I've recently been looking into moving my blog away from Blogger and over to a WordPress installation.
There are a ton of options out there to get your head around, but I have finally settled at a SAAS (Software as a Service) option hosted on Amazon's Web Service platform for the time being. I am still trying to get my head around a few things before I do the final migration. I've learnt a few things about WordPress and AWS though and just wanted to document some of them here.
When you spin up the WordPress BitNami instance from the AWS Marketplace during the configuration you are given the option to download an SSH private key that can be used to securely access your environment via an FTP or SSH client etc. This comes in the form of a .PEM file. If you need to connect to your environment to modify configuration files or upload files via FileZilla this is the procedure.
Launch FileZilla
Click on Edit > Settings
Select SFTP
Click on "Add Key File" and select the .PEM file you downloaded during the AWS setup
Click OK
Now click on File > Site Manager
Create a New Site
Within the Host field enter the Public IP address of your instance
Within the Protocol Field select SFTP
Change the Logon Type to "Ask for Password"
Enter "bitnami" as the username
Click OK
When you try to connect you will be asked for a password, ignore this and continue
The WordPress BitNami main directory is located within /opt/bitnami/apps/wordpress/htdocs here you will find the wp-config.php file and all the other usual WordPress files.
I recently came across an error where nodes within a Windows Server 2012 R2 Cluster who stopped being active nodes within the cluster and continually cycled round trying to join again.
We were seeing errors:
Event 1070: Failover cluster nodes must have the ability to start the Cluster service, form a cluster (when a given node starts but no other nodes are up) and join a cluster (when a given node starts and discovers that one or more nodes are already up). This requires that certain conditions be met, for example, failover cluster nodes must run compatible versions of the operating system. Event 1145: Cluster resource <resource> timed out. If the pending timeout is too short for this resource consider increasing the pending timeout value.
Within the event log over and over again.
We did some basic troubleshooting to check network connectivity, configuration etc. One of our troublshooting steps included evicting a node and using the Clear-ClusterNode Powershell command to try and clear any configuration issues on the node. When we tried to add the node back to the cluster we were presented with a new error "Event ID: 7024 The Cluster Service service terminated with the following service-specific error: Keyset does not exist".
We did some more digging and found that the permissions on the folder and files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys were largely missing. This is the folder that holds the certificate keys that the cluster uses to connect. Rather than change all the 38 files individually within the folder manually we came up with this wee script:
##This grants ownership of the folder and files below it to the administrator group. takeown /f C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /R /A
##This grants the System and Administrators accounts Full Access to the machinekey folder and all it's subfolders/files, and removes any inherited permissions icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /INHERITANCE:R /GRANT ("SYSTEM" + ':(CI)(OI)F') icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /INHERITANCE:R /GRANT ("Administrators" + ':(CI)(OI)F')
Once the permissions were set as above we were able to successfully add the node back into the cluster. And all four nodes were active again.
We've all had to lock down a workstation, server or application for security/audit purposes and wondered where to start. I recently stumbled across the Center for Internet Security (CIS) Benchmark program which provides vendor agnostic advice and tools on accessing and improving the security of servers and applications. The CIS program can help public and private organisations to meet compliance standards for FISMA, PCI, HIPAA and a lot more.
Behind the scenes of CIS there is a group of IT security experts who give their time and knowledge to help provide the information and tools that can help to benefit the rest of the IT community.
The CIS provide a Java based assessment tool that you can run on your workstations or servers to assess the potential security holes within them.
Once you download the tool from their website and run it you are confronted by a list of current benchmark standards you can run against your device. In this case I am running the tool against my Windows 10 workstation.
The next screen in the wizard is what profile you want to run against the device. These are security profiles that you can choose from depending on what level of security you are looking to achieve.
The next screen that you encounter is relating to how you would like the results reported to you. You have several options to choose from, I've found the HTML report to be the most useful so far.
Depending on what benchmarks and profiles you've asked to run the tool may take several minutes to generate. Once it has you will have a report that contains information on what your device has passed or failed on and what the implications of any failures are as well as some useful tips on how to resolve.
I recently started to use my home lab after 6months of not having any time to use it and unfortunately I had completely forgotten what I had set the password to on my KEMP Loadbalancer. Thankfully I haven't changed deleted the bal account and was able to use a simple method to get into it again...
1. Log into the KEMP console using the username pwreset
2. Use the password 1pwreset
3. The console will now indicate that the password for the bal account has been reset to 1fourall which you can now use to gain access to your loadbalancer again
KEMP Technologies was founded in 2000 in New York and they specialise in creating load balancing products. They offer hardware, cloud, virtual and bare metal load balancers.
One of the best things about KEMP is the offer a completely free version of their product, it isn't a waterdown version of their product but a fully featured Layer-7 load balancer, with only one drawback, it is throttled to 20Mbps throughput. However the free appliance can be seamlessly upgraded to a paid license at any time.
A KEMP appliance is extremely easy to set up and get running within a virtual environment and can be managed via a web browser session. A great resource available from the KEMP Technologies website is templates to help you configure certain load balancing services, such an Exchange 2010/2013/2016, Microsoft RDS, VMware Horizon View, MobileIron MDM and Dell Wyse VWorkspace to name a few.
With the free version support is limited to the KEMP Community forums, templates and excellent install guides. But this hasn't been a hindrance in the home lab or small office installations I have encountered. However, should you need it there are options you can buy to provide telephone support.
As I'm sure you are all aware MS Ignite this year was held in Atlanta in September for those of us not lucky enough to be there in person Microsoft have kindly put the session online via YouTube so we can view them. With over 1000 sessions it can be a daunting task trying to figure out which ones to watch and which ones not to. I've put together a list of six sessions I really enjoyed watching and think would be of benefit to you guys as well.
Mark has had similar sessions at TechEd and Ignite in previous years and they are always very informative. He gives an insight into how the SysInternals tools can help to troubleshoot issues with malware, error messages, blue screens of death, and much more.
I've been catching up with some of the sessions from MS Ignite via the on demand function and one of the interesting events I tuned into was the "Discover what's new and what's coming from Microsoft Outlook" with Julia Foran, Allen Filush and JJ Cadiz.
Within the session they talked about how they have used customer feedback to help develop a better more intuitive and productive tool.
The new features that should be starting to roll out to Office 365 subscription users in the new few months are as follows;
Focused
They received a lot feedback about the Clutter facility and how emails were getting lost in there when users forgot to check there so they have introduced the Focused view that will help to show a user on opening Outlook the important emails while the not so important emails will go into the Other view. This feature can be seen in this video:
@mentions
Within emails you will now be able to use the @ symbol and then type someone's name to help bring to their attention something in particular within that email. This will be especially useful within emails that have many recipients. It's very like the mentions facility that Twitter and Facebook currently utilise so the hope is that users will be able to adapt to this new feature easily.
Shared Calendars
One of the major issues we're all aware of if we've used calendars within an organisation is that shared calendars can be a pain to set up, access and view. This is set to change. Microsoft have put a lot of effort into developing a better and easier to manage system. The ability for an end user to share their calendar with a colleague has now been simplified and easy to understand. Accepting that invite to be able to view a shared calendar is much more initiative and grants instant access.
It used to be the case that you could only view a shared calendar from your Outlook client and that wasn't reliable all the time, but now you will be able to see your colleague's calendar from your Outlook client, your OWA session, or your mobile device (iOS, Android and Windows). Which is a great move and will be extremely handy for the one the go worker.
The free/busy time availability has also had some development. Microsoft have made it that Outlook will learn the top 50 users that you schedule meetings with and help to populate their free/busy information instantaneously. No more waiting on Outlook to find and display that info which was unreliable, it will now be available immediately, blink and you'll miss it loading! And the even better news is that you will be able to see the free/busy information on the go, so if you are trying to schedule a meeting from your mobile device you will get feedback on your meeting attendees availability there and then.
Others
There are also some other features coming along, which include the ability to see a small preview of any image files you are attaching to emails, so you can see if you're sending the right one.
Outlook will be easier to set up on first run if you have signed into the device with your Office 365 account, which will be music to IT Administrator ears.
If you receive an email regarding flight information or an online order Outlook will render all the useful information; flight number, check in details, tracking number, etc at the top of the email so that it easy to find and see.
The future definitely looks bright for the features and functions of Outlook and I look forward to seeing them rolled out. If you would like to hear more and see these features in action please take a look at the MSIgnite session at https://myignite.microsoft.com/videos/4076
Also if you would like to participate within the development of Outlook please visit Outlook Uservoice and give Microsoft your feedback.