Mimecast will actually let you send from another domain you do not own ( will need to open a Support ticket and give a business reason ) 


Mimecast Production IP ranges (This IP range when you have a registered internal domain)
include:au._netblocks.mimecast.com

Mimecast Non-Production IP Ranges (This IP range is used for non-internal domains)
include:au._extnetblocks.mimecast.com

If customers wish to impersonate a domain you do not own, for example with address rewriting, use the DNS Authorization Code found in Your Mimecast Account Settings. The Mimecast Secure Email Gateway checks messages that are sent from each account. If the sending domain doesn’t match a domain listed as internal to the account, it will then check the TXT record of the sending domain for the presence of the DNS Authorization Code. If this code isn’t present, messages will be sent using these IP blocks instead of the normal route.


https://community.mimecast.com/s/article/Connect-Application-Implementing-SPF-for-Outbound-Email-Delivery-731048977

GD Star Rating
loading...
GD Star Rating
loading...

Open Powershell As Administrator

Import-Module NTFSSecurity

#Check Existing Access

dir2 “\\?\e:\folde\path\name” -Recurse | Get-NTFSAccess

#Take Ownership

dir2 “\\?\e:\folde\path\name” -Recurse | Set-NTFSOwner -Account “Administrators”

#Add Permissiosn

dir2 “\\?\e:\folde\path\name” -Recurse | Add-NTFSAccess -Account Administrators -AccessRights FullControl

#recheck Access

dir2 “\\?\e:\folde\path\name” -Recurse | Get-NTFSAccess

Prove access for a user

Get-ChildItem -Path c:\docs -Recurse -Directory | Get-NTFSEffectiveAccess -Account ‘corp\confroom’ | select Account, AccessControlType, AccessRights, FullName

GD Star Rating
loading...
GD Star Rating
loading...

#To verify the Root CA CA.pem and Intermediate CA ICA.pem
openssl verify -CAfile CA.pem ICA.pem

#To create the CA chain ( In Linux or just add files together in notepad for Linux ) 
cat ICA.pem ca.pem > CA-chain.pem

#To verify the CA chain and the web cert
openssl verify -CAfile CA-chain.pem web.pem

#To generate checksum of the private key
openssl rsa -modulus -noout -in private.key 

#To generate checksum of the web cert, the checksum result should match with the private key
openssl x509 -modulus -noout -in web.pem

 

Exporting files for further diagnosis

openssl rsa -in private.key -text -noout
openssl x509 -in web.pem -text -noout
openssl x509 -in ica.pem -text -noout
openssl x509 -in ca.pem -text -noout

GD Star Rating
loading...
GD Star Rating
loading...

Recently we needed to add a new alias to a share for it to be accessible from 

  1. Add DNS A record for that name ( e.g. fileshare -> 192.168.0.33 )
  2. run setspn -S host/fileshare existingfileshareserver (e.g. setspn -S host/filenew file01)
GD Star Rating
loading...
GD Star Rating
loading...
$sid = (Get-ADUser -Filter {sAMAccountName -eq "<yourfiltervalue>" }| Select-Object SID) 
([string]$sid).ToCharArray() | % { $sidToHex += ("{0:x} " -f [int]$_) }
 $sidToHex
GD Star Rating
loading...
GD Star Rating
loading...

Recently I was trying to setup an LAG LCAP bond between a SG500X Cisco Stack and a HP Procurve Aruba Stack.

HP

trunk 1/A1 trk2 trunk lacp

Cisco SG500x

Upon plugging the ports in , the Cisco Port Light would go Active and start flashing , the HP Port would briefly go sold on the Mode light for 2-3 Seconds then go Off

Status of both ports in config were both Off ( even though the Cisco port light was flashing )

After much trial and error , messing with STP and LAG settings , we moved to another port and it worked straight off , so it was a Dud port Cisco END!

GD Star Rating
loading...
GD Star Rating
loading...

You have a device connected to a Router ( Fortigate for this case ) with two IP’s on different Subnets

Solutions

 

GD Star Rating
loading...
GD Star Rating
loading...

I was recently trying to decommission a Storage drive D:\ from an Exchange server

All the Databases and logs had been moved off apart from one folder D:\ExchangeLogs\OfficeGraph\GraphStorageCompactLogs which could not be deleted and it was being used and w3wp.exe ( IIS )  locked a file 

Per this it’s actually ” Graph API is for hybrid Exchange 2016, since you don’t have Hybrid mode, I suggest to disable Graph API service to see if it will prevent that error events happening. 

https://blogs.msdn.microsoft.com/deva/2017/07/22/use-microsoft-graph-api-to-reach-on-premises-cloud-users-of-hybrid-exchange-2016/

There is no way to configure this, so in the end, I have to remove the drive manually

GD Star Rating
loading...
GD Star Rating
loading...

Recently I was trying to backup a workstation using Veeam Agents using Local Credentials

When the job ran to install the Veeam Agent an error came up 

The network name cannot be found. (ERROR_BAD_NET_NAME).

Trying to ping the IP and DNS worked fine

I was trying to Authenticate using .\Administrator ( Which should use its local Administrator account as on the domain

I had to change to PCNAME\Administrator to get it work 

GD Star Rating
loading...
GD Star Rating
loading...