Exchange Microsoft Office365 SSL

Exchange: Replacing certificate for Microsoft 365 hybrid connector’s

When certificates needs to be renewed or changed on (on-premise) Exchange server’s, and you have Microsoft 365 hybrid setup though Hybrid Configuration Wizard, a Office 365 connecter is setup as send and receive:

Receive:
Default Frontend xxxx/EXCH01

Send:
Outbound to Office 365
xxxxx send connector

If you try to delete the old certificate, without setting the new cert for the connectors, you will get this in ECP:
“A special Rpc error occurs on server EXCH01: These certificates are tagged with following Send Connectors : Outbound to Office 365. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed then replace or remove these certificates from Send Connector and then try this command.”

So we need to move into Powershell and replace it, because it cannot be done through the ECP:

Get the thumprint for the new cert:

Get-ExchangeCertificate

So here it is, the top level cert, it’s a wildcard cert, thus the “*.” in the subject name, sorry for the maskings, this is from a non-lab environment

Copy the thumprint to notepad for next command.

Read the certificate subject and thumprint into a variable:

$cert = Get-ExchangeCertificate -Thumbprint <paste the thumbprint in here from previous command>

$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" - Do not change anything here!

The replace the connectors:

Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

Receive Connector –

Set-ReceiveConnector "EXCH01\Default Frontend EXCH01" -TlsCertificateName $tlscertificatename

Note: replace the word “EXCH01” with the name of your Exchangeserver like “MY-EXCH01\Default Frontend MY-EXCH01”

Run IISRESET

This is because the old and new certificate have the same “issuer” and “subject”, the set-sendconnector and set-receiveconenctor, cannot thereforem tell the difference, but solution is easy:

Just add another cert on the servers thumbprint to the first script, then run all commands throgh, after that, do the same again, but now with the real cert’s thumprint, and it works ?

Note that if you fail to replace your certificate before it expires (You forgot to), your mailflow between on-prem Excahnge and Exchange Online (365) will stop working and you will see this in the logs:

[Message=451 5.7.3 STARTTLS is required to send mail]

source links:

https://martinsblog.dk/exchange-replacing-certificate-for-microsoft-365-hybrid-connectors/
https://martinsblog.dk/exchange-an-error-occurred-while-using-ssl-configuration-for-endpoint-0-0-0-0444/
https://www.azure365pro.com/replacing-send-connector-certificate/

ASP.Net IIS

Install ASP.NET 4.5 in Windows 8 and Windows Server 2012

The Aspnet_regiis.exe utility is no longer used for installing and uninstalling ASP.NET 4.5 in Windows 8. ASP.NET 4.5 is now a Windows component and can be installed and uninstalled just like any other Windows component.

To install or uninstall ASP.NET 4.5 in Windows 8 or Windows Server 2012, use one of the following options:

  • Run the following command from an administrative command prompt: Console
dism /online /enable-feature /featurename:IIS-ASPNET45

For Windows 8 client computers, turn on IIS-ASPNET45 in Turn Windows Features On/Off under Internet Information Services > World Wide Web Services > Application Development Features > ASP.NET 4.5.

For Windows Server 2012 computers, enable IIS-ASPNET45 using Server Manager, under Web Server (IIS) > Web Server > Application Development > ASP.NET 4.5.

https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/aspnet/www-administration-management/install-aspnet-45-windows-8-server-2012
Code Snippets .NET ASP.Net Microsoft VB

How can i get information in Network Payload using vb.net?

I receive information from another page from a payment gateway. On the admin panel i can assign the callback url to notify me.

it will respond with a json payload.

How to get this info in codebehind on Page_load?

Make sure that, if you are using Friendly urls that the callback url has no .aspx

and try something like:

Public Shared Function GetRequestBody() As String
    Dim bodyStream = New IO.StreamReader(HttpContext.Current.Request.InputStream)
    bodyStream.BaseStream.Seek(0, SeekOrigin.Begin)
    Dim _payload = bodyStream.ReadToEnd()
    Return _payload
End Function

thanks to https://stackoverflow.com/questions/71097260/how-can-i-get-information-in-network-payload-using-c

Related: yfdFO, ClNoTe, kNzZPM, nsVX, KGukN, YRBMY, IoS, jrSbB, tIKr, OsfYa, xlAe, CwpRV, reKj, jiL, zDUOQ,
Microsoft PowerShell Windows server

Expired SCVMM certificate

The BITS client job failed to succeed for \srv-scvmm\c$\asd\SW_asdC_STD_MLF_X22-74300.ISO when attempting Start-BitsTransfer resource with following error: The date in the certificate is invalid or has expired

Restart BITS service and try the operation again. Also make sure that the client has permissions on the source and the destination.

ID: 24366

Possible resolution:

Restart BITS (Background Intelligent Transfer Service)

Delete the expired certificate from the VMM server’s Personal Store and create a new one:

[PowerShell]:

$credential = get-credential

Get-VMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

You will now get a new certificate which is valid for 5 years.

try
Get-SCVMMServer if command not recognized.

Exchange Microsoft SSL

Configure Wildcard SSL Certificate for POP/IMAP on Exchange 2010 (PowerShell)

It is assumed you have your SSL wildcard certificate already installed on an Exchange 2010 server.

We use Windows Server 2008 R2 Datacenter x64 in this example.

Open Exchange Management Shell as Administrator and get a list of SSL certificates that are available:

[PS]> Get-ExchangeCertificate

Thumbprint                    Services  Subject
----------                              --------  -------
1F70359DC0BE9CAD58F965A3C110  ...WS.    CN=*.example.com, OU=IT Dep, O=Example Comp...
0F7FF199B11E662621D80700D04F  ....S.    CN=ExampleDC

When you enable the wildcard *.example.com certificate for POP service, you normally get the following error:

PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services POP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

The same applies to IMAP:

[PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services IMAP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Set FQDN for POP service to fix the error:

[PS]> Set-POPSettings -X509CertificateName exchange2010.example.com

Do the same for IMAP service:

[PS]> Set-IMAPSettings -X509CertificateName exchange2010.example.com

Verify POP settings:

[PS]> Get-POPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::110, 0.0.0.0:110}     {:::995, 0.0.0.0:995}  SecureLogin  exchange2010.example...

Verify IMAP settings:

[PS]> Get-IMAPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::143, 0.0.0.0:143}     {:::993, 0.0.0.0:993}  SecureLogin  exchange2010.example...

Restart POP and IMAP services:

[PS]> Restart-service MSExchangePOP3
[PS]> Restart-service MSExchangeIMAP4

Source link:

https://www.lisenet.com/2014/configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server/

.NET ASP.Net ASP.Net 2.0 Microsoft

Problem with Session in iFrame after windows update

Microsoft ASP.NET will now emit a SameSite cookie header when HttpCookie.SameSite value is “None” to accommodate upcoming changes to SameSite cookie handling in Chrome. As part of this change, FormsAuth and SessionState cookies will also be issued with SameSite = ‘Lax’ instead of the previous default of ‘None’, though these values can be overridden in web.config.

You have to set the cookieSameSite= “None” in the session state tag to avoid this issue. I have tried this and working well.

<system.web>
<sessionState cookieSameSite="None"  cookieless="false" timeout="360">
</sessionState> 
</system.web>

https://social.msdn.microsoft.com/Forums/en-US/1b99630c-299c-446e-bf4b-d7d4d74bf9ef/problem-with-session-in-iframe-after-recent-windows-update?forum=aspstatemanagement

Active Directory Networking

Using Ntdsutil Tool to Manage Active Directory

The NTDSutil.exe utility is one of the key tools to manage Active Directory and its database (ntds.dit file).

The NTDSutil utility can be used by AD administrators in various scenarios. Most often the utility is used to:

  • Transfer (seizing) FSMO roles in the AD domain between domain controllers;
  • Authoritative restoring of deleted objects in Active Directory;
  • Remove faulty (missing) AD domain controllers;
  • Performing AD database maintenance: checking integrity, compressing, moving the ntds.dit file or AD log files to another drive on a domain controller in order to increase performance;
  • Active Directory snapshot management;
  • Change the administrator password for the DSRM (Directory Services Restore Mode) recovery mode.

To display the basic syntax of the NTDSutil utility, open an elevated command prompt on the domain controller and run:

Ntdsutil.exe /?

As you can see, the Ntdsutil utility has a few subcommands available. Let’s try to learn them in more detail with examples.

Let me remind you that in the AD there are five FSMO (Flexible Single Master Operation) roles:

  1. Schema master;
  2. Domain naming master;
  3. RID master;
  4. PDC emulator master;
  5. Infrastructure master.

These roles can be assigned to different domain controllers in the AD forest and/or domain. The current owners of FSMO roles can be obtained using the command:

netdom query fsmo

source link: https://theitbros.com/ntdsutil/

Uncategorized

QR Code Wifi

Wifi:

WIFI:T:WPA;S:ssid;P:password;;

Parameter Example Description
TWPA Authentication type; can be WEP or WPA, or leave empty for no password.
S MyNetworkName Network SSID. Required.
P ThisIsMyPassword Password, ignored if T is left blank.
H true Optional. True if the network SSID is hidden.

Microsoft Remote Desktop Services RemoteApp

diagnose RDP with commandline

netstat /p tcp /a | findstr 3389

APIs

HTTP SMS

Using the old HTTP SMS developed by Cardboardfish, enterprise acquired by MBLox and then by Sinch.com.

The issue: was using the httpsms.dll developed by Cardboardfish, in a .net platform running .net fx 4.5.

on 10 june 2021, the Atlas HTTP SMS Migration completed and the New FQDNs changed to new ones with http (443).

Impact MT/MO/DLR: API calls to the legacy Mblox Atlas HTTP SMS API URLs will be responded with HTTP status 302.

Client Action Required: Client applications to switchover their API calls to the new Atlas HTTP SMS API URLs below.

Please find the old and New URLs as below:

RegionOld FQDNs ImpactedOld PortsNew FQDNsNew Ports
EUsms1.mblox.com9444 (HTTPS)/9001 (HTTP)eu1.httpgw.api.sinch.com443 (HTTPS) only
EUsms1.cardboardfish.com9444 (HTTPS)/9001 (HTTP)eu1.httpgw.api.sinch.com443 (HTTPS) only
EUsms5.mblox.com9444 (HTTPS)/9001 (HTTP)eu2.httpgw.api.sinch.com443 (HTTPS) only
USsms2.mblox.coml9444 (HTTPS)/9001 (HTTPus1.httpgw.api.sinch.com443 (HTTPS) only
USsms2.cardboardfish.com9444 (HTTPS)/9001 (HTTP)us1.httpgw.api.sinch.com443 (HTTPS) only
USsms3.mblox.com9444 (HTTPS)/9001 (HTTP)us2.httpgw.api.sinch.com443 (HTTPS) only
USsms3.cardboardfish.com9444 (HTTPS)/9001 (HTTP)us2.httpgw.api.sinch.com443 (HTTPS) only

The solution is to migrate to REST API, or upgrade the dll to new FQDN.

To upgrade is needed the source files and have recompiled it.

The REST API and HTTP SMS in .net 4.5 the Webrequest must deal with https:

worked using:

vb.net 
ServicePointManager.SecurityProtocol = CType(3072, SecurityProtocolType)
c#
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;

Documentation:

https://status.sinch.com/incidents/kx1r0h62w9yf

https://social.msdn.microsoft.com/Forums/vstudio/en-US/646d3252-3a97-46b2-81f5-1038b8cb03a8/webclient-and-https?forum=netfxbcl

https://stackoverflow.com/questions/20064505/requesting-html-over-https-with-c-sharp-webclient

https://developers.sinch.com/docs/sms/getting-started/node/nodesend/

https://developers.sinch.com/docs/sms/other/sms-other-http-basic/#outbound-sms-http