Jabber Install Script

As Cisco jabber released a new version to fix some security vulnerabilities, I had a opportunity to mass update the existing jabber versions. Below is tested script that I used to successfully deploy the Jabber 12.9.1 version to all Windows endpoints. You can edit this as needed and deploy Jabber 12.9.1. My script basically removed existing Jabber 12.8.1 and 12.6.2 and install latest 12.9.1.

REM Uninstall Jabber 12.8.1

“msiexec.exe” /x {6E87407E-2EFD-4C7F-B167-8219279226E6} /qn /norestart

REM Uninstall Jabber 12.6.2

“msiexec.exe” /x {BEFF5578-DB83-4AFA-8C40-4A005F2A3BF9} /qn /norestart

REM Delete regkey Jabber 12.6.2

reg delete “HKEY_CLASSES_ROOT\Installer\Products\8855248850B85EC4787609E82C36C6B2” /f

REM Delete regkey Jabber 12.8.1

reg delete “HKEY_CLASSES_ROOT\Installer\Products\7D843DE4BA2A2DC4C89F532E22C06EC9” /f

REM Install Jabber 12.9.1

msiexec.exe /i \share location\CiscoJabberSetup.msi /qn CLEAR=1

Renew Cisco Switch Self-Sign Certificate

This post mainly refer to Cisco Catalyst switches and this I have tested on production network without any issues. But again proceed with caution!!. Cisco recommend to have a CA trust point configured on all the Cisco devices for secure communication. But if you do not have one switch will fall back to a self-sign certificate which we need to renew over the time. This is the full article from Cisco https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html

Also great community article https://community.cisco.com/t5/networking-documents/a-self-signed-certificate-is-added-to-a-cisco-catalyst-switch/ta-p/3124222

Here are the steps for how to do it in short form,

*** SSH into the switch or console connect.

***show crypto pki certificates —– to get the certificates and show you all the certificates. This will show you all the switch certs and you will be able to locate expired one.

***Locate the ID of the cert that has expired date and it will usually show you something like TP-self-signed-51XXXXXX

***Switch to privilege mode

***no ip http secure-server ——-disable https server before do any renewal

*** no crypto pki trustpoint TP-self-signed-51XXXXX —- this id you were located running first command

***ip http secure-server ———re enables the https server and generates a new trustpoint and certificate

*** do show crypto pki certificates – check the new cert is there with new validity period

Then you are done.

SCCM Reporting Error After SQL Upgrade. (Failed to load expressions host assembly)

Few Weeks back I had the chance to upgrade SQL server from 2012 to 2016 which host SCCM DB. Usually SQL Upgrades are very straight forward process. You can read a very good article about how to do SQL upgrade here. https://www.virtualizationhowto.com/2017/03/how-to-upgrade-sql-server-2014-to-sql-server-2016/

But after straight forward upgrade and testing everything was fine except SCCM, reporting will not load and was throwing an error Failed to load expressions host assembly. But SQL server was working without an any error.

MINDCORE BLOG: Failed to load expression host assembly. Details ...

After looking through many logs I was able to located the issue which was cause by SQL file location changes during the upgrade. Then I had to brows through the internet to find a solution and Microsoft recommend solution was to reinstall Reporting Service Point (RSP) role which is describe here https://social.technet.microsoft.com/wiki/contents/articles/15475.how-to-successfully-install-reporting-services-point-role-in-sccm-2012-sp1.aspx

But I wasn’t dare enough to go and mess around SCCM and found very good solution here https://ronnydejong.com/2013/05/23/reporting-service-point-rsp-broken-after-upgrading-sql-server-2012-sp1-sysctr/ This was listed solution for upgrade from 2008 to 2012 but same solution worked for my situation also.

****Basically, copy srsresources.dll from old SSRS install location which was in my case was in \Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\Report Server\Bin

TO

New SSRS location \Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\Report Server\Bin

****Then find rssrvpolicy.config file in new SSRS install (\Program Files\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\Report Server\Bin) open with note pad

****Then search for the SRSResources URL within note pad and change the URL to new location where DLL copied in first step.

Then you are done.

How To Renew a Microsoft Terminal Server SSL Certificate.

Recently, I had to renew one of the remote desktop server farm SSL certificate. There are many instructions and videos for renewal of self-sign SSL for RDS gateway but there are only few places I was able to find anything for trusted SSL renewal.

In this blog I’ve used images from windowsserveressentials.com ( https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/), because I really didn’t have chance to take snapshot of every step I did and cannot risk leaking any info on servers I worked on( if I forget to black out some parts 🙂 ). But basically cert renewal is the same and no difference initially with few important changes. Server I worked was 2016 Server.

****First, open IIS Manger and click on Server name.

Renew your SSL Certificate : SBS 2011 Essentials | Title (Required)
https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/

****Then click on server certificate about to expire and right hand top corner click on create certificate request and this will bring up certificate request wizard. In this fields make sure to fill the name as exactly as current rds gateway name and choose bit length as 2048.

4
https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/

https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/

****Then save the cert request where ever you want. But I usually save to the root C:\Cert\2020. So I can keep track on old certs too. Just in case if I need old one I’ve it close by. This a text file with all the crypto info.

6
https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/

Then head to your favourite SSL provider and complete the cert renewal. My cert provider was Go daddy and usually godaddy auto renew SSL but cannot use this SSL due to the fact that it is missing private key info from the server. So basically click on cert and copy and past entire certreq.txt file info and request the SSL from Go daddy.

****Then Go daddy will do it things and send out email to whoever mange domain to confirm cert renew. In this case I had access to the email account who mange the domain. Once you go daddy issue cert go ahead and choose IIS as a cert and download to the server cer location. I choose C:\certs\2020.

****Then we gonna go to next step and open IIS Manger again and same place click on complete cert renewal. Then select the CA issues cer and name the cert complete the request which will install new SSL on IIS.

2b
https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/

****After cert install SSL need to bind into port 443 in order to be active.

****So we are done with SSL for IIS, then need to assign cert for RD Gateway. Open TS Gateway Manager and right-click the local TS Gateway server, and then click Properties.

****On the SSL Certificate tab, click Select an import and it will show certificate just install in IIS and you can simply install it. After that Click OK to close the Properties dialog box for the TS Gateway server.

How to renew RDP service self signed certificate in Windows 2012 ...
https://www.youtube.com/watch?v=yRjoGb6DmcA

*****After this step you are done and RDS gateway will show with proper cert.

How to Disable Server Manger at Startup

I’m sure anyone of you log onto server notice that server manger start automatically. This is particularly issue for remote desktop environment when regular user log in, they will be presented with server manger. I’ve no idea why Microsoft allow this in RDS environment in first place. Anyways, here how you can disable it for all users.

There is two way you can do this first via GP, which is my preferred method.

First bring up group policy editor and create a GP and navigate to Computer configuration, Administrative Templates, System, Server Manger and then open ” Do Not Display Server Manger Automatically at logon” and click enable.

Otherwise, ( But this will need to be run on each servers) run power shell in admin mode,

Get-ScheduledTask -TaskName Server Manger | Disable-ScheduledTask -verbose

Done!!

Run Command Without Entering Sudo Password in remote kali system.

This is very useful if you have system that you need to run commend without keep typing su in the beginning of the command line and then enter the sudo password.

Bring up terminal and ssh into the system ssh your host ip -l username and then enter the psw

You will be in the ssh line on the remote system.

Type sudo visudo and then the psw

add this line to the end of the file and save and done.

username ALL=(ALL) NOPSSWD:ALL

How to RDP into Kali Linux

I love to experiment with various software and one of those essential system that I play around is kali. I’ve setup mine in ESXI server that I cannot directly connect. This is one of the way you can RDP into your kali and experience full GUI access.

Here is the codes that you need to run in sudo mode.

Apt-get update && apt-get upgrade
Apt-get dist-upgrade
Apt-get install xrdp
Service xrdp-sesman start
update-rc.d xrdp enable
Apt-get remove gnome-core
apt-get install lxde-core lxde kali-defaults kali-root-login desktop-base
update-alternatives –config x-session-manager

Now you can access your kali instance from your Windows PC.

Set IP Address / DNS / Route in CMD

I know once in a while we all have to use our CMD skill to set some stuff up in machines. So here is some command to get windows machine online via CMD.

****First you need to locate the name of the network interface

netsh interface ipv4 show interfaces

***Assume that you want to setup a static IP such as below

  • IP:172.28.5.10
  • sub:255.255.255.0
  • GW: 172.28.5.1

netsh interface ip set address name=”Local Area Connection” static 172.28.5.10 255.255.255.0 172.28.5.1 1

Note that ” local area connection” is the one I found when I ran very first command and “1” in the end is the metric for route.

If you want to forget about the static rout and want to get DHCP,

netsh interface ip set address name=”Local Area Connection” dhcp

****Now if you want to set a static DNS,

netsh interface ip set dns name=”Local Area Connection” static 8.8.8.8

Second DNS

netsh interface ip add dns name=”Local Area Connection” 8.8.4.4 index=2

Again if you want to get DNS via DHCP

netsh interface ip set dnsservers name=”Local Area Connection” source=dhcp

DONE,your PC will be one line!!. Yes of course you need to plug the network cable 🙂

Reset TCP/IP Stack

Computer communication via internet only can work if TCP/IP working properly. I’m sure you have seen after many ipconfig/renew/release and flushdns and REBOOT still PC cannot get IP. In my experience this is related to corruption in TCP/IP and of course you need to check the cable or WIFI is connected before all of this 🙂

Anyway here is how to reset those corrupted TCP/IP stack and make sure to reboot the PC after reset and RUN the command prompt in ADMIN mode.Also if you have static IP, remember to note them down, because this will wipe those out!

Before all of this in my experience resetting socket also can fix many ip stack related issues and here is the command.

netsh winsock reset

Reset the ipv4

netsh int ip reset

if you want to reset ipv6

netsh int ipv6 reset

If you want to re-install the stcack,

  • SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  • SYSTEM\CurrentControlSet\Services\DHCP\Parameters

END of the RESET.

Install ZENMAP in Debain( Kali Linux) base system.

If you are familiar with PENTEST and Kali linux platform, you should know nmap which is great vulnerability scanning tool. But recent version of kali has dropped ZENMAP which is GUI base for nmap which great tool to run nmap in GUI and also to generate command line to run on nmap.

Apparently, ZENMAP need to install manually on newer kali OS’s. Here is way to install it.

You can get more info here https://nmap.org

Go to https://nmap.org/download.html and download Optional Zenmap GUI (all platforms): zenmap-7.80-1.noarch.rpm usually it will go to download on your kali

Then run these commands:

sudo su it will ask to enter password for root

apt-get update
apt-get install alien


cd to the download folder where you download zenmap

sudo alien “zenmap-7.80-1.noarch.rpm”

sudo dpkg -i “zenmap-7.80-1.noarch.deb”

Then you will be able to launch zenmap.

All credit goes to https://forums.kali.org/showthread.php?45988-Zenmap-missing-Kali-Linux-2019-4