No "Continue To This Website" Option On HTTPS Site

I recently had an issue with an internal website with no certificate. When trying to access the site via IE10 I was not being given an option to "Continue to this website". This was due to a change Microsoft made blocking the use of RSA certificates with keys less than 1024 bits long.

Microsoft's Security Advisory bulletin can be found here: https://support.microsoft.com/en-us/kb/2661254

To fix this, run CMD as administrator and submit the following command;

certutil -setreg chain\MinRSAPubKeyBitLength 512

Then refresh the page. The "Continue to this website" option should be available again.

AWS RedShift Cluster Can Only Be Launched In Default VPC

When trying to launch a RedShift cluster in AWS I found I was only able to select the default VPC - unfortunately not the VPC that my Production workloads were running in.

In order to allow the creation of RedShift clusters in VPCs other than your default you need to create a new Cluster Subnet Group. To do this follow the steps below;

1. Login to AWS console and select RedShift
2. In the RedShift console go to "Security" and select "Subnet Groups" from the tabs at the top
3. Click "Create Cluster Subnet Group"
4. Give the group a name and description and pick the VPC you want to run the Cluster in. Then choose your Subnet IDs from the Availability Zones available.
5. Click "Create". Now when you try to launch a RedShift cluster you will be able to choose the VPC you want to run the Cluster in, and your newly created Subnet Group.

Accessing Shares: "The account is not authorized to login from this station"

When trying to connect to an admin share (\\Servername\D$) I was seeing the error "The account is not authorized to login from this station"

This is due to an issue with SMB signing policies and can easily be fixed by ensuring the following keys have parameters as below;

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters

enablesecuritysignature = 1
requiresecuritysignature = 0 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

enablesecuritysignature = 1
requiresecuritysignature = 0 

In my case, I found that one of the lanmanworkstation keys did not match. After changing this I could access the admin share

Terminal Server Sessions Disabled

I ran into a couple of issues recently where I was no longer able to RDP onto a server. Whenever I tried to login I received an error "Terminal Server Sessions Disabled: Remote logins are currently disabled".

To fix this I opened up regedit, connected to the server in question by using the "Connect Network Registry" option (under "File" in regedit) and browsed to the following key;

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\WinStationsDisabled

This was set to 1. I changed this to 0 and was able to login again.

Backup and Restore ESXi Host Configuration Data Using PowerCLI

To back up the configuration data for an ESXi host using the vSphere PowerCLI, run the command:

Get-VMHostFirmware -VMHost "ESXi_host_IP" -BackupConfiguration -DestinationPath "location"

To restore the data to an ESXi Host the build number of the new host must match the build number of the host that created the backup file. Then;

1. Put the new host into maintenance mode;

Set-VMHost -VMHost "ip" -State "Maintenance"

2. Restore the configuration;

Set-VMHostFirmware -VMHost "ip" -Restore -SourcePath "location of file from backup operation" -HostUser "username" -HostPassword "password"

3. Exit maintenance mode;

Set-VMHost -VMHost "ip" -State "Connected"

Where are my FSMO roles?

The easy way to query which servers hold your FSMO roles is to open a command prompt and type;

NetDOM /query FSMO

This should return a list of each role and the server holding it.

PowerCLI - Generating A Network Configuration Report

I needed to generate a report from my vSphere environment to detail the network configurations of my various Hosts including the DataCenter and Cluster that the Hosts belong to, as well as vSwitch configs, any active and standby NICs that were assigned, port group name, VLAN ID, device type (ie vmk port) and any IP assigned. I also wanted to export this information to CSV.

I did this is two parts.

1. Host to Cluster and DataCenter;

Get-VMHost | Select Name, @{N=”Cluster”;E={Get-Cluster -VMHost $_}},@{N=”Datacenter”;E={Get-Datacenter -VMHost $_}} | Export-csv c:\temp\inventory.csv

2. Network configuration info;

&{foreach($esx in Get-VMHost){
    $vNicTab = @{}
    $esx.ExtensionData.Config.Network.Vnic | %{
        $vNicTab.Add($_.Portgroup,$_)
    }
    foreach($vsw in (Get-VirtualSwitch -VMHost $esx)){
        foreach($pg in (Get-VirtualPortGroup -VirtualSwitch $vsw)){
            Select -InputObject $pg -Property @{N="ESX";E={$esx.name}},
                @{N="vSwitch";E={$vsw.Name}},
                @{N="Active NIC";E={[string]::Join(',',$vsw.ExtensionData.Spec.Policy.NicTeaming.NicOrder.ActiveNic)}},
                @{N="Standby NIC";E={[string]::Join(',',$vsw.ExtensionData.Spec.Policy.NicTeaming.NicOrder.StandbyNic)}},
                @{N="Portgroup";E={$pg.Name}},
                @{N="VLAN";E={$pg.VLanId}},
                @{N="Device";E={if($vNicTab.ContainsKey($pg.Name)){$vNicTab[$pg.Name].Device}}},
                @{N="IP";E={if($vNicTab.ContainsKey($pg.Name)){$vNicTab[$pg.Name].Spec.Ip.IpAddress}}}
        }
    }
}} | Export-Csv "c:\temp\report.csv" -NoTypeInformation -UseCulture