TLDR: Uncheck Require SNI (Server Name Indication) is required from IIS site binding, as ALB does not include SNI TLS extension in the request sent to the target There can be many reasons behind hitting 502 bad gateway error from an ALB, and most of them can be fixed by following the AWS documentation here. […]
How to configure SAML authentication with Azure AD for Palo Alto Firewalls, with role based access based on Azure AD Group memberships
Palo Alto firewalls support SAML based authentication to the Web Console, and Microsoft has a good documentation on how to configure the base setup. You can refer that here. However, one problem with the example in that documentation is that it only allows the configuration of one role to all users. That means, all users […]
How to find the users who are logged into a Windows server via RDP using Powershell
This is simply for my personal reference since I keep searching for this. I usually use to check from AWS Systems Manager Session Manager. The answer is to run the command query user /server:$SERVER. The answer is from this StackOverflow question.
How to avoid distro upgrade for RHEL 8.x when running yum update
This is simply for my personal reference since I spent a lot of time figuring out how to do this simple thing I have some RHEL 8.3 servers which I need to have security patches, but it should not upgrade to 8.4. This runs on AWS EC2 instances, and it does not have a subscription […]
How to find the LDAP connection string of an AD User / Group with Powershell
This is simply for my personal reference as I am always confused on finding it as part of my projects, and I always forget what to search. So the answer is just a copy from Server Fault Type dsquery /? in a command prompt.
Bulk change retention period of AWS Cloudwatch Log Groups
By default cloudwatch log groups will have a retention period of “Never expire” set when created. If you have a lot of cloudwatch log groups and want to set retention period for all of them at one shot, use the following powershell code snippet. The script requires you to have the AWS CLI profile configured […]
Managing multi account AWS SSM Session Manager Port Porwarding in an easier way
SSM Session Manager Port Forwarding is great tool that can be used get rid of your bastion hosts or VPN servers to manage your private instances. However, when you have to manage many instances that are spread over multiple AWS accounts, it will become a difficult task to remember their instance ids, and creating sessions […]
Rename Windows and Linux EC2 instances based on tag
If you need to rename your EC2 instances based on the tags set, you can use the below code snippets. This can be particularly useful if you use a hardened AMI with a name already set in. To apply them, you can just use a cron job or a Task Scheduler job, or even cloudwatch […]
Windows Server 2016 Update issues with WSUS
In case if you configured a new WSUS server, but your Windows Server 2016 servers without internet access are throwing errors like “We couldn’t connect to the update service. We’ll try again later, or you can check now. If it still doesn’t work, make sure you’re connected to the Internet.“, you can fix it by […]
Create AWS Systems Manager Maintenance Window without a target
AWS SSM is a great tool, with a lot of cool features, but I always felt that the documentation is not very good, or the console is very intuitive. Recently I wanted to configure a maintenance window with an SSM Automation task, but the task did not take any instances as the inputs. The task […]