Category: Sysadmin

Windows 10 Command Line Equivalent of wuauclt

I’m saving this info for my own interest.  This article has been super-helpful regarding the command line tools available for diagnosing and fixing Windows update on Windows 10.

From the follow blog, I found these amazingly useful commands.

https://omgdebugging.com/2017/10/09/command-line-equivalent-of-wuauclt-in-windows-10-windows-server-2016/

  • StartScan Used To Start Scan
  • StartDownload Used to Start Download of Patches
  • StartInstall Used to Install Downloaded Patches
  • RefreshSettings Refresh Settings if any changes were made
  • StartInteractiveScan May ask for user input and/or open dialogues to show progress or report errors
  • RestartDevice Restart device to finish installation of updates
  • ScanInstallWait Combined Scan Download Install
  • ResumeUpdate Resume Update Installation On Boot

VLAN Tagging and PVID

This is one of the best descriptions I’ve read about VLAN tagging and PVID (port virtual id).

http://en.community.dell.com/support-forums/network-switches/f/866/t/18619540

From Cerbrea:

There’s two things you can set on the port for VLANs….tagged or untagged and PVID.

If the port is set as untagged, then it tells the switch that the device(s) connected to that port are VLAN unaware, so any packet to be forwarded from that port out of the switch must be forwarded with the VLAN tag removed. If the port is set as tagged, then the destination device is VLAN aware, and packets will be forwarded with VLAN tags…so tagged /untagged is for packets leaving the switch.

Now for packets arriving at the switch port….if the packet arrives with a VLAN tag , then – providing that port is in the VLAN matching the tag – the packet will be forwarded; so if you have set a server NIC for instance to apply a VLAN ID , then  the packet arriving at the port will be tagged…so in this case you have a VLAN aware device forwarding packets already tagged , so you would configure the port into the appropraite VLAN as a tagged port. Note that if the packet arrives at the port tageed for a VLAN of which  the port is not a member, the switch will drop the packet.

If a packet arrives at the port from an end device carrying no VLAN tag, then the switch will add a VLAN tage which corresponds to the PVID, and then forward it within that VLAN; so the PVID mechanisim allows you to have traffic originating from a non-VLAN aware device to become an 802.1q packet, so that it can traverse to other switches and still be contained within the correct VLAN; so PVID is for non tagged packets arriving at a port on the switch.

Hope this helps

Add a New Site to IIS Reverse Proxy with Application Request Routing

General Overview of steps.

  • Install the security certificate in IIS.
  • Add a new site.  The web root should be an arbitrary folder in wwwroot\reverse.
  • Add two site bindings.  One for HTTP and one for HTTPS.  Specify a hostname.  For HTTPS Require Server Name Indication.  Specify the SSL certificate you imported earlier.
  • Create or Ensure that the web server that is hosting the site is available through Server Farms (application request routing).
  • Click on the top-level Web server tree (Sombrero) and then open on URL  Rewrite.
  • There should be a rule for each server farm.  If there is not a rule for this server farm, add one.  Rule settings are below.
    • Requested URL: Matches Pattern
    • Using: Wildcards
    • Pattern: *
    • Under Conditions, add a new condition and specify the new application or site’s domain name as the pattern.  The condition input should be {HTTP_HOST}.
    • Action Type: Route to Server Farm
      • Scheme: https://
      • Server Farm: the farm were the application/site is hosted.

Bad Gateway 502 Error

Once the reverse proxy is setup on Sombrero and the traffic forwarded to the back-end server, there have been instances where navigating to the site produces a Bad Gateway 502 error.  This is usually caused by an mismatch of the principal name used in the certificate on the back-end server and the domain name used in reverse proxy rule on Sombrero.

Most recently, when setting up https://finance.heritageapps.ca I ran into this issue.  The root cause was sourced to a mismatch of the domain name used in the server farm where the rule was pointed to.  I was using the internal domain name of the internal server, which in this case was tripping up IIS and causing the bad gateway error.  To fix this, I used split DNS (which I had already setup) for the heritageapps.ca domain.  Internally I point the same domain (finance.heritageapps.ca) to the back-end server.  So, I just used this same name in the server farm configuration to point to my internal server.

Install A New Printer

STEP 1: Open the Print Server.

You must be logged onto the Heritage corporate network either through a wired or wireless connection.  For wireless connections, you must be on the Heritage Staff network.

  • Open the Start menu, and in the search bar type: 
    \\canis
  • If you are using a non-Heritage owned computer type: 
    \\canis.heritagecollege.local
  • Press ENTER on your keyboard or click on the entry that your search found.  It should look similar to this screenshot.
  • A window showing all the printers available on the printer server will appear.

STEP 2: Install the Printer

  • Double-click or press ENTER on the name of the printer you would like to install (a list of printers is below).  You can also right-click the printer and choose Open.
  • The driver installation process will begin.  If you are prompted to install the printer driver click Install driver.

FINISH:

  • The print queue for the newly installed printer will appear.  It will be titled with the name of the printer.  For example “Main Copier on canis”.  This is the sign that installation was successful.
  • You have successfully installed the printer!

Network Printers @ Heritage

  • Main Copier – Location: Admin office.  Canon high-volume multi-function color copier/printer/fax.  Includes a booklet finisher, stapler, and a 2/3 hole puncher.
  • Main Printer – Location: Admin office.  High volume HP printer.
  • HCC Copier – Location: Student Services.  Canon high-volume multi-function copier/printer.  Includes a stapler.
  • Library Copier – Location: Student Services.  Canon high-volume multi-function copier/printer.  Includes a stapler.
  • eminary – Location: Seminary Foyer.  High volume HP 4250 printer.

Hyper-V Server Getting Started

Open port 3389 for all firewall profiles.

netsh advfirewall firewall add rule name="Remote Desktop"  protocol=tcp dir=in localport=3389 action=allow

To set the management network connection to private.

$profile = Get-NetConnectionProfile -InterfaceAlias "Ethernet 4"

$profile.NetworkCategory

Set-NetConnectionProfile -InputObject $profile -NetworkCategory private

To get remote Disk Management working:

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes

To get remote Computer Management working:

netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes

List of the different inbound firewall rules related to remote management.

Remote Administration
Remote Assistance
Remote Desktop
Remote Event Log Management
Remote Event Monitor
Remote Scheduled Tasks Management
Remote Service Management
Remote Volume Management