As Cisco jabber released a new version to fix some security vulnerabilities, I had a opportunity to mass update the existing jabber versions. Below is tested script that I used to successfully deploy the Jabber 12.9.1 version to all Windows endpoints. You can edit this as needed and deploy Jabber 12.9.1. My script basically removed existing Jabber 12.8.1 and 12.6.2 and install latest 12.9.1.
But after straight forward upgrade and testing everything was fine except SCCM, reporting will not load and was throwing an error Failed to load expressions host assembly. But SQL server was working without an any error.
Recently, I had to renew one of the remote desktop server farm SSL certificate. There are many instructions and videos for renewal of self-sign SSL for RDS gateway but there are only few places I was able to find anything for trusted SSL renewal.
****First, open IIS Manger and click on Server name.
****Then click on server certificate about to expire and right hand top corner click on create certificate request and this will bring up certificate request wizard. In this fields make sure to fill the name as exactly as current rds gateway name and choose bit length as 2048.
****Then save the cert request where ever you want. But I usually save to the root C:\Cert\2020. So I can keep track on old certs too. Just in case if I need old one I’ve it close by. This a text file with all the crypto info.
Then head to your favourite SSL provider and complete the cert renewal. My cert provider was Go daddy and usually godaddy auto renew SSL but cannot use this SSL due to the fact that it is missing private key info from the server. So basically click on cert and copy and past entire certreq.txt file info and request the SSL from Go daddy.
****Then Go daddy will do it things and send out email to whoever mange domain to confirm cert renew. In this case I had access to the email account who mange the domain. Once you go daddy issue cert go ahead and choose IIS as a cert and download to the server cer location. I choose C:\certs\2020.
****Then we gonna go to next step and open IIS Manger again and same place click on complete cert renewal. Then select the CA issues cer and name the cert complete the request which will install new SSL on IIS.
****After cert install SSL need to bind into port 443 in order to be active.
****So we are done with SSL for IIS, then need to assign cert for RD Gateway. Open TS Gateway Manager and right-click the local TS Gateway server, and then click Properties.
****On the SSL Certificate tab, click Select an import and it will show certificate just install in IIS and you can simply install it. After that Click OK to close the Properties dialog box for the TS Gateway server.
*****After this step you are done and RDS gateway will show with proper cert.
I’m sure anyone of you log onto server notice that server manger start automatically. This is particularly issue for remote desktop environment when regular user log in, they will be presented with server manger. I’ve no idea why Microsoft allow this in RDS environment in first place. Anyways, here how you can disable it for all users.
There is two way you can do this first via GP, which is my preferred method.
First bring up group policy editor and create a GP and navigate to Computer configuration, Administrative Templates, System, Server Manger and then open ” Do Not Display Server Manger Automatically at logon” and click enable.
Otherwise, ( But this will need to be run on each servers) run power shell in admin mode,
Get-ScheduledTask -TaskName Server Manger | Disable-ScheduledTask -verbose
I love to experiment with various software and one of those essential system that I play around is kali. I’ve setup mine in ESXI server that I cannot directly connect. This is one of the way you can RDP into your kali and experience full GUI access.
Here is the codes that you need to run in sudo mode.
Computer communication via internet only can work if TCP/IP working properly. I’m sure you have seen after many ipconfig/renew/release and flushdns and REBOOT still PC cannot get IP. In my experience this is related to corruption in TCP/IP and of course you need to check the cable or WIFI is connected before all of this 🙂
Anyway here is how to reset those corrupted TCP/IP stack and make sure to reboot the PC after reset and RUN the command prompt in ADMIN mode.Also if you have static IP, remember to note them down, because this will wipe those out!
Before all of this in my experience resetting socket also can fix many ip stack related issues and here is the command.
If you are familiar with PENTEST and Kali linux platform, you should know nmap which is great vulnerability scanning tool. But recent version of kali has dropped ZENMAP which is GUI base for nmap which great tool to run nmap in GUI and also to generate command line to run on nmap.
Few of my blog readers mentioned to me that after Kali 2020.4 my previous method of installing Zenmap no longer works. So after breaking few VM images and few swear moment I was able to figure out a way to install Zenmap GUI in new Kali. 🙂
Then bring up terminal from the place downloaded the tar package and run sudo su and get the root access. After that run below command in sequence. Very good guide here https://nmap.org/book/inst-source.html
apt-get updatebzip2 -cd nmap-7.91.tar.bz2 | tar xvf -
then install each package with dpkg -i <each package name from above>
As a example dpkg -i ./python-cairo_1.16.2-2ubuntu2_amd64.deb
Once you down you will be able to see zenmap from search window in kali. But if you want to run Zenmap as root you need to brows into place where tar package got unzip. In my case download folder nmap 7.91 and bring terminal and run sudo su and then ./zenmap.