I came across a problem at work where I needed to recover credentials that had been stored in the registry using .Net’s DPAPI (aspnet_setreg). Thankfully the open source NCrypto library came to the rescue.

Here’s a simple bit of code making use of the NCrypto.Security.Cryptography assembly to decrypt the data:

<%@ Page Language="C#" Debug="true" %>
<script language="C#" runat="Server">
protected void Page_Load(object sender, System.EventArgs e)
{
byte[] regUsername;
byte[] regPassword;
string strUsername;
string strPassword;
Microsoft.Win32.RegistryKey reg;


reg = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\NWtraders\Login\ASPNET_SETREG");


regUsername = (byte[])reg.GetValue("username");
regPassword = (byte[])reg.GetValue("password");


strUsername = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regUsername ) );
strPassword = Encoding.Unicode.GetString( NCrypto.Security.Cryptography.ProtectedData.Unprotect( regPassword ) );


System.Web.HttpContext.Current.Response.Write( strUsername );
System.Web.HttpContext.Current.Response.Write( strPassword );
}
</script>

Throw the .dll in your bin folder or GAC and you’re good to go. Make sure you’ve got access to the relevant registry keys used though.

As Neil points out in his blog, SQL 2008 RTM’d and is available on Technet / MSDN. Typical, I only setup 2005 Enterprise for SCCM  in my lab environment yesterday.

Time to take this for a spin. Keep an eye on Neil’s blog, he has more SQL2008 goodness planned.

At work I’ve just replaced a custom Linux box I’ve been running as our firewall and proxy with a Juniper Netscreen SSG140. I had a few problems forwarding PPTP traffic so thought I’d document the problems I came across and the solutions.

PPTP Forwarding

Firstly, I was having problems even forwarding the PPTP traffic. I’d initially setup a VIP on the external interface forwarding a custom PPTP service :

IP (47) src port: 2048-2048, dst port: 2048-2048
TCP src port: 0-65535, dst port: 1723-1723

I’d then setup a Policy to allow the relevant traffic through. Alas, no such luck. Ditching the VIP and having a fixed IP for VPN traffic seemed to work. To put it simply, use MIP rather than VIP.

Routing PPTP traffic for site to site links

The second problem was a little weird. At the moment we use MS-RAS for site to site links, I’d created a route on the Netscreen which was working, but connections would drop after a very short period of time (say 20 seconds). The routing was as follows (outbound shown in green, reutn shown in red).

Thankfully the solution wasn’t too messy. Since the Netscreen was missing the return traffic it was dropping the connections. The solution is to log into the Netscreen via telnet and issue the following command:

unset flow tcp-syn-check

As if by magic, everything now works.