Changes to the Distributed File System (DFS) namespace are made on the domain controller with the PDC Emulator role. DFS root servers periodically request updated metadata from it. Inaccessibility of the PDC Emulator may result in incorrect operation of the DFS.

How to find you PDC

NetDOM /query FSMO


 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently during a DR test we spun up a file server that was protected using Microsoft Shared Cluster Services. The drives where mapped using a Physical Lun. Zerto protects this as long as you backup the Active Node of the cluster.

On Startup you need to change the VM Scsi mapping from Physical to None

Once booted , you should stop the Cluster Service and start is again with the /fixquorum flah

net start clussvc /fixquorum.

Now open the Cluster Manger and remove the Disks from the Server ( you will need to do this twice for each drive )

Once removed , stop the cluster service

bring Online the Disks in Computer manager.

If the disks come up as Raw , you will need to go back and perform a ReSync , then bring up again

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a customer that was getting 15 – 20 minute delays in receiving emails from MailChimp. The same email to services such as Office 365 , Gmail and other email providers came through straight away.

We had whitelisted Mailchimps IP’s per below from Greylisting and Spam to no avail. The Message tracking proved that the message wasn’t hitting the Administration console for the 15 Minutes delay

Source IP Ranges (n.n.n.n/x): 
205.201.128.0/20
198.2.128.0/18
148.105.0.0/16

 

We lodged a Mimecast support ticket and got this escalated to Level 2 and waited a week for a response. In the end a retry of the issue with the technician came through straight away which means there must have been a block somewhere in Mimecast

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently after a reboot of a server, it came up as errored in our monitoring. I couldn’t ping it however when I logged into it, I could ping out ( Firewall! ). The network Profile for the Network card had changed from Domain to Private which automatically blocks ICMP and RDP.

The server might have started faster than the Domain Controller due to Windows Updates.

You can change the Profile Category of a Network Adapter per below 

Set-NetConnectionProfile -NetworkCategory DomainAuthenticated

However

Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.

Restarting the Network Location Awareness service fixed this and change this backt to Domain

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently we had jobs for a server showing up the error : NFC storage connection is unavailable

Image result for NFC storage connection is unavailable

Turns out a colleague had added a server to the Veeam application with a tape drive to the unit which had actually added that server as a Veeam Backup Proxy!

Jobs actually default to “Use Any Available Proxy” so the Jobs were using the tape drive server as a proxy for some of the Jobs hence the NFC Failure

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 

 

Recently we swapped a users UPN on a local domain controller ( which syncs to 365 via AAdconnect) to another domain and SMTP alias, all worked well however she could not login to Skype for Business.

Resetting Windows Credentials, Caches and registry items still would not fix this.

Most of the time this is due to the SIP Address not being correct. Little did we know this user had Lync before migrating to 365 so they had a SIP address in the attribute editor

Changing this resolved the issue

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

For the trusted ips box to show up on the multi-factor authentication server settings in 365 multi-factor authentication so you can whitelist IP’s , you need to purchase and activate at least one single Microsoft Azure Multi-Factor Authentication License ( cheaper optoin ) or a single AD Premium License. This will give you the below options

 

trusted ips (learn more)
Skip multi-factor authentication for requests from federated users on my intranet
Skip multi-factor authentication for requests from following range of IP address subnets

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Fortigate

Create a new Interface under a port or an existing virtual switch where the Aruba switch uplinks to 

Enter Vlan ID and Interface IP

 

Next you will need to setup Allow Policies to allow traffic from the Vlan to the normal lan as well as internet

Aruba

Create a New Vlan with the Same ID

Add a trunk to the Uplink

Tag all the Ports with Vlan 2 that will have a phone plugged into them, Including the Trunk

Untag any ports the phone system or VOIP card might use

Attach the “voice” to the Vlan which will assign the right vlans for the phones that use LLDP 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Meraki MX Router

Enable Vlans

Go to Security Appliance then Addressing & VLANs

Next setup the Subnet ID ( Number ) for your Vlans and the Address of the Router in each Vlan 

Next Change the Uplink to the Switch to a VLAN and set the Native Vlan ( this is the default usually 1 ) and the other Vlans which will pass down this trunk. The Native VLAN will need to be the same on both sides of Meraki and Cisco Switch

DHCP

Go to Security Appliance then DHCP

What device will be the DHCP on this new Subnet? You can set the Meraki or if its a Windows Network point the IP Helper to your main DHCP server

Cisco Switch

Uplink

On the uplink of your switch to the Meraki set e.g. GigabitEthernet1/0/1

 

conf t
int gi1/0/1
switchport trunk native vlan 1
switchport trunk allowed vlan 1,5
switchport mode trunk
end

You might see the native vlan 1 not showing in the config , this is because 1 is always the native vlan

UnTag Port on new Vlan

This changes the port to use Vlan 5

conf t
int gi1/0/2
switchport acccess vlan 5
switchport mode access
end
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)