travis' brain dump

Tech Stuff

Searching Certificates with certutil.exe

by on Apr.08, 2021, under Tech Stuff

Dropping this one here for future reference…

I had a coworker ping me this morning asking to find a certificate using certutil.exe and the Issued Common Name. It took me longer than I’d prefer to remember how to do that so I’m posting it here for use later. 😀

certutil -view -restrict ‘CommonName=

You know, because this one WILL come back at me in short order. lol

Leave a Comment more...

Import DNS Files to Azure DNS

by on Jul.23, 2020, under Tech Stuff

Because I literally forgot how to do this and had to look it up and don’t want to suffer through a long MSFT document again in the future….

Super short version FTW:

  • Setup a new DNS zone in Azure. This is pretty easy, but in case you need it: https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
  • Gather your dns file…
    • Windows – C:\Windows\System32\dns
    • Bind – Wherever you specified to drop those things for named to pick up (usually somewhere in /etc/namedb/ or /usr/local/etc/namedb/)
  • Mod the file and pull out the NS records. Import doesn’t seem to like these despite what the doc’s say. 🙂
  • Start Azure CLI (Cloudshell/Bash). If you don’t know how to use this, check this link: https://docs.microsoft.com/en-us/azure/cloud-shell/overview
  • Upload your .dns file using the CloudShell console. I suggest you move the file into a working directory if you’d like to store it for later.
  • Execute Order 66… err… this command:
    • az network dns zone import -g domain-services -n domain.net -f domain.net.dns
  • Profit

You should see a message along the lines of ‘== 41/41 RECORDS IMPORTED SUCCESSFULLY: ‘domain.net’ ==’ when completed, however you may want to go in and recheck the import and maybe make a few mods to any records you want to modify TTLs on, etc. Any TTLs not explicitly defined will set to 3600 so make sure to cleanup what you need, where you need.

Leave a Comment more...

Retrieving iLO License Keys from iLO

by on Jun.26, 2020, under Tech Stuff

So, you want record that iLO key that you forgot to write down previously, right?

No problem.

  • Venture to https://support.hpe.com/hpesc/public/home and search for “HP Lights-Out Configuration Utility” and download the latest version.
  • Once downloaded & installed, you can find it under C:\Program Files (x86)\Hewlett Packard Enterprise\HP Lights-Out Configuration Utility.
  • Open your choice of text editors and paste the following into the file:
    <RIBCL VERSION=”2.0″>
    <LOGIN USER_LOGIN=”adminname” PASSWORD=”password”>
    <RIB_INFO MODE=”read”>
    <GET_ALL_LICENSES/>
    </RIB_INFO>
    </LOGIN>
    </RIBCL>
  • You can choose to edit the admin name & password here or pass it on the command line (which I will outline shortly). Save the file as ‘getlicenses.xml’ and close the file.
  • From a command prompt, navigate to the installation folder for the HPLOCU and execute the following:
    • .\HPQLOCFG.exe -s ip.of.ilo.srv -l .\logoutput.txt -f .\getlicenses.xml -u Administrator -p AdminPassword
  • You should receive an output similar to this:

 

 

Leave a Comment more...

Skype For Business: Invalid incoming HTTPS certificate

by on Dec.15, 2018, under Tech Stuff

Skype for Business Front End Server
Event ID 32042 – LS User Services – Invalid incoming HTTPS Certificate

I ran into this issue recently when someone thought it’d be cute to have the intermediate and root certs for a domain sitting in the same container (Trusted Root Certification Authorities). There’s a reason we have different containers folks. 🙂

Needless to say I was not amused after wasting an hour or so trying to figure out just why this error kept popping up in my event logs and the FE services wouldn’t come up. The worst part? I’d looked at the certificate objects and because these two certs looked almost identical in name, I missed them entirely during my search. 

So after doing a little digging around, I was pointed back towards a problem with a chain. There were a few examples of some Powershell to accomplish what I needed, but I liked this one the best. It allowed for me to see the list of my offenders easily. 

Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} |fl FriendlyName,Subject,Issuer

Once run, any certificate listed is going to be a cert you need to take a look at. You’ll most likely either move these certificates to the Intermediate or Personal containers. Just be careful where you move stuff so you don’t create new problems for yourself. 

Hopefully you can save yourself some time by having this handy. 

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!