Google Domain Verification Azure DNS

Posted on By Jeff Heysen
Microsoft Azure

Before you can use your domain with G Suite/Google Cloud, you need to verify that you own it. This can be achieved simply by adding a txt verification record to your domain’s settings. Although Google do provide instructions for a lot of DNS providers such as AWS, GoDaddy etc…However I did notice that Azure was not included in this list.

For convenience I have outlined steps below if you are using Azure to manage the DNS Zone.

Get Verification Code

  1. Open a new browser window or tab, and sign in to your Google Admin console.
  2. Select the option to Verify Domain.
  3. Select Other from the provider list
  4. Select the Add a domain host record (TXT or CNAME) verification method.
  5. Copy the complete contents of the Value/Answer/Destination field. The contents should have “google-site-verification=” at the beginning. This is the verification record that you will submit to your domain host.

Add Verification Record to Azure DNS

  1. Open a new browser window or tab, and sign in to your Azure Portal.
  2. Open up DNS Zones
  3. Select the Domain
  4. Click add Record Set
  5. It will already prefix with your domain, so either leave blank or use @. However if you are using a subdomain enter the subdomain such as test.contoso.com. Although the @ should cover the complete domain, I noticed the google verification process was looking for the exact subdomain record
  6. Select TXT from the Type dropdown
  7. Leave TTL as 1 Hour
  8. In the Value field paste the google site verification string
  9. Click Ok to create the record

Now return back to google and finish the verification process. It may take up to 72hr for some changes to take effect.

Using nslookup, you can verify to see if the TXT record is returned.

From command prompt:

nslookup
set type=txt
subdomain.yourdomain.com

 

 

 

Renew Deleted Expired Certificate For Windows Service Bus

Posted on By Jeff Heysen
Windows

Renewing a expired certificate for a windows service bus is quite simple and the process is documented on msdn.

1. Stop-SBFarm on one of the nodes in the farm.
2. Install a new certificate on all Service Bus machines.
3. Set-SBCertificate – FarmCertificateThumbprint: Thumbprint of the new farm certificate – SkipKeyReEncryption
4. Update-SBHost cmdlet on all farm nodes.
5. Set-SBNamespace – Name namespace – PrimarySymmetricKey: service namespace key.
6.Call the Start-SBFarm cmdlet on one of the farm nodes.

However if the expired certificate has been deleted, you will run into issues running any command against the servicebus.

You will most likely receive the following error:

Certificate requested with thumbprint not found in the certificate store

certerror

I have seen various methods to resolve this by editing the registry and removing entries from SQL or re implementing your service bus, but a cleaner method is to simply restore your expired cert so it can be renewed.

1. Logon to your certificate authority
2. Find the issued certificate request by using the filter by using the certificate hash field and enter the thumbprint for the expired certificate. (note: thumbprint format uses spaces)
3. Select the certificate and export as binary and save as using the .cer file extension
4. Copy the .cer file to your service bus server
5. Import the certificate to the local store
6. Open the certificate store, and view the properties of the imported certificate. select the details tab and note down the serial number
7. Open command prompt as administrator and run the following: certutil -repairstore my “serialnumber”
8. Open powershell as administrator and run the following: get-sbfarm
9. Run the following start-sbfarm
10. You now can follow the procedure to renew a expired certificate

AWS Solution Architect Professional Level Sample Exam Answers

Posted on By Jeff Heysen
AWS

AWS provides 6 preview questions to get a feel for the type of the questions presented in the exam, however they do not provide answers.

The sample questions can be downloaded from here:
https://d0.awsstatic.com/Train%20%26%20Cert/docs/AWS_certified_solutions_architect_professional_examsample.pdf

Answers as follows:

Question 1: A) Deploy the Oracle database and the JBoss app server on EC2. Restore the RMAN Oracle backups from Amazon S3. Generate an EBS volume of static content from the Storage Gateway and attach it to the JBoss EC2 server.

Question 2: C) Take hourly DB backups to Amazon S3, with transaction logs stored in S3 every 5 minutes.

Question 3: B) Register the application with a Web Identity Provider like Amazon, Google, or Facebook, create an IAM role for that provider, and set up permissions for the IAM role to allow S3 gets and DynamoDB puts. You serve your mobile application out of an S3 bucket enabled as a web site. Your client updates DynamoDB.

Question 4: D) Use Elastic Load Balancing to distribute traffic to a set of web servers. Configure the load balancer to perform TCP load balancing, use an AWS CloudHSM to perform the SSL transactions, and write your web server logs to an ephemeral volume that has been encrypted using a randomly generated AES key.

Question 5: D) Configure an SSL VPN solution in a public subnet of your VPC, then install and configure SSL VPN client software on all user computers. Create a private subnet in your VPC and place your application servers in it.

Question 6: B) Sync the application data to Amazon S3 starting a week before the migration, on Friday morning perform a final sync, and copy the entire data set to your AWS file server after the sync completes.