Turn off EDNS feature on Windows DNS server

Disabling EDNS feature on Windows DNS server can resolve random DNS query issues.

To disable EDNS, run following command as Administrator on each Windows Domain Controller (DNS server):
# dnscmd /config /enableednsprobes 0

Remove recovery partition on Windows 2022

  1. Install the OS with the default settings.
  2. Temporarily disable WinRE:
    – Open cmd or PowerShell as Administrator and run following command:
    reagentc /disable
  3. Remove recovery partition with diskpart:
    – diskpart -> list disk -> select disk # -> list partition -> select partition # -> delete partition override
  4. Turn WinRE back on with reagentc /enable
  5. Restart server

Install Office 2021 Pro with KMS

  1. Download official Office 2021 Pro installation ISO:
    Office Retail 32 bit & 64bit
  2. Mount ISO and install.
  3. Open one of the Office applications, for example Word and close initial window that is asking for serial key.
  4. Open “cmd” as Administrator and run following commands (separated with #):
    # cd /d %ProgramFiles%\Microsoft Office\Office16
    # for /f %x in (‘dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms’) do cscript ospp.vbs /inslic:”..\root\Licenses16\%x”
    # cscript ospp.vbs /setprt:1688
    # cscript ospp.vbs /unpkey:6F7TH >nul
    # cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH
    # cscript ospp.vbs /sethst:<IP OR FQDN OF YOUR KMS SERVER>
    # cscript ospp.vbs /act

VLMCSD on Debian/Ubuntu

Make sure “build-essential” package is installed on your Debian/Ubuntu machine. Login to you Linux with SSH and follow steps below:

cd /opt/
git clone https://github.com/kebe7jun/linux-kms-server
useradd -s /usr/sbin/nologin -r -M vlmcsd
cd /opt/linux-kms-server/vlmcsd/
make

Wait for it to finish, if there are no errors/warning continue with following:

nano /lib/systemd/system/vlmcsd.service

Add following to file:

[Unit]
Description=vlmcsd KMS emulator service
After=network-online.target
Wants=network-online.target


[Service]
Type=forking
User=vlmcsd

ExecStart=/opt/linux-kms-server/vlmcsd/vlmcsd -l /var/log/vlmcsd/vlmcsd.log

[Install]
WantedBy=multi-user.target

Save the file and continue creating the log folder and configure the permissions:

mkdir /var/log/vlmcsd
chown vlmcsd:vlmcsd /var/log/vlmcsd
systemctl enable vlmcsd
systemctl start vlmcsd

To verify the status if the service is running, run following:

systemctl status vlmcsd

If everything is fine, it should look like this:

root@kms:~# systemctl status vlmcsd
? vlmcsd.service - vlmcsd KMS emulator service
Loaded: loaded (/lib/systemd/system/vlmcsd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-05-02 22:33:16 CEST; 42s ago
Process: 457 ExecStart=/opt/linux-kms-server/vlmcsd/vlmcsd -l /var/log/vlmcsd/vlmcsd.log (code=exited, status=0/SUCCESS)
Main PID: 466 (vlmcsd)
Tasks: 1 (limit: 1059)
Memory: 396.0K
CGroup: /system.slice/vlmcsd.service
??466 /opt/linux-kms-server/vlmcsd/vlmcsd -l /var/log/vlmcsd/vlmcsd.log

Fortigate and DuckDuckGo

Log DuckDuckGo Search Phrases

By default, FortiGate doesn’t log the Search Phrases and it is not forcing safe search on DuckDuckGo search engine.

Below is an example of configuration that needs to be manually added to the FortiGate configuration via CLI.

config webfilter search-engine
edit "duckduckgo"
set hostname "duckduckgo\\..*"
set url "\\/?\\?" # press CTRL+V and then ?
set query "q="
set safesearch url
set safesearch-str "&kp=1"
next
end