Configure the firewall to allow network traffic that is related to SQL Server and to the SQL Server Browser service.

Four exceptions must be configured in Windows Firewall to allow access to SQL Server:

  1. A port exception for TCP Port 1433. In the New Inbound Rule Wizard dialog, use the following information to create a port exception:
    • Select Port
    • Select TCP and specify port 1433
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule “SQL – TCP 1433”
  2. A port exception for UDP Port 1434. Click New Rule again and use the following information to create another port exception:
    • Select Port
    • Select UDP and specify port 1434
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule “SQL – UDP 1434
  3. A program exception for sqlservr.exe. Click New Rule again and use the following information to create a program exception:
    • Select Program
    • Click Browse to select ‘sqlservr.exe’ at this location:
       
[C:\Program Files\Microsoft SQL Server\MSSQL11.<INSTANCE_NAME>\MSSQL\Binn\sqlservr.exe] where <INSTANCE_NAME> is the name of your SQL instance.  
  • Allow the connection
  • Choose all three profiles (Domain, Private & Public)
  • Name the rule SQL – sqlservr.exe
  • A program exception for sqlbrowser.exe Click New Rule again and use the following information to create another program exception:
    • Select Program
    • Click Browse to select sqlbrowser.exe at this location: [C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe]. 
    • Allow the connection
    • Choose all three profiles (Domain, Private & Public)
    • Name the rule SQL – sqlbrowser.exe
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently on testing an MSA serving iSCSI hosts after modifying the MTU size to varying amounts to tests throughput of a hyper V host our SNMP monitoring system detected hundreds of Inbound Errors and 10’s of discard.

To resolve this reversal was performed on the SAN to disable Jumbo frames and to change he MTU size on the Switch and the Networks cards, however this errors still displayed on the SAN Eth 0-2 ports and did nothing to resolve this. In the end we had to restart each of the storage controllers ( A and B )  to resolve this

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

WannaCry

If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. You should also be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links.

 

To obtain these patches, simply go to http://www.catalog.update.microsoft.com/Search.aspx and punch in the KB number in the Search bar on the top right hand corner, then choose the update for the relevant architecture.

 

Windows Version

KB Article

XP / 2003 x86

KB4012598

Vista / Server 2008 server all editions

KB4012598

Windows 7 All Editions

KB4012212

Windows Server 2008 R2 (all editions)

KB4012212

Windows 8.1 (all editions)

KB4012213

Server 2012 (all editions)

KB4012214

Server 2012 R2

KB4012213

Server 2016

KB4013429

Windows 10 Version 1507 (RTM pre Anniversary Update)

KB4012606

Windows 10 Version 1511 (November Update)

KB4013198

Windows 10 Version 1607 (Anniversary Update)

KB4013429

 

Protip: To get the Windows 10 version number, simply type run the winver command

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

 

Clear the following registry keys and restart the Windows Update Service 

  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

  • HKEY_LOCAL_MACHINE\SYSTEM\Internet Communication Management\Internet Communication

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate

  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

After the restart of a Citrix Netscaler , our SNMP monitoring was coming back with high Second Round Trip times locally for the NetScaller of 1 – 4 Seconds. Logging in and checking the settings looked good.

In the end a reboot fixed this!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Core Cheat Sheet

Get in Command prompt by logging into the machine

Type Powershell in the CMD Window to get to PW

Get Virtual Machines

Get-VM

Start all VM

Start-VM *

Start one VM

Start-VM %VMNAME%

Show services set to automatically start and stopped : 

Get-WmiObject win32_service | Where-Object -FilterScript { $_.state -ne "Running" -and $_.StartMode -eq "Auto" } | Select-Object name 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

A user can open up Word , Excel and PDF’s but not Emails as it crashes from Worksite / iManage with the DLL NRtmsgform.dll

This means the Load Behaviour in the Filesite Add in imFileSite.Connect set o 0 ( but EMM is working ) 

Check in : 

HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins and change Load Behaviour to 3

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

http://kb.fortinet.com/kb/documentLink.do?externalID=FD37215

Seeing Session Clashes on your foritgate? 

Double check there are no errors for  NAT port exhaustion

If you are running from multiple connections try disabling the backup line as this could of been setup incorrectly by the ISP in a Active Active connection instead of Active Passive Connection

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Setup MFA Server to proxy radius connections between Gateway and Radius server ( Network Policy Server ) 

image

Add the gateway as a Radis Client for the MFA Server

image

Setup Radius Target):

image

Connect Remote Desktop Gateway to MFA server

image

Fix the timeout settings for the request 

Under Remote Radius Server open the TS Gateway Server Group. Then choose edit.

image

Change seconds without response before request is considered dropped to 60 seconds.

image

On the NPS server add MFA server as radius client. So I open the NPS Console on the ADC and add new radius client :

image

Here I have created the MFA Radius client on the ADC:

image

 Connection Request Policies Add MFA server as condition 

image

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)