How to add static routes in Windows Server 2008 R2

Download PDF

– Open CMD (elevated only – Run As Administrator)
– To display existing routes type: route print

route add mask
Where first destination IP, mask if single IP than /32 (.255) and then the next hop (other server)

So the example would be:
route add mask

– To delete the route: route delete

route add mask if 1 (where 1 is the interface number). You can see the interface numbers when route print.

How to Redirect HTTP to HTTPS with IIS 7

Download PDF

In IIS, to redirect (force) HTTPS on every HTTP request, do the following.

Before you start, make sure you have the following done;

  • IIS 7 installed
  • Microsoft URL Rewrite Module installed
  • Create HTTPS bindings to your IIS website and assign certificate
  • Ensure Require SSL is NOT checked under SSL Settings for your website

Once you have this done you can simply copy and paste the following code between the <rules>and </rules> tags in your your web.config file in your website root directory.

Please note if you already have some rules in you web.config file, make sure to put the bellow rule within <rules>. Every rule ends with <rule> and then all rules end with <ruleS>, so make sure not to put this rule inside another rule.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />

Now save the web.config file and it’s all done.

MySQL error: Field doesn’t have a default value – ClipBucket – Clip-bucket

Download PDF

Clip-bucket Field ‘action_link’ doesn’t have a default value


MySQL error: Field doesn’t have a default value

When inserting a new record with varchar or text field that is required and has no default value. This error will display for example:error : Field ‘description’ doesn’t have a default value

The possible reason is that sql-mode in my.ini is set to STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION.

Change the value to
sql-mode = “”

Update 2011/4/25:
Add Default value “” if possible to avoid changing mysql setting.

Generate CSR and install SSL on IIS servers in Load Balanced Environment – SSL Behind a Load Balancer

Download PDF

To install SSL certificate in a Load Balanced environment, for example with 3 host web servers.


  • On the first server create a certificate request – CSR by doing the following:


Generating a CSR (IIS7)

  1. From Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager.
  2. In the Connections panel on the left, click the server name for which you want to generate the CSR.
  3. In the middle panel, double-click Server Certificates.
  4. In the Actions panel on the right, click Create Certificate Request….
  5. Enter the following Distinguished Name Properties, and then click Next:
  6. NOTE: The following characters are not accepted when entering information: < > ~ ! @ # $ % ^ * / \ ( ) ? &
    • Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
      • An SSL certificate issued for is not valid for If you want your SSL to cover, make sure the common name submitted in the CSR is
      • If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name (e.g.,* or *
    • Organization — The name in which your business is legally registered. The organization must be the legal registrant of the domain name in the certificate request.
    • NOTE: If you are enrolling as an individual, enter the certificate requester’s name in the Organization field, and the Doing Business As (DBA) name in the Organizational Unit field.
    • Organizational Unit — Use this field to differentiate between divisions within an organization (such as “Digital” or “IT”).
    • City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
    • State/Province — The full name of state or province where your organization is located. Do not abbreviate.
    • Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  7. For Cryptographic service provider, select Microsoft RSA SChannel Cryptographic Provider .
  8. For Bit length, select 2048, and then click Next.
  9. Click …, enter the location and file name for your CSR, and then click Finish.


  • After CSR has been created, submit it to the Certification Authoroty (CA)
  • When the certificate has been issued it is time to install it – to COMPLETE THE CSR REQUEST ON THE FIRST SERVER WHERE CSR WAS CREATED.


Installing a SSL cert (IIS7)

  1. Click Start, mouse-over Administrative Tools, and then click Internet Services Manager.
  2. In the Internet Information Services (IIS) Manager window, select your server.
  3. Scroll to the bottom, and then double-click Server Certificates.
  4. From the Actions panel on the right, click Complete Certificate Request….
  5. To locate your certificate file, click ….
  6. In the Open window, select *.* as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open.
  7. In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then click OK.
  8. NOTE: For Wildcard SSL certificates make sure your Friendly Name to matches your Common Name (i.e. *

NEXT INFO IS ONLY FOR NEW CERTIFICATES – RENEWALS WILL ALREADY HAVE ALL THE INFO IN – YOU JUST HAVE TO SELECT THE RENEWED SSL IN EDIT SITE BINDING (BINDINGS>HTTPS>EDIT>SSL Certificate>Select the renewed one – if you named both old and renewed SSL with the same friendly name, you can select one and click view to see the expiry date)

  1. In the Internet Information Services (IIS) Manager window, select the name of the server where you installed the certificate.
  2. Click + beside Sites, select the site to secure with the SSL certificate.
  3. In the Actions panel on the right, click Bindings….
  4. Click Add….
  5. In the Add Site Binding window:
    • For Type, select https.
    • For IP address, select All Unassigned, or the IP address of the site.
    • For Port, type 443.
    • For SSL Certificate, select the SSL certificate you just installed, and then click OK.
  6. Close the Site Bindings window.
  7. Close the Internet Information Services (IIS) Manager window. Your SSL certificate installation is complete


  • Now we need to install the certificate on the other web servers behind Load Balancer. To do so we need to Export the certificate from the first server and import it into other two


Exporting to a .pfx File on the first server where we installed the new(or renewed) SSL.

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
  7. Choose Yes, export the private key and include all certificates in certificate path if possible.
  8. Warning: Do not select the delete private key option.
  9. Leave the default settings and then enter your password if required.
  10. Choose to save the file and then click Finish. You should receive an “export successful” message. The .pfx file is now saved to the location you selected


  • After we exported the certificate from the first server, it needs to be imported in the rest of the servers. Follow this procedure on any remaining web server


Importing from a .pfx File

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Import.
  7. Follow the certificate import wizard to import your primary certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.



  • When the importing is complete, you have to select the new certificate in the site bindings


All done

iSCSI Naming and Addressing

Download PDF

In an iSCSI network, each iSCSI element that uses the network has a unique and permanent iSCSI name and is assigned an address for access.
iSCSI Name
Identifies a particular iSCSI element, regardless of its physical location. The iSCSI name can use IQN or EUI format.

IQN (iSCSI qualified name)

. Can be up to 255 characters long and has the following format:
iqn.yyyy-mm.naming-authority:unique name

The year and month when the naming authority was established.

Usually reverse syntax of the Internet domain name of the naming authority. For example, the naming authority could have the iSCSI qualified name form of The name indicates that the domain name was registered in January of 1998, and iscsi is a subdomain, maintained by

unique name
Any name you want to use, for example, the name of your host. The naming authority must make sure that any names assigned following the colon are unique. For example,

EUI (extended unique identifier)

. Includes the eui. prefix, followed by the 16-character name. The name includes 24 bits for the company name assigned by the IEEE and 40 bits for a unique ID, such as a serial number.
For example,

iSCSI Alias
A more manageable, easy-to-remember name to use instead of the iSCSI name. iSCSI aliases are not unique, and are intended to be just a friendly name to associate with the node.

IP Address
An address associated with each iSCSI element so that routing and switching equipment on the network can establish the connection between different elements, such as the host and storage. This is just like the IP address you assign to a computer to get access to your company’s network or the Internet.

Install XenApp – Failed to configure component ‘Citrix licensing’

Download PDF


Installing Citrix XenApp 6 Fundamentals on Server 2008R2


Citrix XenApp 6 installation instructions say all necessary prerequisites will be automatically installed by it’s installer. Maybe in Citrix world, but not in reality. Installation fails after 10 seconds and logs usually shows a message like “Failed to configure component ‘Citrix licensing’ “ or “Failed to configure component ‘Citrix Delivery Services Console’ “.

To get it going, you will have to start with a clean system.. No updates installed, nothing! I made a mistake here by updating my Server 2008 R2 OS with latest patches. It seems that some of them are causing install to crash even with all prerequisites installed. So first thing to do is NOT TO UPDATE YOUR OS. After XenApp install is complete, you can make an image of your system and install updates one by one and test which one fails. But in this post we won’t talk about that.

1. Install clean Server 2008 R2 – NO WINDOWS UPDATES (you can play with that later)

2. Join the domain (setup it’s IP, name etc first)

3. Add the following ROLES

– .net 3.5 (Application Server Role – not under Features)

– IIS 7 (Web Server Role – I added IIS 6 compatibility service as well)

– Remote Session Host and Licensing server

4. Reboot the server

5. Run the installer


It should work fine now.

Thanks Citrix for making it easy 🙂

How to insert a USB into Hyper-V 2012 R2 Virtual Machine

Download PDF

Windows Server 2012R2 has introduced the ability to insert a USB drive into a virtual machine! Finally!

New feature is called Virtual Machine Enhanced Session Mode. Beside USB support, this feature allows us to share  following local resources:

  • Display configuration
  • Audio
  • Printers
  • Clipboard
  • Smart cards
  • USB devices
  • Drives
  • Supported Plug and Play devices

The enhanced session mode connection uses a Remote Desktop Connection session via the virtual machine bus (VMBus), so no network connection to the virtual machine is required.

Only the following guest operating systems support enhanced session mode connections:

  • Windows Server 2012 R2 
  • Windows 8.1

Here is how to enable it:

1.  Right Click on the “SERVER NAME” and then Hyper-V Settings, in Hyper-V Manager



2. Under SERVER>Enhanced Session Mode Policy tick Allow enhanced session mode



3. Under USER>Enhanced Session Mode and tick Use enhanced session mode



4. Right click on the VM and press Connect…



5. Click on Show Options



6.  Select Local Resources tab



7.  Click More…



8. Select the drive you wish to add to the VM and press Ok



9. Done

Synology Failed to establish IEEE 802.3ad connection Cisco

Download PDF

Cisco_logo_2006       logo-Synology-300x300



Failed to establish IEEE 802.3ad connection

Failed to establish IEEE 802.3ad connection

Configuring Synology Link Aggregation

I am using Synology RS814+ and Cisco Catalyst 3750G. RS814+ has 4 gigabit ports. In my case I have only used first 2 ports to create an aggregation link.

If you wish to create 2 and 2 links, then make sure to create interface Port-channel2 for second link and use channel-group2 mode active on switch interfaces.

This configuration works 100%, please let me know if any problems.

interface Port-channel1
switchport access vlan 100
switchport mode access

interface GigabitEthernet1/0/1
description “Synology NIC1”
switchport access vlan 100
switchport mode access
channel-protocol lacp
channel-group 1 mode active
interface GigabitEthernet1/0/2
description “Synology NIC2”
switchport access vlan 100
switchport mode access
channel-protocol lacp
channel-group 1 mode active

How to compact Linux VM vhd size in Microsoft Hyper-V

Download PDF


In time Windows and Linux virtual machines running on Hyper-V virtualisation platform will grow in size even if the large part has been freed up within the virtual machine itself. This is because Hyper-V is not smart enough to auto compact the vhd (virtual hard disk) on the fly – to recognise real space usage within the VM. With Windows VM’s this is done very easy by using Edit>Compact options within the VM settings. However, with Linux VM this is not as straight forward.

 In this case I have used CentOS 6.5 running cPanel on a dynamically expanding .VHD (total size 1.5TB)


The first thing you need to do is to zero out the free space within your linux VM. That means, the rest of the free space will be filled with zeros. Type the following command in your linux box (via ssh or hyper-v console)

cat /dev/zero > zero.dat ; sync ; sleep 1 ; sync ; rm -f zero.dat

This command will create a zero.dat file as big as the available free space and then delete it. It may take a while to finish depending on the size assigned.

After the command has finished it will show no more disk space message.


– .VHD file on the host will not grow in size to it’s maximum if you execute this command, it only grows to the maximum within the virtual machine. (in case you have no space for it to grow on Hyper-V host)

– make sure you run this command on a Linux partition that contains the biggest amount of disk space assigned, see my example:

/tmp /var/tmp 4% (140,592 of 4,128,448)
/dev/sda1 /boot 20% (93,976 of 495,844)
/dev/mapper/vg_centos65cp-lv_home /home 5% (76,409,648 of 1,529,194,928)
/dev/mapper/vg_centos65cp-lv_root / 30% (14,663,896 of 51,606,140)
/usr/tmpDSK /tmp 4% (140,592 of 4,128,448)

So in this case you would first switch to home partition because it is the biggest one:

centos>cd /home

centos>cat /dev/zero > zero.dat ; sync ; sleep 1 ; sync ; rm -f zero.dat

If you do it in root partition it will only fill up to it’s maximum which in my case is only 50GB.



Open Hyper-V Manager and shut down the VM first. Then open settings of the VM, select the VHD disk and then edit.

Select the compact option > Next > Finish.




Depending on the VHD file current size, it could take several hours. After it has finished, your VHD file should be smaller.

My VHD file was 460GB, after compacting it, 115GB. 

Any questions feel free to ask!

How to clean virus and malware infections Tips & Tricks

Download PDF

Let’s get straight to the point.

Computer-VirusDepending on the malware type, you may get away only by using the infected computer to perform self-cleaning.But if you suffer from a more sinister intrusion type, you will need another computer with an internet connection and a USB stick or any other type of removable storage to copy the needed files to infected pc.

(1) Always do your best to find out the malware name or intrusion type. 60-70% of times if you find the virus name or type, you will easily find a tool to get rid of it. Many antivirus companies make small applications free for download that remove certain types of viruses. To find a virus name, look at your desktop for any unknown new icons, check your antivirus log (it has possibly detected it but unable to remove, it will display the name or type), look for obvious things like suddenly you have a  program called “Registry Cleaner” or “Microsoft Antivirus” or “Speed optimiser” etc. Very often malware will pretend to be helping you, in a very nice looking application layout it will be showing you all these problems with your machine etc. , but instead its all fake. So “Google” the name and you will find out instructions or tools to get it out.








(2) Most everyday viruses can be removed by running you antivirus scan (deep/full scan). Unfortunately there is still a lot of malware out there for which you will need some more advanced tools to heal your system.

  • RKill ComboFix RKill and ComboFix from Bleeping Computers, my absolute favourites. Combinaton of these tools can remove 98% of viruses today.


!!! IMPORTANT !!! Only use these tools when necessary, ComboFix can damage your system in some cases, do not use if there is no intrusion. ComboFix is not an antivirus and can not be installed. It is only a tool for malware removal. DISABLE ANY INSTALLED ANTIVIRUS BEFORE RUNNING COMBOFIX. Combofix needs to be re-downloaded every time because it doesn’t update the definitions like a normal antivirus, therefore make sure to grab the latest version from the link above.

1. Once downloaded put both files (RKill and ComboFix) on your C: drive (Windows OS Drive usually C:)

2. Run RKill first with Administrator rights (right click>Run as administrator or just double click if you already have admin rights)

Rkill will open a Command Prompt (black DOS) window and start checking the system for anything out of the ordinary. It looks at the executables file association, it looks at registry, running services/processes etc. Many viruses will hook up to your system before OS boots so your Antivirus is unable to detect them and stop. RKill sees these intrusions and stops them from being in “Work in progress mode” to “Inactive” mode. It does not remove them, it only gives your antivirus some chance against them.



After RKill you can try and run your ordinary Antivirus software, but i recommend to run ComboFix instead. From personal experience regular antivirus programs even after RKill are unable to take the virus down.

Run ComboFix with administrator rights and follow its instructions. It is very straight forward, make sure not to interrupt ComboFix in any stage. Depending on the infection size, it may take from 5min to 1hour (yes thats right 1 hour!). Do not restart the pc on your own unless instructed. Once ComboFix is done it will show you a log file in notepad.





Now, to be on the safe side, reboot your PC and run the process again. RKill then ComboFix.


Rest coming soon.