Ubiquiti Access Points – auto disabled Wireless

Research

Setting up some new Ubiquiti Wifi Access points, on reboot the Wifi SSID would show for a bit then disappear. A look at the Radio’s on the devices came up as Auto (Disabled)

By Default, the Ubiqiti controller Site Setting has  “Enable Connectivity Monitor and Wireless Uplink” enabled by default. This means if the Access points can’t connect ( ping )  the gateways defined in Network they will no enable the SSID broadcast ( and disable Wireless )

You can disable this setting, but you probably want to update the Gateway in the Network details to the correct one , and make sure DHCP is running or set static and make sure it can communicate to the gateway 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Understanding Mimecast Audit Logs

Research

 

Failed authentication for XXXX, Date: 2019-11-26, Time: 13:26:01 AEDT, IP: X.X.X.X, Application: MfO, Method: IWA, Reason: Wrong password

 

Failed authentication for XXXX, Date: 2019-11-22, Time: 15:13:23 AEDT, IP: X.X.X.X, Application: App Launcher, Method: EWS Basic, Reason: Wrong password

Application: MfO = Mimecast for Outlook

Application: App Launcher = MyApps Webbased portal

Method = IWA ( Intergrated Windows Authentication ) usually from the Mimecast Outlook Add In

Method =  EWS Basic ( Used by Domain Authentication to check onprem ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Windows 10 – 1903\1909 Windows Start Bar – Cannot Search

Research

Either go to a working Windows 10 Machine or download files from here

Take Ownership of C:\programdata\Microsoft\Windows\AppRepository ( and Subfolders ) 

Then Open C:\programdata\Microsoft\Windows\AppRepository ( Click Continue to add security ) 

Then Open C:\programdata\Microsoft\Windows\AppRepository\Packages ( Click Continue to add security ) 

Copy the correct ActivationStore.dat from the downloaded Zip or a working PC to the folders in here ( Make sure you copy to each folder ) 

C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.ShellExperienceHost*
C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.StartMenuExperienceHost*
C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Cortana*
C:\programdata\Microsoft\Windows\AppRepository\Packages\Microsoft.AAD.BrokerPlugin*

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

URL’s to Whitelist for Webroot

Research


Agent communication and updates
=============================
*.webrootcloudav.com

Agent messaging
==============
*.webroot.com

Management portal and support ticket logs upload
==========================================
*.webrootanywhere.com

Agent file downloading and uploading
===============================
wrskynet.s3.amazonaws.com/*
wrskynet-eu.s3-eu-west-1.amazonaws.com/*
wrskynet-oregon.s3-us-west-2.amazonaws.com/*

Web Filtering (elasticbeanstalk is an Amazon AWS domain)
================================================
WSAWebFilteringPortal.elasticbeanstalk.com

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Admin permissions required when deleting from desktop with UPDs

Research

Possibly caused by updates this week.


You need to delete the Recycle bin that is within the user profile section.

 

You can either shadow the user and browse to C:\users\%username% and delete the $recycle.bin folder or get the user to log off, then mount the VHDK file and delete it that way.

 

Users are able to then delete form the desktop.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Microsoft Windows Server User CAL – LS-40627 vs R18-05766

Research

Recently looking at some charity licensing where I found 2 sets of Windows Server User Cals

https://www.connectingup.org/donations/content/microsoft-windows-server-user-cal-includes-software-assurance ( SKU: LS-40627 ) 

https://www.connectingup.org/discount/microsoft-discount-volume-licence-program/microsoft-windows-server-user-cal-licence-only-0?action ( SKU: R18-05766 ) 

The first one was nearly half the cost of the other , turns out SKU: LS-40627 you have a limit of 50, so you will need to purchase these before purchasing anymore of R18-05766  ( Can be purchased in parallel ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to backup and restore a SQL Database

Research

If the SQL databases are in simple recovery

Backup

ALTER DATABASE dbname

SET READ_ONLY;

GO
 

Backup database dbname

to disk = 'C:\...\dbname.bak'

 
Restore


Restore database dbname

from disk =  'C:\...\dbname.bak'

with recovery, replace

 

ALTER DATABASE dbname

SET MULTI_USER;

GO

If the databases are in full recovery model

Backup

Backup database dbname

to disk = 'C:\...\dbname.bak'

Backup log dbname

to disk = 'C:\...\dbname.trn'

with norecovery

 
Restore

 
Restore database dbname

from disk = 'C:\...\dbname.bak'

with norecovery, replace

Restore log test2

from disk = 'C:\...\dbname.trn'

with recovery
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

delete fortigate hardware switch

Research

By default Fortigates come with all their LAN interfaces on a hardware switch. You might want to change this so you can use these as seperate interfaces

  1. Delete all the policies attaches to the LAN network
  2. Removed DHCP from the Lan Network

Next in CLI run the below

configure system virtualswitch

delete lan
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to detect Disk Data change on Vmware VM ( write rate )

Research

 
Enabling vCenter Server Data Collection
 
To enable vCenter Server data collection:
1.Connect to the vCenter Server.
2 In the Administration menu item, selectvCenter Server Settings  The vCenter Server Settings dialog is displayed.
3. Select Statistics.

 
4. Make sure that the Statistics Level value for all interval durations up to and including the one day duration is at least 2. If any of the durations have a value less than 2, do the following, starting with the smallest interval:
a) Select the interval and clickEdit
b) Change Statistics Level to Level 2
c) Click OK

 
5. Repeat step 4 for all the values up to and including the 1 day interval duration.
6. Click OK and wait for at least a day before using the aggregate usage data. Collecting Data Characteristics for VMs
You can collect data characteristics for the virtual machines in a VPG in one of the following ways:
 
Via vSphere Client console performance statistics.
 
By running a script to collect the data characteristics.
 
Note: The script samples supplied with the download, require vSphere PowerCLI and permissions to access the vCenter Server using the script.
 
8 By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems. Collect data for a minimum of one day. Collecting this information impacts on performance and therefore the collection period should be long enough to gather a true representation of usage but not too long. The first procedure described below, to collect data characteristics for the VMs via the vSphere Client console performance statistics, uses
a timeframe of one day and the second procedure, to collect data characteristics for the VMs by running a scri pt to collect the data characteristics uses a timeframe of seven days.
 
Note: When running vCenter Server versions before version 5.x, if any of the virtual machines use NFS storage, metrics for the
NFS storage are not generated by the vCenter Server. To collect data characteristics for the VMs via the vSphere Client console performance statistics:
1. In the vSphere Client console select the VM and open the Performance tab.
2. Click Advanced
3 . Click the Charts Options link. The Customize Performance Chart dialog is displayed.

4. In Chart Options , drill-down in Disk and select Past day
5. In Counters , click None to clear all the selections and then select Disk Write Rate or Write Rate
6. Click OK
 
9 A chart similar to the following is generated:

Use the chart for the average write rate of the VM.
To collect data characteristics for the VMs via a script:
Note:
The following script and the samples supplied with the download, require vSphere PowerCLI and permissions to access
the vCenter Server using the script.
 
Run a script similar to the following:
 
$report = @()
Get-VM | %{
$stats = Get-Stat -Entity $ -Stat disk.write.average -Start (Get-Date).adddays(-7) –
ErrorAction SilentlyContinue
if($stats){
$statsGrouped = $stats | Group-Object -Property MetricId
$row = “” | Select Name, WriteAvgKBps, WriteAvgMBps
$row.Name = $_.Name
$row.WriteAvgKBps = ($statsGrouped |
where {$_.Name -eq “disk.write.average”} |
%{$_.Group | Measure-Object -Property Value -Average}).Average
$row.WriteAvgMBps = $row.WriteAvgKBps/1024
$row.WriteAvgKBps = “{0:N2}” -f $row.WriteAvgKbps
$row.WriteAvgMBps = “{0:N2}” -f $row.WriteAvgMBps
$report += $row
}
}
$report | Export-Csv “C:\ZertoOutput.csv”
 
 
 
 
Note: If you want a value other than seven days, change the value of the adddays() function. For example to collect data
for three days, use adddays(-3)
 
Use the resulting file, C:\ZertoOutput.csv , for the average write rate of the VM.
Note: Versions of this script are included in the download with this document
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)