Recently tried to host an ASP site on GoDaddy’s Windows Hosting , and on run I got the following error

“SecurityException: Request for the permission of type ‘System.Configuration.ConfigurationPermission, System.Configuration, Version=4.0.0.0”

GoDaddy lets you run ASP pages with Trust level full , however you need to delcare this on the web. config file ( Inside system.web ) per below

<system.web>
 <trust level=”Full” />
</system.web>

• No Comments

Trying to run a site and a “HTTP Error 500.19” error shows in IIS

This is because of the web . config containing <rewrite> without having the URL Rewrite for IIS installed

Install URL Rewrite 

• No Comments

Recently I used the  latest version of ASR Deployment Planner (released on Jun/2020) to scope Auzre costs for a customer , however the ASR brought error trying to sync a VM with 6tb drive size 

Ever since 9.26 of ASR , a 8TB has been support

I logged a support query with Microsoft 

“So 8 TB support is not added in Deployment Planner of V2.52. PG has created a work Item for this improvement.”

So its 8tb!

• No Comments

This screen is annoying so I disable it

However its stuck on that user profile because its cached.

Fix

Reboot , Log in as another user , then log out and backin as that yser

• No Comments

Recently had a friend who bought a TPLINK VR1600v to extend her existing wifi , the router doesn’t have Access Point mode so you need to put this  in a double NAT setup

1. Change the router IP from 192.168.1.1 to 192.168.2.1
2. Plug the WAN port of the VR1600v into the LAN port of your existing router
3. Change Wireless Settings 

• No Comments

Recently cut over a domain from an old 365 tenant to a new one, upon trying to add the email account to outlook was visit with the error

The old account had been enrolled in Intune here

Removing the old account here , I tried to enroll the new account however I got an enrollment message pop up , this something happens due to old enrollment data getting stuck

Delete ( or clear as much as you can from the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments ) then try again

What fixed it

• Sign out of the Account in Office
• De-Register the Machine from AAD (Settings -> Work and School Accounts)
• Delete all of the AAD certificates in the User’s Personal Certificate Store
• Reboot

Note if you try and sign in to Office at this point, you will get a modern auth prompt but never get asked for a password

• Re-Register the Machine with AAD
• Re-License Office
• Outlook and Autodiscover tests will now work

• No Comments

When opening https://portal.manage.microsoft.com/

You see

You don't have any apps yet

Your company hasn’t made any apps available to you on this device.

Getting this device managed might let you access other company resources available to you, such as email and documents. Go to Devices to get started.

However when you open the Company portal app via the store if loads the apps list fine. This happens when you have multiple enrolled devices and the browser doesn’t know while one you have logged in with 

Solution

Click on Devices

Click on the grey bar

Click on your device you are using to access the Web and click Add

• No Comments

The process below is how to re-register Vmware Update Manager

cd /lib/vmware-updatemgr/bin

mkdir backup

cp -p extension.xml backup/

cp -p vci-integrity.xml backup/

cp -p jetty-vum* backup/

Now go ahead and finish the failed registration with this command:

/usr/lib/vmware-updatemgr/bin/vmware-vciInstallUtils -C /usr/lib/vmware-updatemgr/bin/ -L /var/log/vmware/vmware-updatemgr/ -I /usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password> -S /usr/lib/vmware-updatemgr/bin/extension.xml -O extupdate

Upon running the above, I got an error saying it didn’t like the password , I had to put it in single quotes

chown updatemgr:updatemgr vci-integrity.xml

service-control –start vmware-updatemgr

Note: In the command above replace the information <your vCenter FQDN> with your own vcenter FQDN. 

/usr/lib/vmware-updatemgr/bin/ -v <your vCenter FQDN> -p 80 -U [email protected]<your SSO domain> -P <password>

• No Comments

1) Microsoft Best Practice of Leaving exchange server on-prem for management 

“With the recent Exchange vulnerabilities allowing hackers into the LAN, Exchange is just giving them another entry point. So it becomes even more important to remove any unnecessary back doors. If Microsoft would give us a way of managing the Exchange A.D attributes without needing to maintain an Exchange server on-premise, we could get rid of one more headache to patch. monitor and update.”

2) Datacenter Domain Controllers

Physical Domain Controllers
In datacenters, physical domain controllers should be installed in dedicated secure racks or cages that are separate from the general server population.

If a domain controller is configured to use software RAID, serial-attached SCSI, SAN/NAS storage, or dynamic volumes, BitLocker cannot be implemented, so locally attached storage (with or without hardware RAID) should be used in domain controllers whenever possible.

Virtual Domain Controllers
If you implement virtual domain controllers, you should ensure that domain controllers run on separate physical hosts than other virtual machines in the environment.

Even if you use a third-party virtualization platform, consider deploying virtual domain controllers on Hyper-V Server in Windows Server 2012 or Windows Server 2008 R2, which provides a minimal attack surface and can be managed with the domain controllers it hosts rather than being managed with the rest of the virtualization hosts.

You should also consider separating the storage of virtual domain controllers to prevent storage administrators from accessing the virtual machine files.

3) Secure Administrative Hosts

Administrative hosts should be configured to require smart card logon for all accounts

Physical security includes controlling physical access to administrative hosts. In a small organization, this may mean that you maintain a dedicated administrative workstation that is kept locked in an office or a desk drawer when not in use. 

• No Comments

1. Download the lsdoctor tool from this kb : https://kb.vmware.com/s/article/80469?lang=en_US
2. If VCSA then use Winscp to transfer the zip to vcenter appliance else in windows vc copy and paste to destination vc.
3. Follow the kb and run the trustfixer option -t : python lsdoctor.py -t 
4. Now restart the update manager service. 
5. Access the update manager tab.

• No Comments