Hodžův blog

21 Zář

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Debian 10 (Buster) + latest NSClient++ on Windows 2019 server

Linux:
root@nagios:/# /usr/lib/nagios/plugins/check_nrpe -H 172.24.1.1 -c check_ad
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 172.24.1.1: 1

Windows:
2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2019-09-21 18:30:48: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure: 1040

Quick FIX:
1. Generate DH key on Linux machine (it takes a long time)
openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'
Continue Reading »

18 Zář

Convert Windows Server 2019 Eval to Server Standard

DISM /online /Get-CurrentEdition
DISM /online /Get-TargetEditions
DISM /online /Set-Edition:ServerStandard /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEULA
slmgr.vbs /upk
slmgr.vbs /ipk your_mak_key
slmgr.vbs /ato

Official KMS client keys
https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys

14 Čvc

Jak dešifrovat heslo z Remminy

…aneb když zapomenete přihlašovací údaje.

Hesla v remmině jsou zašifrována pomocí blokové šifry 3DES s 256bitovým (náhodně vygenerovaným) klíčem.
Klíč lze nalézt (Kubuntu 18.04) v souboru ~/.config/remmina/remmina.pref (na řádce začínající slovem „secret=“). Jednotlivá zašifrovaná hesla pak jsou v souborech ~/.local/share/remmina/*.remmina (řádek začínající klíčovým slovem „password=“).

K dešifrování poslouží tento krátký skript v Pythonu (nahraďte položky TAJNY_SECRET a TAJNE_HESLO
import base64
from Crypto.Cipher import DES3
secret = base64.decodestring('TAJNY_SECRET')
password = base64.decodestring('TAJNE_HESLO')
print DES3.new(secret[:24], DES3.MODE_CBC, secret[24:]).decrypt(password)

P.S. K plné funkčnosti skriptu v *buntu bude nejspíše nutné doinstalovat balíček python-crypto
# sudo apt install python-crypto

27 Led

IPSEC tunnel from Check Point to Mikrotik

Check Point configuration:
IP address WAN: 1.2.3.4
IP address LAN: 192.168.1.0/24
Username: johndoe
Password: mysecret
Shared secret: 12345678

Mikrotik configuration:
/interface l2tp-client
add connect-to=1.2.3.4 disabled=no ipsec-secret=12345678 name=l2tp-checkpoint password="mysecret" use-ipsec=yes user=johndoe
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway=l2tp-checkpoint

22 Led

Zapnutí DNSSEC na Windows 2016

DnsCmd.exe /Config /enablednssec 1

13 Led

Getent passwd dosen’t show all users of LDAP server (Can’t receive more than 500 entries)

Quick fix:
echo "dn: cn=config
changetype: modify
replace: olcSizeLimit
olcSizeLimit: 10000" > olcSizeLimit.ldif


ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSizeLimit.ldif

13 Led

SSL Library Error: 185073780 key values mismatch

When installing a certificate on Apache web server, you might receive an error SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch during restart of Apache service.

Most often, this error appears if you are using an incorrect private key along with the certificate you received from the Certificate Authority. In order for Apache to accept certificate, it should be used with the private key generated along with the CSR code submitted for the certificate activation.

You can check whether the certificate matches the private key using the following openssl commands:

openssl x509 -in certificate.crt -noout -modulus | openssl sha1
openssl rsa -in private.key -noout -modulus | openssl sha1

12 Led

VMware VMRC fails to install on Debian or (K)Ubuntu Linux

It appears, that update-desktop-database was not installed by default.

After an apt-get install desktop-file-utils VMware Remote Console installs without error.

12 Led

Veeam Agent – reset backup jobs (re-create the Database )

Perform the following actions:

1. Run regedit.exe and locate the HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Endpoint Backup key. Create the following value under this key:
Name = Recreatedatabase 
Type = DWORD 
Value =

2. Go to Control panel > Administrative Tools and run Services. Restart the Veeam Agent for Microsoft Windows service.

A new database instance will be created (this usually happens within 5 minutes).

31 Bře

Dell PowerEdge – /opt/dell/toolit/systems/drm_files/apply bundles.sh is invalid

How to fix Dell Deployment Toolkit “apply bundles.sh is invalid”

1. ALT+F2 (new terminal console)
2. lsblk (information about disks and partitions)
3. mount /dev/sdXY /opt/dell/toolkit/systems
4. cd /opt/dell/toolkit/systems/drm_files
5. ./apply_bundles.sh

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme