21 May 2020

Enabling SSH on Cisco iOS

While telnet and SSH are both allowed types of connections to Cisco gear, there is honestly no reason why you should be using telnet in today’s world. You should be using SSH for accessing all of your network devices. In very simplistic terms [and while the technologies are different], you can almost think of it as telnet being the equivalent to HTTP and SSH being the equivalent to HTTPS.

Telnet transfers all data in clear plain text and thus your passwords or other credentials are visible to anyone watching. Using SSH, means that all of your data is encrypted between the device and your computer, so no one else can see your sensitive bits like passwords. Anything used in production should be secured, and thus SSH is the obvious preference. So lets look at how to enable SSH on our device. Once SSH is enabled we can then disable telnet.

Open a console or telnet session on your device to get started.

The first thing we need to do is make sure that the device is configured with a hostname and a domain name.

CiscoDevice# conf t
CiscoDevice(config)# hostname PWWF
PWWF(config)# ip domain-name it.playswellwithflavors.com

The next step is to allow users that are configured on the switch to login with SSH or Telnet connections.

PWWF(config)# aaa new-model

Next we generate the cryptographic keys that the device will use.

PWWF(config)# crypto key generate rsa

We then want to enable SSH version 2 on the device. 

PWWF(config)# ip ssh version 2

We will next set the desired SSH authentication timeout (in seconds). This is the amount of time you have to enter the correct user credentials after connecting. The default value is 120 seconds. 

PWWF(config)# ip ssh time-out 60

Then we can change the number of allowed SSH authentication retries that are allowed.

PWWF(config)# ip ssh authentication-retries 3

Next up is to configure all of the line vty (virtual terminal).
We will configure the following :

  • set the input transport to SSH only
  • set the login type to local logins.
  • set the passwords to use strong encryption
  • set a timeout for inactive sessions (in minutes)
PWWF(config)# line vty 0 15
PWWF(config-line)# transport input SSH
PWWF(config-line)# login local
PWWF(config-line)# password 5
PWWF(config-line)# exec-timeout 10
PWWF(config-line)# exit
PWWF(config)# exit
PWWF#

The final step is to save our configuration changes with the following command.

PWWF# write

Now you can close your terminal session and connect to your device over SSH.

You can verify that SSH access is enabled on your device with the following command.

PWWF# sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 60 secs; Authentication retries: 3

If you have not yet created a user credentials, or if you wish to add a new user, here is the command.

In this example, the user name is “bob” and the password is “Aloha1234”

PWWF# conf t
PWWF(config)# username bob secret Aloha1234
Category: Cisco | LEAVE A COMMENT
16 May 2020

TEI_ASSIGNED

So I’ve had the unlucky experience of having to deal with the PRI connected to a T1 controller card on a Cisco 4321 Integrated Router that fails to come back up “online”, EVERY time the router gets power cycled.

Let me tell you… It is annoying! I don’t even want to try to tell you how many hours have been spent listening to hold music while getting in touch with the provider just to have them “run tests” from their side and say that the layer 1 connection is active, so it’s our problem, not theirs.

Basically, what has been happening is that after the router gets rebooted, the D-channel of the PRI gets locked up and doesn’t want to get in sync with the provider to allow inbound or outbound calls. Whenever we ran “show isdn status”, the layer 2 status would come back as “TEI_ASSIGNED” instead of the desired “MULTIPLE_FRAME_ESTABLISHED”. This PRI is connected to a MGCP gateway and in the end we basically either have to clear counters to reset the interface or rebind and rebuild the MGCP connection before it all comes back up.

Luckily since we have been able replicate the issue on every power cycle (whether or not it was an intentional power cycle), and I kept notes which I’m about to share, we have also been able to repeat the same steps to bring it back “online”.

My disclaimer: This worked for me, in the particular environment I referenced above. I have not tested this in any other environment. YMMV. You copy me at your own risk, and I am not responsible for any changes/damages you cause to your environment. These are purely just my notes for the previously mentioned environment.

From the console run the following command.

4321#show isdn status

Reading the output from the above command, summarized, the desired states are:

  • Layer 1 status: Active
  • Layer 2 status: MULTIPLE_FRAME_ESTABLISHED

If layer 1 is “Active” then it means that the circuit with your provider should be good. If it is not showing as “Active”, then first check that the physical cable is connected and isn’t damaged. If it looks okay, then get on your cell phone and call your provider.

If layer 2 status is “MULTIPLE_FRAME_ESTABLISHED” then you shouldn’t be having problems. Try another test call to verify that everything is working now, then go home. LOL.

However, if you’re in a situation similar to me, then you can’t make any calls and your layer 2 status is showing as “TEI_ASSIGNED”. The first, and easiest, thing to try is to clear the counters. This resets the interface. You can then recheck to see if the layer 2 status has changed. You can use the following command to clear the counters and recheck the ISDN status.

4321#clear counters
4321#show isdn status

If that did not work and your layer 2 status is still “TEI_ASSIGNED” then the next step is to try to restart the T1 controller. Then recheck the ISDN status. Use the following commands to do so.

4321#clear controller t1
4321#conf t
4321(config)#controller t1 0/1/0
4321(config-if)#shutdown
4321(config-if)#no shutdown
4321(config-if)#exit
4321(config)#exit
4321#show isdn status

Did that work for you? Hopefully it did. But if it did not work, then there is one more thing to try. Rebind the layer 3 to call manager and then teardown and rebuild the MGCP connection, and recheck the ISDN. Use the following commands to do so.

4321#conf t
4321(config)#interface serial 0/1/0:23
4321(config-if)#isdn bind-l3 ccm
4321(config-if)#no mgcp
WARNING: no mgcp: Teardown MGCP application may take a while to clean up resources
4321(config-if)#mgcp
4321(config-if)#exit
4321(config)#exit
4321#show isdn status

Okay, now the layer 2 status should be coming back as “MULTIPLE_FRAME_ESTABLISHED” after checking the ISDN status. If it does not, then you really should be beginning to open a TAC case with Cisco to figure out WTF is going on.

Hope this helps someone! Keeping these notes handy has definitely helped me, more than once. Also, FWIW, the one Cisco PDF that I did find somewhat helpful when troubleshooting this was: https://www.cisco.com/c/en/us/support/docs/wan/t1-e1-t3-e3/8131-T1-pri.pdf

Category: Cisco | LEAVE A COMMENT
8 May 2020

Export/Import Putty Sessions

If you’re like me you probably use one machine heavily. You have all of the hosts and devices which you connect to regularly, saved in Putty. but what if you want to conveniently share all of those saved settings with a coworker, or back them up so you can restore them in the future to a new PC.

Putty saves all of those ‘saved’ sessions in the Windows registry. While you’re not able to export them directly from Putty, you can use the command line to export either just the sessions, or all settings, from putty.

Note: These instructions only work with the ‘regular’ installed version of Putty on Windows. They will not work with the portable version.

Export

Open a Command Prompt (or PowerShell) as an Administrator.

Export only sessions with this command:

regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

Export all settings with this command

regedit /e "%USERPROFILE%\Desktop\putty.reg" HKEY_CURRENT_USER\Software\SimonTatham

This will create a “reg” file on the desktop of the current user. It will not export SSH keys. Do not replace “SimonTathom” with your username, Simon is the author of Putty and that is the name that particular folder inside the registry where the settings are saved.

Import

Copy the reg file to the machine which you want to import the putty settings on.

Double-click on the .reg file and accept the import.

Category: Microsoft, Windows 10 | LEAVE A COMMENT
24 April 2020

RDP on Raspberry Pi

If you are like me, the computers around my house are predominately Windows based. Which is fine until you try to remotely connect to the desktop of your RPi. The Raspbian OS just doesn’t work MS’s Remote Desktop Protocol out of the box.

It can though, and all it takes a few is a few steps to enable to the RDP on Raspbian. And in my opinion, since I’m mostly on Windows, it is well worth it just for the convenience. I’ll be using Raspbian Buster in my examples below. If you’re not already on Buster, check out my article on upgrading Stretch to Buster.

Installing Xrdp on Rpi

Lets begin by updating your RPi with the following commands.

sudo apt update && sudo apt upgrade

Lets install Pixel on our RPi. Pixel is the default desktop environment on Raspbian desktop images. It’s stable, light weight, and fast. Which is perfect for running remotely on our RPi. To install Pixel, use the command below.

sudo apt-get install raspberrypi-ui-mods xinit xserver-xorg

After installing Pixel, it’s time for a reboot

sudo reboot now

Next we install the Xrdp package. It is available in the default Raspbian repositories. Use the command below to install Xrdp.

sudo apt install xrdp

The service will automatically start once it has installed, but we can check it’s status with the following command. It should display the status of “running” on the screen.

systemctl show -p SubState --value xrdp

Lastly we need to add the user that is running the service to the “ssl-cert” group. Xrdp uses the key file “/etc/ssl/private/ssl-cert-snakeoil.key” which is only read-able to the users of the “ssl-cert” group. USe the folowing command to add the user to the group.

sudo adduser xrdp ssl-cert

Your RPi now supports RDP! You can easily connect to it using the MS Remote Desktop Connection your Windows machines.

Connecting to your RPi from Windows

From your windows machine, click on the ‘Start menu’ or Windows Search field and type “remote”.

Once the Remote Desktop Connection App launches, enter the IP address of your RPi. Then click the “Connect” button.

Enter the login credentials for your RPi. Then click ‘Ok’.

BAM! Just like that you have successfully connected to and just RDP-ed into your RPi. Well done!

Category: Linux, RaspberryPi, Raspbian | LEAVE A COMMENT
18 April 2020

Network (RPi) Printer

Using a simple RPi we can turn an otherwise normal USB printer into a network printer. Making it easier to print from anywhere in your house, and using any computer in your house. Literally breathing a bit more life into your “old” printer that you were just considering tossing away.

We’ll take advantage of the CUPS software to make this happen. CUPS stands for Common Unix Printing System and is what runs most Linux printing software. It’s going to be the bit that does the communication to your printer to properly print your files. Lets get started…

To save some time before you do do this… First check if your printer is supported by visiting this link: https://www.openprinting.org/printers

Setting up CUPS

Open a terminal window or SSH into your RPi.

Make sure your RPi is up-to-date with the following commands:

sudo apt-get update
sudo apt-get upgrade

Install CUPS with the following command

sudo apt-get install cups

Add the user ‘pi’ to the ‘lpadmin’ group. This will allow your user ‘pi’ to access all of the administrative functions of CUPS without having to be a superuser. Use the following command.

sudo usermod -a -G lpadmin pi

We need to make CUPS accessible to your whole network. Currently it is only accessible on the RPi itself. To allow it to accept all traffic, use the following commands.

sudo cupsctl --remote-any
sudo /etc/init.d/cups restart

You can now access the RPi print server from any computer on your network. Use the following command if you are unsure of your IP adderss.

hostname -I

Now with that IP address open a web browser and enter the following url, replacing <ip-address> with the IP address of your RPi

http://<ip-address>:631

To allow our CUPS printer server to talk to Windows and to let our windows computers print to it, we need to setup SAMBA on the RPi. Use the following command to install SAMBA.

sudo apt-get install samba

After installing SAMBA, we will need to make a few edit it’s configuration file. Use the following command to open it’s config file in the nano editor.

sudo nano /etc/samba/smb.conf

Scroll down to the end of the file. Edit it to make it match the following:

# CUPS print server  
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = yes
read only = yes
create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = no
guest ok = no

Save and exit the editor by pressing ‘Ctrl-X’, then ‘Y’, then ‘Enter’

Restart SAMBA with the following command to load our configuration changes.

sudo systemctl restart smbd

Adding a printer to CUPS

Now with the software portion installed, we need to add the printer to CUPS. Make sure that you have turned the printer ‘On’ and that you have it connected to your RPi.

Open a web browser and enter the following url, replacing <ip-address> with the IP address of your RPi

http://<ip-address>:631

Click on the ‘Administrative’ tab at the top of the page.
Then click the “Add Printer” button.

On the ‘Add Printer’ screen select the name of the printer you want to set up, and click “Continue”.
In this example, we are setting up a HP LaserJet P2055d printer.

Note: If your printer appear on the screen, make sure that it is indeed ‘On’ and connected to your RPi. After verifying that it is, if it is still not appearing, you may need to try restarting your RPi while leaving the printer ‘On’ and connected.

This screen is where you give your printer a name, set a description for it, and a location. The most important thing to do on this screen is to click the tick box for “Sharing: Share This Printer”

On this screen you will select the model of your printer. CUPS tries to auto-detect the model of printer and will select a driver based off what you select. Your selection will differ from mine. Once you are happy with your selection, click the “Add Printer” button at the bottom.

The final screen will let you set the default printer options; paper size, tray, resolution, double-sided, etc….

While not required, I like to give the RPi one more reboot after adding the printer.

To check the status of the print and it’s print queue, use the following command on the RPi.

lpq HP_LaserJet_P2055d

It will display the printer name and if it’s “ready” and if any print jobs are pending.

Adding RPi printer to Windows 10

One thing I noticed when trying to add the printer to to my Windows 10 machines is that I had initially had problems auto-detecting and adding it. It just simply would not work. After a bit of searching the internet, I found a solution that did work for me.

Click on the ‘Start Menu’ and start typing “Printers”, then click on ‘Printers & scanner’.

Click on ‘Add a printer or scanner’

Windows will begin searching for printers… After a moment a link that appears that says “The printer that I want isn’t listed”. Click on that link.

This will open a ‘Add Printer’ window.
Click on the option “Select a shared printer by name”

Enter the “name” of your shared printer in the following format, then click ‘Next’.

http://<RPi/CUPS-IP_Address>:631/printers/<PrinterName>

  • Replace <RPi/CUP-IP_Address> with the IP address of your RPi
  • Replace <PrinterName> with the name of your shared printer

Note: You might have to manually select your printer driver if it is not automatically detected.

The page will show that the printer has been successfully added, and it will appear in your “Printers & scanners”

You can now print to your RPi printer!

Category: Linux, RaspberryPi, Raspbian | LEAVE A COMMENT
17 April 2020

RDS customizations

This is a bit of a long post, so I apologize in advance… Sorry, but not sorry. There are a lot of things that you can customize in a RDS / RD Web Access deployment.

I’m doing these edits, or customizations on a Windows Server 2019 deployment, they should [in theory] work though on RDS deployments as far back as Windows Server 2012/R2, though your mileage may vary – see disclaimer below.

Standard disclaimer… Make sure to backup folders and files before you start making changes. I’m not responsible for anything you break, you’ve been warned.

Eliminate “/RDWeb” from the RDS URL

When adding the RD Web Access role on your remote desktop gateway or broker, it will auto-magically create the RDWeb website in IIS for you.

RDS sets up the the url for your site in the following format: “rds.playswellwithflavors.com/RDWeb” or “example.com/RDWeb”. However, you likely are not using this IIS host to serve up any other webpages other that RDS Web Access… So you probably want to eliminate the need for user to have to enter that “/RDWeb” at the end of the url. And make it appear as just “rds.playswellwithflavors.com” or “example.com”.

Microsoft makes this very easy to accomplish with a simple redirect in IIS.

  • Open IIS.
  • Click on the ‘Default Web Site’ in the left-side pane.
  • Click on ‘HTTP Redirect’ in right-side pane.
  • Check the box for ‘Redirect requests to this destination’.
    Enter in the field under it: /RDWeb
  • Click ‘Apply’.
  • Restart IIS
  • Test your website to confirm that you can reach it with the base url, without the “/RDWeb” appended at the end.

Password Reset Link

This customization will edit the Web Access Login Page to add a password reset link where users can change their AD passwords from the main login page.

  • Open IIS
  • In the left-hand pane, drill down into “Server”->”Sites”->”Default Site”->”RDWeb”->”Pages”
  • Double-click on “Application Settings” in the right-hand pane.
  • Find the value “PasswordChangeEnabled” and double-click on it. Edit it to ‘True’.
  • Click ‘Ok’.

Now that we edited that value to ‘true’, if the user’s password expires they will be prompted to change their password. That’s handy, right!?
Well, if you liked that, then let me tell you that it is possible to go one step further and make a link on the main page for them to reset their password, anytime.

  • Open the following folder: %windir%\Web\RDWeb\
  • Since we are going to be editing stuff here, make a backup copy of the “Pages” folder.
  • Now open the folder: %windir%\Web\RDWeb\Pages\en-US\
  • Right-click on the file “login.aspx” and select ‘Edit’.
  • With the file open, press “Ctrl+F” and then search for “userpass”.
  • Scroll down under the table that “userpass” is in. This is where we want to add our password reset link. Copy the code below and paste it into your file, then save and close it.
<tr>
<td align="right">
Click <a href="password.aspx" target="_blank">here</a> to reset your password.
</td>
</tr>
  • Reload the page in your browser to view the password reset link.

Change “Domain\user name” to “Email”

At the Web Access login page, I like to change the prompt for “Domain\user name” to “Email Address”. Call me cynical, but I find that users can remember their email address, but will almost always call and ask what to put as the domain. I like to just change this to what the user will understand and prevent them from needing to call me.

  • Now open the folder: %windir%\Web\RDWeb\Pages\en-US\
  • Make sure that you have already made a backup copy of the “Pages” folder.
  • Right-click on the file “login.aspx” and select ‘Edit’.
  • Look for “L_DomainUserNameLabel_Text” on line 21.
  • Change the value “Domain\\user name:” to “Email Address:”.
  • Look for “L_DomainNameMissingLabel_Text” on line 30.
  • Change the value “You must enter a valid domain name.” to “You must enter a valid email address.”
  • Save and close the file.
  • Reload the page in your browser to view the change.

Change the “Work Resources” text on the Login page

This will let you customize the text displayed with your logo in the upper left corner of the RDWeb login page.

  • Open an administrator PowerShell window on the RD Connection Broker.
  • Enter the following command: Set-RDWorkspace -Name "<YourBrandingHere>"
  • Reload the page in your browser to view the change.

Changing the RD Logos

You can brand your RD Web Access page with your company logo. There are two logos you can change. One is in the upper left corner, and the other one is smaller and in the upper right corner.

  • Take your logo image and resize it into two .png files with the names and dimensions specified below;
    • logo_01.png – 16pixels x 16pixels
    • logo_02.png – 48pixels x 48pixels
  • Now open the folder: %windir%\Web\RDWeb\Pages\images\
  • Make sure that you have already made a backup copy of the “Pages” folder.
  • Copy and paste the your logo image files into this folder.
  • Open IIS and restart the service.
  • Reload the page in your browser to view the change.
  • The “logo_01.png” file will replace the icon in the upper right corner.
  • The “logo_02.png” file will replace the icon in the upper left corner.

Change the “To protect against” message

This is the message on the login page that is beneath the “Sign In” button. You can customize it to your own message.

  • Now open the folder: %windir%\Web\RDWeb\Pages\en-US\
  • Make sure that you have already made a backup copy of the “Pages” folder.
  • Right-click on the file “login.aspx” and select ‘Edit’.
  • Look for “L_TSWATimeoutLabel_Text” on line 43.
  • Modify that value there to include your custom message.
  • Save and close the file.
  • Reload the page in your browser to view the change.

Change the RD Workspace name and other text

You can customize other text displayed on your RDWeb login page. Things like the page title and other small branding type changes…

  • Now open the folder: %windir%\Web\RDWeb\Pages\en-US\
  • Make sure that you have already made a backup copy of the “Pages” folder.
  • Right-click on the file “RDWAStrings.xml” and select ‘Edit’.
  • Make changes as desired to reflect what you want displayed;
    • PageTitle, line 3
    • HeadingRDWA, line 10
    • HeadingApplicationName, line 11
    • Help, line 12
  • Reload the page in your browser to view the change.
    • Note: Chrome based browsers like to cache these… Use a private browsing tab, or flush your browser cache if the changes are not appearing after reloading the page.

Remove ‘Help’ Link

This will remove the ‘Help’ link on the RDWeb login page that links to this MS documentation.

  • Now open the folder: %windir%\Web\RDWeb\Pages\
  • Make sure that you have already made a backup copy of the “Pages” folder.
  • Right-click on the file “site.xsl” and select ‘Edit’.
  • Press ‘Ctrl+G’ and enter 150, to go to line 150
  • Select and then delete lines 150-158.
  • Open IIS and restart the service.
  • Reload the page in your browser to view the change.

Change the Server Logo on Login Page

You can remove the “Server 2012” or “Server 2016” or “Server 2019” logo that is on the login page. I like to replace it with a 1px-by-1px transparent image. It won’t do much overall… But perhaps it’ll make a malicious person have to work a tad bit harder to determine what you’re OS you are on.

  • Replace the following image: %windir%\web\rdweb\pages\images\WS_h_c.png

Change the Microsoft Logo on Login Page

You can remove the “Microsoft” logo that is on the login page. I like to replace it with a 1px-by-1px transparent image. It doesn’t hurt anything being there, but if you’re cleaning up and editing the branding of your site, why would you leave this logo on it?

  • Replace the following image: %windir%\web\rdweb\pages\images\mslogo_black.png

If I come across other customization tips I’ll add them here…

Category: Microsoft, Windows 2012/2012R2, Windows 2016, Windows 2019 | 1 Comment on RDS customizations
12 April 2020

Upgrade Raspbian Stretch to Buster

These instructions are taken from the Raspberry Pi Blog.

As with all major version changes, it is my recommendation to download a new clean image and start fresh with a clean system. (Raspbian Download page)
I don’t know what changes people have made to their system, and so have no idea what may break when you move to Buster. The instructions below will likely work on your system. However, that does not guarantee that it will work on your system.

I cannot provide support (or be held responsible) for any problems that arise if you try it. You have been warned! Make a backup before even considering to attempt this…

Open a terminal or SSH window to your RPi.
In the files /etc/apt/sources.list and /etc/apt/sources.list.d/raspi.list, change every use of the word “stretch” to “buster”.

sudo nano /etc/apt/sources.list
sudo nano /etc/apt/sources.list.d/raspi.list

Then run the following command

sudo apt update && sudo apt dist-upgrade

Wait for the upgrade to complete, answering ‘yes’ to any prompt. There may also be a point at which the install pauses while a page of information is shown on the screen – hold the ‘space’ key to scroll through all of this and then hit ‘q’ to continue.

The update will take anywhere from half an hour to several hours, depending on your network speed. When it completes, reboot your Raspberry Pi.

When the Pi has rebooted, launch ‘Appearance Settings’ from the main menu, go to the ‘Defaults’ tab, and press whichever ‘Set Defaults’ button is appropriate for your screen size in order to load the new UI theme.

Buster will have installed several new applications which we do not support. To remove these, open a terminal window and run the following command.

sudo apt purge timidity lxmusic gnome-disk-utility deluge-gtk evince wicd wicd-gtk clipit usermode gucharmap gnome-system-tools pavucontrol

Then run

sudo apt autoremove

The reboot your RPi one last time to complete the upgrade process.

To check the OS version of Raspbian you are running, run this command.

cat /etc/os-release

And remember…. Make a new backup of your RPi once you have finished testing things out on your new upgraded OS version.

Category: Linux, RaspberryPi, Raspbian | LEAVE A COMMENT
12 April 2020

Restoring your RPi

As I’ve said before, the data running on your RPi is only as good as it’s last backup. You have already backed up your RPi, right?

This article is going to cover how to restore the backup image of your RPi with Windows. While can also restore it using Linux or MacOS, I’m not going to cover those as I primarily use the Windows Operating System. If you desire more info on the RPi backup/restore process, please consult the official documentation here.

Restore on Windows

In Windows, we’ll use a utility called “Win32 Disk Imager”. If you followed my previous article on backing up your RPi you should already have it installed. If you haven’t, please go download and install Win32 Disk Imager onto your computer. It is this software that will allow us to restore the full image copy we made back to the micro-SD card of your RPi.

On your Windows computer, open the Win32 Disk Imager program.

In the upper right, under ‘Device’, select the drive letter of the card reader.
Mine is “D:\”, your will likely be different.

In the ‘Image File’ box, click on the folder button to browse to, and select, the location of your backup image file, which you’d like to restore.

Click the ‘Write’ button at the button to begin restoring your backup image.
There will be a popup message that warns about writing to the device, click ‘Yes’ and it will begin your restore

Once the restore completes, there will be a popup message stating that the write is complete that you need to click ‘OK’ to.

Your restore is now complete!

Go ahead and eject the card from your card reader and return it to your RPi. You can then reconnect the power and turn it back on. Everything should be there, exactly as it was at the time you made the backup.

Category: Backups, Linux, RaspberryPi, Raspbian | LEAVE A COMMENT
12 April 2020

Backing up your RPi

Like any other computer system, the data running on your RPi is only as good as it’s last backup. Heck, have you ever even backed-up your RPi since you got it up and running? Well let me show you how to get backed-up so that you can get back up in the event that you ever have a RPi catastrophe.

This article is going to focus on backing up your RPi with Windows. While can also back it up using Linux or MacOS, I’m not going to cover those as I primarily use the Windows Operating System. If you desire more info on backing up your RPi, please consult the official documentation here.

Backup on Windows

In Windows, we’ll use a utility called “Win32 Disk Imager”. Go ahead and download and install Win32 Disk Imager onto your computer. It will allow us to make a full image copy of the micro-SD card that is used in our RPi. That way we can restore a 1:1 image of that micro-SD card as it is at the time of backup, back onto the card or onto a new card if we ever need to. We can keep that image copy on a desktop or NAS or cloud storage.

Start by shutting down the RPi with the following command.

sudo shutdown now

One the RPi has shut down, disconnect the power. You can now pull the micro-SD card out of it. Place it into the the card reader on your Windows computer. This might be a usb adapter that you are using, or there might be a SD slot on your laptop that will take a “micro-SD to SD card” adapter.

On your Windows computer, open the Win32 Disk Imager program.

In the upper right, under ‘Device’, select the drive letter of the card reader.
Mine is “D:\”, your will likely be different.

In the ‘Image File’ box, click on the folder button to browse to, and select, the location of where you would like to save the image file to.

Click the ‘Read’ button at the button to begin creating your backup image.

Once the backup completes, there will be a popup message you need to click ‘OK’ to.

Your backup is complete!

Go ahead and eject the card from your card reader and return it to your RPi. You can then reconnect the power and turn it back on.

You can now restore you RPi to this point-in-time image when anything ever goes wrong in the future.

Category: Backups, Linux, RaspberryPi, Raspbian | LEAVE A COMMENT
10 April 2020

Manually force an Azure AD Connect sync

The Azure AD Connect tool has a default sync schedule to run every 30 minutes. However sometime you need changes you make to get sync-ed NOW! So from time-to-time it’s necessary to manually force Azure AD Connect to run and sync your on-prem AD up to Azure AD. This can be done with PowerShell as either a full sync or a delta sync.

Open Powershell.

If you’re running PowerShell on the server where AD Connect Sync resides, you can skip this step. Connect to the AAD Connect Sync server by running the following command to create a PSRemoting session. Replacing <SERVERNAME> with the name of your AD Connect server.

Enter-PSSession -ComputerName <SERVERNAME>

Import the ADSync module with the following command.

Import-Module ADSync

Run one of the following command to manually force the sync.

For a Delta Sync (most commonly use cases)

Start-ADSyncSyncCycle -PolicyType Delta

For a Full Sync (less common use cases)

Start-ADSyncSyncCycle -PolicyType Initial

If you used the “Enter-PSSession” command earlier, then you need to exit that session. Otherwise it will stay open even after terminating the connection. To close the “PSSession” use the following command:

Exit

Category: Microsoft, PowerShell | LEAVE A COMMENT