Category Archives: Development

Get Secretserver secret

Since we are using SecretServer as our credential store it is of great help to be able to get credentials directly from powershell. This is a small function that connects to secretserver webservices and retrieve a secret based on secred ID. The function will connect to the webservice as the signedin user or by a supplied credential or lastly by a predefined stored credential. To use stored credential I’am using functions from https://github.com/cunninghamp/PowerShell-Stored-Credentials .

Usually you would use the PS credential object directly. To get the password as text you could use it from the PSobject referring to the get networkcredential().


$cred=get-secretid -secretID 2007
$password_As_text=$cred.GetNetworkCredential().Password

Or if you need the password in clear text, displayed on screen, you could specify that as a an argument.

The function is made for my usage, so there is definitive roomfor improvement .


function Get-SecretID
{
param(
[parameter(ValueFromPipeline=$True)]
[int] $secretID,
[pscredential]$sscred,
[switch]$Cleartext
)

$where = 'https://secretserverdnsname/secretserver/winauthwebservices/sswinauthwebservice.asmx'

if($sscred -ne $null){
    $ws = New-WebServiceProxy -uri $where -Credential $sscred
}else{

  try{
    $ws = New-WebServiceProxy -uri $where -UseDefaultCredential -ErrorAction SilentlyContinue
    if($ws -eq $null){
      if (!(Test-Path Variable:\ssuser)){
        throw {
          Write-Host "No secretserver user specified or variable 'ssuser' defined.`nThis is to be used by 'get-storedcredential'"
        }
      }
        $credacc=Get-StoredCredential -UserName $ssuser
        $ws = New-WebServiceProxy -uri $where -Credential $credacc -ErrorAction SilentlyContinue
        if($ws -eq $null){throw{Write-host "Unable to connect to SecretServer"}}
    }
  }
  catch{

  }
}

$wsResult = $ws.GetSecret($secretId, $false, $null)
if($wsresult.errors -ne $null){
  $Cred=New-Object PSObject
  $Cred | add-member -NotePropertyName "Username" -NotePropertyValue $wsresult.errors
  $Cred | Add-Member -NotePropertyName "Password" -NotePropertyValue $wsresult.errors
 
  return $Cred
} else {
 
$u=$wsResult.Secret.Items[1].value.ToString()
$ep = ConvertTo-SecureString $wsResult.Secret.Items[2].value.ToString() -AsPlainText -Force
[pscredential]$Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $u,$ep
if($Cleartext){
  [psobject]$Cred=New-Object PSObject
    $Cred | add-member -NotePropertyName "Username" -NotePropertyValue $u
    $Cred | Add-Member -NotePropertyName "Password" -NotePropertyValue $wsResult.Secret.Items[2].value.ToString()
    $Cred | Add-Member -NotePropertyName "Domain" -NotePropertyValue $wsResult.Secret.Items[0].value.ToString()
  }
return $Cred
}
}

Use powershell to get external IP address

How can you get your external IP address from powershell? I use a simple script to query an external public web service. The service I’m using is hosted by ipinfo.io . I have created a small function that is placed in my powershell library. All my modules are loaded by using powershell profiles.

This simple function uses rest. Usage is simple : get-mypublicip . Could easily be uses in script (get-mypublicip).ip .


function get-mypublicip{
    Write-Verbose "Resolving external IP"
    try {
        $ipaddr = Invoke-RestMethod http://ipinfo.io/json #| Select-Object -ExpandProperty ip
        }
    catch {
        throw "Can't get external IP Address. Quitting."
        }
    if ($ipaddr -eq $null) { throw "Can't get external IP Address. Quitting." }
    Write-Verbose "External IP is $ipaddr"
    return $ipaddr
}

Make sure you have the correct CSP for Your CA

Got some weird errors on our new Skype for Business server install. After a straight forward install users was unable to login from external and some issues regarding conferences. Skype services seemed to start but ended up running with unknown details when get-windowsservices. Also we had one error in the eventviewer on frontende server.

The most important clue was : CA_Failure: InternalError . So this pointed towards a certificate error. What could be wrong with the CA server (A windows server 2016 Enterprise Root CA).

This was the first time I have seen a ECDSA CSP used. Next was to verify S4B requirements. https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/environmental-requirement

  • Encryption key lengths of 1024, 2048, and 4096 are supported. Key lengths of 2048 and greater are recommended.
  • The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521 algorithms are also supported.

Once again check CA configuration:

This CA was installed with the ECDSA_P256 CSP, We did not have the option to reinstall/migrate the CA to a supported version, so our workaround was to install a new standalone CA using RSA256 CSP and use this CA to issue certificates for Edge server internal and frontend certificate. (We published the new CA public key to clients using GPO).

After we assigned the new certificates and rebooted it all seems to work OK. The new certs are now RSA256

msRTCSIP-GroupingID editor.

This is my msRTCSIP-GroupingID editor. I use it to segregate addresslists in Lync solutions. It takes a commaseparated text file containing Company name and GUID for the addresslist assigned to this Company (filename : groupingids.txt) sample:

Name,Value
CompanyA,00000000-0000-0000-0000-000000000010
CompanyB,00000000-0000-0000-0000-000000000011
CompanyC,00000000-0000-0000-0000-000000000012

I have placed this file on the Lync share for my own convenience. Powershell script Groupingeditor.ps1 loads these values to a listbox. It let you search for users and then apply the groupingID to the selected users.

Next Version will contain possibillities to select entire OU’s and list users┬ácontaining a spesific GroupingID.

GROUPINGEDITOR

groupingids.txt (153B)

groupingeditor.ps1 (4.7KB)

Group Manager in Exchange 2010-2013 are unable to manage group membership.

There was a change in RBAC. Group managers are not able to add or remove members of a distribution Group even if it seems so in the Exchange Management Console.

The only options in ECP was to give them the additional permission to great and remove groups. You can create a new role that will enable this permission again. Thanks to Matthew Byrd at Microsoft who has created a Powershell script that does this for us.

http://blogs.technet.com/b/exchange/archive/2009/11/18/how-to-manage-groups-that-i-already-own-in-exchange-2010.aspx

Install Windows Phone 7 SDK on windows 2008 R2

Aaron Stebner’s WebLog shows us how to install Windows Phone 7 SDK on Windows 2008 R2.

http://blogs.msdn.com/b/astebner/archive/2010/05/02/10005980.aspx

  1. Download the Windows Phone Developer Tools web bootstrapper and save it to your hard drive
  2. Extract the contents of the setup package by running vm_web.exe /x and choosing a path to extract to
  3. Go to the folder you extracted to in step 2 and open the file baseline.dat in notepad
  4. Look for the section named [gencomp7788]

    Note – you have to change this exact section – this is the one that controls the OS version blocking behavior in Windows Phone Developer Tools setup.

  5. Change the value InstallOnLHS from 1 to 0
  6. Change the value InstallOnWin7Server from 1 to 0
  7. Save and close baseline.dat
  8. Run setup.exe /web from the folder you extracted to in step 2

Updated: This also works for WP7.1 sdk Laughing