Archive for March, 2015

Somehow you have an old Windows domain with a new one and you need to map network shares using Windows 2012 R2 preferences?
You will not be able to do this if there’s a need for multiple shares from the same server according to Microsoft Security Policy.
To bypass this you will need to do the following:

1. Create an alias of the server in the DNS server record.

p.some.domain.com CNAME fileserver.some.domain.com
q.some.domain.com CNAME fileserver.some.domain.com

2. But that’s not all, the Server recognizes it’s an alias (it is not listening to alias), and you still cannot connect shares.
3. You will need to change the registry value on the fileserver and reb0ot it:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters

Value: DisableStrictNameChecking
Type: REG_DWORD
Radix: Decimal
Value: 1

4. Optionally there could be a situation where you need to set up the SPN for the Alias:

setspn -a host/alias fileserver
setspn -a host/alias.some.domain.com fileserver
Advertisements

Pain in the ass Microsoft… really?

If you want to migrate, connect, transfer, whatever to do between two domains there’s an captain obvious that says “create a trust”.

OK. If you want to create a trust between forests of Active Directory, you would just go to Active Directory Domains and Trust and create a trust… yea, but not with Microsoft.

Ok, stop shitty talk, I’ll just write how to do this:

1. If it is not working the problem accuratelly lies within the DNS configs.
2. For creating a relation between 2003 and 2012 the DNS’s must have a Conditional Forwarders configured.
3. For 2003 go to DNS > $domain > Properties > Forwarders > Add 2012 domain name and IP.
4. For 2012 go to DNS > Conditional Forwarders > New Conditional Forwarder > Add the 2003 domain name and IP.
5. Diagnose with nslookup is everything correct by typing on both servers like:

nslookup $domain2003 -type=ALL
nslookup $domain2012 -type=ALL

6. If everything is correct you can now create a trust.
7. Active Directory Domains And Trust > $domain2012 > Properties > Trusts > Add new trust.
8. Place a $domain2003 DNS name > Next > Forest trust > Transistive > Two-way *or not.
9. If you selected two-way it will automatically shown on the 2003 Server if placed correct credentials in the Trust Wizard tab.
10. You will try to validate these credentials on both servers to save the routing information and it will fail… Microsoft.
11. Just rebo0t both servers.
12. Done.

Register Internet Certifier
1. Launch the Domino Administrator client.
2. Configuration > Tools > Registration >Internet Certifier.
3. I want to register a new Internet certifier that uses the CA process.
4. Create Certifier Name.
5. Fill the fields, the mandatory is Common Name (regulary, Company Name should be here). OU, State, country are optional but remember that country is in code format (2 digits, eg. PL).
6. Choose Issued Certificate List and modify if you wish like, cert\MyCA.nsf.
7. Encrypt Certified ID with: Encrypt ID with Server ID and Require password to activate certifier.

> load ca
> tell adminp process all
> tell ca refresh
> tell ca activate
[password]
> tell ca stat

Create Certificate Request
1. File > Database > New.
2. Fill Title, Filename like “CertReqz” and “CertR.nsf”.
3. Show Advanced Templates and choose “Certificate Requests (6) like certreq.ntf.
4. Remember, template cannot be Local, but from the server.
5. Open, fulfill and choose like Automatic Transfer Server.
Create Key Ring file
1. In the Certificate Requests database, choose “Domino Key Ring Management”.
2. Create Key Ring.
3. Name and filename.kyr, password and key-size (at least 1024).
4. Fill Server Common Name (FQDN of the mail server!), OU, State and Country.
5. Create Key Ring.
6. Return to CertReqz and go to Pending/Submitted Requests and refresh it (F9).
7. Submit Selected Requests it is still Pending Sumbission.
8. Open Admin4.nsf and CA Request/Cert Request – find your request.
9. Edit it and Approve.
10. Go to Administrator mail file, and locate “Your certificate request has been approved”. Copy the pickup ID to the clipboard.
11. In CertReqz choose “Domino Key Ring Management” > “Pickup Key Ring Certificate”.
12. Paste the pickup ID, enter password.
13. Merge Signed Certificate.
14. Copy the *.kyr and *.sth files to server data directory, eg. disk:\domino\lotus\data.
15. If SSL is configured, than only change the kyr location.

As a NSA certified guy, there’s a big need that I share the news from sekurak.pl about Snowden archive… it is downloadable! Quick, seed until it is available <r0f>: https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi

Awesome numbers game

Posted: 2 March 2015 in Humour
Tags: , , ,

There are such a funny nerd things in the world, so true… r0fl: http://hugelol.com/lol/327360