I just can't for the life of me remember. We were setting up IPSEC for a VPN along time ago and added IPSEC that has always caused 1091 1085 errors. We are not using it so I would like to remove it but cant find where.
I don't know if this applies to a DC, but try this.
Snapin:
1) Log into the server
2) Start > Run prompt
3) secpol.msc
4) Go to the security policies on the server
5) Right-click the policy, click unassign
Command-line:
cmd /k netsh ipsec static show policy all
This will show if a policy is active or not
cmd /c netsh ipsec static delete all
This will remove everything from the policy store
Related
guys please anyone can help me to solve this problem, after generating link by ngrok and when I have try to access this link browser replay : server IP address could not be found
There are many reasons for this error, you can try the following steps to solve this error:
Reset IPv4 settings.
Using cmd, we can issue netsh commands to reset IPv4 settings. launch CMD prompt as administrator, and type netsh winsock reset and hit Enter. Now restart your PC. Open CMD again and type netsh int ipv4 reset reset.log and keypress Enter. Again restart your PC and check if you can connect to the internet. This will completely reset all the IP configurations and changes that we made in our system to default one for automatic resolution.
Flush DNS Cache.
You can also flush the Domain Name Server (DNS) information that is cached on your system. Open cmd as admin and type ipconfig /flushdns, If everything is running right, you should get this as output — Successfully flushed the DNS Resolver Cache.
Change IP and DNS settings.
In most cases, the options are set to default. However, if you’ve made any changes or any antivirus software has deliberately misconfigured it, then you can just revert back the changes.
We have a small case of security breach in one of our sites, we have a contractor that is suppose to stay out of our firewall Fortinet, today i noticed these two paragraphs that look fishy. My site network administrator bailed on us few months ago and i am trying to wrap my head around these paragraphs without the need of paying someone to do it. I need your help experts!
> edit "Mycompany_to_Contractor"
> set vdom "root"
> set type tunnel
> set snmp-index 6
> set interface "wan1"
> next
> edit "Mycompany to Contractor2"
> set vdom "root"
> set type tunnel
> set snmp-index 8
> set interface "wan1"
> next
Any explanation would be appreciated!
Thank you
These snippets from the config interface section of a FortiOS config file show two virtual IPsec tunnel interfaces. When you create an IPsec config, these virtual interfaces are set up so that you can use them in policies to allow/filter traffic to or from the tunnel to any local interface.
The tunnel definition is kept in config vpn ipsec phase1-interface and starts with edit "Mycompany_to_Contractor". In this phase1 part you can see the IP address of the remote gateway which may give you a clue to whom the tunnel is connecting to.
The rest of the VPN definition, including local and remote subnets, is defined in config vpn ipsec phase2-interface.
To quickly disable remote access from these two contractors / remote sites, disable the policies referring to the tunnel interfaces. Without policy the tunnels cannot be established. For forensic purposes I would backup the config first.
I have several sites on hosted on my local iis that I cannot access all of sudden.
Error I'm getting in all browsers I have installed (Chrome, IE, Edge) is- server DNS address could not be found.
Last thing I was doing before things wend wrong- installing Web Deploy 3.5, but uninstall did not help.
I checked hosts file and bindings in iis- both are valid.
Another thing I've tried with no luck:
Reset WINSOCK entries to installation defaults : netsh winsock reset catalog
Reset TCP/IP stack to installation defaults : netsh int ip reset reset.log
Flush DNS resolver cache : ipconfig /flushdns
Renew DNS client registration and refresh DHCP leases : ipconfig /registerdns
Flush routing table : route /f (reboot required)
Ping cannot file host as well
Ping request could not find host XXX. Please check the name and try again.
At the same time htt://localhost shows Default Web site with IIS welcome page.
This appeared to be a problem with permissions on host file- somehow those got broken
may I know how to change ssh port 22 to a custom port in azure resource group vm? I know i can change the endpoints easily on vm classic. But how can i change ssh 22 to other port number for ssh on resource group vm on the new portal? thanks.
You can’t use the new type of VM with a resource manager on old portal so you have no choice but to use the new Azure portal https://portal.azure.com.
Let’s see what you will get when you create a new VM with a resource manager.
By default, you will get the following things when you create a VM but of course, you have an option to choose what to create or what to re-use during the setup.
•Virtual machine
•Network Interface
•Network Security Group
•Public IP Address
•Virtual network
•Storage Account
Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop.
Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well.
First you must do the following steps:
Once you are logged in to the server as root we can begin editing the sshd_config file. As with any modification to an important server file, it is always a good idea to back it up before making any changes:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim) and locate the line that specifies the port. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (example below).
sudo nano /etc/ssh/sshd_config
The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222 (which is used by Windows servers but not by default on Linux servers).
Remove the # symbol and change the port number
second you must do the following steps:
Go to your azure portal and select all resources
Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop (see Figure 2).
Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well. e same port that you put in the file /etc/ssh/sshd_config in destination port range (see Figure 3).
None of these fully worked for me.
I found a working answer on Youtube
https://www.youtube.com/watch?v=zkr-RMcGuk0
Which involved added the following redirect.
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j REDIRECT --to-port 22
Out of curiosity, why do you want to change the ssh port? The approach will depend on why you want to do it, but one way would be as follows:
ssh into the VM on port 22 and make the ssh daemon listen on whichever port you want. This link describes how to do it (you can ignore the part about iptables if you aren't using it): http://support.hostgator.com/articles/hosting-guide/lets-get-started/linux-dedicated-hosting/how-to-change-the-ssh-port-on-dedicated-and-vps
exit your ssh connection and ssh back in on your new port of choice
Alternatively, you could put your VM behind a load balancer that maps some other port to port 22 on the VM (e.g. https://azure.microsoft.com/en-us/documentation/articles/load-balancer-get-started-internet-arm-ps/#create-lb-rules-nat-rules-a-probe-and-a-load-balancer).
One important clarification to the portal answer is to make sure you specify a source-port-range of '*' for your inbound rule and a priority that is lower than the default rules. Typically 100-400 is a good priority range.
Unlike classic deployments, resource manager deployments don't have "endpoints" but rather inbound and outbound "rules" which is really a filter applied to the connection. The result is that the port you want to open to connect to the VM is the "destination-port-range", and the source-port-range specifies the "originating port for this connection", which is typically dynamic -- and thus, for most basic scenarios, should be "any" which is '*'.
The exceptions will be cases in which internally to your vnet you know that the originating port should ONLY be that one port, over there, on that one VM -- in order to be as certain as you can that only that VM/port can connect with this one.
But, in the case in which you want to connect from the internet, it typically needs to be '*'.
you have to add an entry in your ssh_config file
port = 22022
and then restart your sshd
sudo /etc/init.d/ssh restart
or
sudo service ssh restart
and then change the Azure portal NSG rules to allow port 22022 to your IP address or change the default ssh to custom and modify the port no.
and try the command if you are using password-based or password-less
ssh machine#host-ip -p 22022
or
ssh -i location-to-your-pem-file machine#host-ip -p 22022
I'm Unable to access CouchDB remotely. I'm using a Windows 2008 virtual machine in Azure.
I did the following,
1) Installed IIS on windows server 2008.
2) Created an endpoint for port 5984
3) Installed CouchDB & verified the same by using futon
http://127.0.0.1:5984/_utils
4) Created a subdomain ( db.mydomainxyz.com ) with my domain registrar & verified. If I type http://db.mydomainxyz.com/ in browser - IIS7 default page gets displayed.
5) Made couchdb to listen on all network adapters by setting => bind_address = 0.0.0.0
6) Created vhosts to point to my domain = > db.mydomainxyz.com:5984 = /db/_rewrite/
After doing all these things I'm still unable to access CouchDB remotely http://db.mydomainxyz.com:5984/
Is there anything I'm missing ?
After changing the bind_address, CouchDB must be restarted. The problem is that its daemon is very resilient. So even if you tried to restart it, it probably never stopped. Restart your virtual machine instead.
See the similar discussion on ServerFault for more information.
This command solves the issue:
netsh advfirewall firewall add rule name="Apache CouchDB" dir=in action=allow service=any enable=yes profile=any localport=5984 protocol=tcp