I have written some VBScripts to automate tasks that I perform on computers over the network. These work great for most tasks however within our network we have problems with the IP address in DNS being correct all the time. This mainly occurs with laptops where we have different IP ranges for machines on the wireless and wired network.
For example a machine may boot up wired in the morning and get an IP address: 10.10.10.1
When it switches to wireless it will obtain an address in a different subnet: 10.11.10.1
When you try to connect to that machine it still returns the old IP address (10.10.10.1) even though the computer now has a new one.
I have found that I can still connect to that computer's C$ share via \computer name\c$ even though the machine does not ping. Obviously there is some other kind of address resolution going on, my question is how do I harness this to allow my VBScripts connect to WMI?
Thanks!
If DNS doesn't have the correct address, then perhaps it is likely being resolved with NetBios. What you would have to do is resolve the computer name with either a WINS Server or through Broadcasts to the network. Depending on your network environment you would use one or both of those options.
Microsoft has a tool called NBLookup which should be able to lookup the name from WINS at the very least.
You can call NBLookup and parse the results. I don't recall another method for NetBios resolution natively within VBScript, but I haven't looked awfully hard recently.
Your problem is name resolution. Windows uses 2 types of name resolution: DNS and NetBIOS.
DNS will resolve a name like .comcast.net or www.google.com
NetBIOS resolves names that are 15 characters or less, like your computer name likely is.
When your computer looks for a name it doesn't know how to turn into an IP address, it goes to a DNS server and/or uses NetBIOS name resolution. Once it's looked up a name, it saves it in a cache for some period of time (usually about an hour) before looking it up again.
You can look at the list of names your computer has cached for each type of name resolution using the command-line this way:
DNS
ipconfig -displaydns
NetBIOS
nbtstat -c
Each of those commands also alllows you clear that cache as well, which will force your system to rediscover what IP address the name points to. Here are those commands:
DNS
ipconfig -flushdns
NetBIOS
nbtstat -R
Between those commands, you should be able to determine which type of name resolution is the culprit and resolve it by flushing that cache.
From my own experience I have found the Microsoft TechNet ScriptCenter has just about anything you could ever want relating to VBScript. That's generally where I start when I want to delve into a new area of VBScript that I haven't previously explored.
The WMI FAQ on the Microsoft TechNet website has links to the ScripCenter along with links to many other usefule sites for learning how to script WMI. I would recommend finding a script that already does what you want since someone is bound to have already written what you need.
The article Automating TCP/IP Networking on Clients may have what you need to get started with resolving this problem.
Related
I never used VPNs, I know what they are and how they work in general, but I never had to use one in practice; now I need to use it to connect to a machine in my university lab, my teacher provided the configuration file and the other needed files to set it up.
I installed the OpenVPN GUI with admin privileges, I imported the config file (".ovpn" file in my case) and launched (always as admin) the connection, which immediately works and I am assigned a new IP address. However, if I quickly check on "whatIsMyIP.com" or on Google, the IP is unchanged, it's still my original IP.
Now I also tried with other random VPNs downloaded from VPNBook, and they work, meaning that I can see that the IP changes as soon as I turn them on. I really cannot understand what I am doing wrong (my professor told me that he tried connecting through a VPN as well and it worked for him, so the problem must be on my client side)...
PLUS: when this problem of the unchanged IP is fixed, I am supposed to use ssh to connect to the remote machine. I was asked to generate a pair of public+private keys, passed the public to my teacher who added it on the machine and then connect through the command:
"ssh username#hostname"
Besides the fact that it does not work due to the VPN not changing the IP, I get the error "No address associated with hostname", so I understand it cannot resolve the given hostname, nonetheless my professor gave me only that: is it correct that I can ssh to the remote machine by only having the hostname or (as I believe) I also need the IP, which I can associate with the hostname and then connect?
I have an Apache2 server running in Debian 9.
I am using it to host a custom MediaWiki Wiki.
To navigate to the Wiki I use something of this form "10.200.200.20/mediawiki" where the Apache2 server is running on 10.200.200.20.
This works fine however sometimes the IP Address (10.200.200.20) will change and then everyone on the local network navigating to the Wiki will have to be notified and use the new IP Address which is a hassle.
I wish to change it to something consistent, for example "OurWikiServer/mediawiki" it doesn't really matter that much as long as it can always be found at the same place.
I know this is possible as the MediaWiki installation was previously maintained by someone else who used XAMPP in Windows 7 and it was configured to be found at "stringHere/mediawiki" on the local network.
I have tried changing it in /etc/hosts and can get it changing on individual machines as expected, however have no idea how to get it working network wide.
The best way to do this is to define the IP of this station static. This can be done via reservation in DHCP server or assign IP outside of the DHCP IPs. Also consider adding small DNS server to provide hostname instead of IP
I have several websites set up on my local XAMPP, and have recently setup virtual hosts so that they can be accessed from my machine using dev.website1.com, dev.website2.com etc.
To achieve this I had to edit my hosts file C:\Windows\System32\drivers\etc\hosts to ensure the name resolves to the correct IP address.
I would now like to make the sites accessible from other computers on the local network, but editing the hosts file for each machine manually seems to be a bad way of doing it, as it would quickly become unmanageable with several machines/addresses to keep on top of.
My question is: Is it possible to add a DNS record or similar to the domain server of our local network (SBS 2008-R2), so that machines on our network can access my websites without having to edit the hosts file on each machine?
Apologies if this is a noob question - I have tried to RTFM, but I am not a network specialist and can't really even be sure if what I'm reading is relevant to my problem, so I really need some help. Thanks.
If you want to use a made-up hostname, it either has to be in your hosts file or in DNS. It's obviously possible to add new subdomains or aliases (CNAME) that point to your existing IP/host to any DNS server -- it's would seem to be a routine operation for your DNS administrator.
After a lot of research I eventually found out how to achieve what I want. I created a new forward lookup zone with the address dev.testsite.com, and then created a blank A record and set it to the IP address I wanted it to forward to. Anyone on my network can now type dev.testsite.com to see the local apache server, or www.testsite.com to see the live version.
I'm sure there are also other ways of achieving this, but as far as I know this is the simplest.
i have following scenario and can't seem to find anything on the net, or maybe i am looking for the wrong thing:
i am working on a webbased data storage system. there are different users and different places and only certain users are allowed to access certain parts of the system. now, we do not want them to connect to these parts from at home or with a different computer than they are using at their work-place (there are different reasons for that).
now my question is: if there is a way to have the work-place-pc identify itself to the server in some way over the browser, how can i do that?
oh and yes, it is supposed to be webbased.
i hope i explained it so everyone understands.
thnx for your replies in advance.
... dg
I agree with Lenni... IP address is a possible solution if they are static or the DHCP server consistently assigns the same IP address to the same machine.
Alternatively, you might also consider authentication via "personal certificates" ... that's what they are referred to in Firefox, don't know it that's the standard name or not. (Obviously I haven't worked with these before.)
Basically they are SSL or PKI certificates that are installed on the client (user's) machine that identify that machine as being the machine it says it is -- that is, if the user tries to connect from a machine that doesn't have a certificate or doesn't have a certificate that you allow, you would deny them.
I don't know the issues around this ... it might be relatively easy for the same user to take the certificate off one computer and install it on another one with the correct password (i.e. it authenticates the user), or it might be keyed specifically to that machine somehow (i.e. it authenticates the machine). And a quick google search didn't turn up any obvious "how to" instructions on how it all works, but it might be worth looking into.
---Lawrence
Since you're going web based you can:
Examine the remote host's IP Address (compare it against known internal subnets, etc)
During the authentication process, you can ping the remote IP and take a look at the TTL on the returned packets, if it's too low, then the computer can't be from the local network. (of course this can be broken, but it's just 1 more thing)
If you're doing it over IIS, then you can integrate into SSO (probably the best if you can do it)
If it's supposed to be web-based (and by that I mean that the web server should be able to uniquely identify the user's machine), then you choices are limited: per se, there's nothing you can obtain from the browser's headers or request body that allows you to identify the machine. I suppose this is by design, due to the obvious privacy implications.
There are choices though, none of which pain-free: you could use an ActiveX control, which however only runs on Windows (and not on all browsers I think) and requires elevated privileges. You could think of a Firefox plug-in (obviously Firefox only). At any rate, a plain-vanilla browser will otherwise escape identification.
There are only a few of REAL solutions to this. Here are a couple:
Use domain authentication, and disallow users who are connecting over a VPN.
Use known IP ranges to allow or disallow access.
IP address. Not bombproof security but a start.
I am troubleshooting an issue with IIS6 where all sites bound to ip addresses other than the default give an error message "network location cannot be reached" when trying to start any of these sites.
The nic has all the ip addresses configured.
When I do a httpcfg query iplisten, I see only the default ip address.
When I added them with httpcfg, then all the web sites stopped working so I figured I didn something wrong so I removed them.
Two questions:
1- Why are those websites refusing to start?
2- What should be in the result of httpcfg query iplisten? All ip addresses or just one?
The websites used to work fine and something has changed. I applied a few Windows updates but I am not sure if they broke anything (I doubt it.. otherwise hundreds of web hosting companies would be screaming)
The solution was to use httpcfg without specifying the port number.
Sometimes there are bugs wehn applying windows updates. One thing you might try is running aspnet_regiis /i or /c. I'm not sure if that's your problem but it's certainly worth a shot.
That message generally comes from Windows networking (it's one of ERROR_NETWORK_UNREACHABLE, ERROR_HOST_UNREACHABLE, ERROR_PROTOCOL_UNREACHABLE - you can search for error messages in WinError.h).
Have you set up virtual directories to point at network shares on another machine? If so, check connectivity to that machine.