Windows Admin Center and WinRM

Got an interesting experience with recent version of Microsoft’s Windows Admin Center… I should not be surprised by such things, but still – what developers thinking??? Or, maybe not developers, but release manager? (If they have one for this product, don’t know).

Current version – 1910 – got new option during MSI install to “Use WinRM over HTTPS only”.

“Great!” – I thought, “Let’s try this out!”.

Well, it worked with some servers where I have spent some time actually setting up WinRM with certificate (Hyper-V machines), which actually takes time and effort. But I didn’t do this on all servers in that small network I was working on, not really needed, didn’t have much time to script it and won’t have much time to maintain it in the future…

That’s what I realized after half-hour trying to connect WMC to these servers where WinRM with HTTPS was not configured and getting completely bogus errors, like “we cannot verify if machine exist” or “your credentials did not work”.

Ok, good, knowing the cause of issue, now it should be easy to fix, right? After all, this is WMC setting and should be somewhere in config pages! Right? Wrong. No such thing. Ok, fine, could be an advanced option, documented somewhere… Right? Wrong. Nowhere is mentioned how to change this back to HTTP. I found couple of references where the work on this option was discussed and announcement that it was released in 1910.

But this is beyond my understanding why there is no way to flip this option post install, or even documentation on how this can be done!

Anyway, couple of quick registry searches and here we have it. If this option was selected during install, the following will return 1:

(Get-ItemProperty -path "hklm:\SOFTWARE\Microsoft\ServerManagementGateway" -name WinRMHTTPS).WinRMHTTPS

And to change this back to 0 also easy from admin PowersShell prompt:

Set-ItemProperty -path "hklm:\SOFTWARE\Microsoft\ServerManagementGateway" -name WinRMHTTPS -value 0
Restart-Service -Name ServerManagementGateway

Hopefully, this will be added in Windows Command Center options in future version.

Some old Windows batch file tricks

Some very old snippets I used while writing batch files to simplify work.

Parsing date to variables:

rem get name of the day of the week
for /f "tokens=1-4 delims=/ " %%a in ("%date%") do (
Set _wd=%%a
Set _dd=%%c
Set _mm=%%b
Set _yyyy=%%d
Set _dt=%_yyyy%-%_mm%%_dd%

Checking which drive specific volume label is mounted on:

echo Checking drives...
for %%a in (d e f g h i j k l m n o p q r s t u v w x y z) do (
echo %%a:
Set _i=%%a
if exist %%a: vol %%a: | find /i "is IPOD" >nul
if not errorlevel 1 goto :ok

Creating sequential file backups – log rollover

if not exist "%~1" goto :eof
Set $i=
if exist "%~1.bak%$i%" (
Set /A $i+=1
goto :cycle
rem call :out Making backup to: %~1.bak%$i%
echo Making backup to: %~1.bak%$i%
ren "%~1" "%~nx1.bak%$i%"
goto :eof

Writing output to file log and console at the same time:

rem changed logic to fix no-log case
if "%_log%"=="" Set _log=nul
if "%*"=="." (
echo. >>"%_log%"
goto :eof
echo %*
echo %* >>"%_log%"
goto :eof


Transaction tracing in complex multi-tier applications

Interesting, it might be worth to do a small wright up on this, but the technique for tracing requests across multiple systems was available for quite some time and is used in various places. But AWS just implemented this on their load balancers only recently: Elastic Load Balancing support for request tracing
This should help in diagnosing various issues with application performance…

Open Source… wars?

Ok, its been a while since I posted here, but this is not the reason not to post again… and again 🙂
Many post to social networks, but I don’t think that good technical discussion belongs there.

Anyway. Want to touch on hot topic recently – wars in some open source projects. Don’t really want to get on either side of those (that is not that simple), but examples concern me a lot:

  1. Bacula backup vs Bareos – who stole what?
  2. pfSense protecting their trademark by requiring written agreement to get access to their build tools

Both projects are flagships in their respective areas (backup and firewalls), both trying to get more from commercial operations – maybe that’s the problem?

Contributor took our code and forked it? So what? Wasn’t it open source? Oh, you had some contributions, which were not open source? Because you want to make more money from commercial product? Yes, I understand, but people, who supported this project for a long time want those improvements too and there was nothing released for “community edition” for quite some time. It sad. Reading posts by the owner of Bacula just gives a feeling of someone desperately trying to save the face.

pfSense firewall trying to protect its own trademark? Maybe, but asking to remove community-supplied build, which many were asking for (which added Hyper-V drivers) and then trying to justify letters from lawyers  – looks silly and just shows that intent to get code away from community is there.

I do not have anything against making money on open source projects… but I feel that the community should have higher priority than profits. Maybe non-profit is better way to go, but that’s not what people, owning such projects really want – they want to make more money… and maybe sell off to some big corp later – to win a fortune.

Its possible I am wrong. But the above is the result of reading news and discussions.


SSL Browser Root Ubiquity – is it real?

I haven’t posted in a while, so this is a good post to revive this blog.

Just run across a post onVeriSign’s (now Symantec) blog.This is former Tim Callan’s SSL blog, was quite interesting to follow. However, Tim Callan left Symantec recently, so different people now write posts for it.

Regardless… Here is the post in question:  The SSL Blog – Online Security

First, I wanted to post a comment to that entry, but I couldn’t – blog engine told me that:

Your comment submission failed for the following reasons:
Text entered was wrong. Try again.

Doubt this is AI 🙂 just comments are broken in such funky way, so here is my response:

  1. You can’t say “more than 1 in 10 visitors to this site were being shown a message” based on “IE6 which still enjoys nearly 11% of worldwide browser market share” – you do not know what is the share of IE6 users on the site in question, it very well could be 0%.
  2. Going forward, new CAs will rise and they won’t have their new roots in old browsers – because there is no time machine to go back and put them in.
    This does not make those new CAs less trusted than the old ones.

I guess, Symantec does not like competition and uses every opportunity to poke at rivals.

Hacked back by

I’ve blogged 3 days ago about blog being hacked and rogue post appearing in the feed.

The post contained screenshot from my Google Reader page showing that rogue post.

Today I find this screenshot missing on my blog:

Missing screenshot

I do have a backup of the original screenshot, of course. But the the question is why it is missing?
Did WordPress delete it? Do not know, I’ve sent email to support and will post if I receive reply!