1

Update Symantec Endpoint Protection Manager/Clients to 12.1.7004.6500 ( Update to SEP 12.1 RU6 MP5 )

Posted by paris on Jul 1, 2016 in Fixes

SEPM[1]If you have seen the recent news of a Google Engineer reverse engineering Symantec’s Antivirus Kernel Decompresser 

http://www.itnews.com.au/news/symantec-scrambles-to-patch-severe-holes-in-26-products-429907

You will need to update all your Machines Symantec Endpoints to 12.1.7004.6500 ( Update to SEP 12.1 RU6 MP5 ) per Symantec recommendation here

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

More details of the patch

https://support.symantec.com/en_US/article.INFO3801.html

To do this on SEPM

*** Important Check for curent Autorestart settings***

  • Login to SEPM
  • Go to the Clients page
  • Select the group your server is in
  • Select the Policies tab at the top
  • Under Settings select General Settings
  • On the Restart Settings tab

First go here : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

And enter the license key for your Symantec Endpoint Product ( will start with M! ) can be be found by logging into your Symantec Account

After Download Symantec_Endpoint_Protection_12.1.6_MP5_SEPM_EN.exe

Run the installer on SEPM server ( may need a reboot before and backup of DB ) 

After installing you will have new packages available 

Run through this : http://www.symantec.com/connect/articles/upgrade-clients-sep-121-auto-upgrade-feature

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , ,

 
0

China – Shanghai

Posted by paris on Jun 30, 2016 in Travel
  1. shanghai-1[1]Facebook is blocked , Google is blocked in certain regions of Shanhai ( E.g. not business districts ) I found in Pudong it worked though, you can use this on your Android Application or Desktop to get this to work : https://getlantern.org/

  2. Cash is King in China, hardly any places take card , get this changed at the airport or use an ATM

  3. China's Peoples UberChinese Uber as below theres new Uber! People’s Uber with the China Star. You really need to be with someone who can speak Mandarin as the driver will call close to the premise and it’s hard to get number plates. The destination will need to be written in Mandarin as well, which can be copied from a Google Page.

  4. North Korean Restaurant run by North Korean University Students Every night at 7:30pm, North Korean female singers take the stage to sing all of the favorite North Korean songs (Arirang included) in glittery sequined minis and the traditional Korean dress called “Choson-ot”

Address

359 Zhaojiabang Lu, 2nd floor, near Jiashan Lu
Telephone: +86 21 6417 1777

4. Han City – A great market for all the trademarked infringed products China has to offer which are sometimes from the same factories as the real ones , like Iphones running Android, however at the time of writing this , the building Lease expires at the end of this week , so the many other fake markets Shanhai offer can be found through a Bing ( China’s Google! )

5. Dumplings , xiao long bao! We visited Crystal Jade Restaurant for a great good quality selection. Old Town (Nanshi)  is worth a visit to get really big xiao long bao

6. Chinese Acrobats – http://www.shanghaiacrobaticshow.com/ can be booked from any hotel and hostel really worth the visits it’s next level Cirque du Soleil

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Vmware : Cannot create snapshot. Operation not allowed in current state

Posted by paris on Jun 30, 2016 in Random

vmware_view_pilot-5132020[1]

  1. Login to the host where the virtual machine lies and try and do a snapshot via here instead of VCentre
  2. If Take Snapshot is greyed out on the host , then check the settings of the device for :
  • Does it have an PCI Devices cards mapped to it? E.g. for Use of Tape Drives. If so these will need to be removed as Vmware doesn’t support snapshotting these.
  • Does it have any physical mapped Drives to it instead of virtual , again is not supported for snapshotting
    1. Try shutting down the VM to see if you can snapshot it shutdown insteaf of powered off
  1. Restart the Management Agents on the hosts
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Activating Windows 10 – Windows Srv 2012R2 DataCtr/Std KMS for Windows 10

Posted by paris on Jun 22, 2016 in Random

kms[1]A client recently wanted to Add Windows 10 Activation to his KMS Server , multiple online research – here

Proves you need some Windows Updates as well as a “Windows Srv 2012R2 DataCtr/Std KMS for Windows 10” Key

It seems you need to call VLSC  ( https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx ) Services to get this key added to your portal as they don’t release it online

Option 4 , then 2 

You will need to give them your agreement number ( Login online and go to Administration , My Permissions ) and Read out the Agreement Number ( Started with V )  under Licensing ID

However I was only being given Windows Srv 2012R2 DataCtr/Std KMS after multiple calls

The “Windows Server 2012 R2 with Windows 10” KMS key is only displayed using the Microsoft Article above or on the phone but to get that key, you need to have an active Software Assurance for Windows Server 2012 R2.

It relies on Server Datacenter having SA. It’s a new Class C key.

The 2012 R2 Datacenter key (of the past) activated Windows 8.1 Enterprise but it wasn’t aware of Windows 10. This is a new Datacenter key that also activates Windows 10 Enterprise (and below).

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

How to find Mac Address to Port Relation on HP 1920G

Posted by paris on Jun 21, 2016 in Networking

HP have forced people to use the Web interface on the new range of switches , however you can enable advanced cli through : 

Using _cmdline-mode on

with Password: Jinhua1920unauthorized

To find the Mac and port relation on 1920G

Login to Web interface , go to Network Tab , then sub tab MAC

You can See Mac and port relation there

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Get list of Windows Updates needed to be installed on Virtual Machine Enviroment Vmware/ Powershell

Posted by paris on Jun 16, 2016 in Random

 

Run Vmware Powercli

Run 

Connect-ViServer %name of server%

Run the output of below to a text file

E.g. .\Get-PendingUpdate.ps1 | Output-File file.txt

 

Function Get-PendingUpdate { 
<# 
.SYNOPSIS 
Retrieves the updates waiting to be installed from WSUS 
.DESCRIPTION 
Retrieves the updates waiting to be installed from WSUS 
.PARAMETER Computer 
Computer or computers to find updates for. 
.EXAMPLE 
Get-PendingUpdates 
 
Description 
----------- 
Retrieves the updates that are available to install on the local system 
.NOTES 
Author: Boe Prox 
Date Created: 05Mar2011 
#> 
 
#Requires -version 2.0 
[CmdletBinding( 
DefaultParameterSetName = 'computer' 
)] 
param( 
[Parameter( 
Mandatory = $False, 
ParameterSetName = '', 
ValueFromPipeline = $True)] 
[string[]]$Computer 
) 
Begin { 
$scriptdir = { Split-Path $MyInvocation.ScriptName –Parent } 
Write-Verbose "Location of function is: $(&$scriptdir)" 
#Create container for Report 
Write-Verbose "Creating report collection" 
$report = @() 
} 
Process { 
ForEach ($c in $Computer) { 
Write-Verbose "Computer: $($c)" 
If (Test-Connection -ComputerName $c -Count 1 -Quiet) { 
Try { 
#Create Session COM object 
Write-Verbose "Creating COM object for WSUS Session" 
$updatesession = [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$c)) 
} 
Catch { 
Write-Warning "$($Error[0])" 
Break 
} 
 
#Configure Session COM Object 
Write-Verbose "Creating COM object for WSUS update Search" 
$updatesearcher = $updatesession.CreateUpdateSearcher() 
 
#Configure Searcher object to look for Updates awaiting installation 
Write-Verbose "Searching for WSUS updates on client" 
$searchresult = $updatesearcher.Search("IsInstalled=0") 
 
#Verify if Updates need installed 
Write-Verbose "Verifing that updates are available to install" 
If ($searchresult.Updates.Count -gt 0) { 
#Updates are waiting to be installed 
Write-Verbose "Found $($searchresult.Updates.Count) update\s!" 
#Cache the count to make the For loop run faster 
$count = $searchresult.Updates.Count 
 
#Begin iterating through Updates available for installation 
Write-Verbose "Iterating through list of updates" 
For ($i=0; $i -lt $Count; $i++) { 
#Create object holding update 
$update = $searchresult.Updates.Item($i) 
 
#Verify that update has been downloaded 
If ($update.IsDownLoaded -eq "True") { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "True" 
$report += $temp 
} 
Else { 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = ($update.Title -split('\('))[0] 
$temp.KB = (($update.title -split('\('))[1] -split('\)'))[0] 
$temp.IsDownloaded = "False" 
$report += $temp 
} 
} 
 
} 
Else { 
#Nothing to install at this time 
Write-Verbose "No updates to install." 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
Else { 
#Nothing to install at this time 
Write-Warning "$($c): Offline" 
 
#Create Temp collection for report 
$temp = "" | Select Computer, Title, KB,IsDownloaded 
$temp.Computer = $c 
$temp.Title = "NA" 
$temp.KB = "NA" 
$temp.IsDownloaded = "NA" 
$report += $temp 
} 
} 
} 
End { 
Write-Output $report 
} 
}
 
 
$GetVM = Get-VM | 
Where {$_.Guest -match 'windows'} | 
Where {$_.PowerState -eq 'PoweredOn'}
 
Foreach ($vm in $GetVM)
{
$vm.Name
Get-PendingUpdate -Computer $vm.Guest.IPAddress[0]
}

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Juniper SRX 240 IP SEC Static Route not showing up in Show Route

Posted by paris on Jun 16, 2016 in Networking

SRX210[1]Trying to get  site to site route based VPN working with 2 x SRX 240’s with the config ; 

routing-options {

static {

route 192.168.60.0/24 next-hop 172.27.0.18

This was worked on a previous site to site vpn , however , using Show route after committing this did not show 192.168.60.0 in the routing table

172.27.0.18 was the IP of the secure tunnel interface st0.3 which was 

it’s a Juniper official technical document for route-based VPN setup that you just declare the Secure Tunnel interface instead of the IP

http://www.juniper.net/techpubs/en_US/junos12.1×44/topics/example/ipsec-route-based-vpn-configuring.html

routing-options {

static {

route 192.168.60.0/24 next-hop st0.3

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

iLO HP ML380 G7 Certificate Error SSL_ERROR_BAD_MAC_ALERT / ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Posted by paris on Jun 12, 2016 in Fixes

iLO-3-Image[1]On trying to get to it in Firefox I was presented with 

SSL_ERROR_BAD_MAC_ALERT 

On trying to get to it through Chrome I was presented with

This site can’t provide a secure connection

10.0.0.2 uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.

We tried through CLI : 

load -source http://webserverip/iso/ilo2_229.bin /map1/firmware1

However this was giving us errors for some reason

We found a workaround in Internet Explorer is to disable TLS 1.2 (Tools >
Options > Advanced > UNTICK Use TLS1.2). 

After Restarting IE , it logged us into the ilo , however this was not the stop of the problems , upgrading to the latest firmware 1.57 gave us errors

We had to update to 1.28 first , then we could upgrade to the latest , below is a link to someone has all the links to the correct BIN files

http://ijustdoit.eu/hp-proliant-ilo-firmware/

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , , ,

 
0

How to enable SIP traffic outbound/inbound on Fortinet/Fortigate

Posted by paris on Jun 10, 2016 in Networking

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

http://www.3cx.com/blog/docs/disable-sip-alg-on-fortigate/

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , ,

 
0

Holiday Visa Wiki

Posted by paris on Jun 9, 2016 in Travel

It’s always a pain searching embassy sites trying to find out what visa you need ( on arrival ) or getting one before!

Emirates has just made this so much easier with drop down search  :

http://www.emirates.com/us/english/plan_book/essential_information/visa_passport_information/find_visa_requirements/find_visa_requirements.aspx

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Copyright © 2016 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy