Posted on

Active Directory : cambio ruoli server

In un ambiente windows server active directory nultiserver, può essere necessario spostare il ruoli da un server ad un altro.

Quale server ha i ruoli di Active Directory ?

Per scoprire quale server ha i ruoli di Active directory digitare il comando :

NETDOM QUERY FSMO

Trasferimento ruoli con riga di comando.

Aprire un prompt di Dos e digitare :

ntdsutil

poi

roles

poi

connections

poi

Connect to server ServerFQDN

Dove il server è il server a cui volete passare i ruoli

quit

A seconda dei ruoli che si vuole passare , digitare i seguenti comandi :

Ruolo Credenziali Comando
Master per la denominazione dei domini Amministratori Enterprise Seize naming master
Master schema Amministratori schema Seize schema master
master dell’infrastruttura Domain Admins Seize infrastructure master
Master per l’emulatore PDC Domain Admins Seize pdc
master RID Domain Admins Seize rid master
Posted on

microsoft wsus : questions and answers

How to update group policy on a client ?

gpupate /force

Which wsus server is registered on a client ?

REG QUERY "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate"

How to print group policy group for a client on screen ?

Gpresult /r

How to  confirm whether the update has been downloaded on the WSUS server first ?

Add file staus option. In wsus , in update window, right click on grid header and select “File Status”. The green icon means that the update is ready for installation.

How to get update log in a client via PoerShell ?

Open Powershall with admin privileges and digit :

Get-WindowsUpdateLog

This command will build a wsus client log on desktop.

How to remove a windows computer from wsus updating

Posted on

Updating Nakivo Appliance in environment with Qnap nas

Nakivo Environment

In this environment we have a Nakivo Appliance and a Qnap nas, used as Nakivo backup repository. We need to update the Nakivo appliance that currently is at 10.6 version.

Updating Nakivo using web console

Enter in your Nakivo web interface, navigate to “Seetings” – “Software Update”. The procedure proposes to you the 10.7 version. Proceed. You’ll reice a warning that “remote transporters will not be updated automatically”. After this procedure the Nakivo will be at 10.7 version and not other updates will be avalaible. Indeed the web console signals that your qnap transporter is “out of the date”. So you need to update it to use it. And here there is the problem: we’ll sew that, using nakivo qnap site , you’ll be able to install only the version 10.9 of qnap trasporter that is newer than the currently Nakivo appliance version. So you first need to install the 10.9 version on your Nakivo appliance, but you need to do it manually

Updating Nakivo manually

Using Nakivo upadte site you have to download the “Virtual Appliance”. You”ll download the file

NAKIVO_Backup_Replication_v10.9.0.76010_Updater.sh

Using the application Winscp connect to your Nakivo appliance via ssh. Upload the sh file in the folder /opt/nakivo/updates.

To enter via ssh in a nakivo appliance the default credential are :

  • username : root
  • password : QExS-6b%3D

Now you have to follow this instruction to update the application : Nakivo manual.

Updating Nakivo Transporter in Qnap

In our environment , the Qnap has a Nakivo Transporter App version 10.6.0, compatible with the starting version of our Nakivo appliance. It’s not possible to update this version automatically via qnap, you need to downnload from Nakivo site the new transporter and update it via Qnap web console.

In Nakivo site , you have to choose between the intel or arm transporter package. You’ll download a opkg file.

So, enter in qnap web console and install it manually :

Unable to install Qnap Transporter because the digital sign is invalid

If you are unabled to install the Nakivo Trasporter package because you recive an error that report that the digital sign is invalid , yoiu need to allow installation of applications without a valid digital signature. Click the Settings icon in the top-right corner of the App Center. On the General tab, check the option “Allow installation of applications without a valid digital signature”.

Issue with Nakivo web interface 10.9 in web browser

Even if Nakivo siuggests to use chrome or Firefox to use properly its web interface, we had problem using Chrome. We solved it using Microsoft Edge.

Links

Posted on

auto-generate INSERT statements for a SQL Server table

  1. Right-click on the database and go to Tasks > Generate Scripts.
  2. Select the tables that you want to generate the script.
  3. Go to Set scripting options tab and click on the Advanced button.
  4. In the General category, go to Type of data to script
  5. There are 3 options: Schema OnlyData Only, and Schema and Data. Select the appropriate option and click on OK.

Posted on

Exchange – cassette postali condivise

Le cassette postali condivise consentono a un gruppo di persone di monitorare e inviare posta elettronica da un indirizzo di posta elettronica comune, come info@mecdata.it. Quando un utente del gruppo risponde a un messaggio inviato alla cassetta postale condivisa, il messaggio di risposta sembrerà inviato dalla cassetta postale condivisa, non dal singolo utente.

Le cassette postali condivise vengono usate quando più persone devono accedere alla stessa cassetta postale, ad esempio un’informazione aziendale o un indirizzo di posta elettronica di supporto, una reception o un’altra funzione che potrebbe essere condivisa da più persone.

Le cassette postali condivise includono un calendario condiviso ed una rubrica condivisa.

Licenze: La cassetta postale condivisa può archiviare fino a 50 GB di dati senza assegnare una licenza. Per volumi più elevati, è necessario assegnare una licenza alla cassetta postale

Utenti esterni: Non è possibile concedere agli utenti esterni all’azienda (ad esempio, utenti con un account Gmail) l’accesso alla cassetta postale condivisa

Conversione delle cassette postali: È possibile convertire le cassette postali utente in cassette postali condivise.

Troppi utenti: Quando sono presenti troppi utenti designati che accedono contemporaneamente a una cassetta postale condivisa (è consigliabile non più di 25), è possibile che non riescano a connettersi a questa cassetta postale o abbiano incoerenze come i messaggi duplicati nella posta in uscita

Posted on

Error from Filezilla Client to Microsoft IIS FTP Server

When you connect to ftp server create with Microsoft IIS using Filezilla Client you should have this error

GnuTLS error -48: Key usage violation in certificate has been detected. Could not connect to server

Your configuration settings are something like this :

  • Protocol: FTP – File Transfer Protocol
  • Encryption: Require explicit FTP over TLS

The problem is with self signed certificate on server side. This is a problem with the certificate generation of Microsoft IIS, as it does not allow the certificates to be used for digital signatures.

How to generate a valid certificate with IIS

This is a server-side issue, and it did not appear previously because earlier versions of FileZilla shipped with a GnuTLS version that didn’t make this check.

Quoting Tim Kosse’s post in the FileZilla forum thread:

In any case, the problem is with your server’s X.509 certificate chain: Either the server certificate itself or another certificate in the chain has a key usage restriction that is violated. For example a certificate with a key usage restriction to signing cannot be used to authenticate TLS connections. See section 4.2.1.3 of RFC 5280.

This is a problem with the certificate generation of Microsoft IIS (but may also happen if you incorrectly generated a certificate with another method), as it does not allow the certificates to be used for digital signatures. OpenSSL is much more relaxed about this and won’t fail because of it, so it may work with other apps.

On the client side, you can either disable TLS, downgrade to an earlier version of FileZilla (neither of these is recommended due to potential security risks), or use a different client which uses another library such as OpenSSL for now.

How to generate a valid certificate with IIS

This needs to be done on the server side, Yobviously.you can generate the certificate with PowerShell instead until the issue is fixed by Microsoft. Open PowerShell in admin mode.

The following powershell command will create our self-signed certificate for our binding and store it in the Personal Store (Note how I also store a reference to the certificate in a variable called $cert this will be needed further on):

$binding = "192.168.1.70"
$cert = New-SelfSignedCertificate -DnsName "$binding" -CertStoreLocation "cert:\LocalMachine\My"

However, this is not enough to make the certificate work for HTTPS in our browser. We need to add our newly created certificate to the Trusted Root Certificate store. To do this we take our $cert variable which references our created certificate and add it to our Trusted Root Certificate store like so:

$DestStore = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"localmachine")
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$DestStore.Close()

Now you have to set the new certicate on your ftp site using IIS Admin.