Computers, Programming, Technology, Music, Literature

Archive for May 2014

Restoring TFS services after host name and domain binding changes

leave a comment »


This article was originally published for and could be located at


I have a local TFS server set up for testing CI integration of certain tools. The database storage (sql server 2012 express), the application tier, the build agent, the controller everything set up in localhost. I am working with TFS 2012, which TFS services running under <<computername>>\TfsUser.


The computer was recently migrated to another domain, which involved the computer name change, and obviously the domain name change itself. That’s it. TFS services started with 503 Service unavailable. The TFS application pool was stopped, and never started again. The TFS Administrator Console was always throwing all sorts of error messages. I was not prepared for any of these changes, it took me some time to fix all of them and get the CI functionality working flawlessly again. Ironically, all these happened after I happily blogged about Migrate user profiles to new domain account in a jiffy with Profwiz. But, here I am documenting my steps one by one. If your (local) TFS server installation has incurred a domain change, you may find these steps helpful. You may be at best when you follow the steps sequentially. All the steps involve changing the old machine name to the new machine name and fixing the Windows identities.


1. Verify/Update the Application Tier web.config

Navigate to the TFS Application Tier Web Services folder, and edit the applicationDatabase appSettings value. The Data Source should be be <<newcomputername>>\databaseServer.

C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\Web Services\web.config



2. Verify/Update the TFS sql server database Logins

I use <<machinename>>\TfsUser as an admin console user. Connect to the sql server where Tfs configurations are saved, Remove the logins with the old machine names. (If the old machine name’s Login exists, then it will result in a SID conflict later during other stages). Add new logins with the new <<machinename>>. Let them have sysadmin permissions.

“TF255507: The security identifier (SID) for the following SQL Server login conflicts with a specified domain or workgroup account: <<oldcomputername>>\user. The domain or workgroup account is: <<newcomputername>>\user.  The server selected to host the databases for Team Foundation Server is: <<newcomputername>>\sql2012express.
You can resolve this issue by renaming the conflicting login.”



3. Verify/Update the Tfs Application Pool identities

Make sure the Tfs Application Pools Microsoft Team Foundation Server Application Pool, and Microsoft Team Foundation Server Message Queue Application Pool in IIS runs under the <<newcomputername>>\<<yourIdentify>>. In my case it is TfsUser.



4. iisreset at will. Couple of time during the entire troubleshooting process.


Try browsing to http://localhost:9000/tfs (or wherever your http://hostname:portnumber/tfs is),  you should be done here if you get the tfs Getting Started screen.

5. Dealing with Sync error for identity

However, If you encounter ‘The trust relationship between this workstation and the primary domain failed’, or the below errors, proceed.

TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 15-05-2014 18:01:13
Machine: <<machinename>>
Application Domain: TfsJobAgent.exe
Assembly: Microsoft.TeamFoundation.Framework.Server, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v4.0.30319
Service Host: 
Process Details:
  Process Name: TFSJobAgent
  Process Id: 3020
  Thread Id: 4640
  Account name: <<machinename>>\TfsUser

Detailed Message: TF200035: One or more errors occurred when Team Foundation Server attempted to synchronize the following identity: Administrators. Number of errors that occurred: 1.
Sync error for identity: Administrators
The trust relationship between this workstation and the primary domain failed
   at Microsoft.TeamFoundation.Framework.Common.SidIdentityHelper.ResolveSid(SecurityIdentifierInfo securityIdInfo, String& domain, String& userName, AccountType& type, Boolean& isDeleted, Boolean& migrated)
   at Microsoft.VisualStudio.Services.Identity.WindowsProvider.ResolveIdentity(IdentityDescriptor descriptor, String providerInfo, AccountSubType& subType, Boolean& migrated)
   at Microsoft.VisualStudio.Services.Identity.WindowsProvider.TrySyncIdentity(IdentityDescriptor descriptor, Boolean includeMembership, String providerInfo, TeamFoundationRequestContext requestContext, SyncErrors syncErrors, Identity& identity)
   at Microsoft.VisualStudio.Services.Identity.IdentitySynchronizer.SyncOneGroupMembership(TeamFoundationRequestContext requestContext, Identity groupToSync)





Ask your System administrator to Reset the computer account in AD. That is right click on the computer and do Reset Account.


img src –


Then, Start –> Run –> sysdm.cpl , Hit the Network ID… button. Follow the steps to join the computer to a domain. This step would require a Domain Admins account, use your System Administrator’s or AD Administrator’s help, and complete the Join a Domain or Workgroup wizard.


Doing a Reset Account on AD computer account, and Joining it again to the domain via Network ID… made my ‘The trust relationship between this workstation and the primary domain failed’ error disappear.

6. Verify/Update Application Tier’s Notification URL, Server URL, Web Access URL


In Team Foundation Server Administration Console, Click Change URLs in Application Tier Summary, and update the Notification URL, Server URL to the <<newmachinename>>.



7. Unregister/Register the Build service with new machine name

Unregister the build service that uses the <<oldcomputername>>. Register a build service with the <<newcomputername>>. And do the same for the agent and the controller.




That’s should be it. At least the steps that I did to got my TFS installation working again. If you want to check the Check in, and build service, then follow the steps below.

8. Fixing the workspace conflict in Visual Studio TFS Client

Simple solution by Anand is to remove the current workspace the solution was bound to, so the VS TFS Client would automatically create one. I did not have any pending changes.

Open Developer Command Prompt for VS2012, run

C:\Program Files (x86)\Microsoft Visual Studio 11.0>tf workspaces


to see existing workspaces, and remove the workspaces bound to the <<oldcomputername>> with

C:\Program Files (x86)\Microsoft Visual Studio 11.0>tf workspaces /remove:<<oldcomputername>>


TFS client should connect fine now, and should have created a new workspace for you. Map the source control to the local directory.


Edit your build definition to update the Build Controller: to the newly created build controller.



Check in, and see your CI working again with all tests and other configured tools.




Devouring Security: XML – Attack surface and Defenses

leave a comment »







·         XML today

·         XML/XPath injection – Demo

·         Compiled XPath queries

·         DTD use and abuse

          document validations

          entity expansions

          denial of service – Demo

          arbitrary uri access (egress)


          file enumeration and theft – Demo

          CSRF on internal systems – Demo?

·         Framework defaults limits/restrictions

·         Mitigations

·         Lessons learned

·         Verifying your XML systems for potential threats




1.       All of them inclusive of sample code for exploits and prevention. Language(C#, Java, php)/Platform(Windows/Linux) agnostic wherever possible.

2.       It is imperative at this juncture, that you are aware of most attack scenarios against XML, because the framework defaults may not protect you, hence you may be vulnerable, you might have not found it yet.

3.       The session is a bit biased towards DTD abuse in XML systems, as the Injection concepts and remediation remain common in XML when compared to Sql injection.

Sql Injection testing for QA (testers)

leave a comment »



This video is for anyone that likes to know how to test an application for Sql Injection. The content and presentation was focussed on Quality Assurance personnel who are not penetration testers.

Context setting
Quick introduction –
Browser addons for easy proxy switching
Intercepting proxies – Fiddler, OWASP ZAP, BurpSuite, ..?
Fuzzing and identifying vulnerable parameters
Code review pointers for Buddy testing
Demonstration Fiddler, ZAP, sqlmap, Sql Inject Me
Firsthand experience with Sqli tools (Vijay/Shashank)


Related Blogs/Videos/Downloads:

Devouring Security – Sql Injection Part 2  |
Devouring Security – Sql Injection Part 1  |

Foxy Proxy

Chrome extension (open from chrome browser) –

Firefox Extenstion (open from Firefox) –




active python

Mantra browser

Written by gmaran23

May 9, 2014 at 10:39 pm

Set password in Windows 7 Home premium – Ran out of options?

leave a comment »


This article was originally published for and could be located at



By set password, I mean setting the password for a local user account without having to enter the current password. I was surprised that Windows 7 Home premium never had a way to do it via a GUI. The regular GUI options that allow you to set password would all be greyed out, or unsupported. Go to step 5 for NET USER command and set password from the command line.


1. control userpasswords2: Reset Password… button disabled


2. compmtmt.msc: Does not even show you Local Users and Groups


3. lusrmgr.msc: This snapin may not be used with this version of Windows. [To hell with paying for a Home Premium license]


4. User Accounts –> Change Your Password [I have this bad hibernation habit, I seldom shutdown, and also have Disable Lock Computer group policy enabled]


5. Hail the command line options! NET USER works finally.

NET USER <<YourUserNameHere>> <<YourPasswordHere>>


Written by gmaran23

May 9, 2014 at 2:39 pm

Run Commands, cpl, msc files for everyday use

leave a comment »

This article was originally published for and could be located at

A conversation like below, ended up in this blog

Sachin: Thanks, that shortcut helped. Could you give me some?
Maran: Sure
(few seconds later)
Maran: ykw Sachin, let’s make a list.
(few minutes later)
Maran: I think we should put it in a blog


These items are right off my head, most of these commands work from Win XP to Win 8. Memorize them, or use them everyday, so the new operating system changes does not bother you.



 Control panel


 Add remove programs


 Display settings


 Region and language settings


 Internet Properties (Alt T + O in IE)


 Network connections


 Windows firewall


 System properties (Win + break)


 Date time settings


 Power options (powercfg in command prompt)

control schedtasks

 Scheduled tasks

control userpasswords2

 User Accounts

control printers





 Management console for snap-in creation (mother of all .msc files)


 group policy editor


 Disk management


 Device manager


 Local user/group management


 Computer management




 Com+ manager


 Certificate manager for current user (!important – only for current user,
not the machine)




 registry editor


 system restore


 Event Viewer




 Performance monitor


 Task manager


 System Configuration


 Direct X diagnostic tool


 ODBC data source administrator (if you remember DSN connections)


 System Information



shutdown -s -f -t 1

(-s shutdown, -f force -t time in seconds)

shutdown -h


shutdown -r


shutdown -l





About windows




 MS outlook


 MS power point


 MS word


 MS excel




 Visual Studio


 Sql server management studio






 Internet explorer







Win + X

 Power user menu (only Windows 8 – accidental discovery by Sachin)

Win + P

Control monitors and projectors

Win + D

 Minimize windows  – toggle from minimize/maximize (Win + M for minimize, 
I don’t use it)

Win + E

Windows explorer

Win + L 

Lock computer

Win + U

Utilities / Ease of Access

Win + F

Find (Ctrl + E for search in most applications including outlook, explorer)

Win + G

Gadgets (although gadgets are discontinued)


Ok, I will stop now. The list has already grown than expected. Time to get back to work.

There’s a lot more that I don’t know of, refer to the below links:

Forgot to mention, if you have something that you use everyday, please add comments or contact me.

Written by gmaran23

May 8, 2014 at 10:45 pm

Posted in Windows

Tagged with , ,

Reverse engineer .Net assembly to a debuggable Visual Studio Project

leave a comment »


This article was originally published for and could be located at 


Skip the story

I have always wanted to build tools supporting the command like switches like the classic CONVERT command with switches like /FS:, /CvtArea:, and so on.  Couple of years back when I had to build one, I was in a hurry and my options for command line switch parsing (regex, or string splitting), didn’t look bright, back then; I went ahead with the regular string[] args array with no switches. For instance mine was like myprogram.exe ‘filename’ ‘30’, instead of the classic switch style command invoke myprogram.exe /filename:foo.file  /iterations:30. Yeah I know it was the past, and we wouldn’t want to retrospect always. Besides, nobody would have even noticed the work that would have gone behind such an effort because we all seem to like the GUI most of the time, but hey what about self content.

This time, while I was playing with the command line options of CAT.Net and FxCop, and I thought why not just disassemble and study their command line switch parser. These programs must have been written on .Net. So, I opened up CatNetCmd.exe in JustDecompile, created a project  out of it. Arguments.cs was the file I was after. Very neat command line switch parsing with SwitchHandler delegate. Well, so I had my first console application with switch enabled command line arguments. Ildasm.exe was the widely known option during the days of Inside C#, then came along .Net reflector (freeware then, commercial now). I seem to be biased to JustDecompile though, because of the Search, Ctrl+Click for Find Usages, Click to Go to Definition, on demand dll load prompt, and the Create Project… option that I present here.


Download the Free. For everyone. Forever JustDecompile from Telerik – I am going to show you, how to create a Project out of CAT.Net, which is by default installed to C:\Program Files (x86)\Microsoft\CAT.NET\.


1. Right click CATNetCmd.exe and select Open with JustDecompile.



2. Once the assembly is loaded in JustDecompile, just right click and just click Create Project…





Well, Well, Well, Open the solution file, and start debugging already!


Btw, if you are up against command line parsing, and looking for a ready made solution, try

Written by gmaran23

May 5, 2014 at 9:52 pm

unblock with hosts file entry

with 25 comments


Scroll to the solution section or click here if you want to skip some rant.

It’s May 1, I live in India, I desperately wanted to download some learning material, and is blocked here. Well, say ‘fuck’ to the government’s censorship. I used to think it was the imbecile firewall at my office, but when it tried at my home internet recently, IE gives PCBD, and chrome gives you bummer. I did not want to use a web proxy right off, because sometimes they just do not work with AJAX enabled, cookie enabled websites. And most of them do not support file downloads (at least in my experience, may be i haven’t tried harder).

I hate it when the security builders leave loopholes, and hide behind the face of the infamous dialog in the security industry ‘Nothing is 100% secure’. Well, you forgot the basics. When you block a website, you don’t block it based on the domain name. You got to be more advanced than a firewall using school kid.

I will show you a simple hosts file entry technique here to bypass the tyranny.


Wow, don’t I relish and cherish to be a computer engineer. Happy labor day.


Img src:



When you try to access, you can’t connect to the server. Both http, and https equivalent of the links. Your nslookup, ping fails. Somehow you manage to get the up of from online dns lookup websites, and instead of you try the ip, even then you can’t connect.




1. Go to you favorite DNS look up website, mine happens to me

2. Look up and get the ip addess


3. Add a hosts file entry to as (Remember the ip address of may change from the time of this writing). Windows hosts file location C:\Windows\System32\drivers\etc\hosts. Linux hosts file location /etc/hosts. Open a notepad as admin (if UAC enabled in Windows Vista or abobe), use sudo in linux for your favorite text editor (gedit Smile with tongue out), if not running as root.



4. Save the hosts file, breath the air of liberation. (and a free chick ad)


5. Click the Free Download, or Premium Download (if you own a Villa, and not happen to be a miser)

6. Once your download link is generated, you get another bummer, this time the URL in the address bar happens to be a subdomain of with different IP address, and hence blocked. Hang on, let’s copy the complete FQDN of the server, and do a DNS look up at


7. DNS look up of at yields an ip – Add a host entry for the same server and ip. (Note: the download server may vary based on your location, make sure you copy the correct server name from the address for a dns lookup)



8. Go back to your browser, hit the refresh button. See the magic.



Once again, happy labor day!



Update – Aug 9 2014 – Some commenter said it does not work anymore, so here’s a screenshot for you today. Still works.


Written by gmaran23

May 1, 2014 at 5:04 pm