Categories
Server Software Windows

Upgrade Windows edition with Dism

Have you downloaded the Evaluation ISO and want to make it real? Not a problem with Dism.

# Get current edition
C:\>Dism.exe /online /Get-CurrentEdition

# Get editions that you can upgrade to
C:\>Dism.exe /online /Get-TargetEditions

# Upgrade to desired edition
C:\>Dism.exe /online /Set-Edition:ServerStandard /AcceptEula /ProductKey:C3RCX-M6NRP-6CXC9-TW2F2-4RHYD

The above key is for Server 2016 Standard AVMA activation. You can find more keys for that here if you have Datacenter on your host.

Dism documentation: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-windows-edition-servicing-command-line-options

Categories
Server Software Ubuntu

Upgrade Landscape On Premises to 19.10

Another release goes by and I wanted to write a short one about upgrading this time. Be sure to have the latest Ubuntu update – when i write this that would be 18.04.3 LTS. And guys, always backup first!

sudo add-apt-repository -u ppa:landscape/19.10
sudo apt-get update
sudo apt-get dist-upgrade

Refresh your Landscape site when done and see the new version. If you want to clean up the old one run this (but not necessary).

sudo add-apt-repository --remove ppa:landscape/19.01

I wrote about installing Landscape here. And you can find the Landscape documentation here.

Categories
Network Software Web Windows

Update FreeDNS with PowerShell and Task Scheduler

After my long loved Raspberry Pi died I needed a new way to update a dynamic DNS. I recently discovered the Invoke-WebRequest cmdlet that lets you send an HTTP(S) request and parse pretty much whatever you get in return. My use for this is to keep a site-to-site VPN to my lab up and running.

# Change Path to desired log location and Uri to your Direct or Token URL from FreeDNS
$LogPath = "C:\Scripts\Update-FreeDNS.log"
$Uri = "http://sync.afraid.org/u/your_token/"

# No need to change this
Add-Content -Path $LogPath -Value "$(Get-Date) $(Invoke-WebRequest -Uri $Uri)"

Your log file will look something like this

11/13/2019 18:00:03 No IP change detected for your.dyn.dns with IP 28.100.14.108, skipping update
11/13/2019 19:00:03 No IP change detected for your.dyn.dns with IP 28.100.14.108, skipping update
11/13/2019 20:00:03 No IP change detected for your.dyn.dns with IP 28.100.14.108, skipping update

Save these files to somewhere that makes sense, for example C:\Scripts.

  • Open Task Scheduler select Task Scheduler Library to the left and click Create Task to the right
  • Name your task “Update-FreeDNS” or something else explaining
  • You have to check “Run whether user is logged on or not” so if you do not want your credentials to be saved, create a new user and change to that
  • On the trigger tab you can create a schedule that suits your needs. I use every hour, but this is totally up to you
  • Under actions click New and paste the following
Program/scripts: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments: "C:\Scripts\Update-FreeDNS.ps1"
  • At this point you are finished with the necessities, but feel free to click around to see if you need any more options
  • OK out and you will be asked for your password
  • Run the task on demand and see the result in the log file

As always, ask if anything is unclear.

Categories
Server Software Windows

How to safely clean up WinSxS

Windows Update may in some occasions not automatically clean up after it self. The fastest and safest way to do so is to run the following.

C:\>Dism.exe /online /Cleanup-Image /StartComponentCleanup

For more options and documentation you can read the source here;
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder

Categories
Server Software Windows

Server Manager in Windows Server Core

Just because I find my self googling this every other week I have to make a short post about it.

To launch Server Manager, simply log in and type

C:\>sconfig
Categories
Hardware Network Software Sophos

Sophos UTM

Yes! I have been looking forward to this one. In the following weeks I intend to publish a series of informative guides on Sophos UTM. My experience with XG is limited, but I have over five years of everyday configuration of the UTM.

My latest buy for the lab is a Sophos SG 330 which I plan to get working with a Home License. Lets see how it goes.

To be continued…

I have attached the brochures for anyone to see here, great read. 

Sophos SG Rev. 1

Sophos SG Rev. 2

Sophos SG Rev. 3

Sophos XG Rev. 3

Categories
Network Software

Using the UniFi line as wlan controller part two

As I started to use the new setup, I realized more and more that I needed access to my lab (outside of plain rdp), especially with my laptop and phone. I tried several ways to solve this. Without any knowledge about the USG I had to try and error for some time before I found a reasonable solution.

The best option would be to make site-to-to IPsec to make use of all my old rules, but I could not get that working what ever I did. The USG still routed the traffic to the lab through wan and not through the tunnel. Anyway, next up was straight up static routes. Which is some what successful.

But, and this is a big one. Since the UniFi Controller does not expose any NAT rules in the UI there is no way (yes there is) to disable masquerading whenever an packet is leaving the wan interface. I have read by now that there are ways to manually add rules, but I feel that is for next time.

I read up on this article about how the firewall in the USG works (IN/OUT/LOCAL) and made all the necessary rules and finished with a deny rule for the rest. At the lab end there is simply an allow rule from the USG’s address. I found posts from Ubnt officials from back i 2017 saying NAT will be exposed in the Controller any time. We’ll see. For now this is OK.

Please feel free if there is anything I should do differently about this setup (or anything else).

Categories
Software Ubuntu Web

Install Nginx Proxy Manager (npm)

As my self struggled to solve this, I shall help others.

Nginx Proxy Manager is a genius and powerful GUI to manage Nginx. It helps you create Proxy servers, redirects and certificates and control these options very smoothly.

I started with a plain install of Ubuntu Server 18.04 LTS and selected Docker under the install. The following code will help you get all the software up to speed and clean up afterwords.

sudo -s
apt update
apt upgrade
reboot
sudo -s
apt autoremove

Then it is time for NPM.

sudo -s
mkdir npm
cd npm

At this point I know you can to do clone/pull from Git, but I was eager to run this tool with the knowledge I had in the fastest possible way. With that, I used the example files and got going.

touch config.json
touch docker-compose.yml

Your npm-folder should look like this.

root@docker:~/npm# ls
config.json docker-compose.yml

Edit these settings to you liking (or don’t) and paste them in accordingly.

config.json

{
  "database": {
    "engine": "mysql",
    "host": "db",
    "name": "npm",
    "user": "npm",
    "password": "npm",
    "port": 3306
  }
}

docker-compose.yml

version: "3"
services:
  app:
    image: jc21/nginx-proxy-manager:latest
    restart: always
    ports:
      - 80:80
      - 81:81
      - 443:443
    volumes:
      - ./config.json:/app/config/production.json
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db
    environment:
    # if you want pretty colors in your docker logs:
    - FORCE_COLOR=1
  db:
    image: mariadb:latest
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: "npm"
      MYSQL_DATABASE: "npm"
      MYSQL_USER: "npm"
      MYSQL_PASSWORD: "npm"
    volumes:
      - ./data/mysql:/var/lib/mysql

While still in the directory run docker-compose to download and build the container.

docker-compose up -d

After a minute or two you should have a fully working manager for Nginx. Find your login at http://ip.or.name:81.

Default admin is
un: admin@example.com
pw: changeme

Please go read more at the developers site – https://github.com/jc21/nginx-proxy-manager – all credit goes to him.

Categories
Hardware Network

Using the UniFi line as wlan controller

Ever since IoT started to be a thing it has eaten up my IPs from the free 50 of the Sophos UTM Home license. Since I am currently some what invested in its features going away from the UTM is not an option at this time.

After some back and forth I decided to use an old trick – NAT. Simply put a new firewall behind a dedicated NIC on the UTM. Very few or non of my devices actually needs to talk to my lab, so all the traffic is then routed to WAN.

What I bought?

  • USG-PRO-4
  • UAP-NANOHD

The UniFi controller is deployed on an Ubuntu 16.04 VM with thisĀ install script. The reason for 16.04 LTS is because that is the last version SCVMM 2012 R2 will recognize. I have successfully deployed 18.04 too, but it is not known to the VMM.

To be continued.

Categories
Server Software Ubuntu

Landscape 18.03 on Ubuntu 16.04 LTS

You can read how to upgrade your older installation here.

Install on-prem and add clients

install landscape-server

Before installing anything. Be sure to check /etc/hosts and correct your FQDN to what ever you want it to answer to. User only lower cases, or Lanscape may give errors.

sudo add-apt-repository ppa:landscape/18.03
sudo apt-get update
sudo apt-get install landscape-server-quickstart

install landscape-clients

sudo apt-get update
sudo apt-get install landscape-client

install cert

To install on other computers, it needs to trust the serve. Add the certificate to allow this.

sudo scp user@landscape:/etc/ssl/certs/landscape_server_ca.crt /etc/landscape/server.pem

sudo nano /etc/landscape/client.conf
ssl_public_key = /etc/landscape/server.pem

register client

The last line will guide you through the registration.

sudo landscape-config --computer-title "webserver" --account-name standalone --url https://landscape.agurk.net/message-system --ping-url http://landscape.agurk.net/ping

The last step is to accept the registrations in https://landscape

https://help.landscape.canonical.com/
https://help.landscape.canonical.com/LDS/QuickstartDeployment18.03