Microsoft invented a new way to force users into using their online accounts

It became apparent that new Microsoft installations are getting increasingly aggressive, forcing users to create an online Microsoft account on their machines.

Please note that we created a new online Microsoft account in the end… We do not have a working solution to this issue.

Backstory: we purchased a new laptop that had Microsoft Windows 10 pre-installed. The first time we booted it, we did not want to sign in using a Microsoft online account, so we did not give internet to the laptop. Doing so allowed us to create a local account on the computer without associating it with an online account.

After several updates, we tried to install Firefox, and besides the usual annoying Microsoft advertisements about Bing, we got the following messages for Microsoft Windows S Mode.

For security and performance, this mode of Windows only runs Microsoft-verified apps
Initial notification of Microsoft S Mode – For security and performance, Windows 10 in S mode runs Microsoft-verified apps

After clicking on the “Learn More” button, we got the following:

Microsoft S Mode – Switch out prompt

Clicking on the “Get” button got us to the Microsoft Online Account login form…

Microsoft sign-in form appears when you try to switch out of S mode.

We then closed all windows, disabled internet access, and tried installing Firefox again. This time, we got the following message:

After disabling the internet connection, we tried to bypass the SmartScreen and the S mode settings

After clicking on the “Run” button, we got stopped again by the Microsoft Windows S Mode settings.

As this post mentioned, we eventually created a new online Microsoft account and used it to log in and disable Microsoft S Mode.


How to upgrade all Python packages with pip

Below is the command that we use to update all outdated packages in pip.

pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 pip install -U;

Cloudflare certificate on tomcat windows server

Use Keytool to Create a New Keystore at your Windows Server

Step 1

At your server, generate the Keystore file using keytool command at your command line window with the following command:

keytool -genkey -alias tomcat -keyalg RSA -keystore your_site_name.keystore -validity 3650

In the command above, your_site_name should be the name of the domain you want to secure with this SSL/TLS certificate.
When prompted for the first and last name, type the Fully Qualified Domain Name (FQDN) for the site you are securing with this certificate (e.g., www.yourdomain.com, mail.yourdomain.com).

Step 2

Generate a Certificate Signing Request (CSR) from your New Keystore using the keytool command:

keytool -certreq -alias tomcat -file certreq.csr -keystore your_site_name.keystore -keysize 2048

When prompted, enter the password you created earlier (when you created your new Keystore).
In your current directory, certreq.csr now contains your CSR.

Create the certificate from Cloudflare using the certificate request that you created from your Windows Server

Step 3

Open your Cloudflare account, select your domain, open the SSL/TLS tab and click on Origin Server to create the certificate

Step 4

Select the option I have my own private key and CSR where you will Copy-Paste the certificate you saved on the txt file from your Windows Server (certreq.csr), fill in the hostnames, select the expiration years, and press Create

Step 5

Copy-Paste in PKCS#7 key format the certificate in a text file and save the file

Import Cloudflare Origin CA root certificate at your Windows server

Step 6

Copy the Cloudflare Origin CA — RSA Root certificate from the Cloudflare website, save to a file and transfer it to your Windows Server.
[https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#4-required-for-some-add-cloudflare-origin-ca-root-certificates]
Filename: origin_ca_rsa_root.pem

Step 7

Import the root certificate into your Keystore file.

keytool -import -alias root -keystore your_site_name.keystore -trustcacerts -file origin_ca_rsa_root.pem

Add the public certificate from Cloudflare to your Windows Server

Step 8

Copy the file with the PKCS#7 certificate from Cloudflare at your Windows Server

Step 9

Run the following command to import the public certificate at your Keystore

keytool -import -alias tomcat -keystore your_site_name.keystore -file your_site_name.p7b

You should get a confirmation that the “Certificate reply was installed in Keystore.”

Use the newly created server origin certificate from Cloudflare for your website.

Step 10

Find your Tomcat server configuration (server.xml file), make the following changes at your Connector, and save the file.

<Connector executor="tomcatThreadPool" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\ keystore your_site_name.keystore" keystorePass="XXXXXXXXXXXXXX" />

Step 11

Restart the Tomcat service


Bind for 0.0.0.0:443 failed: port is already allocated

On a Docker installation that we have, we updated the image files for our containers using the following command:

docker images --format "{{.Repository}}:{{.Tag}}" | grep ':latest' | xargs -L1 docker pull;

Then we tried to update our container, as usual, using the docker-compose command.

export COMPOSE_HTTP_TIMEOUT=180; # We extend the timeout to ensure there is enough time for all containers to start
docker-compose up -d --remove-orphans;

Unfortunately, we got the following error:

export COMPOSE_HTTP_TIMEOUT=180;
docker-compose up -d --remove-orphans;

Starting entry ... 
Starting entry ... error

ERROR: for entry  Cannot start service entry: driver failed programming external connectivity on endpoint entry (d3a5d95f55c4e872801e92b1f32d9693553bd553c414a371b8ba903cb48c2bd5): Bind for 0.0.0.0:443 failed: port is already allocated

ERROR: for entry  Cannot start service entry: driver failed programming external connectivity on endpoint entry (d3a5d95f55c4e872801e92b1f32d9693553bd553c414a371b8ba903cb48c2bd5): Bind for 0.0.0.0:443 failed: port is already allocated
ERROR: Encountered errors while bringing up the project.

We used the docker container ls command to check which container was hoarding port 443, but none was doing so. Because of this, we assumed that docker ran into a bug. The first step we took (and the last) which solved the problem was to restart the docker service as follows:

sudo service docker restart;

This command was enough to fix our problem without messing with docker further.


BitLocker needs your recovery key to unlock your drive because Secure Boot policy has unexpectedly changed

Oh, the joy of wrong configurations!

Recently, a person brought us this laptop to “fix.”
The previous day, the owner performed some Windows updates, and after restarting, the machine got this error.
After inquiring with him, we got the following information:

  • He did not possess a BitLocker recovery key with a length of 48 digits.
  • He had never even attempted to put one up, save it anywhere, or copy it to a USB drive, nor had he ever printed it off.
  • He logged into his Microsoft and Azure account, receiving the message “You don’t have any BitLocker recovery keys uploaded to your Microsoft account.” even though his device was listed there.
  • He could not locate the recovery key after attempting to follow the published instructions published by Microsoft.

If the information we got from that person is correct, then it means that the last Windows update cost that person inadvertently to lose all data that he did not back up in an external media or service. (Cracking the recovery key for BitLocker is, of course, out of the question for non-magical or extremely rich people with unlimited resources.)

Our only pieces of advice are the following:

  • Wait a few days before updating your PCs. Although this is not a safe practice, it might give the people responsible for this issue some time to fix it with a hotfix patch or similar.
  • In the meantime, perform timely backups of your data to external media or services.
  • If you are familiar with the Windows OS ecosystem, check your BitDefender settings. If that service is active and you do not have the recovery key, disable it and then reactivate it. It will produce a new pair of passwords and recovery keys that you can save for future use.