Month: February 2016

How to spoof or mimic a hardware or MAC Address of another device on an interface on a FortiGate

John Leave a comment

I was recently out at a client and they were in the process of getting another link installed, which happened to be Cable internet which they were using for redundancy.  We put their cable modem in Bridge mode but the connection wasn’t coming up after connecting everything up.  Most cable providers authenticate with certificates and the hardware address of the router so this made me thinking that we needed to make their provider think the FortiGate was their original modem.  So firing up an SSH session I logged in and issued the following commands;

FGT40C # config system interface
FGT40C (interface) # edit wan2
FGT40C (wan2) # set macaddr xx:xx:xx:xx:xx:xx
FGT40C (interface) # end

Now you will want to replace the interface, in this case wan2 with your interface and the mac address with the hardware address you want to spoof or mimic.

I gave the cable modem a power cycle for good measure and the connection came up.

How to reset the Remote Desktop Server Licensing Grace Period on Windows Server 2012 with Remote Desktop Services

John 11 Comments

So we recently started looking into Terminal Services and RemoteFX to power some of our admin users and move them off to thin clients instead of full blown desktops.  As a trial I begun setting up RDS on one of our Dev machines.  After going through the motions of enabling the Remote Desktop Features and setting up RemoteFX on a Virtual Machine for testing, I found that I couldn’t login via RDP to that machine.  Going back to the RDS host I found the Licensing popup that informed me that the 128 day trial license had expired.  Since this was a test I didn’t want to go using keys to activate or setup a licensing server (purely a PoC for us in IT at this stage).

To reset the grace period there is a registry key that we need to delete. As always when editing the registry, take a backup of the key/s you’re modifying. Navigate to the following location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod

Now there should be a binary key value (like in the screenshot), you first need to have full access permissions to the folder (or take ownership) and then simply delete that value and reboot the server.  Once back up your RDS Licensing should be back at the start of a 128 Day grace period.  I wouldn’t do this if you have already obtained licensing and should definitely not be used in a production environment.

The Network Policy Server Service (NPS or IAS) Fails to Start on Windows SBS Server 2008 with an unspecified error (0x80004005)

John Leave a comment

vss registry keySo I was recently helping out a client clean up their Small Business Server environment, one thing they weren’t using was SharePoint, so we decided to remove it from their SBS 2008 server. The removal went smoothly, simply uninstalling SharePoint Services via Add/Remove control panel did the trick. But after a restart we found that clients were no longer connecting to their Wireless network, so I went did some troubleshooting and found that the NPS service hadn’t started since boot-up.

I then tried starting it up but got an error after trying to start the service with an unspecified error 0x80004005 which was very helpful. After some more digging around and Google-Fu I found that this had to do with permissions on a registry entry for VSS. The following key needed to be updated from the value 1 to 0.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

Make sure that the setting for NT AUTHORITY\NETWORK SERVICE is set to 1. If this is not and set to 0, change it to 1.  Once you have changed the value you can restart or terminate any IAShost.exe that are running via task manager and then start up the NPS service.

This issue has been documented by Microsoft to occur if you remove SharePoint from SBS Server 2008, so just a heads up if you do and rely on NPS for authentication for things like Remote Access or Wireless.