Author Archive

# Example .inf file:

[Version]

Signature=”$Windows NT$”

 

[NewRequest]

Subject = “CN=dcname.domain.com.au”

KeySpec = 1

KeyLength = 2048

Exportable = TRUE

MachineKeySet = TRUE

SMIME = FALSE

PrivateKeyArchive = FALSE

UserProtected = FALSE

UseExistingKeySet = FALSE

ProviderName = “Microsoft RSA SChannel Cryptographic Provider”

ProviderType = 12

RequestType = PKCS10

KeyUsage = 0xa0

 

[EnhancedKeyUsageExtension]

OID = 1.3.6.1.5.5.7.3.1 ; Server Authentication

 

# Create CSR

certreq -new C:\temp\cert.inf c:\temp\csr.csr

# Issue cert on CA

certreq -submit -attrib “CertificateTemplate:2016KerberosAuthentication” “C:\Users\matt.soltau\Desktop\csr.csr”

– Copy cert.cer from CA to DC

# Accept cert on DC

certreq -accept c:\temp\cert.cer

# Copy Cert form Personal store to ADDS service

# Find Thumbprint (PowerShell)

> Cd Cert:\LocalMachine\My\

> Get-ChildItem

Copy-Item “HKLM:\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\<Thumbprint>” “HKLM:\SOFTWARE\Microsoft\Cryptography\Services\NTDS\SystemCertificates\MY\Certificates\”

GD Star Rating
loading...
GD Star Rating
loading...

Under Renderer there’s a Scan option. Click it to find your Chromecast. If VLC is stuck on scanning for renderer, you should use VLC to open a random multicast network stream in the range of address 224.0.0.X, where X is between 100 and 199. You should notice there is nothing played (since there is no such stream available). Wait for a while and then check for available renderers again. Now they should show up (might take a couple of seconds but not more than a minute). Note: once you have used a number X, you cannot use it again. A way to generate new numbers might be to set X to 100 + current date. If you get stuck more than once a day, then add 30 to the date or just use 100 + current minute as a random number. And when all numbers are exhausted, well then you have to powercycle the laptop unless that has already been done in a month. The complete syntax for the multicast network stream to open is udp://@224.0.0.X:5000

GD Star Rating
loading...
GD Star Rating
loading...

 

Windows 10 – Update 2004 – Issues with Chrome whereby you go and launch the application in windows and the browser does not open.  What does happen though is you can see the process running in task mgr.  This happens for previously deployed workstations and new machines which are run up.  You can click several times on the chrome icon before it will open a window which is reflected by the number of chrome processes running.

There are several articles out there which all talk about removing chrome, reg entries and the profile itself.  None of those make a difference the symptoms still persist.  I have almost narrowed it down to say that it has been caused by the cumulative updates applied to Win10 Build 2004.

 

One interesting thing I found which is off the back of an article is if you rename the exe to chrome1 it works flawlessly every time.  Change it back to Chrome and the same symptoms persist

Fix 1)

Remove 09 Cumulative update (KB4571756) this also fixes the problem.

After finding that I was able to come up with the following https://support.google.com/chrome/thread/70587649?hl=en

Fix 2)

  • Kill all instances of Chrome
  • Go to C:\Program Files (x86)\Google\Chrome\Application or C:\Program Files\Google\Chrome\Application
  • Right click chrome.exe > Properties
  • Change settings for all users
  • Set Compatibility mode to Windows 8
GD Star Rating
loading...
GD Star Rating
loading...

Recently found an application that couldn’t have files dragged and dropped into it on some computers. It would display the following cursor

The trouble was mismatching Program DPI’s ( Between Explorer and the App )  Turning the App down to disable scaling fixed this

GD Star Rating
loading...
GD Star Rating
loading...
Exchange validation
  [-] exchange mailbox validation failed, code: MailboxUnreacheable
CONFIGURATION INVALID
 
Open up
 
C:\ProgramData\Mimecast Synchronisation Engine\State
 
Create global.ini file
 
On the first line enter
 
Mse.Core.Bridge.SecurityProtocol=4032
 
Save , restart the Mimecast Synchronisation Service , and try again
GD Star Rating
loading...
GD Star Rating
loading...

What a mission this was!

Oracle netsuite just flat out refuse to give you a list of IP Address’ for their sending servers

“Support will not provide a list of NetSuite IP addresses” https://docs.oracle.com/cloud/latest/netsuitecs_gs/NSADM/NSADM.pdf

Ontop of this there’s no way to use an internal domain name to send emails like noreply@email.netsuite.com , so there is no clear way to whitelist your spamfilter  ……

After back and forth with their support , they finally gave us sent-via.netsuite.com which you can do a DNS lookup of to get the IPs ( You will have to monitor this for updates ) . Mimecast allows you to whitelist via SPF record so we could add this

 

Name: sent-via.netsuite.com

> set type=txt
> sent-via.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
sent-via.netsuite.com text =

“google-site-verification=MgKgRWwbn2QifDQBVdRu-IQLvbiR8GFB1hNDz_fmzPU”
sent-via.netsuite.com text =

“v=spf1 include:mailsenders.netsuite.com include:_spf.sparkpostmail.com -all”
> mailsenders.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
mailsenders.netsuite.com text =

“v=spf1 ip4:167.216.129.180/32 ip4:167.216.129.182/31 ip4:167.216.129.184/29 ip4:167.216.129.192/29 ip4:167.216.129.200/32 ip4:167.216.129.210/32 ip4:64.89.45.192/30 “
“ip4:64.89.45.196/32 ip4:208.46.212.208/31 ip4:208.46.212.210/32 ip4:185.72.128.75/32 ip4:185.72.128.76/32 ip4:212.25.240.83/32 ip4:212.25.240.84/31 ip4:72.34.168.76/32 “
“ip4:130.61.9.72/32 ip4:130.61.68.235/32 ip4:132.145.13.209/32 ip4:132.145.11.129/32 ip4:152.67.105.195/32 ip4:140.238.193.139/32 ip4:152.67.105.20/32 ip4:72.34.168.86/32 ip4:72.34.168.85/32 “
“ip4:64.89.44.85/32 -all”
> _spf.sparkpostmail.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
_spf.sparkpostmail.com text =

“v=spf1 exists:%{i}._spf.sparkpostmail.com ~all”
>

 

I also recommend you change the From address to a generic netsuite@yourdomain.com so easy to monitor

 

Dkim

NetSuite Email Campaign Best Practices

GD Star Rating
loading...
GD Star Rating
loading...

Recently I was trying to use Item Level targeting on some group polices using just NOT statements ( so it should apply to anything that isn’t NOT ) 

NOT UserA OR NOT User3

However it was not working , Turns out your statement cannot be all NOT’s it has to have a IS in it as well

So it needs to look something like

User IS in Domain Users and NOT UserA or NOT User3

 

GD Star Rating
loading...
GD Star Rating
loading...

Australian drivers’ licence: \b[A-Z0-9][0-9]{5,7}\b

Australian passport: \b[A-Z][0-9]{7}\b

Australian tax file number: \b[0-9]{3}( ?)[0-9]{3}\1[0-9]{2,3}\b

Exclude

1 exclude “Automatic reply:” “Undeliverable:” “Accepted:”

GD Star Rating
loading...
GD Star Rating
loading...

We wanted to swap a new SAN for a customer and our distributor wanted us to run the Nimble Space Savings Estimator , to find out how big the device needed to be.  Unlike Dell with LiveOptics tool , you have to run this across EVERY virtual machine, and run it across all drives for it to scan. I wrote a tool we could use inside BatchPatch to run this .exe from a share across all VM’s

This needs to be run out of hours due to heavy scanning of disk


#Find All Drives on PC (Not CDRom\System Partition)
$drives = Get-Volume | Where-Object {($_.FileSystemLabel -ne "System Reserved") -and ($_.DriveType -eq "Fixed")}

Foreach ($drive in $drives)

{
#Get DriveLetter
$drive = $drive.DriveLetter
& "\\share\Space Savings Estimator\NimbleSSE.exe" $drive`:

}
GD Star Rating
loading...
GD Star Rating
loading...