Chrome updates disabled by Administrator?

You might run into this issue in a large corporation, where an overzealous Administrator thinks that they know better than Google and therefore try and stop your machine from staying up to date with the latest Google release.

Please note to edit your Registry you need to be a Local Administrator.

To ‘fix’ this issue, it might need to done using a batch script as your policies might get reset on each login or at a set time.

Run the Registry Editor, Start/Run: regedit

Browse to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update

Double-click at the UpdateDefault or DefaultUpdate (depends on what version installed)

Change the 0 to a 1

Exit Registry Editor and return to the Help/About Google Chrome section,  your browser will then start to auto update!

IIS 6 Http to Https Redirect

Yes, why on earth would you still be using a server which can only support IIS6?! But somethings in this world cannot be pushed into the future fast enough, in the case of our organisation there are quite a few Windows 2003 servers which are still in use, which is shocking.

So what do I need to do to get a redirect in place?

Create a blank file called HttpRedirect.htm in the directory root of your website, copy in the below code.

<!-- beginning of HttpRedirect.htm file -->

<script type="text/javascript">

function redirectToHttps()

{

var httpsPort = ":4443"

<!-- Add +httpsPort after the window.location.hostname if the standard https port is not 443 -->

var httpURL = window.location.hostname+window.location.pathname;

var httpsURL = "https://" + httpURL ;

window.location = httpsURL ;

}

redirectToHttps();

</script>

<!-- end of HttpRedirect.htm file -->

Set the 403.4 error page to use this file instead of the regular error file. Do this in IIS6, right click and select ‘Properties‘ on your website, click on ‘Custom Errors‘ tab, find 403.4 in the list click ‘Edit‘ and ‘Browse‘ point it at the file which you created above.

Select the ‘Directory Security‘ tab, select ‘Edit’ in the Secure Communications section

Check on the ‘Require secure channel (SSL)‘ option. (This will only allow pages on this site to be viewed only with Https.)

Now browse to a URL on this website and your be redirect from http to https.

Lost your BASH’fulness?

The dreaded moment when you are on your Unix / Linux server and you type ‘ls‘ and up pops ‘Command not found‘.

Before running about screaming, asking yourself why did you run that last command.

Check your PATH

$ echo $PATH

If yours is not showing /bin , /usr/bin or /usr/local/bin directories, then this is why you are getting ‘Command not found‘ these are the directories that hold the systems user commands.

So, you’ll need to add them back into the PATH

export PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

Now try the ‘ls‘ command again. It should now work.

If you want to change it later, do

export PATH=$PATH:/my/new/directory

That way it will keep the existing PATH and add the new directory to the end.

If you need to add the above so it is available at startup, you need to Google your “(OS) add path to startup” or “(OS) add path to profile“, there is too much and too many OS variations on this topic to be covered here.

Port opened? Telnet is your friend

Do you want to know if the problem you are having is a network \ firewall issue?

You can simply use Telnet to check if the port you are trying to connect to is open or not.

You can test any port using this simple method, not just connections open to telnet.

First off you need to install Telnet Client on your machine.

To do so, open a command prompt window. Click Start, type cmd in the Start Search box, and then press ENTER.

pkgmgr /iu:"TelnetClient"

Next step close the current command prompt and reopen it again, this is so the path to Telnet which you’ve just installed will work.

Now type the connection & port to test

telnet <server> <port>

Example

telnet google.co.uk 80

If it goes to a blank screen or a screen with funny characters then this means that port is open.

If you get :

Connecting To google.co.uk..Could not open connection to the host, on port 80:Connect failed

Then you’ll need to get onto your network team to open some firewall rules for the required port access or iptables if on unix servers.

Grizzly AppDynamics SSL issue

I’ve been trying to get an SSL certification on our AppDynamics server, to no avail. on startup I just get the following, repeat, see code block below.

When I go back to the original self signed keystore.jks file in AppDynamics\Controller\appserver\glassfish\domains\domain1\config then AppDynamics starts up fine.

I’ve tried every way of getting the SSL certificate into the keystore, it imports without error, but then displays this on boot up in the server.log ‘ProtocolChain exception’.

I’ve tried extracting the private key and rebuilding the p12 file with that and the certificate, using openssl as the AppDynamics manual says:  openssl pkcs12 -inkey key.pem -in appdynamics_mmu_ac_uk.crt -export -out keystore.p12

[#|2016-01-28T22:14:08.356+0000|SEVERE|glassfish3.1.2|com.sun.grizzly.config.GrizzlyServiceListener|_ThreadID=51;_ThreadName=Thread-5;|ProtocolChain exception
 java.lang.NullPointerException
 at com.sun.grizzly.filter.SSLReadFilter.newSSLEngine(SSLReadFilter.java:352)
 at com.sun.grizzly.filter.SSLReadFilter.obtainSSLEngine(SSLReadFilter.java:399)
 at com.sun.grizzly.filter.SSLReadFilter.execute(SSLReadFilter.java:159)
 at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
 at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
 at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
 at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
 at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
 at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
 at com.sun.grizzly.ContextTask.run(ContextTask.java:121)
 at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:554)
 at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:533)
 at java.lang.Thread.run(Unknown Source)
 |#]

Solution

Hidden in the manual, right at the very bottom, after the section which you are reading, it reminds you to make sure that your ‘s1as‘ certificate has the same password as the keystore..

https://docs.appdynamics.com/display/PRO42/Controller+SSL+and+Certificates

Changing the master password with asadmin changes the password for the keystore and for the s1as key. It does not change the password of any additional keys you have added to the keystore. However if you have added keys to the keystore, you need to change their password to match the new master password. Use the keytool to change their passwords as follows:

keytool -keypasswd -alias s1as -keystore keystore.jks
-storepass 

If you’ve changed the password to s1as and it still does play ball, try changing the passwords to glassfish-instance and reporting-instance

Changing the Keystore’s alias key passwords after changing the main Glassfish password with asadmin – So all are the same:

d:\AppDynamics\Controller\appserver\glassfish\domains\domain1\config
keytool -keypasswd -alias glassfish-instance -keystore keystore.jks
Enter keystore password:
Enter key password for <glassfish-instance>
New key password for <glassfish-instance>:
Re-enter new key password for <glassfish-instance>:

d:\AppDynamics\Controller\appserver\glassfish\domains\domain1\config
keytool -keypasswd -alias reporting-instance -keystore keystore.jks
Enter keystore password:
Enter key password for <reporting-instance>
New key password for <reporting-instance>:
Re-enter new key password for <reporting-instance>:

2015 in review

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 60,000 times in 2015. If it were a concert at Sydney Opera House, it would take about 22 sold-out performances for that many people to see it.

Click here to see the complete report.

Cisco VPN Windows 10

There’s lot of information out there on how to get Cisco VPN to connect to your work computer using Windows 10, but only one site I’ve found actually gives information that works:

5 Steps to make Cisco VPN work in Windows 10

I’ve summed this up below as it contains too much information, this is what worked for me, I was getting:

Error 433 Secure VPN Connection terminated locally by the Client. Reason 433: Reason not specified by peer.

snap shot of error

The likely reason is due to the DNE LightWeight Filter network client not being properly installed by the Cisco Systems VPN installer.

To solve this, please try to do the following

A) First, uninstall any Cisco VPN Client software you may have installed earlier
B) Reboot your computer.
C) Run winfix.exe, to ensure the DNE is properly cleaned up, as no doubt this isn’t your first attempt.
D) Reboot your computer again.
E) Download Sonic VPN software from here: 32-bit or 64-bit
F) Install the Sonic VPN software from above.
G) Reboot your computer.
H) Reinstall the Cisco VPN Client software again. (If you face a version not suitable for Windows 10 issue, run the msi file instead of the exe file)
I) Install the Cisco VPN Client Software: 32-bit Windows VPN Client (version 5.0.07) or 64-bit Windows VPN Client (version 5.0.07)
J)Reboot.
K)Make changes to the registry:
Open Registry editor regedit in Run prompt

Browse to the Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA

Select the Display Name to modify, and remove the leading characters from the value data value as shown below,

For x86 machine, shorten the string “@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapterto just Cisco Systems VPN Adapter

Or for x64 machine, shorten the string”@oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows” to just “Cisco Systems VPN Adapter for 64-bit Windows
L) Reboot your computer.
M) Your Cisco VPN Client should now work in Windows 10

Are you getting a 412 error?

cisco412

I was getting this when I was trying to connect from within my organisation, this isn’t allowed as your organisation is blocking the required UDP ports 4500/500

Solution, try connecting from somewhere external to your organisation.

If this doesn’t work for you then you’ll have to delve into the full site to work it out for your set-up.

Windows 10 Update Uninstalls “Cisco Systems VPN Adapter”

I noticed that a recent Windows 10 update kindly uninstalled my Cisco VPN Adapter! Why? I’m not sure. Apparently ‘removed due to incompatibility issues’ But if you want it back, you’ll need to uninstall ‘Cisco Systems VPN Client 5.0.07.0440 in Add or Remove programs then re-run the msi installer, this will FAIL, now jump to the unzipped directory ‘C:\Users\\AppData\Local\Temp‘ to find ‘vpnclient_setup.msi‘, run this, you might need to run it twice as it complains about failing to add itself to the Services. Then you need to re-edit the ‘Display Name‘ using the Registry key in Regedit, as above.