vCenter and PSC: IE Content Was Blocked

KB ID 0001440

Problem

I’d just installed a new vCenter and Platform Services Controller for a client this week. When I tried to access the web consoles I saw this.

Content was blocked because it was not signed by a valid security certificate
For information see “About Certificate Errors” in Internet Explorer Help.

No amount of allowing certificates without revocation, and tinkering with the registry would let me in?

Solution

I cant believe how annoyingly simple it was to solve in the end! Go the the end of the URL and remove ‘/?csp’, problem solved

Related Articles, References, Credits, or External Links

NA

Microsoft One Drive: Analysis, Pros &Cons of Using It

KB ID 0001439

There are a lot of cloud storage options available on the market. More and more companies make their own cloud storage service. This is why it can be tricky to pick the right service for you. Also, you need to take into consideration a lot of things before you select a cloud storage service. The level of security, its features, and the price are just some of them.

In this article, we are going to talk about Microsoft One Drive. Here you will find an analysis of this cloud service. However, if you want more information you should read this comparison between OneDrive and Dropbox, made by Cloud Storage Advice. Now, let’s see which are the pros and cons of this cloud storage service.

OneDrive General info

OneDrive, also known as SkyDrive is Microsoft’s response to the war of cloud storage services. This is one of the most known cloud services on the market. One of the best things about it is that it provides 5GB of data for free, in their basic plan. OneDrive means integration because it is found on all Windows 10 and 8 devices and on all Windows apps.

Also, this service is easy to use and it offers a big variety of features. All you have to do is to choose the right plan for you and your needs. Apart from the free basic plan, you can also choose the 50GB plan for  $1.99/month or the Office 365 Personal (1TB) for $69.99/year. If you have a small business, you can select the Office 365 Home and you receive 5TB (1 TB per user) for $99.99/ year.

Pros and Cons of Using OneDrive

Like any other service, OneDrive has its pros and cons. We are going to show you the good and the bad of this cloud storage option.

Pros

When it comes to the main features, OneDrive has a lot of pros. First of all, it offers a lot of features including backup, sharing, and editing all of your files. Also, you can select which files need to be backed up and which need to be stored. This service also comes with a lot of extra features. Some of the best additional features include collaboration tools, Office 365, mobile apps, and 24/7 technical support.

Another great pro of this service is the integration. All Windows 8 and 10 devices come with the app already installed. All you have to do is to create an account and start storing the important data. Also, this service is compatible with some of the biggest platforms including iOS, Chromium, Android, and Mac.

It offers a big free storage space of 5GB which can attract more users. If they fill the space and enjoy the features, they are more likely to purchase a paid plan. Another important pro you should know is that this service has an AI which can save your videos and pics in the files according to importance. The automatic syncing options is another pro. Their file management and syncing service are extending even more.

Cons

The level of security is one of the most important things you need to consider before you decide to purchase a cloud storage service. One Drive has a good security because of Sookasa, an all-in-one security tool. Unfortunately, like any other security tool, Sookasa doesn’t always do its job at keeping the data secure.

However, there are also some cons when it comes to their features. OneDrive could add a few more features considering the fact that the company wants to make this an all-in-one cloud storage service. Also, some of the features might not work as well as on other cloud services.

Another con of this service is the fact that it doesn’t offer a lot of options for business owners. Most services have at least 2 options for businesses. However, Microsoft OneDrive is a better option for personal use. If you want a cloud service for business, you should check out another service like Dropbox or MEGA cloud.

These are the most important things you should know about this cloud storage service. OneDrive is one of the best cloud options. However, like any other service, it has a lot of pros and some cons. Its main features and the additional ones make this service stand out of the crowd. Also, it has great integration and a good security. Despite all of the pros, the main con is the fact that it is not suited for business owners. This service doesn’t offer many options for business and this it’s why it is a great service for individuals.

Post written by;

Cristopher Burge

{cloustatorageadvice.com}

 

Related Articles, References, Credits, or External Links

NA

PowerShell: Finding Stale User and Computer Accounts

KB ID 0001438

Problem

I do this a lot, (usually prior to big migrations), most organisations have no mechanism for removing old users and computers from Active Directory, some don’t even disable the accounts.

Find Users Who Have Never Logged On

Use the following PowerShell Command;

[box]

Get-ADUser -Filter { LastLogonDate -notlike "*" -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{ Name="Username"; Expression={$_.SamAccountName} }, Name, LastLogonDate, DistinguishedName | Export-Csv C:\temp\Users-Never-Logged-On.csv

[/box]

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Find Users Who Have Not Logged On In ‘x‘ Days

I’m going to use the value of 90 days (remember some staff might be on long term sick/maternity so check with HR!) Execute the following three commands;

[box]

$DaysInactive = 90
$TrueInactiveDate = (Get-Date).Adddays(-($DaysInactive))
Get-ADUser -Filter { LastLogonDate -lt $TrueInactiveDate -and Enabled -eq $true } -Properties LastLogonDate | Select-Object @{ Name="Username"; Expression={$_.SamAccountName} }, Name, LastLogonDate, DistinguishedName | Export-Csv C:\temp\Users-Inactive-90-days.csv

[/box]

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Find Computers Who Have Not Logged On In ‘x‘ Days

Again I’m using 90 days. Execute the following three commands;

[box]

$DaysInactive = 90
$TrueInactiveDate = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter { PasswordLastSet -lt $TrueInactiveDate} -properties PasswordLastSet | Select-Object Name, PasswordLastSet, DistinguishedName | Export-Csv C:\temp\Computers-Inactive-90-days.csv

[/box]

Note: This will output the users to a csv file, and requires you to have a C:\Temp directory.

Related Articles, References, Credits, or External Links

NA

vSphere: Open Console Only Opens the Web Console?

KB ID 0001437

Problem

At first I simply though this was an IE problem, but I tried with Firefox and Chrome and it was the same.

‘Open Console’ simply opens the web console, and does not offer you a choice any more?

Solution

They’ve done a great job of hiding it! On the VM’s summary tab, click the options ‘cog‘. And theres the options again.

If you want to use the VMRC, you will need to download it first!

Related Articles, References, Credits, or External Links

NA

Exchange: “BuildToBuildUpgrade” Error

KB ID 0001436

Problem

In the middle of an Exchange upgrade I got a bit stuck with the following error;

“Setup previously failed while performing the action “”BuildToBuildUpgrade” You can’t resume setup by performing the action “Install”.

There are a couple of variations on this error as well, you can also see either of the following;

“Setup previously failed while performing the action “Install” You can’t resume setup by performing the action “BuildToBuildUpgrade”.

OR

“Setup previously failed while performing the action “Uninstall” You can’t resume setup by performing the action “Uninstall”.

That last of those I’ve covered before here.

Solution

As you are probably already aware this is because either an install/upgrade/uninstall has failed, and you are attempting to get the process going again, (or someone else has, and left it ‘broken’!)

This is happening because as Exchange performs installs/upgrades/uninstalls it creates some values in the registry as it progresses. And if you attempt to restart the process, it can see these entries, and that’s what causes the error.

So you simply need to remove them;

Open the registry editor (Windows Key+R > Regedit {Enter}).

Where you navigate to, depends on your version of Exchange;

[box]

HKLM\Software\Microsoft\ExchangeServer\v14\ (Exchange 2010)

HKLM\Software\Microsoft\ExchangeServer\v15\ (Exchange 2016 and 2013)

[/box]

Within all the sub keys (i.e. below v14 or v15) there will be a ‘Value’ thats within the role that was being installed/upgraded/uninstalled, when the process ‘fell-over’. That value will be called ‘Action‘ locate and delete it.

Also be on the lookout for a value called ‘Watermark’ if you see that, remove it also, and Exchange will start a fresh, install/upgrade/uninstall.

When you have checked all the sub keys, restart your install/upgrade/uninstall.

Related Articles, References, Credits, or External Links

Exchange – Setup previously failed while performing the action ‘Uninstall’

Exchange Update Fails: ‘Cannot find Arbitration Mailbox’

KB ID 0001435

Problem

Last night was a late one, Exchange 2016 update (CU9) failed to install and left the server in an unusable state.

Relevant Part(s) of the Error

[box]

-----Output Removed For the Sake of Brevity-----
        $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
-----Output Removed For the Sake of Brevity-----
        Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
          }
          }
          else
          {
        Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
-----Output Removed For the Sake of Brevity-----

[/box]

A Full copy of the error text can be seen here Exchange-Upgrade-Arbitration-Error

 

Solution

A Search of the forums told me this was common, and to simply run ‘Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms‘ and this would fix the problem, However when I tried I got;

“Setup previously failed while performing the action “BuildToBuildUpgrade” You can’t resume setup by performing the action “Install”.

Even attempting to run the command from other DC’s, and the ‘Root Domain’ failed.

Note: I am aware, you can remove the ‘Action’ and ‘Watermark’ Registry keys to try and bypass this error, (see link at the bottom of the page), but that didn’t fix the problem.

Credit To Microsoft Support: This problem was very similar to one I had two years ago (here). The Arbitration mailboxes were there, but some were NOT ASSOCIATED with a mailbox database. The following command showed this;

[box]

Get-Mailbox -Arbitration | fl Database,Name

[/box]

Note: If you see nothing , check this article.

This showed, of the 7 arbitration mailboxes, 5 of them had a problem, and displayed like so;

[box]

WARNING: The object SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} has been corrupted, and it’s in
an inconsistent state. The following validation errors happened:
WARNING: Database is mandatory on UserMailbox.
WARNING: Database is mandatory on UserMailbox.

[/box]

There is no ‘Database’ value for these, and it’s required, for a user mailbox, (Even a system mailbox, is still a user mailbox!). So these were then associated with a mailbox database, (it does not matter which one, if you have multiple databases). Like so;

[box]

Get-Mailbox -Arbitration | Set-Mailbox -Arbitration -Database "Database-Name"

[/box]

After Clicking ‘Yes” or ‘All’ a few times, re-run the original command, and all the Arbitration mailboxes should now look healthier, like so;

Now, start the Exchange upgrade again, and it should recover the broken install, and then complete without error. Reboot your server, and check Exchange is healthy.

 

Related Articles, References, Credits, or External Links

Massive credit and thanks to Mr Saravanan Krisha Murphy, for his patience, support, and technical skills.

Exchange: “BuildToBuildUpgrade” Error

Exchange: No Arbitration Mailboxes?

KB ID 0001434

Problem

I was doing a ‘mop up’, after an Exchange install problem, (post to follow.) And went to look at the ‘Arbitration‘ mailboxes in the clients Exchange Organisation. And they could not be seen?

[box]

Get-Mailbox | -Arbitration
Get-MailboxDatabase | Get-Mailbox -Arbitration

[/box]

Solution

In my case, it was because the Exchange server was in a ‘Child Domain’ and the ‘SystemMailboxes’ are in the root domain.

You need to enter the following command first;

[box]

Set-ADServerSettings -ViewEntireForest:$true

[/box]

Then, (as shown above), re-run your commands, and the mailboxes should now be visible.

Related Articles, References, Credits, or External Links

NA

Windows RDP: ‘An authentication error has occurred’

KB ID 0001433

Problem

When attempting to RDP to a remote machine;

 

An authentication error has occurred.
The function requested is not supported

Remote computer: {name}
This could be due to CredSSP encryption oracle remediation.

Or you may just see;

 

An authentication error has occurred.
The function requested is not supported

Remote computer: {name}

Solution

This is happening after you have a applied a windows security update it was this security update. It also tells you how to change your GPOs accordingly.

If your business is in Chaos – set it to ‘Vulnerable‘ to get things working, get EVERYTHING patched, then change it to ‘Mitigated‘ or ‘Force Updated‘. (WARNING: any change requires a reboot!).

 ‘Encryption Oracle Remediation’ Policy Is Missing?

Copy these two files from a freshly updated machine;

  • C:\Windows\PolicyDefinitions\CredSsp.admx (Dtd Did Feb 2018)
  • C:\Windows\PolicyDefinitions\en-US\CredSsp.adml (Dtd Feb 2018 – Your local folder may be different i.e. en-GB)

On a DC, navigate to;

  • C:\Windows\SYSVOL\sysvol\<your domain>\Policies\PolicyDefinitions

Rename the current CredSsp.admx to CredSsp.admx.old

Copy the new CredSsp.admx to this folder.

On the same DC navigate to;

  • C:\Windows\SYSVOL\sysvol\<your domain>\Policies\PolicyDefinitions\en-US (or your local language)

Rename the current CredSsp.adml to CredSsp.adml.old

Copy the new CredSsp.adml file to this folder.

Try your group policy again.

If Using a Central Policy Definition Store

You will need to copy the files to the central PolicyDefinitions folder in your Sysvol directory, see the following link;

Setup up a Central ‘PolicyDefinitions’ Store (for ADMX files)

 

Footnote

Don’t Simply Uninstall Windows updates KB41037272. and or KB4103718 – just because something works does not mean that’s what you should do!

Related Articles, References, Credits, or External Links

Windows – Remote Desktop Error ‘An authentication error has occurred. The Local Security Authority cannot be contacted’

EVE-NG (VMware) Connecting to the Internet

KB ID 0001432

Problem

I did an article a while back on doing this with UNL, so I thought I’d revisit it today for EVE-NG. I really like EVE-NG, for proof of concept work, testing, and just learning new products I cant think of any product better.

But what if you want to connect your labs to the outside world? 

Solution

In all honesty a lot of this article you can skip, I’m just showing you what’s going on down at the Linux level (so you can be sure yours will be OK).

I’m assuming you already have EVE-NG installed and some images in it, and know how to create a lab, and that you want to connect that lab to the internet.

Unlike UNL, EVE-NG will deploy with only one vNIC, (below I’m using vSphere 6), so to keep things nice and simple I’m just going to add one more;

VMXNet3 is fine, just make sure it’s connected to the correct port-group.

Note: You can probably skip down to allowing promiscuous mode below. As the good folk at EVE-NG have configured all the hard stuff for you!

SSH into your EVE-NG server > log on as the root user, and make sure it can see BOTH network cards, with the following command;

[box]ifconfig -a | grep ^eth[/box]

Above you can see the original eth0, and the one I just added eth1.

You probably already have nano installed, (it’s a text editor). But just in case, run the following command;

[box]apt-get install nano[/box]

Use nano to edit/view the network card settings; 

[box]nano /etc/network/interfaces[/box]

Scroll down to the settings for eth1 and make sure it is tied to, (bridged to)  pnet1 (as below). Repeat for any additional network cards.

To exit nano Press CTRL+X, (then if you have made any changes save them).

You can also see a summary of bridged interfaces with the following command;

[box]

brctl show

[/box]

Enable Promiscuous Mode

Your Hyper Visor (VMware) needs to be able to see traffic from your EVE-NG devices, coming out though the vNIC we added earlier, that means a lot of MAC addresses are going to be coming from the MAC address of that vNIC. By default VMWare will block that. so we need to enable promiscuous mode on the port-group that we connected to earlier, (mine was called VM Network).

If you are using the older VMware (Fat) client, see the link at the bottom of the page for the older UNL article.

Edit the port group;

On the Security tab > Tick ‘Override’, and set it to ‘Accept’ > OK.

Forged Transmits: You will also need to enable this, (if you use VLAN tagging in your network!)

Add Cloud Objects to EVE-NG

Above, (if you remember) the vNIC (eth1) was bridged to pnet1. These used to be labelled pnet1, pnet2, etc. Now they are labelled Cloud1, Cloud2, etc.

In your lab workspace add a ‘Network’ object.

Select Cloud1 (remember this is mapped to pnet1, which is bridged to eth1.). You may want to change the name from Net, to something like ‘Internet’.

Connect a device to it, (I’m using a router, because they are quick and easy to setup).

My Network has DHCP on it, so my router picked up an IP from my LAN, and once I’d given it a default route, I now have full internet access from the lab.

Related Articles, References, Credits, or External Links

Unified Networking Lab – Connecting ESX VM to the Internet

Safari Keeps Re-opening Compromised/Spammy Web Pages

KB ID 0001431

Problem

To be honest it was my own fault, I was trying to get some software and was on a ‘dubious’ file sharing site, when ‘Boom’ loads of popup windows and scripts executing! Normally I’d just’ force quit’ Safari, and open it again then get on with my life, but Safari ‘Helpfully‘ remembered which URL I was on, and reopened it as soon as it launched,  and the whole process happened all over again.

Solution

Press CMD+ALT+Esc, then ‘force quit’ Safari.

In ‘Finder’ Go > Go to Folder,

Go to;

[box]~/Library/Preferences/[/box]

Locate and delete com.apple.safari.plist

Repeat the process but this time, go to;

[box]~/Library/Saved Application State/[/box]

Locate and delete com.apple.Safari.savedState

Reboot your machine, and relaunch Safari.

Related Articles, References, Credits, or External Links

NA