I got a call last night to help out a colleague, this involved using a ‘dubious’ piece of software that is very old, (I wont elaborate further). But to run it on a modern Windows Server is nearly impossible. The host detects the software as being infected (It may well be, but I’ve never suffered). So I need to keep the software in a password protected Zip file. And only extract it on a Virtual machine that I don’t mind sacrificing!
That’s great, but Defender was having none of this, so I needed to ‘temporarily‘ stop its real time protection.
Note: Standard warning, disabling Windows defender on a production machine is not a good idea, (without another 3rd party anti virus/anti malware product.)
You can disable Defender using the following group Policy;
[box]Computer Configuration > Administrative Templates > Windows Components > Windows Defender Antivirus > Turn off Windows Defender Antivirus > Set to Enabled[/box]
A couple of weeks ago I logged into Adsense and saw this;
‘We’ve detected an error on your IABTC string on one or more of your sites or apps. These errors may affect your ability to serve ads to European users. A detailed report is available for you on the EU user consent page’.
Solution
Well all of that made no sense to me, so I downloaded the report, which is a spreadsheet and it looked like this;
Erm OK, so what’s error 2.1a? well it’s this;
Everything I read didn’t make much sense, and a search of Google revealed a ton of things that made little or no sense to me.
Why Am I Seeing European IAM TC String Errors?
In short: People in Europe are protected by the GDPR. This says, (very basically) that website visitors should be ‘asked’ what their Ad preference, and tracking cookie preferences are, BEFORE the website can show them any ads, or attempt to embed tracking cookies, (like the ones Google uses), on their machines.
This is why you will notice most sites you go to now ask you about cookies and ads the fist time you visit, you generally then tick a box that says ‘accept preferences‘, or ‘that’s fine‘, and you are bothered no more.
So that’s basically the root cause of the problem. Well I run my website on WordPress so “There will be a plugin for that right?” I tried a few and settled on UniConsent CMP. I installed it, and enabled cover for GDPR, (and CCPA compliance).
Note: Sign up for a free licence, then you can manage everything directly at UniConsent.
Extra Tip: Go To Consent Manager Version 2 > Manage > Fill everything in > Enable GDPR (For European Countries) > Enable IAB TCF > Select Pop-up Box > Save and Exit (Top right).
Do You Cache Your Website? If so, don’t forget to ‘flush the caches’ at this point.
So That Fixed It Yes?
Sadly no, but because I now manage my CMP online they have a support/chat feature, and I was asked to do the following;
A third party Ad agency I use has their own CMP I asked them to disable that, which they did, (don’t forget flush the caches again!)
I had some embedded code with my Adsense ads that was calling this script;
I had to remove each instance of that, and put the following code in my websites < HEAD > section; Download Code
Update (28 Oct 2020)
Well my errors came back, The good folks at UniConsent investigated and found out that I was caching, information (Javascript,) that was being called, and so breaking the TCF rules again. I logged a call to the people who provide my WordPress Caching Plugin (WP-Rocket.) Who remoted onto the server, and added the following onto their ‘File optimisation’ Settings;
The Adsense TCF Error Wont Go Away!
That’s because the errors stay on Google Adsense for 7 DAYS, even if you have fixed the errors, you need to wait 7 days for the errors to stop showing!
Which Ad Network Should You Replace Adsense With?
For everyone asking “What ad network did you move to”, then you can message me (link above) and I will let you know. There are some caveats, most of your traffic needs to be EN-US / EN-GB traffic, and you need to have a decent amount of traffic to be considered. If you fall into that category, message me and I will pass on you details to them. (Disclaimer: I get a financial kick back for doing so).
Related Articles, References, Credits, or External Links
When attempting to open the Exchange Management shell you see the following;
[box]
Welcome to the Exchange Management Shell!
Full list of cmdlets: Get-Command
Only Exchange cmdlets: Get-ExCommand
Cmdlets that match a specific string: Help **
Get general help: Help
Get help for a cmdlet: Help or -?
Exchange team blog: Get-ExBlog
Show full output for a command: | Format-List
Show quick reference guide: QuickRef
VERBOSE: Connecting to {mail server}
New-PSSession : [{mail server}] Processing data from remote server {mail server} failed with the
following error message: [ClientAccessServer={mail server}BackEndServer={mail server},RequestId=f092f550-6451-
4dea-820d-20322101874a,TimeStamp=08/10/2020 09:24:58]
[AuthZRequestId=eb185d5f-6a49-471f-9267-ad0ce9231d0f][FailureCategory=AuthZ-CmdletAccessDeniedException] The user
"DOMAIN/{User-Name}" isn't assigned to any management roles. For more information, see the
about_Remote_Troubleshooting Help topic.
[/box]
When this happens you may also see Event ID 258 get logged;
[box]
Log Name: Application
Source: MSExchange RBAC
Date: {date} {time}
Event ID: 258
Task Category: RBAC
Level: Error
Keywords: Classic
User: N/A
Computer: {Mail Server}
Description:
(Process 9680, PID w3wp.exe)"RemotePS Public API Func GetApplicationPrivateData throws Exception Microsoft.Exchange.Configuration.Authorization.CmdletAccessDeniedException: The user "{Domain/user-name}" isn't assigned to any management roles.
[/box]
Solution
I’ve highlighted the most pertinent text in the error messages (above), that being;
The user “{Domain/User-Name}” isn’t assigned to any management roles.
For once Microsoft error messages are actually quite descriptive and helpful! The user that you are attempting to open the Exchange Management Shell with does not have the Exchanger administrative rights to do so! Typically to manage Exchange you need to be a member of the ‘Organization Management’ group, (my Englishness OCD hates that spelling!)
So, (obviously using your administrative account NOT you normal user account ;P ) Add yourself to that group.
Remember, granting rights via a ‘group‘ means you will have to log off, and then back on again, before you actually get those rights.
Related Articles, References, Credits, or External Links
Saw this asked in a forum today, and my response was;
It never gets smaller, if you delete things out of it, it just creates more ‘whitespace’ within the database, unless you;
a) Take it offline, and defragment it using eseutil.
b) Move the mailboxes out of it, to another database and delete it.
Which is true, but even Microsoft say you should not need to defragment a database! Before you do anything make sure you have a good backup of Exchange and the mailbox databases!
Defragment an Exchange Database
Stop! Why are you doing this, if it’s because you are running out of room, then migrating mailboxes out of a database into another database, on another piece of storage with more room is what you should be doing, and does not involve long periods of downtime!
If you have just deleted hundreds of GB from a mailbox database, and you simply want to compress the DB, and you have a BIG window for downtime, (allow 1 hour for every 9GB of database size). Then you are in about the only use case scenario I can think of to want to do this!
Before You start: This process creates a temporary mailbox database, (you need to tell it where), if you are pressed for room, I suggest you add another volume/drive and put it there. (Though in my example I have room in the same folder). Allow for the entire database’s existing size plus ten percent to be on the safe side.
Let’s have a look, and see how much room we might be able to reclaim (whitespace);
The database has to be dismounted before you can run Eseutil on it (downtime starts here).
[box]
Dismount –Database Database Name
Eseutil /d C:\Folder\DatabaseName.edb> /t T:\Folder\TempDB.edb>"
[/box]
When complete, mount the datastore again, (downtime ends here).
[box]
Mount-Database Database Name
[/box]
Hopefully you should see the whitespace has decreased.
Don’t forget to set off a full backup of the store as soon at it’s back online.
Move Mailboxes To Another Exchange Database (To Reclaim Space)
This is the much more elegant solution, create a shiny new database move everything from the old database into the new one, and delete the old database.
Will This Impact My Users? Any user using their mailbox while it is getting moved wont be affected, until the move is complete then they will see a popup that looks like;
The Microsoft Exchange administrator has made a change that requires you quit and restart Outlook.
Cool eh! So lets start by creating a New Mailbox Database.
[box]
New-MailboxDatabase -Name New Database Name -EdbFilePath C:\Folder\DB-Name.edb -LogFolderPath C:\Folder\Folder\
[/box]
Make sure you follow the advice and restart the information store, (yes you can mount the new DB and proceed, but Exchange does not allocate the resources correctly if you do this).
[box]
Restart-Service MSExchangeIS
[/box]
Let’s move our ‘Normal’ mailboxes to the new DB.
[box]
Get-Mailbox -Resultsize Unlimited | New-MoveRequest -TargetDatabase Target Database Name
[/box]
Depending on how many (and how large) mailboxes there are this can take a while, (days for large databases!) When they’ve all completed you need to remove the move requests, (if you have any failures, or speed issues use the search box above, I’ve had to cope with thousands of these things not working correctly in my time!)
Let’s assume we are all moved, so we want to remove the move requests.
Well the ASA5516-X was the last one to go end of sale. You may be able to get stock of the remainder of the ASA5500-X series as people clear their shelves, or they may be available as ‘refurb’ stock but they are disappearing.
So you would think that the replacements would be better documented? Well it’s sketchy at best, and when you look a the data sheets for the new FPR range the links on Cisco website go to the wrong place, or give you little or no guidance 🙁
Solution
I’ve put together the following to help, it’s not sanctioned by Cisco, (though I did engage Cisco Partner GVE to assist me. The following table shows FPR models that run ASA code, (not FTD code). I’m not a fan personally of the FTD solution, and I wont be deploying it anywhere for a client. But Standard Asa code keeps my support and network techs happy.
If you disagree with any of my recommendations, please post below, and (providing your objection is valid,) and I’ll update it accordingly.
Related Articles, References, Credits, or External Links