 © Rakhesh Sasidharan
|
Posted: June 23rd, 2018 | Category: TV | § Stuff I saw this weekend. :)
Safe
Created by author Harlan Cobden (whose books I haven’t read) and starring Michael C Hall of Dexter fame (ooh loved that!). Not a murder mystery, rather a “girl runs away from home, now why did she do that mystery” meets “father searching for his presumed missing daughter and won’t stop at anything until he finds her thriller”. It was fine. Not amazing or anything but not bad either. The finale was a bit rushed and didn’t explain some of the plot points (esp. who ransacked the Chahal family house) and the explain was a bit stretched as to the sequence of events that led to the girl running away – but well, worth a watch. Beware of all the red herrings though! Too many of them, and it’s irritating.
Ready Player One
Based on the book (which I didn’t enjoy). Good movie. Again, nothing too great (coz I am not into gaming I guess) but a fun watch and one of the better movies I have seen recently. Keeps you hooked and all the special effects and stuff is amazing.
Ordeal by Innocence
Based on the Agatha Christie book (which I haven’t read, but will do now) and starring Bil Nighy, Matthew Goode etc. – a nice old fashioned murder mystery, set in an England of old. I am curious how the book is coz this seems to be a very complicated book and it’s commendable that it got adapted for the screen, so I wonder how the original material was. This was the last show I saw this weekend and it was a pleasure.
Just so I don’t forget.
The SCOM Agent on a server is called “Microsoft Monitoring Agent”. The short service name is “HealthService” and is set to run as Local System (NT Authority\System). Although not used by default, this service also has a virtual account created automatically by Windows called “NT SERVICE\HealthService” (this was a change introduced in Server 2008).
As a refresher to myself and any others – this is a virtual account. – i.e. a local account managed by Windows and one which we don’t have much control over (like change the password etc). All services, even though they may be set to run under Local System can also run in a restricted mode under an automatically created virtual account “NT Service\<ServiceName>”. As with Local System, when a service running under such an account accesses a remote system it does so using the credentials of the machine it is running on – i.e. “<DomainName>\<ComputerName>$“.
Since these virtual accounts correspond to a service, and each virtual account has a unique SID, such virtual accounts are also called service SIDs.
Although all services have a virtual account, it is not used by default. To see whether a virtual account is used or not one can use the sc qsidtype command. This queries the type of the SID of the virtual account.
|
|
C:\>sc qsidtype HealthService [SC] QueryServiceConfig2 SUCCESS SERVICE_NAME: HealthService SERVICE_SID_TYPE: NONE |
A type of NONE as in the above case means this virtual account is not used by the service. If we want a service to use its virtual account we must change this type to “Unrestricted” (or one could set it to “Restricted” too which creates a “write restricted” token – see this and this post to understand what that means).
The sc sidtype command can be used to change this.
|
|
C:\Windows\system32>sc sidtype HealthService unrestricted [SC] ChangeServiceConfig2 SUCCESS |
A service SID is of the form S-1-5-80-{SHA1 hash of short service name}. You can find this via the sc showsid command too:
|
|
C:\>sc showsid HealthService NAME: HealthService SERVICE SID: S-1-5-80-3696737894-3623014651-202832235-645492566-13622391 STATUS: Active |
Note the status “Active”? That’s because I ran the above command after changing the SID type to “Unrestricted”. Before that, when the service SID wasn’t being used, the status was “Inactive”.
—
So why am I reading about service SIDs now? :) It’s because I am playing with SCOM and as part of adding one of our SQL servers to it for monitoring I started getting alerts like these:
|
|
Cannot connect to database 'model' Error Number: -2147467259 Description: [Microsoft][SQL Server Native Client 11.0][SQL Server]The server principal "NT AUTHORITY\SYSTEM" is not able to access the database "model" under the current security context. Instance: MSSQLSERVER |
I figured this would be because the account under which the Monitoring Agent runs has no permissions to the SQL databases, so I looked at RunAs accounts for SQL and came across this blog post. Apparently the in thing nowadays is to change the Monitoring Agent to use a service SID and give that service SID access to the databases. Neat, eh! :)
I did the first step above – changing the SID type to “Unrestricted” so the Monitoring Agent uses that service SID. So next step is to give it access to the databases. This can be done by executing the following in SQL Management Studio after connecting to the SQL server in question:
|
|
USE [master] GO /****** Add a login in SQL Server for the service SID of System Center Advisor HealthService ******/ CREATE LOGIN [NT SERVICE\HealthService] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english] GO /****** Add the HealthService Service SID login to the sysadmin server role ******/ ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT SERVICE\HealthService] GO |
The comments explain what it does. And yes, it gives the “NT Service\HealthService” service SID admin rights to the server. I got this code snippet from this KB article but the original blog post I was reading has a version which gives minimal rights (it has some other cool goodies too, like a task to create this automatically). I was ok giving this service SID admin rights.
Posted: June 20th, 2018 | Category: Books | § Altered Carbon
Loved it! Not exactly like the TV show, but similar, and good in its own way. The book was able to convey more internal dialogue and Takeshi musings by way of the medium it is. I read this from cover to cover, but cheated towards the end by listening to the audio book (coz I don’t get much time to read and it’s easier to listen to a book while commuting). As I mentioned earlier the audio book quality is poor, but since it was only a few chapters here and there I didn’t mind.
Apart from the musings and such I think I also enjoyed the book because the sci-fi stuff wasn’t presented in an “oh wow this is awesome” kind of way. Richard Morgan (the author) just brings up things as if they naturally are so. Everything has an air of “this is how things are / have always been” so the book didn’t feel too sci-fi to me. Plus the fact that it tended towards noir / mystery also helped. I definitely love noir / mystery books.
To quote a paragraph that I loved a lot from the book:
Suppose you know someone, a long time ago. You share things, drink deeply of each other. Then you drift apart, life takes you in different directions, the bonds are not strong enough. Or maybe you get torn apart by external circumstance. Years later, you meet that person again, in the same sleeve, and you go through it all over again. What’s the attraction? Is this the same person? They probably have the same name, the same approximate physical appearance, but does that make them the same? And if not, does that make the things that have changed unimportant or peripheral? People change, but how much? As a child I’d believed there was an essential person, a sort of core personality around which the surface factors could evolve and change without damaging the integrity of who you were. Later, I started to see that this was an error of perception caused by the metaphors we were used to framing ourselves in. What we thought of as personality was no more than the passing shape of one of the waves in front of me. Or, slowing it down to more human speed, the shape of a sand dune. Form in response to stimulus. Wind, gravity, upbringing. Gene blueprinting. All subject to erosion and change. The only way to beat that was to go on stack forever.
Just as a primitive sextant functions on the illusion that the sun and stars rotate around the planet we are standing on, our senses give us the illusion of stability in the universe, and we accept it, because without that acceptance, nothing can be done. But the fact that a sextant will let you navigate accurately across an ocean does not mean that the sun and stars do rotate around us. For all that we have done, as a civilization, as individuals, the universe is not stable, and nor is any single thing within it. Stars consume themselves, the universe itself rushes apart, and we ourselves are composed of matter in constant flux. Colonies of cells in temporary alliance, replicating and decaying and housed within, an incandescent cloud of electrical impulse and precariously stacked carbon code memory. This is reality, this is self knowledge, and the perception of it will, of course, make you dizzy. […] All and anything you achieve as Envoys must be based on the understanding that there is nothing but flux. Anything you wish to even perceive as an Envoy, let alone create or achieve, must be carved out of that flux.
Broken Angels
The sequel. I didn’t love it as much as Altered Carbon and in fact I left it about 1/3rd (chapter 14 to be precise). I tried listening to the audio book in hopes that it will engross me more, but it didn’t (in spite of being of better quality). I just couldn’t connect with the story or the characters. While Altered Carbon was more personal, Broken Angels was about war and politics and all that abstract sort of stuff which I have no interest in. And I dunno why, I kept getting irritated by how often kept saying “Envoys are this” and “Envoys are that” – too much self praise.
Reading this book made me doubt (again) whether I like sci-fi or not. When reading Altered Carbon I had gotten over that doubt coz I enjoyed it a lot, but Broken Angels for all its military sci-fi and Martians and all that bored me.
Woken Furies
I had thought of skipping this one – the third book in the trilogy – but am going to give it a chance in case it’s different. Mustn’t judge a trilogy by an unpleasant second book. :) Apparently it’s got a younger Takeshi hunting down an older (present day) Takeshi – can’t say no to that sort of a story!
A good thing about these books is that each one is independent. No relation to the events of the previous books.
Full Dark No Stars
Since I loved “1922” the movie, I decided I had to read/ listen to the book. I tried listening to the audio book early this year but didn’t like the narration. So I returned the audio book and when I saw the physical book recently I purchased it. Read “1922” – loved it! – and also “Big Driver”. Good stuff! Got two more short stories to go.
Posted: June 20th, 2018 | Tags: life, quotes | Category: Asides | § Listening to “The End of the Affair” narrated by the amazing Colin Firth (a pleasure so far to listen to! wow). This sentence caught my attention:
How twisted we humans are, and yet they say a God made us; but I find it hard to conceive of any God who is not as simple as a perfect equation, as clear as air.
Posted: June 20th, 2018 | Tags: putty, smtp, ssl, tls, vim | Category: Asides, Linux BSD | § Changing the colors in Vim so it looks better in PuTTY. I live with this usually (as I don’t spend much time in Linux nowadays) until I Googled today and found an easy fix for this. Thanks to this post: “:color desert” (where desert is an example color).
Testing SSL in SMTP (thanks to):
|
|
openssl s_client -connect mail.example1.hu:25 -starttls smtp |
That link is a good reference on Postfix SSL too.
Coming from a NetScaler background I was used to the concept of a failover server. As in a virtual server would have a pool of servers it would load balance amongst and if all of them are down I can define a failover server that could be used. You would define the failover server as a virtual server with no IP, and tell the primary virtual server to failover to this virtual server in case of issues.
Looking around for a similar option with NSX I discovered it’s possible using application rules. Instead of defining two virtual servers though, here you define two pools. One pool for the primary servers you want to load balance, the other pool for the failover server(s).
Then you create an application rule this:
|
|
acl adfs_pri_down nbsrv(pool-adfs-https-443) eq 0 use_backend pool-bkpadfs-https-443 if adfs_pri_down |
Once again, the syntax is that of HAProxy. You define an ACL – adfs_pri_down is what I am defining for my purposes as this is for load balancing some ADFS servers – and the criterion is nbsrv(pool-adfs-https-443) eq 0. The nbsrv criterion checks the pool you pas on to it (pool-adfs-https-443 in my case) and returns the number of servers that are up. So the ACL basically is a boolean one that is true if the number of usable servers is 0.
Next, the use_backend rule switches to using the backup pool I have defined (pool-bkpadfs-https-443 in this case) if the ACL is true.
That’s all. Pretty straightforward!
Posted: June 10th, 2018 | Tags: ADFS | Category: Asides | § No biggie, just as a reference to myself:
Posted: June 9th, 2018 | Category: Books | § Listened to “Fahrenheit 451” narrated by Tom Robbins this weekend. It’s a short book of about 5 something hours. I left reading when there was 1 hour to go.
I decided to listen to this book as a movie adaptation is out and I wanted to read/ listen to the book first before watching the movie. It’s a good book, but yeah it didn’t hook me on too much and so I left eventually. I think the fact that I listened to it rather than actually read was what helped me get this far. Tom Robbins was a good narrator.
I didn’t leave this book because it was poorly written or anything. It was good. I liked the language and how things were presented etc., but I didn’t really connect to the story. Going through the Wikipedia page I see that the book was written at a time when book burning was a possibility and I guess since that whole concept sounds so alien to me I don’t really get it. Not that book burning can’t or won’t happen in this day and age, just that it feels a bit far fetched and not overly dystopian (I guess one could always have an ebook version of whatever is being burned!). The book also seemed to be a commentary about the rise of television and how it keeps people happy as it’s “dumb” or mind numbing, while books provoke thought and discussion and this in turn leads to dissatisfaction and unhappiness – but this too kind of feels far fetched in this day and age when there are good TV shows and games and tablets etc. encourage creativity among its users.
Considering all this I didn’t feel like wasting more time on the book. I don’t have an hour of free time today, and I could leave the book for my morning commute tomm – but why bother. Decided to leave it where it is.
ps. Saw the movie, and it’s terrible!
Posted: June 8th, 2018 | Tags: life, quotes | Category: Asides | § Came across this when listening to “Fahrenheit 451”:
We cannot tell the precise moment when friendship is formed. As in filling a vessel drop by drop, there is at last a drop which makes it run over; so in a series of kindnesses there is at last one which makes the heart run over.
It’s from a book by James Boswell and the full paragraph is worth reading.
Posted: June 8th, 2018 | Tags: audiobooks, books | Category: Books | § I love Audible and audiobooks but I notice that off late I am less enthusiastic about it. The last good audiobook I enjoyed was “City of Thieves” and that itself was found after skipping a lot of books in my library. Similarly since then I have skipped many books. Am not sure if I skipped most of these because I didn’t like the story or because I wasn’t much a fan of the narration.
Thing is the narration in most of these books I skipped is great but just not to my taste. For instance I listened to “The Hobbit” (which I’ve already read) but gave up soon coz the narrator Rob Inglis was amazing but I just didn’t want this much “input” from him. He did all the voices perfectly, it kind of took distracted me (for lack of a better word). I would have loved it if he were just reading the book and less focused on the various voices – that way he would leave something for my mind to imagine, but not my mind was a mere passenger in his bus ride (not sure if that analogy made sense). I think that’s an especial issue I have with audiobooks in general. With a book I know I have to focus and give in to the book – since I am reading my eyes and my mind is concentrated on the act, and I visualize things and have the world and characters built up in my head. But when listening only one of my senses is engaged while my eyes are free to wander around and get distracted and think of other things, and also there is less character build up in my head. Added to that if the narrator does a more than perfect job of emoting and doing different voices, there’s pretty much nothing left for me to do except just listen and I am not fully focussed or into the story. I am much better of watching a TV adaptation of it as they go one step further and show me things too.
This is the same issue I had with Stephen King’s “The Mist” recently read by the amazing Will Patton. He was too perfect, inflicting his voice with various emotions such as fear and sadness etc. I felt it took something away from my pleasure of reading.
Then there’s some audiobooks where the editing or quality of the recording isn’t great. For instance “Altered Carbon” read by Todd McLaren which seems to be a good book (am reading the physical version) but the quality was so horrible it distracted me too much.
Maybe it’s my mood of late or maybe I am just moving on – I don’t know, but I am less excited about audiobooks. I hope it’s just a case of me not coming across stuff I like, because I do love audiobooks and I have listened to many great books on it and discovered a few authors I wasn’t aware of. So I don’t really want to give up audiobooks, I just want to be able to use it properly.
I think one reason many people prefer audiobooks is for this reason that I don’t like it. :) Audiobooks lets you consume a book while doing other things side by side. I wouldn’t read a physical book in my morning commute for instance coz of all the noise – I would want peace and quite. Yet I can do an audiobook coz it’s in my ear. Similarly there are people who listen to audiobooks while doing household chores or washing dishes etc. – something which I too tried initially but left it coz I don’t want to read a book like it’s some background music or radio. I would like to get lost in reading a book, if I can (but one can’t coz of the lack of time and also coz as I get older I find my eyes are unable to concentrate for too long on reading).
Anyhow, that’s enough audiobook rant for today. Am listening to Tim Robbins narrate “Fahrenheit 451” now. I started it yesterday and he’s a great narrator but I started feeling sleepy and left it. Got to see how it goes today. He doesn’t do too much voices (not yet at least).
I listened to “Brave New World” two weeks ago and left it quarter way. Great narration, but irritating voices. And I didn’t get too hooked on the book either. Yeah it’s dystopian and all that, but didn’t catch my fancy. Surprising considering it’s a popular book, and also coz I usually like dystopian novels. That said two of the three previous dystopian novels I read/ listened to, I mixed it with audiobook and reading. “1984” and “A Handmaid’s Tale” – I alternated between reading and listening; while “Animal Farm” was purely listening (but the story had a faster pace so maybe it didn’t matter much that I didn’t read). So maybe that’s why I enjoyed those books more, and if I were to read “Brave New World” I might enjoy it. (Or maybe not. I was hooked on to “1984” and “A Handmaid’s Tale” from the start when listening, and I started reading them so I could go through it faster – so I guess I simply wasn’t a fan of “Brave New World”).
Speaking of reading I finished “Alias Grace” recently. Had loved the TV show so I bought the book when in London last month. Amazing book. I simply loved it. I bought the audiobook too and tried reading it side by side but I was having so much fun just reading the book that I returned the audiobook. Now I am reading “Altered Carbon”.
Posted: May 29th, 2018 | Category: Books | § When in the UK recently I bought a bunch of books to rekindle my reading habit. One of these was Station Eleven. I am not sure where I came across this book – I have a memory of it being on one of the TWiT shows – but I can’t find any hits when searching for this book and any of the shows of that network, so it must be a mistaken memory. Anyhow, all the blurbs on the book cover made it sound amazing, and it’s won some sci-fi award, and it’s supposed to be one of these dystopian future sort of novels from a Canadian authoress (and I think of Margaret Atwood whose books I like), and it was on half price in the book store … so I purchased it. Bad decision!
To be fair I have read about half the book. Am on page 146 of 333 and finally giving up. I think if I stick with a book till nearly midway and it still doesn’t interest me then there’s no point spending more time further. There are other books to read or stuff to do, I must call quits here. Sucks that I spent money on this book though coz I can’t just return it like I would do an audiobook, and I don’t want to keep it in my library either, so I’ll have to donate it I guess. Bad decision. Very bad decision buying this book!
The book just meanders on and on. There’s some flu, the end of the world, civilization has come to and end, everything’s reverted to an older age of small towns and no technology and a bunch of survivors. No there’s no zombies or some crazy dystopian future – it’s just people wandering around. There’s some group of traveling artists, and a lot of flashbacks to some character who died initially … it’s just so boring and pointless. In fact, I don’t even know why I am wasting time writing about the book. :) I just need to vent it out somewhere I guess and get it out of my system.
To be fair the book is not like some of the newer books that read more like they are written for a movie or TV series. A lot of books I read recently on the Kindle are written that way and it’s irritating – I’d much rather watch it on screen then. No, this one is well written and I could have fallen in love with it had there been some point or purpose or direction or pace to the whole narrative. As of now it’s just wasting my time.
Posted: May 24th, 2018 | Category: Books | § Every now and then Audible has some sale and I try a new author I haven’t heard of. I am not very good at exploring different authors or genres coz I don’t like leaving my comfort zone. But with Audible I can at least give something a shot, and then return the book if I don’t like it. Usually I try a new book based on the narrator or just the book cover. I read some of the review to try and get an understanding, but it’s difficult to judge a book by reviews as different people have different tastes (and I have found I don’t like most sci-fi stories that a lot of people rave about).
Anyways, City of Thieves by David Benioff is one such book I tried recently and I am loving it. I bought it coz of the cover and also coz it is narrated by Ron Perleman. It’s been a good listen so far and while I still have a long ways to go I thought I should mention it here. Ron Perleman narrates it good too with the different voices and all that.
While Googling on some of the places and authors in the book (most of which turns out to be fictional) I came across the following wonderful quote from this blog post:
Talent must be a fanatical mistress. She’s beautiful; when you’re with her, people watch you, they notice. But she bangs on your door at odd hours, and she disappears for long stretches, and she has no patience for the rest of your existence: your wife, your children, your friends. She is the most thrilling evening of your week, but some day she will leave you for good. One night, after she’s been gone for years, you will see her on the arm of a younger man, and she will pretend not to recognize you.
David Benioff has two other books but they don’t seem to be in Audible. Will have to read them the old fashioned way. :o)
Update: Finished the book. Loved it!! A must read/ listen.
Posted: May 21st, 2018 | Tags: Azure, log analytics, OMS | Category: Infrastructure | § This is by no means a big deal, nor am I trying to take credit. But it is something I setup a few days ago and I was pleased to see it in action today, so wanted to post it somewhere. :)
So as I said earlier I have been reading up on Azure monitoring these past few days. I needed something to aim towards and this was one of the things I tried out.
When you install the “Agent Health” solution it gives a tile in the OMS home page that shows the status of all the agents – basically their offline/ online status based on whether an agent is responsive or not.
The problem with this tile is that it only looks for servers that are offline for more than 24 hours! So it is pretty useless if a server went down say 10 mins ago – I can keep staring at the tile for the whole day and that server will not pop up.
I looked at creating something of my own and this is what I came up with –
If you click on the tile it shows a list of servers with the offline ones on top. :)
I removed the computer names in the screenshot that’s why it is blank.
So how did I create this?
I went into View Designer and added the “Donut” as my overview tile.
Changed the name to “Agent Status”. Left description blank for now. And filled the following for the query:
|
|
Heartbeat | summarize LastSeen = max(TimeGenerated) by Computer | extend Status = iff(LastSeen < ago(15m),"Offline","Online") | summarize Count = count() by Status | order by Count desc |
Here’s what this query does. First it collects all the Heartbeat events. These are piped to a summarize operator. This summarizes the events by Computer name (which is an attribute of each event) and for each computer it computes a new attribute called LastSeen which is the maximum TimeGenerated timestamp of all its events. (You need to summarize to do this. The concept feels a bit alien to me and I am still getting my head around it. But I am getting there).
This summary is then piped to an extend operator which adds a new attribute called Status. (BTW attributes can also be thought of as columns in a table. So each event is a row with the attributes corresponding to columns). This new attribute is set to Offline or Online depending on whether the previously computed LastSeen was less than 15 mins or not.
The output of this is sent to another summarize who now summarizes it by Status with a count of the number of events of each time.
And this output is piped to an order to sort it in descending. (I don’t need it for this overview tile but I use the same query later on too so wanted to keep it consistent).
All good? Now scroll down and change the colors if you want to. I went with Color1 = #008272 (a dark green) and Color 2 = #ba141a (a dark red).
That’s it, do an apply and you will see the donut change to reflect the result of the query.
Now for the view dashboard – which is what you get when someone clicks the donut!
I went with a “Donut & list” for this one. In the General section I changed Group Title to “Agent Status”, in the Header section I changed Title to “Status”, and in the Donut section I pasted the same query as above. Also changed the colors to match the ones above. Basically the donut part is same as before because you want to see the same output. It’s the list where we make some changes.
In the List section I put the following query:
|
|
Heartbeat | summarize LastSeen = max(TimeGenerated) by Computer | extend Status = iff(LastSeen < ago(15m),"Offline","Online") | sort by bin(LastSeen,1min) asc |
Not much of a difference from before, except that I don’t do any second summarizing. Instead I sort it by the LastSeen attribute after rounding it up to 1 min. This way the oldest heartbeat event comes up on top – i.e. the server that has been offline for the longest. In the Computer Titles section I changed the Name to “Computer” and Value to “Last Seen”. I think there is some way to add a heading for the Offline/Online column too but I couldn’t figure it out. Also, the Thresholds feature seemed cool – would be nice if I could color the offline ones red for instance, but I couldn’t figure that out either.
Lastly I changed the click-through navigation action to be “Log Search” and put the following:
|
|
Heartbeat | summarize LastCall = max(TimeGenerated) by Computer | where LastCall < ago(15m) |
This just gives a list of computers that have been offline for more than 15 mins. I did this because the default action tries to search on my Status attribute and fails; so thought it’s best I put something of my own.
And that’s it really! Like I said no biggie, but it’s my first OMS tile and so I am proud. :)
ps. This blog post brought to you by the Tamil version of the song “Move Your Body” from the Bollywood movie “Johnny Gaddar” which for some reason has been playing in my head ever since I got home today. Which is funny coz that movie is heavily inspired by the books of James Hadley Chase and I was searching for his books at Waterstones when I was in London a few weeks ago (and also yesterday online).
My blog posting has taken a turn for the worse. Mainly coz I have been out of country and since returning I am busy reading up on Azure monitoring.
Anyways, some quick links to tabs I want to close now but which will be useful for me later –
- A funny thing with Azure monitoring (OMS/ Log Analytics) is that it can’t just do simple WMI queries against your VMs to check if a service is running. Crazy, right! So you have to resort to tricks like monitor the event logs to see any status messages. Came across this blog post with a neat idea of using performance counters. I came across that in turn from this blog post that has a different way of using the event logs.
- We use load balancers in Azure and I was thinking I could tap into their monitoring signals (from the health probes) to know if a particular server/ service is up or down. In a way it doesn’t matter if a particular server/ service is down coz there won’t be a user impact coz of the load balancer, so what I am really interested in knowing is whether a particular monitored entity (from the load balancer point of view) is down or not. But turns out the basic load balancer cannot log monitoring signals if it is for internal use only (i.e. doesn’t have a public IP). You either need to assign it a public IP or use the newer standard load balancer.
- Using OMS to monitor and send alert for BSOD.
- Using OMS to track shutdown events.
- A bit dated, but using OMS to monitor agent health (has some queries in the older query language).
- A useful list of log analytics query syntax (it’s a translation from old to new style queries actually but I found it a good reference)
Now for some non-Azure stuff which I am too lazy to put in a separate blog post:
- A blog post on the difference between application consistent and crash consistent backups.
- At work we noticed that ADFS seemed to break for our Windows 10 machines. I am not too clear on the details as it seemed to break with just one application (ZScaler). By way of fixing it we came across this forum post which detailed the same symptoms as us and the fix suggested there (
Set-ADFSProperties -IgnoreTokenBinding $True) did the trick for us. So what is this token binding thing?
- Token Binding seems to be like cookies for HTTPS. I found this presentation to be a good explanation of it. Basically token binding binds your security token (like cookies or ADFS tokens) to the TLS session you have with a server, such that if anyone were to get hold of your cookie and try to use it in another session it will fail. Your tokens are bound to that TLS session only. I also found this medium post to be a good techie explanation of it (but I didn’t read it properly*).
- It seems to be enabled on the client side from Windows 10 1511 and upwards.
- I saw the same recommendation in these Microsoft Docs on setting up Azure stack.
Some excerpts from the medium post (but please go and read the full one to get a proper understanding). The excerpt is mostly for my reference:
Most of the OAuth 2.0 deployments do rely upon bearer tokens. A bearer token is like ‘cash’. If I steal 10 bucks from you, I can use it at a Starbucks to buy a cup of coffee — no questions asked. I do not want to prove that I own the ten dollar note.
OAuth 2.0 recommends using TLS (Transport Layer Security) for all the interactions between the client, authorization server and resource server. This makes the OAuth 2.0 model quite simple with no complex cryptography involved — but at the same time it carries all the risks associated with a bearer token. There is no second level of defense.
OAuth 2.0 token binding proposal cryptographically binds security tokens to the TLS layer, preventing token export and replay attacks. It relies on TLS — but since it binds the tokens to the TLS connection itself, anyone who steals a token cannot use it over a different channel.
Lastly, I came across this awesome blog post (which too I didn’t read properly* – sorry to myself!) but I liked a lot so here’s a link to my future self – principles of token validation.
* I didn’t read these posts properly coz I was in a “troubleshooting mode” trying to find out why ADFS broke with token binding. If I took more time to read them I know I’d get side tracked. I still don’t know why ADFS broke, but I have an idea.
Posted: May 12th, 2018 | Tags: greek, mythology, quotes | Category: Asides | § Listening to Stephen Fry’s Mythos and I loved this epitaph from one of the stories. That of Phaëthon, son of Phoebus Apollo the sun God, who rode his father’s sun chariot for a day but lost control and ended up scorching Africa in the process (thus creating the Sahara desert). This epitaph was offered by the American classicist Edith Hamilton.
Here Phaëthon lies who in the sun-gods chariot fared.
And though greatly he failed, more greatly he dared.
|
