Monthly Archives: June 2018

Steps to Downgrade MongoDB on Ubuntu (for UniFi Controller)

This is an example for downgrading from MongoDB version 3.6 to version 3.4 in Ubuntu 18.04 LTS, but it can be adapted for any combination of versions.

Remove old versions. Since this was done for a compatibility issue with UniFI Controller, the first step is optional

Install MongoDB v3.4 Community Edition using the guide below. They also provide guides specific to other versions that you may need.
https://docs.mongodb.com/v3.4/tutorial/install-mongodb-on-ubuntu/

If you are doing this for UniFi Controller (optional), download latest controller package for Ubuntu
https://www.ubnt.com/download/unifi#

Install it (optional)

Fix any broken packages

 

 

Restore Default Certificate Deployment Level for RemoteApp (Windows Server 2012 R2)

This guide details how to change the certificate deployment level of a Windows Server 2012 R2 RD system from “Trusted” back to the default configuration of “Not Configured.”    The main problem is that the Windows GUI does not allow you to simply delete the trusted certificate and reset it back to the default “Not Configured” state for the deployment certificate level. Instead the GUI will only let you choose a different certificate (whether trusted or self signed). The steps below will get around this limitation and allow you to reset the deployment level.

First set of steps are to delete any existing Remote Desktop certificates and have Windows generate a new one automatically:

  1. Launch mmc.exe on the 2012 R2 server
  2. Choose File-Add/Remove Snap in
  3. Add Certificates -> choose Computer account -> then Local computer. Click OK.
  4. On left hand side browse to Remote Desktop folder -> Certificates folder
  5. Delete all certificates
  6. Launch services.msc
  7. Restart Remote Desktop Configuration service
  8. In Event Viewer – System, you should see a notification that a new self signed certificate was created
  9. Go back to mmc.exe and at the top choose Action-Refresh.
  10. Confirm new certificate is shown in Remote Desktop folder -> Certificates folder
  11. Close mmc.exe. Choose No if it prompts to save.

The next set of steps are to change the deployment level:

There is one registry key that needs to be modified:

fHasCertificate – REG_DWORD set to a value of 0

Under this same key there is also a CertificateHash – REG_BINARY that contains thumbprint of the old certificate. It can probably be deleted but I have left it in place until it causes a problem.

There is a second key at the following location

with a key titled CertExpiryTracking and under it a key with a title equal to the old certificate thumbprint with a LastPeriodLogged REG_DWORD decimal value of 15.  The entire CertExpiryTracking key can probably be deleted but I have left it in place until it causes a problem.

Now you will need to connect to the Windows Internal Database:

  1. Download and install Microsoft SQL Server Management Studio (SSMS) v17 or higher
  2. Launch SSMS
  3. Connect to internal database using this server name:
    \\.\pipe\MICROSOFT##WID\tsql\query
  4. Navigate to Databases -> RDCms -> and select rds.DeploymentSetting
  5. Right click on it then choose Edit Top 200 Rows
  6. Rename the following items:
    1. RedirectorCertificate – > RedirectorCertificate.bak
    2. PublishingCertificate -> PublishingCertificate.bak
    3. DeploymentCertificateHash -> DeploymentCertificateHash.bak
    4. WebAccessCertificate -> WebAccessCertificate.bak
  7. Close SSMS
  8. Close and reopen any Server Manager windows. Then go back and check that deployment certificate level is now showing as Not Configured.

Also if you were using a trusted certificate in IIS you may need to change the certificate for RDWeb by following these steps:

  1. Launch IIS Manager
  2. Right click Default Web Site, choose Edit Bindings
  3. Select https, click Edit
  4. Choose the appropriate SSL certificate in the dropdown list
  5. Restart IIS

Inject Drivers into a Windows 7 PE Image

One scenario – booting a system using a USB Windows PE flash drive, the same flash drive then could not be read within Windows PE. This was because the PE image had no USB 3.0 drivers. The solution was to inject USB 3.0 drivers into the standard Windows 7 PE image.

  1. Download the desired drivers
  2. Extract the folder that contains the .cat, .inf, etc. files for the drivers (e.g., files can be extracted from a .exe using 7zip). Place them in a temporary folder (C:\x64)
  3. Create a mount point folder on your local drive (e.g., C:\mount)
  4. Open elevated command prompt
  5. Get the name of the Windows PE system by pointing dism to the wim file (which could be on a portable media or your local drive). For example:
  6. Mount it. In this example the name determined from previous step was “Microsoft Windows PE (x64)”
  7. Inject the drivers:
  8. Unmount

Create a Windows 7 PE Bootable USB Flash Drive (32 bit and 64 bit)

  1. Download Windows 7 AIK ISO file
    https://www.microsoft.com/en-us/download/details.aspx?id=5753
  2. Burn the ISO or extract it to a folder (e.g., using 7zip)
  3. Run StartCD.exe
  4. Choose the “Windows AIK Setup” option
  5. When complete, navigate to Start->all programs -> Microsoft Windows AIK -> Deployment Tools Command Prompt
  6. In the Deployment Tools Command Prompt window, issue the following commands.
    Note: if needing a 32-bit version of Windows PE, replace “amd64 with “x86”
  7. Insert your flash drive
  8. Launch diskpart (Start button-> then type diskpart)
  9. Locate your flash drive with this commandlist disk
  10. Select it, format it and make it bootable (in this case the flash drive was disk 1) using these commands:
  11. Determine what drive letter has been assigned to your flash drive
  12. The last step is to copy files to flash drive (in this case drive letter of the flash drive was F:
  13. If you want to create an ISO to use later: