Posts

Set Windows UI Language with Powershell

-
 Using En-GB as an example installLanguage en-GB -CopyToSettings set-systempreferredUILanguage en-GB set-WinUILanguageOverride -Language en-GB
Post a Comment
Read more

Bulk pushing to Azure DevOps

-
We recently needed to push multiple git respositories from one Azure DevOps instance to another. Unfortunately DevOps doesn't provide a native way of doing this so scripting required. This presumes you've already pulled all the repositories to your local machine. See  Cloning all repositories from Azure DevOps using Azure CLI - Simon Wahlin  for a script to do this.
Post a Comment
Read more

Azure Virtual Desktop with pure Azure AD and Intune built with Terraform

-
First post in a long time... Too much management and not enough geeking, so on with the joys of building Azure Virtual Desktop in a completely Azure AD setup. First thing to be said is that the Microsoft documentation on all of this sucks. Badly.This post comes from pulling together bits from there, about a dozen different blog posts and bug reports in github. Yes, that painful for what is actually very simple code. I won't bother with a fully working piece of Terraform as if you're reading this you probably already know Terraform and AzureRM enough to not need an example of creating a VNet. On with the show... The Workspace resource "azurerm_virtual_desktop_workspace" "workspace" {   name                 = var . workspace   resource_group_name = azurerm_resource_group . resourcegroup . name   location             = azurerm_resource_group . resourcegroup . location   friendly_name       = " ${ var . prefix } Workspace"   description  
1 comment
Read more

Avoid Microsoft Intune if you use G-Suite and Android

-
Like me, you might have considered Intune to be your one stop MDM solution if you're an Office/Microsoft 365 user. On the whole it is pretty good, but it's got one massive failing: It doesn't support Google accounts on Android Work Profiles. You might think that if you're a Microsoft shop it's not a big deal, but there two major reasons why you might want to use Google alongside Azure Active Directory: SSO. Many companies charge extra for SSO with Azure but include it for free with Google, e.g. Slack and Atlassian. Chrome. Let's face it, everyone uses Chrome rather than Edge so signing in with a Google account to sync your favourites is pretty handy. Managing this setup in an organisation is pretty easy. Sign up for G-Suite account, sync all your users from Azure AD, configure G-Suite to use AAD for authentication and you're done. Enterprise managed Google accounts for everyone at zero cost if you don't actually need G-Suite. Given the abo
3 comments
Read more

Azure Load Balancer health probes and the four way handshake

-
It's always the fun little things that cause you pain. We've got an Azure Load Balancer running over a RabbitMQ cluster with a health probe set to check port 5672 every 60 seconds. The RabbitMQ logs were filling up "handshake_timeout" errors every 60 seconds. Very odd. Time for a packet capture where we find the following 1. Load balancer SYN 2. RabbitMQ ACK 3. Load Balancer ACK 4. 10 seconds later RabbitMQ RST 5. Another 50 seconds later Load Balancer FIN Eh? Azure load balancer documentation declares that it does a four way handshake to terminate a probe. What it fails to tell you is that the FIN isn't sent until the start of the next probe. This leads to RabbitMQ sitting there waiting for data, not getting any in its default 10 second handshake period, terminating the connection and logging it as an error. So the horrible workaround/compromise was to set the handshake_timeout config in RabbitMQ to 30 seconds and the load balancer interval to
1 comment
Read more

Setup a Logstash server on Ubuntu

-
Pretty self explanatory and mainly for my own benefit, but easier to follow than the Elastic documentation.
Post a Comment
Read more

How to setup certificates in Apache

-
Brief notes on setting up certificates in Apache. More a personal note than a blog post :) sudo mkdir /etc/apache2/ssl sudo mkdir /etc/apache2/ssl/private sudo chmod 755 /etc/apache2/ssl sudo chmod 710 /etc/apache2/ssl/private sudo chown -R root:root /etc/apache2/ssl/ sudo chown -R root:ssl-cert /etc/apache2/ssl/private/ Copy cert to /etc/apache2/ssl Copy key to /etc/apache2/ssl/private sudo chmod 644 /etc/apache2/ssl/*.crt sudo -s sudo chmod 640 /etc/apache2/ssl/private/*.key exit sudo a2enmod ssl Edit config files sudo nano /etc/apache/sites-available/000-default.conf DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt sudo a2ensite 000-default apachectl configtest sudo systemctl restart apache2.service
Post a Comment
Read more

Popular posts from this blog

Avoid Microsoft Intune if you use G-Suite and Android

-
Like me, you might have considered Intune to be your one stop MDM solution if you're an Office/Microsoft 365 user. On the whole it is pretty good, but it's got one massive failing: It doesn't support Google accounts on Android Work Profiles. You might think that if you're a Microsoft shop it's not a big deal, but there two major reasons why you might want to use Google alongside Azure Active Directory: SSO. Many companies charge extra for SSO with Azure but include it for free with Google, e.g. Slack and Atlassian. Chrome. Let's face it, everyone uses Chrome rather than Edge so signing in with a Google account to sync your favourites is pretty handy. Managing this setup in an organisation is pretty easy. Sign up for G-Suite account, sync all your users from Azure AD, configure G-Suite to use AAD for authentication and you're done. Enterprise managed Google accounts for everyone at zero cost if you don't actually need G-Suite. Given the abo
Read more

DFS "Waiting for Initial Replication"

-
Taken directly from  Technet Forum  post by  scorprio_milo . Pop along and give them an up vote! You may encounter the error message "waiting for initial replication" when no primary member is currently specified on the DFS Replication. This DFS member is waiting for initial replication for replicated share folder Public and is not currently participating in replication. This delay can occur because the member is waiting for the DFS Replication service to retrieve replication settings from Active Directory. After the member detects that it is part of replication group, the member will begin initial replication.  Besides, there is also possiblity that DFS servers cannot contact domain controller which could result in the issue. 1. Please first verify that all the target folder of Public folder is enabled.   2. Please use Dfsradmin to set the primary member in the situation where there is an existing replication group that is waiting for initial replication and no primary
Read more

Setting Wallpaper for a Remote Desktop Session

-
Ah, the fun I had trawling around trying to find out how to set the wallpaper on a remote desktop session! The (seemingly) most obvious answer was changing the Wallpaper setting under Desktop in a GPO, but no. That setting explicitly states that it doesn't apply to RDP sessions, so back to the registry we go... I'm presuming here that we want these settings to apply to all the computers within a specific OU rather than to individual users. Create a new GPO "Wallpaper" Navigate to Computer Config/Policies/Admin Templates/System/Group Policy Set "Configure user Group Policy loopback processing mode" to Enabled with Mode as "Merge" Navigate to Computer Config/Policies/Admin Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment Set "Always show desktop on connection" to Enabled Set "Enforce Removal of Remote Desktop Wallpaper" to Disabled Navigate to Computer Con
Read more