How to detect Disk Data change on Vmware VM ( write rate )

Research

 
Enabling vCenter Server Data Collection
 
To enable vCenter Server data collection:
1.Connect to the vCenter Server.
2 In the Administration menu item, selectvCenter Server Settings  The vCenter Server Settings dialog is displayed.
3. Select Statistics.

 
4. Make sure that the Statistics Level value for all interval durations up to and including the one day duration is at least 2. If any of the durations have a value less than 2, do the following, starting with the smallest interval:
a) Select the interval and clickEdit
b) Change Statistics Level to Level 2
c) Click OK

 
5. Repeat step 4 for all the values up to and including the 1 day interval duration.
6. Click OK and wait for at least a day before using the aggregate usage data. Collecting Data Characteristics for VMs
You can collect data characteristics for the virtual machines in a VPG in one of the following ways:
 
Via vSphere Client console performance statistics.
 
By running a script to collect the data characteristics.
 
Note: The script samples supplied with the download, require vSphere PowerCLI and permissions to access the vCenter Server using the script.
 
8 By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems. Collect data for a minimum of one day. Collecting this information impacts on performance and therefore the collection period should be long enough to gather a true representation of usage but not too long. The first procedure described below, to collect data characteristics for the VMs via the vSphere Client console performance statistics, uses
a timeframe of one day and the second procedure, to collect data characteristics for the VMs by running a scri pt to collect the data characteristics uses a timeframe of seven days.
 
Note: When running vCenter Server versions before version 5.x, if any of the virtual machines use NFS storage, metrics for the
NFS storage are not generated by the vCenter Server. To collect data characteristics for the VMs via the vSphere Client console performance statistics:
1. In the vSphere Client console select the VM and open the Performance tab.
2. Click Advanced
3 . Click the Charts Options link. The Customize Performance Chart dialog is displayed.

4. In Chart Options , drill-down in Disk and select Past day
5. In Counters , click None to clear all the selections and then select Disk Write Rate or Write Rate
6. Click OK
 
9 A chart similar to the following is generated:

Use the chart for the average write rate of the VM.
To collect data characteristics for the VMs via a script:
Note:
The following script and the samples supplied with the download, require vSphere PowerCLI and permissions to access
the vCenter Server using the script.
 
Run a script similar to the following:
 
$report = @()
Get-VM | %{
$stats = Get-Stat -Entity $ -Stat disk.write.average -Start (Get-Date).adddays(-7) –
ErrorAction SilentlyContinue
if($stats){
$statsGrouped = $stats | Group-Object -Property MetricId
$row = “” | Select Name, WriteAvgKBps, WriteAvgMBps
$row.Name = $_.Name
$row.WriteAvgKBps = ($statsGrouped |
where {$_.Name -eq “disk.write.average”} |
%{$_.Group | Measure-Object -Property Value -Average}).Average
$row.WriteAvgMBps = $row.WriteAvgKBps/1024
$row.WriteAvgKBps = “{0:N2}” -f $row.WriteAvgKbps
$row.WriteAvgMBps = “{0:N2}” -f $row.WriteAvgMBps
$report += $row
}
}
$report | Export-Csv “C:\ZertoOutput.csv”
 
 
 
 
Note: If you want a value other than seven days, change the value of the adddays() function. For example to collect data
for three days, use adddays(-3)
 
Use the resulting file, C:\ZertoOutput.csv , for the average write rate of the VM.
Note: Versions of this script are included in the download with this document
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

xmlrpc.php

Wordpress

Recently in the server logs I saw lots of attempts to /xmlrpc.php

/xmlrpc.php is the file used for Pingbacks, so if someone links to my blog , they can add my blog article and WordPress will check in then create a link to the users site. This actually opens up wordpress sites to be used for DOS’ people

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wordpress-xml-rpc-pingback-vulnerability-analysis/

 

You can disable access to this file via updating .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Measuring Hyper V Disk Rate Change

Research

You can collect data characteristics for the virtual
machines in a VPG in one of the following ways:
 
  • By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems.
  • By using Windows PowerShell in Windows Server 2012 to collect network utilization (and other information). When using metering ACLs, you can measure the total network traffic sent and received by a virtual mach ine. To collect performance characteristics for the virtual machines in a VPG, using PowerShell, do the following:
 
Turn on resource metering for the relevant virtual machines, if it is not already enabled
Adjust the collection frequency, if necessary.
 
Collect the relevant statistics. Zerto recommends that you collect data for a minimum of one day. When you have enough statistics, you may want to turn off resource metering since data collection can impact performance.
 
Turning on Resource Metering 
By default, resource metering is not enabled. To turn on resource metering for one virtual machine, enter the following
PowerShell command:
 
Get-VM <VM-name > | Enable-VMResourceMetering
 
To turn on monitoring for all virtual machines on a server at one time, enter the following PowerShell command:
 
Get-VM | Enable-VMResourceMetering
 
Once you enable resource metering, Hyper-V begins to collect data. You can reset metering at any time, which discards the data that has been collected up to that point.
If resource metering is enabled but no NetworkAdapterAcls are configured, Hyper-V configures them to measure total network traffic. To measure network traffic throug h an IP range, configure the NetworkAdapterAcls for the IP range before runningEnable-VMResourceMetering
.
Adjusting the Collection Frequency
By default, the collection frequency is once every hour. You can change the collection frequency, but understand that datacollection can impact performance. To change the
collection frequency, enter the following command:
 
Set-VMHost –ComputerName <host-server-name> -ResourceMeteringSaveInterval <HH:MM:SS>
 
The collection frequency is always set at the host server level.You cannot adjust the collection frequency per virtual machine
.For example, if you enter 01:30:00, resource consumption will be ollected every hour and a half.
 
Collecting and Viewing the Relevant Statistics
To view resource usage for one virtual machine, enter the following command:
 
Get-VM <VM-name> | Measure-VM
 
Resource metering data can be displayed for all of the virtual machines that are running on a host. To see data for all of thevirtual machines on a host, enter the following command:
 
Get-VM | Measure-VM
 
You can configure PowerShell to display only certain statistics. To do this, you must know the object names that PowerShell
assigns to each statistic. You can see the object names by entering the following command:
 
Get-VM | Measure-VM | Select-Object *
 
For example, when working with Zerto Virtual Replication, you are interested in network traffic.To list the network traffic foreach virtual machine, enter the following command:
 
Get-VM | Measure-VM | Select-Object VMName, NetworkMeteredTrafficReport
 
You can use VM Network Adapter ACLs to measure network activity to and from a specific network. For example, to meter
network traffic for a special subnet or IP address:
 
Add-VMNetworkAdapterAcl -VMName <VM-name> -Action Meter -RemoteIPAddress 10.10.0.0/16 -Direction Outbound
 
Turning off Resource Metering
To disable the collection of performance statistics, enter the following PowerShell command:
Disable-VMResourceMetering -VMName <VM-name>
 
 
 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Administrator trying to access other users Onedrive – Loading Access Link – Access File nothing happening

Research

When trying to access another user Onedrive via the Admin portal of 365 , the new gui shows

“Loading Access Link” and no link is shown 

The old Classic view you cannot click on the Access Files

 

This is due to the Administrator not have an Office 365 License , make sure one is assigned to get access to the App ( onedrive ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

How to find Local Administrator Password Set in MDT

Research

Naviate to your DeploymentShare and Open up the Task Sequence in the Control Directory

C:\DeploymentShare\Control\TaskSequence1

Open 

Unattend.xml 

Search for AdministratorPassword in this file

You should see the password in plaintext

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

Research

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

(“pwcount= + “1”) – Expression syntax error [ount= + “1^”), Offset 15]

Research

Recently I was trying to hide the password 2 field on a netscaler box due to Azure MFA Radius.

The netscaler was brining back the error : Expression syntax error [ount= + “1^”), Offset 15] 

It looks like there is syntax errors on guides online , the expression should be

 

(“pwcount”= + “1”)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Http/1.1 Internal Server Error 43531

Research

Recently trying to setup a secondary virtual server for Citrix , on login the following prompt was displayed

Http/1.1 Internal Server Error 43531

Make sure your Virtual Server has session policies bounded : https://www.carlstalhood.com/category/netscaler/netscaler-12/netscaler-gateway-12/#bind

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Server 2008 R2 servers keep failing to install Windows Updates

Research

Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.

 

To sort out this issue, install the following patches in order (ideally reboot after installing each) and then patch your servers successfully:

https://support.microsoft.com/en-us/help/4490628/servicing-stack-update-for-windows-7-sp1-and-windows-server-2008-r2

https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Policy’s to deploy in MDT ( Default start bar and file Assoc )

Research

File Association

FileAssoc.wsf

<job id="ZTIDefaultAssociations">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIDefaultAssociations.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIDefaultAssociations.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIDefaultAssociations
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
 
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying OEMDefaultAssociations.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying OEMDefaultAssociations.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\OEMDefaultAssociations.xml", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-a2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-a2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-q2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-q2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Toughbook.url", oEnv("SystemDrive") & "\Users\Public\Desktop\Toughbook.url", true
    '//----------------------------------------------------------------------------
    '//  Specify to use OEMDefaultAssociations via Registry
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Import DefaultAssociationsConfiguration Reg Key.", LogTypeInfo
    iRetVal = oUtility.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml")
  End Function
End Class
    </script>
</job>

 

 

DefaultAssociations.xml

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".3gp2" ProgId="WMP11.AssocFile.3G2" ApplicationName="Windows Media Player" />
  <Association Identifier=".acrobatsecuritysettings" ProgId="AcroExch.acrobatsecuritysettings" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".fdf" ProgId="AcroExch.FDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".htm" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".html" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".MP2" ProgId="WMP11.AssocFile.MP3" ApplicationName="Windows Media Player" />
  <Association Identifier=".mpeg" ProgId="WMP11.AssocFile.mpeg" ApplicationName="Windows Media Player" />
  <Association Identifier=".oxps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier=".pdf" ProgId="AcroExch.Document.DC" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdfxml" ProgId="AcroExch.pdfxml" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdx" ProgId="PDXFileType" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".shtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".tif" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".tiff" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".txt" ProgId="txtfile" ApplicationName="Notepad" />
  <Association Identifier=".url" ProgId="IE.AssocFile.URL" ApplicationName="Internet Browser" />
  <Association Identifier=".webp" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".website" ProgId="IE.AssocFile.WEBSITE" ApplicationName="Internet Explorer" />
  <Association Identifier=".xdp" ProgId="AcroExch.XDPDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xfdf" ProgId="AcroExch.XFDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xht" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xhtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier="ACROBAT" ProgId="acrobat" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier="bingmaps" ProgId="AppXp9gkwccvk6fa6yyfq3tmsk8ws2nprk1p" ApplicationName="Maps" />
  <Association Identifier="FTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="http" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="https" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="IRC" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="mailto" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="MMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NEWS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NNTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMSTO" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="TEL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="URN" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="WEBCAL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
</DefaultAssociations>

 

Start Menu Layout

<job id="ZTIStartLayoutConfig">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIStartLayoutConfig.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIStartLayoutConfig.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIStartLayoutConfig
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying StartLayout.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying StartLayout.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\StartLayout.xml", oEnv("SystemDrive") & "\Windows\System32\StartLayout.xml", true
    '//----------------------------------------------------------------------------
    '//  Copy Desired lnk files to %ALLUSERSPROFILES%
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copy Desired lnk files to %ALLUSERSPROFILES%.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\File Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Internet Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Google Chrome.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk", true
    '//----------------------------------------------------------------------------
    '//  Apply start screen layout using Dism
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Importing StartLayout.xml using Powershell's Import-StartLayout cmdlet.", LogTypeInfo
    iRetVal = oUtility.RunWithConsoleLogging("powershell.exe -ExecutionPolicy ByPass -Command ""Import-StartLayout -MountPath " & oEnv("SystemDrive") & "\ -LayoutPath " & oEnv("WinDir") & "\System32\StartLayout.xml""")
  End Function
End Class
    </script>
</job>

 

StartLayout.xml

 

<LayoutModificationTemplate
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
    <LayoutOptions StartTileGroupCellWidth="6" />
    <DefaultLayoutOverride>
        <StartLayoutCollection>
            <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
                <start:Group Name="Panasonic Apps" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
                    <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                    <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
                </start:Group>
            </defaultlayout:StartLayout>
        </StartLayoutCollection>
    </DefaultLayoutOverride>
    <CustomTaskbarLayoutCollection PinListPlacement="Replace">
        <defaultlayout:TaskbarLayout>
            <taskbar:TaskbarPinList>
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
            </taskbar:TaskbarPinList>
        </defaultlayout:TaskbarLayout>
    </CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)