Showing posts with label Windows 10. Show all posts
Showing posts with label Windows 10. Show all posts

Saturday, October 08, 2016

Azure VPN Client: A certificate chain processed, but terminated in a root certificate Issue after Windows 10 Upgrade

Symptom,

I have upgraded my Windows OS to Windows 10 Anniversary edition recently and right after doing that I started to get the following error when connecting to the VPN. I have downloaded the same VPN client.

 A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

 Yes, we know your certs were going fine until a moment ago and I am not sure why I get myself in to this situation, but you should be able to fix this in a matter of 1/2 hr or less.

Fix or Workaround

I was able to get around this issue by simply re-generating the root certificate and then generating a client certificate. Then exporting the full public and private key pair files to Azure portal for your private network.

 After you do so you can have the portal re-gen the VPN client software, then you can download and install.

 You can follow the Self Signed Certificate Steps on the Azure web site to generate the Root and also Client certificates.

 Some Point to Note: You will have to deal with two and half certificates:

 1. The Root certificate.
1.5 The public part of the root certificate, which you will upload to Azure. Actually you can paste the hex number part of the cert directly in to the Azure console.
2. The Client certificate that you derive from the root certificate. This does not get uploaded to Azure but this has to be given to each user, if needed generate one per user if you are sensitive to revoking people individually (i.e., off-boarding an employee).

Do Not Go Down These Paths


  • There is no need to discard the original certificate pair you have uploaded. You can simply upload your new certificate. This may break other VPN users who are relying on current certificates. Both certificates are good.
  • More importantly, there is no need to re-do the private network.
  • You can use both Classic and Resource Manager model, so use the model that you are familiar with. It is all about uploading the proper certificates.
  • Do not do "extract the cert using RAR" stuff. The self-signed root certificates are just not right for your situation so extracting and manually installing them won't do a jack.


Posted by at No comments:
Labels: , , , ,

Saturday, August 13, 2016

You Should Be Using PowerShell, Here are the Bare Minimums

I see most people avoiding PowerShell. I say if you just learn a few essential usage, it is a much easier environment to use, especially switching between MacOS and Windows.

Launching

Go to the start menu and type in powershell. If you frequent your Windows environment, I would "pin" this to Start or the Taskbar, and also start avoiding Cmd.

Some Basic Coolness

If you are going back and forth between IOS and Windows, it would be a bit more comfortable to use the PowerShell as it comes "out of the box" without the need for installing the "bash" shell and many of the Unix like commands are supported as "alias".

  • Like on the Unix shell you no longer have to type in /Users/myname/<wheatever> instead you'd be like in the familiar Unix environment like..
  • .
    • cd ~  works auend gret ysou tyoo /ura/<ccount>
    • cd ~/Downloads works!
    • cd~/Desktop works
    • ls works (this is an alias so cannot go too fancy like ls -lR)
    • From there if you do "open ." then you can open the Explorer at that directory.
  • You can now Ctrl-C and Ctrl-V if you just enable them. Right click the title bar of the PowerShell window for the Properties. Then open the Options menu and look for "Enable Ctrl key shortcuts." This was added in Windows 8

Some Peculiar Stuff

  • If you want to see environment variables, use "printenv"
  • One issue with environment variable. For example, let's say you want to use $JAVA_HOME as in MacOS, then you need to do $env:JAVA_HOME   I don't really like this, but so there

The Basic Idea

Like most anything, understanding the architecture and the basic philosophy of the design is the key to understanding whatever you are running into.

In terms of PowerShell, they tried to standardize basically on the REST type API Call style. So this is why they have commands like Get-This or Set-That.  So if you master those, then you can chain them together like you do with Unix pipes with a much more consistent "schema" they set up. 

The "help" is quite extensive and comprehensive as a result, so if you type in just about any phrase you think about, as "help something", it is a good way to move forward with more stuff.





Posted by at No comments:
Labels: , ,

Thursday, April 30, 2015

Windows 10 Lost Ability to RDP Into the System

Symptom:


You upgraded to Windows 10 and now you cannot RDP to the system at your home network. (I do this a lot because I use Mac at home and RDP to my laptop which is Surface 3).

One of the Root Causes

In my situation, all of my WiFi connection went to Public which automatically turned off just about any incoming traffic to it from the Windows Firewall. This is a good feature. Do not turn that off.

To Make Your WiFi Network to Private

This, I guarantee you will take some time as there has been a big change.

  1. On your desktop, click the New Notifications icon on the task bar. That' far right and looks like a Messaging icon.
  2. Right click over WiFi and "Go to Settings."
  3. This is where you will be lost, especially if you have many spots.
  4. On the list of WiFi access points scroll all the way down.
  5. Click HomeGroup
  6. If your system is like mine, you will get a chance to enable the HomeGroup on the network you are on.




Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)