Find VPN Log Unifi USG

Ubiquiti kit is great, and Unifi is by far the best value for money WiFi kit out there. However once you get beneath the beautifully crafted UI and you’ll soon struggle to find CLI info and configuration help.

Yow to find your VPN log Unifi

SSH into your USG, using your site specified SSH credentials, or if you have never set any, then ubnt/ubnt.

Then simply type:
show vpn log

or:
cat /var/log/charon.log | tail -n 100

Simple.

Block users from logging on to an RDS Server [SOLVED]

Do you need to block users from logging on to an RDS Server

Problem:
You are updating an RDS server, or an application on the RDS server, but another users process is stopping your install. You need to stop access to other users to the RDS server but still be able to work on it yourself. but how?

Solution:
Open up administrative CMD
Change Logon /Disable
Then log all other users off using Task manager (users tab)

And when you are finished simply revert:
Change Logon /Enable

Sorted.

Install Kali tools on Debian

So you have a fresh install of Debian? You want to be able to install kali tools on your new setup, or at least some of them?

Enter Katoolin:

sudo su
apt install python-pip
git clone https://github.com/LionSec/katoolin.git && cp katoolin/katoolin.py /usr/bin/katoolin
chmod +x /usr/bin/katoolin
sudo katoolin
Then either select which tools you wish to install, or press 0 to install them all.

Simple.

Remote Web Workspace not working [Solved]

Remote Web Workspace breaks. Alot.

In all versions of SBS (now end of life) Microsoft graced us with the ability for remote users to remote into the server to then hop accross to their own PC’s via RDP.

This was great in theory, and worked for a while, until updated servers broke this feature. The root cause was an update to .net framework, starting at version 4.5.1 which included memory checking to make sure you have at least 5% free memory.

Ok, so why the issues. Well anyone who knows Exchange, knows that the information store will use as much free memory as possible – which in turn often caused the Remote desktop Gateway service to crash, due to not having 5% free memory.

Here is the quick fix if you only have 5 mins;

– Restart the MS Exchange information store,
– Then restart/start the Remote Desktop Gateway Service

Here is the proper fix:

– Run adsiedit.msc
– Connect to: Select a well known Naming Context : [Configuration]
– Expand the following:
Configuration\Services\Microsoft Exchange\ (First Organization) \Administrative Groups\ (Exchange Administrative Group) \Servers\ (Server Name)
– Right click on CN=Information Store and click properties
– Update the values of msExchESEParamCacheSizeMin and msExchESEParamCacheSizeMax to something below 94% of your servers max ram capacity – i is in KB’s divided by a 32byte page so…

Basic maths is ==> Target Cache Size in GB = (# * 1024 * 1024) / 32

There is an excellent table over at meridian.ws which is much easier than doing the maths:
http://meridian.ws/wordpress/?p=239

Posted in

Adobe reader on Server 2016

Adobe have been rather silent recently when it comes to running reader on server 2016

Adobe reader is used by many professions, and in many capacities. It used to be one of the most commonly installed applications on business PC’s by anyone in any sector. However, Server 2016 is not supported.

https://helpx.adobe.com/reader/system-requirements.html

This makes it a nightmare for modern portable apps, RDS servers(Terminal servers) or even just file servers.

So there is a work around, however it is not recommended. The best fix for this is to scrap Adobe, and move to one off the other large PDF Vendors out there to cater to your PDF viewing needs.

Three that i have personally verified as working and are supported on server 2016 are:

  • Nitro Pro
  • Abby PDF reader
  • TinyPDF

There will however be a small percentage of us admins or superusers, that have to get this Adobe based software working.

Workaround to get Adobe reader on Server 2016

Start by using the latest installer for Windows 10,
Once installed, you may find that it will work for a while, but eventually as it updates you will no longer be able to open PDF documents using it.
To get around this you have to unfortunately turn off protected mode.

Now, i shouldn’t really need to preface this, but i will. This is not supported, nor recommended – Reader has a protected mode for a reason, disabling it is opening you to all sorts of vulnerabilities.

If you do wish to continue, open up Adobe Reader – go into Edit –> Preferences –> Security (enhanced) –>

Turn Protected mode off, and untick ‘ Enable protected mode at startup’

If you like I could not even get to the preferences panel in order to change these settings then all you need to do is open adobe reader by accessing via compatibility mode. Set this as XP (which itself does not support protected mode) – then change settings, and then change compatibility mode back off.

Let me know in the comments if this has helped you.

Get rid of the “Updates are available” pop-up

The Updates are available popup is the source of much irritation for anyone remotely administering windows 10, Server 2012 and server 2016

To get around this popup – which lets face it, is just downright inconvenient; we need to stop the exe file that produces this window from running. Code below, with comments preceded by a #

Run command prompt as administrator (elevated) and enter these commands:

#change directory to system32
cd /d "%Windir%\System32"

#Take over permissions owner to current admin
takeown /f musnotification.exe

#Change permissions to deny anyone/system running from it
icacls musnotification.exe /deny Everyone:(X)

#Take over permissions owner to current admin
takeown /f musnotificationux.exe

#Change permissions to deny anyone/system running from it
icacls musnotificationux.exe /deny Everyone:(X)

You will see form the above, that there are two processes ‘musnotificationux.exe’ and ‘musnotification.exe’ that are responsible for querying updates and notifying the end user. The great part of this fix, is that it will not interfere with any update processes themselves, just the notifications. So have no fear – updates will still continue to function as normal, just now without this troublesome pop-up.

Recover or reset PFSense Admin password

I’ll keep this post short and sweet, you have lost your PFsense firewall/router Admin login password and need back in. Quick.

There are two options available to you:

To reset PFSense Admin password

Plug a monitor and keyboard into the PFSense appliance/server or connect to console
You can then select ‘Option 3) to reset the webGUI password.

Should this fail, or you have set an admin password to even get this far, then follow below;

1, Reboot appliance
2, Select boot option for ‘Single User Mode’
3, Hit enter to start /bin/sh
3, run mount -a -t ufs
4, run /etc/rc.initial.password and follow the prompts to reset password
5, reboot /sbin/reboot

Depending on what version o PFSense you are using, you will have just specified the new password, or if you did not have that option, then it will have reset to the PFSense default password of: Admin | pfsense

Let me know in the comments if this helped you or was useful to you in any way!

WordPress redirect loop when using CloudFlare – err_too_many_redirects [Solved]

As a wordpress user, or hosting admin i’m sure you have seen it before – the dreaded err_too_many_redirects page.

This is caused by a number of issues, including:

  • Domain name change
  • Changing SSL certificate
  • Incorrect URL configuration
  • Server misconfiguration
  • .htaccess errors
  • Cookie issues
  • Reverse proxy issues
  • HTTPS issues
  • Plugin malfunctions
  • Bad WordPress upgrades
  • Server file permission issues
  • The list goes on, but you get the message…

There are countless reasons that could cause this error, and most of them are easily fixable with a quick google. However Yesterday i came across a new one.

WordPress, Cloudflare & Shared Hosting

If you came here for the Solution here it is:

Edit your wp-config.php file and at the bottom add:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

So what causes this?

Well, in this case it was a combination of things, this is very specific to three things in this environment. 1) Shared Hosting. 2)No root SSL Certificate. 3)CloudFlare ‘Always use HTTPS’ settings.

After taking a step back and working out the basics of what i had, and why other ‘fixes’ that usually work, weren’t- i realised what i had here, was a simply reverse proxy. That is, that where the files are hosted without SSL, but the reverse proxy (in this case CloudFlare) was using SSL.

Finally, i found this nugget in the WordPress Codex:
https://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy

And it all clicked.

“If WordPress is hosted behind a reverse proxy that provides SSL, but is hosted itself without SSL, these options will initially send any requests into an infinite redirect loop.

And that is why we need to tell wordpress to force SSL to prevent this WordPress redirect loop when using CloudFlare.

Hope that someone finds this helpful!

DMARC with quotes or without? [SOLVED]

Does my DMARC record need to include quotation marks or not?

9/10 times, no quotes are needed.

However, this all depends on where you edit your DNS.

In the raw DNS zone file, which is what is passed from machine to machine, the .txt record DOES need to be enclosed in quotation marks if it contains spaces. It is unlikely that your domain/DNS provider however will give you direct edit access to this, and instead will be providing their own interface to edit entries with pre-built in quotation marks. Exceptions to this can be found when directly editing via CLI at the root of a server, or when using the raw edit mode on WHM.

For example, Cloudflare will automatically wrap any string of text in a .TXT record in quotes for you, and remove extra quotes you may add,

namesco however will not automatically remove extra quotations to their already provided ones – which could lead to double quotations, and issues further down the line.

It pretty much boils down to your provider, it is best to have a quick skim of their DNS Q&A section – or to test by trial and error!

My favorite testing site is currently https://mxtoolbox.com/DMARC.aspx