Thomas Faddegon – Wapnet Blog

Policy WSUS: “Automatically download updates and install them on the schedule specified below” don’t work…!!!?!

So I configure a “configure automatic updates” policy for testing purposes but the auto update and install won’t work. The main cause….? Lack of patience 😉

How this Policy works (source):

The Windows Update Agent periodically checks the WSUS server for updates. Updates it finds, it reports state for: Installed, Not Installed, Not Applicable. If a “Not Installed” update is approved and available, the WUA queues the installation files for download if the Configure Automatic Updates policy is set to AUOption ‘3’ or ‘4’.

The download occurs via Background Intelligent Transfer Service (BITS) subsequent to the WUA finding the update as available for download.

When the download of the update is completed, the WUA does one of two things:

If the Configure Automatic Updates policy is set to AUOption ‘4’, then the WUA will schedule the update for installation at the scheduled time. This scheduled installation does NOT require access to the WSUS server to be conducted.
If the Configure Automatic Updates policy is not set to AUOption ‘4’, then the update will be retained on the client computer until a user launches the Windows Update applet from Control Panel and initiates the installation.

So bottom line; the updates must first be downloaded on the client and ONLY then will Windows apply the “Automatically download updates and install them on the schedule specified” action

To force a client (source):

$updateSession = new-object -com "Microsoft.Update.Session"; $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates Start-sleep -seconds 10 wuauclt /detectnow wuauclt /reportnow c:\windows\system32\UsoClient.exe startscan

After this commands BITS will download the updates and prepare the installation. When you start Windows update you can see the available update

The default of the WSUS communication check-in (report and detect) is 22 hours. If you don’t want to wait so long you can change the “automatic updates detection frequency” to every hour (do not to this every hour on production policies!)

And now wait till the magic happens 🙂

Last but now least. When you change setting in the “configure automatic updates” policy you can trigger the client with powershell so you don’t have to reboot the client

gpupdate /force
net stop wuauserv
net start wuauserv
(new-object -Comobject Microsoft.Update.AutoUpdate).Detectnow()

You get get more information about Windows update log with the command.

Get-WindowsUpdateLog

Happy updating!

Create a local TCP port for a remote server on a ubuntu/debian server

You can do this stuff with netcat and inetd

apt-get install openbsd-inetd (netcat is installed by default)

nano /etc/inetd.conf

LOCALIP:443 stream tcp nowait root /bin/nc nc REMOTEIP 443

/etc/init.d/openbsd-inetd restart

Have fun!

How to keep processes running after ending ssh session

ssh into the remote machine
start tmux by typing tmux into the shell
start the process you want inside the started tmux session
leave/detach the tmux session by typing Ctrl+b and then d

Protected: Thomas zijn overdracht pagina’tje

Enable SMB in Kodi XBOX One (UWP)

Go to add-ons
My add-ons
All
Select SMB support (libsmb2)
Enable

That’s all!

Papercut: Simple Desktop SMTP Server

Sometimes you want to test a mail application without spamming the internet with your garbage. Use can user Papercut to local test your mail application.

URL: https://github.com/ChangemakerStudios/Papercut/releases

Compare 2 sql tables

A simple SQL compare is realy easy:

select * from dbtest02.dbo.article except select * from dbtest01.dbo.article

Source: https://www.mssqltips.com/sqlservertip/2779/ways-to-compare-and-find-differences-for-sql-server-tables-and-data/

Howto: Configure cloudflare for wordpress

My web hosting company don’t support subdomain SSL certificates. And because Google’s Chrome in July is required HTTPS on all websites (otherwise you get an error your website isn’t safe) I had some deadline to make my blog HTTPS. Cloudflare is a nice reverse proxy solution and the basic plan is free to use also.

So what I did was create a cloudflare account and put my website behind it. After I did that I forced the HTTPS and voila my website was HTTPS. The steps you must take.

Note: this trick will also work if you want to use cloudflare as a reverse proxy to prevent DDoS, to optimize your site security, hide your hosting party backend and make your website a lot faster. If you use a raspbery Pi for example at your home location you can put cloudflare between the visitor and your home IP and save you a lot of trouble.

If you use the wordfence plugin also be sure your PHP version is higher than 5.6. Otherwise you get some errors and conflicts (more info)
Go to cloudflare an create an account
Configure your DNS

(temporary) disable your DNSSEC at you domain if that is enabled (cloudflare cannot succesfully transfer your DNS otherwise). For me I had to create a ticket with my domain register company
Cloudflare give you 2 new name servers. Ask your domain registry company to change these DNS name servers if you can change it by yourself

After a succesfull DNS nameserver change cloudflare shows in the portal everything is ok:

Now install the wordpress cloudflare plugin
Fill in your username and API key.
You can find the Global API key in your cloudflare profile @ https://www.cloudflare.com/a/profile

Optimize your cloudflare for wordpress in the cloudflare wordpress plugin and enable HTTPS rewrites

Now edit your url in the settings >general in your wordpress

And finaly go to cloudflare and enable always uses HTTPS under crypto

Now everything is done and your website is fully HTTPS at the frontend (with automatic HTTP > HTTPS URL rewrites). Because my backend don’t have an SSL certificate all the data between cloudflare and my hosting company is still unencrypted. So this is a nasty workaround but you don’t have any problem with Chrome HTTPS problems in the near future anymore.

Ubuntu Linux cannot ping FQDN

Because this is the fifth time I fixed this issue I write a blog about it…

Microsoft uses .local as the recommended root of internal domains, and serves them via unicast dns. Linux uses .local as the root of multicast dns. If you’re stuck on a broken MS network like this, reconfigure your linux multicast DNS to use a different domain like .alocal.

To do this, add a domain-name=.alocal line to the [server] section of /etc/avahi/avahi-daemon.conf, then restart avahi-daemon: sudo service avahi-daemon restart.

[server]
domain-name=.alocal

You may need to flush the DNS, mDNS and resolver cache, as well as restart your web browsers to clear their internal cache.

Source: http://www.lowlevelmanager.com/2011/09/fix-linux-dns-issues-with-local.html

How to truncate Mirrored Database Log File

First backup your transaction logging:

Tasks > Backup
Select transactionlog backup en select a disk where to backup
Now check the status with DBCC LOGINFO(DATABASENAME)
Check if the last status record is 0 (zero)
When the status is 2 make another backup
When the status is 0 you can run: DBCC SHRINKFILE(2)

You can use this script also:
Backup LOG DBNAME TO DISK = 'C:\SQL_TMP\transactionlog.trn' WITH STATS GO DBCC LOGINFO(DBNAME) DBCC SHRINKFILE(2)