Monthly Archives: September 2014

gentoo fix bash vulnerability (bash shellshock) CVE-2014-7169

All Bash 3.1 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/bash-3.1_p18-r1"

All Bash 3.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/bash-3.2_p52-r1"

All Bash 4.0 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/bash-4.0_p39-r1"

All Bash 4.1 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/bash-4.1_p12-r1"

All Bash 4.2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/bash-4.2_p48-r1" 

Install PFX certificate on ESXi host

1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
http://slproweb.com/download/Win32OpenSSL_Light-0_9_8zb.exe
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:

openssl pkcs12 -in server.pfx -nocerts -out server_tmp.key 

During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.

openssl rsa -in server_tmp.key  -out server.key

b. Generate crt file for the certificate via below command:

openssl pkcs12 -in server.infau.wbcau.westpac.com.au.pfx -clcerts -nokeys -out server.crt 

6. Done. Now you can install the certificate for ESXi host

Verify Schema versions on all Domain Controllers

Usually we can use below batch file to check domain controller schema version.

ECHO OFF

REM Change the line below. Example: SET domain=dc=mydomain,dc=com

SET domain=dc=exampledomain,dc=com

ECHO.
ECHO Finding Schema Level on Domain Controllers in domain %domain%..

SET file=schemainput.txt
dsquery server -o rdn > %file%
FOR /f %%a IN (%file%) DO CALL :Loop %%a
REM Cleaning up the temporary file.
IF EXIST %file% DEL %file%
GOTO :eof

:Loop
SET dc=%1
ECHO.
ECHO %dc%
dsquery * cn=schema,cn=configuration,%domain% -scope base -attr objectversion -s %dc%|FIND /i /v "objectversion"
GOTO :eof

Another very quick way to check this with only one command line is using the repadmin tool:

repadmin /showattr * “cn=schema,cn=configuration,dc=yourdomain,dc=com” /atts:ObjectVersio

n

Script used for enable XenDesktop Database Mirroring

Make sure that all DDCs are up and running, then run below PowerShell Script.

$cs = 'Data Source=DB1; Failover Partner=DB2; Initial Catalog=XenDesktopDB; Integrated Security=True; Network=dbmssocn’


$controllers = Get-BrokerController | %{$_.DNSName}
foreach ($controller in $controllers) {
    Write-Host "Disconnect controller $controller ..."
    Set-ConfigDBConnection –DBConnection $null –AdminAddress $controller
    Set-HypDBConnection –DBConnection $null –AdminAddress $controller
    Set-AcctDBConnection –DBConnection $null –AdminAddress $controller
    Set-ProvDBConnection –DBConnection $null –AdminAddress $controller
    Set-PvsVmDBConnection –DBConnection $null –AdminAddress $controller
    Set-BrokerDBConnection –DBConnection $null –AdminAddress $controller
} 



    Set-ConfigDBConnection –DBConnection $cs –AdminAddress $controller
    Set-HypDBConnection –DBConnection $cs –AdminAddress $controller
    Set-AcctDBConnection –DBConnection $cs –AdminAddress  $controller
    Set-ProvDBConnection –DBConnection $cs –AdminAddress $controller
    Set-PvsVmDBConnection –DBConnection $cs –AdminAddress $controller
    Set-BrokerDBConnection –DBConnection $cs –AdminAddress $controller