Moving EC2 Instance from one account to another

When you move the EC2 instance from one account to another you can follow this procedure it’s working fine, except for one details.

https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-ec2-instance/

After Creating the snapshot, when you log into the target location and you try to create an Instance from the AMI, you need to be in the same region as the source to access the snapshot.

To validate your region look at the top right corner, on the right of you account Name the region is there. Be Sure the Region is the same for the source and the destination!

Polycom – VoIP – Asterix – Sonicwall – Cisco Swiches – Phones unRegistered or disconnected

Hi,

Troubleshooting note for a situation (a brand new installation) but the VoIP phone got disconnected randomly.

Equipments :

  • Phone Polycom
  • PBX : asterisk
  • Switches : Cisco SG-300
  • Sonicwall Soho (TZ Series)

Let’s start with the switch. Cisco have a feature enabled by default called : “Green Ethernet” if you have a non managed switch. Simply : Trash it. Purchase a switch : Netgear GS105E-200NAS

For Managed switch, there’s a more simple solution, turn off the Green Ethernet and the 802.3 Energy Saving

Sg300

Sonicwall

In the Firewall Rules, OpenUP the port : 5000 up to 5500 UDP, 10000-20000 UDP and TCP – Any to Any (Incoming)

In the VoIP Section :

Check Enable Consistent Nat and Check Enable SIP Transformation and 

VoIPSonic

The MOST IMPORTANT is this setting :

Disable the DPI Setting :

In the Firewall, Advanced, Connections switch the option to Maximum SPI connection (DPI Services Disabled)

DPI

After those changes you need to Reboot the Sonicwall appliance.

Monitor the phones and they should stay connected “forever”.

JF

 

Create IPSEC VPN Sonicwall Tunnel Amazon Web Service (AWS) VPC – No Traffic No Ping…. How to fix it.

Hi,

If you are like me and you want to deploy a Sonicwall and create a Private VPN between your Network and Amazon Web Service.. This can give you an hard time and you to understand the Sonicwall / Amazon to get this working. Dell Create a procedure for that, first link on Google and to be honest… 75% is working…

http://support-public.cfm.software.dell.com/27707_configuring_sonicos_for_amazon_vpc_technote.pdf

This is an Update Version of this Procedure, I will add some screen shot a bit Later On.. But if you have Knowledge in VPN and Sonicwall This might give you the part missing.

My first attempt The VPN was setup but no traffic in between..

Important Information:

Sonicwall

  • For the BGP (Dynamic Routing) even if your Sonicwall support it in the Specs…You need a Sonicwall License Upgrade call SonicOS Expanded…  Good News. The Static Will Work!
  • Tested with Sonic OS 6.2+

Amazon Site.

Go to VPC

Steps :

  • 1. Initializing the VPC (You can use the default)
  • 2. Creating the Subnet (You can use the default)
  • 3. Creating the Virtual Private Gateway
  • 4. Attaching the Virtual Private Gateway to the VPC
  • 5. Creating a Customer Gateway
  • 6. Create the VPN Connections
  • 7. Define the Route Tables

1 – Initializing the VPC (VPC it’s the Private Cloud- I can compare it to a router)

If you have no VPC, Create One and assigned a VPC CIDR (IP Range like : 10.1.0.0/16)

2 – Creating the Subnet (Network Range visible to the EC2 Instance and also the private Network accessible over the VPN)

Create a Subnet attached to your VPN like 10.1.1.0/24

3 – Creating the Virtual Private Gateway

Create a Virtual Private Gateway (This is the “Amazon side of the VPN”)

4 – Attaching the Virtual Private Gateway to the VPC

(Select the VPG) and attach to VPC

5 – Creating a Customer Gateway

The Customer Gateway it’s the Sonicwall Specs.

  • Name Tag (A Friendly name to define the service)
  • Routing (Static)
  • IP Address : The WAN IP of the Sonicwall

6 – Create the VPN Connections

VPN Connections – Create

  • NameTag (A Friendly name to define the service)
  • Virtual Private Gateway (The one Created at Step 3)
  • Customer Gateway (The one Created at Step 5)
  • Routing Options (Choose Static)
  • Static IP Prefixes it’s your LAN NETWORK ( 192.168.10.0/24)

Download the configuration File in the Format : Generic / Generic / Vendor Agnostic *** KEEP IT FOR FUTUR STEPS

7 – Go to Route Table

Select the Route available – Click on Route and Edit the following :

Add 2 routes :

Destination : 0.0.0.0 / 0      Target : Virtual Private Gateway (it’s Amazon ID – Steps 3)

Destination : 192.168.10.0 / 24 (YOUR LAN NETWORK) Target : Virtual Private Gateway (it’s Amazon ID – Steps 3)

GoTo Route Propagation Tab and Edit and Set Propagate to Yes

Save

NOW SONICWALL! **** I WILL SHOW IT ONLY FOR ONE TUNNEL THE FAILOVER IT’S THE SAME

Open the Text File you Downloaded at Steps 6.

The important Information it’s under : IPSec Tunnel #1

Go to VPN :

  • Add…
  • General : 
  • Policy Type : Tunnel Interface
  • Name : Friendly Name Me : AWS VPN
  • IPSec Primary Gateway Name (Take the Outside IP Addresses– Virtual Private Gateway)
  • Shared Secret (In the Text File : Pre-Shared Key)
  • Local IKE ID: (Take the Outside IP Addresses– Customer Gateway)
  • Peer IKE ID: (Take the Outside IP Addresses– Virtual Private Gateway)
  • Proposals : (Double check the spec in the Text Files)
  • Phase 1
  • Exchange : Main Mode
  • DH Group : Group 2
  • Encryption : AES-128
  • Authentication : SHA1
  • Life Time : 28800
  • Phase 2
  • Protocol : ESP
  • Encryption : AES-128
  • Authentication SHA1
  • Check the Check Box Enable Perfect Foward Secrecy
  • DH Group : Group 2
  • Life time : 28800
  • Advanced
  • Check Enable Keep Alive
  • VPN Policy Bound to : Interface X1

Clic OK at this point you should have within couple of seconds the VPN UP.. but the trouble begin 🙂

Go to the Menu VPN / Advanced

  • UnCheck : Enable NAT Traversal

Go to the Menu Network / Interfaces

Add Interface (Zone VPN)

  • VPN policy Select : AWS VPN
  • Name : AWSVPN
  • Static Ip Mode
  • IP Address : In the Text Files : (Inside IP Addresses – Customer Gateway) This can be 169.254.x.x
  • Subnet Mark : In the Text Files : (Inside IP Addresses – Customer Gateway) This can be 255.255.255.252
  • Add This.

Go to the Menu Network / Routing

Under Route Policies

  • Add
  • Source : Lan Subnets
  • Destination : Create a New Object
    • Name : AWSNetwork
    • Zone Assignement : VPN
    • Type : Network
    • Network : The VPC CIDR CREATED AT STEP 1 (10.1.0.0/16)
  • Service : ANY
  • Interface :  AWSVPN (The only created at the previous step)
  • Metric : 1

Go to Menu Firewal / Access Rules

from VPN to LAN

Add :

  • from : VPN
  • to : LAN
  • Source Port : Any
  • Service : Any
  • Sources : AWSNetwork (Created at the previous steps)
  • Destination : Any
  • Always On

OK

*** Create the Reverse now :

from LAN to VPN

Add :

  • from : LAN
  • to : VPN
  • Source Port : Any
  • Service : Any
  • Sources : Any
  • Destination : AWSNetwork (Created at the previous steps)
  • Always On

OK

NOW THE EC2 Instance :

Network and Security

  • Security Groups (Select the group, go to inbound tab then EDIT)
    • Add Rules
      • All traffic
      • Protocol : All
      • Port Range : 0 – 65535
      • Source : Custom IP
      • Your LAN : 192.168.10.0/24

*** BE SURE YOUR SECURITY GROUP IS ASSIGN PROPERLY TO YOUR EC2

EC2 :

select one of your instance :

Action / Manage Private IP

Set a Private IP from the RANGE you Define in Step 2 (Subnet).

ex :  10.1.1.1

From your Network test the ping : 10.1.1.1

You Should have an answer!

 

 

 

 

Error publishing web site

Environment: Visual Studio 2013

Situtation: Trying to publish a website with pre-compile option ON.

Error:
Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed..

Solution:
Delete reference to System.Web.Administration (select it in References folder and press Del)

Note: This error can also happen when launching your website if you published with the option pre-compile set to OFF.

Domain Controller 2012 R2 DNS Access Denied – Network Location Public

Hi,

I recently had an issue with a VM 2012 R2 domain controller. Unable to open the DNS Server Access Denied, (Event id 4000 – 4017 – 4018). The network location on the domain controler switch from the Network Location Domain to Public. Network Share was not available. All services works fine on the domain controller, the server is slower to reboot.

To Fix the issue :

netdom resetpwd /server:<DC.domain.com> /userd:<Domain\domain_admin> /passwordd:*

 

J

 

Office 365 PowerShell Connection

Hi,
Please run this in a powershell administratif

Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session -AllowClobber
Connect-MsolService –Credential $O365Cred

Use 365 Administrator Credential

F11 Key on Mac

Hi,

I will not take the credit for the solution, but if you want you F11 Key work normally on a Mac (usefull when you install ESXi or remote console on server)….

In Settings, Mission Control, UnBind the F11 / F12 Key to nothing

Source : http://apple.stackexchange.com/questions/110525/how-do-i-get-f11-and-f12-to-behave-like-normal-function-keys

 

Disable Winmail.dat on 365

Hi,

For people using 365 and send a lot of email to Mac people. Mac users can received email with attachment winmail.dat but they can’t open it.

This behavior occur when user within Outlook send email in a RTF format.

To force a conversion from RTF to HTML, connect to Office 365 with PowerShell (check on my blog for the login information).

Then run the following
Set-RemoteDomain Default -TNEFEnabled $false

The command will convert the RTF to HTML to all domains.

PPTP / IPSEC / SSTP Unable to set Split Tunneling in Windows 10

Hi,

After setting up your SSTP connection in Windows 10, by default, the Use Remote Default Gateway on Remote Network is checked. So all your traffic, with pass over the VPN and this can slow down your Internet Traffic.

By default in Windows 10 if you try to change your Adapter Options, After you right Clic on your SSTP connection, Properties, Networking, TCP/IP V4, and Properties.. Nothing Happen!

To workaround this :

Open a PowerShell as Administrator

Type : Get-VpnConnection

Take note of the Name

Type : Set-VpnConnection -Name “NamePreviouslyNoted” -SplitTunneling $True

This will enable the Split Tunneling .

J