tag:blogger.com,1999:blog-9028527988949899092024-03-22T12:42:31.379-07:00Adam1115's Blogadam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.comBlogger141125tag:blogger.com,1999:blog-902852798894989909.post-60276815329416088812024-03-22T12:41:00.000-07:002024-03-22T12:41:40.849-07:00Move SQL Temp DB to alternate partition<p>USE master<br />GO<br />ALTER DATABASE tempdb<br />MODIFY FILE( NAME = temp2, FILENAME = 'F:\MSSQL\DATA\tempdb.mdf' )</p><p>ALTER DATABASE tempdb<br />MODIFY FILE( NAME = templog, FILENAME = 'F:\MSSQL\DATA\templog.ldf')</p><p>ALTER DATABASE model<br />MODIFY FILE( NAME = modeldev, FILENAME = 'F:\MSSQL\DATA\model.mdf' )</p><p>ALTER DATABASE model<br />MODIFY FILE( NAME = modellog, FILENAME = 'F:\MSSQL\DATA\modellog.ldf')</p><p>ALTER DATABASE msdb<br />MODIFY FILE( NAME = MSDBData, FILENAME = 'F:\MSSQL\DATA\MSDBData.mdf' )</p><p>ALTER DATABASE msdb<br />MODIFY FILE( NAME = MSDBLog, FILENAME = 'F:\MSSQL\DATA\MSDBLog.ldf')</p><p><br /></p><p>Move files, restart service.</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-22141814911707451622024-03-14T13:50:00.000-07:002024-03-14T14:06:04.726-07:00OpenSSL Self Signed Cert / PFX<p>openssl genpkey -algorithm RSA -out key.pem<br />openssl req -new -key key.pem -out csr.pem<br />openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem<br />openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem</p><p>If it won't take the password-<br />openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey contoso.com.key -in contoso.com.crt -out contoso.com-legacy.pfx</p><p><br />Add Certificate Snap-in:<br />Go to File > Add/Remove Snap-in.<br />Select Certificates and click Add.<br />Choose Computer account and click Next.<br />Select Local computer and click Finish.<br />Click OK to close the Add or Remove Snap-ins window.</p><p>Import the Certificate:<br />Expand Certificates (Local Computer) > Personal.<br />Right-click Certificates and choose All Tasks > Import.<br />Follow the Certificate Import Wizard to import the certificate from the .pem or .cer file you exported earlier.<br />Assign the Certificate to LDAPS:</p><p><br /></p><p>Once imported, locate the certificate in the Certificates (Local Computer) > Personal store.<br />Right-click on the certificate and choose All Tasks > Manage Private Keys.<br />Assign appropriate permissions to the private key for the account running the LDAP service (usually NTDS).</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-59662080022322937472024-01-08T15:45:00.000-08:002024-01-08T15:45:51.292-08:00You create and deploy a shortcut/URL via GPO, but network icon file is missing.<p>Create a GPO and enable-<br /><br />Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer -> Allow the user of remote paths in file shortcut icons</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-39260494567389553492023-10-27T12:15:00.003-07:002023-10-27T12:15:25.696-07:00Windows Server 2022 DC shows in Private Network Instead of Domain<p>Windows Server 2022 DC shows in Private Network Instead of Domain</p><p>Open Regedit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc, edit DependOnService, add netlogon.</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-53475703935029054292023-10-04T07:43:00.001-07:002023-10-04T07:43:02.818-07:00SQL Windows Firewall<p>New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow</p><p>New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434 -Protocol UDP -Action Allow</p><p><br /></p><p>netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN</p><p><br /></p><p>netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-12280577802754012842023-10-03T15:59:00.002-07:002023-10-03T15:59:37.678-07:00S VPN<p> AWS VPN-</p><p>1) First you need a "VIRTUAL PRIVATE GATEWAY"- this is the connection to the on-prem firewall. Use the amazon default ASN, that doesn't matter. Once you create it, attach it to the VPC. You only need one of these for all VPNs.</p><p><br /></p><p>2) Next you go to Customer Gateways, don't worry about the BGP stuff. IP address is your firewall IP. Leavn certification blank.</p><p><br /></p><p>3) Go into site-to-site VPN connections, create it and tie it to your virtual private gateway, select your existing customer gateway you created, set the routing option to static, static IP prefix is your remote lan. Leave local and remote IPv4 blank.</p><p><br /></p><p>4) You will need to add routes in the route table. Create a route, point it to Virtual Private Gateway and select the gateway. </p><p><br /></p><p>5) You will need to allow access in the security groups from your on premise servers.</p><p><br /></p><p>6) Once it completest, click download configuration to get the info for the local firewall.</p><div><br /></div>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-26273094256812309262023-09-14T11:52:00.000-07:002023-09-14T11:52:10.249-07:00Adding Users to Send to group but still receive<p> First, make sure you have Advanced Features checked under the View menu. Then, open up the distribution group’s properties, and go to the Attribute Editor tab.</p><p><br /></p><p>And here is the list of attributes you can update to meet your needs.</p><p> authOrig – only these users can send to the distribution group<br /> unauthOrig – anyone but these users can send to the distribution group<br /> dLMemRejctPerms – anyone but members of these distribution groups can send to this distribution group<br /> dLmemSubmitPerms – no one but members of these distribution groups can send to this distribution group</p><div><br /></div>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-7693325835281114092023-08-16T11:26:00.003-07:002023-08-16T11:26:41.310-07:00Running IPerf on a point to point connection<p>Server Side-<br /><span> </span>iperf3 -s-i 1</p><p>Client Side-<br /><span> </span>iperf3.exe -c 172.30.250.25 -w 1025kb -P 10 -i 4</p><p><br /></p><p>-s Server<br />-c Client<br />-w window size, optional, but reducing window size requires less CPU.<br />-i Sets the console output interval, -i 1 updates every 1 second<br />-P is the number of processes - each is good for about 50 Mbps. So for 200 Mbps you'd want -P 4</p><p><br /></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-35790171427282558292023-08-02T10:47:00.002-07:002023-08-28T07:27:25.586-07:00VMware Troubleshooting<p>Equalogic MEM - Multipathing Extension</p><p><br /></p><p><br /></p><p>Check VMware Version-<br />vmware -vl</p><div>Show Nics-<br /><div>esxcfg-nics -l</div></div><div><br /></div><div>Check SCSI Drives-<br /><div>esxcfg-scsidevs -a</div></div><div><br /></div><div>Firmware-<br />esxcli network nic get -n vmnic0 (NIC Version)<br />vmkload_mod -s lsi_mr3 | grep Version (SCSI Version)</div><div><br /></div><div><br /></div><div>Logs-<br /> /var/run/log</div><div><br /></div><div><br /></div><div>Scrolling installation with vreplication- </div><div><br /><pre class="x_ckeditor_codeblock" style="background-attachment: initial; background-clip: initial; background-color: rgb(239, 239, 239) !important; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; border: 1px solid rgb(204, 204, 204); color: #242424; font-size: 15px; overflow-x: auto; padding: 8px; text-wrap: wrap !important;">1. SSH to the vSphere Replication appliance.
Disable automatic <span class="mark8yyyuw8mm" data-markjs="true" data-ogab="" data-ogac="" data-ogsb="" data-ogsc="" style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VIB</span> installation and stop the looping installs:
/opt/vmware/hms/bin/hms-configtool -cmd reconfig -property hms-auto-install-hbragent-<span class="mark8yyyuw8mm" data-markjs="true" data-ogab="" data-ogac="" data-ogsb="" data-ogsc="" style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">vib</span>=false
2.Then validate the particular <span class="mark8yyyuw8mm" data-markjs="true" data-ogab="" data-ogac="" data-ogsb="" data-ogsc="" style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">VIB</span> using the below command:
esxcli software <span class="mark8yyyuw8mm" data-markjs="true" data-ogab="" data-ogac="" data-ogsb="" data-ogsc="" style="border: 0px; color: inherit; font: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">vib</span> list | grep hbr
3. After this, Try restarting the HMS service using the below command.
service hms restart </pre></div>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-68976977526490488912023-06-28T17:22:00.008-07:002023-06-28T17:22:44.105-07:00Azure AD Connect Incorrect Version of TLS<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiixMQrhRPGmLyf0Xfcnosz8XkhcqosmSBodhp7CPN2jILGVB2jAsEV156_CWHo3LwG72vxvBD7uL7zxs51EKfAGeIgwMy6TealKtWuXi23PnIUFKWa2L0DrbbIzuoMhKPW7_wtpCe5Q6DQScgFMWyDM2CXTd4Ttu_Uqchq4YEAWMVV_eIkf63aPyCCjhC9" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="719" data-original-width="1024" height="415" src="https://blogger.googleusercontent.com/img/a/AVvXsEiixMQrhRPGmLyf0Xfcnosz8XkhcqosmSBodhp7CPN2jILGVB2jAsEV156_CWHo3LwG72vxvBD7uL7zxs51EKfAGeIgwMy6TealKtWuXi23PnIUFKWa2L0DrbbIzuoMhKPW7_wtpCe5Q6DQScgFMWyDM2CXTd4Ttu_Uqchq4YEAWMVV_eIkf63aPyCCjhC9=w589-h415" width="589" /></a></div><br /> <p></p><p>On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.</p><p><span style="font-size: x-small;">New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null</span></p><p><span style="font-size: x-small;"><span>N</span>ew-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null</span></p><p><span style="font-size: x-small;">New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null</span></p><p>On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj4miZ2XVN32QelM7Mrkk3YP5M7uvCiAA1rYuNwVcHqhj-VEdbPHB8yh5Ouxn5fMx1cI3rGz0W90NIvm5epenr_aX6Qc3UDTYvAvSMkqZ881GGdocu5IS6U-5PRXxVNTBokMbxvTAGAy0jrBxtYQPHYc3TJ76HF5fFMAXa5g1yqBZZRYgRDrQj6Q8NR4Os5" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="572" data-original-width="1024" height="348" src="https://blogger.googleusercontent.com/img/a/AVvXsEj4miZ2XVN32QelM7Mrkk3YP5M7uvCiAA1rYuNwVcHqhj-VEdbPHB8yh5Ouxn5fMx1cI3rGz0W90NIvm5epenr_aX6Qc3UDTYvAvSMkqZ881GGdocu5IS6U-5PRXxVNTBokMbxvTAGAy0jrBxtYQPHYc3TJ76HF5fFMAXa5g1yqBZZRYgRDrQj6Q8NR4Os5=w624-h348" width="624" /></a></div><br /><br /></div><br />Reboot<p></p><p><br /></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-71027594958225151792023-04-05T19:38:00.006-07:002023-04-05T19:38:56.457-07:00How to create a "Mail User" that is synced from Active Directory (ADSync) (Mail Enabled Object) in Office 365<p><b><span style="font-size: large;">Creating Mail-Enabled Objects-</span></b></p><p>Filter: objectClass = user & objectClass = contact</p><p>Mandatory Attributes:<br />mailNickname: This attribute is the alias to the mailbox.</p><p>displayName: This attribute is the text that is the readable name that represents you for mail delivery, and also in the address book.</p><p>targetAddress: This attribute is the e-mail address to which you want to redirect the mail. This attribute is formatted like the proxyAddresses attribute, where there is a prefix that defines the address type, for example, "SMTP:gyip@microsoft.com".</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-60522136839740155812023-03-31T09:13:00.001-07:002023-03-31T09:13:04.444-07:00How to determine which server is hosting Azure AD Connect (Sync) - The easy way<p> In ‘Active Directory Users and Computers’ > Search for MSOL > This should display the GSMA (Group Managed Service Account) that is used to run the service* > In the account properties > on the Description attribute, scroll to the right and you should see the Computer/Server that the service was installed on.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgtaKGTfMHJ6bU2J3g2MfZIWYez0JxolKet5QaDklMJfMPe90-uB0fhCBKK5SEUX2jUN6fyf4sg8FBJGOXwxnlJUfw3tFDHP6bJ3p0iR9E1A5syyMqsraNOQFed_RRf7A7up2P9VFzK18wMsnEhf3Y1LK_doU6oxDzxGkKPwGyp_1Mwju9iDgnOxnpz8w" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="300" data-original-width="477" height="406" src="https://blogger.googleusercontent.com/img/a/AVvXsEgtaKGTfMHJ6bU2J3g2MfZIWYez0JxolKet5QaDklMJfMPe90-uB0fhCBKK5SEUX2jUN6fyf4sg8FBJGOXwxnlJUfw3tFDHP6bJ3p0iR9E1A5syyMqsraNOQFed_RRf7A7up2P9VFzK18wMsnEhf3Y1LK_doU6oxDzxGkKPwGyp_1Mwju9iDgnOxnpz8w=w647-h406" width="647" /></a></div><br /><br /><p></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-51821763936914047722023-01-05T07:43:00.004-08:002023-01-05T07:43:35.257-08:00SYSVOL and NETLOGON Shares Missing on New DC<p> If you need to FORCE sysvol and netlogon to be shared for a down domain controller, you can add this registry key. You should figure out why your replication is broken, but this will force it onling.</p><p><br /></p><p> - Login to your Domain Controller that’s having the issue<br /> - Open Regedit<br /> - Browse to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters <br /> - Set SysVolReady from 0 to 1</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-9722644692855189142022-09-21T17:13:00.001-07:002022-09-21T17:13:03.202-07:00Exchange 2016 Hybrid Wizard Fails to validate Domains.<p> You are running the Exchange Hybrid Configuration Wizard (HCW) and it gets stuck at validating domains. You try-<br /><br />Set-FederatedOrganizationIdentifier -DelegationFederationTrust "Microsoft Federation Gateway" -AccountNamespace "MYDOMAIN" -Enabled $true"<br /><br />You get- An error occured while attempting to provision exchange with the partner sts.</p><p>Add the following registry keys and reboot.</p><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;"><span style="box-sizing: inherit; font-weight: 600; outline-color: inherit;">Windows Registry Editor Version 5.00<br style="box-sizing: inherit; outline-color: inherit;" />[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]<br style="box-sizing: inherit; outline-color: inherit;" />"SystemDefaultTlsVersions"=dword:00000001<br style="box-sizing: inherit; outline-color: inherit;" />[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727]<br style="box-sizing: inherit; outline-color: inherit;" />"SystemDefaultTlsVersions"=dword:00000001</span></p><p><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;">Windows Registry Editor Version 5.00<br /></span><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]<br /></span><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;">"SystemDefaultTlsVersions"=dword:00000001<br /></span><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;">[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319]<br /></span><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;">"SystemDefaultTlsVersions"=dword:00000001</span></p><p>Go into EAC, organization, remove the federation. Re-add it, add your domains, set your TXT records. Verify they are there with NSLookup, click Update. Re-run the hybrid wizard.<br /><br /></p><p><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600;"><br /></span></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-86992454962317765452022-09-14T10:37:00.005-07:002022-09-14T10:37:34.538-07:00VMware vReplication replication changes are HUGE even though changes are minimal on server.<p>This issue is caused by a GuestOS sent unmap command.</p><p>To disable Unmap in the Guest OS- <br />fsutil behavior set DisableDeleteNotify 1</p><p>To re-enable the feature, use the following command:<br />fsutil behavior set DisableDeleteNotify 0</p><p>To verify the current setting, use the following command:<br />fsutil behavior query DisableDeleteNotify</p><p>DisableDeleteNotify=0 - indicates the Trim and Unmap feature is on (enabled)<br />DisableDeleteNotify=1 - indicates the Trim and Unmap feature is off (disabled)</p><p><br />What is unmap/deletenotify-<br />Delete notifications (also known as trim or unmap) is a feature that notifies the underlying storage device of clusters that have been freed due to a file delete operation. In addition:</p><p>For systems using ReFS v2, trim is disabled by default.<br />For systems using ReFS v1, trim is enabled by default.<br />For systems using NTFS, trim is enabled by default unless an administrator disables it.</p><p>If your hard disk drive or SAN reports that it doesn't support trim, then your hard disk drive and SANs don't get trim notifications.</p><p>Enabling or disabling doesn't require a restart.</p><p> - Trim is effective when the next unmap command is issued.<br /> - Existing inflight IO are not impacted by the registry change.<br /> - Doesn't require any service restart when you enable or disable trim.</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-35496027985814403532022-08-17T10:10:00.005-07:002022-08-17T10:10:45.982-07:00Create Self Signed Cert Powershell<p> $Params = @{<br /> "DnsName" = @("quail-vm1.nytis.com")<br /> "CertStoreLocation" = "Cert:\LocalMachine\My"<br /> "NotAfter" = (Get-Date).AddMonths(100)<br /> "KeyAlgorithm" = "RSA"<br /> "KeyLength" = "2048"<br />}</p><p>New-SelfSignedCertificate @Params</p><p><br /></p><p>https://www.sslshopper.com/ssl-converter.html</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-12501894464099660742022-06-17T10:11:00.007-07:002022-07-28T13:27:19.141-07:00Setting up LDAPs on AD Server<p> 1. Install CA, configure as root CA.</p><p>2. On your CA Server launch the Certification Authority Management Console > Certificate Templates > Right Click > Manage.</p><p>3. Locate the Kerberos Authentication certificate > Make a Duplicate.</p><p>4. General Tab > Call it ‘LDAPoverSSL’ > Set its validity period > check to publish the cert in AD.</p><p>5. Request Handling Tab > Select ‘Allow private key to be exported’ > Apply > OK. Close out of the templates.</p><p>6. Right click Certificate Templates again > NEW > Certificate Template to issue.</p><p>7. Locate and select the ‘LDAPoverSSL’ certificate > OK.</p><p>8. Now logon to a DOMAIN CONTROLLER > Windows Key+R > mmc {Enter} > File > Add/Remove Snap-in > Add in the Certificates Snap-In > Computer account > Finish > OK > Expand Certificates > Personal > Certificates > Right Click > All Tasks > Request New Certificate > Next > Next.</p><p>9. Select the LDAPoverSSL Certificate > Enroll > Close the Certificate Snap-in.</p><p>10. In my case I need my device to ‘Trust’ the CA, So on the CERTIFICATE SERVER > open a command window and run the following command;</p><p><span style="background-color: #fafafa; color: #737373; font-family: "Courier New", monospace; font-size: 14px;">certutil -ca.cert ca_name.cer</span></p><p>11. It will display the certificate PEM on the screen and should complete successfully.</p><p>12. You will notice my command was run while I was on the root of the C: Drive, yours will probably be C:Users{your-username} go there and retrieve a copy of the ‘Root Certificate’.</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-78902476668437687202022-04-18T09:47:00.003-07:002022-04-18T09:47:34.352-07:00OneNote won't start, won't sync, not in system tray, not working.<p>Navigate to the following registry key:<br />HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\OneDrive </p><p>Check if any of the "Disabled" keys are set to 1. If they are, set them to 0.</p><div><br /></div><div>https://support.microsoft.com/en-us/office/onedrive-won-t-start-0c158fa6-0cd8-4373-98c8-9179e24f10f2</div>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-17326215011134361352022-04-12T09:56:00.007-07:002022-07-28T13:15:21.758-07:00Azure AD connect (Sync) force sync<p><br /></p><p>Import-Module ADSync</p><p>Get-ADSyncScheduler</p><p>Replicate your DCs first- repadmin /syncall /AdeP</p><p>Delta Sync-<br />Start-ADSyncSyncCycle -PolicyType Delta</p><p><br />Full Sync-<br />Start-ADSyncSyncCycle -PolicyType Initial</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-61509495198257689382022-01-01T10:06:00.003-08:002022-01-01T10:06:31.074-08:00Exchange Down on 1/1/2022!<p><span style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px;">So here's a nice surprise, apparently, exchange is </span><span style="color: #333333; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px;"> reporting an error </span><em style="background-image: initial; font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px;">Can't Convert "2201010001" to long </em><span style="background-image: initial; font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px;">this morning. </span><span style="color: #333333; font-family: Georgia, "Bitstream Charter", serif; font-size: 16px;">As of Jan. 1, 2022 0:00 UTC on-premises Exchange servers seem to freezing transport of all emails – a date can't get converted. Here is a quick overview of what is going on.</span></p><p style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px; margin-bottom: 0px; margin-top: 0px;"><span style="color: #333333; font-family: Georgia, "Bitstream Charter", serif;"><br /></span></p><p style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px; margin-bottom: 0px; margin-top: 0px;"><span style="color: #333333; font-family: Georgia, "Bitstream Charter", serif;"><a class="OWAAutoLink" href="https://borncity.com/win/2022/01/01/exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022/">https://borncity.com/win/2022/01/01/exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022/</a><br /></span></p><p style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px; margin-bottom: 0px; margin-top: 0px;"><br /></p><p style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px; margin-bottom: 0px; margin-top: 0px;">To resolve this, for now, disable the anti malware-</p><p style="font-family: Calibri, Helvetica, sans-serif, EmojiFont, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px; margin-bottom: 0px; margin-top: 0px;"><span id="ms-rterangepaste-start"></span><span style="background-color: #f2f2f2; color: #171717; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 14px; white-space: pre;">& </span><span class="hljs-variable" style="background-color: #f2f2f2; box-sizing: inherit; color: #171717; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 14px; outline-color: inherit; white-space: pre;">$env:ExchangeInstallPath</span><span style="background-color: #f2f2f2; color: #171717; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 14px; white-space: pre;">\Scripts\</span><span class="hljs-pscommand" style="background-color: #f2f2f2; box-sizing: inherit; color: #0101fd; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 14px; outline-color: inherit; white-space: pre;">Disable-Antimalwarescanning</span><span style="background-color: #f2f2f2; color: #171717; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 14px; white-space: pre;">.ps1</span></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-70924744933885270592021-12-28T12:24:00.002-08:002021-12-28T12:24:19.176-08:00Aruba 5400R Dual Management Card Redundancy Configuration / Firmware Update<p> redundancy management-module nonstop-switching</p><p>show redundancy</p><p>redundancy rapid-switchover 60</p><p>redundancy swtchover</p><p>show redundancy detail</p><p><br /></p><p>Firmware-</p><p>boot set-default flash primary </p><p>write memory</p><p>boot standby</p><p>show redundancy (wait for sync</p><p>redundancy switchover </p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-45696652185179864502021-10-25T09:59:00.001-07:002021-10-25T09:59:06.297-07:00How to copy all UPNs (usernames) to email address field in AD.<p>Check users email fields-<br /> get-aduser -Filter * -Properties mail | select name,mail | Out-GridView</p><p><br /></p><p>Command to copy-<br />Get-ADUser -LDAPFilter '(userPrincipalName=*)' ` -Properties userPrincipalName,mail | Select-Object * | ` ForEach-Object { Set-ADObject -Identity ` $_.DistinguishedName -Replace ` @{mail=$($_.userPrincipalName)} }</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-89693653893564416732021-10-12T09:14:00.001-07:002021-10-12T09:14:04.886-07:00How to set up Mimecast Personal Portal to authenticate to DUO Cloud SSO (SAML2) 2021<p> Here is how to set up Mimecast to work with Duo's Cloud SSO. The online instructions are confusing and inaccurate.</p><p><br /></p><p><span style="font-size: medium;"><b>DUO SSO-<br /></b></span>Deploy and configure DUO SSO if you haven't already.<br />https://duo.com/docs/sso</p><p><span style="font-size: medium;"><b>DUO Application-<br /></b></span>In Duo, go to Applications, click Protect an Application, search for Generic, there will be two Generic Service Providers, select the one that says "2FA with SSO hosted by DUO".</p><p>Fill in the following-<br />Entity ID- us-api.mimecast.com.ACCOUNTCODE (Replace account code with your account code, it will be something like CUSA88U99)<br />Assertion Consumer Services ACS URL- https://us-api.mimecast.com/login/saml<br />Copy the metadata URL to notepad, you'll need it later.<br />Name (under settings)- Mimecast<br />Leave everything else alone, click save.</p><p><span style="font-size: medium;"><b>Mimecast-<br /></b></span>Administration, Services, Applications, Authentication Profiles, Default Authentication Profile.<br />Check the box that says "Enforce SAML Authentication for Mimecast Personal Portal"<br />Provider- Other<br />Metadata URL- paste the Metadata URL you copied earlier. Click Import.<br />Click Save and Exit.<br />Repeat above if you want to enforce User Applications.<br />Repeat above in Administration, Services, Applications, Authentication Profiles, Account_Administrators_Authentication_Profile if you want to enforce it for admins.</p><p><br /></p><p><br /></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-45319213692655436152021-09-30T15:19:00.003-07:002021-09-30T15:19:30.617-07:00Start Menu won't open for users on Windows Server 2016<p> <span style="background-color: white; color: #2a2a2a; font-family: "Segoe UI", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 14px;">1. DISM /Online /Cleanup-Image /RestoreHealth</span></p><p style="background-color: white; border: none; color: #2a2a2a; font-family: "Segoe UI", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 14px; list-style-type: none; margin: 0px 0px 1em; outline: 0px; padding: 0px;">2. Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”} --</p><p style="background-color: white; border: none; color: #2a2a2a; font-family: "Segoe UI", "Lucida Grande", Verdana, Arial, Helvetica, sans-serif; font-size: 14px; list-style-type: none; margin: 0px 0px 1em; outline: 0px; padding: 0px;">3. Delete this folder for each user: C:\Users\username\AppData\Local\TileDataLayer</p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0tag:blogger.com,1999:blog-902852798894989909.post-90508714625780052772021-09-29T10:44:00.001-07:002021-12-08T17:01:57.011-08:00Chrome "You cannot visit localhost right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."<p> </p><p>You get- <span style="background-color: white; color: #232629; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "Liberation Sans", sans-serif; font-size: 15px;">"You cannot visit localhost right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."</span></p><p><span style="color: #232629; font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Liberation Sans, sans-serif;"><span style="font-size: 15px;">IF YOU'RE CERTAIN the page is safe, you can type thisisunsafe and you will be able to reach the site.</span></span></p><p><span style="color: #232629; font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Liberation Sans, sans-serif;"><span style="font-size: 15px;"><br /></span></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm5nzWM7QPU0eiSsPEa9pTz39dY3meb_qu_JU7SPa2_WiPC1CwpYo0aGdjOfQty780VZsQt4dTUKKuDvfmNydyrV0z7Q47eeQCo3WD3me_WClb41kQUPC-ShugWDYaFdgvDryvuI-DOHIX/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="709" data-original-width="837" height="426" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjm5nzWM7QPU0eiSsPEa9pTz39dY3meb_qu_JU7SPa2_WiPC1CwpYo0aGdjOfQty780VZsQt4dTUKKuDvfmNydyrV0z7Q47eeQCo3WD3me_WClb41kQUPC-ShugWDYaFdgvDryvuI-DOHIX/w502-h426/image.png" width="502" /></a></div><br /><p></p>adam1115http://www.blogger.com/profile/10061631656608590316noreply@blogger.com0