xmlrpc.php

Recently in the server logs I saw lots of attempts to /xmlrpc.php

/xmlrpc.php is the file used for Pingbacks, so if someone links to my blog , they can add my blog article and WordPress will check in then create a link to the users site. This actually opens up wordpress sites to be used for DOS’ people

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/wordpress-xml-rpc-pingback-vulnerability-analysis/

 

You can disable access to this file via updating .htaccess

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
You can collect data characteristics for the virtual
machines in a VPG in one of the following ways:
 
  • By using operating system performance monitors, such as the Microsoft Performance Monitor utility for Windows operating systems or the iostat command for Linux operating systems.
  • By using Windows PowerShell in Windows Server 2012 to collect network utilization (and other information). When using metering ACLs, you can measure the total network traffic sent and received by a virtual mach ine. To collect performance characteristics for the virtual machines in a VPG, using PowerShell, do the following:
 
Turn on resource metering for the relevant virtual machines, if it is not already enabled
Adjust the collection frequency, if necessary.
 
Collect the relevant statistics. Zerto recommends that you collect data for a minimum of one day. When you have enough statistics, you may want to turn off resource metering since data collection can impact performance.
 
Turning on Resource Metering 
By default, resource metering is not enabled. To turn on resource metering for one virtual machine, enter the following
PowerShell command:
 
Get-VM <VM-name > | Enable-VMResourceMetering
 
To turn on monitoring for all virtual machines on a server at one time, enter the following PowerShell command:
 
Get-VM | Enable-VMResourceMetering
 
Once you enable resource metering, Hyper-V begins to collect data. You can reset metering at any time, which discards the data that has been collected up to that point.
If resource metering is enabled but no NetworkAdapterAcls are configured, Hyper-V configures them to measure total network traffic. To measure network traffic throug h an IP range, configure the NetworkAdapterAcls for the IP range before runningEnable-VMResourceMetering
.
Adjusting the Collection Frequency
By default, the collection frequency is once every hour. You can change the collection frequency, but understand that datacollection can impact performance. To change the
collection frequency, enter the following command:
 
Set-VMHost –ComputerName <host-server-name> -ResourceMeteringSaveInterval <HH:MM:SS>
 
The collection frequency is always set at the host server level.You cannot adjust the collection frequency per virtual machine
.For example, if you enter 01:30:00, resource consumption will be ollected every hour and a half.
 
Collecting and Viewing the Relevant Statistics
To view resource usage for one virtual machine, enter the following command:
 
Get-VM <VM-name> | Measure-VM
 
Resource metering data can be displayed for all of the virtual machines that are running on a host. To see data for all of thevirtual machines on a host, enter the following command:
 
Get-VM | Measure-VM
 
You can configure PowerShell to display only certain statistics. To do this, you must know the object names that PowerShell
assigns to each statistic. You can see the object names by entering the following command:
 
Get-VM | Measure-VM | Select-Object *
 
For example, when working with Zerto Virtual Replication, you are interested in network traffic.To list the network traffic foreach virtual machine, enter the following command:
 
Get-VM | Measure-VM | Select-Object VMName, NetworkMeteredTrafficReport
 
You can use VM Network Adapter ACLs to measure network activity to and from a specific network. For example, to meter
network traffic for a special subnet or IP address:
 
Add-VMNetworkAdapterAcl -VMName <VM-name> -Action Meter -RemoteIPAddress 10.10.0.0/16 -Direction Outbound
 
Turning off Resource Metering
To disable the collection of performance statistics, enter the following PowerShell command:
Disable-VMResourceMetering -VMName <VM-name>
 
 
 
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

When trying to access another user Onedrive via the Admin portal of 365 , the new gui shows

“Loading Access Link” and no link is shown 

The old Classic view you cannot click on the Access Files

 

This is due to the Administrator not have an Office 365 License , make sure one is assigned to get access to the App ( onedrive ) 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Naviate to your DeploymentShare and Open up the Task Sequence in the Control Directory

C:\DeploymentShare\Control\TaskSequence1

Open 

Unattend.xml 

Search for AdministratorPassword in this file

You should see the password in plaintext

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently I was trying to hide the password 2 field on a netscaler box due to Azure MFA Radius.

The netscaler was brining back the error : Expression syntax error [ount= + “1^”), Offset 15] 

It looks like there is syntax errors on guides online , the expression should be

 

(“pwcount”= + “1”)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently trying to setup a secondary virtual server for Citrix , on login the following prompt was displayed

Http/1.1 Internal Server Error 43531

Make sure your Virtual Server has session policies bounded : https://www.carlstalhood.com/category/netscaler/netscaler-12/netscaler-gateway-12/#bind

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.

 

To sort out this issue, install the following patches in order (ideally reboot after installing each) and then patch your servers successfully:

https://support.microsoft.com/en-us/help/4490628/servicing-stack-update-for-windows-7-sp1-and-windows-server-2008-r2

https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

File Association

FileAssoc.wsf

<job id="ZTIDefaultAssociations">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIDefaultAssociations.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIDefaultAssociations.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIDefaultAssociations
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
 
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying OEMDefaultAssociations.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying OEMDefaultAssociations.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\OEMDefaultAssociations.xml", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-a2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-a2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-q2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-q2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Toughbook.url", oEnv("SystemDrive") & "\Users\Public\Desktop\Toughbook.url", true
    '//----------------------------------------------------------------------------
    '//  Specify to use OEMDefaultAssociations via Registry
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Import DefaultAssociationsConfiguration Reg Key.", LogTypeInfo
    iRetVal = oUtility.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml")
  End Function
End Class
    </script>
</job>

 

 

DefaultAssociations.xml

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".3gp2" ProgId="WMP11.AssocFile.3G2" ApplicationName="Windows Media Player" />
  <Association Identifier=".acrobatsecuritysettings" ProgId="AcroExch.acrobatsecuritysettings" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".fdf" ProgId="AcroExch.FDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".htm" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".html" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".MP2" ProgId="WMP11.AssocFile.MP3" ApplicationName="Windows Media Player" />
  <Association Identifier=".mpeg" ProgId="WMP11.AssocFile.mpeg" ApplicationName="Windows Media Player" />
  <Association Identifier=".oxps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier=".pdf" ProgId="AcroExch.Document.DC" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdfxml" ProgId="AcroExch.pdfxml" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdx" ProgId="PDXFileType" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".shtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".tif" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".tiff" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".txt" ProgId="txtfile" ApplicationName="Notepad" />
  <Association Identifier=".url" ProgId="IE.AssocFile.URL" ApplicationName="Internet Browser" />
  <Association Identifier=".webp" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".website" ProgId="IE.AssocFile.WEBSITE" ApplicationName="Internet Explorer" />
  <Association Identifier=".xdp" ProgId="AcroExch.XDPDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xfdf" ProgId="AcroExch.XFDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xht" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xhtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier="ACROBAT" ProgId="acrobat" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier="bingmaps" ProgId="AppXp9gkwccvk6fa6yyfq3tmsk8ws2nprk1p" ApplicationName="Maps" />
  <Association Identifier="FTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="http" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="https" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="IRC" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="mailto" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="MMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NEWS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NNTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMSTO" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="TEL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="URN" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="WEBCAL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
</DefaultAssociations>

 

Start Menu Layout

<job id="ZTIStartLayoutConfig">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIStartLayoutConfig.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIStartLayoutConfig.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIStartLayoutConfig
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying StartLayout.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying StartLayout.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\StartLayout.xml", oEnv("SystemDrive") & "\Windows\System32\StartLayout.xml", true
    '//----------------------------------------------------------------------------
    '//  Copy Desired lnk files to %ALLUSERSPROFILES%
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copy Desired lnk files to %ALLUSERSPROFILES%.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\File Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Internet Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Google Chrome.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk", true
    '//----------------------------------------------------------------------------
    '//  Apply start screen layout using Dism
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Importing StartLayout.xml using Powershell's Import-StartLayout cmdlet.", LogTypeInfo
    iRetVal = oUtility.RunWithConsoleLogging("powershell.exe -ExecutionPolicy ByPass -Command ""Import-StartLayout -MountPath " & oEnv("SystemDrive") & "\ -LayoutPath " & oEnv("WinDir") & "\System32\StartLayout.xml""")
  End Function
End Class
    </script>
</job>

 

StartLayout.xml

 

<LayoutModificationTemplate
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
    <LayoutOptions StartTileGroupCellWidth="6" />
    <DefaultLayoutOverride>
        <StartLayoutCollection>
            <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
                <start:Group Name="Panasonic Apps" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
                    <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                    <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
                </start:Group>
            </defaultlayout:StartLayout>
        </StartLayoutCollection>
    </DefaultLayoutOverride>
    <CustomTaskbarLayoutCollection PinListPlacement="Replace">
        <defaultlayout:TaskbarLayout>
            <taskbar:TaskbarPinList>
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
            </taskbar:TaskbarPinList>
        </defaultlayout:TaskbarLayout>
    </CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Trying to upgrade Vcenter 6.5 to 6.7 , The following error comes up

Cannot validate target appliance configuration as not enough information from the source appliance can be collected. For more details check out the server logs

Fix

SSH into new 6.7u1 applicance:

“software-packages install –url –acceptEulas”

and then

“shutdown reboot -r “patch reboot””

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)