Translate

Friday, February 19, 2021

The Server Pool Does not Match the RD Connection Brokers That Are In It. Errors: 1. Cannot connect to any of the specified RD Connection Broker servers

2016 RDS frustration with connection brokers.

This issue comes up if you disable TLS 1.0 on server 2012 R2 and 2016 or your database is in pending recovery mode.

To restore TLS 1.0 or a better solution is update to 2019 which supports TLS 1.2

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

If TLS is not the issue then go to this article at RDS Gurus site from Kristin L. Griffin

https://www.rdsgurus.com/rdms-problem-1-the-server-pool-does-not-match-the-rd-connection-brokers-that-are-in-it/ 


Your welcome for disabling Ads, they are ineffective.


Saturday, July 16, 2016

Error: "Printer not activated error code -30" Sage 2016 and Windows 10 Pro

Peachtree (Sage 50 for 2016) and Window 10 Pro UAC

What I am planning to cover
  1. Basic error info
  2. Why this is different in windows 10 and windows 7
  3.  The simple fix
Getting Started
If you have "Windows 10 Home" this is not for you!
The issue not being able to send an email invoice PDF from Peachtree to your email client. If you click the below E-mail to your client an invoice you get the above error "Printer not activated, error code -30".
Peachtree support recommended this solution but didn't work for windows 10.
https://support.na.sage.com/selfservice/viewContent.do?externalId=10807&sliceId=1

I found this has to do with the changes windows 10 made to UAC that the system really never gets rid of UAC for printers even if you disable UAC completely.
This is slightly different with Windows 7 which I never had problems with disabling UAC and Peachtree with printing.
The problem you could get it to work but then you lost the ability to use things like Edge web browser, calculator and a host of other basic apps for local admins or domain users added to the administrators group on your PC another annoying feature in windows 10 for security.

Error: "This app can't open, Microsoft Edge can't be opened using Built-in Administrator account. Sign in with a different account and try again". 

Well this will happen with any administrator account not just built-in accounts.
Let's say Domain Admins, Users that have been added to the Administrators group on the local system and lastly local admin.
After many hours about working with Group Policy's around UAC and printer settings it seems that Peachtree really wants you to be an Administrator on the box. Which in many ways this is crazy in today's security world in which we really need to get users off of administrator roles.
Apply these as GPO's or manually add the registry key's

Here is my Group Polices for Windows 10 and Peachtree boxes.



The simple fix
 Apply above GPO's then Open File Explorer in Windows 10 Pro
Go to C:\Program Files(x86)\Sage\Peachtree find the file named Peachw.exe then right the file and click properties.
Click the compatibility tab add the check to "Run this program as an administrator".
Now you should be able to e-mail an invoice to a client and still have administrator rights on the box.

Wednesday, May 15, 2013

Installing iptables on Raspberry Pi

Why do we need iptables for RPi.
  1. Restrict connections to services if you are connected to the internet directly.
  2. Ability to control connections states and proper TCP connections.
  3. Ability restrict to allowed connections to the RPi from remote locations.
As you probably found out that the Raspberry Pi does not have iptables installed by default. This is a good thing unless you plan to connect your RPi to the internet. This leaves your SSH (if you have it enabled) connection open to attack if you don't plan to setup a more secure private key connection to SSH. Which I would suggest doing anyway. I plan cover that in a future blog.
Raspberry Pi

What I am planning to cover

  1. Install of iptables for RPi.
  2. Configure basic rules sets for connections to SSH and HTTP services.
  3. Create a script to save your rulesets.
  4. Setup loading rule sets on start-up or your RPi. 

Getting Started

Current overview of my configuration. Using an 8Gig SDCard. I downloaded these items.

 If you would like to setup a static IP or learning to connect to RPi via SSH view my blog here

Installing iptables

During this install of iptables I am going to install the package via SSH. By default iptables is set to allow all connections.
iptables install on Raspberry Pi

  1. Type "sudo apt-get install iptables". press Enter this will download and install the current available version of iptables to you RPi.

Adding rules to iptables

At minimum we want to have a few rules in our iptables. These rules are not for you to use your RPi as a firewall. Plus it would be difficult with only one NIC. You must do these in order or connections could fail. Rules go top down in order. Skip any rule except ones in blue.
iptables saved file
  1. Type "sudo iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED". press Enter This will allow any connection that has been properly established and related to pass though. This is really only needed if you have opened a port like the rule 2. below.
  2. Type "sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT". press Enter. This will allow you to host a website on your RPi on port 80.
  3. Type "sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT". press Enter. This will allow you connect to your RPi via SSH.
  4.  Type "sudo iptables -A INPUT -p tcp --dport 5901 -m state --state NEW -j ACCEPT" press Enter. This will allow you access if you have TightVNC installed.
  5.  Type "sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT". press Enter. This will allow you to ping your RPi.
  6. Type "sudo iptables -P INPUT DROP". press Enter. This will block all inbound traffic not accepted by a rule.
  7. Now type "sudo iptables -L". press Enter. You should see your rules loaded.

Saving the configuration to a file

In this section I am going to simply cover saving your shiny new iptables configuration to a file. Then create a script to call iptables-save which will allow us to save the file anytime.
Script to save running iptables information
  1. Type "cd /etc | sudo iptables-save > iptables.conf". press Enter. This will save the currently running ruleset from memory into /etc/iptables.conf file.
  2. Type "cd ~/". press Enter. Put us in your home directory.
  3. Type "echo '#!/bin/bash' | sudo tee ~/savetables". press Enter. This is the header for the script file.
  4. Type "echo '/sbin/iptables-save > /etc/iptables.conf' | sudo tee -a ~/savetables". press Enter. This is the command to save the table information to /etc/iptables.conf file.
  5. Type "sudo chmod +x ~/savetables". press Enter. This will set the file to have execute permissions.
  6. Type "cd ~ | sudo ./savetables". press Enter. This command will allow you to save the configuration file anytime.

Applying rules to the eth0 interface to stay persistent

We are going to start off by creating a script file in the network directory to execute our iptables when our eth0 interface is up and running.
Load iptables on interface load Raspberry Pi
  1. Type "echo '#!/bin/bash' | sudo tee /etc/network/if-up.d/iptables". press Enter. This is the header for the script file.
  2. Type "echo '/sbin/iptables-restore < /etc/iptables.conf' | sudo tee -a /etc/network/if-up.d/iptables". press Enter. This is the command that will load our iptables on our eth0 interface.
  3. Type "sudo chmod +x /etc/network/if-up.d/iptables". press Enter. This will set the file to have execute permissions.
  4. Type "sudo reboot". press Enter. After your RPi comes back up you should now be able to type "sudo iptables -L" and see your rules listed under INPUT.

Known Issues

None


Monday, May 13, 2013

Install nginx 1.4.1 Raspberry Pi


Lets start off with why we need to get the latest update to ngnix.
  1. Current build of nginx from the Raspbian mirror for Raspberry Pi is out of date.
  2. Current "apt-get install nginx" has critical vulnerabilities. 
I just started messing with Raspberry Pi and wanted to setup a simple web server with the option for HTTPS, this being said I knew that nginx would provide me with a small foot print and very high speed web service.

What I am planning to cover

I will cover more than just installing nginx into your RPi.
  1. Setting Static IP to your RPi
  2. Connecting to your RPi via SSH
  3. Getting the source files for compiling your newer nginx 1.4.1
  4. Compiling and building a package for using nginx source.
  5. Installing your built package into RPi

Getting Started

Current overview of my configuration. Using an 8Gig SDCard. I downloaded these items.
After you setup this you many choices to connect to your RPi. I choose to use SSH to do most of my configuration remotely. Notice: RPi does not have iptables installed by default so I wouldn't connect your RPi direct to the internet without going through installing iptables.

Raspberry Pi

Setting Static IP

First off you will probably want to set a static IP address to your RPi for your web service and this will aid the connection for SSH later.
We will start using the built-in GUI for this basic task then move on to SSH.
    Raspberry Pi Static IP
  1. Open LXTerminal at the prompt type pi@raspberrypi ~ $ sudo nano /etc/network/interfaces
  2. Edit line "iface eth0 inet dhcp" change line to "iface eth0 inet static"
  3. Add these lines below "iface eth0 inet static"
  • address 192.168.40.20 # This is your ip static address for you RPi
  • netmask 255.255.255.0
  • network 192.168.40.0
  • broadcast 192.168.40.255
  • gateway 192.168.40.1 # This assumes your gateway (router) to the internet is at .1
Here is our output now press ctrl+o then press Enter to save the file. Then press ctrl+x to exit.
At the console prompt type "sudo reboot" now while our RPi is rebooting lets get our SSH client (Putty) software. Download Putty here


Connecting to RPi via SSH

Open Putty
    Raspberry Pi SSH connection
  • In the Host Name (or IP address) enter your IP address example: 192.168.40.20 or whatever you gave your RPi. 
  • Under Saved Sessions type RPi and click Save. 
  • You will now have faster access to your RPi via SSH. Click Open. 
  • You will now be prompted for Login as: type "pi" press Enter. At pi@192.168.40.20's password: type "raspberry" press Enter.

Download and build our nginx package

We are going to setup our environment to take our new packages and have it build our packages.
    Raspberry Pi package sources list
  1. Type "cd /etc/apt". press Enter. We are going to add the source download location.
  2. Type "sudo nano sources.list". press Enter. We have to add lines here for the source.
  3. On a new line enter these lines.
    •  Type "deb http://nginx.org/packages/debian/ squeeze nginx". press Enter.
    •  Type "deb-src "http://nginx.org/packages/debian/ squeeze nginx"
    • Type "ctrl+o then ctrl+x to save the file.
    Download nginx source code
  4. Type "cd /tmp". press Enter. We are moving into our root temp directory to build our packages in.
  5. Type "sudo apt-get build-dep nginx". press Enter. This will download all dependencies for nginx.
  6. Type "sudo apt-get source nginx". press Enter. This will download the source for nginx.
  7. Compile nginx 1.4.1 source code for Raspberry Pi
  8. Type "cd /tmp/nginx-1.4.1 && sudo dpkg-buildpackage -uc -b". press Enter. This process will take a seriously long time. It is building the full install package.
We have now completed our download and compiled our package. Time to install the package.

Install our built package

We have now come a long way to get exactly what you need to get a current version of nginx build for your Raspberry Pi. Lets finish the with a quick install.
  1. Stop the exiting service! Type "sudo service nginx stop". press Enter.
  2. Remove previous package nginx if it exists Type "sudo apt-get remove nginx". press Enter
  3. Review the data in the package Type "dpkg-deb -I /tmp/nginx_1.4.1-1~squeeze_armhf.deb". press Enter.
  4. To instal the package Type "sudo dpkg -i /tmp/nginx_1.4.1-1~squeeze_armhf.deb". press Enter (If this fails see the known issues section.)
  5. Type "sudo reboot"
FYI. The location to the index.html file is "/usr/share/nginx/www"

Raspberry Pi nginx 1.4.1 Installed

Known Issues

Fail to install stating previous install files still exist.
  1. The not so graceful way Type "sudo dpkg -i --force-overwrite /tmp/nginx_1.4.1-1~squeeze_armhf.deb"