Skip to content
Technote
Search for:
Search
Home
Microsoft
EMS MDM
Windows Fundamental
Windows Server
Powershell
Group Policy
Cisco
Cisco Voice
Web
Linux
Networking
Networking
Cyber Security
Web Coding
CATEGORIES
Microsoft
Microsoft Server and Related exames
READ MORE
Networking
Networking, Cisco, Juniper, security
READ MORE
Coding
Hosting, database, Python, WordPress
READ MORE
Security
Penetration test and defend
READ MORE
Linux
Releash the power of Penguin
READ MORE
Database
There are enough fishes here~
READ MORE
Latest posts
PRTG application API monitoring with powershell
April 12, 2023
PRTG provides versatile monitoring, from Server health to application API. today we will use powershell to monitor the API health. Below are the configurations in the PRTG sensor: Host IP: 10.34.50.56 URL: https:///stationery.webapi/Account/LogOn’ Postdata: {‘username’: ‘xxxx‘,’password’:’xxxx‘,’merchantNumber’:xxxx} Content Type: Custom Custom content type: application/json insert the Host IP after the second slash in the URL , you find the complet url: https://10.34.50.56/stationery.webapi/Account/LogOn To find out the “Response Must Include” area, run bellow powershell command (Postdata is used in the body area): ##below ignore the ssl cert trust isue: add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ ::CertificatePolicy = New-Object TrustAllCertsPolicy ## below pass the JSON data to the url, and get the response. invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'xxxx','merchantID':xxxx}" I found some code like: Content: {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ AllElements: .... RawContent : HTTP/1.1 200 OK Pragma: no-cache,no-cache Content-Length:1195 {"data":{"user":{"countrycode":0, "Reload":31, "rolename":"Stationery Shop","username":xxxx,........ "merchantID":"1234567890123" now I change the password to a wrong one on purpose,which is 12345, and try to get some other response just for comparison purpose: invoke-webrequest -Uri 'https://10.34.50.56/stationery.webapi/Account/LogOn' -Method Post -ContentType "application/json" -Body "{'username': 'xxxx','password':'12345','merchantID':xxxx}" now the response become: Server Error We're sorry, but an unexpected error occurred on the server. ..... So I will just pick a piece of data, such as merchantID from the first response and use it as the evidence of working API. Response Must Include: 1234567890123...
Read more...
MS IIS server (Web server)
March 15, 2023
Updated on 2023-03-15 IIS 10.0 version 1809 is the latest version of Internet Information Services (IIS) which shipped with the Windows 10 October 2018 Update and Windows Server 2019. Configuration file ApplicationHost.config This file is the root file of the configuration system when you are using IIS 7 and above. It includes definitions of all sites, applications, virtual directories and application pools, as well as global defaults for the web server settings, which means it controls the server itself. The location of the file is currently in the %windir%\system32\inetsrv\config directory. web.config Web.config file control configurations at the site and application levels....
Read more...
Get user last login [Azure, Intune]
February 9, 2023
We may need to get a list of the user with older passwords than we expecting. Use below script to get a report about the password age. ##Test if you are logged in. function MSOLConnected { Get-MsolDomain -ErrorAction SilentlyContinue | out-null $result = $? return $result } Import-Module MSOnline if (-not (MSOLConnected)) { Connect-MSOLService } $Students_BYOD = Get-ADUser -Filter * -SearchBase “OU=2026,OU=Students,OU=Users,DC=curric,DC=your_company,DC=com” $time_limit=(get-date).Date.AddDays(-68) foreach($student_BYOD in $Students_BYOD){ Get-MsolUser -UserPrincipalName $student_BYOD.userPrincipalName | select userprincipalname,LastPasswordChangeTimestamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}} | Where-Object { $_.LastPasswordChangeTimeStamp -lt $time_limit} | Export-CSV D:\tmp\LastPasswordChange.csv -NoTypeInformation -Append }...
Read more...
Cisco CME Troubleshooting
February 2, 2023
To show debug message on telnet/ssl session: terminal monitor Common commands to troubleshoot sip: debug ccsip: This has various options, debug ccsip all: This command enables all ccsip type debugging. This debug command is very active, you should use it sparingly in a live network debug ccsip calls: This command displays all SIP call details as they are updated in the SIP call control block. You can use this debug command to monitor call records for suspicious clearing causes. debug ccsip errors: This command traces all errors that are encountered by the SIP subsystem. debug ccsip events: this command traces event, such as call setups, connections and disconnections. An events version of a debug command is often the best place to start because detailed debugs provide much useful information. debug ccsip info: This command enables tracing of general SIP security parameter index (SPI) information, including verification that call redirection is disabled. debug ccsip media: This command enables tracing of SIP media streams debug ccsip messages: This command shows the headers of SIP messages that are exchanged between a client and a server. debug ccsip preauth: This command enables diagnostic reporting of authentication, authorization, accounting (AAA) for SIP calls. debug ccsip states: This command displays the SIP states and state changes for sessions within the SIP subsytem. debug ccsip transport: This command enables tracing the SIP transport handler and the TCP or UDP process show the SIP register status, and the SIP trunk lines too UC560#show sip-ua register status Line peer expires(sec) registered P-Associ-URI =============== ========== ============ ========== ============ 613xxxxxxxx -1 1750 yes disable debugging: no debug all Reference https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/white_paper_c11-613550.html...
Read more...
Bitlocker for Removable drive
January 13, 2023
You may see a notice like below saying “Before you can save files on this drive, you need to encrypt it using BitLocker. The way to disable this is the Group policy: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption> Removable Data Drives. find setting “Deny write access to removable drives not protected by Bitlocker” change state to “Disabled”. Note, don’t choose “Not configured”, this is a bug with this setting as of Jan 2023....
Read more...
Renew AD FS Service Communications certificate
January 10, 2023
SSL Certification renew If your communication with another APP is encrypted with a trusted third part CA cert, and the max validity for which is 397 days, so you have to do this job every year: Renew the cert from your CA authority, like Digicert Export the cert file in cer format with private key. Copy the cert file to AD FS server, open MMC.exe, Add snap-in > certificate > Computer account > local computer Import the cert file to certificate ( local computer) > personal > Certificates Double click the Cert imported, go to Details tab, select Show <All>, find thumbprint, copy the thumbprint to a text file without space in the middle, something like ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’ On Ad FS server, run powershell with administrator privilege. Use following cmdlet to install the new SSL certificate: Set-AdfsSslCertificate -Thumbprint ‘7503ffb9da7ee64971e50a37fbe1b53dd7eeeef8’ Go to AD FS Management console, Expand Service > Certificates . In the Right Pane, click Set Service Communication Certificate… Choose the Certificate you imported, click OK. Restart the ADFS services....
Read more...
Give removable drive write access.
December 14, 2022
Administrative Templates, Find Computer configuration> Windows Components > BitLocker Drive Encryption > Removable Data Drives. Click Deny write access to removable drives not protected by BitLocker. Select Disabled....
Read more...
Check the Service status and start if required
December 8, 2022
As a Windows network, system admin, we need to check some of the critical services all the time. Let’s take Active Directory Federation Services as an example, I use a bat script to check and start it Create a script file called ServiceCheck.bat, and save to c:\scripts: for /F "tokens=3 delims=: " %%H in ('sc query "adfssrv" ^| findstr " STATE"') do ( if /I "%%H" NEQ "RUNNING" ( REM Put your code you want to execute here REM For example, the following line net start "adfssrv" ) ) Then create a task in Task Scheduler. The triggers: I set is Daily, start at 7Am, and Repeat task every 5 minutes. for a duration of 1 day. Actions: start a program, C:\scripts\ServiceCheck.bat ...
Read more...
Disable SCHANNEL log in windows
October 19, 2022
Here’s workaround you can try: Note: You’d better backup the registry before change it/ “EventLogging”=dword:00000000 Value Description 0x0000 Do not log 0x0001 Log error messages 0x0002 Log warnings 0x0004 Log informational and success events...
Read more...
monitor Aruba AP status With PRTG
September 21, 2022
With the PRTG you can check if the APs are online and their CPU usage. First add a device with the controller’s IP address. Under the device, add a sensor. Type SNMP in the search box, then find “SNMP Custom Table” The OID can be found in this doc: https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/Content/Aruba%20Instant%20MIB%20Reference%20Guide.pdf The table is called “ai Access Point Table”, and the OID is 1.3.6.1.4.1.14823.2.3.3.1.2.1 After the search, you will see the table below, the 1.1 is the MAC address, 1.2 is the name, and 1.3 is the IP address. What I really care about is the 1.7 CPU usage: Select below and edit: Identification Column: 1.3.6.1.4.1.14823.2.3.3.1.2.1.1.2 , which is the AP name Channel #1 Name: CPU% Channel #1 column: 1.3.6.1.4.1.14823.2.3.3.1.2.1.1.7 Channel #1 Unit: Percent Leave other fields as default, and click “Create” Now you can create a map and add those sensors to the location. ...
Read more...
