Changes to the Distributed File System (DFS) namespace are made on the domain controller with the PDC Emulator role. DFS root servers periodically request updated metadata from it. Inaccessibility of the PDC Emulator may result in incorrect operation of the DFS.
How to find you PDC
NetDOM /query FSMO
Recently during a DR test we spun up a file server that was protected using Microsoft Shared Cluster Services. The drives where mapped using a Physical Lun. Zerto protects this as long as you backup the Active Node of the cluster.
On Startup you need to change the VM Scsi mapping from Physical to None
Once booted , you should stop the Cluster Service and start is again with the /fixquorum flah
net start clussvc /fixquorum.
Now open the Cluster Manger and remove the Disks from the Server ( you will need to do this twice for each drive )
Once removed , stop the cluster service
bring Online the Disks in Computer manager.
If the disks come up as Raw , you will need to go back and perform a ReSync , then bring up again
Recently had a customer that was getting 15 – 20 minute delays in receiving emails from MailChimp. The same email to services such as Office 365 , Gmail and other email providers came through straight away.
We had whitelisted Mailchimps IP’s per below from Greylisting and Spam to no avail. The Message tracking proved that the message wasn’t hitting the Administration console for the 15 Minutes delay
Source IP Ranges (n.n.n.n/x):
205.201.128.0/20
198.2.128.0/18
148.105.0.0/16
We lodged a Mimecast support ticket and got this escalated to Level 2 and waited a week for a response. In the end a retry of the issue with the technician came through straight away which means there must have been a block somewhere in Mimecast
Recently after a reboot of a server, it came up as errored in our monitoring. I couldn’t ping it however when I logged into it, I could ping out ( Firewall! ). The network Profile for the Network card had changed from Domain to Private which automatically blocks ICMP and RDP.
The server might have started faster than the Domain Controller due to Windows Updates.
You can change the Profile Category of a Network Adapter per below
Set-NetConnectionProfile -NetworkCategory DomainAuthenticated
However
Set-NetConnectionProfile : Unable to set NetworkCategory to 'DomainAuthenticated'. This NetworkCategory type will be set automatically when authenticated to a domain network.
Restarting the Network Location Awareness service fixed this and change this backt to Domain
Recently we had jobs for a server showing up the error : NFC storage connection is unavailable
Turns out a colleague had added a server to the Veeam application with a tape drive to the unit which had actually added that server as a Veeam Backup Proxy!
Jobs actually default to “Use Any Available Proxy” so the Jobs were using the tape drive server as a proxy for some of the Jobs hence the NFC Failure
Recently we swapped a users UPN on a local domain controller ( which syncs to 365 via AAdconnect) to another domain and SMTP alias, all worked well however she could not login to Skype for Business.
Resetting Windows Credentials, Caches and registry items still would not fix this.
Most of the time this is due to the SIP Address not being correct. Little did we know this user had Lync before migrating to 365 so they had a SIP address in the attribute editor
Changing this resolved the issue
For the trusted ips box to show up on the multi-factor authentication server settings in 365 multi-factor authentication so you can whitelist IP’s , you need to purchase and activate at least one single Microsoft Azure Multi-Factor Authentication License ( cheaper optoin ) or a single AD Premium License. This will give you the below options
trusted ips (learn more)
Skip multi-factor authentication for requests from federated users on my intranet
Skip multi-factor authentication for requests from following range of IP address subnets
Create a new Interface under a port or an existing virtual switch where the Aruba switch uplinks to
Enter Vlan ID and Interface IP
Next you will need to setup Allow Policies to allow traffic from the Vlan to the normal lan as well as internet
Create a New Vlan with the Same ID
Add a trunk to the Uplink
Tag all the Ports with Vlan 2 that will have a phone plugged into them, Including the Trunk
Untag any ports the phone system or VOIP card might use
Attach the “voice” to the Vlan which will assign the right vlans for the phones that use LLDP
Go to Security Appliance then Addressing & VLANs
Next setup the Subnet ID ( Number ) for your Vlans and the Address of the Router in each Vlan
Next Change the Uplink to the Switch to a VLAN and set the Native Vlan ( this is the default usually 1 ) and the other Vlans which will pass down this trunk. The Native VLAN will need to be the same on both sides of Meraki and Cisco Switch
Go to Security Appliance then DHCP
What device will be the DHCP on this new Subnet? You can set the Meraki or if its a Windows Network point the IP Helper to your main DHCP server
On the uplink of your switch to the Meraki set e.g. GigabitEthernet1/0/1
conf t
int gi1/0/1
switchport trunk native vlan 1
switchport trunk allowed vlan 1,5
switchport mode trunk
end
You might see the native vlan 1 not showing in the config , this is because 1 is always the native vlan
This changes the port to use Vlan 5
conf t
int gi1/0/2
switchport acccess vlan 5
switchport mode access
end
Many internal companies use Newsletter services such as Mailchimp to email out internal newsletters. The From Address of this is usually an internal email address which means it will get rejected by the anti spoofing policy
In Mimecast Administration Panel go to :
Administration -> Gateway -> Policies -> Anti Spoofing SPF based Bypass
Administration -> Gateway -> Policies -> Anti Spoofing
Add the policy below , you can get a list of IP’s Mailchimp user here
