[{"content":"2025 was a busy year for resilience talks \u0026ndash; together with Adrian Bere from my team, we delivered the session Mastering resilience at every layer of the cake, at two events. The first stop was the AWS Summit Poland held on the 6th of May at the International Congress Centre in Katowice. Having spoken in Poland before, it is always a pleasure to come back and connect with the Polish tech community. A few months later, Adrian and I were back on stage at the AWS Cloud Day Prague.\nA fun side note \u0026ndash; the Poland Summit coincided with the Romanian National elections, so I made a stop at the Romanian Embassy to cast my vote. It was the second time I voted abroad, and it felt great to exercise that right while also being on the road for a conference.\nMastering resilience at every layer of the cake In our session we used the analogy of a cake to explain how resilience needs to be addressed at every layer of the stack \u0026ndash; from the AWS foundation (Availability Zones, Regions, global services) through the infrastructure layer (operating systems, databases) all the way up to the application layer. We covered how cloud resilience differs from the suite of AWS Cloud Resilience services like AWS Resilience Hub, AWS Fault Injection Service (FIS), Amazon Application Recovery Controller, AWS Backup and AWS Elastic Disaster Recovery (DRS).\nWe explored the difference between zonal, regional and global services, the importance of control planes versus data planes in recovery paths, and included a case study on how AWS Lambda handles resilience under the hood. We wrapped up with the shared responsibility model and the concept of continuous resilience.\nI really enjoyed co-presenting with Adrian, it was great to share the stage, we had a lot of fun putting the session together and delivering it at both events.\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-clouddays-2025/","summary":"In 2025 I presented session ISV 301 \u0026ndash; Mastering resilience at every layer of the cake \u0026ndash; together with Adrian Bere at both the AWS Summit Poland in Katowice and AWS Cloud Day Prague.","title":"AWS Summit Poland and AWS Cloud Day Prague 2025"},{"content":"In April the 2nd edition of AWS Community Day Romania took place in Timisoara. After a successful first edition in 2024, the event continued to grow and bring together developers, architects and IT professionals from across Romania and beyond.\nTogether with Raul Geana, we delivered the opening keynote \u0026ndash; reThink tomorrow: Understand \u0026amp; Adapt. We started with an IT sector reality check, looking at the current state of the industry in Romania and globally, then moved into AI\u0026rsquo;s transformative impact and how it is changing the way we work. We covered Amazon Q Developer and its specialized agents that automate tasks across the software development lifecycle, discussed building resilience through skills evolution \u0026ndash; with critical shortages remaining in cloud architecture, security, data engineering and ML operations \u0026ndash; and wrapped up with a call to action on the power of community.\nThe agenda was packed with sessions throughout the day. Laszlo Bodor delivered a session on Amazon Aurora DSQL, while Toni de la Fuente and Eduard Agavriloae presented on attacking and defending AWS environments \u0026ndash; a topic that drew a lot of interest from the audience. The day wrapped up with a closing keynote from Andra Somesan and Maria Encinar who focused on the community and its importance in growing the AWS ecosystem in Romania.\nIt was great to see the Romanian AWS community come together once again. Looking forward to the next edition!\nMy slides covering the keynote can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-communityday-romania-2025/","summary":"In April the 2nd edition of AWS Community Day Romania took place in Timisoara, where I delivered the opening keynote alongside Raul Geana.","title":"AWS Community Day Romania 2025"},{"content":"In April I presented at the AI \u0026amp; Big Data Conference in Chisinau, Moldova. The two-day event took place on April 3-4 at Castel Mimi and Tekwill, and was supported by the Government of the Republic of Moldova. This was my 2nd time speaking in Chisinau.\nMy speech \u0026ndash; Generative AI in Action: From prototype to production \u0026ndash; focused on the challenges organizations face when moving generative AI workloads beyond the proof of concept stage. Gartner predicts that 30% of generative AI projects will be abandoned after proof of concept by the end of 2025, so I walked through four key drivers for success: models, cost, data and infrastructure.\nOn the models side, I covered how there is no one model to rule them all \u0026ndash; with 41% of enterprises using three or more LLM providers \u0026ndash; and introduced Amazon Bedrock with its broad selection of foundation models, along with Amazon Nova and Amazon Bedrock Marketplace. On the cost and data side, I discussed inference cost challenges and capabilities like Amazon Bedrock prompt caching, Intelligent Prompt Routing and Amazon Bedrock Knowledge Bases for end-to-end RAG workflows.\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/ai-bigdata-conference/","summary":"In April I presented at the AI \u0026amp; Big Data Conference in Chisinau, Moldova where I talked about taking generative AI from prototype to production.","title":"AI \u0026 Big Data Conference Chisinau 2025"},{"content":"It was a busy time of the year \u0026ndash; just a month after presenting at AWS CloudDay Warsaw, I was back on stage at AWS CloudDay Prague 2024 where I delivered session APP306 \u0026ndash; Resilient architectures at scale: Real-life use cases from Amazon. The event was held at O2 Universum on the 23rd of October. This was my first time speaking in Prague and the atmosphere was very nice \u0026ndash; it was great to connect with the Czech tech community.\nI started by looking at the scale at which Amazon operates, sharing Amazon Prime Day 2023 statistics: 375 million items purchased, $12.7 billion in global sales, with Amazon SQS handling 86 million peak requests per second, Amazon Aurora processing 318 billion transactions and Amazon DynamoDB reaching 126 million peak requests per second. At this scale, resilience becomes critical. Using the Amazon.com product detail page as an example, I showed how microservices enable resilience and scale, and from there we explored cell-based architectures \u0026ndash; a design pattern where a service is split into multiple independent deployment stacks called \u0026ldquo;cells\u0026rdquo; that share nothing, reducing the blast radius of failures.\nWe then covered two real-world use cases. First, how Prime Video improved availability by deploying cells in each AWS Region, using Amazon Route 53 for cellular traffic routing with round-robin and geo-proximity policies, combined with calculated health checks based on Amazon CloudWatch alarms \u0026ndash; achieving 99.9996% availability. Second, how Amazon Music implemented fault isolation using AWS Fargate on Amazon ECS for cell routing, with a two-layer mapping strategy based on device type and event tier, organizing workloads into supercells.\nIt was great to see so many people interested in resilience patterns and cell-based architectures!\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-cloudday-prague/","summary":"In October I presented at AWS CloudDay Prague 2024 where I delivered session APP306 on resilient architectures at scale with real-life use cases from Amazon.","title":"AWS CloudDay Prague 2024"},{"content":"In October the first ever AWS Community Day Romania took place at Iulius Congress Hall in Timisoara. It was a full day technical event loaded with exciting talks, bringing together developers, platform engineers and IT professionals from across the country and beyond.\nThe event was organized by Raul Geana and Lucian Patian from Haufe Group, together with the AWS User Group communities across Romania. I have to give huge kudos to Raul and Lucian \u0026ndash; I pinged them back in April 2024 asking if they would be open to organize the first Community Day in Romania, and just three weeks later they were already sending out call for content proposals! I was really impressed by how quickly and efficiently they moved to make this happen.\nThe day kicked off with a keynote from Raul Geana on the AWS and IT industry landscape of the future, followed by a packed agenda of sessions covering serverless, containers, infrastructure as code and more. My favourite session was from Robert Colca and Alexandru Botici \u0026ndash; \u0026ldquo;Food Delivery at scale on AWS\u0026rdquo; \u0026ndash; where they shared Tazz\u0026rsquo;s story on how they use AWS to power food delivery at scale in Romania. It was great to hear a local success story and see how they handle the challenges of running a high-traffic delivery platform on AWS.\nWe also had speakers from across Europe covering topics like serverless architectures, AWS CDK, Terraform, resilient workloads and relational databases in serverless applications. The closing keynote from Andra Somesan and Mohammed Fazalullah \u0026ndash; \u0026ldquo;From AWS User to Community Champion: Supercharge your tech journey\u0026rdquo; \u0026ndash; was a great way to wrap up the day, encouraging everyone to get more involved in the AWS community.\nIt was fantastic to see the Romanian AWS community come together for this first edition. Looking forward to seeing this event grow in the coming years!\nYou can check the full agenda on the event page.\n","permalink":"https://dragos.madarasan.com/blog/aws-communityday-romania/","summary":"In October the first ever AWS Community Day Romania took place in Timisoara, a full day of technical sessions organized by the local AWS community.","title":"AWS Community Day Romania 2024"},{"content":"In September I presented at AWS CloudDay Warsaw 2024 where I delivered session DEV208 \u0026ndash; Optimizing storage price and performance with Amazon S3. The event was held at PGE Narodowy on the 18th of September. Having spoken before in Warsaw back in 2022, it is always a pleasure to come back to this city and connect with the Polish tech community.\nIn this session I walked through how to get the most out of Amazon S3 from both a cost and performance perspective. We started with operating storage at scale and how to gain insights into your Amazon S3 usage using tools like Amazon S3 Storage Lens and S3 Inventory \u0026ndash; helping you understand your storage patterns across accounts, regions, buckets and prefixes, and discover opportunities like incomplete multipart uploads and noncurrent object versions that might be costing you money.\nI covered the full spectrum of Amazon S3 storage classes \u0026ndash; from S3 Standard for frequently accessed data all the way down to S3 Glacier Deep Archive for long-term archival \u0026ndash; and how to select the right one based on frequency of access, duration of storage and performance requirements. We also looked at S3 Lifecycle policies for data with known access patterns and Amazon S3 Intelligent-Tiering for data with unknown or changing access patterns, which automatically moves objects between access tiers to optimize costs without any operational overhead.\nOn the performance side, we discussed how Amazon S3 scales to tens of millions of requests per second and the key characteristics to consider: request rate, request latency and throughput. I shared practical tips on prefix design for bursty workloads, parallelizing operations using multipart uploads and byte-range fetches, and leveraging the AWS Common Runtime (CRT) which delivers up to 2.2x faster transfer speeds out of the box.\nIt was great to see so many people interested in Amazon S3 storage optimization!\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-cloudday-warsaw/","summary":"In September I presented at AWS CloudDay Warsaw 2024 where I delivered session DEV208 on optimizing storage price and performance with Amazon S3.","title":"AWS CloudDay Warsaw 2024"},{"content":"In November I participated at the Banking 4.0 conference, held at the beautiful Sinaia Casino on 22-23 November 2023. Now in its 9th edition, the conference brought together banking professionals, fintech companies and technology providers under the theme \u0026ldquo;From tech-centric to human-centric: Conversational banking in digital time\u0026rdquo;.\nOn the first day I was part of a panel titled \u0026ldquo;Cloud banking \u0026ndash; between operational efficiency and cyber security\u0026rdquo;, where we discussed how cloud adoption is transforming the banking industry and the security challenges that come with it. My co-panelists were Bogdan Costea (Head of Information Security, ING Bank Romania) and Bogdan Dumitru (VP of Product, Kubeark), with Calin Rangu (Digital Economy Expert, Vice-president CIO Council) moderating the discussion.\nOn the second day, together with Cosmin Pascu (Solutions Architect, AWS) we delivered a workshop titled \u0026ldquo;AI solutions in banking\u0026rdquo;, where we walked through practical use cases of AWS AI and machine learning services in the financial sector.\nIt was a great event with very engaging discussions around open banking, digital identity, payments innovation and the role of cloud and AI in the future of financial services. I was glad to have the opportunity to represent AWS at such a well-organized conference in one of Romania\u0026rsquo;s most scenic locations.\n","permalink":"https://dragos.madarasan.com/blog/nocash-40-gala/","summary":"In November I participated at the Banking 4.0 conference in Sinaia where I was part of a panel on cloud banking and delivered a workshop on AI solutions in banking.","title":"Banking 4.0 - Sinaia 2023"},{"content":"In October I presented at AWS CloudDay Athens 2023 where I talked about migrating and modernizing Microsoft workloads on AWS. It was my first time speaking in Athens and I was glad to have the opportunity to visit such an amazing city.\nTogether with my co-speaker Pavlos Kaimakis, we delivered session MIC207 covering the different strategies organizations can take to move their Windows applications and SQL Server databases to the cloud. We walked through the three main approaches \u0026ndash; rehost, replatform and refactor \u0026ndash; and how each one maps to specific AWS services. On the rehost side, we covered migrating self-managed applications to Amazon EC2 Windows with no code changes. For replatforming, we talked about containerizing workloads with Amazon ECS, AWS Fargate and Amazon EKS, as well as moving SQL Server databases to Amazon RDS for SQL Server. On the refactor side, we discussed porting .NET applications to .NET Core on Linux with AWS Lambda, and migrating to cloud-native databases like Amazon Aurora, Amazon DynamoDB, Amazon Neptune and Amazon Redshift.\nAnother interesting session was \u0026ldquo;Migrating to the cloud: What is the cost of doing nothing?\u0026rdquo; where our very own Cosmin Pascu (Enterprise SA, AWS) was on stage with our client Raiffeisen Bank Romania\u0026rsquo;s Alex Glod (Cloud Competence Leader) and Adrian Voicu (Head of Technology Platform).\nIt was great to see so many people interested in the Microsoft on AWS topic and to connect with the local tech community in Greece!\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-cloudday-athens/","summary":"In October I presented at AWS CloudDay Athens 2023 where I talked about migrating and modernizing Microsoft workloads on AWS.","title":"AWS CloudDay Athens 2023"},{"content":"On the 30th of March we organized the AWS Architectural Resilience Day at our AWS offices in Bucharest (Globalworth Building A, 11th floor). It was a full day of interactive talks and hands-on workshops focused on architectural best practices for building resilient workloads on AWS.\nThe day kicked off with a chalk talk on Well-Architected Reliability best practices, covering the 66 best practices from the Reliability Pillar and how to apply them to meet resiliency needs. We then moved into a hands-on workshop on AWS Resilience Hub, where participants got to define resilience targets (RTO and RPO), run automated assessments and integrate with AWS Fault Injection Simulator (FIS) to test that targets can be met under different failure conditions.\nAfter a catered lunch, we continued with a chaos engineering workshop where attendees used FIS to simulate various failures, from the loss of a single Amazon EC2 instance to the loss of an entire Availability Zone. The afternoon sessions covered AWS Elastic Disaster Recovery (DRS) for fast, reliable recovery of on-premises and cloud-based applications, and wrapped up with a session on implementing a Correction of Error (CoE) process using Incident Manager from AWS Systems Manager.\nAll sessions were delivered by members of the Enterprise Solutions Architect team covering Romania: Andra Somesan, Ionut Dragoi, Cosmin Pascu and myself. It was great to see so many customers eager to learn about resilience!\nYou can check the full agenda on the event page.\n","permalink":"https://dragos.madarasan.com/blog/aws-resilience-day/","summary":"On the 30th of March we organized the AWS Architectural Resilience Day at our AWS offices in Bucharest, a full day of talks and hands-on workshops focused on building resilient workloads.","title":"AWS Architectural Resilience Day - Bucharest 2023"},{"content":"In March I presented at the VMware Technology Forum 2023 where I talked about accelerating cloud migration with VMware Cloud on AWS.\nThis is a topic I enjoy presenting on and have spoken about before. In this session I covered the AWS hybrid cloud strategy, how VMware Cloud on AWS fits into a staged migration approach, and the four major use cases: cloud migrations, data centre extension, disaster recovery and application modernisation. I also walked through migration options with VMware HCX, from cold migration to zero-downtime vMotion, and how VMware Cloud Disaster Recovery can help protect on-premises applications.\nHere is a picture with me on the stage presenting!\n","permalink":"https://dragos.madarasan.com/blog/vmware-technology-forum/","summary":"In March I presented at the VMware Technology Forum 2023 where I talked about accelerating cloud migration with VMware Cloud on AWS.","title":"VMware Technology Forum 2023"},{"content":"In October I presented at the AWS Pop-up Hub in Warsaw, Poland. The Pop-up Hubs are places where developers and IT professionals can attend educational sessions, meet AWS experts and get in-person answers to their technical questions.\nI delivered two sessions during the event. The first one was a presentation on Advanced Amazon VPC design and new capabilities, where I walked through the latest networking features such as IPv6-only subnets, NAT64 and DNS64 for interoperability with IPv4 environments, resource-based instance naming and how all of these fit together in a modern VPC design. It was great to see so many people interested in the networking side of AWS!\nThe second session was a hands-on workshop on Amazon Elastic Disaster Recovery (DRS), where participants got to set up and test disaster recovery scenarios. DRS helps minimize downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications.\nI really enjoyed visiting Warsaw and meeting the local tech community. Poland has a vibrant cloud ecosystem and it was great to connect with so many passionate engineers.\nMy slides covering the VPC presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/aws-popup-hub-warsaw/","summary":"In October I presented at the AWS Pop-up Hub in Warsaw, Poland where I delivered a session on Advanced Amazon VPC design and new capabilities, as well as a workshop on Amazon Elastic Disaster Recovery (DRS).","title":"AWS Pop-up Hub Warsaw 2022"},{"content":"In November I presented at GoTech 2021 where I talked about quickly containerizing Java and .NET applications using AWS App2Container (A2C).\nMoving legacy applications to the cloud can be a difficult and lengthy process, and containerizing them requires a lot of knowledge and time. With AWS App2Container, you can do both the move and the containerization in one easy process. A2C is a command-line tool that analyzes and builds an inventory of all applications running in virtual machines, on-premises or in the cloud, and helps you modernize them into containerized applications.\nI was glad to have the opportunity to show how A2C works in practice and how it can help teams modernize their Java and .NET workloads without having to rewrite code.\nThe recording of my presentation can be found below.\n","permalink":"https://dragos.madarasan.com/blog/gotech-app2container/","summary":"In November I presented at GoTech 2021 where I talked about quickly containerizing Java and .NET applications using AWS App2Container.","title":"Containerizing Java \u0026 .NET applications with AWS App2Container"},{"content":"Together with my friend Piotr Pietrzkiewicz (Sales Engineer at Snowflake), we built a hands-on lab to show how Snowflake integrates with AWS serverless services and CI/CD pipelines.\nThe workshop covered how to build a modern data application using Snowflake as the data platform and AWS services like CodePipeline, CodeBuild, CodeCommit, API Gateway and Lambda to deploy and expose data in a scalable way. Participants got to set up Snowflake objects, load structured and semi-structured data, deploy a full CI/CD pipeline using CloudFormation, and even test a high concurrency scenario using the AWS Distributed Load Testing solution.\nOne of the highlights was showing how Snowflake\u0026rsquo;s Zero Copy Cloning and Time Travel features make DevOps workflows much easier. Instead of spending hours replicating production data for testing, you can clone an entire database in seconds with zero additional storage cost and roll back changes using Time Travel if something goes wrong.\nWe were also joined by Dmytro Yaroshenko (Principal Data Platform Architect, Snowflake) and Darko Mesaros (Senior Developer Advocate, AWS) who helped lead the lab and the Q\u0026amp;A session. It was great to see so many people interested in the topic!\nBuilding the lab together with Piotr was a lot of fun and I\u0026rsquo;m glad we could show how well Snowflake and AWS work together for modern data application use cases.\nThe webinar is available at the following address, and the lab guide is available here.\n","permalink":"https://dragos.madarasan.com/blog/snowflake-aws-webinar/","summary":"Together with my friend Piotr Pietrzkiewicz from Snowflake, we built a hands-on lab showing how to integrate Snowflake with AWS serverless services and CI/CD pipelines.","title":"Building Agile Data Applications with Snowflake and AWS"},{"content":"I\u0026rsquo;m super excited to be participating in the panel jury for the 2020 edition of UBB Hacks for Good organized by Cluj IT Cluster!\nSeven teams will be pitching their ideas, with the first place receiving 25k RON (~5000 euros) to continue working on their ideas. The project is done in collaboration with the Babeș-Bolyai University and Cluj IT Cluster, a cluster of Romanian IT companies centered around Cluj-Napoca.\nThe other members of the jury are Isabela Buhai (Regional Manager @ Endava), Victor Pop (Project Manager @ Life is Hard) and prof. Stelian Brad, who is the President of Cluj IT Cluster.\n","permalink":"https://dragos.madarasan.com/blog/ubb-hacks-2020/","summary":"I\u0026rsquo;m super excited to be participating in the panel jury for the 2020 edition of UBB Hacks for Good","title":"UBB Hacks for Good - 2020 edition!"},{"content":"I\u0026rsquo;m super excited to do my second webinar with PASS, the global community for data professionals who use the Microsoft data platform.\nI\u0026rsquo;ve already done a couple SQLSaturdays\u0026rsquo;, where I talked about running SQL Server on AWS, but in this webinar I\u0026rsquo;ll be talking about the Windows to Linux Replatforming Assistant for Microsoft SQL Server tool introduced by AWS.\nSign-up for the webinar at the following address. My slides covering the presentation will be online here.\n","permalink":"https://dragos.madarasan.com/blog/migrating-sql-webinar/","summary":"I\u0026rsquo;m super excited to do my second webinar with PASS, the global community for data professionals who use the Microsoft data platform.","title":"Migrating SQL Server to AWS webinar"},{"content":"On Wednesday I presented at VMware vForum Romania 2019 where I talked about Accelerating your cloud migration with VMware Cloud on AWS.\nvForum Romania was the largest VMware themed event in 2019 in Romania and was held at the Athénée Palace Hilton in Bucharest. The keynote was presented by Colin Bannister, EMEA VP at VMware followed by Valentina Frangu from Dell Technologies Romania and Alexandru Vilcu from HPE Romania.\nHere is a picture with me on the stage, thanks Liviu Gherman for taking the snap!\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/vforum-romania-2019/","summary":"On Wednesday I presented at VMware vForum Romania 2019 where I talked about Accelerating your cloud migration","title":"VMware vForum Romania 2019"},{"content":"It is with great pleasure that I announce Vlad Ionescu to be the first AWS Container Hero from Romania! The AWS Heroes program recognizes community leaders from around the world who have extensive AWS knowledge and a passion for sharing their expertise with others\nVlad is an independent DevOps consultant working in Bucharest, Romania, focused on Amazon Elastic Kubernetes Service (Amazon EKS). Vlad is active on GitHub, in #eks on the Kubernetes Slack and has spoken at events such as KubeCon/CNCF and AWS Container Day Barcelona.\nYou can read the announcement and the full list of AWS heroes here.\n","permalink":"https://dragos.madarasan.com/blog/aws-container-hero/","summary":"It is with great pleasure that I announce Vlad Ionescu to be the first AWS Container Hero from Romania.","title":"AWS Container Hero - Vlad Ionescu"},{"content":"November brings the AWS Loft Bucharest event to Romania! The AWS Lofts are a place where startups and developers can meet over coffee, work on their apps, attend educational sessions, and get in-person answers to AWS technical questions – all at no cost. AWS Loft Bucharest will run between 11-15 November 2019 and will be hosted at Impact Hub Timpuri Noi.\nWe will have sessions, workshops, trainings and you\u0026rsquo;ll have the possibility to book 1-1 sessions to talk to our Solution Architects. You can check the full agenda here.\nCheck out the teaser video below!\n","permalink":"https://dragos.madarasan.com/blog/aws-loft-bucharest/","summary":"November brings the AWS Loft Bucharest event to Romania! The AWS Lofts are a place where startups and developers can meet over coffee, attend educational..","title":"AWS Loft Bucharest 2019"},{"content":"I spoke about the AWS Loft Bucharest here and of course, I couldn\u0026rsquo;t help myself and signed up to deliver two sessions and did a repeat of my CDK workshop I did in Kiev.\nMy first presentation was about the Well Architected Framework, a topic on which I speak frequently and enjoy discussing. The presentation starts off with a simple question - Are you Well-Architected? I then talked about what the Well Architected frame work is (and isn\u0026rsquo;t!), gave examples for design principles and how to perform well-architected reviews (self-service, partner, using an AWS Solution Architect).\nBelow is the presentation which can also be downloaded here.\n","permalink":"https://dragos.madarasan.com/blog/are-you-well-architected/","summary":"I couldn\u0026rsquo;t help myself and signed up to deliver two sessions and did a repeat of my CDK workshop I did in Kiev.","title":"Well Architected @ Bucharest Loft"},{"content":"After my first PentaBAR meetup in September, I\u0026rsquo;m co-presenting again with Catalin Dumitras from Pentalog, this time in Brasov!\nEveryone talks about Artificial Intelligence (AI) and Machine Learning (ML) but how can we use these services in meaningful applications? I\u0026rsquo;ll cover some of the AI/ML services that AWS offers such as Amazon SageMaker, Amazon Rekognition and Amazon Rekognition Video, cover some uses cases and present a demo or two.\nHere is a cool collage with some pictures from the event.\nYour browser does not support the video tag. Other pictures from the event can be found on the meetup page here. My slides covering the webinar can be found here.","permalink":"https://dragos.madarasan.com/blog/pentabar-53-brasov/","summary":"After my first PentaBAR meetup in September, I’m co-presenting again with Catalin Dumitras from Pentalog, this time in Brasov!","title":"Start Your A.I. Journey With AWS @ PentaBAR #53"},{"content":"In October I delivered a workshop on AWS Cloud Development Kit (CDK) at the AWS Loft Kiev. The AWS Lofts are a place where startups and developers can meet over coffee, work on their apps, attend educational sessions, and get in-person answers to AWS technical questions – all at no cost.\nYou can check the full agenda here.\nCheck out the post event video below!\n","permalink":"https://dragos.madarasan.com/blog/aws-loft-kiev/","summary":"In October I delivered a workshop on AWS Cloud Development Kit (CDK) at the AWS Loft Kiev.","title":"AWS Loft Kiev 2019"},{"content":"On the 10th of October I am hosting a webinar at the invitation of TechSoup Romania. TechSoup Romania is a non-government organization founded in 2010 and part of the TechSoup Global initiative whose goal is to help other NGOs better use technology to meet their goals. During the webinar I will be covering the following topics:\nadvantages of the AWS Cloud platform the AWS credits programme offered for NGOs by TechSoup popular examples of AWS services To attend the webinar please sign up here, I will update this post once the recording is live.\nLater edit: My slides covering the webinar can be found here, and below is the YouTube recording of the webinar (in Romanian).\n","permalink":"https://dragos.madarasan.com/blog/aws-techsoup-webinar/","summary":"On October 10, I am hosting a webinar at the invitation of TechSoup Romania. TechSoup Romania is a non-government organization founded in 2010\u0026hellip;","title":"Cloud Infrastructure for NGOs - TechSoup Webinar"},{"content":"Together with Catalin Dumitras from Pentalog I presented at the PentaBAR #31 meetup in Iasi.\nThe topic was Serverless CI/CD pipelines, and I talked about how one can use CodeCommit, CodeBuild and CodePipeline to build a CI/CD pipeline completely serverless!\nHere is me somewhere in the middle of my presentation\nOther pictures from the event can be found on the meetup page here. My slides covering the webinar can be found here.\n","permalink":"https://dragos.madarasan.com/blog/pentabar-31-iasi/","summary":"Together with Catalin Dumitras from Pentalog I presented at the PentaBAR #31 meetup in Iasi\u0026hellip;.","title":"Serverless CI/CD pipelines for your DevOps needs @ PentaBAR #31"},{"content":"On Monday I attended the meetup organized by Transilvania Cloud discussing best practices when designing cloud architectures. The event was organized as a Techsylvania Satellite Event with Andrei Varga from Micro Focus (formerly HP Enterprise) talking about his experience creating an AWS QuickStart (Micro Focus Operations Orchestration on AWS).\nAndrei talked about the learning process of writing CloudFormation templates that adhere to our best practices, based on the Well-Architected Framework and the steps required to get a quickstart published.\nMy slides covering announcements from Q2 2019 can be found here.\n","permalink":"https://dragos.madarasan.com/blog/well-architected-meetup/","summary":"On Monday I attended the meetup organized by Transilvania Cloud discussing best practices when designing\u0026hellip;.","title":"Well Architected Best Practices - Transylvania Cloud meetup"},{"content":"On the 12th of March, AWS together with our local partner Bittnet is organizing the 4th edition of the AWSome Day event in Bucharest. The free, one-day training will provide a step-by-step introduction to the core AWS services for compute, storage, database, and networking.\nAlexandru Costescu from Bittnet will be delivering the technical content and also talk about his experience migrating Netop to AWS. The content covers a multiple o services such as Infrastructure (VPC, EC2), Storage (S3, EBS), Databases (SQL and NoSQL) but also Security and Management.\nIn attendance will also be the AWS team covering Romania so this is a great opportunity to come and meet us!\nThe event takes place at the JW Marriott Bucharest Grand Hotel Bucharest and you can register for the event by signing up here.\n","permalink":"https://dragos.madarasan.com/blog/awsome-day-bucharest/","summary":"On the 12th of March, AWS together with our local partner Bittnet is organizing the 4th edition of the AWSome Day event in Bucharest..","title":"AWSome Day Bucharest 2019"},{"content":"As part of the new year I will be transitioning to a Solutions Architect role, focusing on clients from Romania and Hungary. I\u0026rsquo;m very excited to be able to work with clients and partners from my home country and look forward to building the AWS comunities across both countries.\nI will be based in the lovely city of Munich, Germany and look forward to exploring the Bavarian culture!\n","permalink":"https://dragos.madarasan.com/blog/moving-into-new-role/","summary":"Over the summer I\u0026rsquo;ve been working on updating the Exchange Server on AWS quickstart. Quick Starts are built by AWS Solutions Architects, Professional Services Consultants..","title":"New year, new challenges"},{"content":"Over the summer I\u0026rsquo;ve been working on updating the Exchange Server on AWS Quickstart. It was interesting because I could leverage my previous Exchange knowledge and apply it to AWS. Quick Starts are built by AWS Solutions Architects, Professional Services Consultants and partners to help customers deploy popular solutions on AWS, based on AWS best practices for security and high availability.\nThe work involved a complete overhaul of the existing Quick Start to make it more flexible and easier to update in the future. Additionally, I implemented support for Exchange 2016 with an eye to add support for Exchange 2019 as soon as possible.\nThe deployment guide and documentation can be found here, while all the CloudFormation templates and scripts are in GitHub. The AWS Quick Start team is happy to accept pull requests!\n","permalink":"https://dragos.madarasan.com/blog/exchange-server-on-aws-quickstart/","summary":"Over the summer I\u0026rsquo;ve been working on updating the Exchange Server on AWS quickstart. Quick Starts are built by AWS Solutions Architects, Professional Services Consultants..","title":"The updated Exchange Server on AWS QuickStart published!"},{"content":"AWS is hosting a Pop-up Loft in Stockholm between October and November 2018. AWS Lofts places where developers and IT professionals can attend educational sessions, work on their apps, or simply enjoy fika while getting to know other people. You can signup to any technical sessions, talk to a Solutions Architect or attend full day bootcamps!\nTogether with a colleague from our Dutch practice, we will be talking about a recent project for a client in Switerland. We were asked to help them develop a digital content platform for their clients running AWS native services as much as possible.\nThere are various and ever evolving content management solutions and content masters throughout the organization but over the years these change. Our client challenged us to figure out how to build a common platform that decouples content creation from content distribution while leveraging cloud best practices, automation and serverless architectures.\nHere is quick view of the high level architecture: Be sure to check out the awesome video showcasing the Loft in the Stockholm and sign up for events on the Loft page!\n","permalink":"https://dragos.madarasan.com/blog/aws-popup-loft-stockholm/","summary":"AWS is hosting a Pop-up Loft in Stockholm between in October-November, places where developers and IT professionals can attend educational sessions, work on..","title":"Presenting at the upcoming AWS Pop-Up Loft Stockholm "},{"content":"In December I\u0026rsquo;m heading to my home country Romania to help with a hackathon that AWS client Paddy Power Betfair is hosting at their office. During this one day event, software engineers team up and work on a pet project and have to present their idea and proof of concept at the end of the day.\nIn the afternoon I will be delivering a presentation about Infrastructure as Code with AWS CloudFormation at the Transylvania Cloud meetup.\nLucian Revnic and his colleagues from Micro Focus attended AWS re:Invent 2018 and will be talking about some of the highlights and interesting things that caught their attention. Paddy Power Betfair’s Cloud Automation team from Dublin will be talking about some of the lessons they learned adapting their private cloud CI/CD pipeline to work with AWS and the technical challenges they had to overcome.\n","permalink":"https://dragos.madarasan.com/blog/transylvania-cloud-meetup/","summary":"In December I\u0026rsquo;m heading to my home country Romania to help with a hackathon that and talk about Infrastructure as Code and ..","title":"Transylvania Cloud Meetup session"},{"content":"My blog port describing how you can setup Local Administrator Password Solution (LAPS) with AWS Microsoft AD has finally been published on the AWS Security Blog!\nThe article starts off by talking about the prerequisites needed such as using an AWS Directory Services Microsoft AD (MAD) and how to deploy the LAPS binaries to EC2 instances. It describes the process of upgrading the schema in Microsoft AD using a sample LDIF file and finally how to configure the permissions and group policy settings.\nIf you are interested in the topic head on over to the AWS Security Blog to read the article, I appreciate comments in the article or the forum post.\n","permalink":"https://dragos.madarasan.com/blog/how-to-deploy-local-administrator-password-solution/","summary":"Local Administrator Password Solution (LAPS) from Microsoft simplifies password management by allowing organizations to use Active Directory (AD) to store unique passwords for computers","title":"How to Deploy Local Administrator Password Solution with AWS Microsoft AD"},{"content":"I recently had to copy an AMI across 2 regions and the image was shared with a considerable amount of accounts. Unfortunately, moving the AMI does not also copy its permissions so I set out to see how I could automate copying permissions as well.\nWell here is the PowerShell code:\n$sourceAMI = \u0026#34;ami-12345678\u0026#34; $destinationAMI = \u0026#34;ami-87654321\u0026#34; $destinationRegion = \u0026#34;eu-central-1\u0026#34; # if different from source region # Get current permissions $UserIds = Get-EC2ImageAttribute -ImageId $sourceAMI -Attribute LaunchPermission | Select-Object -ExpandProperty Launchpermissions # Copy launch permissions to new image foreach($id in $UserIds) { Edit-EC2ImageAttribute -ImageId $destinationAMI -Attribute launchPermission -OperationType add -UserId $id.UserId -Region $destinationRegion } To do the same in the AWS CLI run:\naws ec2 describe-image-attribute --image-id ami-12345678 --attribute launchPermission --query \u0026#34;LaunchPermissions[]\u0026#34; --output text \u0026gt; UserIds FOR /f %i IN (UserIds) DO aws ec2 modify-image-attribute --image-id ami-87654321 --launch-permission \u0026#34;{\\\u0026#34;Add\\\u0026#34;: [{\\\u0026#34;UserId\\\u0026#34;:\\\u0026#34;%i\\\u0026#34;}]}\u0026#34; Note I have only tested the CLI commands on Windows\n","permalink":"https://dragos.madarasan.com/blog/copy-ami-with-permissions/","summary":"Copying AMIs across regions is easy, but how do you copy permissions as well?","title":"How to copy AMI permissions"},{"content":"Someone recently asked about the best way to built an UI on top of the AWS APIs without hardcoding the services. You can programmatically retrieve the list of AWS services by leveraging the Support API.\nThe AWS Support API is only available for clients on the Business/Enterprise support plans.\nTo list both the name and service code run the following command:\naws support describe-services --query \u0026#34;services[*].[code,name]\u0026#34; --region us-east-1 If you only want to get the names then run:\naws support describe-services --query \u0026#34;services[*].name\u0026#34; --region us-east-1 AWS CLI output Note I\u0026rsquo;m calling the API with the us-east-1 region since my default region is eu-west-1. The Support API has only 1 endpoint (us-east-1) and it needs to be specifically passed unless your default region is us-east-1.\n","permalink":"https://dragos.madarasan.com/blog/programmatically-list-aws-services/","summary":"Someone recently asked about the best way to built an UI on top of the AWS APIs without hardcoding the services","title":"Programmatically list AWS services"},{"content":"This is a one line AWS CLI command to get the latest restorable time for an AWS RDS Instance.\naws rds describe-db-instances --db-instance-identifier \u0026#34;yourDBinstance\u0026#34; --query \u0026#34;DBInstances[*].[DBInstanceIdentifier,LatestRestorableTime]\u0026#34; ","permalink":"https://dragos.madarasan.com/blog/oneliners-aws-rds-get-latest-restorable-time/","summary":"\u003cp\u003eThis is a one line AWS CLI command to get the latest restorable time for an AWS RDS Instance.\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eaws rds describe-db-instances --db-instance-identifier \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;yourDBinstance\u0026#34;\u003c/span\u003e --query \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;DBInstances[*].[DBInstanceIdentifier,LatestRestorableTime]\u0026#34;\u003c/span\u003e\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"Oneliners \u0026#8211; AWS RDS get latest restorable time"},{"content":"This is a handy 2 lines Powershell script to assume a role in AWS, create temporary credentials and run another command using the assumed roles:\n$Response = (Use-STSRole -Region eu-west-1 -RoleArn arn:aws:iam::\u0026lt;accountID\u0026gt;:role/\u0026lt;RoleName\u0026gt; -RoleSessionName RoleSession1).Credentials $Credentials = New-AWSCredentials -AccessKey $Response.AccessKeyId -SecretKey $Response.SecretAccessKey -SessionToken $Response.SessionToken Get-S3Bucket -BucketName yourbucketnamehere -Credential $Credentials ","permalink":"https://dragos.madarasan.com/blog/aws-assume-role-powershell/","summary":"\u003cp\u003eThis is a handy 2 lines Powershell script to assume a role in AWS, create temporary credentials and run another command using the assumed roles:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-powershell\" data-lang=\"powershell\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$Response = (Use-STSRole -Region eu-west-\u003cspan style=\"color:#ae81ff\"\u003e1\u003c/span\u003e -RoleArn arn\u003cspan style=\"color:#960050;background-color:#1e0010\"\u003e:\u003c/span\u003eaws\u003cspan style=\"color:#960050;background-color:#1e0010\"\u003e:\u003c/span\u003eiam::\u0026lt;accountID\u0026gt;\u003cspan style=\"color:#960050;background-color:#1e0010\"\u003e:\u003c/span\u003erole/\u0026lt;RoleName\u0026gt; -RoleSessionName RoleSession1).Credentials\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e$Credentials = New-AWSCredentials -AccessKey $Response.AccessKeyId -SecretKey $Response.SecretAccessKey -SessionToken $Response.SessionToken\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eGet-S3Bucket -BucketName yourbucketnamehere -Credential $Credentials\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"AWS Assume role [Powershell]"},{"content":"Today I passed my first AWS exam – AWS Certified Solutions Architect – Associate. I’ve been looking at getting some AWS certifications since late 2014 and I have now finally gotten to it (especially since I now work at Amazon).\nThe exam itself was of average to high difficulty, there were definitely some areas which I could have studied more. My preparation involved 3 months of AWS work as a Support Engineer and also doing the A Cloud Guru exam course online which I highly recommend.\nI’m putting up a reference list for learning materials that have been helpful for me while taking the exam:\nCloud Guru AWS Certified Solutions Architect Associate exam course Cloud Guru\u0026rsquo;s exam course is probably one of the most complete to date. I highly recommend their courses.\nExam blueprint This gives you a quick overview of the exam format and area being tested, definitely worth a read.\nAmazon EC2 FAQs\nAmazon Elastic Compute Cloud Documentation\nAmazon EBS FAQs\nAWS S3 FAQ and S3 documentation\nqwikLABS These are self paced labs where you get to have hands on experience with AWS. They provide step by step instructions and allows you to experience first-hand what AWS is about. The introductory labs are free, so together with the free tier offering from AWS these are the 2 best options to experience AWS without having to pay.\nLast updated July 4th, 2016\n","permalink":"https://dragos.madarasan.com/blog/aws-certified-tips-tricks/","summary":"Today I passed my first AWS Certified Solutions Architect exam","title":"AWS Certified! Tips \u0026#038; tricks"},{"content":"I was recently looking at retrieving a VPC’s Name based on its id. Here is the Python/Boto3 implementation\nfrom boto3.session import Session session = Session(aws_access_key_id=\u0026#39;aaaa\u0026#39;,aws_secret_access_key=\u0026#39;XXX\u0026#39;,region_name=\u0026#39;eu-west-1\u0026#39;) ec2 = session.resource(\u0026#39;ec2\u0026#39;) vpc = ec2.Vpc(\u0026#39;vpc-6661b904\u0026#39;) vpc.tags[0][\u0026#39;Value\u0026#39;] The one liner version for AWS cli is\naws ec2 describe-vpcs --vpc-ids vpc-6188b904 --query \u0026#34;Vpcs[0].Tags[?Key==\u0026#39;Name\u0026#39;].Value[]\u0026#34; --output text ","permalink":"https://dragos.madarasan.com/blog/aws-getvpcnamebyid/","summary":"\u003cp\u003eI was recently looking at retrieving a VPC’s Name based on its id. Here is the Python/Boto3 implementation\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-python\" data-lang=\"python\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\u003cspan style=\"color:#f92672\"\u003efrom\u003c/span\u003e boto3.session \u003cspan style=\"color:#f92672\"\u003eimport\u003c/span\u003e Session\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003esession \u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e Session(aws_access_key_id\u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;aaaa\u0026#39;\u003c/span\u003e,aws_secret_access_key\u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;XXX\u0026#39;\u003c/span\u003e,region_name\u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;eu-west-1\u0026#39;\u003c/span\u003e)\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eec2 \u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e session\u003cspan style=\"color:#f92672\"\u003e.\u003c/span\u003eresource(\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;ec2\u0026#39;\u003c/span\u003e)\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003e\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003evpc \u003cspan style=\"color:#f92672\"\u003e=\u003c/span\u003e ec2\u003cspan style=\"color:#f92672\"\u003e.\u003c/span\u003eVpc(\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;vpc-6661b904\u0026#39;\u003c/span\u003e)\n\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003evpc\u003cspan style=\"color:#f92672\"\u003e.\u003c/span\u003etags[\u003cspan style=\"color:#ae81ff\"\u003e0\u003c/span\u003e][\u003cspan style=\"color:#e6db74\"\u003e\u0026#39;Value\u0026#39;\u003c/span\u003e]\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eThe one liner version for AWS cli is\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-bash\" data-lang=\"bash\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003eaws ec2 describe-vpcs --vpc-ids vpc-6188b904 --query \u003cspan style=\"color:#e6db74\"\u003e\u0026#34;Vpcs[0].Tags[?Key==\u0026#39;Name\u0026#39;].Value[]\u0026#34;\u003c/span\u003e --output text\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e","title":"AWS getVPCnameById"},{"content":"My new book, co-authored with Suraj Patil has been officially published by PacktPub. What a nice way to start the year!\nPacktPub approached me in the spring of 2015 to write a Citrix book for them which I was delighted to accept, having worked with PacktPub before as a technical reviewer for a number of books.\nWe decided to tackle the troubleshooting aspect of Citrix XenApp/XenDesktop administration and the book is the result of several months of work together with Suraj who is a Citrix Consultant and specializes in virtualization \u0026amp; enterprise mobility.\nWe’ve written this book to be useful for Citrix administrators at all levels. People who have just started working with Citrix will find useful information on how to identify, break down and then resolve problems. The first chapters start off with the basic troubleshooting methodology and guidelines while later chapters focus on more specific cases.\nExperienced Citrix administrators will find real-world cases that the authors have encountered with the book providing solutions, troubleshooting steps and further reading materials. All in all, I believe everyone reading this book would learn a bit more Citrix troubleshooting.\nMany thanks to our technical reviewers, Matthew Spencer, Mayur Makwana and Sebastiaan van Kaam, who have kindly reviewed the book and made great suggestions.\nA big shout-out to Shaon Basu, our acquisition manager who had the idea of writing this book together and the team behind the book – Prachi Bisht, Shali Deeraj and Ajinkya Paranjape who have provided continuous feedback and helped edit this book.\nThe book is available online in both print or ebook format at PacktPub, Amazon.com and Amazon UK.\n","permalink":"https://dragos.madarasan.com/blog/troubleshooting-citrix-xenapp-is-out/","summary":"PacktPub approached me in the spring of 2015 to write a Citrix book","title":"Troubleshooting Citrix XenApp is out!"},{"content":"You sometimes run into cases where a certificate was imported by another sysadmin and he forgot to check the option to export the private key. If you want to export the certificate together with the private key the option would be greyed out.\nUnless you have access to the original certificate there is no Windows built-in method to retrieve the certificate. Mimikatz is a nice program that hooks into the Windows NT APIs and allows you to export unexportable certificate.\nTo do so, run the following commands:\nmimikatz crypto::capi crypto::certificates /export You will see that mimikatz has exported all certificates with the ones having a private key with a pfx extension as well. The pfx certificates are protected with the password “mimikatz”\nYou will now be able to import the pfx certificate and check the option to allow the export of the private key.\nResources Mimikatz on GitHub page Mimikatz blog page Metasploit page for Mimikatz ","permalink":"https://dragos.madarasan.com/blog/exporting-unexportable-certificates/","summary":"\u003cp\u003eYou sometimes run into cases where a certificate was imported by another sysadmin and he forgot to check the option to export the private key. If you want to export the certificate together with the private key the option would be greyed out.\u003c/p\u003e\n\u003cp\u003e\u003ca class=\"highslide img_126\" href=\"/images/Pic1-notexportable.png\" onclick=\"return hs.expand(this)\"\u003e\u003cimg class=\"alignnone  wp-image-854\" src=\"/images/Pic1-notexportable.png\" alt=\"Pic1-notexportable\" width=\"266\" height=\"135\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eUnless you have access to the original certificate there is no Windows built-in method to retrieve the certificate. \u003ca href=\"http://blog.gentilkiwi.com/mimikatz\" target=\"_blank\"\u003eMimikatz\u003c/a\u003e is a nice program that hooks into the Windows NT APIs and allows you to export unexportable certificate.\u003c/p\u003e","title":"Exporting unexportable certificates"},{"content":" Have just received confirmation from my employer that I will be able to participate at this year\u0026#8217;s Microsoft Summit 2014. Microsoft Summit, currently at the 2nd edition is probably the largest event for the IT Pro community and a few acquaintances are speaking at the event including Tudor Damian, Adrian Stoian and others.\nThe event is being held at Willbrook Platinum Business \u0026 Convention Center Bucharest (same place as last year) between 12/13 November 2014. Some of the sessions that attracted my attention are Elena Ciobanu\u0026#8217;s session on VDI Deployment Walkthrough and Daniel Petri with Preparing your organization for Active Directory Directory Services (AD-DS) disaster recovery scenarios. Full agenda for the event HERE and speakers here. ","permalink":"https://dragos.madarasan.com/blog/going-microsoft-summit-2014/","summary":"\u003cp style=\"text-align: justify;\"\u003e\n  Have just received confirmation from my employer that I will be able to participate at this year\u0026#8217;s \u003ca href=\"http://www.mssummit.ro/en\" target=\"_blank\"\u003eMicrosoft Summit 2014. \u003c/a\u003e\n\u003c/p\u003e\n\u003cp style=\"text-align: justify;\"\u003e\n  Microsoft Summit, currently at the 2nd edition is probably the largest event for the IT Pro community and a few acquaintances are speaking at the event including \u003ca href=\"http://www.tudy.ro/\" target=\"_blank\"\u003eTudor Damian\u003c/a\u003e, \u003ca href=\"http://www.adrianstoian.com/\" target=\"_blank\"\u003eAdrian Stoian\u003c/a\u003e and others.\u003cbr /\u003e The event is being held at Willbrook Platinum Business \u0026 Convention Center Bucharest (same place as last year) between 12/13 November 2014.\n\u003c/p\u003e","title":"Going to Microsoft Summit 2014"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nBackground Moving a 3PAR virtual volume between two remote groups is a scenario I have encountered which I feel isn’t very well documented on the internet.\nStarting with 3PAR 3.1.2, the ability to move a virtual volume between remote copy groups without the need for a full synchronization was added. This is helpful in certain scenarios where you’d like to move the vv to another copy group without triggering a full synchronization.\nThe steps below have been provided by L2 HP 3PAR support engineer based on a support call I had opened with them.\nP7200_Q07U23 cli% showrcopy Remote Copy System Information Status: Started, Normal Target Information Name ID Type Status Options Policy Q6 19 FC ready 2FF70002AC00428F mirror_config Link Information Target Node Address Status Options Q6 0:1:1 20110002AC00428F Up Q6 1:1:2 21120002AC00428F Up receive 0:1:1 20110002AC00428F Up receive 1:1:2 21120002AC00428F Up Group Information Name Target Status Role Mode Options RG1 Q6 Started Primary Sync LocalVV ID RemoteVV ID SyncStatus LastSyncTime RC_TestVV_1 15583 RC_TestVV_1 9467 Synced NA RC_TestVV_2 15584 RC_TestVV_2 9468 Synced NA Stop original remote copy group P7200_Q07U23 cli% stoprcopygroup RG1 Stopping group RG1. If volumes in the group are still synchronizing, then their snapshots on the secondary side may get promoted. Do you wish to continue? select q=quit y=yes n=no: y “showvv” output – On stopping the remotecopygroup, the rcpy snapshot is created for the VVs of that remotecopy group. 15583 RC_TestVV_1 tpvv base --- 15583 RW normal 128 512 512 1024 15631 rcpy.50.15583.19 snp vcopy RC_TestVV_1 15583 RO normal -- -- -- 1024 15584 RC_TestVV_2 tpvv base --- 15584 RW normal 128 512 512 2048 15632 rcpy.50.15584.19 snp vcopy RC_TestVV_2 15584 RO normal -- -- -- 2048 Dismiss the VV from the original group The “dismissrcopyvv” command with the “-keepsnap” option specifies that the local volume\u0026#8217;s resync snapshot should be retained. The retained snapshot will reflect the state of the secondary volume. The snapshot will begin with “sv.rcpy”. Below example of removing the Volume “RC_TestVV_1” from remotecopy group “RG1”:\nP7200_Q07U23 cli% dismissrcopyvv -keepsnap RC_TestVV_1 RG1 Dismissing vv RC_TestVV_1 from group RG1 select q=quit y=yes n=no: y Volume RC_TestVV_1 has been dismissed from group RG1. 15583 RC_TestVV_1 tpvv base --- 15583 RW normal 128 512 512 1024 15631 sv.0.rcpy.50.15583.19 snp vcopy RC_TestVV_1 15583 RO normal -- -- -- 1024 15584 RC_TestVV_2 tpvv base --- 15584 RW normal 128 512 512 2048 15632 rcpy.50.15584.19 snp vcopy RC_TestVV_2 15584 RO normal -- -- -- 2048 Create new remote-copy group or stop existing group Use the “creatercopygroup” command to make a new group. P7200_Q07U23 cli% creatercopygroup RG2 Q6:sync Or use “stoprcopygroup” command for an existing remotecopy group.\nAdmit the VV to the new remote copy group Use the “admitrcopyvv” command adds an existing virtual volume to an existing Remote Copy volume group.\nadmitrcopyvv \u0026lt;VV_name\u0026gt;:\u0026lt;resync_snapname\u0026gt; \u0026lt;group_name\u0026gt; \u0026lt;target_name\u0026gt;:\u0026lt;sec_VV_name\u0026gt;\u0026lt;resync_snapname\u0026gt;: An optional read-only snapshot \u0026lt;resync_snapname\u0026gt; can be specified along with the virtual volume name \u0026lt;VV_name\u0026gt;. This snapshot is a starting snapshot. When the group is started, a full sync is not performed. Instead, for synchronous groups, the volume will synchronize deltas between \u0026lt;resync_snapname\u0026gt; and the base volume.\nFor asynchronous periodic groups, the volume will synchronize deltas between \u0026lt;resync_snapname\u0026gt; and a snapshot of the base.\nP7200_Q07U23 cli% admitrcopyvv RC_TestVV_1:sv.0.rcpy.50.15583.19 RG2 Q6:RC_TestVV_1 In this command, when snapshot is specified, a full synchronization is not needed. On the primary 3PAR array the showrcopy – “SyncStatus” will appear as “New-SyncFromSnap”. On the secondary 3par array the SyncStatus will appear as “New”.\nExcerpts of showrcopy output from primary array:\nP7200_Q07U23 cli% showrcopy .. Name Target Status Role Mode Options RG1 Q6 Stopped Primary Sync LocalVV ID RemoteVV ID SyncStatus LastSyncTime RC_TestVV_2 15584 RC_TestVV_2 9468 Stopped 2014-08-21 18:36:00 IST Name Target Status Role Mode Options RG2 Q6 New Primary Sync LocalVV ID RemoteVV ID SyncStatus LastSyncTime RC_TestVV_1 15583 RC_TestVV_1 9467 New-SyncFromSnap NA Excerpts of showrcopy output from secondary array:\np7400_Q06U06 cli% showrcopy -- Secondary 3PAR array .. Name Target Status Role Mode Options RG1.r16886 Q7 Stopped Secondary Sync LocalVV ID RemoteVV ID SyncStatus LastSyncTime RC_TestVV_2 9468 RC_TestVV_2 15584 Stopped 2014-08-21 18:41:44 IST Name Target Status Role Mode Options RG2.r16886 Q7 New Secondary Sync LocalVV ID RemoteVV ID SyncStatus LastSyncTime RC_TestVV_1 9467 RC_TestVV_1 15583 New NA Start remote copy group Use the “startrcopygroup” command to start the newly created remote-copy volume group (or an existing remote copy group to which the VV is moved).\nP7200_Q07U23 cli% startrcopygroup RG2 Group RG2 starts, task ID = 15895 P7200_Q07U23 cli% showtask -d 15895 Id Type Name Status Phase Step -------StartTime------- ------ FinishTime------- -Priority- -User- 15895 remote_copy_sync RC_TestVV_1 done --- --- 2014-08-21 19:23:39 IST 2014- 08-21 19:23:40 IST n/a n/a Detailed status: 2014-08-21 19:23:39 IST Created task. 2014-08-21 19:23:39 IST Startup adding resync of volume RC_TestVV_1 in group RG2 to target Q6 to the synchronization list. 2014-08-21 19:23:39 IST Started resync of volume RC_TestVV_1 (offset 0MB length 1024MB) in group RG2 to target Q6 has started.(sync_vol: none/-2 resync_vol: sv.0.rcpy.50.15583.19/15631.) 2014-08-21 19:23:40 IST Completed sync of volume RC_TestVV_1(sv.0.rcpy.50.15583.19) in group RG2 to target Q6 has completed, 0MB of 1024MB transmitted. Credits: Mishal Bhatt, HP ESSN – Storage Division\nAs always, I suggest trying it out first on non-production arrays or with test data and following a change management procedure to highlight the risks.\nReferences\nHP 3PAR OS 3.1.2 release notes – Remote Copy Enhancements 3PAR User group discussion ","permalink":"https://dragos.madarasan.com/blog/move-vv-remote-copy-group/","summary":"Moving a 3PAR virtual volume between two remote groups is a scenario","title":"Moving virtual volume between remote copy groups (3PAR)"},{"content":"A month ago I was approached by Packtpub to review a book for them. The book, Microsoft System Center Configuration Manager is written by Marius Sandbu who works as a Consultant for Commaxx in Norway.\nThe books looks at deploying highly available Configuration Manager sites and roles and best practices about designing a resilient network. The first chapter looks at planning High Availability for ConfigMgr while the second and third chapters look at configuring HA for Site roles and back-end services. Finally, the last 2 chapters look at how you should be backing up a Configuration Manager infrastructure and has a few tips and tricks about performance tuning. Congratulations to Marius for taking the time to write this book and share his experience. The book can be seen at Packtpub.com ","permalink":"https://dragos.madarasan.com/blog/reviewed-microsoft-system-center-configuration-manager/","summary":"A month ago I was approached by Packtpub to review a book for them","title":"Reviewed Microsoft System Center Configuration Manager"},{"content":"Microsoft Summit 2013 is taking place in Bucharest between November 6-7 and ITSpark is offering 3 discount codes to the event.\nWhy attend Microsoft Summit 2013 ? The event is a great opportunity to attend a large ITPro/Dev gathering, meet new people and see what’s happening in the Microsoft world. There are a number of speakers both local and international and a number of sessions are being held by Microsoft MVPs.\nSome of the most interesting session I want to attend are Windows 8.1 in the Enterprise by Krzysztof Szafer, Migrating from VMware tips \u0026amp; tricks by Sebi Vijeu and a number of sessions about Server 2012 R2.\nThere are also sessions by our very own Tudy Damian, who is talking about What’s new in Windows Server 2012 R2 Hyper-V on day 1. Another notable presence and regular speaker is Adrian Stoian who is talking about System Center and Private / Public Clouds\nWhat do you have to do? Head over to ITSpark and register if you don’t have an account already. You need to like ITSpark’s Facebook page and follow their Twitter account then post your details in on the page.\nMake sure to do so before the 2nd of November when the contest ends. Full details here!\nWhat next? See you in Bucharest!\n","permalink":"https://dragos.madarasan.com/blog/microsoft-summit-2013-discount-codes/","summary":"Why you should attend Microsoft Summit 2013","title":"Microsoft Summit 2013 \u0026#8211; get discount codes from ITSpark"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nHad an interesting problem when trying to add a new Enterprise CAL key to a BES 5.0.3 where I would see the Invalid master key error.\nProblem When trying to add a new Enterprise license key to the BES server I would be presented with “The request could not be completed” error.\nLooking at the event logs, the one that caught this error was the BBAS-AS log. Specifically, I would see the following stack trace error:\ncom.rim.bes.bas.licensemanagertools.LicenseManagerJNIException: BAS LicenseManager exception occurred in function: JLicenseManager::constructNewMasterKey, Error: -9 - Invalid Master Key at com.rim.bes.bas.licensemanagertools.LicenseManagerAccessorImpl.constructNewMasterKeyJNI(Native Method) at com.rim.bes.bas.licensemanagertools.LicenseManagerAccessorImpl.constructNewMasterKey(LicenseManagerAccessorImpl.java:559) Cause The issue was escalated to the vendor who responded that one of the existing license keys was of SMB type (not Enterprise) and was causing the problem. This is also documented on their website as KB18732.\nSolution – fixing Invalid Master Key error RIM provided a SQL script to remove the license key, although I suspect this could be manually done as well.\nBe sure to stop the BAS-AS and BAS-NCC services and backup your BES database before running the script!\n/*+--------------------------------------------------------------------------- * Support Script: DeleteCalFromDatabase * Created: 3/17/2010 * Tracked via : \u0026amp;lt;removed\u0026amp;gt; * Description: Delete a CAL from the Database. * * Instructions for running script: * 1. Backup database * 2. In SQL Server Management, select the BES configuration database * 3. Change the @Cal within the Edit section to the CAL you wish to remove * 4. Run the script *+--------------------------------------------------------------------------*/ USE \u0026amp;lt;name of your BES database\u0026amp;gt; DECLARE @Cal NVARCHAR(256) /*----------------------------------------------------------------------------*/ /* Edit this section only */ /*----------------------------------------------------------------------------*/ SET @Cal = \u0026#39;besx …\u0026#39; -- the CAL you wish to remove /*----------------------------------------------------------------------------*/ /* End of editable section */ /*----------------------------------------------------------------------------*/ DELETE FROM LicenseKeys WHERE LicenseKey = @Cal GO Once I removed the SMB license key, adding the new licenses worked perfectly. Unfortunately the Invalid Master key error does not seem to be documented anywhere so RIM should update their KB article with additional details.\nLinks “Invalid license keys” appears when a new enterprise license key is added through the BlackBerry Administration Service Invalid license keys – BlackBerry Enterprise Server 5.0 ","permalink":"https://dragos.madarasan.com/blog/error-9-invalid-master-key-bes-5-0/","summary":"Had an interesting problem when trying to add a new Enterprise CAL key to a BES 5.0.3 where I would see the Invalid master key error.","title":"Invalid Master Key in BES 5.0"},{"content":"Deploying an application using XenMobile is very easy. The following post will illustrate the steps needed to deploy LastPass to an Android 4.0 device.\nFollowing on my earlier post about installing XenMobile here, you’ll next need to do 2 things:\ncreate a user account install \u0026amp; setup the XenMobile agent Creating a user account In the ZDM console, go to the Users tab and click New User button.\nCreate a new account specifying the username, password and email address\nInstall and setup the XenMobile agent The agent can be installed in a number of ways. You can sent the users an email with a link to your XenMobile setup (similar to xenmobile.yourdomain.com/zdm/enroll) or you can have your users go to the iOS/Android store.\nNote As of version 8.5 Citrix is calling the agent Citrix Worx Home.\nThe following steps have been taken on an Android device but should be similar on other devices as well.\nWhen first installing the XenMobile agent, it will ask for permission to be activated as a device administrator. This permission is required in order to enforce policies and do certain operations like remote wipe, remote lock.\nIn the XenMobile application, tap the Enroll button\nSpecify the email address previously configured for the user and the IP address of the server.\nNote The IP address is a local one, not accessible via de internet. This wasn’t a problem for me as all the tests I’ve done were with device’s WiFi connected to the same network as the XenMobile server.\nYou’ll next be asked for the username and password.\nIf the device has been successfully enrolled you should be presented with the following screen\nBack in the XenMobile console the device should now appear under the Devices tab.\nImport an application in XenMobile Now that the device has been enrolled in XenMobile, let’s assume we want to deploy a corporate application (.apk file in the Android world).\nFirst we need to obtain the apk file. I’ve chosen to deploy LastPass as they distribute the apk file on their website.\nNext, go to the Application tab in XenMobile and click on New \u0026gt; Application.\nBrowse to the APK file and select it. The following menu will appear. Click import unless you need to edit one of the APK parameters options.\nThe application will now appear in your list of applications similar to the image below.\nDeploy an application in XenMobile Now that we’ve imported the application, we need to create a package in order to deploy it to devices/users.\nIn order to do so, go to the Deployment tab and select New package \u0026gt; New Android package.\nThe new package wizard now appears. In the first step, name your package.\nSelect the group of users you want this packaged deployed to.\nIn the next step, select the resources to be deployed. The Lastpass package will appear under Application Push – Installation files section. Click next when done.\nIn the deployment schedule step select to have the package deployed immediately.\nIn the deployment rules step you can include certain rules however for the purpose of this demo I skipped this step.\nIn the package summary section revisit the package settings and click finish when done.\nVerifying package deployment On the mobile device the application was received fairly quickly. I was presented with the installation wizard as in any application install on Android.\nIn the XenMobile console the deployment was then listed as having been successful.\n","permalink":"https://dragos.madarasan.com/blog/application-deployment-xenmobile/","summary":"Deploying an application using XenMobile is very easy. The following post will illustrate the steps needed to deploy LastPass","title":"Application deployment in XenMobile"},{"content":"Lately I’ve had a particular interest in the MDM (mobile device management) scene where XenMobile (the rebranded Zenprise ) is one of the leaders (Gartner).\nI’ve decided to give XenMobile a try and with the help of a contact at Citrix I received a trial license.\nPreparation Download the installation kit from Citrix.com (you’ll need a Citrix account). Get a trial license from Citrix. If you can’t find one, contact me and I will try to put you in touch with my contact at Citrix. Bare in mind XenMobile can use both SQL Server and PostgreSQL as a back-end and will by default install the latter. Installation First, make sure you install the latest edition of Java Development Kit, you’ll find it on Oracle.com. Next, start the XenMobile installer, leave the default English as language and click next.\nAgree to the license agreement.\nIn the Components selection page wizard you have the option of co-locating your Application server with your database server. For the sake of simplicity I installed both on the same machine.\nIn the choose install location page click next.\nThe install wizard will soon start copying files. you’re next step is to install the database server.\nInstall \u0026amp; configure PostgreSQL By default, XenMobile will install PostgreSQL as its back-end. The following steps detail the configuration of PostgreSQL for XenMobile.\nIn the Welcome page click next to advance and again next to skip over the Installation notes.\nIn the Installation options page select the applicable options and click next.\nIn the service configuration page, configure the account name and password under which the database will run. It will default to postgrZDM but you may change it if you choose so.\nIf the account does not exist, you will get the following prompt. Press yes to have the installer create the account.\nAs I am running the installer under a lab environment I used a relatively weak password, be sure to use a strong passwords for production environments.\nIn the initialize database cluster, configure the superuser name and password and press next.\nIn the procedural languages step, leave the default option and click next.\nIn the contrib modules step, unless you know what you’re doing, leave the default and click next.\nFinally, click next to install.\nThe setup should finish with the following completion message.\nContinue XenMobile installation If the PostgreSQL installation finished successfully, the XenMobile installer then continues to install Apache.\nIn the next step you will get to select a license file (.crt extension).\nIn the next step you are asked to specify the database connection settings. I’ve used the default root account (postgres) as this is a lab environment. In production, you would have to create a separate account and grant it more restrictive permissions.\nClick check the connection to validate the settings.\nIf you haven’t created the zdm database yet, you will get the following prompt. Select create to have the installer create the database.\nIn the Crystal Report configuration page, input your keycode if you have one. Otherwise, the reports generated from XenMobile will contain a little watermark.\nIf you are planning to deploy XenMobile to Apple devices check the enable iOS option. Since I would be testing XenMobile on my Android, I didn’t check the option. You will get a few extra steps if you enable this option.\nIn the Define a http/https connector pages leave the default settings and click next.\nIn the next page you are asked to define a https connector for clients not authenticating with certificate. You can leave the defaults and click next.\nIn the next 3 steps you will be asked to define the root, intermediate and device certification authority. As this was a lab environment I selected to create one of each, in a production environment where an existing PKI was present, you would have to export the relevant certificate in PKCS #12 format (.p12 extension) and import them in the following steps.\nRoot certification authority\nIntermediate certificate\nDevice certificate\nIn the define certificate for HTTPS, you are being asked for the fully qualified domain address of the public URL. Again, you can create or import this certificate.\nIn the configure tunnel ports step leave the default values.\nNext you are asked to create the administrative account for the XenMobile console.\nIn the final page click on Finish then close once the configuration is finished.\nThe application server wizard will then finish to install.\nLast but not least, close the XenMobile Device Manager setup wizard.\nLogin to XenMobile If you are on Server 2008 R2 be sure to add the website to the trusted site lists, otherwise it will not be rendered properly due to Internet Explorer’s default security settings.\nLogin with the administrative credentials define above.\nAnd lo and behold the XenMobile administration console!\n","permalink":"https://dragos.madarasan.com/blog/installing-xenmobile-8/","summary":"Lately I’ve had a particular interest in the MDM (mobile device management) scene where XenMobile (the rebranded Zenprise ) is one of the leaders","title":"XenMobile 8 installation step by step"},{"content":"Taking advantage of the fact that Endava was a platinum sponsor, I couldn’t pass the opportunity to attend this years’ ITCamp.\nITCamp, now at it’s 3rd edition, is a mixed Dev/ITPro Microsoft focused conference and the people behind it are Mihai Tataran (Avaelgo) and Tudor ‘Tudy’ Damian (Transcent). I want to take this opportunity to thank them for their involvement in organizing this, thanks guys!\nAlthough I only managed to participate on day 1 of the event, I’m glad to have seen Richard Campbell’s session on So What about Tablets? where he discussed the current state of the tablets. Richard is a great speaker and I hope to see him speak at ITCamp in the future.\nIt was my second time hearing Tim Huckaby speak and boy does this guy deliver. Besides the fact that he’s an awesome speaker who can break any audience, he is really fun on the stage and doesn’t have a problem making jokes of himself.\nI also managed to catch Tudy’s session on Running on Microsoft Private and Public Cloud infrastructures where he describes the challenges of running Linux on Hyper-V. Hyper-V support for Linux has come a long way and I’m really glad to see this kind of session take place where not everything discussed is 100% Microsoft-centric.\nIn respects to the event, I think this years’ venue was the best I’ve seen so far. Grand Hotel Italia is an excellent choice for such an event and my only suggestion for next year is to bring more outside speakers on the IT Pro track.\nL.E. Added a couple of pictures from the sessions I liked\n","permalink":"https://dragos.madarasan.com/blog/itcamp-2013-my-thoughts/","summary":"Taking advantage of the fact that Endava was a platinum sponsor, I couldn’t pass the opportunity to attend this years’ ITCamp.","title":"ITCamp 2013 \u0026ndash; my thoughts"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nWindows Server 2012 comes with group managed service accounts, an improved version of the original MSA. Ever since Windows Server 2008 R2 was out, I remember reading about managed service accounts (MSA) a new feature that I wanted to check out. You can read more about MSA here, but in essence they are useful because they have automatic password management.\nIntroduction I always wanted to try MSA and was recently in a position to propose using MSAs, but after re-reading the information, specifically “A managed service account can only be installed on a single computer” I decided to skip MSA.\nHowever, I did research if anything had changed since 2008 R2 and apparently it has – Doug Symalla on TechNet has a very interesting article about the new Group Managed Service accounts and how they work in Server 2012.\nAs MSAs are actually useful now (“A single gMSA can be used on multiple hosts.”), I decided to give it a go and try to use a gMSA in an IIS application pool connecting to a SQL 2008 R2 server. This blog posts details the steps of configuring a gMSA and what I learned in the process.\nInstall ADDS and configure group Managed Service Accounts I started by creating 2 servers, SRV001 – domain controller (forest level 2012) and web server (IIS) and SRV002 – SQL Server 2008 R2.\nAfter joining the 2 servers in the same domain, the first problem I ran into was the fact that I had to wait 10 hours for the KDS root key to replicate to all domain controllers.\nThe error that I would get was New-ADServiceAccount : Key does not exist\nIn order to skip waiting 10 hours, I used the PowerShell command below, then created the gMSA.\nAdd-KdsRootKey –EffectiveTime ((get-date).addhours(-10)) New-ADServiceAccount -name IISAppPool1 -DNSHostName SRV001.test.local -PrincipalsAllowedToRetrieveManagedPassword \u0026#34;Domain Computers\u0026#34; For simplicity, I configured all “Domain Computers” to have rights to this gMSA but in a production environment a distinct security group should be used for each gMSA.\nIf you don’t configure a proper security group on the service accounts, this is the error you will get when trying to install it\nI performed the next two commands on both servers:\nInstall-ADServiceAccount IISAppPool1 Test-ADServiceAccount IISAppPool1 If the return value of the 2nd command is True then the gMSA has been successfully installed.\nConfigure gMSA on SQL Server Next, on the SQL server I configured a new login called testIISAppPool1 where test is the NetBios domain name\n.\nMake sure to give the gMSA the necessary permissions to access the database server (e.g. enable Windows authentication, remote connections and provide proper database level permissions).\nConfigure IIS Application pool to use gMSA Back on domain controller, I installed a web application called ScrewTurnWiki which I used previously and configured it using SQL authentication. After making sure it all works nicely I proceeded to change the settings to use the group Managed Service account.\nOpen IIS manager (Start, run, inetmgr) and go to Application Pools.\nSelect the IIS application pool (e.g. wiki) and go to Advanced Settings –\u0026gt; Identity\nConfigure the IIS application pool to use the gMSA and leave the password fields blank.\nYou should now see the application pool working under the new identity as below:\nI then had to configure the application to use Windows instead of SQL authentication. This may vary based on your application. I modified the following line in the Web.config:\n\u0026lt;add key=\u0026#34;SettingsStorageProviderConfig\u0026#34; value=\u0026#34;Trusted_Connection=True;Database=ScrewTurnWiki449;Server=srv002sqlexpress\u0026#34;\u0026gt; If everything is properly configured, a refresh of the application should load the same page. However, using the SQL Server Management Studio, we can open the current logs and see that a gMSA is being used to access the application\nReferences New-ADServiceAccount : Key does not exist – TechNet forums Managed Service Accounts with Microsoft SQL Server 2012 Windows Server 2012: Group Managed Service Accounts – Ask Premier Field Engineering (PFE) Platforms Managed Service Accounts: Understanding, Implementing, Best Practices, and Troubleshooting ","permalink":"https://dragos.madarasan.com/blog/using-group-managed-service-accounts/","summary":"\u003cp\u003e{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\u003c/p\u003e\n\u003cp\u003eWindows Server 2012 comes with group managed service accounts, an improved version of the original MSA. Ever since Windows Server 2008 R2 was out, I remember reading about \u003cem\u003emanaged service accounts\u003c/em\u003e (MSA) a new feature that I wanted to check out. You can read more about MSA \u003ca href=\"http://technet.microsoft.com/en-us/library/dd560633(v=ws.10).aspx\" target=\"_blank\"\u003ehere\u003c/a\u003e, but in essence they are useful because they have automatic password management.\u003c/p\u003e\n\u003ch1 id=\"introduction\"\u003e\u003cspan id=\"Introduction\"\u003eIntroduction\u003c/span\u003e\u003c/h1\u003e\n\u003cp\u003eI always wanted to try MSA and was recently in a position to propose using MSAs, but after re-reading the information, specifically “A managed service account can only be installed on a single computer” I decided to skip MSA.\u003c/p\u003e\n\u003cp\u003eHowever, I did research if anything had changed since 2008 R2 and apparently it has – Doug Symalla on \u003ca href=\"http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx\" target=\"_blank\"\u003eTechNet\u003c/a\u003e has a very interesting article about the new Group Managed Service accounts and how they work in Server 2012.\u003c/p\u003e","title":"Using Group Managed Service Accounts"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nIn my previous articles, I described upgrading/migrating Web Central Control from version 6 to 7.\nIn this article I will explain the steps needed to upgrade EVault Director (the actual backup software), EVault Reports and Windows CentralControl.\nIf you are using EVault in a 1:1 or N:1 replication, start the upgrade process on your passive vault first!\nPre-upgrade preparation Before proceeding with the upgrade, I would advise backing up the Evault database and making sure your replication is up to date. Backup database To do a backup of the database open a command line and go to %evaul%Directorprog. Run the command dbbackup backup .\nThe destination folder must already exist and cannot contain any spaces (e.g. C:Program FilesEVault), otherwise the dbbackup command will fail.\nCheck replication Start the Director console, select or add your Vault and go to Replication – Status Report. Click next and specify if you want to receive the report in an email or save the report as a vault log file. \u0026nbsp; In the Analysis scope page select Replication Comparison and click Next. \u0026nbsp; In the Report Scope Selection page select Compare Metadata only and select the Vault. \u0026nbsp; In the next page, select Submit job immediately. While an upgrade is possible when not all safesets are replicated to the passive vault, it is generally better to have the vaults in sync. Install .Net Framework 4.0 Install .Net Framework 4.0 and restart the computer. The .Net installer might not ask for a restart, but the Director wizard will prompt you to restart the server before the upgrade if you have not done so. \u0026nbsp; Disable replication and listener services. Start the Director console, select or add your Vault and go to Vault Maintenance and select Services. Stop the Listener and replication service. If you are using EVault Reports, you must disable the Extract data for web service task.\nOpen the Director console, click Vault Maintenance and select Schedule Entries. Select Extract data for web service and click Disable. Click OK.\nUpgrade Evault Director Otherwise, the upgrades steps are very simple. In the Welcome page select the Upgrade option \u0026nbsp; In the Administrator Account page, select \u0026lt;strong\u0026gt;Use a custom account\u0026lt;/strong\u0026gt; and specify an account with Local administrator rights. The account must also have “logon as service” rights, which you can specify using Local Security Policy (Secpol.msc – Local Policies – User Rights Assignment – Logon as a service). \u0026nbsp; Next, the installer will stop the Evault services, backup then upgrade the database. \u0026nbsp; When the installer finishes you will receive the prompt below. Click OK and leave the installer to automatically validate the license. \u0026nbsp; If you do not have connectivity to the internet from the server, you will have to manually validate the license which takes a bit longer to do. Following the maintenance complete window you will be asked to run a vvanalyz command. Click Yes, unless you plan to run this command at a later stage. \u0026nbsp; Upgrading EVault Reports If you are using EVault Reports, you must upgrade it to the same version as Director. Run EVaultReportsExtractor-7-00-6002.exe. In the Welcome page, click Next to start the upgrade. \u0026nbsp; In the Update Complete page click Finish At this point you should check the license summary for your vault server and make sure the replication/listener services are started. Also, re-enable the EVault Reports extract task. Logon to the Director console. Click Vault Maintenance and select Schedule Entries. Select Extract data for web service and click Enable. Click OK. \u0026nbsp; Upgrade Windows CentralConsole If you plan on using agents version 7 and later, you will need to have Windows CentralConsole 7 installed. Run CentralControl-7-01-1034.exe and in the Welcome page click Next. In the View Notes page click Next Click OK to confirm the upgrade In the Maintenance Complete window select Finish Open the WinCC console and confirm the installed version is 7.01 At this point all your Evault products should be running the latest version. ","permalink":"https://dragos.madarasan.com/blog/upgrading-infostage-director-7/","summary":"In this article I will explain the steps needed to upgrade EVault Director (the actual backup software), EVault Reports and Windows CentralControl.","title":"Upgrading InfoStage Director 7"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nIn my previous article I described the steps to upgrade a 32 bit Web Central Control installation to version 7. Since the latest version of EVault Reports (2.71a) is only supported on 64 bit platforms, you will want to have your Web CentralControl running on the same platform. The steps in this article describe migrating your existing 32 bit installation to a new 64 bit server. Preparations Prepare WebCC databases On your old WebCC server, shut down the Proxy services, AMP Redirector, Propagation, Task Service. Backup your existing WebCC databases (SiteManagement, UserManagement, WebCC)using SQL Server Management Studio or another tool. Take the WebCC installation down by taking the website down in IIS manager. Prepare EVault reports databases Launch SQL Server Reporting Services Configuration Manager. Connect to the server and select Encryption Keys. Select Backup, provide a password and a file location. Press OK Copy the encryption key to the new server. Launch SQL Server Management Studio and connect to the default instance. Right click on the VaultReporting,database and select Tasks \u003e Backup. Back up the database to a file.Repeat procedure for ReportServer and ReportServerTempDB databases. Next, detach the databases. Right-click the ReportServer database and select Tasks then choose Detach and press OK. Wait for the task to complete. Repeat procedure for ReportServerTempDB and VaultReporting databases. Note Your EVault reports database may be under a different name than VaultReporting.\nRestore WebCC databases Copy the database backup files from the 32 bit machine to the 64 bit machine. Then open SQL Server Management Studio and connect to the new SQL Server instance that the Web CentralControl 64 bit installation was targeting on the 64 bit system. Select the SiteManagement database (which should be present from the fresh installation of Web CentralControl). Right-click, then select Tasks \u003e Restore \u003e Database making sure that SiteManagement is selected for the To database destination. Under Source for restore, select From device. Browse to the file where the 32 bit SiteManagement database was backed up and select the most recent backup. (There should be only one backup in the file.) Select Options from the left menu. Select Overwrite the existing database (WITH REPLACE). Verify that the Restore As path is correct for your system then run the restore. Repeat this procedure for the UserManagement and WebCC databases. Migrate EVault Reports Delete old databases On the 64-bit server, go to Start \u003e Administrative Tools \u003e Services and stop the SQL Server Agent and SQL Server Reporting Services services. Open SQL Server Management and connect to the local instance. Expand the databases and delete the following databases: EVaultReporting, ReportServer and ReportServerTempDB Move databases Next, you have to move the 2.70 EVault Reports Database to the new server. The Databases must be moved to the new server, Not backed up and restored Copy the detached databases from this step, both mdf and ldf files. Back in SQL Management Studio, expand the instance and right click on Databases, and select Attach. Select the VaultReporting, ReportServer and ReportServerTempDB .mdf file database in the Databases to attach field (select each individually). Go to Start \u003e Administrative Tools \u003e Services. Start the SQL Server Agent and SQL Server Reporting Services services. Change SQL Database Compatibility Mode Open SQL Server Management and connect to the local SQL instance. For each of the VaultReporting, ReportService and ReportServiceTempDB databases, right click and select Properties. Select Options and change the Compatibility Level to SQL 2008 (100) and save the changes At this point, if you try and connect to the ReportServer URL (accessible through the Web Service URL field in the Reporting Services Configuration Manager), you may see an error like this: The version of the report server database is either in a format that is not valid, or it cannot be read. The found version is \u0026#8216;C.0.8.40\u0026#8217;. The expected version is \u0026#8216;147\u0026#8217;. If you see a different error than this please consult the EvaultReports migration guide. Change SQL Database Network Service and System Users Connect to local instance using SQL Server Management Studio then open the ReportServer database and go to the Security/Users section. Remove the NT AuthorityNetwork Service and NT AuthoritySystem users. Click \u0026#8220;Yes\u0026#8221; at the prompt to remove the schemas as well as the users. Right-click on the Users folder and select to add a New User. Select the NT AuthorityNetwork Service user for the login name (use the browse button). Give the same name for the User Name. For the default schema, select dbo. Under Database role membership select both db_owner and RSExecRole and click OK to save the user. On the Schema folder, right-click to add new schema. For the schema name, use NT AuthorityNetwork Service. For the schema owner, select NT AuthorityNetwork Service. Click OK to save the user. Repeat steps above for the NT AuthoritySystem user on the ReportServer and ReportServerTempDB databases At this point, if you connect to the ReportServer URL you will see an error message like: The report server installation is not initialized. Restore the Encryption Key Open SQL Server Reporting Services Configuration Manager and connect to the SQL instance and select Encryption Keys. Select Restore then browse to the location where the Key file is that you backed up on the old server. Provide the same password that was used when backing up the encryption key and click OK. At this point, if you connect to the Report Service URL, you will likely see the error: The feature: \u0026#8220;Scale-out deployment\u0026#8221; is not supported in this edition of Reporting Services. Remove erroneous encryption record Open SQL Server management console and connect to the local instance. Select the ReportServer database. Edit the top 200 rows of the Keys table. There will be two key records there. One with the name of the new system and one with the name of the old system. Remove the record with the name of the old system. Repair Evault Reports Run the EVault Reports 2.71 install kit Select Repair to update the restored database. Complete the Install wizard to update the database to the 2.71 version. At this point If you go to your SQL Server Agent, you should see the GUIDs for your Subscriptions. If this is not the case then your subscriptions were not migrated and you should double check each step. Reassign External Addresses and Domains At this point you should reassign the old IP/DNS name to the new server in order for the agent to connect to the same server. Proceed to the next article if you are interested in upgrading EVault Director. ","permalink":"https://dragos.madarasan.com/blog/migrating-evault-web-centralcontrol/","summary":"In my previous article I described the steps to upgrade a 32 bit Web Central Control installation to version 7","title":"Migrating EVault Web CentralControl"},{"content":"{% include toc icon=\u0026ldquo;gears\u0026rdquo; title=\u0026ldquo;Contents\u0026rdquo; %}\nI’ve recently had the opportunity to upgrade an Evault production infrastructure and thought I might share how the process went. To give you an idea on the environment, it was a 1:1 setup running Director 6.31 and Web CentralControl 6.83 with a double digit (TB) data footprint. I’ve split the process in three articles. The first article is going to describe the necessary steps to upgrade Web CentralControl from 6.83 (32 bit) to 7.00b (32bit), the second article will cover migrating from Web CentralControl 32bit to 64bit, while the third article is going to focus on upgrading EVault Director from 6.31 to version 7. Prepare new server for Web CentralControl 7 In order to install the latest version of Web CentralControl (7.00b) you will need a machine running Windows Server 2008 R2 with .Net Framework 3.5 SP1 installed. Additionally you will need SQL Server 2008 R2 installed together with Reporting Services and IIS. Upgrade to version 7 Before migrating the current version of WebCC to the new server we first need to upgrade it to version 7. In order to do so download the installation kit from Evault’s website and copy it over to the old server. Restart the IIS server on the old server to make sure that any already logged in users will be logged out then shut down the AMP Proxy, Propagation Service, and Registration Service services. Next, back up the Web CentralControl databases (WebCC, UserManagement, and SiteManagement) in case the upgrade is not successful. Run WebCentralControl-7-00-1033b.exe. If you are running the old WebCC under Server 2003 you will most likely get the following prompt, click Ok. In the Upgrade Wizard page click Next. In the SQL Server Setup page select your SQL server and click Test to ensure connectivity. In the final wizard page click ok to start the upgrade process. During the upgrade, the installer will backup the existing databases, stop and then restart the services. If everything goes well you should see the Maintenance Operation Completed page. Click Finish. Open Control Panel Add/Remove Programs and make sure the listed version is 7.00 Install Web CentralControl 7 on new server The next step is to install WebCC 7 on the new server using the same settings as the old installation. Run WebCentralControl-7-00-1033b.exe. Click Next until you reach the Install Type page. In the Install Type page select Typical installation if you want to install all components on the same machine. In the Domain name page use the FQDN of the server In the SQL Server setup page configure the Database Server and click Test to check connectivity. In the next page click Next unless you want additional languages installed In the install path page leave the default path Next, in the IP address configuration page specify the IP addressed that will be used. The first two fields are used by the agents to connect to your WebCC server and represent the DNS and corresponding IP address as seen from the agent. The AMP Proxy field should use the local (management) IP address of the server. In the Configuring EVault Reports integration page check the option to integrate the two products if you plan on using them. In my case I select the option to integrate and use the default Login application. In the specify EVault Reports URL’s specify the two URLs as below. Unless EVault Reports has already been installed you will get the following prompt. Select Yes twice to continue with the installation. After the installation is finished ensure you can access the application by going to the mentioned URL and using the credentials provided. Install EVault Reports Login to your new 64-bit server and use SQL Server Configuration Manager to enable Named Pipes and configure the SQL server to listen on the IP 127.0.0.1 port 1433 (TCP/IP protocol). Run EVaultReports-2-71-1674a.exe.In the Welcome page click Next. Accept the terms and click Next. In the Install Type page select Typical and click Next. At this point I encountered the following message. You can quickly add Windows Authentication to IIS by running CMD /C START /w PKGMGR.EXE /iu:IIS-WindowsAuthentication In the Allow Group Access page, select Create New User Group and type Reports Users then click Next. In the SQL Server Setup page, in the SQL Server box type (local) and select Connect using SQL Server authentication. Type the credentials for the sa account or alternatively create a new SQL user account for the Evault Reports installation. Click test to ensure the SQL server is reachable. In the Report Viewer page use your Windows credentials and click next. In the Integrate with Web CentralControl page check the option Integrate the Web Reporting with Web CentralControl In the Web CC Login URL box type http://localhost/login. In the Backup console URL http://localhost/BackupConsole. Note This assumes you have installed Web CentralControl and EVault Reports on the same server. If that is not the case the URLs would correspond to your WebCC installation.\nIn the next Windows prompt select Yes to begin the installation. After the installation is finished ensure http://localhost/ReportManager and http://localhost/ReportViewer are accessible. At this point you should have 2 instances of Evault WebCentralControl 7 (and optionally EVault Reports), one running on 32 bit and the other on 64 bit. In the next article I will detail the steps to migrate Web CentralControl and Evault Reports. ","permalink":"https://dragos.madarasan.com/blog/upgrading-evault-to-version-7/","summary":"I’ve recently had the opportunity to upgrade an Evault production infrastructure and thought I might share how the process went.","title":"Upgrading Evault to version 7"},{"content":"I recently published an article on ITSpark about installing SharePoint 2010 on SQL Server 2012. The article is in Romanian and can be read here.\n","permalink":"https://dragos.madarasan.com/blog/installing-sharepoint-2010/","summary":"\u003cp\u003eI recently published an article on ITSpark about installing SharePoint 2010 on SQL Server 2012. The article is in Romanian and can be read \u003ca href=\"http://itspark.ro/w/wiki/instalare-sharepoint-2010-pe-sql-2012.aspx\" target=\"_blank\" \u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" href=\"http://itspark.ro/w/wiki/instalare-sharepoint-2010-pe-sql-2012.aspx\"\u003e\u003cimg style=\"background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px\" title=\"4745.1.png-280x0\" border=\"0\" alt=\"4745.1.png-280x0\"  src=\"/images/4745.1.png-280x0.png\" width=\"289\" height=\"217\" /\u003e\u003c/a\u003e\u003c/p\u003e","title":"Installing SharePoint 2010"},{"content":" After reading Julien Smith’s post How To Read a Book a Week , I was inspired by his commitment to read one book each week and thought I was a great idea. After previously reading this year David Allen’s Getting Things Done, I started to make a list of things I wanted to read. My Amazon wish list already contained: What Would Google Do by Jeff Jarvis so I gave it a go. It took me 2 weeks to finish it. Next, I read Man’s Search for Meaning by Viktor Frankl, a very interesting book.\nI am now reading 18 Minutes by Peter Bregman on my newly bought Kindle.\nI had almost forgotten the joy of reading books as in the last 3 years I had barely read anything, and even in that case it was mostly IT/technical books.\n","permalink":"https://dragos.madarasan.com/blog/reading-books-once-more/","summary":"\u003cp align=\"justify\"\u003e\n  After reading Julien Smith’s post \u003ca href=\"http://inoveryourhead.net/how-to-read-a-book-a-week-in-2010/\" target=\"_blank\"\u003eHow To Read a Book a Week\u003c/a\u003e , I was inspired by his commitment to read one book each week and thought I was a great idea.\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  After previously reading this year David Allen’s \u003ca href=\"http://www.amazon.com/Getting-Things-Done-Stress-Free-Productivity/dp/0743571657\" target=\"_blank\"\u003eGetting Things Done\u003c/a\u003e, I started to make a list of things I wanted to read. My Amazon wish list already contained:\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://www.amazon.com/What-Would-Google-Jeff-Jarvis/dp/0061709719/\"\u003eWhat Would Google Do\u003c/a\u003e by Jeff Jarvis so I gave it a go. It took me 2 weeks to finish it.\nNext, I read \u003ca href=\"http://www.amazon.com/Mans-Search-Meaning-Viktor-Frankl/dp/0807014273\"\u003eMan’s Search for Meaning\u003c/a\u003e by Viktor Frankl, a very interesting book.\u003c/p\u003e","title":"Reading books once more!"},{"content":" I recently had the chance to work on a problem concerning permission to access a specific web page in SharePoint 2010. The error message that almost all of the users were getting was the generic “accessed denied” but using the Check permission button I could verify that the users had at least read permissions to access the site. Playing along with the permissions I noticed that users having Contributor rights were able to see the page while those with Read permissions did not. I then stumbled on this forum post which perfectly described my situation. The solution proposed by one of the users was to enable the permission \u0026#8220;Browse Directories\u0026nbsp; \u0026#8211;\u0026nbsp; Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.\u0026#8221; for the Read access level permission. So there you go, enabling Browse directories did the trick! ","permalink":"https://dragos.madarasan.com/blog/sharepoint-permission-problem-read-contributor-permissions/","summary":"\u003cp align=\"justify\"\u003e\n  I recently had the chance to work on a problem concerning permission to access a specific web page in SharePoint 2010.\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  The error message that almost all of the users were getting was the generic “\u003cstrong\u003eaccessed denied\u003c/strong\u003e” but using the Check permission button I could verify that the users had at least read permissions to access the site.\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  Playing along with the permissions I noticed that users having Contributor rights were able to see the page while those with Read permissions did not. I then stumbled on \u003ca href=\"http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/b95d180a-4dac-4a41-8b73-7a7b9d0f6e7f/\" target=\"_blank\"\u003ethis\u003c/a\u003e forum post which perfectly described my situation.\n\u003c/p\u003e","title":"SharePoint permission problem Read Contributor permissions"},{"content":" A few days before leaving overseas I was invited to talk about Private Cloud concepts with Tudy Damian (MVP, Virtualization) and Adrian Stoian (MVP, System Center). The recording is in Romanian and can be found here. ","permalink":"https://dragos.madarasan.com/blog/microsoft-private-cloud-techtalk/","summary":"\u003cp align=\"justify\"\u003e\n  A few days before leaving overseas I was invited to talk about Private Cloud concepts with \u003ca href=\"http://www.tudy.ro/\" target=\"_blank\"\u003eTudy Damian\u003c/a\u003e (MVP, Virtualization) and \u003ca href=\"http://adrianstoian.com/\" target=\"_blank\"\u003eAdrian Stoian\u003c/a\u003e (MVP, System Center).\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  The recording is in Romanian and can be found \u003ca href=\"http://itspark.ro/w/wiki/2012-03-14-itspark-techtalk-episodul-8.aspx\" target=\"_blank\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"http://itspark.ro/w/wiki/2012-03-14-itspark-techtalk-episodul-8.aspx\"\u003e\u003cimg style=\"background-image: none; padding-left: 0px; padding-right: 0px; display: block; float: none; margin-left: auto; margin-right: auto; padding-top: 0px; border: 0px;\" title=\"image\" src=\"/images/image.png\" alt=\"image\" width=\"244\" height=\"140\" border=\"0\" /\u003e\u003c/a\u003e\u003c/p\u003e","title":"Microsoft Private Cloud TechTalk"},{"content":" Last week I got the chance to brush my Mac skills and encountered the following problem. When using Mac OS X 10.6.* and PGP versions prior to 10.1.2 after upgrading the OS to the latest version (10.6.8) it would not boot anymore. This is a known bug in PGP which is fixed in PGP 10.1.2 or later. But, if you’ve already done the upgrade you can fix the problem pretty easily without the need to reinstall OSX. Here’s how: Boot into your OSX install CD don’t install but go to utilities and select terminal in terminal type diskutil list note the location of your boot partition (labeled Boot OS X) type diskutil mount (ie diskutil mount disk0s3) type cd “/volumes/boot osx/system/library/coreservices” type cp pgpboot.efi boot.efi exit terminal and reboot Original credits\n","permalink":"https://dragos.madarasan.com/blog/fix-mac-os-x-not-booting-pgp/","summary":"\u003cp align=\"justify\"\u003e\n  Last week I got the chance to brush my Mac skills and encountered the following problem.\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  When using Mac OS X 10.6.* and PGP versions prior to 10.1.2 after upgrading the OS to the latest version (10.6.8) it would not boot anymore.\n\u003c/p\u003e\n\u003cp align=\"justify\"\u003e\n  This is a known bug in PGP which is fixed in PGP 10.1.2 or later. But, if you’ve already done the upgrade you can fix the problem pretty easily without the need to reinstall OSX. Here’s how:\n\u003c/p\u003e","title":"Fix Mac OS X not booting PGP"},{"content":" The other day Adobe just released an update to their flagship product Adobe Reader. While I quickly updated my installation, I decided to try the new Software Installation introduced in Windows Intune 2.0 last year and deploy the update to a couple of computers I manage. The first problem I encountered was that I couldn’t use my favorite browser and I had to use IE. When I would go to the Software tab and select the task Upload Software, my browser would download an executable and when I would try to run it I would get An error occurred attempting to install SoftwarePublishingApp Switching to IE solved the problem, but in the final dialog screen where I should select the software I wanted to deploy I would only have the options of deploying msi or exe files. The problem was that this particular Adobe patch was in the msp file format. After taking a break from the problem I went over to the Update tab and saw a new task that was available: Upload. Much to my surprise the process was basically the same as with Upload software but this time I was presented with the option of selecting msp files as well. The rest of the steps were basically giving Intune more info on what Operating systems to deploy the software update to. The next step was to approve this update to deploy it to computers. You can find imported 3rd party updates in the Non-Microsoft updates section in the All updates drop-down menu. So, for the record 3rd party updates in msp format can be deployed from the Update tab not the Software one. ","permalink":"https://dragos.madarasan.com/blog/deploying-adobe-reader-with-windows-intune/","summary":"\u003cp style=\"text-align: justify;\"\u003e\n  The other day Adobe just released an update to their flagship product Adobe Reader. While I quickly updated my installation, I decided to try the new Software Installation introduced in Windows Intune 2.0 last year and deploy the update to a couple of computers I manage.\n\u003c/p\u003e\n\u003cp style=\"text-align: justify;\"\u003e\n  The first problem I encountered was that I couldn’t use my favorite browser and I had to use IE. When I would go to the Software tab and select the task Upload Software, my browser would download an executable and when I would try to run it I would get\n\u003c/p\u003e","title":"Deploying Adobe Reader with Windows Intune"},{"content":"The other day I combined 2 of my Google Apps domains by adding the second as a domain alias. The problem was that the alias appeared to be stuck and the only option would be “Activate domain alias”. I had already activated the alias by 2 methods so I had no idea what was wrong.\nI then read on the forums that being signed in to multiple accounts could prevent a successful activation. I immediately signed off all my accounts and retried. This time, I got an error, saying that Google Webmaster Tools is not enabled for my domain. After activating that service I managed to finally activate the alias.\nThe root cause of the fail would be something in the lines of: Google detects that you don’t have access to the Google Webmaster Tools and switches to one of the other accounts you may be signed in. That account’s GWT service might be activate, but it doesn’t have permission to deal with your initial domain hence the errorless loop of trying to activate the alias.\nActivating a domain alias is a pretty simple process but if you never get an error it is hard to figure out what could be the problem.\n","permalink":"https://dragos.madarasan.com/blog/google-apps-alias-stuck-at-activate/","summary":"\u003cp\u003eThe other day I combined 2 of my Google Apps domains by adding the second as a domain alias. The problem was that the alias appeared to be stuck and the only option would be “Activate domain alias”. I had already activated the alias by 2 methods so I had no idea what was wrong.\u003c/p\u003e\n\u003cp\u003e \u003c/p\u003e\n\u003cp\u003eI then read on the forums that being signed in to multiple accounts could prevent a successful activation. I immediately signed off all my accounts and retried. This time, I got an error, saying that Google Webmaster Tools is not enabled for my domain. After activating that service I managed to finally activate the alias.\u003c/p\u003e","title":"Google Apps alias stuck at activate"},{"content":"This week was an exceptional good week, but the the most important accomplishment is that I managed to pass my Google Apps certification exam and I’m now a Google Apps Certified Deployment Specialist.\nIt was now a matter of pride passing this exam, having been sponsored by a 3rd party who I hope will use my skills in the future.\n","permalink":"https://dragos.madarasan.com/blog/google-apps-certified/","summary":"\u003cp\u003eThis week was an exceptional good week, but the the most important accomplishment is that I managed to pass my Google Apps certification exam and I’m now a Google Apps Certified Deployment Specialist.\u003c/p\u003e\n\u003cp\u003eIt was now a matter of pride passing this exam, having been sponsored by a 3rd party who I hope will use my skills in the future.\u003c/p\u003e\n\u003cp\u003e\u003ca class=\"highslide img_4\" href=\"/images/gacds.png\" onclick=\"return hs.expand(this)\"\u003e\u003cimg style=\"background-image: none; padding-left: 0px; padding-right: 0px; display: inline; padding-top: 0px; border: 0px;\" title=\"gacds\" src=\"/images/gacds_thumb.png\" alt=\"gacds\" width=\"244\" height=\"186\" border=\"0\" /\u003e\u003c/a\u003e\u003c/p\u003e","title":"Google Apps certified!"},{"content":"Last week I attended ITCamp 2011 a premium conference held in Cluj-Napoca and organized by 2 communities: ITSpark and CodeCamp. Now that I have a bit more time off, I decided to write about my experience.\nThe first thing that comes to mind is finally! While I like small community events with 20-30 participants, a big event like ITCamp was long overdue. I remember the last TechNet session I attended in Cluj was quite a while ago, in 2007.\nThe conference had 2 tracks, one for ITPro and one for Developers, while the event had over 200 attendees. I managed to attend most of day 1 and only the final 2 sessions on the second day.\nThe first day started with the keynote opening from Mihai Tătăran and Tudor ‘Tudy’ Damian and I take this opportunity to thank them again for their hard work on making this event happen.\nNext Petru Jucovschi and Sebi Vijeu talked about automated testing in a virtual environment. I admit that even the developer side of the presentation was interesting because it would have helped me in my Computer Science courses over the years.\nStephen Forte then talked about Kanban, a Japanese philosophy that says work in progress should be kept at a minimum. Stephen is a great speaker and in the 60 minutes he spent describing Kanban and how to use it, the audience had some really good laughs.\nAfter the lunch-break, Adrian Stoian talked about System Center Configuration Manager 2012. I was really looking forward to this presentation as I like the System Center family of products and Configuration Manager in special. I was really glad Adi had some demos to show us because I have been busy and can’t find any time to install SCCM 2012 and play with it. I am really excited about what SCCM 2012 will bring and plan to make some time in July to test it hands-on.\nTudor Damian’s Private Cloud – the good, the bad and the ugly presentation was a really nice recap on the whole cloud computing idea. Sometimes we let ourselves get caught up on new ideas and Tudy was excellent in pointing both advantages and the disadvantages of the cloud.\nMy next stop was at the Dev track. I already knew what Windows Intune was about and a colleague from school mentioned Ciprian Jichici was an excellent speaker so I decided to attend his Year 2 – Life after Cloud presentation. Right from the start I was blown away by his expertise. The guy talked for an hour with just 6-8 slides, impressive! As I had recently worked with Windows Azure I had some clues on how to use it, but Ciprian’s presentation managed to answer all outstanding questions I may have had. Excellent speaker, no wonder he is a Microsoft Regional Director!\nUnfortunately I wasn’t able to attend the Open Panel Discussion on Cloud \u0026amp; Windows Azure because I would have liked to hear what the rest of my peers think about the whole concept.\nI was able to make up for that loss at the VIP dinner later that day, where I was invited because I helped organized the event. The table I sat had some great people. Besides fellow itsparker Chris and Cristian Lefter which I had already meet, I had the opportunity to talk with Paul Roman from PRAS Consulting and Drago? Mănac from Appnor. I had some really hard questions for each of them as I really wanted to know what “good” decisions they made to get to this point. I consider both of them a very good example of an ITPro turned self entrepreneur.\nOn the second day of the event I only managed to catch 2 presentations. Mihai Tătăran talked about the migration of an existing application in Windows Azure and the problems his company faced.\nPaula Januszkiewicz’s presentation called 10 Deadly Sins of Administrators in regards to Windows Security was a real delight. The presentation was really hands on and Paula showed us how easy it is to hack a network. Ranging from stuff like the ability to write in a folder we don’t have permission, snooping SMB traffic and even replacing explorer.exe. At the end of the presentation I had this strange feeling I need to get home, secure my network, and start using encryption on my laptop .\nAll in all the conference was a great event both from a technical perspective and because I had the opportunity to network with really smart people from the IT industry.\nCongratulations to all of the organizers who made this possible. Looking forward to next year!\n","permalink":"https://dragos.madarasan.com/blog/itcamp-2011/","summary":"\u003cp\u003eLast week I attended ITCamp 2011 a premium conference held in Cluj-Napoca and organized by 2 communities: \u003ca href=\"http://itspark.ro/\" target=\"_blank\"\u003eITSpark\u003c/a\u003e and \u003ca href=\"http://www.codecamp.ro/\" target=\"_blank\"\u003eCodeCamp\u003c/a\u003e. Now that I have a bit more time off, I decided to write about my experience.\u003c/p\u003e\n\u003cp\u003eThe first thing that comes to mind is \u003cstrong\u003efinally!\u003c/strong\u003e While I like small community events with 20-30 participants, a big event like ITCamp was long overdue. I remember the last TechNet session I attended in Cluj was quite a while ago, in 2007.\u003c/p\u003e","title":"ITCamp 2011"},{"content":"Tomorrow I will be hosting a presentation and a workshop with fellow ITSpark members Chris, Cosmin and Tudy.\nAs Tudy has already blogged, the event is part of a 3 cities road-trip (Cluj-Napoca, Bucharest and Timisoara), a series of events held under the auspices of Microsoft with the goal of bringing NGO and IT closer, so they can work and solve problems easier.\n","permalink":"https://dragos.madarasan.com/blog/connection-day-cluj-napoca/","summary":"\u003cp\u003eTomorrow I will be hosting a presentation and a workshop with fellow \u003ca href=\"http://itspark.ro/p/despre-itspark.aspx\" target=\"_blank\"\u003eITSpark members\u003c/a\u003e Chris, Cosmin and Tudy.\u003c/p\u003e\n\u003cp\u003eAs \u003ca href=\"http://www.tudy.ro/2011/04/02/microsoft-connection-days/\" target=\"_blank\"\u003eTudy has already blogged\u003c/a\u003e, the event is part of a 3 cities road-trip (Cluj-Napoca, Bucharest and Timisoara), a series of events held under the auspices of Microsoft with the goal of bringing NGO and IT closer, so they can work and solve problems easier.\u003c/p\u003e","title":"Connection Day \u0026#8211; Cluj-Napoca"},{"content":" Every since I installed SCCM 2007 in the network I manage, I wanted to test the Operating System Deployment (OSD) because it\u0026#8217;s much more flexible than what Windows Deployment Services provides. After looking at numerous guides on how to setup OSD in SCCM 2007 (here and here) I would always end up having this error when trying to PXE boot clients Downloaded WDSNBP Architecture: x64\nThe details below show the information relating to the PXE boot request for this computer. Please provide these details to your Windows Deployment Services Administrator so that this request can be approved.\nPending Request ID: 45\nContacting Server: 192.168.3.1.\u0026lt;br /\u0026gt; TFTP Download: smsbootx64abortpxe.com\n``\nPXE Boot aborted. Booting to next device...\nOf course I tried what every other sysadmin does, find cases when people had the same problem and try the fixed that worked for them. Well, in this case that didn\u0026#8217;t work, and that\u0026#8217;s because my situation was a bit special. What should have caught my attention a lot earlier was the following lines in the smspxe.log file: Executing LookupDevice(03000200-0400-0500-0006-000700080009, 00:13:8F:D7:BD:97)\tsmspxe\t26.01.2011 12:19:54\t3240 (0x0CA8) CDatabaseProxy :: LookupDevice succeeded: 162 30 5 1\tsmspxe\t26.01.2011 12:19:54\t3240 (0x0CA8) MAC=00:13:8F:D7:BD:97 SMBIOS GUID=03000200-0400-0500-0006-000700080009 \u0026gt; Device found in the database. MacCount=1 GuidCount=30\tsmspxe\t26.01.2011 12:19:54\t3240 (0x0CA8) Executing LookupDevice(03000200-0400-0500-0006-000700080009, 00:13:8F:D7:BD:97)\tsmspxe\t26.01.2011 12:19:54\t3416 (0x0D58) The problem here is obvious, although I can’t say it was to me (GuidCount greater than 1). There were computers with duplicate GUIDs (actually UUIDs) and this prevented a proper PXE boot for all devices. I managed to get a confirmation that the duplicate GUID was indeed preventing the PXE boot after reading this blog post on the ConfigMgr blog. The only problem is they suggested something I knew I couldn’t do: talk to the vendors and ask them to fix the problem. The salvation finally came after reading post on the Microsoft forums here.\nI proceed to test this out by running SQL Management Studio, going to my ConfigMgr database (SMS_Sitecode) then to Stored procedures and finally edited the NBS_Lookupdevice procedure to replace my duplicate UUID with all 0 which SCCM will ignore by default. Another method described here involves changing 2 procedures so that SCCM basically ignores UUIDs when dealing with PXE boot. ","permalink":"https://dragos.madarasan.com/blog/sccm-2007-osd-issue/","summary":"\u003cp style=\"text-align: justify;\"\u003e\n  Every since I installed SCCM 2007 in the network I manage, I wanted to test the Operating System Deployment (OSD) because it\u0026#8217;s much more flexible than what Windows Deployment Services provides.\n\u003c/p\u003e\n\u003cp style=\"text-align: justify;\"\u003e\n  After looking at numerous guides on how to setup OSD in SCCM 2007 (\u003ca href=\"http://www.windows-noob.com/forums/index.php?/topic/1064-sccm-2007-guides/\"\u003ehere \u003c/a\u003eand \u003ca href=\"http://www.myitforum.com/myITWiki/Default.aspx?Page=SCCMOSD\"\u003ehere\u003c/a\u003e) I would always end up having this error when trying to PXE boot clients\n\u003c/p\u003e\n\u003cp style=\"text-align: justify;\"\u003e\n  \u003ccode\u003eDownloaded WDSNBP\u003c/code\u003e\n\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eArchitecture: x64\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eThe details below show the information relating to the PXE boot request for this computer. Please provide these details to your Windows Deployment Services Administrator so that this request can be approved.\u003c/code\u003e\u003c/p\u003e","title":"SCCM 2007 OSD Issue"},{"content":" Right after New Years Eve I had to update some packages/advertisements for some new software. That was easy, but the problem was that none of the clients got the advertisements. I started to troubleshoot the problem and looked at the ConfigMgr Site Status. There I got some really nasty errors one for the MP Control Manager component and another for the MCS Control Manager. MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 400, Bad Request.\nMCS Control Manager detected MCS is not responding to HTTP requests. The http error is 400.\nThis was clearly an IIS error but I also knew that I had not messed up with the settings lately. I then checked if my MP site was accessible from a web browser. First I tried http://full_dns/sms_mp/.sms_aut?mplist but got .. Error 400 Bad request. Strange! I then tried with the local IP address (http://IP_Server/sms_mp/.sms_aut?mplist) of the server and that worked. I double checked the bindings in IIS, they were good – port 80 and 443 with the IP address of server. Next thing I decided to test was the DNS. I pinged the full DNS of the SCCM server and bang it hit me .. I was getting back an IPv6 address. The reason for that is I decided to test DirectAccess in my network so I enabled IPv6 on all servers. And by default it would seem that IPv6 addresses take precedence over IPv4. Knowing this the solution was easy, just modified the binding in IIS to add the IPv6 address (All Unassigned works too). ","permalink":"https://dragos.madarasan.com/blog/strange-errors-in-sccm-2007/","summary":"\u003cp style=\"text-align: justify;\"\u003e\n  Right after New Years Eve I had to update some packages/advertisements for some new software. That was easy, but the problem was that none of the  clients got the advertisements.\n\u003c/p\u003e\n\u003cp style=\"text-align: justify;\"\u003e\n  I started to troubleshoot the problem and looked at the ConfigMgr Site Status. There I got some really nasty errors one for the MP Control Manager component and another for the MCS Control Manager.\n\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eMP Control Manager detected management point is not responding to HTTP requests.  The HTTP status code and text is 400, Bad Request.\u003c/p\u003e","title":"Strange errors in SCCM 2007"},{"content":"Who am I?\nI\u0026rsquo;m Dragos Madarasan, a Lead Solutions Architect, speaker and author working in the cloud computing field. I work for Amazon Web Services, a subsidiary of Amazon that offers IT infrastructure services to millions of customers.\nI currently lead a team of Solutions Architects based in Romania, driving technical pre-sales and GenAI go-to-market strategy for clients in the financial services, energy and retail sectors. My journey at AWS started in 2015 as a Cloud Support Engineer in Dublin, Ireland, followed by a Professional Services Consultant role in Stockholm, Sweden, and an Enterprise Solutions Architect position covering Germany and Romania before moving into my current leadership role.\nBefore AWS, I worked for several years at Endava, a managed services provider company based in London, UK, where I dealt with level 3 technical support. My first \u0026lsquo;job\u0026rsquo; was for the Faculty of Architecture in Cluj-Napoca where I worked as a system administrator. I have a technical background and started my professional career as a network administrator, switched to Windows and virtualization in 2009 and then to cloud computing in late 2015.\nSeveral times a year I speak at AWS Summits, Cloud Days and local meetup groups across Europe. I enjoy sharing my experience and anecdotes with the community and am a big believer that public speaking is a unique form of communication.\nWhy this blog?\nEarly on, I noticed the best way to memorize information is to write it down. I started writing about interesting troubleshooting scenarios I encountered and various scripts or commands that made my life easier. I have used many blogging platforms since then, including Kentico and WordPress, but now i prefer using static websites since they are simple to spin up and cost next to nothing to run.\nDisclosure\nAs an employee of AWS, I own a small number of restricted stock units in Amazon. My opinions are my own and Amazon does not pre-approve any articles I post.\n","permalink":"https://dragos.madarasan.com/about/","summary":"Few info about me","title":"About"},{"content":"\rName E-mail Message\nSend\n","permalink":"https://dragos.madarasan.com/contact/","summary":"Contact","title":"Contact"},{"content":"This page lists posts by category. Browse the categories below to find posts on specific topics.\n","permalink":"https://dragos.madarasan.com/portfolio/","summary":"\u003cp\u003eThis page lists posts by category. Browse the categories below to find posts on specific topics.\u003c/p\u003e","title":"Portfolio"},{"content":"Yesterday I had a presentation on Running Microsoft SQL Server on Amazon Web Services at SQLSaturday 915 Bucharest. There was a big crowd at the event, held at Impact Hub in Bucharest.\nFrom handling JSON in SQL to T-SQL performance tuning, there were a total of 10 sessions, and I was glad to have the opportunity to talk about Amazon RDS to so many people.\nSeveral international speakers presented such as André Melancia (Portugal), Andrey Nikolov (Bulgaria), Ilie Mugurel (Austria) together with local speakers like Alexandra Ciortea (Microsoft), Catalin Gheorghiu (I Computer Solutions) and Liviu Ieran (Microsoft).\nBig congrats to Cristian Lefter for organizing the event!\nHere is a picture with everyone at the end, I am somewhere on the right side!\nMy slides covering the presentation can be found here.\n","permalink":"https://dragos.madarasan.com/blog/sql-saturday-915/","summary":"Yesterday I had a presentation on Running Microsoft SQL Server on Amazon Web Services at SQLSaturday 915 Bucharest.","title":"SQLSaturday 915 - Bucharest 2019"},{"content":"\rPacktPub approached me in the spring of 2015 to write a Citrix book for them which I was delighted to accept, having worked with PacktPub before as a technical reviewer for a number of books. We decided to tackle the troubleshooting aspect of Citrix XenApp/XenDesktop administration and the book is the result of several months of work together with Suraj who is a Citrix Consultant and specializes in virtualization \u0026amp; enterprise mobility.\nWe\u0026rsquo;ve written this book to be useful for Citrix administrators at all levels. People who have just started working with Citrix will find useful information on how to identify, break down and then resolve problems. The first chapters start off with the basic troubleshooting methodology and guidelines while later chapters focus on more specific cases. Experienced Citrix administrators will find real-world cases that the authors have encountered with the book providing solutions, troubleshooting steps and further reading materials. All in all, I believe everyone reading this book would learn a bit more Citrix troubleshooting.\nThe book is available for download at the following websites:\nPacktPub\rAmazon.com\rAmazon UK\r","permalink":"https://dragos.madarasan.com/book/","summary":"Troubleshooting Citrix XenApp","title":"Troubleshooting Citrix XenApp"}]