Tuesday, March 22, 2011

Terminal Server Bug - windows 2003 - slow disk

Lol. just fun a sorting out a OS bug with Microsoft Support team.

Terminal server 2003 when there are lot of users logging on/off and you have group policy preferences enabled can cause large amount of folders\files to be written to the group policy\ history folder in the all users directory. All this added up to some rather slow disks

Winlogon.exe was polling all these files every 40 seconds or so, this cause the idle disk time to drop to 0% and queue length to shoot up. Once of the test were dir /s every few moment it would pause.

Detected with procmon, set on files only and all other filters removed. Then used the file summary to locate what is causing the large amount of queuing.

Solution: weekly deletes of ...users\all users\application data\microsoft\group policy\history\* sub folders

Posted by at No comments:
Labels: , , ,

Remount Shell

# open a shell
adb shell

# switch to root
su

# check you're root? it should return uid=0
id

# now you can remount as read/write if you like
mount -o remount,rw -t yaffs2 /dev/block/mtdblock1 /system
Posted by at No comments:
Labels:

Wednesday, March 2, 2011

Openssl Revoke/Renew and Replace

Revoke old certificate
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -keyfile keys/ca.key -revoke certs/iis.cer
Using configuration from C:\OpenSSL-Win32\bin\openssl.cfg
Loading 'screen' into random state - done
Enter pass phrase for keys/ca.key:
Revoking Certificate 100001.
Data Base Updated


Create the new cert
C:\OpenSSL-Win32\bin>openssl ca -policy policy_anything -cert certs/ca.cer -in ssl/sslkey.txt -keyfile keys/ca.key -days 30 -out certs/iis2.cer
Posted by at No comments:
Labels:

Openssl on Windows setup

I grabed the openssl tools for windows from http://www.shininglightpro.com/products/Win32OpenSSL.html

did a standard install with the binaries in there own directory
as I was lazy kept everything running of the bin directory

modified teh openssl.cfg filed
dir = /OpenSSL-Win32/bin # Where everything is kept

created the following directories
keys
certs
crl
newcerts

created a file in the bin directory of 'serial'
contents of 100001

Then follow most of the guide from
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

Setup a CA
* openssl genrsa -des3 -out keys/ca.key 1024
* openssl req -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer

Sign me CSR
* openssl ca cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)