** This question might belong on SF except for one of the constraints below (not having admin rights on one machine) **
At my work I have two machines, A and B. Machine A is my primary development machine. It is completely disconnected from the corporate network. Machine B is connected and is used primarily for email and web access. It is rather locked down - I don't have admin rights and it does not accept inbound connections. I cannot run programs I download, however I have Visual Studio 2005 and can create and run executables which works great (notwithstanding lack of admin rights).
I have an ad-hoc wireless network between the two and I'm able to transfer files via standard Windows shares so long as I browse from Machine B to a share on Machine A. I am also able to browse to websites hosted on Machine A, including non-standard port numbers (ie, http://machineb:12121/).
My goal is to create some sort of connection initiated by Machine B to Machine A which then grants me internet access on Machine A, presumably by setting up a proxy server on Machine B. However, I would need source code to the proxy server so I could build & run it locally.
My initial thought is to create two apps, one to run on Machine B and pings the app on A (which listens for local requests on port 80), and when it receives a response (containing a URL I guess) to use a HttpWebRequest object to hit that URL and then pass that data back... but I can see this getting complicated real quick.
Any suggestions to get me started?
Any number of open source web proxies will do what you're asking. You can do it with apache, and mod_proxy, even.
However, were I your admin, and I caught you tunnelling access out of a machine I'd specifically prohibited access from/to, I would do such things to you that other programmers would weep at the very mention of your name. Tread lightly.
Related
We have written (in Go and Delphi) several Windows microservices, which respond to HTTP requests on specific ports in the 11000-12000 range. These are designed to run internally within the Domain or Private network of the client (i.e. not on the internet).
They run perfectly on all but one of our 50+ client systems, on OS's ranging from Windows 7/10/11 to Windows Server 2008R2/2012/2016/2019. The installation process for each of these services sets up rules in the Windows firewall to accept the requests to each service exe.
The one client system that they dont work on is running Windows Server 2016 Essentials. This is the only client system running that specific OS, so that may be a factor in the problem.
Even locally using a web browser on that system to query the services they dont work. The requests just wait for a while and then timeout: ERR_CONNECTION_TIMED_OUT.
However the same requests to the same ports at address 127.0.0.1 (localhost) work instantly - proving the services are actually running.
The mode of failure when the targeted service is not running, or if we address the wrong port, is different. In that case we get a quick "refused to connect" failure: ERR_CONNECTION_REFUSED
There are no third party antivirus or firewall products installed on the system, which is only using Windows Defender with the normal Windows firewall. We've tried everything we can think of with the Windows firewall, including turning it off completely. Nothing we've tried made any difference.
We've tried using many alternative port numbers, but we dont get any success until we get up to the 49000 range and above, but we'd really rather not have to change from our normal port number range unless its completely unavoidable.
We've spent many hours trying to find any solution without any luck. We are really hoping that some bright person out there has some idea that will lead to finding the cause of the problem.
I am running a Hyper-V lab for a client to test the functionality of a Powershell script and due to memory constraints, I would like to move my file and database VM servers off of my main desktop PC to my laptop. I set up Hyper-V on the laptop, and successfully exported/imported the VM's into the other Hyper-V server. I can boot them, all the configuration and files are intact however, I am predictably having trouble reconnecting to the domain they were a part of prior to the move. I understand I need an External virtual switch to handle that communication, as internal and private will not reach outside of the Hyper-V server they reside in. Obviously I would prefer to not use an external, but this is strictly to continue testing. I've trouble-shooted entering different DNS server values from the client machine's IPv4 properties and changing the virtual switch to External for the existing Hyper-V server, and re-register the DNS records on the DC. All result in the same error when I try to connect to the domain: "(error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc."... "The DNS SRV records required to locate a AD DC for the domain are not registered in DNS".
In summary, I want to move a VM from the first server listed to the second, and then re-connect to the domain they were part of previously. Both machines are just running Windows 10, not Windows Servers, if that matters. Another note, I can do remote sessions from the desktop to the laptop just fine which would lead to believe this is not related to a firewall. Thanks!
The best it to set up a VLAN. If you can't do that, change the network class of your AD lab machine (192.168.55.x ?) to another in order to avoid conflicts.
Your DNS server has to be AD to make your machines connecting to it.
And last but not least, if you're on 2 different hyperV servers, you have to use external switch in hyperV:
https://redmondmag.com/articles/2018/05/04/hyper-v-private-networks.aspx
I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.
I have set up a Win XP machine at work that we use as our server, to allow RDP connections. This allows all our staff to access the server from home when needed. As it is not a server OS, we are missing many of the terminal services features a regular server would have. The machine only allows one RDP session at a time (which is a minor inconvenience, but not a big deal).
What is bothersome, is that no one can tell if the server is currently being used in an RDP session, and we all keep booting each other off. Every solution I have found online assumes the remote computer is a Server OS or on a local network/domain. Our staff's home computers are not connected to the office network and we have no domain set up at the office.
Is there any way to tell if the server is in an RDP session before remoting onto the server from home? Ideally we would be able to detect which home computer is accessing the server. But if that is not possible, it would be extremely helpful to at least know that an RDP session is running.
We were previously using logmein, which could tell us if the remote computer keyboard and mouse were active and allow a chat with the user currently remoted on/physically on the machine. This was extremely convenient, but involves logging onto the logmein website and going through a semi-lengthy process of connecting. It is also much slower and resolution is much worse than RDP. Not super convenient for regular daily use.
This post deals with the same issue
https://superuser.com/questions/313390/ways-to-check-if-user-is-active-on-remote-machine-before-rdping
but the accepted response is to use qwinsta on cmd, which I believe is only available on server OS's. Other responses include using psexec (I've tried using psloggedon.exe, but this appears to only work for users on the same domain). Another suggests using the wmic.exe command, but when I try that I get the error: The RPC Server is unavailable (I think this also needs to be run on the same domain).
So basically - is there any way to check for active rdp sessions on a Win XP machine from a remote computer not on the local network/domain?
I'm open to outside-the-box solutions like writing a simple app to run on the xp server and tell remote machines what IP is connected in an RDP session.
Going on Harry Johnston's suggestion, I wrote an app which finds who is connected to the xp machine on port 3389, and relays that information by udp to receiving apps. Now we can check if someone is connected and who it is before unwittingly booting them off. Thanks Harry!
I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.