Downed IIS Websites and Application Pools Reports

As it seems one of the DEV guys disabled one of our production Applications…and forgot to bring it back up. The result: Some not too happy customers didnt receive their reports on time.

The following script will report back via email Application Pools that have been stopped:

http://pastebin.com/rgGfYihY

The following script will report back via email Websites that have been disabled:

http://pastebin.com/39X5ma

JV

Upgrade your Powershell Scripts – Run Once (after a reboot)

2 lines that forever changed my powershell capabilities by being able to run commands and scripts immediately after a reboot+logon:

set-location HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce

new-itemproperty . MyKey -propertytype String -value “ENTER YOUR COMMAND HERE I.E POWERSHELL -FILE C:\PATH\SCRIPT.PS1”

The newly created registry key will be auto-deleted the next time you reboot and logon.

Powershell SSL Expiration Report

So we had some ancient SSL certificate expiring on us.
Fortunately, it was just too critical to allow it to happen ever again so I assembled a nice powershell script that lets you specify all the HTTPS URLs you can think of and report their due dates back via email.

Example of the end report:

Powershell SSL Report

You can copy paste the script from here:

http://pastebin.com/NRVzf01T

How to fix: iprope_in_check() c heck failed on policy 0, drop

The above line is a debug error code I grabbed from one of our Forti units.

My issue was very simple.

One policy which was SNATing traffic through a tunnel, was simply not catching any hits so the packets were being dropped. I pulled many hairs on this one until some angel on the Israeli Fortigate Facebook page helped me figure it out.

If you are receiving this line then you are probably like me, trying to direct traffic of an IP that is ALREADY ASSIGNED IN YOUR NETWORK – outwards. That’s right. Look at your router’s interfaces addresses including DMZ\MGMT etc. You are likely to find something similar there.

How to run PowerCLI scripts from the Task Scheduler

PowerCLI is absolutely awesome.
You can report almost anything you can think of in Vmware using vCheck vSphere Scripts by Alan Renouf.

With that being said, it takes some “trickery” in order to make it run in Windows’ Task Scheduler.

Problem #1: Powershell Execution Policy

It doesnt really matter what execution policy you have on if the script you downloaded was written by someone else and is naturally UNSIGNED. Even “Unrestricted” will still pop-up a rather annoying warning prompt like follows:

PowerCLI PS Warning

Luckily this is easily solved. Use the following in order to UNBLOCK a specific script or a few of it:

unblock-ps files

Problem #2: Not storing the server’s credential on file


You can store your credentials within PowerCLI for future use rather than hard-code them into a script:

Connect-VIServer 192.168.10.10 –User username –Password “somepassword”

To use the credential store, I do the following:

New-VICredentialStoreItem -Host 192.168.10.10 -User “username” -Password “somepassword”

Now I can type just:

Connect-VIServer 192.168.10.10

Problem #3: Getting the freaking syntax right in Task Scheduler


It took me a few hours to get it right.
I can confirm this works great on a Win Server 2012 machine.
Just copy-paste into “program/script” in a new task in Task Scheduler and accept the pop-up message:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psc “C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1” -c “. \”C:\Scripts\vCheck-vSphere-master\vCheck.ps1\”” 

 

How to sync ANY folder with (just about) ANY cloud service

Surprisingly enough most if not all Cloud Storage companies like Dropbox, SkyDrive etc will force you to use C:\Users\USER\XXXXX as the place holder for your files and folders to be synced online. But let’s say I had another directory of stuff on a different drive I wanted to backup. That means I must manually copy over all files each and every time there’s a change. That kind of sucks. Especially when they are scattered around in numerous folders.

Thankfully there’s a pretty simple solution to all of this and it doesnt involve a 3rd party software.

A Symbolic Link or a “symlink” is an advanced shortcut. Similarly to the way you right-click and drag a folder or a file in order to craete a “shortcut”, a symlink can “link” one folder with another as if they were one inside the other. This helps in tricking the storage software that there are “local” files in the backup folder even though they are on a completely different path.

All you need is the trustly old CMD and one command:

1 – Run CMD as an administrator.

2 – Use the following syntax:
mklink /J C:\PATH\NON-EXISTING-FOLDER-TO-HOLD-THE-LINK C:\PATH\REAL-FOLDER-TO-LINK-TO

Example:

Capture

This will “mount” d:\development\workspace as a fake directory named “workspace” inside c:\users\xxxx\dropbox\development.

Note: In order to mount a network share you MUST use full UNC paths.

Now if you’ll take a look inside the backup directory you will notice a new directory.
This will lead into the original one and ultimately sync everything to the cloud.

HTTPS monitor the same domain with different IP addresses without editing the HOSTS file

Situation:

2 WEB servers
1 site
SSL only
Opsview

Need to monitor the same URL from each of the web servers without touching the HOSTS file.

Solution:

CURL to the rescue!

Make sure you have the latest CURL installed (7.37.1 while I’m writing these words).

Syntax is:

curl –resolve yourdomain.com:443:ipaddressofserver https://yourdomain.com