Archive for August, 2011

Unfortunately there is no way to update a server name in a Coyote Point Equalizer through the GUI without deleting and recreating the server. However these changes can be made manually in the eq.conf file.

1. Login to your CP Equalizer device via SSH

2. Switch to the root user:
su root

3. Make a backup of the live configuration file in a temporary location:
cp /var/eq/eq.conf /var/tmp/eq.conf.bak

4. Create a second copy of this backup so we can edit it:
cp /var/tmp/eq.conf.bak /var/tmp/eq.conf

5. Edit the copy with vi:
vi /var/tmp/eq.conf

6. Either manually update each occurance or do a mass search and replace using the following command in vi:
:%s/OldServerName/NewServerName/g

7. Save the file and exit vi. Then confirm there are no syntax errors in the updated configuration file:
parse_config -i /var/tmp/eq.conf

8. Enter the following commands to update the configuration file and force an update:
cp /var/tmp/eq.conf /var/eq/eq.conf
shadow /var/eq/eq.conf

9. Log into the web interface and confirm your changes were successful.

First you will need to create a .pem file which contains your key, certificate, and any intermediate/root certificates.

1. Open your preferred text editor and copy/paste your certificates in the following order:
Private key
SSL for your domain
Intermediate
Root

The format of your .pem file should look like this:

—–BEGIN RSA PRIVATE KEY—–
Private Key
—–END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
SSL for your domain
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Intermediate Certificate
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Root Certificate
—–END CERTIFICATE—–

Note: If your certificate is in PFX format you will need to split this into the separate certificate and key files. Search for a PFX splitter if needed as there are many tools out there for this.

2. Save your file with a .pem extension.

3. Login to the Coyote Point web interface and select the specific HTTPS cluster on the left.

4. Click the Security tab.

5. Browse to the .pem file created earlier and then click the upload button.

6. Here you should see the details for all certificates in the .pem file. Make sure you see the actual SSL for your domain along with any intermediate/root certificates.

7. Scroll down to the bottom of this window and hit continue.

8. Make sure to test the HTTPS connection to confirm the certificate is working properly.

This is a quick example of how to automate a FTP task with a batch file. WinSCP allows you to utilize a script file with your connection details and commands, which makes things very easy.

Save the following details into “myscript.txt”:

# Answer all prompts negatively so the script
#does not stall on error
option batch on
# Disable overwrite confirmations
option confirm off
# Connect using a password
open ftp://myftpusername:mypassword@127.0.0.1:21
# Upload files
put C:\mydirectory

Make sure to update these values appropriately:
myftpusername = FTP username
mypassword = FTP user’s password
127.0.0.1 = IP or hostname of machine you are connecting to
C:\mydirectory = directory you wish to copy to the home directory of your FTP user

Then the following can be placed in a .bat file to execute the upload above:

C:\Program Files\WinSCP\winscp.exe /console /script=myscript.txt

Note you may need to update the path to the WinSCP executable or the myscript.txt file depending on your installation.

After installing Cyberghost VPN on a Windows 7 machine I was unable to launch the application. The following error was returned each time:
There is a problem with your Cyberghost VPN Installation. Should Cyberghost try to solve the problem automatically?

After choosing yes the application still failed to launch. I was able to resolve the issue by following these steps:

1. Open up Device Manager:
Start -> Control Panel -> System -> Device Manager

2. Scroll down to Network adapters and expand it.

3. Here I had three different “TAP-Win32 Adapter” instances each with a different V#. Right click each one and choose Uninstall.

4. Install OpenVPN which will install the appropriate TAP-Win32 driver. This can be downloaded here.

5. Now there will only be one instance of “TAP-Win32 Adapter” under Network Adapters and you should be able to launch Cyberghost without error.

First create a new Windows user which will have access to the directory. If this user already exists, skip to step #5.

1. Open Server Manager by clicking Start -> Administrative Tools -> Server Manager

2. Expand Configuration -> Local Users and Groups

3. Right click Users and select New User.

4. Enter the desired user name and password. Make sure to uncheck “User must change password at next logon” and check both options for “User cannot change password” and “Password never expires”.

5. Open IIS Manager by clicking Start -> Administrative Tools -> Internet Information Services (IIS) Manager

6. Expand the server name in IIS then Sites. Expand the site in question and select the directory you are looking to secure.

7. Double click “Authenticaton” under the IIS heading on the right. If you do not see this, make sure you “Features view” is selected at the bottom of IIS.

8. Right click “Anonymous Authentication” and choose Disable.

9. Right click on “Windows Authentication” and choose Enable.

By default the new user we created will be a member of the “Users” group and this group has access to the directory we are securing. However if you want to limit this access to a select user(s) instead of all users on your server, follow the extra steps below.

1. Right click the directory again on the left side of IIS and choose Edit Permissions.

2. Click the Security tab and then click Advanced.

3. Click Change Permissions

4. Select the Users group and choose Remove

5. Click Add -> Advanced -> Find Now to browse for the new user

6. Click OK until all dialogue boxes are closed

I needed to enable PAE across a large number of servers, some running Server 2003 and some on 2008. Luckily these were part of an Active Directory domain so scripting the update did not require login details for each individual server.

The following batch file will loop through “servers.txt” and enable PAE on each one. Make sure to create the “servers.txt” file with the list of IPs or hostnames one per line. This utilizes psexec so if you need to download this it can be found here.


FOR /F %%i IN (servers.txt) DO (
::Enable PAE on Server 2003:
psexec \\%%i bootcfg /raw "/pae" /A /ID 1
::Enable PAE on Server 2008:
psexec \\%%i Bcdedit /set PAE forceenable
)

If this needs to be enabled on a small number of servers it can be done by running the appropriate command above in a command prompt.

Server 2003:
bootcfg /raw “/pae” /A /ID 1

Server 2008:
Bcdedit /set PAE forceenable

By default IIS will listen for connections on port 80 for any IP bound to the server. This happens even if there are no host headers or bindings set for a specific IP. This can be a problem when trying to run multiple web servers on port 80.

To set IIS to listen on specific IPs follow the instructions below.

Windows Server 2003/IIS 6:

1. This requires the Server 2003 support tools. If this is not already installed it can be downloaded here.

2. Once installed open a command prompt and navigate to the support tools installation folder (default is C:\Program Files\Support Tools).
cd C:\Program Files\Support Tools

3. Stop http.
net stop http /y

4. Use this command to display the current list of IPs:
httpcfg query iplisten

5. By default it will listen on all IPs (0.0.0.0) so we can remove this.
httpcfg delete iplisten -i 0.0.0.0

6. Specify the IP(s) that IIS should listen on. Make sure to update 127.0.0.1 to the desired IP and run the command for each IP IIS should listen on.
httpcfg set iplisten -i 127.0.0.1

7. Start http and test out your sites.
net start http

Windows Server 2008/IIS 7:

1. Open a command prompt and type “netsh”.
netsh

2. Type “http”.
http

3. Enter the following command to display the current list of IPs to listen on. Note if no IPs are displayed like in the below image, IIS will listen on all IPs (default).
show iplisten

4. Use the command below to set IIS to listen on a specific IP. Make sure to replace 127.0.0.1 with the correct IP and run the command again for any additional addresses.
add iplisten ipaddress=127.0.0.1

5. In case you need to delete an IP from this list, use the following command.
delete iplisten ipaddress=127.0.0.1

6. Restart IIS to apply these changes.
iisreset