Friday, 22 June 2018

Cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.

This post describes how to fix the error: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid.

Cause

This error can occur if you're connecting via wsman to the wrong port. Note: If you don't specify a port, the connection will be attempted on port 80.

connect-wsman -connectionuri http://EXCH-2K16-2.exch2016.net/PowerShell -credential exch2016\sysadmin


Fix

To resolve the issue, specify the appropriate port.

To find out which port to use, run the following PowerShell command on your Exchange server:
Get-WSManInstance -ResourceURI winrm/config/listener -Enumerate

The default is 5985.

connect-wsman -connectionuri http://EXCH-2K16-2.exch2016.net:5985/PowerShell -credential exch2016\sysadmin

Thursday, 14 June 2018

Password must meet complexity requirements

In this blog post, I discuss the 'Password must meet complexity requirements' policy, what exactly it means, a regex to test it, and describe how, in some situations, you can still set a password which does not meet the complexity requirements.

Where is this policy?

This policy can be accessed by running secpol.msc > Account Policies > Password Policy


Screenshot of Password must meet complexity requirements policy

What does this policy do?

If you open the policy, the explain text describes what this policy does:


Screenshot of Password must meet complexity requirements policy explain text


There are a couple of things to watch out for with this explain text:

1. Non-alphabetic characters

The full list from Microsoft is:

~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/

You will notice that £ and € are missing from this list.  If you include those characters in your password, they are permitted but they do not count towards the "three of the following four categories".

2. Length

The explain text states "Be at least six characters in length" but this is always overridden by another policy 'Minimum password length'


Minimum password length policy

By default, this is set to 0 which means you can set blank passwords which clearly don't meet the password complexity requirements of the 'Password must meet complexity requirements' policy.  So, if you enable the complexity policy, you should also set the minimum password length to at least six which matches the explain text "Be at least six characters in length".

RegEx

If you want to check if text matches this password complexity, use the following regex

^((?=.*[a-z])(?=.*[A-Z])(?=.*\d)|(?=.*[a-z])(?=.*[A-Z])(?=.*[^A-Za-z0-9])|(?=.*[a-z])(?=.*\d)(?=.*[^A-Za-z0-9])|(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]))([A-Za-z\d@#$%^&*\-_+=[\]{}<>|\\:',.?/`~"();!]){8,}$

This checks for three of the four categories and includes a list of allowed characters.  It also enforces a minimum character length of 8.  It doesn't check against the username nor does it allow £ or €.  You could allow these characters but you'd also have to improve the three out of four category check to ignore these characters.

Friday, 1 June 2018

The value provided for parameter isn't in the correct format


This blog post describes how to fix the error 'The value provided for parameter isn't in the correct format. The correct format is "\<FolderPath>".'

Cause

This error can occur when creating a new public folder on Microsoft Exchange 2016.  In the screenshot below, I have specified an invalid folder name, however, Exchange still attempts to create the public folder as there is no validation on the text box.


screenshot showing the error the value provided for parameter isnt in the correct format

You can see the invalid public folder in the list of public folders:

screenshot showing exchange public folders

As expected, Exchange can't handle an invalid folder name, you get an error if you try to navigate into this folder:

screenshot showing exchange public folders error

Resolution

To fix the issue, delete the invalid folder name and create a new folder without using any invalid characters:

screenshot showing invalid characters


The WS-Management service cannot process the request. The service is configured to not accept


This blog post describes how to fix the error: The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests.

Error

This error can occur when trying to connect to a remote machine using PowerShell.  For example, by running the PowerShell command

Enter-PSSession -ComputerName DC-2K12R2-DEMO

screenshot showing the error the ws-management service cannot process the request the service is configured to not accept any remote shell requests

Cause

The cause of this error is a group policy setting called 'Allow Remote Shell Access'.  If this policy is set to Disabled, remote shell connections are rejected by the server.

screenshot showing the allow remote shell access policy setting


Resolution

To fix the issue, change the policy setting to Enabled or Not Configured then press Apply.  You can now use PowerShell Remoting:

screenshot showing the enter-pssession command being executed successfully

The recommendation from Microsoft is to only disable this policy setting if you don't need PowerShell Remoting.


Monday, 21 May 2018

Test WMI Query PowerShell

In this blog post, I describe a quick way to test WMI with a query run using PowerShell.  This can be done from both local and remote machines.

Local Machine

Open PowerShell and run the following example command:

Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem"

You can replace the query parameter with other WMI queries.

Remote Machine

Open PowerShell and run the following example command replacing the ComputerName parameter with the appropriate machine name:

Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem -ComputerName MachineName"

wbemtest

You can also test WMI by running wbemtest (Start > Run > wbemtest) then pressing Connect, then Connect again, then Query, then pasting "SELECT * FROM Win32_OperatingSystem" into the Query box, then pressing Apply.

screenshot showing the Windows Management Instrumentation Tester wbemtest

screenshot showing a query result

This can also be used to test WMI on remote machines by including the machine name in the namespace e.g.
\\DC-2K12R2-DEMO\root\cimv2

screenshot showing a connection to a remote machine


How to check SSL certificate expiration date in Windows

A quick and easy way to check the SSL certificate expiration date in Windows across all your environments at once is to use the network documentation tool XIA Configuration.

Once installed, the XIA Configuration Client scans the Windows Machines on a network.  It retrieves detailed information about how these machines have been configured including certificates and certificate expiry dates.

Certificate expiration dates can then be checked in the XIA Configuration Server web interface in a couple of different ways:

1. Windows Machine Properties

Open a Windows Machine item then navigate to Security > Machine Certificates to check the Expiry Date of each certificate individually.


windows machine certificate expiration date in the XIA Configuration Server web interface

2. SSL Certificate Report

Run the SSL Certificate Report to check the Expiry Date and Days Until Expiry across all the Windows Machines across all your environments at once.


screenshot of the output of the SSL certificate report showing the expiry date

You can sort the data so that certificates closest to expiring are shown at the top.

Video



Free Trial



Friday, 11 May 2018

Add GDPR Cookie Policy Consent Popup Modal Box

This blog post describes how to add a GDPR cookie policy consent popup modal box to a website.

Popup Modal Box

I started with the popup box.  I wanted something that appeared above everything else in the bottom left.  This is easily achieved using an element such as a div and CSS such as:
position: fixed;
left: 20px;
bottom: 20px;
z-index: 999999

You may want to give it a black background with some transparency and white text:
background-color: #111;
opacity: 0.9;
color: #fff;

You may also want to add some border-radius and box-shadow.

Within the box you can then add text such as "This website uses cookies" and "By continuing to browse, you are agreeing to our use of cookies as explained in our Cookie Policy."

Button

At the bottom of this box, I added a Close button.  I used JavaScript to handle the OnClientClick event.  This finds the popup box by ID and hides it.

function btnCloseCookiePopup_Click()
{
  document.getElementById('cookiePopupPanel').setAttribute("style", "display:none");
}

Cookie

We don't want the popup to show after the first page visit so I used a cookie to store the fact the user has seen the popup.

In ASP.NET, the code I used to create a cookie is as follows:
Response.Cookies["popup-seen-cookie"].Value = "popup-seen-cookie";
Response.Cookies["popup-seen-cookie"].Expires = DateTime.Now.AddMonths(6);

You then need to show or hide the popup depending on whether or not this cookie is found:
cookiePopupPanel.Visible = (Request.Cookies["popup-seen-cookie"] == null);