Server has lost contact with failover partner server

If you see multiple events with ID 20255 “Server has lost contact with failover partner server“, this article may be able to help you.
I’ll concentrate on the actual network settings, specificially MTU settings.

Usually, when you see multiple events per minute stating that the Server has lost contact with failover partner server, followed by Server has established contact with failover partner server, the culprit is the MTU setting.

First of all, on both DHCP servers, make sure the network card’s MTU is set to 1500. You can do that by running the following command:

As you can see, the interface’s MTU in the screenshot is already set to 1500. In case yours isn’t, you can adjust it by running the following (where 12 is the Idx of your network card which you retrived earlier with netsh interface ipv4 show interfaces):

If the DHCP servers are virtualized, then make sure the virtual Switch’s MTU is also set to 1500. Here’s how it looks in the vSphere (HTML5)’s interface.

What if the DHCP servers are running on two separated hypervisors (as they should be..) and you’re still facing the same issue? It most likely is an issue related to the underlying network, so you may want your Network admin to check that, however you can still run a couple of tests.
First of all, try running a ping with 1500 bytes, in Windows you can do this with the option -l:

Try to ping from dhcp01 to dhcp02 and vice versa. Once I noticed that was that I was able to ping the DHCP servers with >1500bytes from a different network, but not within the same network and the DHCP servers weren’t able to ping each other with more than 1450ish bytes.

You can also test directly at the ESXi level with:

The other thing you can try, if these are virtualized servers, is to migrate them under the same hypervisor just to check it out and exclude an issue with the virtual network configuration.

Read More

Get SEMS/GoodWe data with Powershell

Get SEMS/GoodWe data with Powershell: GoodWe has transferred everything over to the SEMS Portal, which finally comes with an API! In this article we’ll see how to grab data directly from SEMS’ API.

This is basically an update to Get GoodWe data with Powershell which is no longer working for some users (mainly people with a brand new Inverter that was never registered with the old portal).

Let me start by saying that even though there’s finally an API, with some documentation (in Chinese as far as I could find it), it’s still a bit messy, I noticed that this works with different URLs, but I tried to stick to what I normally use to login to the portal (https://www.semsportal.com).

The API works based on tokens, which means it requires two web requests, one to authenticate and grab the token data and another one to grab the actual output we’re after. It’s fairly simple and I’ll go through what I think it’s most important.

At the time of testing (20190613) the Inverter was pushing data to the SEMS Portal every 2.5 minutes circa, which it’s better than the old version of the script that could only see data every 5 minutes. It takes about 30 seconds to see the data: what I mean is, if it’s 9:00:00AM next refresh will occur at around 9:02:30AM, but the portal will have this data processed by around 9:03:00AM (sometimes earlier). An example for the last 4 entries I tried:

  • 06/13/2019 14:08:58
  • 06/13/2019 14:11:28
  • 06/13/2019 14:13:59
  • 06/13/2019 14:16:29

This is a basic script, please implement some error handling! (more…)

Read More

Enable Multi-Factor Authentication on RDP with DUO for free

This article will show you how to Enable Multi-Factor Authentication on RDP with DUO, for free. This doesn’t apply only to RDP, in fact you can secure many other applications with DUO.
Based on DUO’s current pricing (20190523), this is free for the first 10 users. Here, you can have a look at the pricing section.

  • First of all, register for free on https://duo.com. The registration will also let you download and setup the DUO Mobile application on your mobile which will be used for accessing the DUO Admin panel. The same app/setup can be used to setup the first user of the application you want to protect.
  • In order to protect RDP with MFA, DUO has a pretty good and simple documentation which can be found here, you can also keep reading this post as I’ll go through the steps.

(more…)

Read More

Change a folder icon with Powershell

In this post we’ll see how to change a folder icon with Powershell, this method will work on shared folders too, as long as the filesystem of the shared network folder allows it.

The script is very simple, but first I want to go through it with an example, you can scroll down to the end of this article to checkout the script.

Let’s have a look at the difference between a local folder’s properties and a shared network folder’s properties.

A trick to allow us to change icon on a shared network folder, would be to move it on the desktop, change the icon and move it back. Totally ugly and useless if you have a large folder or multiple folders to customize.

If you change the icon of a local folder, you’ll notice that a Desktop.ini hidden file is created. When you copy that file to another folder though, nothing happens. The reason is because the folder attributes must be changed as well in order for Windows to read the Desktop.ini file.

Let’s work with an example and go through it. Say we have Folder1 and Folder2 in our local environment.

  • We change the icon for Folder1 manually.
  • This is how Folder1 and Folder2 will look like now.
  • Under \Folder1, there’ll be a desktop.ini file as well. Remember that it’s hidden. Let’s check its content out:
  • Let’s change the icon for Folder2, using the same desktop.ini file. You can just copy it from Folder1 and paste it in Folder2. Once done you’ll see that nothing happens as already explained above.
  • Let’s compare the attributes of both Folder1 and Folder2 and see what’s the difference.
    • (Get-Item “C:\Users\itdroplets\Desktop\tmp\Folder1“).attributes
    • (Get-Item “C:\Users\itdroplets\Desktop\tmp\Folder2“).attributes

By going through the above, we’ve identified the reason why the folder, even with a Desktop.ini file, isn’t changing its icon. We need to set its attributes to ReadOnly, Directory.

Right after running the above command, you’ll see Folder2 changing icon almost instantly.

The Script

I don’t like having files laying around in my script directories, unless I really have to. So, the script below is a quick way to get the icon changed, without needing to copy any Desktop.ini file. Instead, we’ll just create it based on a static content ($DesktopIni).

 

Read More

simpleSAMLphp on IIS from scratch (with AD FS)

With this article, I want to go through each step of the configuration to install simpleSAMLphp on IIS from scratch (with AD FS): this will work for multiple SPs!

This will allow you to set up single sign on on all your web applications, directing the users to login with your identity provider (AD FS for this guide).

The steps will be showing you how to deploy simpleSAMLphp in IIS and also how to link it to an existing AD FS environment, which will be used as the IdP.

Also, with this guide, you’ll be able to deploy multiple web applications on the same web server that will be able to leverage a single simpleSAMLphp installation.

(more…)

Read More