Posts Tagged ‘Windows’

LDAPS Identity Source for VMware vCenter Single Sign On 5.1

May 21, 2013

ldap-logo

Once you are done with installation of VMware vCenter 5.1; you will notice that vSphere 5.1 client wont let you login into your vCenter Server. Either you will need to configure a local admin ID on your vCenter Server or if you have an active directory (AD) running in your environment; you will need to link that to your vCenter Server i.e. by configuring an identity source.

During installation of vCenter Single Sign On 5.1; it tries to add the identity source but in my case resulted in error (Error 29155.Identity source discovery error). I then found out its the case with other users as well and also was pointed out in VMware in their KB articles. The workaround for the issue given was to add the identity source manually. Doing so I got the following errors.

[LDAP: error code 8 – 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1]

and

simple bind failed:yourdomain:636

These errors are due to the fact that your AD is configured to communicate over LDAPS SSL connection. Hence to register your identity source; you will need the X.509 certificate of your AD domain controller (DC). For that export the certificate of your AD but make sure its the Base-64 X509 Certificate.

Cert 03

Once imported; again add the identity source as demonstrated below.

LDAPS

Once you chose the certificate from Choose Certificate tab; make sure you get the following confirmation. If not there must be something wrong with your certificate.

certsucc

You can click on Test Connection to verify your AD connectivity.

connecsucc

If you are still facing problems in adding the identity source; make sure of he following things:

  • Your vCenter, vSphere, vSphere Web Client, vCenter SSO etc must all be installed in the same default directories.
  • Do add the port 3269 with your FQDN.
  • There must a proper forward and reverse pointer entry on your DNS for your vCenter Server.
  • Enter the complete user name for authentication e.g. user@domain.com
  • If your domain controller is behind a firewall; make sure you have configured a policy to allow vCenter traffic.
Advertisements

Recovering a stolen USB Drive

October 4, 2012

Am feeling all CSI at the moment! Yesterday; I got involved in an investigation of a USB mass storage device theft. The clue I had at start was the Windows 7 machine from which the device was stolen and a CCTV camera. The video from the CCTV wasn’t much helpful without any supporting evidence from the machine hence my only resort was to dig deep into the machine’s OS and get to some conclusion.

I did what anyone would have done; checking out the event viewer. Unfortunately no such logs about USB devices are recorded there. So I resorted to some Googling.  Once again I owe one to the immense help available out there online on forums and blogs; you can just find any solution these days!  What I did found was that a USB device when plugged into a machine; leaves all kind of traces. These traces includes time stamps, vendor & product ID’s, serial numbers, product make\model etc. Of all these what more internal to forensics is the time stamps! and getting them accurate is the key to get some productivity out of the homework.

I found two really great utilities that helped me in ending the case. USBDeview by Nirsoft and Windows USB Storage Parser by TZWorks LLC. Of these two USBDeview is simple and more efficient and I will tell you here why.

So getting to homework! First get to know your machines and devices well.

Get to know which USB devices are used on a machine

You can get to know by going into the Registry Editor and checking out  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR. This is what you will get.

As from the snap shot you can see; there are a total of three devices used on this machine with the serial numbers mentioned under the product names. Serial numbers are unique and will give you a head start.

USBDeview

So now I know the device, and mapped the serial number as well. I then used a simple utility USBDeview to get the information I required.  The great thing this utility is that It also shows you the details\time stamps etc from the previous dates.

This very efficiently shows the complete details in nicely sorted columns. The important entry that helped me a lot here is the  Last Plus\Unplug time stamp.

Windows USB Storage Parser

This is another great command line tool. This tool will tell you about the different USB devices used on a machine, their vendor\product ID’s along with serial numbers and time stamps. But most important of all this will also tell you the “account name” that mounted the USB device which can really help in forensics.

As you can see in the snap shot above, its pretty well self explanatory. What missing from there is the unmounts event time stamp. That why I mentioned earlier in this blog that the USBDeview holds its ground pretty well and gives us a combined plus\unplug time stamp. This is what helped me in nailing the case.

So to complete the investigating, and to further cement my findings; I used these tools on the suspect’s machine as well and bingo!!! It was all filled up with familiar traces! I rested my case 🙂 !!!

Changing Windows Wallpaper from Command Line

July 3, 2012

With the Windows Domain in action and Group Policies in effect; sometimes fulfilling user demands can turn out hectic. Like for instance a high-end-user demanding a policy-configured wallpaper to be changed; and thats what I dealt with recently!

So changing a wallpaper from the command line can be useful for an admin at times. And this is how it can be done; by typing the following command in CMD which will alter the registry; as group policies wont affect the local registry settings of a Windows Machine.

reg add “HKEY_CURRENT_USER\Control Panel\Desktop” /v Wallpaper /t REG_SZ /d  wallpaper_path /f

Just define the wallpaper path there and you are done after executing the following command;

%SystemRoot%\System32\RUNDLL32.EXE 

After that restart the machine which is important every time changes are made to machine’s registry settings and viola you are done!

Just make sure the wallpaper you defined is in BMP format and is the same in height and width as your current desktop settings.


%d bloggers like this: