Windows 10 – Update 2004 – Issues with Chrome whereby you go and launch the application in windows and the browser does not open.  What does happen though is you can see the process running in task mgr.  This happens for previously deployed workstations and new machines which are run up.  You can click several times on the chrome icon before it will open a window which is reflected by the number of chrome processes running.

There are several articles out there which all talk about removing chrome, reg entries and the profile itself.  None of those make a difference the symptoms still persist.  I have almost narrowed it down to say that it has been caused by the cumulative updates applied to Win10 Build 2004.

 

One interesting thing I found which is off the back of an article is if you rename the exe to chrome1 it works flawlessly every time.  Change it back to Chrome and the same symptoms persist

Fix 1)

Remove 09 Cumulative update (KB4571756) this also fixes the problem.

After finding that I was able to come up with the following https://support.google.com/chrome/thread/70587649?hl=en

Fix 2)

  • Kill all instances of Chrome
  • Go to C:\Program Files (x86)\Google\Chrome\Application or C:\Program Files\Google\Chrome\Application
  • Right click chrome.exe > Properties
  • Change settings for all users
  • Set Compatibility mode to Windows 8
GD Star Rating
loading...
GD Star Rating
loading...

Recently found an application that couldn’t have files dragged and dropped into it on some computers. It would display the following cursor

The trouble was mismatching Program DPI’s ( Between Explorer and the App )  Turning the App down to disable scaling fixed this

GD Star Rating
loading...
GD Star Rating
loading...
Exchange validation
  [-] exchange mailbox validation failed, code: MailboxUnreacheable
CONFIGURATION INVALID
 
Open up
 
C:\ProgramData\Mimecast Synchronisation Engine\State
 
Create global.ini file
 
On the first line enter
 
Mse.Core.Bridge.SecurityProtocol=4032
 
Save , restart the Mimecast Synchronisation Service , and try again
GD Star Rating
loading...
GD Star Rating
loading...

What a mission this was!

Oracle netsuite just flat out refuse to give you a list of IP Address’ for their sending servers

“Support will not provide a list of NetSuite IP addresses” https://docs.oracle.com/cloud/latest/netsuitecs_gs/NSADM/NSADM.pdf

Ontop of this there’s no way to use an internal domain name to send emails like noreply@email.netsuite.com , so there is no clear way to whitelist your spamfilter  ……

After back and forth with their support , they finally gave us sent-via.netsuite.com which you can do a DNS lookup of to get the IPs ( You will have to monitor this for updates ) . Mimecast allows you to whitelist via SPF record so we could add this

 

Name: sent-via.netsuite.com

> set type=txt
> sent-via.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
sent-via.netsuite.com text =

“google-site-verification=MgKgRWwbn2QifDQBVdRu-IQLvbiR8GFB1hNDz_fmzPU”
sent-via.netsuite.com text =

“v=spf1 include:mailsenders.netsuite.com include:_spf.sparkpostmail.com -all”
> mailsenders.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
mailsenders.netsuite.com text =

“v=spf1 ip4:167.216.129.180/32 ip4:167.216.129.182/31 ip4:167.216.129.184/29 ip4:167.216.129.192/29 ip4:167.216.129.200/32 ip4:167.216.129.210/32 ip4:64.89.45.192/30 “
“ip4:64.89.45.196/32 ip4:208.46.212.208/31 ip4:208.46.212.210/32 ip4:185.72.128.75/32 ip4:185.72.128.76/32 ip4:212.25.240.83/32 ip4:212.25.240.84/31 ip4:72.34.168.76/32 “
“ip4:130.61.9.72/32 ip4:130.61.68.235/32 ip4:132.145.13.209/32 ip4:132.145.11.129/32 ip4:152.67.105.195/32 ip4:140.238.193.139/32 ip4:152.67.105.20/32 ip4:72.34.168.86/32 ip4:72.34.168.85/32 “
“ip4:64.89.44.85/32 -all”
> _spf.sparkpostmail.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
_spf.sparkpostmail.com text =

“v=spf1 exists:%{i}._spf.sparkpostmail.com ~all”
>

 

I also recommend you change the From address to a generic netsuite@yourdomain.com so easy to monitor

 

Dkim

NetSuite Email Campaign Best Practices

GD Star Rating
loading...
GD Star Rating
loading...

Recently I was trying to use Item Level targeting on some group polices using just NOT statements ( so it should apply to anything that isn’t NOT ) 

NOT UserA OR NOT User3

However it was not working , Turns out your statement cannot be all NOT’s it has to have a IS in it as well

So it needs to look something like

User IS in Domain Users and NOT UserA or NOT User3

 

GD Star Rating
loading...
GD Star Rating
loading...

Australian drivers’ licence: \b[A-Z0-9][0-9]{5,7}\b

Australian passport: \b[A-Z][0-9]{7}\b

Australian tax file number: \b[0-9]{3}( ?)[0-9]{3}\1[0-9]{2,3}\b

Exclude

1 exclude “Automatic reply:” “Undeliverable:” “Accepted:”

GD Star Rating
loading...
GD Star Rating
loading...

We wanted to swap a new SAN for a customer and our distributor wanted us to run the Nimble Space Savings Estimator , to find out how big the device needed to be.  Unlike Dell with LiveOptics tool , you have to run this across EVERY virtual machine, and run it across all drives for it to scan. I wrote a tool we could use inside BatchPatch to run this .exe from a share across all VM’s

This needs to be run out of hours due to heavy scanning of disk


#Find All Drives on PC (Not CDRom\System Partition)
$drives = Get-Volume | Where-Object {($_.FileSystemLabel -ne "System Reserved") -and ($_.DriveType -eq "Fixed")}

Foreach ($drive in $drives)

{
#Get DriveLetter
$drive = $drive.DriveLetter
& "\\share\Space Savings Estimator\NimbleSSE.exe" $drive`:

}
GD Star Rating
loading...
GD Star Rating
loading...

Mimecast Best Practice

Setup

  • Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
  • Disable Office 365 Spam Filter
     

 

Maintenance

  • Enabled Digest Sets every Hour ( not every 4 hour )
  • Disable Device Enrollment
    1. Log on to the Administration Console.
    2. Click on the Administration menu item.
    3. Select the Account | Account Settings menu item.
    4. Expand the User Access and Permissions section.
    5. Select the Targeted Threat Protection Authentication option.
  • SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure ) 
  • Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days ) 
  • Service Monitoring Setup
  • Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known 
  • Setup impersonation protection for VIP
  • Restrict Administration Console to IP
  • Continuity Test
  • Confirm you have an account as Super Admin
  • Enable Outbond DKIM\SPF\DMARC
  • Inbound (  this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. ) 
GD Star Rating
loading...
GD Star Rating
loading...

When users try and use the Mimecast for Outlook Add-in they login and get Application Disabled

  1. Make sure this is ticked
  2. Restart Outlook then try again
  3. Sometimes Mimecast caches Authentication Profiles locally in C:\Users\%username%\AppData\Roaming\Mimecast\msw.s3db , Delete this file with Outlook closed and try again
GD Star Rating
loading...
GD Star Rating
loading...