delete fortigate hardware switch

November 12, 2019Research

By default Fortigates come with all their LAN interfaces on a hardware switch. You might want to change this so you can use these as seperate interfaces

Delete all the policies attaches to the LAN network
Removed DHCP from the Lan Network

Next in CLI run the below

configure system virtual–switch

delete lan

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to detect Disk Data change on Vmware VM ( write rate )

November 9, 2019Research

Enabling vCenter Server Data Collection

To enable vCenter Server data collection:

1.Connect to the vCenter Server.

2 In the Administration menu item, selectvCenter Server Settings The vCenter Server Settings dialog is displayed.

3. Select Statistics.

4. Make sure that the Statistics Level value for all interval durations up to and including the one day duration is at least 2. If any of the durations have a value less than 2, do the following, starting with the smallest interval:

a) Select the interval and clickEdit

b) Change Statistics Level to Level 2

c) Click OK

5. Repeat step 4 for all the values up to and including the 1 day interval duration.

6. Click OK and wait for at least a day before using the aggregate usage data. Collecting Data Characteristics for VMs

You can collect data characteristics for the virtual machines in a VPG in one of the following ways:

Via vSphere Client console performance statistics.

By running a script to collect the data characteristics.

Note: The script samples supplied with the download, require vSphere PowerCLI and permissions to access the vCenter Server using the script.

8 By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems. Collect data for a minimum of one day. Collecting this information impacts on performance and therefore the collection period should be long enough to gather a true representation of usage but not too long. The first procedure described below, to collect data characteristics for the VMs via the vSphere Client console performance statistics, uses

a timeframe of one day and the second procedure, to collect data characteristics for the VMs by running a scri pt to collect the data characteristics uses a timeframe of seven days.

Note: When running vCenter Server versions before version 5.x, if any of the virtual machines use NFS storage, metrics for the

NFS storage are not generated by the vCenter Server. To collect data characteristics for the VMs via the vSphere Client console performance statistics:

1. In the vSphere Client console select the VM and open the Performance tab.

2. Click Advanced

3 . Click the Charts Options link. The Customize Performance Chart dialog is displayed.

4. In Chart Options , drill-down in Disk and select Past day

5. In Counters , click None to clear all the selections and then select Disk Write Rate or Write Rate

6. Click OK

9 A chart similar to the following is generated:

Use the chart for the average write rate of the VM.

To collect data characteristics for the VMs via a script:

Note:

The following script and the samples supplied with the download, require vSphere PowerCLI and permissions to access

the vCenter Server using the script.

Run a script similar to the following:

$report = @()

Get-VM | %{

$stats = Get-Stat -Entity $ -Stat disk.write.average -Start (Get-Date).adddays(-7) –

ErrorAction SilentlyContinue

if($stats){

$statsGrouped = $stats | Group-Object -Property MetricId

$row = “” | Select Name, WriteAvgKBps, WriteAvgMBps

$row.Name = $_.Name

$row.WriteAvgKBps = ($statsGrouped |

where {$_.Name -eq “disk.write.average”} |

%{$_.Group | Measure-Object -Property Value -Average}).Average

$row.WriteAvgMBps = $row.WriteAvgKBps/1024

$row.WriteAvgKBps = “{0:N2}” -f $row.WriteAvgKbps

$row.WriteAvgMBps = “{0:N2}” -f $row.WriteAvgMBps

$report += $row

}

$report | Export-Csv “C:\ZertoOutput.csv”

Note: If you want a value other than seven days, change the value of the adddays() function. For example to collect data

for three days, use adddays(-3)

Use the resulting file, C:\ZertoOutput.csv , for the average write rate of the VM.

Note: Versions of this script are included in the download with this document

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

xmlrpc.php

November 9, 2019Wordpress

Recently in the server logs I saw lots of attempts to /xmlrpc.php

/xmlrpc.php is the file used for Pingbacks, so if someone links to my blog , they can add my blog article and WordPress will check in then create a link to the users site. This actually opens up wordpress sites to be used for DOS’ people

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wordpress-xml-rpc-pingback-vulnerability-analysis/

You can disable access to this file via updating .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

Measuring Hyper V Disk Rate Change

November 4, 2019Research

You can collect data characteristics for the virtual

machines in a VPG in one of the following ways:

By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems.
By using Windows PowerShell in Windows Server 2012 to collect network utilization (and other information). When using metering ACLs, you can measure the total network traffic sent and received by a virtual mach ine. To collect performance characteristics for the virtual machines in a VPG, using PowerShell, do the following:

Turn on resource metering for the relevant virtual machines, if it is not already enabled

Adjust the collection frequency, if necessary.

Collect the relevant statistics. Zerto recommends that you collect data for a minimum of one day. When you have enough statistics, you may want to turn off resource metering since data collection can impact performance.

Turning on Resource Metering

By default, resource metering is not enabled. To turn on resource metering for one virtual machine, enter the following

PowerShell command:

Get-VM <VM-name > | Enable-VMResourceMetering

To turn on monitoring for all virtual machines on a server at one time, enter the following PowerShell command:

Get-VM | Enable-VMResourceMetering

Once you enable resource metering, Hyper-V begins to collect data. You can reset metering at any time, which discards the data that has been collected up to that point.

If resource metering is enabled but no NetworkAdapterAcls are configured, Hyper-V configures them to measure total network traffic. To measure network traffic throug h an IP range, configure the NetworkAdapterAcls for the IP range before runningEnable-VMResourceMetering

.

Adjusting the Collection Frequency

By default, the collection frequency is once every hour. You can change the collection frequency, but understand that datacollection can impact performance. To change the

collection frequency, enter the following command:

Set-VMHost –ComputerName <host-server-name> -ResourceMeteringSaveInterval <HH:MM:SS>

The collection frequency is always set at the host server level.You cannot adjust the collection frequency per virtual machine

.For example, if you enter 01:30:00, resource consumption will be ollected every hour and a half.

Collecting and Viewing the Relevant Statistics

To view resource usage for one virtual machine, enter the following command:

Get-VM <VM-name> | Measure-VM

Resource metering data can be displayed for all of the virtual machines that are running on a host. To see data for all of thevirtual machines on a host, enter the following command:

Get-VM | Measure-VM

You can configure PowerShell to display only certain statistics. To do this, you must know the object names that PowerShell

assigns to each statistic. You can see the object names by entering the following command:

Get-VM | Measure-VM | Select-Object *

For example, when working with Zerto Virtual Replication, you are interested in network traffic.To list the network traffic foreach virtual machine, enter the following command:

Get-VM | Measure-VM | Select-Object VMName, NetworkMeteredTrafficReport

You can use VM Network Adapter ACLs to measure network activity to and from a specific network. For example, to meter

network traffic for a special subnet or IP address:

Add-VMNetworkAdapterAcl -VMName <VM-name> -Action Meter -RemoteIPAddress 10.10.0.0/16 -Direction Outbound

Turning off Resource Metering

To disable the collection of performance statistics, enter the following PowerShell command:

Disable-VMResourceMetering -VMName <VM-name>

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

Administrator trying to access other users Onedrive – Loading Access Link – Access File nothing happening

November 4, 2019Research

When trying to access another user Onedrive via the Admin portal of 365 , the new gui shows

“Loading Access Link” and no link is shown

The old Classic view you cannot click on the Access Files

This is due to the Administrator not have an Office 365 License , make sure one is assigned to get access to the App ( onedrive )

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

How to find Local Administrator Password Set in MDT

November 2, 2019Research

Naviate to your DeploymentShare and Open up the Task Sequence in the Control Directory

C:\DeploymentShare\Control\TaskSequence1

Open

Unattend.xml

Search for AdministratorPassword in this file

You should see the password in plaintext

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

October 28, 2019Research

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

(“pwcount= + “1”) – Expression syntax error [ount= + “1^”), Offset 15]

October 28, 2019Research

Recently I was trying to hide the password 2 field on a netscaler box due to Azure MFA Radius.

The netscaler was brining back the error : Expression syntax error [ount= + “1^”), Offset 15]

It looks like there is syntax errors on guides online , the expression should be

(“pwcount”= + “1”)

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

Http/1.1 Internal Server Error 43531

October 28, 2019Research

Recently trying to setup a secondary virtual server for Citrix , on login the following prompt was displayed

Http/1.1 Internal Server Error 43531

Make sure your Virtual Server has session policies bounded : https://www.carlstalhood.com/category/netscaler/netscaler-12/netscaler-gateway-12/#bind

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments

Server 2008 R2 servers keep failing to install Windows Updates

October 27, 2019Research

Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.

To sort out this issue, install the following patches in order (ideally reboot after installing each) and then patch your servers successfully:

https://support.microsoft.com/en-us/help/4490628/servicing-stack-update-for-windows-7-sp1-and-windows-server-2008-r2

https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

Rating: 0.0/10 (0 votes cast)

Rating: 0 (from 0 votes)

No Comments