simpleSAMLphp on IIS from scratch (with AD FS)

With this article, I want to go through each step of the configuration to install simpleSAMLphp on IIS from scratch (with AD FS): this will work for multiple SPs!

This will allow you to set up single sign on on all your web applications, directing the users to login with your identity provider (AD FS for this guide).

The steps will be showing you how to deploy simpleSAMLphp in IIS and also how to link it to an existing AD FS environment, which will be used as the IdP.

Also, with this guide, you’ll be able to deploy multiple web applications on the same web server that will be able to leverage a single simpleSAMLphp installation.

(more…)

Read More

iDRAC 6: Drive Error Either Virtual Media is detached

I was working on one of these old iDRACs and once I added a new ISO, I was not able to mount it because of the error below.

iDRAC 6: Drive Error Either Virtual Media is detached or Virtual Media redirection for the selected virtual disk drive is already in use.

In order to fix this issue, connect to iDRAC with an admin account and go to System > Console/Media, then on Configuration.

idrac6-system-console_media-configuration

Under “Virtual Media” change it to Attach (or Auto Attach if you like).

idrac6-system-console_media-configuration_attach

Apply the changes and you’re good to go!

Read More

The user does not have RSoP data

This is an error you get back from running GPRESULT /R and it happens because the user you’re running this command with isn’t logged on the system.
For instance you want to check the policies applied to your computer but you’re not logged on with your administrator account. So you would run a command line prompt as a different user and then run gpresult /r or gpresult /r /scope computer getting stuck at The user does not have RSoP data.

gpresult-the-user-does-not-have-rsop-dataIn order to avoid this warning, you can run the following:

Where itdroplets\myuser is the user account that is logged on that workstation at the minute.

If you’re running this with PSEXEC (remotely) and you don’t know who’s logged on, run the following (with your admin account):

Where PC01 is the target computer. Note that this command might fail if ran it as above but it won’t if you run it with psexec like this:

 

Read More

iDRAC – Remote keyboard not working

There was an issue whilst trying to install a new VMware ESXi host on a DELL PowerEdge R630 remotely (from iDRAC): The remote keyboard was not working from iDrac after booting into the ESXi installation but it did work correctly in the BIOS.
Basically the installation was waiting for somebody to press Enter to continue which didn’t work.

esxi-installation-enter-continue

A few steps were tried to resolve the issue but in this specific case the problem was finally solved once USB 3.0 was disabled from the Bios! Specifically to this server’s bios version it’s in System Bios > Integrated devices > USB 3.0 Settings > Disabled.

poweredger630-bios-disable-usb-3-0

The other options that were tried with no luck were:

  • Upgraded all devices’ firmware to the latest versions.
  • Get in the BIOS>integrated device, disable the Memory Mapped I/O above 4GB option [This was suggested by DELL Support].
  • Checked iDRAC’s session options to Pass all keystrokes to server.
    • idrac-session-options-pass-all-keystrokes-to-server
  • Changed from Java to HTML5 in the iDRAC console settings.

Read More

Run an MSI with PSExec

Run an MSI with PSExec remotely is very simple, but most of the times people forget that we need to launc msiexec.exe in order to actually run the .msi.
In order to remotely run an MSI with PSExec, located in a share, you would need to run the following command:

So in the example above we have the following:

  • \\TargetComputer is obviously the remote machine where you want the MSI to run on.
  • -d can be avoided, but I like it as it won’t need to wait for the process to finish to keep using my cmd session. As per psexec’s help: Don’t wait for process to terminate (non-interactive).
  • -s: Run the remote process in the System account.
  • Cmd /c “command in quotes” will run a command prompt on the remote machine that will execute what’s contained in quotes “”.
  • msiexec.exe /I “\\Share\repository\mymsi.msi” /quiet /norestart will run the MSI. It first calls msiexec to run the MSI with /I option (normal installation). It then needs the package name (full path to the file in the share), this one is also in quotes in case it has spaces. /Quiet and /norestart are MSI dependent and it depends if the MSI has got these options or not.

If you have an MSI with no switches required and you want to wait for the process to terminate, run this:

Practical example (Install LAPS x64 remotely)

Let’s say you want to install LAPS on LAPSSRV01 and the application (MSI) is located here:
\\lapsdc01\LAPS_REPOSITORY$\LAPS.x64.msi

You will need to run the following:

Run an MSI with PSExec

This will install LAPS x64 on the target machine.

Read More