Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

You will need to convert the powerpoint to a one page document in Word.

Use Zamzar to convert from ppt to docx : http://www.zamzar.com/convert/ppt-to-docx/

Once converted , Install this to your WordPress Site

https://wordpress.org/plugins/mammoth-docx-converter/

Once activated, go to Add Post , scroll to the bottom of the post and you should see: 

Find your .docx document and upload it , then click insert into Editor

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

The below command needs to be run on Each Host , it  will remove the old one and install the new one

esxcli software vib install -d https://update.nimblestorage.com/esx6.5/ncm/index.xml

The host then needs to be rebooted to install

You can add https://update.nimblestorage.com/esx6.5/ncm/index.xml , as an update location via Update Manager in Vmware Vcenter Server and Add a Host Basline Extension , then remediate this to the hosts as well

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Updating NimbleOS

Updating NimbleOS

The Basics

Upgrading Nimble OS is something clients can complete easily and with confidence, thanks largely to the thorough pre-checks and verifications that are part of the process.

If your arrays are communicating back to Nimble Support, InfoSight will be able to determine if there are updates available and present the GA versions of Nimble OS suitable (whitelisted) for your environment. Because InfoSight works to inoculate the WW install base from known issues, it may blacklist some Nimble OS versions from being available upgrade choices. Clients can discuss with Nimble Support in order to understand what changes may be required in the environment before safely being able to install a version currently blacklisted for your environment.

Many clients perform upgrades during business hours however there is no shame in scheduling these outside of hours and when there is little workload running. Clients with a valid Support Status may contact Nimble Support anytime 24 x 7.

Do not hesitate to contact Nimble Support on 1-800-751-916 https://www.nimblestorage.com/customer-support/

This indicates there is a communication issue preventing the array from sending heartbeats and ASUP detail to Nimble Support and this should be resolved unless installed on a dark site.

From InfoSight, Reports – Asset Report you can verify Support status. Contact your local Nimble Representative if you need to renew your Support cover.

Nimble Connection Manager

 

Install or Update Nimble Connection Manager

Nimble Connection Manager (NCM) simplifies configuration on iSCSI, automatically creates the optimal number of iSCSI sessions for each Nimble volume and manages the selection of paths to the volumes.

NCM is available for Linux, Windows/Hyper-V and vSphere environments.

Please refer to the latest VMware Integration Guide which includes details for NCM installation/upgrade and much more. Available for download from InfoSight (Resources

– Documentation).

For Update Manager installs on 6.0 & 6.5 see: https://connect.nimblestorage.com/thread/11802

NCM Version Compatibility With Nimble OS

On the Nimble Validated Configuration Matrix, Select NCM for VMware Compatibility with Nimble OS, from the drop down, select the version of Nimble OS you are running OR planning to run after upgrading.

NCM Version Compatibility With vSphere

On the Nimble Validated Configuration Matrix, Select Nimble Connection Manager for VM, you can then select from the drop down the vSphere Version you are running OR planning to run after upgrading.

Download NCM for VMware

On the Nimble Validated Configuration Matrix, Resources – Software Downloads, select Connection Manager (NCM) for VMware. Download the appropriate package for your vSphere version.

From: NTS-2001-I Course

One-click, zero-downtime Nimble OS upgrades

? Before you begin:

– Check your current version

– Obtain the most recent version

– Check system health

Selecting Different Versions

? If you click Download, you may be presented with different versions to upgrade to.

Firmware

Firmware

1. Load new firmware to standby

2. Reboot standby to run new rev.

3. Load new firmware to other controller

4. Reboot active to activate new rev. – causes failover and the

standby becomes active

From: Nimble GUI Administrator Guide

Software Updates

Nimble Storage offers several ways to keep an array up-to-date, to improve its performance, and to increase data storage capacity. (The term upgrade refers to Nimble array hardware.) The term update refers to the NimbleOS software (NOS).

Upgrades and Updates

There are multiple upgrade paths for hardware, as well as NimbleOS software updates available that can run on the array, depending on your array model. If you want to increase data storage capacity, you can add expansion shelves without having to perform an update or upgrade.

Upgrades

Depending on which model of Nimble array you have, there are upgrade paths for the controllers and cache drives. An upgrade procedure is the same as replacing a controller or the cache SSDs. However, the new component is more powerful or has greater capacity.

Contact Nimble Storage Support at www.nimblestorage.com/support when you want to upgrade.

See the applicable upgrade quick start guide that ships with the upgrade component. The Nimble Storage

Hardware Guide also covers upgrades.

Updates

The NimbleOS is the software that runs on the array. Nimble provides regular maintenance releases and periodic updates to the NimbleOS. Maintenance releases typically correct bugs and enhance features. Updates involve a major new release of the NimbleOS with new features and capabilities.

If a NimbleOS update is available for your array, you can accomplish the update in less then an hour for each array in the group. (If you want to combine your Nimble arrays as members of a group, each of them must have the same version of NimbleOS 2.x or later installed.) The update procedure works on one controller at a time and results in a controller failover. To avoid any data service disruption, make sure that the initiators connected to the array have proper MPIO timeouts configured before performing the software update.

If the Nimble Windows Toolkit (NWT) is not installed on the Windows hosts, be sure to configure timeout values appropriately. See Timeout Values on page 233.

The NimbleOS has an automated procedure to download and install updates. Or, you can download NimbleOS software at the Nimble Storage InfoSight™ at https://infosight.nimblestorage.com. If you do not have a user account, you can create one on your first visit.

See Update the NimbleOS.

Find the NimbleOS Version

Procedure

To determine which version of the NimbleOS is installed on the array:

1 In the NimbleOS GUI, choose Help > About Nimble Storage.

2 Look for the Version number just below the Nimble Storage logo.

3 Click OK to dismiss the dialog box.

Download the NimbleOS Update File This task is required if your Nimble array has no Internet access. Procedure

To download the NimbleOS update file:

1 From another workstation, in your browser address field, type: https://infosight.nimblestorage.com

The Nimble Storage InfoSight™ opens in a browser window.

2 On the NimbleOS tab, select the NimbleOS update version from the drop-down menu.

3 In the list of download packages, click Software and save the NimbleOS update file and save the file to a convenient

place on your PC or host.

Update the NimbleOS

Procedure

1 Choose Administration > Software.

2 In the Software pane, click Download.

3 In the list of NimbleOS Updates, check the update to install and click Download.

4 When you see the downloaded NimbleOS update file in the Software pane, click Update.

5 When the End User License Agreement (EULA) appears, scroll to the bottom of the EULA, check the box,and click Agree.

Installation does not continue until you click Agree.

6 Read the Software Update message and click OK.

The NimbleOS update process takes about 20 minutes per array. During that time, a controller failover and a browser reload occur automatically. The array itself remains online and available throughout the update.

If you have multiple arrays in a storage group, all group arrays are updated, one at a time, to the same version of

NimbleOS.

Note If your connection to the array drops during the update, you might not be able to re-establish connection until the update is done.

When the update is finished, the new NimbleOS version is listed as the Current version.

Verify the NimbleOS Update

Procedure

1 Go to Events.

2 Verify the NimbleOS update by checking the Events list for the update event. For example:

A successful software update is indicated by two update events, one for each controller

From: https://esxsi.com/2016/09/22/nimble-os/

 

Log into the web interface of the Nimble device. Select

the Administration drop down menu and click Software.

On the software page click Download to download the latest operating system version, this does not being the update process but downloads the software to the array. If you have obtained the software from Nimble support

click Upload and browse to the folder location.

Once the software has downloaded click Update. In this example we are upgrading from v2.3.14 to v3.4.1. The process involves updating one controller at a time, since they run as active / passive there should be no outage.

When prompted with the license agreement click Agree. Click Ok to the message about clearing your browser cache and reloading the page once the update is complete.

The update will now commence, keep in mind that you

may see the process stages ‘1 of 7’ jump forward and then back a step, this is normal. Once the first controller has finished updating the browser will reload during fail-over.

Once the update is complete you will be returned to the software page, where the current version number should now be updated. Depending on what you are upgrading to and from, some of the menu pages look a little different, such as the home page. If you have any issues with the web client at this stage then delete your browsing history and restart the browser.

Check in RECENT EVENTS, you should see the software successfully updated message for both controllers. If you have email notifications setup you will also have been notified of this via email. It’s worth checking over the servers that have Nimble storage volumes mounted and that all paths are available.

Explanation of Nimble OS Version

 

Release family Planned maintenance

release

Unplanned

maintenance release

Patch release

The Meaning of Each Software Release Status

 

Software Release Status Description

Initial Production Release (IPR)

GA Candidate Production Release (GAC)

General Availability Production Release (GA)

The software release is ready for production use. Until the release achieves General Availability status

(see below), the release will be available upon request to customers desiring the capabilities of the new release. In addition, the release will also be proactively made available to a subset of customers and/or systems. The set of such proactively notified / white-listed customers/systems will gradually expand until GA status is achieved.

The software release is ready for production use. These are the maintenance releases after IPR up until the release achieves General Availability status (see below). The release will be available upon request to customers desiring the capabilities of the new release. In addition, the release will also be proactively made available to a subset of customers and/or systems. The set of such proactively notified/white-listed customers/systems will gradually expand until GA status is achieved.

The release is designated as GA after it has demonstrated a high level of stability across a large number of production systems and sufficiently long runtime across those systems. The specific thresholds are determined by Nimble and will depend on the

Release Notes (READ ME FIRST)

Release Notes contain important update prerequisite information, and should be reviewed before updating the software.

Documentation and downloads are available on InfoSight:

• Release Notes (Resources > Documentation > Release Notes > 4.x)

• Nimble Storage Software Release Model (Resources > Documentation > Support Policy)

o NOTE: An updated version of the “End of Availability / Support Policy” document was uploaded on 12/07/2016

• Software Update FAQ (Resources > Documentation > Knowledge Base Article > KB-000351 Nimble Array: Software Update

FAQ)

• Compatibility Matrix (Resources > Documentation > Compatibility Matrix)

• Host Integration software (Resources > Software Downloads > Integration Kits)

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to add your email account to Outlook 2016 you get the follow error

an encrypted connection to your mail server is not available

365 is obviously  encrypted which means there must be something wrong with Autodiscover

  1. Check Autodiscover

Should be a CNAME to autodiscover.outlook.com. ( Put full stop on the end )

2. Make sure you have finished setting up the domain in 365 or it won’t listen for the domain

Test Autodiscover via : https://testconnectivity.microsoft.com/

Try logging in to powershell on your 365 Tenant and disabling OAuth2 (2fa ) 

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Firstwave url quarantine

Check the email by getting it replayed ( Go to Email, then Trace and Replay ) 

It will then come through. Open the email in HTML and find all the links it links to and also any image links

Found the linked in Image on poor reputation of the website http://www.seosydney_com_au/wp-content/uploads/2016/04/linkedin.png which is embedded in the email body

You can confirm this on the Talos website which is one of the reputation services used by Firstwave:

https://talosintelligence.com/reputation_center/lookup?search=www_seosydney_com_au%2Fwp-content%2Fuploads%2F2016%2F04%2Flinkedin.png

Changed Email Body of signature to link to LinkedIn Logo from main LinkedIn Site

Best practice is to advise the sender of the poor web reputation of some of the links in their emails. They can contact Talos regarding that.

As a work around, I would recommend that you remove the policy you have applied under content control application and apply the same policy in the security application, under malicious url (remember to allow email domain not the blocked domain ) 

If you can’t edit this you will need to get Firstwave support to do this

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

You might have setup a new Ubiqiti access point using a controller based at another site, which is not the final destination of the device, so it is no longer configurable when you get to the new site.

If you can get the Old controller back up and connect to the access points you can use the below to move the Access Points to a new site via the Site Migration

https://help.ubnt.com/hc/en-us/articles/115002869188-UniFi-Migrating-Sites-with-Site-Export-Wizard 

If you cannot connect to the old controller anymore you can try logging into the access point via IP and doing:

You can use the Same Old Controller name : 

  1. SSH into AP with former controller’s credentials
  2. in controller, forget AP
  3. reset to default with ‘syswrapper.sh restor-default’
    connection will be terminated
  4. SSH into AP with ubnt/ubnt
  5. use mca-cli shell
  6. set-inform x.x.x.x:8080/inform
  7. where x.x.x.x is the ip of the new unifi controller
  8. in controller, adopt the AP
  9. repeat step 7 after adoption (sometimes this is necessary to get to provisioning)
  10. AP will reboot and provision

Finally you can perform a factory reset on the device to join it to a new controller

https://help.ubnt.com/hc/en-us/articles/205143490-UniFi-How-to-Reset-the-UniFi-Access-Point-to-Factory-Defaults 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)