Recently had a friend who bought a TPLINK VR1600v to extend her existing wifi , the router doesn’t have Access Point mode so you need to put this in a double NAT setup
Recently cut over a domain from an old 365 tenant to a new one, upon trying to add the email account to outlook was visit with the error
The old account had been enrolled in Intune here
Removing the old account here , I tried to enroll the new account however I got an enrollment message pop up , this something happens due to old enrollment data getting stuck
Delete ( or clear as much as you can from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments ) then try again
When opening https://portal.manage.microsoft.com/
You see
You don't have any apps yet
Your company hasn’t made any apps available to you on this device.
Getting this device managed might let you access other company resources available to you, such as email and documents. Go to Devices to get started.
However when you open the Company portal app via the store if loads the apps list fine. This happens when you have multiple enrolled devices and the browser doesn’t know while one you have logged in with
Solution
Click on Devices
Click on the grey bar
Click on your device you are using to access the Web and click Add
The process below is how to re-register Vmware Update Manager
cd /lib/vmware-updatemgr/bin
mkdir backup
cp -p extension.xml backup/
cp -p vci-integrity.xml backup/
cp -p jetty-vum* backup/
Now go ahead and finish the failed registration with this command:
/usr/lib/vmware-updatemgr/bin/vmware-vciInstallUtils -C /usr/lib/vmware-updatemgr/bin/ -L /var/log/vmware/vmware-updatemgr/ -I /usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password> -S /usr/lib/vmware-updatemgr/bin/extension.xml -O extupdate
Upon running the above, I got an error saying it didn’t like the password , I had to put it in single quotes
chown updatemgr:updatemgr vci-integrity.xml
service-control –start vmware-updatemgr
Note: In the command above replace the information <your vCenter FQDN> with your own vcenter FQDN.
/usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password>
1) Microsoft Best Practice of Leaving exchange server on-prem for management
“With the recent Exchange vulnerabilities allowing hackers into the LAN, Exchange is just giving them another entry point. So it becomes even more important to remove any unnecessary back doors. If Microsoft would give us a way of managing the Exchange A.D attributes without needing to maintain an Exchange server on-premise, we could get rid of one more headache to patch. monitor and update.”
2) Datacenter Domain Controllers
Physical Domain Controllers
In datacenters, physical domain controllers should be installed in dedicated secure racks or cages that are separate from the general server population.
If a domain controller is configured to use software RAID, serial-attached SCSI, SAN/NAS storage, or dynamic volumes, BitLocker cannot be implemented, so locally attached storage (with or without hardware RAID) should be used in domain controllers whenever possible.
Virtual Domain Controllers
If you implement virtual domain controllers, you should ensure that domain controllers run on separate physical hosts than other virtual machines in the environment.
Even if you use a third-party virtualization platform, consider deploying virtual domain controllers on Hyper-V Server in Windows Server 2012 or Windows Server 2008 R2, which provides a minimal attack surface and can be managed with the domain controllers it hosts rather than being managed with the rest of the virtualization hosts.
You should also consider separating the storage of virtual domain controllers to prevent storage administrators from accessing the virtual machine files.
3) Secure Administrative Hosts
Administrative hosts should be configured to require smart card logon for all accounts
Physical security includes controlling physical access to administrative hosts. In a small organization, this may mean that you maintain a dedicated administrative workstation that is kept locked in an office or a desk drawer when not in use.
1. Download the lsdoctor tool from this kb : https://kb.vmware.com/s/article/80469?lang=en_US
2. If VCSA then use Winscp to transfer the zip to vcenter appliance else in windows vc copy and paste to destination vc.
3. Follow the kb and run the trustfixer option -t : python lsdoctor.py -t
4. Now restart the update manager service.
5. Access the update manager tab.
Upon cloning an oracle instance, the connection to the Oracle server came back with an error
Ora-12514: Invalid Connection TNS Listener not currently know of service requested in connect descriptor
I did change the Mac Address of the server when cloning,
In the end I recloned and left the Mac Address’ as is and this seem to fix the issue
Go into your Farm and Remove then Re-Add your session Hosts
Recently trying to splin an enviroment up in DR and upon login to the RDS Gateway , I was getting the below
Logging into the RDGateway showing the following event from the RDS Gateway
“The user “DOMAIN\Username“, on client computer “IP”, did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”. The following error occurred: “23003”.
I had a look on the NPS Role ( Network Policy and Access Services” and saw that the user was trying to be authenticated locally instead of the remote Radius Server that was set in The RDGateway
“Remote RADIUS (Remote Authentication Dial-In User Service) server group does not exist”
I rebooted the Gateway and this fixed the issue , I think it had come up before the domain or radius serverv.
Recently I enabled IP Helper on a subnet instead of using DHCP Filters for EUFI Booting. This resolved getting EUFI Machines booting off of the MDT server , however, legacy computers would not work coming up the error below
To resolve this I increase the scratch Space Size and Completely regenerated Deployment Share and reimported the .wim in to the Windows Deployment Server
