ASA Connection Error: ‘The First Key-Exchange Algorithm’
KB ID 0001476 Problem When attempting to connect to a Cisco ASA firewall via SSH you see the following error; The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold. Do you want to continue with this connection? Clicking ‘Yes’ will let you connect. Solution When connected, execute the following commands; conf t ssh key-exchange group...
PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...
VMware: Creating a Storage Encryption Policy
KB ID 0001471 Problem This is essentially part-two of deploying encrypted virtual machines, in a vSphere VMware (6.5 and above) environment. Back in part-one we deployed a KMS server and registered it with vCenter. Now we will create a storage policy that enforces encryption, then apply that policy to a virtual machine. Solution While logged into vCenter > Home > Policies and Profiles > VM Storage Policies > Create VM...
VMware vSphere Virtual Machine Encryption
KB ID 0001470 Problem Other that learn this for an exam I’ve never had to deploy this in anger. So when I heard we had a customer at work who wanted to take a look at it I was quite keen to take a look. To encrypt a VM you need to have an additional KMS (Key Management server) which VMware do not provide. They do provide a list, so theres no point me posting a list that will be out of date in a couple of weeks. Our client...