Workspace Unhealthy After Changing Computer Name - amazon-workspaces

We decided to move dev machines (PC's) into the cloud in the form of Amazon Workspaces. In simple terms, a provisioned workspace is very similar to a PC accessed via RDP. However, the scaffolding for the service assigns a 'unqiue' computer name to each workspace. We wanted to set a specific computer name and therefore we connected to the workspace and used the standard Windows technique of going into Properties on "This PC". Windows prompted to restart, which we did. Thereafter the workspace was unreachable from the Windows WorkSpaces client stating the status was Unhealthy. The WorkSpaces Management status was initially REBOOTING then PENDING. Finally it showed UNHEALTHY.
It is not unusual to want to change the computer name, particularly if modelling a current physical config into the cloud. However it looks like this derails / confuses the workspaces scaffolding.
Question: How to make the workspace reachable again, especially if much time investment has been made configuring it?
I shall provide the answer that solved the issue for me, which I leave for others hitting this issue and in the hope that it helps.

I found the basis of this answer in the Amazon Workspaces forum from the same question asked by JoeA in 2016. It took me a while to find - see the original post here. which I shall paraphrase following in case this precious link breaks in the future.
Amazon's answer was:
Changing the computer name on your WorkSpace will cause the PCoIP application to fail, so you won't be able to connect to it using the Amazon client.
To connect to the workspace, you can edit the security group associated with the workspace's ENI and allow TCP traffic on port 3389 so you can RDP into it.
Once you are connected to the WorkSpace, rename it back to the original name and reboot it and you should be able to connect again.
JoeA responded:
Thank you very much for your reply, there is hope! I'm a newbie with AWS and Workspaces. Can you provide more details, or point me to a document, on how to access the Workspace using RDP? I searched the forum, but no luck.
Specifically, I don't know how to "edit the security group associated with the workspace's ENI and allow TCP traffic on port 3389 so you can RDP into it" as you state. I did find under the "Directories" setting that my "Security Group" is set to "None selected". (FYI, I have only this one Workspace.) "Access to Internet" is set to "Enable", if that is a factor. Thanks.
JoeA then followed up with the solution which was, in his words:
The changes to open the port are under the EC2 console, not the Workspaces console where I was originally looking. I found the Security Group for Workspaces, and changed Inbound traffic to allow RDP (port 3389). Then also on the EC2 console, I found Network Interfaces that shows the public IP. (I first tried to RDP using the IP shown in Workspaces console properties ("WorkSpace IP"), but that must be a local IP inside that network.) RDP'ing to the public IP, I connected and put back the original machine name, restarted, and now I can connect again using the Workspaces client again.
Thanks JoeA for that good work.

Related

Local web server on windows stopped being reachable by devices on the same network

I use a local Python web server on my Windows machine. It’s simple, but good enough while in the static web page development stage. I just run it with something like this on my WSL command line:
python3 -m http.server
I can also access it on mobile devices on the same network, by going to my local address, e.g.: http://192.168.1.12:8000. All was good, until suddenly I could no longer access it on external devices, I got a “server not responding” type of message. Also, I could clearly see that when I refreshed the page on my phone, there was no GET request on the logs.
Immediately I tested on the local machine, and it was still working fine. This obviously smelled like a Firewall. In Linux, I’d know what to do, but it’s the first time I had to deal with this on Windows. This is what I’ve tried, without resolving the connection problem:
I opened the Event Viewer but could not see any obvious logs to check
I stopped the server (CTRL+C) and started it again on another port (5000). The Windows Firewall message popped up again asking for permission for Python3 to access the “Public network” and the “Private network”. Normally I just tick the “private network” but this time I checked both, as a troubleshooting step, in case my Wi-Fi was incorrectly being considered “public”.
I went to Windows Firewall and temporarily shut it down on the private network.
I installed and tried running nmap on the WSL, but it failed to run and prompted me to install the Windows version instead.
I installed and ran the Windows version of nmap but it told me that port 5000 was open.
What is the recommended way to troubleshoot and fix this issue?
Still suspecting the firewall, I tried something new, I switched off the “public network” firewall. I tested on my mobile and the page loaded as normal again! I immediately turned the firewall back on. Tested the page on my mobile once more, still fine. So, the solution was to toggle the public network firewall. I would make it more generic and toggle all firewall categories on Windows. And of course, I would make sure that the firewall stays on, this was a very quick operation.
I thought I’d put this here rather than ServerFault or SuperUser as it could potentially be more useful to developers, and it took a precious hour of my time. I still don’t know why it stopped working on its own in the first place. Better troubleshooting steps or suggestions are welcome, but I probably won’t be able to verify it as I don’t know how to purposely induce the issue.
Another solution that worked another time, was to delete all instances of Python 3.8 from the list of allowed apps (I don't know why Windows shows the same app multiple times) then (re)start the Python server and allow it through when the Firewall question pops up again.
In windows firewall you may have 4 options to configure your local web server when you are creating new Inbound connections rule.
1 Program
2 Port
3 Predefined
4 Custom
Try to use port only in "TCP protocol" and the custom port.
Allow connection.
Select: all checks: domain, private and public.
Enter a name.
Thats all.

Can netbeans be used with noip to be able to log in remotely?

I would like to know if it is possible to use no-ip to be able to remotely enter a netbeans project raised at the address http://localhost:8084 executed with the "run project" button or if it is possible to do that by modifying something inside of the netbeans. Thank you.
You need to figure out the IP of your machine on your local network.
To do that, follow either of the following tutorials :
Find your local IP with Windows cmd
Find your local IP with Mac System Preferences
Afterwards, you can enter that IP instead of "localhost" and that address should work on any computer on the same network, assuming your firewall is not blocking it (by default it should not).

ServiceFabric Windows cluster unable to create firewall rules

I've recently upgraded an on premise Service Fabric cluster to 5.1.156.9590 running on Windows Server 2012 R2. I removed the original cluster and created a new one. Unfortunately my new cluster doesn't seem able to create the firewall rules for any ports specified in the service manifests. The only warning I see that seems connected is this from the ServiceFabric Hosting:
Did not enable firewallpolicy for current profile 1
I can't find any help regarding this message. I'm wondering if something has changed as regards specifying ports for a service or there's something on the node boxes that I haven't configured correctly.
Any pointers appreciated as I'm sure I didn't have to open them manually previously.
Unfortunately, I had the same problem and didn't succeed in reanimation of Service Fabric. Only moving to Azure helped to resolve the issue. You can try next things:
Completely remove SF, SDK, related services, firewall rules and directory SFData on C drive, then install everything again.
Check that firewall is enabled
Check that SF service is created and able to start
If the service is not able to start, check events, there is a special folder for SF where you can find additional and detailed infromation
If you have customized the address on which listeners will listen in SF cluster config, try to change it on something different and see if SF would deploy or not

How can I reach my localhost over the web from outside local? i.e ip/page?

I installed usbwebserver
everthing is running, I am trying to reach the root page index.php?
I read everything I possibly can and sorry but I still cant figure out how to reach my localhost
I reach my page with localhost:8080 and the page I want shows up but if I replace it with IP:8080 it does not.
I am trying to reach this page outside of my local network.
I'm sorry, I need to provide you a separate answer for your reformatted question for the "down the street" scenario. I can troubleshoot a few of the issues you're probably having.
ISP's don't typically allow residential internet connections to serve resources over port 8080, or 80. Even if you were to configure your computer as needed, if you're on a standard internet service provider they're probably blocking you in the middle even if you have punched holes all your local security in an attempt to serve assets over port 8080/80.
Assuming they don't allow that you're going to have to first configure your outbound middleware(php in your case) to listen to calls into your ip on a different port. ( You can do this in your C:\WAMP\ folder, in the "wampserver" configuration file. Here's a good walkthrough here: (http://forum.wampserver.com/read.php?2,13744)
Now, you're going to have to drop any firewalls windows/ubuntu/macOS are providing on that port. (This is the part where you've rolled out the red carpet for hackers to get into your box(es) so be careful!) Here's a link for a short and sweet explanation on windows here: (http://yourbusiness.azcentral.com/turn-off-windows-firewall-19396.html) Note that you can open individual ports, you don't have to drop your entire firewall.
Make sure you have opened up access to any folders/mySQLdb's/resources to outside requests as well (seriously, this is a REALLY bad idea from an #home server if you don't know what you're doing)
Then figure out the correct ip and the correct port and give it a go! If it still doesn't work you can download a program like [wireshark] (https://www.wireshark.org/download.html) or [fiddler] (http://www.telerik.com/download/fiddler/fiddler2) to debug your inbound/outbound traffic and see what the machine's seeing before your browser/server gives you any user visible information.
One thing to note, if you are an amateur web developer your homepage is called "index.html" not "home.html" "home.html" only works fine locally, but internet browser engines look by default, for "index.html"
Lastly, and I really can't stress this enough don't host through your personal ISP and serve files from your own machine. Hosting through Fatcow, or hostgator, or any of the other hosts is really honestly dirt cheap and they know far better than you or I do about security.
That said, I hope very much that you succeed in using my answer, or at the very least learning something from it. Happy Coding!
http://www.canyouseeme.org/
--
Read the Background session
go to a command line, type "ipconfig"
Hit Enter.
Under "Ethernet adapter Ethernet:
It should be the third line down, has your following:
IPV4 Address : 192.168.1.xxx where "xxx" is your ip
address.
USE "//" + "the ip address shown for (ipv4)" plus ":8080" and your default page
should show just fine.
For example, if your cmd "ipconfig" for this process reads: "192.168.1.12"
your total URL in your browser will be "//192.168.1.12:8080"
Note that I used 2 forward slashes prior to using an IP address on your
local network. That let's your computer know it's using your network, not
the actual internet. The slashes alone may solve your problem. Also note, if you're accessing a database through your webapp, you will also need to properly configure your db settings to allow access.
First find your outside ip adress not local ip. After that go into router panel and open to use from apache server. Anyone able to access that port now. You can connect outside your local website now. If you can't do that. Try again. This is the way to doing this.

How to make Windows DNS and WINS settings persist in an Azure VM?

I have a domain controller set up in an Azure VM, and a couple of other servers also set up as VMs. When I set up the server VMs, I configured DNS and WINS to point to the IP address of the DC and joined them to the domain. However, these settings don't survive a shutdown (where the VM is deallocated). When the VM is started back up, DNS and WINS are empty, and domain authentication does not work.
I read that I should provision new VMs via PowerShell commandlets, specifically setting up domain joining. I tried that, and maybe I got something wrong, but it didn't work -- the newly provisioned VM was not joined to the domain, and did not have DNS/WINS set to point to the domain controller.
In any event, my question is: is there any way to re-configure an existing VM to retain network settings through a shutdown or is my only option to figure out how to provision a brand new VM to be married to the domain controller, and then to start from scratch?
Thanks!
You shall never use static configuration on your Azure VM! Neither for IP Addresses, nor for DNS Settings. What I recommend to use is a long story you can read here. It is tested, validated and proven to be effective. A short extract follows:
You should setup at least two sub-nets. Leave one solely for the DNS (and AD/DC if it happens to be the same server). Put all rest of the machines in the other Sub-Net. Thus, you will have 100% predictable IP Address of the DNS Server machine. Having that in mind, configure the DNS for the virtual network via the portal or via PowerShell. But explicitly configure DNS Server for that virtual network. Set IP address for the DNS - the one that you know it will have!
Please do never forget - never manually change network configuration settings for an Azure VM! Doing so is a path to failure.
The above method will help you resolve DNS issue. Now, for the WINS. I don't think you can configure WINS via Virtual Network settings. So, if your VM really loses WINS config, you can create a small powershell script that runs locally on each VM to configure WINS settings upon boot. You can either make this script more generic by looking up the DHCP assigned DNS server and use the same IP Address for WINS, or just put it static, because you know what the IP Address of DNS server will be.
Anton presents a clever and perfectly workable solution, but I wanted to understand what exactly I was doing wrong, because Microsoft guidance suggests that it should be perfectly possible to set up and maintain an Active Directory domain the in the Azure cloud without putting the DC into its own subnet.
After a lot of trial and error (mostly error), I finally figure it out. This is not well documented, so hopefully this will help someone:
In Windows Azure, cloud service is another term for application, or a set of components that scale together. A cloud service is assigned a single DNS name and a single external IP address. In the context of virtual machines, you typically have a 1:1 correspondence between a cloud service and a virtual machine. You only add additional virtual machines to an existing cloud service when you want Azure to automatically load balance and distribute requests among the VMs inside that cloud service, treating them as if they were one.
This brings me to my mistake. Not fully understanding the above, I was attempting to add a new worker virtual machine to the cloud service in which I set up my Domain Controller. That is not a supported configuration. Once I understood that, and properly configured a new VM into its own cloud service, associated with the domain controller as DNS server, everything worked perfectly.