Recently I tried to setup a 365 Send connector to relay it through another third party Mimecast ( https://community.mimecast.com/docs/DOC-1623 ) . Mimecast confirmed they had enabled the Tenant domains to relay through Mimecast.

 

The send connector was Failing as the last Step, however I was receiving the email. After numerous calls with office 365 support they came back with the reply “We don’t support technical help with Third Party SMTP Servers”

Checking the headers on the email that came through showed the validator wasn’t even relaying through Mimecast.

Enabling the Send Connector and trying again resolved the issue , however it’s a flawed design , because after enabling it during the validation if any user tries to send out and it doesn’t work they will produce an NDR

• No Comments

On a new deployment of Citrix , the Print Spooler would crash and then stop. This means you cannot remove any errored drivers. You will need to reset the Print Spooler manually in the registry

Stage 1

1. Go into the registry by typing REGEDIT into the run dialog box
2. Export
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print Key as a backup
3. Navigate to the following keys:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environment\Windows NT x86  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64
4. In these keys, there should be two subkeys
   Drivers ( Version 3 and Version 4 )
Print Processors
5. Delete Any Physical Printer Drivers you have added ( easier to re-add these then reinstalling Doc Converters )
6. Try Starting Print Spooler to see if this fixes it

Stage 2

1. In Explorer, rename everything in this folder
   c:\windows\system32\spool\drivers\w32x86
   and c:\windows\system32\spool\drivers\x64
2. Try Starting Print Spooler to see if this fixes it

Stage 3

1. Navigate to the following key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors
2. In this key, there should be 7 subkeys
   BJ Language Monitor
Local Port
Microsoft Document Imaging Writer Monitor
Microsoft Shared Fax Monitor
Standard TCP/IP Port
USB Monitor
WSD Port
3. If there are any extra keys, export them and delete them.
4. Try Starting Print Spooler to see if this fixes it

There is also an application that can help you with this https://github.com/jdickson289/Print-Reset-Tool/

• No Comments

Recently I needed to help a customer move their domain to Office 365 and to do this we needed full access to the Domain. A whois for the domain showed the below:

Registrar WHOIS Server: whois.auda.org.au
Registrar URL: 
Last Modified: 2019-01-06T11:00:10Z 
Registrar Name: Netregistry Pty Ltd 
Registrar Abuse Contact Email: 
Registrar Abuse Contact Phone: 
Reseller Name: 
Status: ok https://afilias.com.au/get-au/whois-status-codes#ok
Registrant Contact ID: SECO1386 
Registrant Contact Name: Corporate Services 
Registrant Contact Email: corporateservices@reckon.com.au
Tech Contact ID: C0573762-AR 
Tech Contact Name: Dominic Main 
Tech Contact Email: dmain@netregistry.com.au

The domain was purchased when setting up the company with the accountant reckon.com.au so it was in their Netregistry account. Netregistry don’t let Resellers access domains , so we had to contact Reckon.com.au via Telelphone and after verifying our identity they send through an EPP code for the domain which we could transfer in to another provider

• No Comments

Tried several solutions to resolve event ID 4004 before finding one that worked: https://community.spiceworks.com/topic/569594-dfsr-tombstoned-folder-s. The issue can arise when you remove/delete a server from a replication group or delete the replication group itself and re-create it with the same name or same target and/or destination folders, which is what I did as a result of the datastore corruption

Apart from event logs, you can run this command in PowerShell to check DFSR status. You want to see 4s.

Get-WmiObject -Namespace “root\MicrosoftDFS” -Class DfsrReplicatedFolderInfo | Select-Object ReplicatedFolderName,ReplicationGroupName,state

• No Comments

Installation Files for the Client

Terminal Client Plug In for BigHand.msi

Terminal Client Plug In for BigHand (64-bit RDP).msi

Installation on the Terminal Server

Terminal Server Add Ons for BigHand Client.msi

On the 2012 R2 Remote Desktop Server you will need to do the following GPO steps:

1. Click Start > Run and type in gpedit.msc
2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client
3. Select the ‘Turn Off UDP On Client’ option and set this to Enabled.
4. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
5. Select the ‘Select RDP transport protocol’ and set this to Enabled.
6. Then in the drop down select ‘Use only TCP’
7. Restart the server

• No Comments

There is no information for this WQL Query

Turns out you need a VBS script to run to populate this, without the Professional License you will need to get this to run another way

Enter GPO!

Save the Below script to a location that all users have access to e.g. \\domain.local\NETLOGON\Scripts

https://raw.githubusercontent.com/N-able/ScriptsAndAutomationPolicies/master/AV%20Status/AVStatus.vbs

Create a new GPO and Apply it to the Workstations OU

Create the Below File Copy in the GPO

Source file \\domain.local\NETLOGON\Scripts\AVStatus.vbs

Destination file C:\Windows\AVStatus.vbs

Add Startup Script to the GPO

Create AVStatus.bat with the below and add this to startup

cscript AVStatus.vbs WRITE

• No Comments

Recently got a new Konica C658 installed with a Punch and Stapler Unit , however you have to add these manually for the options to show up under Finish options

If you go to properties of the Printer , then choose Configure, you can then add the Finisher and Punch Unit Model per beow

• No Comments

Recently I was trying to add a Windows Feature into a Windows.wim file. 

After mounting the Wim I ran the below on a server 2012 machine

Dism /Image:”c:\temp” /Enable-Feature /FeatureName:NetFx3 /all

However I got 

Error 87 : “enable-feature is unknown”

I had to run the Dism /Image:”c:\temp” /Enable-Feature /FeatureName:NetFx3 /all command on a Windows 10 Box

• No Comments

Meraki’s Advice to enable AD authentication for VPN is to create the Service account as …. Domain Administrator

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Active_Directory_Integration

This is big security no no ( Incase the account gets compromised then the whole domain gets compromised ) 

You can set this account as Domain User which will give the access

• Query the user database via LDAP
• Query group membership via LDAP

You can then assign the WMI permissions for : Query the domain controller via WMI 

by doing the below on the domain controller 

To set the WMI user access permissions

1. Select Start > Run.
2. On the Run dialog, type wmimgmt.msc in the Open field.
3. Click OK to display the Windows Management Infrastructure (WMI) Control Panel.
4. In the left pane of the WMI Control Panel, highlight the WMI Control (local) entry, right-click, and select the Properties menu option. This displays the WMI Control (Local) Properties dialog box.
5. Select the Security tab in the WMI Control (Local) Properties dialog box.
6. In the namespace tree within the Security tab, expand the Root folder. This action lists the available WMI name spaces.
7. Click the CIMV2 namespace to highlight it.
8. Click Security to display the Security for ROOT\CIMV2 dialog box.
9. Click Add in the Security for ROOT\CIMV2 dialog box to display the Select Users or Groups dialog box.
10. Add the domain user account that will be used as your proxy data collection user account. This should be a domain account (not a local computer account), but it does not need to be an account with administrative access.
11. Click OK to close the Select Users or Groups dialog box and return to the Security for ROOT\CIMV2 dialog box. The user account you selected should now be listed in the Name list at the top of the dialog box.
12. Select the newly added user (if it is not already selected) and enable the following permissions:
    • Enable Account
    • Remote Enable
      Enable the permissions by clicking the Allow box, if it is not already checked for that permission. The Enable Account permission should already be selected, but the Remote Enable permission will need to be selected.
13. Click OK to close the Security for ROOT\CIMV2 dialog box.
    The permissions should now be properly set for the proxy data collection user account.

• No Comments

Trying to authenticate a user with their AD credentials and the error displayed

The remote connection was denied because of the username and password combination

In the Event Log on the Meraki 

 

Also saw these errors

msg: invalid DH group 19.
 msg: invalid DH group 20.

msg: failed to begin ipsec sa negotiation.

You need a TLS Certificate on the Domain Controller and Radius server for Communication , run the below powershell 

New-SelfSignedCertificate -DnsName domaincontroller.domain.local -CertStoreLocation cert:\LocalMachine\My

This will create a cert for you in Personal / Certificates for the Local Computer

You will need to use the MMC to copy this to the Trusted Root Certification Authorities

 

I also has issues with Radius with the error : msg: failed to begin ipsec sa negotiation.

After following these settings : https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

In the end I had to Clear out the Conditions in the network polices ( Specifically the Calling Station ID ) and re-add

• No Comments