yaleman.org

If you’re attempting to monitor servers that aren’t on the same domain as your Root Management Server you need certificate-based authentication to allow communication between hosts.

There are plenty of articles on how to setup a Certification Authority, we’re running a standard Windows 2008 setup.

Here’s our Standard Operations Procedure for replacing certificates on agents.

• Login with MSTSC to the server requiring the new certificate
  • NOTE: When you login, if you’re given a temporary profile it won’t work.
• Open https://[your root ca]/certsrv/ in a web browser
• Click on continue if you get a https certificate error
• Go to internet options -> Security -> click on trusted sites
• Click on Sites
• It should have https://[your root ca] in the Add this website to the zone field
• Click Add
• Click Close
• On the web page click Download a CA Certificate, certificate chain or CRL
• You’ll probably get another https signing error, ignore it.
• Ensure:
  •  CA Certificate has the entry with Current highlighted
  • Encoding method is DER.
• Click Download a CA Certificate
• Save the Root CA Certificate somewhere and double click on it to open the key file.
• Ensure the details look right for your Root CA  and click Install certificate on the general page
• Click Next
• Select Place all certificates in the following store and click browse
• Select Trusted Root Certification Authorities and click OK, then next and Finish.
• It’ll warn you about an un-validated certificate, click yes.
• The root CA trust certificate is installed
• In the browser click Home in the top right
• Click Request a certificate
• Click Advanced certificate request
• Click Create and submit a request to this CA
• Fill in the fields as below Name = FQDN of client Type = Other OID = 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 Create new Key Set CSP = Microsoft Enhanced Cryptographic Provider v1.0 Key usage = Both Key Size = 1024 Automatic key container name Mark keys as exportable = tick Request format = CMC Hash = sha1 Friendly name = FQDN of client (must match first field)
• Click submit
• It may confirm that you wish to request a new certificate, click yes.
• You’ll be issued a request ID.
• Login to the certificate server and open Certificate Authority from Administrative Tools
• Expand the tree and find Pending Requests
• There should be a request matching the ID you were given in the previous steps, right click on it and click All Tasks -> Issue
• Go back to your remote connection to the agent
• Click Home on the Certificate Services screen
• Click View the status of a pending certificate request
• Click the blue link – it should only show you yours
• Click Install this certificate
• Click yes to install it
• On the Agent run mmc.exe
• Click File -> Add/Remove Snap In
• Add Certificates and select theMy user accountoption.`
• Add another Certificates but this time select Computer account then Local computer
• Click OK
• Expand the two trees like this:
• Under Certificates – Current user -> Personal -> Certificates you’ll find the client certificate.
• Drag that to the matching folder under Certificates (Local Computer)
• Under Certificates – Current user -> Trusted Root Certification Authority you’ll find the root CA certificate. It should have the same name as the Root CA hostname.
• Right click on the certificate you imported previously and click copy.
• Ensure the expiration date of the one you’re working on has the correct expiration date – it should be 02/08/2027. (If it’s expired, hello future!)
• Go into the matching Trusted Root Certification Authorities folder under Certificates (Local Computer) and right click->paste the cert into there.
• Go to Certificates (Local Computer) -> Personal -> Certificates and on the certificate you just dragged in there, then Right click -> All Tasks -> Export
• Click next, select Yes export the private key and click next
• The export file format should be PKCS #12 (.PFX), don’t tick anything in the boxes.
• Click next
• Enter a simple password you’ll remember and click next.
• Save the file somewhere you can navigate easily to via command prompt.
• Click next then Finish
• Open a command prompt as administrator (right click on it and click run as administrator)
• Navigate to where you put the key
• Run MOMCertImport.exe [keyfile], substituting [keyfile] for the filename that you just exported.
  • 32-bit servers, run it from the SupportTools\i386 folder
  • 64-bit servers, run it from the SupportTools\AMD64 folder
• It’ll ask for the password, type it in and press the enter key. After a few seconds (it won’t show that it’s doing anything) it will have completed. *After a few minutes check the event log on the client for events with ID 20053, this will show that it’s working. The logs are in the Operations Manager listings.
• Other than deleting any files on the file system you’ve created (the key files are insecure and shouldn’t be left lying around) check in the SCOM Console to ensure monitoring is working and you’re all done.

I posted recently about the fact that HTC had released a software update that they believed would fix the flickering issues that most HTC One X owners are experiencing. The update’s been available in Europe for a while, but Oceanic users have been waiting for it to be released OTA.

I woke this morning to an exciting sight (living by myself, I’m easy to please):

I’ve had my I’ve had my for a few months now, and I’m loving it. It’s been through some seriously wet days on my motorbike, dumped into the sink for fun and generally bashed around. When I replaced my oversized Oakley wallet with the billfold, I dumped quite a lot of extra membership/loyalty cards into a pocket on my bag. I’ve been looking for a simple card holder since then - who wants things floating around in your bag - and recently I found my first test subject.

Thursday, May 17, 2012

What are your favorite foods to throw on the grill?

Well, since I have a BBQ instead of a grill, maybe Steaks? I’m quite partial to well-cooked Salmon, but haven’t done that yet.

Wednesday, May 16, 2012

What was the last live performance you saw?

I’m fairly sure it was the very last Powderfinger concert at the Riverstage, it was quite amazing.

Tuesday, May 15, 2012

Another meme from my friend Barry…

What it took to get an 8th grade education in 1895…

Remember when grandparents and great-grandparents stated that they only had an 8th grade education? Well, check this out. Could any of us have passed the 8th grade in 1895?

This is the eighth-grade final exam from 1895 in Salina , Kansas , USA . It was taken from the original document on file at the Smokey Valley Genealogical Society and Library in Salina , and reprinted by the Salina Journal.

Another silly meme from my mate Barry.

1. Money cannot buy happiness but…somehow, it’s more comfortable to cry in a Mercedes Benz than it is on a bicycle…
2. Forgive your enemy, but remember the bastard’s name.
3. Help a man when he is in trouble & he will remember you when he is in trouble again.
4. Many people are alive only because it’s illegal to shoot them.
5. Alcohol does not solve any problem, but then neither does milk.

… confirming that 1.29.xxx.11 will recalibrate the screen over the course of a few days …

HTC believes that through their testing of the new update they’ve found a fix for the screen flickering issues that HTC One X owners have been experiencing as mentioned in my previous posts.

I hope this is true, and I’m still waiting on Optus to release the version, but many UK and European users should have it available as an Over The Air update. Luckily my (replacement) handset isn’t suffering the screen flickering issue yet, but I’m eagerly awaiting the promised update.

My first replacement device has started flickering, only five days after getting it - as I knew it probably would.

It’s currently running the latest software available OTA on Optus - 1.28.980.10. As mentioned here there’s a newer version which has the capability of (hopefully) fixing the flickering issue permanently.

I can’t decide on whether to take the phone back again, all they’ll do is eventually replace it. The fact that there’s a dead red pixel in the top of the screen makes me want to take it back… why can’t they just make this stuff work?

1. 13″ Macbook
2. Chrome Metropolis
3. Microsoft mouse (cheap and unkillable)
4. 2x Apple Power Supplies
5. Glasses
6. 2m Network Cable
7. Medical Supplies in a Voodoo Tactical EMT pouch (Prescription and OTC painkillers and other meds, zipties, eye wash, splinter rippers )
8. Chrome pouch (holds Canon IXUS115HS point ‘n shoot)
9. Loyalty and ID cards for shooting/other sports
10. Zebra & Pilot pen, postits
11. USB->RS232 cable
12. USB-A -> mini-usb cable
13. Minidisplayport->HDMI cable
14. Fisherman’s friends (nom)
15. USB Flash drive(s) - at least two and some velcro cable tie
16. iPod classic 120gb
17. Flowfold Black Pearl billfold
18. HTC One X
19. Chrome utility pouch - for cables
20. APC RS232->2.5mm Serial cables
21. Apple usb cable
22. Samsung USB->MicroUSB cable
23. APC Rack key
24. Leatherman wave
25. LED Lenser V6
26. Wenger NewRanger 63
27. Riverbed orange screwdriver ‘o doom
28. Gerber “why do you carry that?!?!!” knife a friend brought back from the sandy place

I’m 6'9″ tall and carry a lot, but it looks like a little bag on me and I use it most every day. Am working on perfecting it by shrinking number/size/weight of tools, while keeping the quality and utility of them high. Also, I’m hard on my stuff 🙂

So, I love TED.com’s videos as they tend to be either inspiring or incredibly informative, or both. I was sent a link to a video called “The Great Porn Experiment” which speaks about the effects of porn, more specifically sourced from high speed Internet connections. Have a watch:

In the video there’s mention of Reddit’s NoFap subred, where a large group of users are banding together to support each other (no 12-step plan yet!) to kick the habit. Doubly inspired, I decided to run with it. I suffer from a fairly shitty case of depression and have experienced most of the symptoms listed in the TED video. Addiction would be the word for it, I can identify with the symptoms from my various research. I’d be ashamed, but if sharing this helps a few more people, then so be it.