Posted on

Error from Filezilla Client to Microsoft IIS FTP Server

When you connect to ftp server create with Microsoft IIS using Filezilla Client you should have this error

GnuTLS error -48: Key usage violation in certificate has been detected. Could not connect to server

Your configuration settings are something like this :

  • Protocol: FTP – File Transfer Protocol
  • Encryption: Require explicit FTP over TLS

The problem is with self signed certificate on server side. This is a problem with the certificate generation of Microsoft IIS, as it does not allow the certificates to be used for digital signatures.

How to generate a valid certificate with IIS

This is a server-side issue, and it did not appear previously because earlier versions of FileZilla shipped with a GnuTLS version that didn’t make this check.

Quoting Tim Kosse’s post in the FileZilla forum thread:

In any case, the problem is with your server’s X.509 certificate chain: Either the server certificate itself or another certificate in the chain has a key usage restriction that is violated. For example a certificate with a key usage restriction to signing cannot be used to authenticate TLS connections. See section 4.2.1.3 of RFC 5280.

This is a problem with the certificate generation of Microsoft IIS (but may also happen if you incorrectly generated a certificate with another method), as it does not allow the certificates to be used for digital signatures. OpenSSL is much more relaxed about this and won’t fail because of it, so it may work with other apps.

On the client side, you can either disable TLS, downgrade to an earlier version of FileZilla (neither of these is recommended due to potential security risks), or use a different client which uses another library such as OpenSSL for now.

How to generate a valid certificate with IIS

This needs to be done on the server side, Yobviously.you can generate the certificate with PowerShell instead until the issue is fixed by Microsoft. Open PowerShell in admin mode.

The following powershell command will create our self-signed certificate for our binding and store it in the Personal Store (Note how I also store a reference to the certificate in a variable called $cert this will be needed further on):

$binding = "192.168.1.70"
$cert = New-SelfSignedCertificate -DnsName "$binding" -CertStoreLocation "cert:\LocalMachine\My"

However, this is not enough to make the certificate work for HTTPS in our browser. We need to add our newly created certificate to the Trusted Root Certificate store. To do this we take our $cert variable which references our created certificate and add it to our Trusted Root Certificate store like so:

$DestStore = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"localmachine")
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$DestStore.Close()

Now you have to set the new certicate on your ftp site using IIS Admin.

Posted on

Microsoft Store doesn’t exist

You need reinstall Store. Type PowerShell in Start Search, right click to Run as Administrator, copy the following code and paste it into , press Enter:

PowerShell -ExecutionPolicy Unrestricted -Command "& {$manifest = (Get-AppxPackage *WindowsStore*).InstallLocation + '\AppxManifest.xml' ; Add-AppxPackage -DisableDevelopmentMode -Register $manifest}"

Restart the computer

Posted on

How to check the execution of Microsoft Agent Backup

To check the outcome of Microsoft Azure Backup execution we can take advantage of the fact that, if the backup fails, some events are generated.

Prepare script to send email

Copy and paste the following code in a new file and modify it with your data (mail server, user, password, messages).

$SMTPServer = "YOUR SMTP SERVER"
$SMTPPort = "25"
$Username = "USERNAME TO ACCESS SERVER"
$Password = "PASSWORD"

$to = "Email recipient"
# $cc = "cc email recipient"
$subject = "Error Backup MyServer"
$body = "backup failed"
# $attachment = ""

$message = New-Object System.Net.Mail.MailMessage
$message.subject = $subject
$message.body = $body
$message.to.add($to)
# $message.cc.add($cc)
$message.from = $username
# $message.attachments.add($attachment)

$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);
$smtp.send($message)
write-host "Mail Sent"

Save it as file with extension .ps1

Creating a new Task

  1. Open the Task Scheduler : Control Panel -> Administrative Tools -> Task Scheduler
  2. Right-click the “Task Scheduler Library” branch, and select the New Folder option.
  3. Type a name for the folder. For example, MyTasks.
  4. Expand the “Task Scheduler Library” branch, and select the MyTasks folder.
  5. Click the Action menu.
  6. Select the Create Task option.

Task to check Azure Backup

  1. In the Name field you can write something like “Check Micrososft Agent Backup”.
  2. Click the Triggers tab.
  3. Click the New button.
  4. Use the “Begin the task” drop-down menu to select “On a Event”
  5. Click custom option under the Settings section.

  1. Click the Edit Event Filter… button.
  2. Go the XML tab and at the bottom of the menu press the edit query manually button.
  3. Copy and paste the below XML and OK the changes.
<QueryList>
<Query Id="0" Path="CloudBackup">
<Select Path="CloudBackup">*[System[(Level=1 or Level=2) and (EventID=5 or EventID=10 or EventID=11 or EventID=12 or EventID=13 or EventID=14 or EventID=16 or EventID=18)]]</Select>
</Query>
</QueryList>
  1. Click the Actions tab.
  2. Click the New button.
  3. Browse on the previous powershel script
  4. Clicck OK to save the task

From now on, an email should be sent to you when the backup fails.

Posted on

prerequisites to access azure storage from powershell

azure

In order to use Microsofoft Azure Storage from PowerShell you need to Install the Azure PowerShell module.

Open power shell as Administrator.

Azure PowerShell requires PowerShell version 5.0. To check the version of PowerShell running on your machine, run the following command:

$PSVersionTable.PSVersion

Run the following command in an elevated session

Install-Module -Name AzureRM -AllowClobber