Posts

Latest Post

Customize cloud images for linux using guestfish

Steps for customizing cloud images for linux using guestfish: 1. Install guestfish
yum install guestfish
2. Run the guestfish command on the image you want to customize.
guestfish --rw -a <image>
3. Type run in the next prompt and press Enter.
>run 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ --:-- 4. Type list-filesystems in the prompt to see the filesystems in the cloud image.
> list-filesystems
5. Mount the appropriate filesystem.
mount /dev/sda2 /
6. Make changes to the corresponding files as required.
7. Type exit to save changes and exit.
exit


Office 365 User unable to book room on-premise in Exchange Hybrid environment

In a federated environment, an Office 365 user was unable to book meeting in room which was on-premise. After tracing the messages created for booking the room, it was confirmed that the message indeed reached but the room was rejecting it for some reason.
The room was rejecting the meeting request as it was considering the Office 365 user as an external user.

So to solve this, we need to run the following command in the On-premise Exchange environment if we want to allow all the rooms:

Get-Mailbox | where {$_.RecipientTypeDetails -like "Roommailbox"}| Get-CalendarProcessing | Set-CalendarProcessing -ProcessExternalMeetingMessages $true

For single room, run the following command:

Get-CalendarProcessing -Identity <Room name> | Set-CalendarProcessing -ProcessExternalMeetingMessages $true 

Now the Office 365 user will be able to book the on-premise meeting room. (This is assuming that the free/busy calendar sharing is already enabled in the federated environment.)


Nutanix Calm Blueprint for Single Linux VM

Image
Here is the first Nutanix Calm blueprint which creates a Linux VM and installs Nginx using a Chef role.

1. First we need to upload the RedHat qcow image into the Nutanix PC image repository. 
2. Create a blueprint.


3. Select the cloud. Here we have the options: Nutanix, VMware, AWS and GCP. Nutanix is your on-premise Nutanix infrastructure which we will be using in this example.






3. Select the Redhat image under images. (Note: I customized the image by setting the root password so that I could use it for the blueprint. I will publish the method in a separate blog post.)


4. Select Cloud-init under "Guest Customization".

5. Here is the script I used for cloud-init:

https://github.com/jsam316/NTNX/blob/calm/chefcloudinitconfig.yml
@@{name}@@ is the variable for the name of the virtual machine. Here the script downloads and installs the chef client
and allows httpd service in the firewalld daemon and then runs chef-client and assigns the role created.

6. Enter the credentials i…

On-board Linux computers to Azure Log Analytics

For on-boarding linux servers to Azure log analytics, just execute the command on the respective server:
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -p [protocol://][user:password@]proxyhost[:port] -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
In few cases like mine, the servers will not have access to internet and we will need to install the downloaded oms agent package with the proxy information. 
sh omsagent-1.6.0-42.universal.x64.sh --install -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY> -p [protocol://][user:password@]proxyhost[:port]
The proxy can have username and password for authentication and even if no proxy authentication is required, we will need to enter a dummy username and password which in the example below is azure and azure.
sh omsagent-1.6.0-42.universal.x64.sh --install -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMA…

Renewal of ADFS signing certificate affects third party services like Oracle cloud and Service-Now

Recently we experienced an outage with third party services like Oracle cloud and Service-Now which were integrated with ADFS.


ADFS creates a new signing certificate and makes it primary 20 days and 15 days respectively before the expiry of the current certificate. After this, the 3rd party services are unable to communicate with ADFS for SSO purposes.

The new federated xml will have information of both the primary and secondary certificates during this period. We will need to edit this XML before uploading to the 3rd party services using respective global administrator accounts.

Look for the following piece of code as show below:

<KeyDescriptor use="signing">             <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">                 <X509Data>                     <X509Certificate>****</X509Certificate>                 </X509Data>             </KeyInfo>         </KeyDescriptor>
You will find two instances of th…

Publishing SCOM certificate for workgroup computer

1. Create the certificate request as below:

 a. Create request.inf with the following configuration:

  [NewRequest]   Subject="CN=<Servername>"   Exportable=TRUE   KeyLength=1024   KeySpec=1   KeyUsage=0xf0   MachineKeySet=TRUE   [EnhancedKeyUsageExtension]   OID=1.3.6.1.5.5.7.3.1   OID=1.3.6.1.5.5.7.3.2
 b. Run the following command to create the request from the request.inf created above:

certreq -new -f RequestConfig.inf BinaryRequest.req

2. Submit the request to the CA (Standalone or Enterprise) and export the certificate as pfx.

3. In the Workgroup computer, run the following commands:

MOMCertImport.exe /RemoveMOMCertImport.exe C:\<certificate name>.pfx /Password <Password>

Reset password in RHEL 7

1. Reboot to GRUB and press 'e' after highlighting the boot-up entry.
2. Scroll to the line starting with 'linux16' and enter the following at the end of the same line:
rd.break console=tty1
3. Press Ctrl + x to boot with options specified in step 2.
4. The bootup will lead to a single prompt command line.
5. Enter the following commands to change the pasword:
mount -o remount,rw /sysroot
chroot /sysroot
passwd -> Enter the password twice.
touch / .autorelabel -> This is to make sure the SELINUX permissions are not disturbed.
exit
6. After step 5, the reboot will be complete and now you will be able to login with your new root password.