Recently had a friend who bought a TPLINK VR1600v to extend her existing wifi , the router doesn’t have Access Point mode so you need to put this  in a double NAT setup

  1. Change the router IP from 192.168.1.1 to 192.168.2.1
  2. Plug the WAN port of the VR1600v into the LAN port of your existing router
  3. Change Wireless Settings 
GD Star Rating
loading...
GD Star Rating
loading...

Recently cut over a domain from an old 365 tenant to a new one, upon trying to add the email account to outlook was visit with the error

 

The old account had been enrolled in Intune here

Removing the old account here , I tried to enroll the new account however I got an enrollment message pop up , this something happens due to old enrollment data getting stuck

Delete ( or clear as much as you can from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments ) then try again

GD Star Rating
loading...
GD Star Rating
loading...

When opening https://portal.manage.microsoft.com/

You see

You don't have any apps yet

Your company hasn’t made any apps available to you on this device.

Getting this device managed might let you access other company resources available to you, such as email and documents. Go to Devices to get started.



However when you open the Company portal app via the store if loads the apps list fine. This happens when you have multiple enrolled devices and the browser doesn’t know while one you have logged in with 

Solution

Click on Devices

Click on the grey bar

Click on your device you are using to access the Web and click Add

GD Star Rating
loading...
GD Star Rating
loading...

The process below is how to re-register Vmware Update Manager

cd /lib/vmware-updatemgr/bin

mkdir backup

cp -p extension.xml backup/

cp -p vci-integrity.xml backup/

cp -p jetty-vum* backup/

Now go ahead and finish the failed registration with this command:

/usr/lib/vmware-updatemgr/bin/vmware-vciInstallUtils -C /usr/lib/vmware-updatemgr/bin/ -L /var/log/vmware/vmware-updatemgr/ -I /usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password> -S /usr/lib/vmware-updatemgr/bin/extension.xml -O extupdate

Upon running the above, I got an error saying it didn’t like the password , I had to put it in single quotes

chown updatemgr:updatemgr vci-integrity.xml

service-control –start vmware-updatemgr

Note: In the command above replace the information <your vCenter FQDN> with your own vcenter FQDN. 

/usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password>

GD Star Rating
loading...
GD Star Rating
loading...

1) Microsoft Best Practice of Leaving exchange server on-prem for management 

“With the recent Exchange vulnerabilities allowing hackers into the LAN, Exchange is just giving them another entry point. So it becomes even more important to remove any unnecessary back doors. If Microsoft would give us a way of managing the Exchange A.D attributes without needing to maintain an Exchange server on-premise, we could get rid of one more headache to patch. monitor and update.”

2) Datacenter Domain Controllers

Physical Domain Controllers
In datacenters, physical domain controllers should be installed in dedicated secure racks or cages that are separate from the general server population.

If a domain controller is configured to use software RAID, serial-attached SCSI, SAN/NAS storage, or dynamic volumes, BitLocker cannot be implemented, so locally attached storage (with or without hardware RAID) should be used in domain controllers whenever possible.

Virtual Domain Controllers
If you implement virtual domain controllers, you should ensure that domain controllers run on separate physical hosts than other virtual machines in the environment.

Even if you use a third-party virtualization platform, consider deploying virtual domain controllers on Hyper-V Server in Windows Server 2012 or Windows Server 2008 R2, which provides a minimal attack surface and can be managed with the domain controllers it hosts rather than being managed with the rest of the virtualization hosts.

You should also consider separating the storage of virtual domain controllers to prevent storage administrators from accessing the virtual machine files.

3) Secure Administrative Hosts

Administrative hosts should be configured to require smart card logon for all accounts

Physical security includes controlling physical access to administrative hosts. In a small organization, this may mean that you maintain a dedicated administrative workstation that is kept locked in an office or a desk drawer when not in use. 

GD Star Rating
loading...
GD Star Rating
loading...

1. Download the lsdoctor tool from this kb : https://kb.vmware.com/s/article/80469?lang=en_US
2. If VCSA then use Winscp to transfer the zip to vcenter appliance else in windows vc copy and paste to destination vc.
3. Follow the kb and run the trustfixer option -t : python lsdoctor.py -t 
4. Now restart the update manager service. 
5. Access the update manager tab.

GD Star Rating
loading...
GD Star Rating
loading...

Upon cloning an oracle instance, the connection to the Oracle server came back with an error

Ora-12514: Invalid Connection TNS Listener not currently know of service requested in connect descriptor

  • The listener was listening on the right port
  • Firewalls were off and client to ping server

I did change the Mac Address of the server when cloning, 

In the end I recloned and left the Mac Address’ as is and this seem to fix the issue

 

GD Star Rating
loading...
GD Star Rating
loading...

Recently trying to splin an enviroment up in DR and upon login to the RDS Gateway , I was getting the below

RD Gateway and RemoteApp Error: Remote Desktop can&#39;t connect to the remote  computer &quot;RDS.Domain.Local&quot; for one of these reasons - Ultimate Support for  IT Pros - ThirdTier

Logging into the RDGateway showing the following event from the RDS Gateway

“The user “DOMAIN\Username“, on client computer “IP”, did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”. The following error occurred: “23003”.

I had a look on the NPS Role ( Network Policy and Access Services” and saw that the user was trying to be authenticated locally instead of the remote Radius Server that was set in The RDGateway

“Remote RADIUS (Remote Authentication Dial-In User Service) server group does not exist”

I rebooted the Gateway and this fixed the issue , I think it had come up before the domain or radius serverv.

 

 

GD Star Rating
loading...
GD Star Rating
loading...

Recently I enabled IP Helper on a subnet instead of using DHCP Filters for EUFI Booting. This resolved getting EUFI Machines booting off of the MDT server , however, legacy computers would not work  coming up the error below

To resolve this I increase the scratch Space Size and Completely regenerated Deployment Share and reimported the .wim in to the Windows Deployment Server

 

GD Star Rating
loading...
GD Star Rating
loading...