Nov 9, 2017

How to log X-Forwarded-For events in IIS 8.5+ and in Apache

At my day job, we use a cloud based content delivery service called Incapsula that also acts as a cloud based load balancer. Like just about every load balancing solution, when traffic finally hits your web server, the only IP addresses you see are usually that of the load balancer. The same holds true with Incapsula.

Well, the other day I was asked to identify certain traffic by IP address, and I couldn't. The logs only showed that of Incapsula. I asked Incapsula for their logs so I could correlate, but they only keep security related logs due to PCI compliance, which is understandable. That meant that I needed a way to log X-Forwarded-For header information going forward.

If you are not familiar with X-Forwarded-For, according to Wikipedia:
The X-Forwarded-For (XFF) HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
Makes sense right? Well, the good news is that both Apache and IIS (8.5 and above) support logging X-Forwarded-For natively with some slight modifications.

For IIS:
  • In IIS Manager, click the server name in the left panel to go to the Home screen
  • Click on Logging
  • Click on the Select Fields button
  • Click on the Add Field button
  • In the Field Name box enter x-forwarded-for
  • Leave Source Type set to Request Header
  • In the Source box enter X-Forwarded-For
  • Click OK
  • Click OK again
  • In the upper right of the Logging page click Apply
  • Restart IIS
Your logs will now be appended with _x to show that the logs contain custom fields. You can also follow this same process at the site level if you want. The above example makes the change global for all sites on the server.

For Apache (In Ubuntu):
  • Edit /etc/apache2/apache2.conf
  • Find the line that says
    LogFormat “%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  • Change it to
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  • Restart Apache

Simple right? Now you will be able to see actual client IP's in your logs!

Did this post help you? Let us know in the comments!

Oct 19, 2017

How To Use Remote Assistance (Quick Assist) in Windows 10

Holy smokes! I discovered today that Remote Assistance still exists! It's actually been re-named to Quick Assist apparently according to Wikipedia. If that's true, it's funny that the application windows all still say Windows Remote Assistance still, but I digress...

Anyway, I used to use it all the time in my old Windows XP support days, but for some reason I thought it went away after Vista. I'm guessing that is because it became less intuitive to find it.

Well, the company I work for recently moved out of one office into two smaller offices, and the guys who work for me that support the users in both places are located at just one of the offices. That means remote support for everyone in the second office now.

We had Skype for Business through our Office365 subscription, which was "good enough" up until now, but the problem with that is it won't give the support person the administrative rights they need to actually help people remotely. My team and I talked about it, and we decided we needed to find something that works better in our new multi-office setup.

I decided to do a quick Google search, and lo and behold there it was! An article talking about how to use Remote Assistance in Windows 10! Bam!

It's pretty simple, you just have the user open a Run line by pressing Windows + R, then have them type in msra and click OK.

They are then presented with this screen:

If the user clicks the first option, they can save an invite file, email an invite file or use Easy Connect. Once they select an option, another window pops up with a temporary session password that the person giving support can use to connect with.

If the person giving the support clicks on one of the invite files, they are presented with a prompt to enter in the temporary password of the user needing help!

Once the password is entered, then the user needing help shares their screen, and the person giving support can request control in order to troubleshoot issues! All of this is free and built into Windows too!

What remote support tool(s) do you use at your company? Let us know in the comments!

Sep 15, 2017

Long overdue post! mRemoteNG is back baby!

I have been an mRemote user for years. Even when the original project went tits up, and the new fork of mRemoteNG emerged, I've continued to use it.

A few years ago I wrote an article about switching over to Terminals because there was a bug in the version of mRemoteNG I was using that the developers weren't going to fix. Despite that, mRemoteNG was still my multi-terminal client of choice unless something went seriously wrong.

I've been using 1.72 Beta for what seems like forever. It would do weird things like freeze up my computer for 10 minutes if I had too many windows open. If that happened, I would switch to Terminals after my computer unfroze. I never made the full switch to Terminals though because of the amount of servers I have to manage. I just didn't want to take that time to manually re-create all the connections!

Well, on a whim this morning, I decided to check back with mRemoteNG and to my surprise they released a new stable version back in June! You can download their latest version here: (Download)

I just installed it, and re-imported my connections XML file. It will still be a few days before I know if all the old bugs have been worked out, and I can remove Terminals!

Do you use mRemoteNG? How do you like it? Let us know in the comments!

Sep 5, 2017

How To Solve Facebook Math: 6 ÷ 2 (1 + 2)

This is an older video I put out back when I was still doing Tech Chop. Lately, the Facebook math problems have been making their rounds again, so I thought I'd post it here. Check it out:

In the comment section on Youtube, there are a bunch of people still arguing with me over this, and the way I implemented the order of operations. In the video, I reference an article from PurpleMath that says the following:
When you have a bunch of operations of the same rank, you just operate from left to right. For instance, 15 ÷ 3 × 4 is not 15 ÷ (3 × 4) = 15 ÷ 12, but is rather (15 ÷ 3) × 4 = 5 × 4, because, going from left to right, you get to the division sign first.
So, as mentioned in the video, if you follow the order of operations when solving 6 ÷ 2 (1 + 2), we handle the stuff in parentheses first, which is 1+2 which equals 3.

That now leaves the problem as  6 ÷ 2 (3), which is the same as 6 ÷ 2 x 3. Because everything is the same rank now in the order of operations, we go back to what PurpleMath said, and we solve left to right. The first problem starting from the left is:

6 ÷ 2 = 3

Which leaves us with 3x3 which of course equals 9.

If you want to argue in the comments, fine, but please note that your argument is not with me. It's with PurpleMath and the order of operations.


EDIT: Okay, TotalMedia in the comments pointed out that PurpleMath actually explains why 9 is not the correct answer on page two. They say:

This next example displays an issue that almost never arises but, when it does, there seems to be no end to the arguing. 
Simplify 16 ÷ 2[8 – 3(4 – 2)] + 1.
16 ÷ 2[8 – 3(4 – 2)] + 1
    = 16 ÷ 2[8 – 3(2)] + 1
    = 16 ÷ 2[8 – 6] + 1
    = 16 ÷ 2[2] + 1   (**)
    = 16 ÷ 4 + 1
    = 4 + 1 

The confusing part in the above calculation is how "16 divided by 2[2] + 1" (in the line marked with the double-star) becomes "16 divided by 4 + 1", instead of "8 times by 2 + 1". That's because, even though multiplication and division are at the same level (so the left-to-right rule should apply), parentheses outrank division, so the first 2 goes with the [2], rather than with the "16 divided by". That is, multiplication that is indicated by placement against parentheses (or brackets, etc) is "stronger" than "regular" multiplication. 

So, because of how 6 ÷ 2 (1 + 2) is written, with the multiplication not clearly defined like 6 ÷ 2 x (1 + 2), then according to the example above we need to simplify what's in parenthesis first which makes the problem  6 ÷ 2 (3), and since 2 is next to the parenthesis, then it is in essence a multiplication problem that is a part of the parenthesis and must be solved first, and the left-right rule doesn't apply because parenthesis is higher up in the order of operations.

That means that we have to multiply 2(3) which equals 6, and now the problem is 6÷6 which equals 1!

Son of a bitch! That is a tricky problem!

Sep 1, 2017

System error 67 has occurred. The network name cannot be found. --- DUH!

Oh man, I write this blog post feeling absolutely foolish and humble. Please be gentle on me in the comments...

The other day I needed to map a network drive for a number of users, so naturally I added a net use command to their login scripts. Simple right? Well, for some reason their drives just wouldn't map, and they were getting the following message if they manually ran the script:
System error 67 has occurred.
The network name cannot be found. 

For the life of me, I couldn't figure out what it was. I could manually map the drive fine through Explorer, but using the net use command at the command prompt didn't work at all.

After Googling, and searching, and sifting through bullshit forum posts about needing to enable WINS (This is not true), I finally got to playing around and figured out what my dumb ass did wrong...

I added an extra "\" at the end of the UNC path...

Instead of

net use j: \\servername\fileshare\

It needed to be

net use j: \\servername\fileshare

Once I removed the extra "\" it worked just fine!

It's weird, but after being in IT for over 12 years, I still sometimes mess up the simple stuff. Nobody is perfect I guess. Still though, if you are here, I'm assuming you probably ran into the same thing. Hopefully this helps you out and we can all start a support group in the comments!

Aug 31, 2017

HACK: How to downgrade Windows 2016 Datacenter to Standard

At my day job, we are getting ready to open a new office. It's going to be a relatively small office, but we still wanted to have a local domain controller on hand for authentication, DNS, DHCP, etc.

We decided that this would be a physical host, and since we weren't going to run any virtual servers in that office, we decided to go with Windows 2016 Standard edition to save on licensing costs. Well, despite that being the plan, when my Systems Administrator installed Windows, he accidentally opted for Windows 2016 Datacenter edition!

The problem with this is that you can easily upgrade Windows Standard to Datacenter using DISM from the command line. Downgrading from Datacenter to Standard is not officially supported though...

That being said, it can certainly be done. Since this isn't officially supported, I recommend making sure you have a good backup just in case, because you do this at your own risk!

Here's what you need to do:

  • Open the registry editor on the machine you want to downgrade
  • Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • Edit the EditionID key to say ServerStandard
  • Edit the ProductName key to say Windows Server 2012 R2 Standard
  • Close out of the registry editor
  • Run the Windows 2016 Installer from the install disk, thumb drive or a local folder
  • When prompted, enter your Windows 2016 key and follow the prompts to "upgrade" Windows

After your computer reboots one or more times, it will now be running Windows 2016 Standard!

If you are not fully understanding what is happening, you are tricking the installer into thinking it is doing an in-place upgrade of Windows 2012 R2 Standard to Windows 2016 Standard by editing the registry. Simple, yet effective right?

Needless to say, it worked like a charm for us, and saved my Systems Administrator from having to start all over.

Did this work for you? Let us know in the comments!

Aug 30, 2017

Simple Free Open Source Alternative to DFS

I am in the process of testing out VM's in Microsoft Azure. So far it's pretty bad ass, and there is so much you can do with it. It's truly remarkable, at least, that's my impression thus far.

One thing I want to do is setup file replication between servers so I can have a geographic active/active setup with front-end web servers. Now, Azure does have a cool feature called Read-Access Geo Redundant Storage that replicates your data at the block level to another region, and leaves that copy in a read only state. I have yet to find an option to have read-write in all regions though (If you know how to do it, let me know in the comments).

Anyway, I thought a good solution might be DFS (Microsoft's Distributed File System) which automatically syncs files to different servers. The problem with this is that it requires domain controllers and Active Directory, and I don't want to deploy domain controllers in Azure.

No problem, because I found what looks to be a simple and most importantly, free open source alternative to DFS! It's called FreeFileSync!

Check out their video:

As you can see, you can do a lot with it. I setup the folders I wanted to sync, set an interval to check for changes, and saved the settings to a .ffs_batch file. I then setup a scheduled task to kick off their RealTimeSync tool when the server reboots to run the following:

"C:\Program Files\FreeFileSync\RealTimeSync.exe" "D:\SyncFiles\FileSync.ffs_batch"

During testing, I have created files in all the directories I want to sync. I've updated them in one, and noticed the changes in the other. I've deleted files, and seen them delete on the other servers. It works great!

One thing I noticed, is that this needs to run on one single host for it to work right. If you need it to keep working if that host goes down, I'd recommend setting up the scheduled task on all nodes, and just leave them disabled unless the primary goes down for some reason.

Also note, that it isn't instant. If you make a change in one folder, it does take a few seconds to sync to the other folder.

Anyway, it was super simple to setup and it just works. It also works on Linux and iOS as well!

What do you use to sync files between servers? Let us know in the comments!

Aug 29, 2017

Option to join a local domain missing in Windows 10 version 1703

As I mentioned yesterday, I finally got around to upgrading my laptop to the latest Creators Update 1703 for Windows 10. Sometime after the update, and fixing my VPN issue I stepped away from my desk and when I came back to unlock my laptop I received a message saying that my laptop had lost it's trust relationship with the domain.

To be honest, I'm not sure if was due to the upgrade or if my desktop guy or Systems Administrator screwed up, but when I looked in my Active Directory my laptop object was gone!

I figured, no big deal. I'll just disjoin if from the domain, reboot, login as Administrator and re-join it. Well, that didn't work as expected, because when I went to join it back to the domain, the option to join a local domain was GONE!

If all you see is above, your only option is to join to a hosted Azure account really. WTF is that all about?

Anyway, to fix this I had to create a couple of DWORD registry entries in

  • DNSNameResolutionRequired = 0
  • DomainCompatibilityMode = 1
After I added those and rebooted, I had the option to join to a local domain again!

Did you have a similar issue? Let us know in the comments!

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam