Interesting title huh? Basically I removed the SCOM 2007 Reporting module and it told me I needed to use “RESETSRS” to restore SQL Server 2005 Reporting Services to a working state. So this is what happened when I followed that advice.

Try 1:

C:\installs\en_scom_2007_cd_X13-72525\SupportTools>ResetSRS.exe MSSQLSERVER

Microsoft System Center Operations Manager 2007 — Reset SQL Reporting Server Tool
(C) Copyright 2000-2006 Microsoft Corp.

Please enter the account to use for Setting up database connection
Domain\user
Please enter the password to use for Setting up database connection

The account is validated, now we will try and restore this SRS instance.

Unhandled Exception: System.Runtime.InteropServices.COMException (0×800706B3)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementObject.InvokeMethod(String methodName, ManagementBaseObject inParameters, InvokeMethodOptions options)
at Microsoft.EnterpriseManagement.Mom.ReportingTools.ResetSRSTool.ResetSRS(String instanceId)
at Microsoft.EnterpriseManagement.Mom.ReportingTools.ResetSRSTool.Main(String[] args)

Say what now! Figured I have alot of programs open including SCOM, IIS, and Reporting Services Configuration Manager, that I’ll close all that down and give it another try.

Try 2:

C:\installs\en_scom_2007_cd_X13-72525\SupportTools>ResetSRS.exe MSSQLSERVER

Microsoft System Center Operations Manager 2007 — Reset SQL Reporting Server Tool
(C) Copyright 2000-2006 Microsoft Corp.

Please enter the account to use for Setting up database connection
Domain\user
Please enter the password to use for Setting up database connection

The account is validated, now we will try and restore this SRS instance.

Unhandled Exception: System.Data.SqlClient.SqlException: There is already an object named ‘SetSystemPolicy’ in the database.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName,Boolean async)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.EnterpriseManagement.Mom.ReportingTools.ResetSRSTool.RunSQLScriptHelper(String sqlScript, String sqlSRSServer)
at Microsoft.EnterpriseManagement.Mom.ReportingTools.ResetSRSTool.ResetSRS(String instanceId)
at Microsoft.EnterpriseManagement.Mom.ReportingTools.ResetSRSTool.Main(String[] args)

Huh! Now I have an error about twice the size of the first one. Now I figure heck lets run it again without doing anything (just up arrow enter). It can’t cant get any worse, maybe it will just work?

Try 3:

C:\installs\en_scom_2007_cd_X13-72525\SupportTools>ResetSRS.exe MSSQLSERVER

Microsoft System Center Operations Manager 2007 — Reset SQL Reporting Server Tool
(C) Copyright 2000-2006 Microsoft Corp.

Please enter the account to use for Setting up database connection
Domain\user
Please enter the password to use for Setting up database connection
The account is validated, now we will try and restore this SRS instance.

The restoration of SQL Reporting Services is successful.

!!! Windows+Microsoft Programs never cease to amaze me (In the worst possible way)

This is my mega kool Linux IPtables management script I whipped up. Basically it provides you a set of options for managing your IPtables firewall script. The options/features include:

• Forced crontab job creation during the “Apply Firewall” option. This job basically will allow you to set a rollback time incase you buggered you config and have locked yourself out of that precious firewall
• Check the IPtables version
• View crontab entries
• Remove all crontab entries (be careful with this one if you have entries other then the ones created by this script)
• Edit the firewall config from the script using vim. This option creates a backup before the editing begins

By using the script it allows multiple people to edit the firewall config without using multiple versions of the same config file while automating the backup and restore when you bork it

Download the script here as wordpress doesn’t show it with the correct indenting FWManage

#!/bin/bash
echo -e “****************Welcome*************”

getcron()
{
opt_min=0
opt_hour=0
opt_day=1
opt_mon=1

date
echo -e “set a restore time, 5 minutes from the current time is normally a good idea\n”
echo -e “Enter minute(0-59)\n”
read opt_min
opt_fws=$(($opt_min+1))
echo -e “Enter hour (0-23)\n”
read opt_hour
echo “Enter day (1-31)\n”
read opt_day
echo “Enter month (1-12)\n”
read opt_mon

echo “$opt_min $opt_hour $opt_day $opt_mon * /bin/cp -f /root/firewall/firewallbackup.txt /root/firewall/firewall.txt” > /root/firewall/cronjob_restorefile
echo “$opt_fws $opt_hour $opt_day $opt_mon * /root/firewall/firewall.txt” > /root/firewall/cronjob_reloadfw

/usr/bin/crontab /root/firewall/cronjob_restorefile
/usr/bin/crontab /root/firewall/cronjob_reloadfw

/usr/bin/crontab -l

}

main()
{
ROOT_UID=0
if [ $UID == $ROOT_UID ];
then
clear
opt_main=1
while [ $opt_main != 6 ]
do
echo -e “***************************************\n”

echo -e “\t*****Main Menu*****\n
1. Check Iptables Version\n
2. Apply Firewall\n
3. Edit Firewall\n
4. View Crontab\n
5. Clear crontab\n
6. Exit”
read opt_main
case $opt_main in
1) echo -e “******************************”
/sbin/iptables –version
echo -e “******************************” ;;
2) echo -e “******************************”
getcron
echo -e “******************************” ;;
3)    echo -e “firewall.txt backed up to /root/firewall/firewallbackup.txt\n”
/bin/cp -f /root/firewall/firewall.txt /root/firewall/firewallbackup.txt
vim /root/firewall/firewall.txt ;;
4) echo -e “******************************”
/usr/bin/crontab -l
echo -e “******************************” ;;
5) echo -e “******************************”
/usr/bin/crontab -r
echo -e “******************************” ;;
6) exit 0 ;;
*) echo -e “Wrong option Selected!!!”
esac
done
else
echo -e “You Must be the ROOT to Perfom this Task!!!”
fi
}
main
exit 0

In this post I’m going to show you how to decrypt an SSL transmission from client to webserver and the opposite. Why would you want to do this you ask. This knowledge comes in very handy when you need to troubleshoot an issue with a website for instance which is wrapped in SSL. The only way to see the exchanges between the client and the webserver is to decrypt the encrypted traffic. This technique could also be used for a man in the middle (MITM) attack assuming you have the Private-Key. All commands and programs are run on Ubuntu Linux 8.04.

Install required Software

Install SSLdump and Wireshark:

1. sudo apt-get install ssldump
2. sudo apt-get install wireshark
   

Decrypting SSL For Troubleshooting

Acquiring/Extracting An SSL Certficates Private Key

What is a private key might be your first question (See the “Public-Key Cryptography” reference for the full article):

Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. Incoming messages would have been encrypted with the recipient’s public key and can only be decrypted with his corresponding private key. The keys are related mathematically, but the private key cannot be practically derived from the public key.

To extract the private key from a .pfx (Personal Information Exchange):

1. openssl pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

To extract the certificate file (the signed public key) from the pfx file:

1. openssl pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem

To remove the password from the private key file (I dont advise doing this, if you do I would store the PEM file in an encrypted store or delete immediatly when done.):

1. openssl rsa -in privateKey.pem -in privateKey.pem -out private.pem

Capturing the Encrypted Traffic

To capture the encrypted traffic depending on your scenario this may differ. Simple topology description:

Client<—–>ISA<—–>Webserver

Generated by public certificate authority (CA)<—–>ISA<—–>Generated by internal certificate authority (CA)

In red the segment I am decrypting:

Client<—–>ISA<—–>Webserver

To do this I installed wireshark on the ISA server and started a new capture on the client side interface. Once the capture is running perform a few requests to the webserver as normal, and then save the capture file. (note you may want to add a filter to the capture options or the save options to minimise the unnecessary traffic capture).

Decrypting the Wireshark Capture File

To decrypt the capture file from the above run the following command(for switch descriptions man ssldump from a terminal) from a terminal and substitute the appropriate parts (privateKey.pem and wiresharkCapture.pcap filenames and also the password):

1. ssldump -A -d -H -T -k privateKey.pem -p “password” -r wiresharkCapture.pcap

To output the results to a file run the following:

1. ssldump -A -d -H -T -k privateKey.pem -p “password” -r wiresharkCapture.pcap > output.txt

Now its just a matter or going through the output file till you find what you need

Glossary

• PFX : PFX defines a file format commonly used to store private with accompanying public key certificates, protected with a password-based symmetric key (standard-PKCS12).
• PEM : Openssl usages PEM (Privacy Enhanced Mail Certificate) to store the private key.

References:

• Public-Key Cryptography
• Wireshark
• Decrypting SSL Traffic to troubleshoot NAM
• Using SSLdump

Backtrack 3 is out!!!1 grab it from here http://www.remote-exploit.org/backtrack_download.html

When configuring the CRM 4 email router (installed on our Exchange 2007 server) we ran into a few problems. Hopefully by showing the problems I had and the fixes you’ll be able to deploy it issue free :).

The first problem we had was:

Event Type:    Error
Event Source:    MSCRMEmail
Event Category:    None
Event ID:    0
Date:        27/06/2008
Time:        12:40:55 PM
User:        N/A
Computer:    EXCHANGESERVER
Description:
#26090 - An error occurred while opening mailbox crm.mailbox@domain.com. Microsoft.Crm.Tools.Email.Providers.EmailException: The remote Microsoft Exchange e-mail server returned the error “(401) Unauthorized”. Verify that you have permission to connect to the mailbox. —> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.SubmitXmlCommand(HttpWebRequest httpWebRequest, String body)
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.RetrieveInboxUri()
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.OpenMailbox()
— End of inner exception stack trace —
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.WrapException(Exception e)
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.OpenMailbox()
at Microsoft.Crm.Tools.Email.Providers.CrmPollingMailboxProvider.Run()\r\nSystem.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.SubmitXmlCommand(HttpWebRequest httpWebRequest, String body)
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.RetrieveInboxUri()
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.OpenMailbox()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This seemed to be caused by the fact that the OWA IIS site was set to “Require Secure Channel (SSL) & Require 128-bit Encryption”. So to fix this problem I set up a second OWA IIS Site with no SSL specifically for the CRM Router. To do this I used the following commands from the Exchange 2007 Management Shell:

• New-OwaVirtualDirectory -OwaVersion:Exchange2007 -Name “owa” -WebSiteName “OWA-CRMRouter”
• New-OwaVirtualDirectory -OwaVersion:Exchange2003or2000 -Name “Exchange” -WebSiteName “OWA-CRMRouter” -VirtualDirectoryType:Mailboxes
• New-OwaVirtualDirectory -OwaVersion:Exchange2003or2000 -Name “Exadmin” -WebSiteName “OWA-CRMRouter” -VirtualDirectoryType:Exadmin
• New-OwaVirtualDirectory -OwaVersion:Exchange2003or2000 -Name “Exchweb” -WebSiteName “OWA-CRMRouter” -VirtualDirectoryType:Exchweb

This set of commands creates the OWA directories in a new IIS site “OWA-CRMRouter”.

Hot Tip: To remove an OWA site you can use the following command from the Exchange 2007 Management Shell, Remove-OwaVirtualDirectory -Identity “owa (OWA-CRMRouter)”

Once this was done I reconfigured the CRM 4 Router to use the following settings:

• E-Mail Server Type: Exchange
• Authentication Type: Windows Authentication
• Location: http://127.0.0.1 (Remember this site is only for the CRM Router so I had no reason to use a DNS name for the site. Also note it’s not https)
• Access Credentials: Other Specified (I used the Forward mailbox user account and password)

Once this was done I tested my configuration from “Users, Queues, and Forward Mailboxes” -> “Forward Mailboxes” -> “Test Access”

This was the main issue I had. Along the way I also did the following:

• Made sure the forward mailbox user had full permissions on its mailbox.
• Logged into outlook using the forward mailbox user/email account.
• Made sure the account running the “Microsoft CRM Email Router” service was part of the “PrivUserGroup” in Active Directory.
• I also tested using POP3 but I wouldn’t recommend this as you then have to get each user to change there email settings in CRM. Even worse is if you have a mandatory password change every 30 days for example, they need to update this setting after changing there password every time. (I can imagine the support calls now)
• For the outgoing email it was originally set to use Local System Account which would fail as it didn’t have permission to send emails. To fix this I changed the Account to the Forward mailbox user.

I Recieved this error when the Location server URL was incorrect for the incoming settings:

Event Type:    Error
Event Source:    MSCRMEmail
Event Category:    None
Event ID:    0
Date:        18/06/2008
Time:        12:33:56 PM
User:        N/A
Computer:    EXCHANGESERVER
Description:
#26090 - An error occurred while opening mailbox crm.mailbox@domain.com. System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.SubmitXmlCommand(HttpWebRequest httpWebRequest, String body)
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.RetrieveInboxUri()
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.OpenMailbox()
at Microsoft.Crm.Tools.Email.Providers.CrmPollingMailboxProvider.Run()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I also recived this error when the Location/server URL was using https with a URL not matching the SSL certificates Common Name:

Event Type:    Error
Event Source:    MSCRMEmail
Event Category:    None
Event ID:    0
Date:        17/06/2008
Time:        4:25:19 PM
User:        N/A
Computer:    EXCHANGESERVER
Description:
#26090 - An error occurred while opening mailbox crm.mailbox@domain.com. System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. —> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
— End of inner exception stack trace —
at System.Net.HttpWebRequest.GetRequestStream()
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.SubmitXmlCommand(HttpWebRequest httpWebRequest, String body)
at Microsoft.Crm.Tools.Email.Providers.HttpDavRequest.RetrieveInboxUri()
at Microsoft.Crm.Tools.Email.Providers.ExchangePollingMailboxProvider.OpenMailbox()
at Microsoft.Crm.Tools.Email.Providers.CrmPollingMailboxProvider.Run()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

If you would like to disable the Ubuntu splash screen because you prefer to see all the system details as the machine boots up. And because it just looks cool (love all the crypto stuff coming up on the screen from my disk encryption), you can do the following:

• Edit the grub boot menu with the following command: sudo vim /boot/grub/menu.lst.
• Locate the following line (in bold) for the current kernel you are booting. If you don’t know what the kernel version your booting into is pull up a terminal window and enter: uname -r. This will tell you the version your currently booted into

title        Ubuntu 8.04, kernel 2.6.24-19-generic
root        (hd0,4)
kernel        /boot/vmlinuz-2.6.24-19-generic root=UUID=a09552cf-d871-4741-a735-441bedf6032d ro quiet splash
initrd        /boot/initrd.img-2.6.24-19-generic
quiet

• Change the line in bold to the below. (changes are in bold)

title        Ubuntu 8.04, kernel 2.6.24-19-generic
root        (hd0,4)
kernel        /boot/vmlinuz-2.6.24-19-generic root=UUID=a09552cf-d871-4741-a735-441bedf6032d ro quiet nosplash vga=795
initrd        /boot/initrd.img-2.6.24-19-generic
quiet

Now reboot and you should now get the boot sequence without the Ubuntu splash screen.

All I have to say is IT FTW!

http://view.break.com/521743 - Watch more free videos

To upgrade the IOS on your Cisco router, you have a couple of options. You can either upgrade via TFTP, or you can use the console.

On Ubuntu I used the atftpd software for my TFTP server:

sudo apt-get install atftpd

Then to start it I ran:

sudo atftpd –daemon –port 69 –tftpd-timeout 300 –retry-timeout 5     –mcast-port 1758 –mcast-addr 239.239.239.0-255 –mcast-ttl 1 –maxthread 100 –verbose=5  /tftpboot

Before doing anything first back up your configuration and original IOS from flash using the following commands:

copy nvram:startup-configuration tftp://x.x.x.x [follow the prompts confirming the server address source and destination file names]

copy flash:IOSNAME.ext tftp://x.x.x.x [follow the prompts confirming the server address source and destination file names] [if you dont know the filename of IOS in flash you can use the show flash command to view the contents of flash where the IOS should be listed]

If you load the wrong image of IOS, your router won’t work. Pay attention to the amount of RAM your system has, and how much the upgraded IOS needs.

You then need to delete the existing flash image:

delete flash:IOSNAME.ext [confirm at the prompts]

copy tftp://x.x.x.x/NEWIOS.ext flash [follow the prompts confirming the server address source and destination file names]

You will be asked if you want to erase the current image. Say yes.

Now copy your config:

copy running-config startup-config

Then reload the router to start in the new IOS:

reload

If you’ve done everything correctly the router should reload and your on your way. If there is an issue with the IOS and the router does not come up correctly you will need to copy either the backup you made (I hope you did follow that step!) or the correct IOS onto the router using the rommon. This process I will leave for another post.

First you need to establish the SSH Tunnel:

ssh -X -f username@SSHserverIPorFQDN -N -L 5555:hostname:5900

Explanation

• -X, this switch allows X11 forwarding
• username@sshserverIPorFQDN, this is the username you are authenticating with ‘@’ the SSH server’s address
• -N, do not execute a remote command
• -L, Specifies that a given port on the local (client) host [5555] is to be forwarded to a given host [hostname] and port [5900]

Once the SSH tunnel is established use your VNC viewer and use the address localhost:5555. This will then open the VNC session through the SSH tunnel.

A little problem I had with my Ubuntu 8.04 ‘Remote Desktop’ was the password wasn’t being accepted for some reason and I had the need to reset it. To do this I opened a second SSH connection and changed the password from the CLI:

• cd ./gconf
• gconftool-2 –type string –set /desktop/gnome/remote_access/vnc_password base64password

base64password, this is the base64 encoded string of your selected password. To generate one you can use one of the online tools with a quick google. I used this one if your to lazy to google for your own http://www.motobit.com/util/base64-decoder-encoder.asp

To connect to a Cisco Router (should work for any Cisco device with a console port) using a rollover cable connected to a serial to USB converter on Linux (ubuntu in this case) do the following:

1. Install minicom: sudo apt-get install minicom
2. Run minicom from a terminal: minicom
3. Configure a serial port as follows: press CTRL-A, z, o
   1. A - Serial Device : /dev/ttyUSB0
   2. B - Lockfile Location : /var/lock
   3. C - Callin Program :
   4. D - Callout Program :
   5. E - Bps/Par/Bits : 9600 8N1
   6. F - Hardware Flow Control : Yes
   7. G - Software Flow Control : No
4. Save the configuration with whatever name you like, in this example I chose cisco
5. To configure your router running minicom just run: minicom cisco

Hot tip to close down minicom press: CTRL-A, x