Running the Dig utility from Windows command line

How to install and use the dig utility on a Windows system

The dig (domain information groper) utility is something I use on my Linux hosts so often that I miss it when I move back to a Windows host. Here’s how to install and use the dig utility on a Windows system:

  1. Download the BIND package from the Internet Systems Consortium web site for your Windows
  2. Extract to the directory that you’d like to run the program from, probably C:UsersMyUsername
  3. Run the dig command

Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:Userstechpain>dig mx msn.com ; <<>> DiG 9.9.5-W1 <<>> mx msn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<
Dan Esparza’s blog has a great post on different ways to use the dig utility and understanding the output.

Also, check out how to run the WhoIs utility from Windows command line.


Windows dig command options

Share

WhoIs lookup from Windows command line

A WhoIs lookup will show the registration record for a domain name, and being able to run this right from the command line is really convenient.

This utility will run on Windows XP and higher (client) and Windows Server 2003 and higher (server).

Download the utility from the Windows Sysinternals site and copy it to the path that you want to use (probably C:\Users\MyUsername). After that you can run the WhoIs utility like this:

Windows WhoIs - Command line example
An example whois lookup from the Windows command line

 

WhoIS command and output

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\techpain>whois techpain.com

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to COM.whois-servers.net...
Connecting to whois.name.com...

Domain Name: TECHPAIN.COM
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2013-10-22T03:40:00-06:00
Creation Date: 2010-08-04T00:59:03-06:00
Registrar Registration Expiration Date: 2017-08-04T00:59:03-06:00
Registrar: Name.com, Inc.
Registrar IANA ID: 625
Registrar Abuse Contact Email: abuse@name.com
Registrar Abuse Contact Phone: +1.17202492374
Resellser:
Domain Status: clientTransferProhibited
Registrant Name: Whois Agent
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Street: PO Box 639
Registrant City: Kirkland
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.4252740657
Registrant Fax: +1.4259744730
Registrant Email: techpain.com@protecteddomainservices.com
Admin Name: Whois Agent
Admin Organization: Whois Privacy Protection Service, Inc.
Admin Street: PO Box 639
Admin City: Kirkland
Admin State/Province: WA
Admin Postal Code: 98083
Admin Country: US
Admin Phone: +1.4252740657
Admin Fax: +1.4259744730
Admin Email: techpain.com@protecteddomainservices.com
Tech Name: Whois Agent
Tech Organization: Whois Privacy Protection Service, Inc.
Tech Street: PO Box 639
Tech City: Kirkland
Tech State/Province: WA
Tech Postal Code: 98083
Tech Country: US
Tech Phone: +1.4252740657
Tech Fax: +1.4259744730
Tech Email: techpain.com@protecteddomainservices.com
Name Server: ns2.reachone.com
Name Server: ns1.reachone.com
DNSSEC: NotApplicable
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2014-02-15T13:50:43-07:00 <<< The Data in the Name.com, Inc. WHOIS database is provided by Name.com, Inc. for information purposes, and to assist persons in obtaining information about or re lated to a domain name registration record. Name.com, Inc. does not guarantee i ts accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Dat a to: (1) allow, enable, or otherwise support the transmission of mass unsolici ted, commercial advertising or solicitations via e-mail (spam); or (2) enable hi gh volume, automated, electronic processes that apply to Name.com, Inc. (or its systems). Name.com, Inc. reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

Also, check out how to run the dig utility from Windows command line.

Share

MSSQL Query from Linux- FreeTDS for Nagios Monitoring

FreeTDS for MSSQL queries from Linux

Using FreeTDS

Need to monitor a MSSQL server instance from Nagios? You can use FreeTDS to execute a MSSQL query from a Linux box.

Here’s how:

  1. Install FreeTDS:
    yum install freetds
  2. Configure FreeTDS (vi /usr/local/etc/freetds.conf):

    [servername]
    host = 192.168.0.10
    port = 1433
    tds version = 8.0
  3. Configure ODBC driver for FreeTDS (/etc/odbcinst.ini):

    # Define where to find the driver for the Free TDS connections.
    [freetds]
    Description = MS SQL database access with Free TDS
    Driver = /usr/lib/libtdsodbc.so
    Setup = /usr/lib/libtdsS.so
    UsageCount = 1
  4. Test connectivity:

    [root@techpain]# tsql -H servername -p 1433 -U dbuser -P dbpass
    locale is "en_US.UTF-8"
    locale charset is "UTF-8"
    using default charset "UTF-8"
    1> select field11 from column1 where field1 like '10%'
    2> GO
    field1
    101
    102
    103
    105
    106
    108
    109
    (7 rows affected)
    1> quit
    [root@techpain]#

Nagios MSSQL query

FreeTDS is cool because it allows you to use Nagios to query a MSSQL server using check_mssql command. Here’s how:

Download the check_mssql plugin to the plugins dir on your Nagios server. You can find it at the Nagios Exchange site.

Create command, host, and service definitions for it:

define command {
command_name check_mssql
command_line $USER1$/check_mssql -H hostname -U dbuser -P dbpass -q "select count(*) from column1 where field1 like '10%';" -r "7" -w 8 -c 10
}

define host {
host_name ServerName
alias MSSQL server
address 192.168.0.10
check_command check-host-alive
notification_interval 15
notification_options d,u,r
max_check_attempts 3
active_checks_enabled 1
passive_checks_enabled 0
notifications_enabled 1
check_period 24x7
notification_period 24x7
contact_groups admins
}

define service {
use generic-service
host_name ServerName
service_description MSSQLquery
check_command check_mssql
}

In the above example, Nagios executes the query expects a return of 7, warns at 8, and goes crit at 10.

Share

Execute a MSSQL query from DOS prompt – Nagios Monitoring using ‘sqlcmd’

MSSQL - sqlcmd

Using ‘sqlcmd’

You can use sqlcmd to execute a MSSQL query right from the DOS prompt. Here’s an example:

C:Userstechpain>sqlcmd -S servername -d dbname -U dbuser-P dbpass -q "select field1 from column1 where field1 like '10%';"
field1
------
100
101
102
105
106
108
109

 (7 rows affected)
1> quit
C:Userstechpain>

sqlcmd sytax

-a packet_size
-A (dedicated administrator connection)
-b (terminate batch job if there is an error)
-c batch_terminator
-C (trust the server certificate)
-d db_name
-e (echo input)
-E (use trusted connection)
-f codepage | i:codepage[,o:codepage] | o:codepage[,i:codepage]
-h rows_per_header
-H workstation_name
-i input_file
-I (enable quoted identifiers)
-k[1 | 2] (remove or replace control characters)
-K application_intent
-l login_timeout
-L[c] (list servers, optional clean output)
-m error_level
-M multisubnet_failover
-N (encrypt connection)
-o output_file
-p[1] (print statistics, optional colon format)
-P password
-q "cmdline query"
-Q "cmdline query" (and exit)
-r[0 | 1] (msgs to stderr)
-R (use client regional settings)
-s col_separator
-S [protocol:]server[instance_name][,port]
-t query_timeout
-u (unicode output file)
-U login_id
-v var = "value"
-V error_severity_level
-w column_width
-W (remove trailing spaces)
-x (disable variable substitution)
-X[1] (disable commands, startup script, environment variables and optional exit)
-y variable_length_type_display_width
-Y fixed_length_type_display_width
-z new_password
-Z new_password (and exit)

-? (usage)

For more details on command line options, see http://technet.microsoft.com/

Nagios MSSQL query

The sqlcmd tool is awesome because it allows you to use Nagios and NSclient/nrpe to query a MSSQL server. Here’s how:

  1. Create a .bat on your MSSQL server that contains your query and sends the output to a .txt file
  2. Configure the Windows firewall and NSclient/nrpe check on the MSSQL server
  3. Configure a Windows NSclient/NRPE check in Nagios to check the .txt file
  4. Profit
Share

MSTSC/RDP: Bypassing “The terminal server has exceeded the maximum number of allowed connections”

The quick and dirty MSTSC command

mstsc /v:192.168.1.100 /admin

Getting more information

Look at current remote sessions:
query session /server:servername

Now disconnect the session of your choice by specifying the session ID in the following command:
reset session [ID] /server:servername

RDP/MSTSC

Share

Find Dell service tag from within the OS – Linux and Windows

Get your Dell service tag (sometimes referred to as a serial number) from inside your operating system. Here are the Windows and Linux commands you’ll need.

Windows command

wmic bios get serialnumber
wmic bios get serialnumber - techpain.com

Linux command

dmidecode -s system-serial-number  or lshw

Details on these and other similar commands can be found at thegeekstuff.com

Additional Notes

These commands pull the serial number from the BIOS. A SuperMicro server of mine shows serial number 1234567890 while a VM running in VirtualBox shows 0. If you receive unexpected output, try running the commands without the extra options to get more information, for example: dmidecode | less or wmic bios

Share

ODBC logon scripts – using ODBCCONF

ODBC

ODBCCONF.exe is a command-line tool that allows you to configure ODBC drivers and data source names.

Disclaimer: “ODBCCONF.exe will be removed in a future version of Windows Data Access Components. Avoid using this feature, and plan to modify applications that currently use this feature.”
Check out msdn.microsoft.com for more details, but this idea is to use PowerShell going forward.

I needed a logon script to create some data sources (ODBC’s) so I used ODBCCONF in a batch file that looked like this:
ODBCCONF CONFIGDSN "SQL Server" "DSN=DataSourceName| Description=| SERVER=DBhostnameorIP| Database=DB_name| Trusted_Connection=yes"

This breaks down as follows:
ODBCCONF – The utility to run
CONFIGDSN – Configures a User DSN (CONFIGSYSDSN would be for a System DSN)
“SQL Server” – The driver to use
DSN= Data source name
Description= A description of the DSN
SERVER= DB host or IP address
Database= DB name
Trusted_Connection=yes (Use Windows NT authentication)

Share

Windows ‘forfiles’: Show or Delete files older than X days

Using ‘forefiles’ for file management and cleanup

forfiles - show or delete files older than X days

Use forfiles to show and/or delete files older than X amount of days:

/p = path
/s = subdirectories (recursive)
/m = mask
/d = days
/c = cmd to be run

Show .log files in C:LogFiles (recursively) older than 1 year:
forfiles /p C:LogFiles /s /m *.log /d -365 /c "cmd /c echo @file is at least 1 year old."

Remove .log files in C:LogFiles (recursively) older than 1 year:
forfiles /p C:LogFiles /s /m *.log /d -365 /c "cmd /c del @file"

Save as a .bat and schedule it.

Share

Domain Controller Troubleshooting with DCDIAG , REPADMIN , and NETDIAG

Useful tools for troubleshooting Windows domain issues

windows-server-01

DCDIAG

DCDIAG analyzes the state of domain controllers in a forest or enterprise and reports any problems to help in troubleshooting.

Details available at MS TechNet.

Example: dcdiag.exe /V /D /C /E > c:dcdiag.log

REPADMIN

Repadmin.exe is a Microsoft Windows 2000 Resource Kit tool that is available in the Support Tools folder on the Windows 2000 CD-ROM. It is a command-line interface to Active Directory replication. This tool provides a powerful interface into the inner workings of Active Directory replication, and is useful for troubleshooting Active Directory replication problems.

Example: repadmin.exe /showrepl dc* /verbose /all /intersite > c:repl.txt

Details available at MS TechNet.

NETDIAG

This command-line diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client. These tests and the key network status information they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output rather than on training users how to use the tool.

Example (to be run on each DC): netdiag.exe /v > c:netdiag.log

Details available at MS TechNet.

Share

RADIUS Windows Server for a Cisco ASA VPN

Connect to your Cisco ASA VPN by authenticating against a Windows RADIUS server

Thanks to FixingIT.wordpress.com. I pulled most of this post from there, made some tweaks, and added the Cisco CLI as an alternative to ASDM.

The following steps are a walk through of configuring a Windows 2008 Server Domain Controller as a RADIUS server for an ASA, and configuring that ASA as the RADIUS client. This will allow VPN users to authenticate against Active Directory instead of locally on the ASA.

These steps assume the following:

  • Windows Server 2008: 192.168.0.10
  • Cisco ASA: 192.168.0.5

 

Configure the ASA

CLI

The applicable parts of the config are as follows:

interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.5 255.255.255.0

aaa-server SERVER protocol radius
accounting-mode simultaneous
aaa-server SERVER host 192.168.0.10
key mysecretkey
radius-common-pw mysecretkey

ASDM

Create an IP Name object for the target

  1. Under the Firewall section, expand the Objects link and select the IP Names.
  2. Click the Add button at the top.
  3. Enter a descriptive name, the IP address of the DC/RADIUS server and a description of the server.
  4. Click OK and then Apply

Create a new AAA Server Group

  1. Click the Remote Access VPN section.
  2. Expand AAA Setup and select AAA Server Groups.
  3. Click the Add button to the right of the AAA Server Groups section.
  4. Give the server group a name, like TEST-AD, and make sure the RADIUS protocol is selected.
  5. Accept the default for the other settings. And click OK

Add the RADIUS server to the Server Group

  1. Select the server group created in the step above.
  2. Click the Add button to the right of Servers in the Select Group.
  3. Under the Interface Name select the interface on the ASA that will have access to the RADIUS server, most likely inside.
  4. Under Server Name or IP Address enter the IP Name you created for the RADIUS server above.
  5. Skip to the Server Secret Key field and create a complex password. Make sure you document this as it is required when configuring the RADIUS server. Re-enter the secret in the Common Password field.
  6. Leave the rest of the settings at the defaults and click Ok.

 

Configuring the Windows 2008 DC/RADIUS Server

*requires domain admin privileges

Add the Network Policy Server function

  1. Connect to the Windows Server 2008 server and launch Server Manager.
  2. Click the Roles object and then click the Add Roles link on the right.
  3. Click Next on the Before You Begin page.
  4. Select the Network Policy and Access Services role and click Next.
  5. Under Role Service select only the Network Policy Server service and click Next.
  6. Click Install.

After the role finishes installing you will need to set up the server using the Network Policy Server (NPS) management tool found under Administrative Tools.

Registering the server

After launching the NPS tool right-click on the entry NPS(Local) and click the Register Server in Active Directory. Follow the default prompts.

Create a RADIUS client entry for the ASA

  1. Expand the RADIUS Clients and Servers folder.
  2. Right-click on RADIUS Clients and select New RADIUS Client.
  3. Create a Friendly Name for the ASA device. I used “CiscoASA” but if you had more than one you might want to make it more unique and identifiable. Make sure you document the Friendly Name used as it will be used later in some of the policies created.
  4. Enter the Server Secret Key specified on during the ASA configuration in the Shared secret and Confirm shared secret field.
  5. Leave the default values for the other settings and click OK. See Figure 1 for all the complete RADIUS Client properties.

Create a Connection Request Policy

  1. Expand the Policies folder.
  2. Right-click on the Connection Request Policies and click New.
  3. Set the Policy Nameto something meaningful. I used CiscoASA because this policy is geared specifically for that RADIUS client. Leave the Type of network access server as Unspecified and click Next.
  4. Under Conditions click Add. Scroll down and select the Client Friendly Name condition and click Add
  5. Specify the friendly name that you used when creating the RADIUS Client above. Click OK and Next.
  6. On the next two pages leave the default settings and click Next.
  7. Under the Specify a Realm Name select the Attribute option on the left. From the drop down menu next to Attribute: on the right select User-Name. Click Next again.
  8. Review the settings on the next page and click Finish.

Create a Network Policy

  1. Right-click the Network Policy folder and click New.
  2. Set the Policy Name to something meaningful. Leave the Type of network access server as Unspecified and click Next.
  3. Under Conditions click Add.
  4. Add a UsersGroup condition to limit access to a specific AD user group. You can use a generic group like Domain Users or create a group specifically to restrict access.
  5. Add a Client Friendly Name condition and again specify the Friendly Name you used for your RADIUS client.
  6. Click Next. Leave Access granted selected and click Next again.
  7. (Important Step) On the authentication methods leave the default selection and add Unencrypted authentication (PAP, SPAP).
  8. Accept the default Constraints and click Next.
  9. Accept the default Radius Settings and click Next. Review the settings and click Finish.

Restart the Network Policy Server service. Probably not be necessary, but not a bad idea.

Test Your RADIUS Authentication

CLI

test-fw# test aaa authentication SERVER host 192.168.0.10 username testuser password mypassword 
INFO: Attempting Authentication test to IP address <192.168.0.10> (timeout: 12 seconds)
INFO: Authentication Successful

ASDM

The ASDM utility includes functionality to test RADIUS Authentication.

  1. If necessary re-launch the ASDM utility.
  2. Return to Configuration > Remote Access VPN > AAA Setup > AAA Server Groups.
  3. Select the new Server Group you created.
  4. From the Servers in the Selected Group section highlight the server you created. Click the Test button on the right.
  5. Select the Authentication radio button. Enter the Username and Password of a user that meets the conditions specified in the Network Policy created above then click OK.
  6. If everything works as designed you should see something similar to “Authentication test to host is successful”
Share