Unable to install .Net Framework 3.5 on Windows server 2012 R2

Problem : 

When you try to install .Net Framework 3.5 on Windows Server 2012 R2 , it fails with following error :  

Error Code 0x800F0906 or “the source files could not be downloaded”, 

Reason : 

Microsoft released a security update in August 2014 that updates .Net components. The security updates are as follows: 

KB2966827

KB2966828

If either of these updates are installed, you will run into the above issue if your server does not have access to the Internet to pull the updated components.

Solution : 

There are 2 solutions for this problem :

1. Uninstall Security Updates KB2966828 and KB2966827 and then try to install .Net Framework 3.5 again. It should not give any error now.

2. Install the Update Fix for .net Framework 3.5 for Windows server 2012 R2 from following link . This update resolves an issue that prevents the optional Microsoft .NET Framework 3.5 feature from being enabled after you install security update 2966827 or 2966828 for the Microsoft .NET Framework 3.5. 

https://support.microsoft.com/en-us/kb/3005628

You will not get the error after applying any of these 2 solutions.

Cheers !!!!

Redirect webpage to other website without changing the URL in Browser - IIS

Problem :

 I was asked to redirect a Webpage , say www.x.com to another website www.y.com but client wanted to retain the first URL in the browser. Simple Redirection can be done via IIS redirection module but if we use simple redirection then the URL shown in the browser will be of the redirected page (in this case www.y.com). To over come this problem I applied following solution..


Solution : 

1. Create an index.html file in the root folder of first website (which you want to redirect to other URL).. in this case www.x.com.
2. Paste the following code in that index.html file

<html>
<frameset cols="100%">
<frameset rows="100%">
<frame src="www.y.com" />
</frameset>
</frameset>
</html>

3. Save the file.

4. In the IIS settings of the first website, make index.html as default document.

5. Restart the first website  (www.x.com) (though it is not needed).


You will now be able to redirect your page www.x.com to www.y.com but it will not change the URL in your browser.


Cheers !!!!!!!!!!!!!!

How to Renew Server Certificate on a TMG Forefront Stand Alone Array in Workgroup Environment.

Steps to follow to Renew Server Certificate on TMG Configuration Storage server.

Creating Server Certificate for TMG Configuration Storage server via CA :

Prerequisite

1. As a Prerequisite , you must have a local Certification authority which could issue certificates for the TMG servers.
2. You must have access to any IIS server which will be used to create certificate request.

Creating Certificate Request from IIS : 

1. Open the IIS Manager, click on server name node from the left pane and click on "Server Certificates" from the middle pane.
2. Click on the "Create Certificate Request" from the right pane
3. In the "Common name" field type the Fully Qualified Domain Name (FQDN) of the TMG server that will act as an Array Manager. If your Array Manager server name is TMG01 and workgroup name is workgroup.local then we will use "TMG01.workgroup.local". Fill the remaining fields as per your organizational details like OU, Location, county etc.
4. Choose "Microsoft RSA SChannell Cryptographic Provider" for the "Cryptographic service provider" and  2048 as "Bit lenght".
5. Save the certificate request as C:\tmg01.req.

Creating Certificate based on Request file created in above section

1. Logon to the CA computer and  browse to: http://localhost/certsrv.
2. Click Request a certificate.
3. Select Advanced Certificate Request.
4. Click on "Submit a certificate request by using  a base-64-encoded CMC or PKCS #10 file, or submit a renewall request  by using a base-64-encoded PKCMS #7 file".
5. Paste the contents of the tmg01.req file that we had created earlier from IIS to the "Base-64-encoded certificate request" field. In case you have a drop-box with Certificate Templates list, select "Web Server" template.
6. Your certificate request is now submitted to the CA. In case the "Request Handling" property of your CA is set to automatically issue certificates you will be presented with the following page where you have the possibility to download your issued "cer" file. Click on "Download certificate" and save the file as C:\tmg01.cer.
7. In case the "Request Handling" is set to manually issue the certificates by the administrator then you will have to perform the following steps.
8. Open the "Certification Authority" console on your Issuing CA server and click on "Pending Requests". You should see your request in the right pane.
9. Right click on the request and select All Tasks > Issue.
10. Browse to the CA web site again (https://yourservername/certsrv) and click "View the status of the pending certificate request". There should be your "Saved-Certificate Request" listed.
11. Download the "cer" file as we did in Step 6.
12. Now return to the IIS Manager console from which you have created the certificate request and now select "Complete Certificate Request".
13. In the "Specify Certificate Authority Response" screen browse to the "cer" file you  have downloaded from the CA and enter a friendly name for the certificate. I usually type the same name as common name.
14. You have now completed the procedure of issuing the "Server Authentication" certificate. If you open the "Local Computer" Certificates store on the server where you have requested the certificate you should see the certificate in the Personal > Certificates folder. The certificate icon should have a little yellow key pictured which means that you have both private and public key. We must export the certificate with private and public keys so that we can import it on our TMG server.

Exporting the server certificate created in Previous section.

To export the server certificate

1. On IIS server, From the Start menu, click Run. Type MMC, and then click OK.
2. In MMC, click File, and then click Add/Remove Snap-in.
3. In Add/Remove Snap-in, click Add to open the Add Standalone Snap-in dialog box. From the list of snap-ins, select Certificates, and then click Add.
4. In Certificates snap-in, select Computer account, and then click Next. In Select Computer, verify that Currect User is selected, and then click Finish. Click Close, and then click OK.
5. In the MMC console, expand Certificates , expand Personal, and click Certificates.
6. In the details pane, right-click the certificate you just created (it will show its fully qualified domain name (FQDN) of the configuration storage server), point to AllTasks, and select Export.
7. On the Welcome page of the Certificate Export Wizard, click Next.
8. On the Export Private Key page, select Yes, export the private key, and then click Next.
9. Personal Information Exchange - PKCS #12 (.PFX)" should be selected. Unmark all the checkboxes and click Next.
10. On the Password page, you may provide and confirm a password, and then click Next.
11. On the File to Export page, click Browse, and browse to a location where you want to store the exported certificate file. Select be any location on that machine from which the file can be easily retrieved by Forefront TMG installation when installing Forefront TMG services which includes the configuration storage server. Click Next.
12. On the summary page, click Finish.
13. Now that we have our certificate ready for import there is still one thing we must do. Since we are creating TMG array in a workgroup mode we must import the root certificate of the CA that issued the certificate to all of the TMG servers that will participate in array. But first we must export the root CA certificate from a computer that has it.
14. Open the "Local Computer" Certificates store on the Issuing CA computer or on some other computer which is a domain member in a domain where CA resides.
15. Navigate to the Trusted Root Certification Authorities > Certificates, right-click on the root certificate from the CA which issued your certificate and select All Tasks > Export.
16. elect "DER encoded binary X.509 (.CER)" and click Next.
17. Save the "cer" file to disk. In our example it is C:\CompanyRootCA.cer.
18. Now we have both the PFX file which contains our public and private keys for the TMG computer certificate and a CER file that contains a public key from our root CA. The next thing we must do is to import the root certificate to each TMG server that will participate in the array and to import the "Server Authentication" certificate.
19. 
    

Installing storage server certificate 

1. Open the "Local Computer" Certificates store on each TMG server and import the root certificate "cer" file to the "Trusted Root Certification Authorities".
2. In the Forefront TMG Management console, in the tree, click the System node, and in the details pane, click the Servers tab.
3. In the Tasks tab, click Install Server Certificate.
4. Browse for the server certificate which you recently imported on the server TMG array manager TMG01. 
5. Make sure that the Automatically create the root CA certificate on this array manager check box is not selected. If it is checked, it has always resulted in error.
6. Now if you open the Certificates store for the Windows service named ISASTGCTRL you should see the imported certificate with the private key in the Personal store.

Testing the connection

1. Now there is only thing left and that is to test the secure LDAP connection to the Array Manager server. We will use ldp.exe for this. You should be able to run it from your TMG servers.
2. Open ldp.exe and click on Connection > Connect. Type FQDN of your TMG server that will act as Array Manager and type 2172 for the port number as this is the port on which ISASTGCTRL service listens. Click on the SSL and click Connect.

           

      

    3. If the connection is successful you will see the screen like the following:

         

Reference :       http://www.itsolutionbraindumps.com/2011/01/how-to-properly-issue-certificate-for.html





Cheers !!!!!!!!!!!!!

The program can't start because MSVCR110.dll is missing from your computer.

Problem: Sometimes we get following error while running a non windows application on windows box (Windows 7 in my case) . Like Apache webserver.

---------------------------
httpd.exe - System Error
---------------------------
The program can't start because MSVCR110.dll is missing from your computer. Try reinstalling the program to fix this problem.
---------------------------
OK
---------------------------

Reason : 

The right version of Visual C++ Redistributable for Visual Studio is not installed.

Solution : 

1. Remove all previously installed Visual C++ Redistributables from your computer using Control Panel - Add Remove Programs.

2. Download Visual C++ Redistributable for Visual Studio 2012 Update 4 from following link :

                http://www.microsoft.com/en-us/download/details.aspx?id=30679

3. Install This Visual C++ Redistributable for Visual Studio 2012 Update 4 and then run the application.

You should not receive the error this time.


Cheers !!!!!

Cookies Not Sent over the SSL Vulnerability on a PHP website

Problem  :  

Security Audit comes to you with a Vulnerability Scan Report and Shows following vulnerability has been identified on your PHP website.

Vulnerability : Cookies Not set over the SSL 

Even you make changes to your proxy, force SSL connection to your website at IIS level , the vulnerability remains there. Changes made to web server (IIS or any other)  or Proxy level are not reflected to a PHP site because PHP settings are governed by php.ini file.

Resolution : 

Just add following 2 lines to your php.ini file under the "sessions" section : 

session.cookie_httponly = 1

session.cookie_secure = 1

Restart your website.

You will not find the "Cookies Not set over the SSL" vulnerability again in the Security Audit.

CHEERS!!!

How to Identify the type of Remote Webserver used by the website

Problem: 

Being an administrator we have to find the type of web server (IIS or Apache or IHS) used by a website without logging on to the server.

Resolution : 

• We will check the server type used for wikipedia.org as an example 
• Go to the command prompt and type telnet wikipedia.org 80 and press enter:
• Once you get the black screen (which confirms that you have connected to website on port 80)
• Type Following command on that black screen (Characters will not be visible while typing)  
• HEAD / HTTP/1.0 and press enter twice, 
• You will see the results similar to following : 

HTTP/1.1 200 OK

Server: Apache

X-Powered-By: HHVM/3.3.0-static

Last-Modified: Sun, 20 Jul 2014 01:37:07 GMT

ETag: "380-4fe96073f96c0"

Content-Type: text/html

X-Varnish: 2794515395 2763687083, 2901371103 2901280737

Via: 1.1 varnish, 1.1 varnish

Content-Length: 896

Accept-Ranges: bytes

Date: Tue, 13 Jan 2015 11:52:04 GMT

Age: 27117

X-Cache: cp1066 hit (1695), cp1066 frontend hit (27)

X-Analytics: php=hhvm

Connection: close

Set-Cookie: GeoIP=US:Morristown:40.7968:-74.4815:v4; Path=/; Domain=.154.224

You can find the server type as Apache in the results.

For Linux clients , you can use CURL utility as well.

Happy Blogging ;-)