All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Linux, Microsoft, Miscellaneous

Schedule WinSCP Folder Sync

Leave a comment

WinSCP is one of those tools that makes my Windows-life much more useful. I was originally planning on using syncthing, but for my purposes this was proving to be not a great match.

I needed to copy files from our Windows/Samba shares over to the paperless-ngx server I recently spun up (side note, this is amazing for saving shipping docs, customer PO’s, and other pdfs the org creates). Unfortunately, paperless-ngx will delete the uploaded PDF (located in the consume directory) once it’s been ingested into the system. This tells syncthing “hey, the file is missing, so re-upload it”. Repeat. The good thing is that paperless will NOT keep adding the files as duplicates. The bad thing is that the files now live in several places, eating up precious disk space.

I also did not want non-PDF’s to appear in paperless. Since this was a new project, I also didn’t want to copy any documents older than 30 days (we have 8+ years of archival data). Enter winscp.com – not the URL, but the CLI application.

I created a batch file with the following – obviously change to fit your needs. I should note that SCP requires the hostkey to be setup; this can be found by using the WinSCP GUI, connecting to the paperless-ngx server, and then right-click on the connection tab and select “Generate session URL/code” (it also provides the basis for the script below).

@echo off

"C:\Program Files (x86)\WinSCP\WinSCP.com" ^
/log="C:\temp\Winscp_ShippingComputer_Sync.log" /ini=nul ^
/command ^
"open scp://USERNAME:PASSWORD@10.101.110.16/ -hostkey=""ssh-ed25519 255 03rzYT4K2ufZ2yY3cG4Z5/thG8/dB3UbTi9F7ja9uHY""" ^
"synchronize remote "Y:\Shipping_Scans" "/home/linuxuser/paperless-ngx/consume" -rawtransfersettings ExcludeHiddenFiles=1 -filemask=""*.pdf>=30D""" ^
"exit"

set WINSCP_RESULT=%ERRORLEVEL%
if %WINSCP_RESULT% equ 0 (
echo Success
) else (
echo Error
)

exit /b %WINSCP_RESULT%

Linux

Add Disk Space Ubuntu Server

Leave a comment

Using Ubuntu 22.04LTS on my proxmox system.

Added 70GB to my 30GB partition for a total of 100GB – used the Proxmox GUI to handle this change.

Logged into the Ubuntu VM (CLI Only)
Verify my disk (sda) shows 100GB and my partition (sda3) shows 30GB
lsblk

Verify /dev/mapper with df -h (needed for lvextend below, see example)

FDISK
fdisk /dev/sda
p
d
3
n
3
w

p to verify the partitions, although this also shows in lsblk. d to delete, selecting 3. n for new partition, 3, start and end are defaults to fill the disk. w to write the changes. MAKE SURE YOU DON’T SELECT TO DELETE THE LVM SIGNATURE OTHERWISE YOUR DATA MAY BE LOST.

Resize the partition table in LVM
pvresize /dev/sda3

Extend the logical volume in LVM
lvextend -l +100%FREE /dev/mapper/ubuntu–vg-ubuntu–lv

Resize the filesystem for Ubuntu
resize2fs /dev/mapper/ubuntu–vg-ubuntu–lv

Microsoft

Bypass Network Selection Windows 11 Install

Leave a comment

Windows 2000, XP, and even Vista all would install without any need for an active internet connection. Starting with Win7 – and running through 8, 8.1, and 10 – MS was prompting users to connect to the internet in order to a) create a Microsoft online account and b) patch the system before you really start using it. It was an optional step that was easily bypassed (although on 10 they started “hiding” the option). But with Windows 11… not so much.

I should also note that the Pro, Education, and Enterprise variants are not impacted by this problem.

During the installation/configuration steps when setting up your Out Of Box Experience (OOBE comes back in just a few moments), simply follow along once you get to the Network Selection screen options.

Shift + F10
OOBE\BYPASSNRO
<enter>

Shift + F10 will open a command prompt window. OOBE\BYPASSNRO command sets the Out of Box Experience (see, I told you it would come back) to bypass the need for networking and registration options.

The computer will automatically reboot at this point and you’ll be able to continue with the initial setup steps and get to you Win 11 desktop without registering or connecting to a network. Huge benefit when setting up a workstation while not near an active network drop – or when I had a rather lengthy layover at an airport and wanted to pass the time on my dev laptop.

Linux, Networking

U6 Pro Unifi Not Updating

Leave a comment

I’ve had many access points from Unifi over the years. Updating from the controller is generally a painless operation, and only rarely have I ever needed to utilize the CLI to make any changes (mostly set-inform related).

However, when attempting to update the firmware of my Unifi systems (U6-Pro, US-24-250W, US-8-60W, UAP-nanoHD, and U6-Pro), I got stuck on the U6-Pro. I would click on upgrade the firmware and then the access point would get stuck on the blue/white blinking LED for hours. I even let it sit there overnight just to see. For the record, I was attempting to upgrade from 6.0.14 to 6.0.15 at the time, and it was not happy. Unplugging from power and then plugging back in would get me back to the 6.0.14 version, so no harm no foul.

I figured it would get fixed with a new release of the controller as well as a firmware release to 6.0.18. Wrong. Same issue. I even attempted to CLI it by logging in via SSH and running the “upgrade https://dl.ui.com/unifi/firmware/UAP6MP/6.0.18.13660/BZ.ipq50xx_6.0.18+13660.220413.1958.bin” command. No dice. Hard reboot and it’s back on 6.0.14.

Swannman had the same issue posted on the unifi forms, and UI-Glenn gave an updated command for me to try:

curl https://dl.ui.com/unifi/firmware/UAP6MP/6.0.18.13660/BZ.ipq50xx_6.0.18+13660.220413.1958.bin -o /tmp/fwupdate.bin && fwupdate.real -m &

Magically this worked and the controller reads it just fine. Posting for future sake of my sanity.

Linux

OPNSense Booting.. Stuck

Leave a comment

Trying to install OPNSense on an older Alibaba system I had laying around, and I noticed that I couldn’t install due to the system freezing at the “Booting…” prompt (post kernel loading).

When booting, press “3” to Escape to loader prompt.

  • Type set kern.vty=sc
  • Press enter
  • Type boot
  • Press enter

Assuming the system boots and you can install, you’ll have to edit a file in the /boot directory to get the system to boot with future restarts.

  • cd /boot; press enter
  • vi loader.conf.local; press enter
  • i
  • kern.vty=sc
  • Press esc
  • :wq!; press enter

I should note that this fix was permanent between reboots and updates until just recently; patched a remote system of similar specs and it required the creation of the loader.conf.local file again.

Microsoft

BGInfo Auto Start All Users

Leave a comment

I’ve used BGInfo plenty of times in my past – it’s been a pretty good tool at providing information to technicians in order to assist with end-users’ woes. But overall I’ve only really used it on servers – it’s been helpful to color coordinate based on PRODUCTION vs non-production systems (eg RED and BOLD lettering for the hostname).

I also had a login script that would automatically run BGInfo from our sysvol scripts folder on users’ workstations. However, due to remote users – especially in this Covid time – the login script would not run/update accordingly. I needed to find a new way.

At first I looked at registry edits and tried to run in HKLM\Software\Microsoft\Windows\CurrentVersion\Run, but with my syntax of:

"C:\scripts\BGInfo\workstation.bgi /timer:0 /silent /nolicprompt"

On the workstation BGInfo would open with a default settings rather than my workstation.bgi ones. I’m fairly certain I had the bgi associated properly, but I didn’t look further into it as I went in a different direction: Scripts.

  • Navigate to the all-users Startup
    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
  • Create a file called hidden.vbs and populate with
    • Set MyScript = CreateObject("WScript.Shell")
    • MyScript.Run "c:\windows\bginfo\bginfo.bat", 0, False
  • Copy the BGinfo64.exe and associated configuration.bgi to
    • C:\Windows\bginfo\
  • Create a file called bginfo.bat in this same directory above
    • @echo=off
    • reg add HKU\.DEFAULT\Software\Sysinternals\BGInfo /v EulaAccepted /t REG_DWORD /d 1 /f
    • pushd %~dp0
    • pushd c:\windows\bginfo
    • cls
    • Bginfo64.exe configuration_client.bgi /TIMER:00 /nolicprompt
    • popd
    • exit
  • Log off/Log on to see the changes

The only issue with this avenue is that if we ever decide to update our .bgi configuration file, we’d have to push updates to all systems to have them reflect the changes. Good thing for RMM tools!

Microsoft

Windows Certificate AUthority SAN

Leave a comment

Installed a new certificate authority on Windows Server 2019 and was attempting to utilize the http://localhost/certsrv to issue a new certificate to my website (RDS, also on 2019). It wasn’t going well.

First I opened the certificate authority and noticed that Certificate Templates was not showing up as a subdir. That was fixed by removing the certificate authority and reinstalling as an Enterprise Standalone CA (you may be able to get to there by changing the DWORD value from HKLM\SYSTEM\CurrentControlSet\services\Certsvc\Configuration\YOURCAFQN\CAType to “0”.

Then I went to Certificate Templates and duplicated the Web Server one, right-click Certificate Templates and select Manage, then checkbox for “Allow private key to be exported” on the Copy of Web Server template.

I forgot to then right-click again on Certificate Templates and select New > Certificate Template To Issue, then select the Copy of Web Server I created earlier. So I fixed that too.

I probably changed the permissions of the template to include Authenticated Users to be able to enroll/read/write certs prior to all that published above.

Then I navigated to http://localhost/certsrv and clicked through:

  • Request a certificate
  • Advanced certificate request
  • Create and submit a request to this CA
  • “Yes” to the this website is attempting to perform a digital certificate operation
  • Certificate template drop down to my Copy of Web Server
  • Name of rds.domain.tld, keysize of 2048, Mark keys as exportable, attributes “san:dns=rds.domain.tld&nameofserver.domain.tld” without the quotes, friendly name of rds.domain.tld
  • Submit
  • Install
  • Open MMC for Certificates (personal/user)
  • Under the Personal > Certificates store, you’ll find your installed certificate
  • Right-click and export this cert with key; I used a passphrase

From here I added it to the RDS system certificates (my RDS 2019 server has all roles of Gateway Broker and Session host in-one).

Unfortunately I noticed that my SAN (subject alternate name) wasn’t working on the certificate. There’s a command to address the attribute required to support SANs:

  • Open command as an administrator (on the Certificate Authority)
  • certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
  • Restart the Active Directory Certificate Services service (or the entire server if you want)
  • Re-run the aforementioned SAN cert commands and now export; profit.