Posted by paris on Jun 27, 2017 in
Random Adding an HTTPS monitor for a new SSL site in N-able brought back everything online apart from Server Certificate Signature
The guide N-Able provided didn’t give much info to this alert
The validity of the SSL certificate (indicated as either valid or invalid).
The certificate did come with a Root Authority ticket from GoDaddy gd-g2_iis_intermediates, installing this on the N-Able management server resolved the error
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: gd-g2_iis_intermediates, N-Able, Ncentral, Server Certificate Signature
Posted by paris on Jun 23, 2017 in
Networking Prepare the Switch Config
Vlan ID 1 = Guest
Vlan ID 10 = Corporate
Access point ports and controllers should be Untagged with VlanID 1 and Tagged with Vlan 10
Guest Wifi Internet Input should be Untagged with Vlan 1 as well as your Management port you control the switch with
Input of Corporate Network into the switch needs to be Tagged port 10
Access point configuration
- Check you are not using an Array of AP’s and if you are you are, log into the Master AP in your array. Any other access point you login to the changes will not save
2) Create a new SSID with password
Enabled VLAN Status
Create VID 1 Default per below and Corp for Vlan ID
Change the PVID settings to
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: array, changes not saving, DAP-2590, guest wireless, not saving, tag, untag, vlan, wireless guest
Posted by paris on Jun 21, 2017 in
Research If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. You should also be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links.
To obtain these patches, simply go to http://www.catalog.update.microsoft.com/Search.aspx and punch in the KB number in the Search bar on the top right hand corner, then choose the update for the relevant architecture.
Windows Version | KB Article |
XP / 2003 x86 | KB4012598 |
Vista / Server 2008 server all editions | KB4012598 |
Windows 7 All Editions | KB4012212 |
Windows Server 2008 R2 (all editions) | KB4012212 |
Windows 8.1 (all editions) | KB4012213 |
Server 2012 (all editions) | KB4012214 |
Server 2012 R2 | KB4012213 |
Server 2016 | KB4013429 |
Windows 10 Version 1507 (RTM pre Anniversary Update) | KB4012606 |
Windows 10 Version 1511 (November Update) | KB4013198 |
Windows 10 Version 1607 (Anniversary Update) | KB4013429 |
Protip: To get the Windows 10 version number, simply type run the winver command
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Posted by paris on Jun 21, 2017 in
Random A Domain using Firstwave was getting the below errors in the email headers :
Authentication-Results: spf=permerror (sender IP is x.x.x.x)
Received-SPF: PermError (protection.outlook.com: domain of domain.com used an invalid SPF mechanism)
Firstwave SPF record needs to be the following
“v=spf1 include:spf.firstwave.com.au ~all” for your domain(s).
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: permerror
Posted by paris on Jun 20, 2017 in
Random Some Dell laptops have an issue where they loose the ability to charge laptop batteries. Sometimes this can be fixed with a Bios update , however Dell has security to stop you updating the Laptop with less than 10% battery which will not work due to the issue of charging the battery
To force a BIOS update
- download the .exe in Windows
- Open command prompt and navigate to the .exe using CD
- RUN “biosupdatename.exe /FORCEIT” which will install the bios update without the warning about 10% charge
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: 10% battery, bios, dell, force, forceit, not charging battery, update
Posted by paris on Jun 20, 2017 in
Research
Clear the following registry keys and restart the Windows Update Service
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Posted by paris on Jun 20, 2017 in
Code @if (@CodeSection == @Batch) @then
@echo off
setlocal
set "servers=dev1 dev2 dev3 test1 test2 test2:8080 prod prod:443"
for %%I in (%servers%) do (
for /f "tokens=1,2 delims=:" %%a in ("%%I") do (
set "port=%%~b"
if not defined port set "port=80"
setlocal enabledelayedexpansion
cscript /nologo /e:JScript "%~f0" "%%~a" "!port!" && (
echo %%a port !port!: OK
) || (
echo %%a port !port!: Error
)
endlocal
)
)
goto :EOF
@end // end batch / begin JScript chimera
var server = WSH.Arguments(0),
port = WSH.Arguments(1),
protocol = port == 443 ? 'https' : 'http',
URL = protocol + '://' + server + ':' + port + '/',
XHR = WSH.CreateObject('Microsoft.XMLHTTP');
XHR.open('GET', URL);
XHR.setRequestHeader('User-Agent','XMLHTTP/1.0');
XHR.send('');
while (XHR.readyState != 4) WSH.Sleep(25);
WSH.Quit(XHR.status - 200);
Kudos to Rojo for this
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: 443, 80, bat file, http, https, port open, responding, script
Posted by paris on Jun 19, 2017 in
Networking If you’ve never used a Cisco Access point ( Aironet ) by default out of the box or after a factory reset the dot11rad 0 interface will be set to shutdown and will no broadcast any of your SSID’s
Also by default only webpage administration is available, you can enable SSH through the website Administration
Enabled through SSH :
ap(config)#interf dot11rad 0
ap(config)#no shutdown
Depending if you have 1 or 2 SSID you will need to enable Guest mode or MutliGuest Mode
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: broadcast, cisco Aironet, enable, multi ssd, ssid
Posted by paris on Jun 19, 2017 in
Networking When going through the commands to enable WPA on cisco Wireless Account point
ap(config)#interface Dot11Radio0
ap(config-if)# encryption mode ciphers aes-ccm
Then
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
I was shown Error: Encryption mode cipher is not configured.
Turns out this setting needs to be applied to each VLAN presented to the SSID
ap(config)#interface Dot11Radio0
ap(config-if)#encryption vlan 13 mode ciphers aes-ccm tkip
I could then run
ap(config-ssid)#authentication open
ap(config-ssid)#authentication key-management wpa version 2
ap(config-ssid)#guest-mode
ap(config-ssid)#wpa-psk ascii WirelessPassword
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Tags: 1140, Cisco, command line, enable wpa, security, ssid, wpa, wpa 2, WPA2
Posted by paris on Jun 18, 2017 in
Research After the restart of a Citrix Netscaler , our SNMP monitoring was coming back with high Second Round Trip times locally for the NetScaller of 1 – 4 Seconds. Logging in and checking the settings looked good.
In the end a reboot fixed this!
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Use Script below in a Bat file and Administrator , then restart ( https://support.microsoft.com/en-ca/help/971058/how-do-i-reset-windows-update-components )
