Menu Categories Author

Nubis Novem

IT consulting company with real cloud experience

Tag: Microsoft

Self Control: Windows server connected by VPN service to itself

There were times when we were looking for simple yet unorthodox solutions; and this case was one of them. Imagine, if there was a Windows 2012 server with its standard VPN service (RAS, or, Remote Access, actually), configured and operational. The only problem was that static IP of the server (as seen by a connected user) was not up at all times. For instance, assume DHCP IP range for VPN clients was 172.0.2.1 – 172.0.2.199. That makes first address of the range, 172.0.2.1 the server’s address that is accessible by VPN clients (inside VPN tunnel). When server just started that IP would be down – not even pingable, let alone not routable. The IP address becomes live as soon as first VPN client is connected from outside to the RAS service. That presented a challenge for application jobs configured to run in both modes: locally on the server and from remote locations connected to the server. We would configure 172.0.2.1 as a universal connection point for all the applications and grant proper server firewall exclusions, though… they would not be able to connect if no external users connected to the VPN service yet.

Read more

How to protect Remote Desktop Service with valid SSL certificate in Windows 2008, 2012, 2016

It is typical for a Windows server to have a auto-generated self-signed certificate for its Remote Desktop service. Not a good practice. Especially when RDP service is exposed on the internet (via TCP port 3389 that would be open in firewall). Here are a few simple steps to install a valid SSL certificate to be used with RDP to protect the host identity and encrypt your remote desktop sessions properly.

Read more

Amazon EC2 Windows instance with custom MAC on network interface

We were not able to alter MAC address of main network adapter inside a Windows 2012 R2 instance. No matter how we tried with registry hacks and even 3rd party software tools, the outcome was unsuccessful. Though for certain applications dependent on a particular MAC value it does not have to be on a primary network card. We realized we just needed another network card! That could be achieved by installing a dummy loopback network driver that would serve as an additional network interface. It can be assigned with a bogus IP while its physical (or MAC) address we may alter freely. Luckily, Microsoft offers such driver among most of its Windows distributions that is called KM-TEST Loopback Adapter.

Read more

PowerShell

I have been reading on all kinds of Microsoft technologies, including PowerShell. Which is a pretty cool tool. I have tried it before and it did not work well for me then because I did not understand its purpose. It is not a normal OS shell. Instead, it is the shell for the .NET virtual machine. Exactly the thing that Java is missing, and the gap that it tries to plug with the crap like Ant and Maven, unsuccessfully. PowerShell lets you run all the .NET methods interactively from the command line, and build the pipelines of them. It has some very cool syntax that lets you automatically apply the pipeline input in the same way as the command-line input. It also has the remote execution functionality, so it serves as an analog of the rsh/ssh (more advanced in some ways, less advanced in the others) in the Microsoft ecosystem.

Read more