > service you are trying to reach. Installation of the agent is very straightforward. Complete the stepsbelow.
*
* Select HYBRIDCONNECTIONMANAGER.MSI * Read the EULA, select I ACCEPT THE TERMS IN THE LICENSE AGREEMENT,and click Install
* Click Finish
Once installed, navigate back to the Azure Portal (portal.azure.com ), click ALL SERVICES -> APP SERVICES -> Select your webapp, click NETWORKING, select CONFIGURE YOUR HYBRID CONNECTION ENDPOINTS, and click ADD HYBRID CONNECTION. Click CREATE NEW HYBRID CONNECTION and enter the following: * Hybrid connection Name* MYSERVICE
* Endpoint Host
* IPADDRESS or DNSNAMEOFTHESERVICE* Endpoint Port
* PORTNUMBEROFYOURSERVICE * Servicebus namepsace* CREATE NEW
* Location
* Pick the location of the Azure region you want to go to* Name
* Enter a unique name for the service bus resource that will be created. This is a globally unique name accross all of Azure and must only consist of lowercase letters, numbers, and hyphens. Click OK once you have filled out the information above. Once Azure has created the connection, navigate back to the machine you installed the agent on. On the machine, click START, HYBRIDCONNECTIONMANAGER, and select HYBRID CONNECTION MANAGER UI. Once the agent has launched, select ADD A NEW HYBRID CONNECTION. This will prompt you to enter your Azure credentials. Enter your credentials in the prompt. > NOTE: if the machine is locked down and cannot leverage javascript, > you can close out of the sign-in window and select Enter Manually on > the previous step. Back in the Azure Portal, you can select your > connection and copy the “Gateway Connection String” to connect > this agent to Azure. Once you have authenticated click the Subscription dropdown to SELECT YOUR AZURE SUBSCRIPTION, SELECT THE CONNECTION YOU CREATED via the portal, and click SAVE. Once Saved, you should see the connection we created via the Azure Portal with the Azure Status of “Connected”. If you don’t see “Connected”, double check you don’t have a proxy blocking outbound TCP 443 requests to the Service Bus instance we created earlier (_AZUREHCMDEMO_.SERVICEBUS.WINDOWS.NET). > NOTE: To help with resiliency, you can deploy multiple agents on > different machines to ensure resiliency/availability/scalability. > When you select the same connection endpoint, HCM will automatically > begin to load balance traffic between the agents. Once you see the agent connected on-premises, you can validate from the Azure Portal we see the agent is connected as well. Via ALL SERVICES -> APP SERVICES -> your app service -> NETWORKING -> CONFIGURE YOUR HYBRID CONNECTION ENDPOINTS, you should see “CONNECTED” via the Status column on your Hybrid connectionsblade.
At this point, within your application, you should be able to reference the contents of the on-premises machine via the same connection string you may have used before. Below I’ve added an example showing an on-premises IIS server that displays the text “Moo” when you browse to the web page. Via my Web App in Azure, I created a quick PHP script that will request the on-premises server, in which HCM on the App Service will place the request on a Service Bus queue, the HCM agent on-premises will pull down the request, forward the request to the Web App on-premises, place the response back on the queue, and the web app will display the result “Moo”. Hope this helps! If you have any questions or comments feel free toreach out below.
HELPFUL LINKS/SOURCES Azure Friday Video showing an example of this: https://www.youtube.com/watch?v=y_zAJZC_8Yk Azure documentation on Hybrid Connections: https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections How to enable logging/debug HCM: https://blogs.msdn.microsoft.com/waws/2017/06/26/troubleshooting-hybrid-connections-with-logging/ * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Microsoft Azureand tagged azure
, hcm
, hybrid connection manager, setup
, Tutorial
on December 3, 2019
by Jack .
DEPLOYING FORTIGATE VIRTUAL APPLIANCES (FORTIGATE-VM) ON AZURELeave a reply
Here is a recap of some of the reflections I have with deploying Fortinet’s FortiGate appliance on Azure. This is more of a reflection of the steps I took rather than a guide, but you can use the information below as you see fit. At a high level, you will need to deploy the device on Azure and then configure the internal “guts” of the device to allow it to route traffic properly on your Virtual Network (VNet) in Azure. While Fortinet does have some documentation on deploying their appliance, I found it very confusing, so I hope this helps walk through deployment. At the time of writing this, v6.2 was the latest version; however I recommend using at least version 6.0 or greater as it provides support for auto-scaling, which is what we will be looking at for this guide. First, just want to provide a quick overview of the different options you can take and a rough overview of each architecture: * Single FortiGate (One VM, easiest to deploy, but is not highlyavailable)
*
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortigate-singlevm?tab=Overview* Docs:
https://docs.fortinet.com/vm/azure/fortigate/6.2/azure-cookbook/6.2.0/632940/single-fortigate-vm-deployment * HA FortiGate in Active/Passive mode (Two VMs with a public IP that gets manually attached to a given instance and updates to routetables)
* Notes: Fortinet in active/passive deployment requires the modification of UDRs and Public IPs. Please note, any manipulation of UDRs or public IPs for Active/Passive solutions can take about 30 seconds to be applied after the failover is initiated. This deployment typically contains 4 IPs on each appliance, one used for external traffic, another for internal traffic, a third for heartbeat traffic, and a fourth for management traffic.* Docs:
https://docs.fortinet.com/vm/azure/fortigate/6.2/azure-cookbook/6.2.0/227656/deploying-and-configuring-active-passive-ha-between-multiple-zones * HA FortiGate in Active/Active mode (Two VMs load balanced by Azure Load Balancer for high availability; a little more complex to manage; sometimes called the “load balancer sandwhich”)*
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortigatengfw-high-availability?tab=Overview* Docs:
https://docs.fortinet.com/vm/azure/fortigate/6.2/azure-cookbook/6.2.0/983245/ha-for-fortigate-vm-on-azure * Auto-scaling FortiGate (most complex architecture, cannot be deployed from Azure Marketplace, but most scalable)* Docs:
https://docs.fortinet.com/vm/azure/fortigate/6.2/azure-cookbook/6.2.0/161167/deploying-auto-scaling-on-azure * NOTE: As of 8/20/2019 – the only downside to this deployment method is BYOL isn’t officially supported yet (you must use Pay as you go (PAYG) licensing) and this mode will not let you easily establish VPN connections to the appliance vs Azure VPN Gateway. If using this deployment strategy, I would recommend pairing it with Azure’s VPN Gateway to handle VPN connectivity. * NOTE: As of 8/20/2019 – I don’t believe this deployment works for Azure’s sovereign clouds. The image for the FortiGate appliance is only up to v6.1.0 in Azure Government Cloud and I don’t see a way to specify within the FortiGate that it needs to use the Government Cloud APIs. You would need to manually modify the templates and work with Fortinet to ensure the images work for Azure’s sovereign clouds. In this case, I would recommend deploying the HA FortiGate in Active/Active mode listed above. DEPLOY THE APPLIANCE IN AZURE As part of this tutorial, we will look at FortiGate’s Autoscaling deployment as this will allow us to dynamically scale up or down depending on load. In addition, this deployment will provide us high availability, so in the event we lose a VM, network traffic will automatically failover to another appliance.ARCHITECTURE
A high level overview of what resources are deployedDEPLOYMENT
* Login to the Azure Portal * https://portal.azure.com * Create two new Resource Groups * Navigate to ALL SERVICES -> RESOURCE GROUPS* Click ADD
* Create two new resource groups with the following names (they can be different if you wish, but you will need at least 2) * FORTIGATE-HANDLER-RG* FORTIGATE-VMSS-RG
* Create a Service Principal * Navigate to ALL SERVICES -> AZURE ACTIVE DIRECTORY * Select APP REGISTRATIONS * Click NEW REGISTRATION * Name: FORTIGATE-NVA * Supported account types: ACCOUNTS IN THIS ORGANIZATIONAL DIRECTORYONLY
* Redirect URI: LEAVE BLANK* Click REGISTER
* Write down the Application (client) ID, Directory (tenant) ID, andObject ID.
* Click on CERTIFICATES & SECRETS * Click on the NEW CLIENT SECRET button and set the description to FORTIGATE-NVA, set the password expiry to your preference and clickADD
* Write down the value of your client secret * Note: once you navigate away from the blade you won’t be able toretrieve it again
* Delegate the Service Principal * Navigate to ALL SERVICES -> SUBSCRIPTIONS -> select your subscription -> and select ACCESS CONTROL (IAM) * Click ADD, ADD ROLE ASSIGNMENT, and use the following configuration* Role: OWNER
* Assign ACCESS TO: AZURE AD USER, GROUP, OR SERVICE PRINCIPAL * Select: Search for FORTIGATE-NVA and select it* Click Save
* Note: I didn’t have a chance to test, but I think these permissions could likely be delegated down at the resource group level vs subscription. If someone could confirm, please leave a commentbelow.
* Deploy the Fortigate Handler (CosmosDB and Function App)*
* Once you click the button above to deploy the template, use the following configuration* Function App Name
* This is the name of the Azure Function resource that gets created. This must be globally unique across all customers withinAzure.
* Cosmos DB Name
* Name of the Cosmos DB that will be created. This field must be between 3 and 31 characters and can contain only lowercase letters, numbers and -. This value should be globally unique across all customers within Azure. * Storage Account Type: STANDARD_LRS* Tenant ID
* Use the DIRECTORY (TENANT) ID from the Service Principal wecreated earlier.
* Subscription ID
* Enter the subscription ID to the Azure Subscription you wish to deploy to. You can find your subscription ID by navigating to ALL SERVICES -> SUBSCRIPTIONS and selecting your subscription.* Rest App ID
* Use the APPLICATION (CLIENT) ID from the Service Principal wecreated earlier.
* Rest App Secret: IW8GS………………………PMX * Use the value you wrote down when generating the Client Secret when creating the Service Principal. * Heart Beat Loss Count: 3 * Number of consecutively lost heartbeats. When the heartbeat loss count has been reached, the VM is deemed unhealthy and failover activities commence. * Scaling Group Resource Group Name: FORTIGATE-VMSS-RG * This is the value of the secret Resource Group you created at the beginning of this guide. This Resource Group will contain the VM Scale Set and it’s corresponding resources. * Script Timeout: 230 * This is the timeout for the Function App script to run. By default this is 230 seconds. * Election Wait Time: 90 * This is the maximum time (in seconds) to wait for a master election for the FortiGate’s to complete. * PSK Secret: MYSUPERSECRETPASSPHRASE * This is a random string of characters used by the FortiGates in the scale set to synchronize configuration items.* Package Res URL:
HTTPS://GITHUB.COM/FORTINET/FORTIGATE-AUTOSCALE/RELEASES/DOWNLOAD/1.0.3/FORTIGATE-AUTOSCALE-AZURE-FUNCAPP.ZIP * Grab the latest version of the package for the Azure Function App from GitHub. You can find the latest compiled versions here: https://github.com/fortinet/fortigate-autoscale/releases * Deploy the VM Scale Set*
* Once you click the button above to deploy the template, use the following configuration * Instance Type: STANDARD_F2 * FOS Version: 6.2.1 * VNet New Or Existing: NEW * Select whether you wish to use an existing or new Virtual Network * VNet Name: AZUREHUBVNET * The name of the VNet to be used or created. * Subnet Address Prefix: 10.0.0.0/16 * The address space of the VNet to be used or created. * Subnet1Name: UNTRUST * The name of the subnet that will be public facing to the internet. * Subnet1Prefix: 10.0.1.0/24 * The address space of the subnet to be created for the publicfacing zone.
* Subnet2Name: TRUST * The name of the subnet that will contain the private NICs of theFortiGate’s.
* Subnet2Prefix: 10.0.2.0/24 * The address space of the subnet to be created for the privatefacing zone.
* Subnet2Load Balancer IP: 10.0.2.10 * The IP address of the load balancer in the private zone. * Subnet3Name: PRIVATE * The name of the subnet that will contain the private machines that are behind the FortiGate appliance. * Subnet3Prefix: 10.0.3.0/24 * The address space of the subnet that will contain the private machines that are behind the FortiGate. Note: this is more of a place holder in FortiGate’s template, you can create additional subnets later on/use a different subnet for your private resources. * Public IP New or Existing: NEW * The Public IP address to be associated as the VIP of the Azure Load Balancer for incoming traffic. * Scaling Group Name Prefix: FGTASG * The prefix each VMSS Name is given when deploying the FortiGate autoscale template. The value of this parameter should be the same as for deploy_funcapp.json. The prefix cannot contain special characters \/””:|<>+=;,?*@& or begin with ‘_’ or end with ‘.’ or‘-‘.
* Initial Capacity: 2 * How many FortiGate’s should be deployed. Default value is 1, however I recommend at least 2 for high availability.* Min Capacity: 2
* The smallest amount of FortiGate’s that should be running. Default value is 1, however I recommend at least 2 for highavailability.
* Max Capacity: 3
* The max amount of FortiGate’s that should be deployed. * Scale Out Threshold: 80 * Percentage of CPU utilization at which scale-out should occur. * Scale In Threshold: 20 * Percentage of CPU utilization at which scale-in should occur. * Admin Username: AZUREADMIN * FortiGate administrator username on all VMs. * Admin Password: AZUREPASSWORD * FortiGate administrator password on all VMs. This field must be between 11 and 26 characters and must include at least one uppercase letter, one lowercase letter, one digit, and one special character such as (! @ # $ %). * Endpoint URL: HTTPS://YOURFUNCTIONAPPURL.AZUREWEBSITES.NET * This can be found by navigating to ALL SERVICES -> FUNCTION APP -> YOURFUNCTIONAPP -> URL on the overview blade. At this point, your FortiGate deployment should be completed. When a FortiGate appliance comes up, it will reach out to the Azure Function to pull down its base configuration. Any changes to the primary FortiGate will be synchronized to any additional FortiGates deployedas well.
For those using a hub/spoke network, you will want to associate a UDR to each of your subnets to force traffic back to the internal load balancer’s VIP. You can do this by creating a new Route Table, add a Route, set the next hop type to Virtual Appliance, and set the IP address to the IP address you specified for the “Subnet2LoadBalancer IP”.
You can connect to the primary FortiGate for management via web console on Port 8443 (https://IP.AD.DR.ESS:8443) or via SSH on Port22.
REFERENCES
https://docs.fortinet.com/vm/azure/fortigate/6.2/azure-cookbook/6.2.0/128029/about-fortigate-vm-for-azure * Bookmark on Delicious* Digg this post
* Recommend on Facebook* share via Reddit
* Share with Stumblers* Tweet about it
* Subscribe to the comments on this post* Print for later
* Bookmark in Browser* Tell a friend
This entry was posted in Microsoft Azure, Networking
and tagged azure
, fortigate
on August 22, 2019
by Jack .
POST NAVIGATION
← Older posts
Search for:
RECENT POSTS
* Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/ActiveBPG Configuration
* How to upgrade Home Assistant Z-Wave integration to Z-Wave JS forDocker
* How to generate base64 encoded SSL certificates via PowerShell forAzure
* Cheat sheet on Azure Subnetting * How to update Home Assistant Docker ContainerRECENT COMMENTS
* Pravin Singi on Establishing an AWS VPN Tunnel to Azure Virtual WAN; Active/Active BPG Configuration * GB on Ford Explorer Sport 2013 – Keyless Entry Code * Dave on Deploying Cisco Virtual Appliances (NGFWv) on Azure * Jack on Deploying Cisco Virtual Appliances(NGFWv) on Azure
* Dave on Deploying Cisco Virtual Appliances (NGFWv) on AzureARCHIVES
* March 2021
* July 2020
* March 2020
* February 2020
* January 2020
* December 2019
* August 2019
* June 2019
* March 2019
* January 2019
* November 2018
* October 2018
* September 2018
* August 2018
* July 2018
* June 2018
* April 2018
* March 2018
* January 2018
* July 2017
* May 2017
* January 2017
* August 2016
* June 2016
* February 2016
* March 2015
* February 2015
* January 2015
* December 2014
* November 2014
* September 2014
* August 2014
* July 2014
* June 2014
* May 2014
* April 2014
* March 2014
* February 2014
* January 2014
* December 2013
* November 2013
* October 2013
* September 2013
* August 2013
* July 2013
* June 2013
* May 2013
* April 2013
* March 2013
* February 2013
* January 2013
* December 2012
* November 2012
* October 2012
* September 2012
* August 2012
* July 2012
* June 2012
* May 2012
* April 2012
* February 2012
* January 2012
* December 2011
CATEGORIES
* Active Directory
* Android Development* Java
* Linux
* Lync
* Microsoft Azure
* msSQL
* Networking
* Office 365
* Powershell
* Raspberry Pi
* System Center
* Ubuntu
* Uncategorized
* VMware
* Web Development
META
* Log in
* Entries feed
* Comments feed
* WordPress.org
TAGS
2010 Active DirectoryADFS
android
azure
backup
Best Practices AnalyzerBPA
centos 6
cli
Command Line
dhcp
dns
error
esxi
Exchange
federation
Group Policy
installation
Linux
lync
Lync 2010
lync 2013
Lync Server 2013
msSQL
Office 365
openSSL
polycom
powershell
raspberry pi
SCCM 2012 r2
Server 2008
Server 2008 R2
server 2012 r2
SQL
ssl
sso
system center 2012 r2 configuration managerTutorial Upgrade
vCenter
view
VMWare
vmware tools
windows
ABOUT ME
I'm currently working for Microsoft as a FastTrack Engineer specializing in Microsoft Azure as a cloud solution. Please note that I am not speaking on behalf-of Microsoft or any other 3rd party vendors mentioned in any of my blog posts. All of these posts are more or less reflections of things I have worked on or have experienced. These articles are provided as-is and should be used at your own discretion. Did this article help?SOCIAL MEDIA ICONS
THE ADS
Interested in buying a Tesla? Please consider using my referral link: https://ts.la/jack70545 Proudly powered by WordPressDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0