CyberKeeda In Social Media
Showing posts with label Windows Server. Show all posts
Showing posts with label Windows Server. Show all posts

How to generate New SID in Server 2012


Generate New SID in Server 2012

Like most of the enterprise has moved to Virtualization and Cloud, this error comes when we do clone an existing windows server.
A duplicate SID can lead to many issues, like one is adding machine to domain.

So let's know how to generate a new SID in windows server 2012.

  • Toggle to Sysrepair application.
    • C:\Windows\System32\Sysprep
  • Now run the sysrepair application with Administrator rights.

  • Check the Generalize option and click OK

After reboot, you will be asked to enter the product key (optional), accept License terms, and enter new Administrator password. You can then, login to the server and change Host name and IP address. 

So this is how one can can generate new SID.

Read more ...

Windows Server : One Liner Command to get List of Installed Software


Open Windows Command Prompt and type wmic and hit enter.



Now hit the below command to extract a report in text file named list.txt


wmic:root\cli> /output:C:\list.txt product get name, version

Above command will extract a list of installed programs, saved within C directory. 

Read more ...

How to install and configure SignalFX Smart Agent on Windows Server

SignalFX Smart Agent.

Signal FX ships with SFX Smart agent, which is one of the essentials to monitor IT infrastructure (Hosts), using it we can monitor the below infrastructure resources 
  • Memory
  • CPU
  • Disk
  • Network
  • Disk IO
  • Network IO
Signal FX official documents suggest to install it via Power Shell script, that can be found within it's setup tab.

Within this blog post, we will cover how to install and configure SFX Smart Agent on Windows server from packaged ZIP file.

Assumptions and Requirements:
  • We already have accounts on Signal FX with required licenses.
  • We will be using Windows Server 2012 in our lab setup as a host.
  • I will install here.
  • Strings highlighted in RED within this post, must be replaced by your own values.
So before we proceed we need to gather three important and mandatory inputs
  • signalFxAccessToken
  • ingestUrl
  • apiUrl
All three can be extracted from the Setup tab, lets know it step by step.
  1. Login to your Signal FX Account.
  2. On the header navbar, click on integrations.
  3. Under essential services, click on SignalFX Smart Agent.
  4. Toggle to SETUP tab.
  5. Scroll down to the Windows Section.
  6. Copy the content on Windows setup and paste it into Notepad.
  7. Look for (apiUrlcan, ingestUrl, signalFxAccessToken) within the pasted strings within notepad, extract and keep it handy to use it further into our configuration file.


Signal FX Smart Agent mandatory requirements, so before we proceed further to install agent on our windows host, make sure we have both the below packages installed within our host.
  1. Net Framework 3.5 or higher.
Now let's move forward to setup.

  • Download the latest SFX Smart Agent for windows from github page -Download 
  • Extract and copy the content within your host to any directory of your choice, i am copying it into C:\Program Files.
  • Toggle into "etc" within extracted SignalFxAgent directory, as per mine setup location is C:\Program Files\SignalFxAgent\etc\signalfx.
  • Configure agent.yaml file.
Below is the sample configuration for agent.yaml, replace the highlighted one in red with the one you have extracted within previous steps.

# *Required* The access token for the org that you wish to send metrics to.
signalFxAccessToken: 'myRandonTokenGivenBySignalFx'
ingestUrl: ''
apiUrl: ''
intervalSeconds: 10

  # Valid values are 'debug', 'info', 'warning', and 'error'
  level: info

# observers are what discover running services in the environment
  - type: host

  - {"#from": 'C:\Program Files\SignalFxAgent\etc\*.yaml', flatten: true, optional: true}
  - type: host-metadata
  - type: processlist
  - type: cpu
  - type: disk-io
  - type: filesystems
  - type: memory
  - type: net-io
  - type: vmem

enableBuiltInFiltering: true
  • So we have made the required changes within agent.yaml, now save and exit, we are done with the config file setup.
  • Now let's install it and make it as a windows service, run the below command to install it.
Toggle again to the "SignalFxAgent" director, mine is "C:\Program Files\SignalFxAgent\" and run the install command to install it, replace the one highlighted in red by your own path.

PS C:\> cd C:\Program Files\SignalFxAgent\

 PS C:\Program Files\SignalFxAgent> bin\signalfx-agent.exe -service "install" -logEvents -config "C:\Program Files\Signal
This will create SignalFX Smart Agent as a Windows Service, we can stop and start from their as per our need.

In case if you are willing to start the services by command prompt, below is the command.
 PS C:\Program Files\SignalFxAgent> bin\signalfx-agent.exe -service "start"
Upon successful setup, we can find our configured host under SingnalFX Infrastructure Navbar as below.

Read more ...

Join Linux into Windows Active Directory domain

Though I'm  a great fan of Linux/Unix but while working with any enterprise firm i couldn't avoid, thus i was asked to join our Linux hosts into Active directory.

So let's move ahead and join our LInux systems into ad using tool named as " adcli "
I have used this to join our Redhat/CentOS 7 hosts into AD.

Video Tutorial.

There are two must things as a prerequisites for it.

1.     Make Sure RHEL machine is able to resolve Active Directory servers.
2.     Install adcli package along with sssd:

 Consider the below inputs as a lab enviroment of mine.

Active Directory Server :
Domain name :
Linux Client Hostname :
[root@scent101x ~]# yum install adcli sssd authconfig
  • Discover the AD domain:
[root@scent101x ~]# adcli info
adcli will show few details about the AD domain. 

domain-name =
domain-short = CYBERKEEDA
domain-forest =
domain-controller =
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret
domain-controller-usable = yes
domain-controllers =
computer-site = Default-First-Site-Name

  • Now, join RHEL system to AD domain using adcli: 
[root@scent101x ~]# adcli join
Password for Administrator@CYBERKEEDA.NET: <---- Enter Admin password
By default, it prompts for the Administrator password, but it's possible to specify another user with the -U option:
[root@scent101x ~]# adcli join -U ad_admin_user 

# adcli join -U ad_admin_user        <------ This user should have administrative rights in AD

The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, 
[root@scent101x ~]# klist -kte
It should show several entries that contain client hostname in some form:

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes256-cts-hmac-sha1-96) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes128-cts-hmac-sha1-96) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (des3-cbc-sha1) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (arcfour-hmac)

  • Configure /etc/krb5.conf to use AD domain:

your Realm, domain realms, AD erver information.

includedir /etc/krb5.conf.d/

default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = CYBERKEEDA.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

  kdc =
  admin_server =


Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):

[root@scent101x ~]#  authconfig --enablesssd --enablesssdauth --update

Above command will modify and add necessary entries in 

Ø /etc/nsswitch.conf, 
Ø /etc/pam.d/password-auth 
Ø /etc/pam.d/system-authfiles 

The final step is to configure the SSSD itself. 
Open /etc/sssd/sssd.conf and define a single domain:


services = nss, pam, ssh, autofs

config_file_version = 2


id_provider = ad
# Uncomment and configure below , if service discovery is not working

ad_server =

 Make sure /etc/sssd/sssd.con is owned by root:root and permissions are 600

 # chown root:root /etc/sssd/sssd.conf
 # chmod 600 /etc/sssd/sssd.conf

Start the SSSD and make sure it's up after reboots:

# service sssd start
# chkconfig sssd on

    Try to  fetch user information for AD user and then try to login as AD user

# getent passwd aduser

# id Administrator
# ssh Administrator@localhost
Read more ...

How to enable PHP LDAP module / extension in XAMP

Before proceeding,do check whether LDAP module is enabled by default or not, you can verify the same using phpinfo.php page.

To check create the a php file within htdocs folder as phpinfo.php

create a notepad file and rename it as phpinfo.php

paste the below mentioned code into it and save it into  htdocs folder


Open the browser and hit, https://localhost/phpinfo.php

If you find the below mentioned screenshot, Well !!! you don't need to do anything PHP_LDAP module is already enabled within your XAMP server.

Now, if you can't find anything like that just follow the steps.

  • Change directory to C :  -- xampp -- php

  • Find and Copy the listed files 
  1.      libeay32.dll
  2.      libsasl.dll
  3.      ssleay32.dll
  • Copy into C:\Windows\System32

  • Now again toggle / change directory into C :  -->  xampp -->  php
  • Find and open file named   php.ini 
  • Again find and UnComment the below mentioned line to enable it.

and make it look like the below screenshot by removing the  ;
to look it as extension=php_ldap.dll

Now restart Apache from XAMP control pannel

Read more ...
Designed By Jackuna