Using Posh-XProtectMobile and Dynu.net DDNS

แชร์
ฝัง
  • เผยแพร่เมื่อ 16 ธ.ค. 2024

ความคิดเห็น • 57

  • @paulpalmerston2898
    @paulpalmerston2898 4 ปีที่แล้ว +1

    Thanks Josh, just used this tutorial successfully today. I was very happy to find this link.

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว

      Glad to see it's still helping people, thank you for the feedback!

  • @LiftTech
    @LiftTech 5 ปีที่แล้ว +1

    Josh, Thank you for providing access to this scripting and tutorial!

  • @Edwardsjm
    @Edwardsjm 4 ปีที่แล้ว +1

    Im at the 4:32 mark and after the previous steps were completed properly, i type in get-command -Module Posh-XProtectMobile , and nothing pops up, just the next line. help please?

    • @Edwardsjm
      @Edwardsjm 4 ปีที่แล้ว +1

      ok i think i see the problem. I open powershell in admin mode but the command line reads PS C:\WINDOWS\system32 instead of PS C:\users\administrator . How can I fix that?

    • @Edwardsjm
      @Edwardsjm 4 ปีที่แล้ว +1

      All good I GROCKED it

    • @JohnDoe-vr8fq
      @JohnDoe-vr8fq ปีที่แล้ว

      @@Edwardsjm what was the solution?

  • @ryanbachtold338
    @ryanbachtold338 4 ปีที่แล้ว +1

    Hi Josh, is there a simple way to make and install self made certificates for all three (server, streaming media, & mobile streaming certificates)? I'm using XProtect Essential Plus just for home use.. Typically I would just use the software without encryption, but then I cannot view from my Android device when I am away from home.. Also didn't the older versions of XProtect just make the certificates for you? Thanks for any help you can offer...

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว

      If you're only using the mobile app/web client then you only need to worry about the mobile server certificate. If you're also using smart client from a different computer then the recording server, then the streaming media certificate is a good option too. On XProtect Essential+ with everything on the same machine, there's not a lot of value to the server certificate which encrypts communication between the management server and recording server.
      In 2020 R3 we introduced command line parameters for the "Server Configurator" tool which is the UI tool you use to register the servers or enable/disabled encryption and choose a certificate. I introduced Invoke-ServerConfigurator in the last MilestonePSTools update to take advantage of this and make it easier to work with from PowerShell so you could use that to actually set the certificates to be used by the various components.
      As for creating your own private CA and generating certificates signed by that CA, I don't have anything ready-made to help with that but there's some good tutorials online for setting up your own certificate authority for a homelab type of environment. I especially liked a recent tutorial where a raspberry pi was setup as an ACME certificate authority so that the same tools you use with Let's Encrypt could be used against private internal CA.

    • @ryanbachtold338
      @ryanbachtold338 4 ปีที่แล้ว

      @@psjoshooaj Thanks for all your help! I found your script on the developer page.. (SetupLetsEncrypt.zip) -- I will try this tonight.. From reading the comments, do I still need to run this twice, due to the windows bug?

  • @JJstevenson85
    @JJstevenson85 2 ปีที่แล้ว

    Josh, thanks for the video. I am hitting a sticking point. I get the following error when running the script. PackageManagement\Install-Package : The following commands are already available on this system:'Get-MobileServerInfo'. This module 'MilestonePSTools' may override the existing commands. If you still want to install this module 'MilestonePSTools', use -AllowClobber parameter. This is killing the generation of the dns record. I'm sure that I just need to remove the part telling the script to install that module but I'm not seeing it. I'm using the modified script that you linked for Derek under Gareth's comment in this video. Any help is greatly appreciated.

  • @emplp
    @emplp 2 ปีที่แล้ว

    Well done this is amazing. thank you!

  • @augareth
    @augareth 3 ปีที่แล้ว +1

    Hi Josh, Previously did this 6 months ago without issue but on a new build now getting
    New-PACertificate : Cannot bind parameter because parameter 'ErrorAction' is specified more than once.
    After running Start-LECertSetupUsingDynu Any suggestions? Thanks.

    • @psjoshooaj
      @psjoshooaj  3 ปีที่แล้ว

      Hi Gareth,
      It's been a couple of years since I wrote this and recently started working on a new all-in-one setup script for setting up Mobile Server with a Dynu DNS name. I can't remember where I left off but I'm pretty sure it's basically done. It should collect the required info, request a certificate, and setup a scheduled task to run daily to check if eligible for renewal. It'll also clean up old certificates as they're replaced with new ones. gist.github.com/joshooaj/8dc5408b9e2aa077a6330d342a1e19ef

    • @derekromero7420
      @derekromero7420 2 ปีที่แล้ว

      @@psjoshooaj This is the dead link :)

    • @psjoshooaj
      @psjoshooaj  2 ปีที่แล้ว

      @@derekromero7420 Thanks Derek! The dead link was a side effect of me foolishly trying to get my username the same across all my socials. Here's the fixed link: gist.github.com/joshooaj/8dc5408b9e2aa077a6330d342a1e19ef

    • @DiceRrR
      @DiceRrR 2 ปีที่แล้ว

      @@psjoshooaj Hi, tried this with 2022R2 and looks like this part of the script does not work anymore "$cert | Set-XProtectCertificate -VmsComponent MobileServer" Any solution to get this working?

    • @psjoshooaj
      @psjoshooaj  2 ปีที่แล้ว

      Hi @@DiceRrR, sorry! A lot has changed since this was released and I haven’t put together a 100% solid alternative yet but this should get you close if it doesn’t just work for you:
      gist.github.com/joshooaj/8dc5408b9e2aa077a6330d342a1e19ef
      That particular error means that the Posh-Acme module is incorrectly duplicating the ErrorAction parameter we’re passing in to the New-PACertificate function.
      With the more up to date script above, you shouldn’t use Posh-XProtectMobile at all unless you’re running a ~3 year old version of Milestone and ideally you should Uninstall-Module Posh-XProtectMobile, and use version 22.2.0 of MilestonePSTools and MipSdkRedist.

  • @derekromero7420
    @derekromero7420 2 ปีที่แล้ว

    Hey Josh, great work. Ive used this multiple times but it seems on a new Install of Server 2019 and 2021 R2 with the latest modules, there is an issue with the Start-LECertSetupUsingDynu PS script. It gets through the staging server portion fine but when it gets to production it fails after verbose output "VERBOSE: Creating a new ec-256 account with contact: mailto:..."
    New-PACertificate : Cannot bind parameter because parameter 'ErrorAction' is specified more than once. To provide
    multiple values to parameters that can accept multiple values, use the array syntax. For example, "-parameter
    value1,value2,value3".
    At C:\Program Files\WindowsPowerShell\Modules\Posh-XProtectMobile\0.6\Public\Install-CertificateAutomation.ps1:50
    char:17
    + ... New-PACertificate -force $domain -AcceptTOS -Contact $con ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [New-PACertificate], ParameterBindingException
    + FullyQualifiedErrorId : ParameterAlreadyBound,New-PACertificate

    • @derekromero7420
      @derekromero7420 2 ปีที่แล้ว

      EDIT: I saw about 3 months ago you replied to another person and that link is dead....Any help would be greatly appreciated!

    • @psjoshooaj
      @psjoshooaj  2 ปีที่แล้ว +1

      Hi Derek, I posted a response with a working link to a previous comment and updated the link in my original comment as well, but I'll share it here for completeness: gist.github.com/joshooaj/8dc5408b9e2aa077a6330d342a1e19ef
      Hopefully the updated all-in-one script does the trick for you - I need to find some time to dedicate to doing a good write up on it, but it should "just work", hopefully even better than the original :)

    • @derekromero7420
      @derekromero7420 2 ปีที่แล้ว

      @@psjoshooaj 🤘🏼Rockstar status!

    • @JP-xd6tb
      @JP-xd6tb 2 ปีที่แล้ว

      @@psjoshooaj ​ @Josh Hendricks Tried your new all in one script for setup and cert seems to work, cert expired a few days ago. Checked and noticed the renewal script/scheduled task isn't working as expected. Certificate-renewal.log only shows a start and end transcript without anything in the body. The task basically ends in 3-5 seconds. Any advice or things to check? Thank you.

  • @JohnDoe-wi8sx
    @JohnDoe-wi8sx ปีที่แล้ว

    Setting up a demo test in the lab of xprotect and I can create my own static DNS records, would love to still use this script to accomplish that. Was having issues with using Certbot beta on windows.

    • @psjoshooaj
      @psjoshooaj  ปีที่แล้ว

      It’s tough to write a universally applicable certificate automation script. For your use case you could use Posh-ACME to help with an HTTP-based challenge with Let’s Encrypt, then use the MilestonePSTools cmdlet Set-XProtectCertificate to apply the cert in Milestone. www.milestonepstools.com/Functions/Set-XProtectCertificate/

  • @DanielCorcoran27
    @DanielCorcoran27 ปีที่แล้ว

    Hi Josh, any chance you're still keeping up with this one? I'm trying to set this up on my home network, and I keep running into an error while running the script (the updated one from the comments). Every time I put in the API info, it fails after that. It says it's requesting and installing the cert from Let's Encrypt, but then fails and the script closes out right away. Any tips for this behavior?

    • @psjoshooaj
      @psjoshooaj  7 หลายเดือนก่อน

      Hi Daniel, I updated this today and intend to share it on the MilestonePSTools.com docs soon. I hope it works better for you!
      gist.github.com/joshooaj/8dc5408b9e2aa077a6330d342a1e19ef

  • @matthewmurphy2434
    @matthewmurphy2434 3 ปีที่แล้ว

    Hey Josh great video,
    I’m trying to set up a trustcor SSL on my mobile server. Not having much luck. Any advice or pointers would be greatly appreciated!

    • @psjoshooaj
      @psjoshooaj  3 ปีที่แล้ว

      Thanks! What's working and what's not? If the browser on the phone is happy with the cert, the app may be connecting to one of the auto-discovered addresses of the mobile server and not the DNS name for which the cert is valid.
      Either make sure the real host name and FQDN are included as subject alternative names or lacking that option, make sure only your DNS name for the certificate is used by mobile server by disabling the autodetected addresses in management client under the mobile server connections tab.

  • @ejanesten
    @ejanesten 3 ปีที่แล้ว

    Excellent script and tutorial, but the automatic renewal is encountering an error. I find this in the c:\scripts\log.log file:
    "The term 'New-Csr' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again."
    It occurs every day when it's trying to renew. Do you know what that means?

    • @jeppeagerbakchristensen7808
      @jeppeagerbakchristensen7808 3 ปีที่แล้ว

      I have the exact same error. Everything was fine until May 9th, the "New-Csr" error started to show in the log file and now SSL is no longer working.
      @Josh, will you be able to look into this? Thank you in advance

    • @jeppeagerbakchristensen7808
      @jeppeagerbakchristensen7808 3 ปีที่แล้ว

      I got it to work by reinstalling Posh-ACME

  • @Edwardsjm
    @Edwardsjm 4 ปีที่แล้ว

    ok i finished the setup, the cert worked for the web client, but when I try to connect the Milestone Mobile app, it says Invalid Certificate. can you help?

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว +1

      The issue, I think, is the way the mobile server and app try to connect you to the "autodetected" server name which will be the computer hostname which rarely matches the certificate.
      In management client you can configure your mobile server with the custom external address matching the certificate and disable the auto addresses completely. That should solve it. See the thread below for more info and let me know.
      supportcommunity.milestonesys.com/s/feed/0D53X00006tUHIRSA4?language=en_US

    • @Edwardsjm
      @Edwardsjm 4 ปีที่แล้ว

      @@psjoshooaj ok working on it, thanks. thank you for the resources and the help

    • @Edwardsjm
      @Edwardsjm 4 ปีที่แล้ว +1

      @@psjoshooaj think I got it

  • @zapy-85
    @zapy-85 8 หลายเดือนก่อน +1

    Josh, you should really update the comment of this video to include the new setup-script instead!

    • @psjoshooaj
      @psjoshooaj  7 หลายเดือนก่อน +1

      Done! Thanks @rikardb

  • @CMDR_Birb
    @CMDR_Birb 4 ปีที่แล้ว +1

    This is amazing thanks !

  • @tasmaniatis2153
    @tasmaniatis2153 4 ปีที่แล้ว

    Hey Josh, awesome tutorial got it working first time on a clean machine. Another machine that I tried that has MS PSTools presented some errors during the download and installation of Posh-XprotectMoble. Not sure if it's a conflict but might try removing it and try it again.

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว +1

      You may need to use the AllowClobber parameter when installing Posh-XProtectMobile since I actually added the Get/Set-MobileServer cmdlets to MilestonePSTools. I don't think it'll hurt since they are effectively the same between the two modules

    • @tasmaniatis2153
      @tasmaniatis2153 4 ปีที่แล้ว

      @@psjoshooaj Cool thanks mate will give it a go. Love the tutorial was so easy to apply adding it to my personal system.

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว +1

      @@tasmaniatis2153 glad to hear it! I think the tutorial could use a refresh as I have a bit more experience with PowerShell than last year but happy to see this is still helping people out!

    • @tasmaniatis2153
      @tasmaniatis2153 4 ปีที่แล้ว

      @@psjoshooaj Ran the command install-module - Allow Clobber Posh-XProtectMobile and whalla it installed. Legendary thanks mate. I also made note that the error also recommended running this command that I have documented.

  • @CMDR_Birb
    @CMDR_Birb 4 ปีที่แล้ว

    I cannot figure out how to make VPN work with this :(

    • @psjoshooaj
      @psjoshooaj  4 ปีที่แล้ว

      Setting up a VPN solution and setting up a certificate for a web service are two unrelated things. If you have successfully setup the VPN, you might find you have trouble connecting to the public DNS name used for your mobile server certificate because the DNS name probably resolves to your external IP even while on VPN, and if so, your router or VPN may not allow "hairpinning".

  • @sergioguzman5971
    @sergioguzman5971 5 ปีที่แล้ว

    How long does the CA last?

    • @psjoshooaj
      @psjoshooaj  5 ปีที่แล้ว

      Let's Encrypt certs are valid for 90 days. The renewal script will run daily though, and as soon as the cert is at least 60 days old, the cert will be renewed and the new one will be swapped in

    • @sikoucamara2380
      @sikoucamara2380 5 ปีที่แล้ว

      Josh Hendricks hi josh, is it possible to use your posh since we already have our own dns ? I don’t have any api credentials... but the dns is working

    • @psjoshooaj
      @psjoshooaj  5 ปีที่แล้ว +1

      I made the Dynu-specific command just to have an easy all in one command for people to use, but you most certainly can use different DNS providers or manage the DNS challenge manually for example.
      I eventually want to have a generic command that will present the user with a DNS plug-in option, then ask for the API key properties specific to that plug-in. But for now Posh-ACME doesn't have the ability to give us a list of properties a specific DNS plug-in requires.
      Take a look at the documentation for Posh-ACME on GitHub for more information on how to use that module on its own. You can then pass the output of New-PACertificate or Get-PACertificate or Submit-Renewal to my module's Set-MobileServerCertificate command in order to bind the Let's Encrypt certificate to the mobile server.
      I also have a handful of videos on this topic from June which you can look at to see how I manually worked with Posh-ACME and Posh-XProtectMobile rather than using the all-in-one command shown here.
      If you want assistance getting Let's Encrypt certificate automation up and running, I do some freelance @ www.cascadia.tech, otherwise I'll try to answer questions here.

    • @sikoucamara2380
      @sikoucamara2380 5 ปีที่แล้ว

      Josh Hendricks hi josh i’ve sent you an email:) !