Upgrading OpenVPN VMWare Virtual Appliance

Upgrading is relatively easy because the OpenVPN Access Server is just a Debian package that runs on Ubuntu 14. Before upgrading OpenVPN it is a good idea to update the Ubuntu 14 server itself. You can use the standard:

apt-get update
apt-get upgrade

Next, find the latest Ubuntu package from this page: https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu. Copy the link for the Ubuntu 14 64-bit package. The current download for the 2.0.24 version is http://swupdate.openvpn.org/as/openvpn-as-2.0.24-Ubuntu14.amd_64.deb.

SSH into the appliance and run:

wget http://swupdate.openvpn.org/as/openvpn-as-2.0.24-Ubuntu14.amd_64.deb
dpkg -i openvpn-as-2.0.24-Ubuntu14.amd_64.deb

This will upgrade the VMWare ESXi OpenVPN Virtual Appliance to the latest version.

Installing Dell OpenManage Server Administrator on VMWare ESXi 5.5

Installing Dell OMSA on a ESXi server allows you to see more detailed information regarding the Dell hardware. It also allows you to perform operations such as specifying hot spares and rebuilding RAID arrays. After you install OMSA on the ESXi server you can install the OMSA web-based GUI on another Windows PC or Server in order to access OMSA.

The steps below will get OMSA up and running on VMWare ESXi 5.5. Be sure to download the version of the OMSA Offline Installation Bundle that corresponds to your version of ESXi.

Read more

Microsoft Remote Desktop for Mac

Microsoft released their new remote desktop client for mac on October 17th, 2013. This comes after HLW Software Development (developer of iTap RDP for iOS, Mac and Android) announced they were discontinuing their products on October 8th.

This had us worried since we have multiple customers that use iTap on their Mac and iOS devices and we always have more customers that need to be set up. Since the iTap products were the only RDP apps for Mac and iOS that could work with a Terminal Server Gateway it didn’t us any other options. Luckily, Microsoft announced their new RDP clients, based on the iTap codebase, only 9 days after discontinuing the iTap products.

The new apps are not only a rebranding of the existing software, they contain a few enhancements. The greatest enhancement, for us and our clients anyway, is RemoteApp integration. That allows single apps to be run from a RDP session similar to what Parallels Coherence and VMWare Fusion Unity does for local VMs.

By clicking on Remote Resources you can enter the address of your RDWeb URL, your username and password and be presented with a list of published RemoteApps. This gets us one step closer to being able to recommend Apple devices to our clients without worrying about computability with Microsoft systems.

The Mac version can be found on the Mac App Store.

Reclaiming space from WSUS

If you’re not using WSUS then there are several things you can do to remove those gigabytes of updates that have accumulated. The best method of doing this is to disable WSUS instead of trying to uninstall it which may be a problem on SBS 2003 or SBS 2008. Here is how you do it:

  • Open Windows Server Update Services in Administrative Tools
  • Expand the server and click on Options
  • Open Synchroniztion Schedule and change it to Manual
  • Open Automatic Approvals and delete the automatic approval rule
  • Expand Updates > All Updates. Select all updates, right click and select Decline
  • Click on Options and Server Cleanup Wizard and run the wizard

Cracking windows passwords with ophcrack and rainbow tables

Our company specializes in both system administration and also computer forensics. One skill that I find useful in both areas is the ability to reverse passwords residing in a windows domain.

As you may know, NT passwords are created using a one way hash algorithm, which means, they can not be decrypted to obtain the plaintext password. But, what if you had a listing of the hashes of every password? Then you would just be able to compare the hashes until you found one that matched, right?

Well, this is certainly possible. To crack windows XP and server 2003 passwords that are less that 14 characters and contain letters, numbers and symbols, you’ll need about 7.5GB of “rainbow tables.” These tables are the listings of plaintext passwords and their corresponding hash. The entire process will require a few tools:

  • pwdump or the newer fgdump: This will export the password files from a local computer or a windows domain to a .pwdump file.
  • Ophcrack: This is a utility that is used to compare the .pwdump file to the rainbow tables.
  • Rainbow Tables: these were explained earlier. They can be purchased or you can download a utility to create them yourself.

Once you have all the tools, the process is pretty simple. The recovery rate is pretty high for Windows XP and Server 2003. Password hashes have change for Vista, Windows 7 and Server 2003 so you’ll need a different set of rainbow tables that can be acquired similarly to the XP tables.

Sophos Automated Software Rollout

I recently had to install the Sophos Anti-Virus suite at a client office and had issues with a few PCs during the automated rollout of the software. The problem seemed to be that the server with Sophos Control Center was not able to remotely administer several client PCs. The way I was able to test this out was by using Computer Manager to test connecting to each one of the PCs I was having problems installing the software on.

On each PC experiencing the issue, I was not able to remotely connect with Computer Manger. Once I was able to connect with Computer Manager, the Sophos software installed successfully.

There were two reasons this was failing in our environment consisting of Windows XP and Windows 7 workstations.

The problem with Windows XP was that the XP firewall as blocking remote administration. I solved this problem by setting the firewall to allow remote administration through group policy. To do this:

  1. From the server desktop, click Start, click Run, type mmc, and then click OK.
  2. On the File menu, click Add/Remove Snap-in.
  3. On the Standalone tab, click Add.
  4. In the Available Standalone Snap-ins list, click Group Policy Object Editor, and then click Add.
  5. In the Select Group Policy Object dialog box, click Browse.
  6. In the Browse for a Group Policy Object, click the Group Policy object that you want to update with the new Windows Firewall settings. I decided to choose Default Domain Policy since then it would apply to all PCs in the domain.
  7. Click OK.
  8. Click Finish to complete the Group Policy Wizard.
  9. In the Add Standalone Snap-in dialog box, click Close.
  10. In the Add/Remove Snap-in dialog box, click OK.
  11. In the console tree, open Computer ConfigurationAdministrative TemplatesNetworkNetwork Connections, Windows Firewall, and then Domain Profile.
  12. Edit the properties for Windows Firewall: Allow Remote Administration Exception.
  13. Select enable and enter the IP of your server so that you don’t open up remote administration to everyone.

After a restart of the PC, you should be able to deploy Sophos or any other remotely installed software.

For Windows 7 PCs, the problem was that remote administration and installation of software requires the remote registry service to be running. It is set to Automatic startup on Windows XP but set to Manual startup on Windows 7. After changing the startup type to Automatic and starting the service I was able to easily deploy Sophos.