Some Articles and Videos on Setting Up Windows for AD, ADFS, ADCS

Microsoft Windows

Below are some articles and video that I found to be useful to set up Windows for Active Directoiry, ADFS, ADCS and AWS.

Domain Controller/Active Directory

https://social.technet.microsoft.com/wiki/contents/articles/22622.building-your-first-domain-controller-on-2012-r2.aspx

https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/

https://msdn.microsoft.com/en-us/library/bb742437.aspx

Read moreSome Articles and Videos on Setting Up Windows for AD, ADFS, ADCS

Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0

Setting up and Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0. This KB assumes that you have a windows server with IIS, Active Directory, Active Directory Federation Services and Certificate Services Installed.

First, perform the following in your domain:

  1. Create two AD Groups named AWS-Production and AWS-Dev. AWS Production will have users that have administrative access and the AWS-Dev will have S3 , EC2 and RDS servies in AWS.
  2. Create users that will go into the accounts.
  3. Give the users email address (e.g., user@example.com).
  4. Add users to the AWS-Production and AWS-Dev groups.

Read moreEnabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0

Unable to remote desktop to Server 2012 after adding user to Remote Desktop Users Group

Are you having trouble accessing your Windows Server 2012 machine using remote desktop, even after adding the user to the Remote Desktop Users group? Remote Desktop appears to accept the login credentials but then you receive the following error message:

“To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.”

With Server 2012 it seems that you now also need to grant the user remote access privileges though the Local Security Policy as well as the Remote Desktop Users group.

To grant this access, search for and open the Local Security Policy program.
Expand Local Policies and select User Rights Assignment. A list of polices will appear on the right hand side. Right click on the policy named “Allow log on through Remote Desktop Services” and select Properties.

You will now have the option to add users or groups to the policy.

 

Plesk Web Statistics not Updating for SSL Site

In checking Plesk Stats, the traffic is much lower that the actual traffic.

Plesk Web Stats button only links to now SSL traffic. See: https://support.plesk.com/hc/en-us/articles/213951505-Different-statistics-values-for-SSL-and-non-SSL-traffic

As a workaround, SSL traffic statistics can be accessed using the following link:

https://example.com/plesk-stat/webstat-ssl

FTP statistics can be accessed using the following link:

https://example.com/plesk-stat/ftpstat
https://example.co/plesk-stat/anon_ftpstat

Set up vswitch in Hyper V

In order to do private networking, ideally you would use Hyper-V virtual switches to bind an interface in each of the guest VM’s to the same logical switch. You can do so with any locally routed convention.

You can configure each VM to make use of an IP in the 192.168.0.x range such as:

VM1 192.168.0.10
VM2 192.168.0.11
VM3 192.168.0.12

If you leave 192.168.0.1 open it can be set as the gateway on the virtual switch for outbound traffic that would use Network Address Translation to a public IP bound to the primary network interface.

You can also use other private network allocations such as a 10. range of your choice with VM’s using 10.0.0.1, 10.0.0.2, etc. They would all be able to see and ping each other provided they are connected to the same Hyper-V virtual switch.

The specific steps tend to change with small updates over time but Microsoft has details on the setup available from documentation at:
https://social.technet.microsoft.com/wiki/contents/articles/3140.create-networks-with-vmm-2012.aspx and https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/connect-to-network which is a general “Quick Start” for insight into the process.

If a single VM needs public access and local access it will need two interfaces. One will be bridged to the primary (public) interface on the physical host and the second can use the same local IP range as the other VM’s when connected to a local vSwitch.

Moving WordPress Site with Wordfence Plugin

I recently moved a wordpress site to a different host and after all the files and database were updated kept getting the following error:

2018/01/31 12:10:11 [error] 1857#0: *165 FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: failed to open stream: No such file or directory in Unknown on line 0
PHP message: PHP Fatal error:  Unknown: Failed opening required '/home/olddomain/public_html/wordfence-waf.php' (include_path='.:/usr/share/pear:/usr/share/php') in Unknown on line 0" while reading response header from upstream, client: 65.47.199.226, server: domain.com, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm/php-fpm.sock:", host: "domain.com"

After reviewing the KB files here:
https://docs.wordfence.com/en/After_moving_a_site_or_deleting_some_files,_I_see:_PHP_Fatal_error:_Unknown:_Failed_opening_required_/var/www/html/wordfence-waf.php
https://docs.wordfence.com/en/Web_Application_Firewall_FAQ#How_can_I_remove_the_firewall_setup_manually.3F

I was able to modify the .user.ini file and the wordfence-waf.php file to set the correct path and all is well.