Cisco Router – Configure NAT (NAT Overload)
NAT Overload KB ID 0000971 Problem NAT is the process of taking one or more IP addresses and translating it/them into different IP addresses. You may require your router to translate all your internal IP addresses to your public (ISP allocated) IP address. To do that we use a process called NAT Overload. Solution : Nat Overload 1. Connect to the router, and got to enable mode, then global configuration mode. PetesRouter#configure...
Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
VMware – Replace the ESX Certificate
ESX Certificate KB ID 0000974 Problem ESXi comes with a self-signed certificate, and for most people that’s fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them. Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self-signed certificate with my new...
Windows Server 2025 Trust Relationship Failures Post-Upgrade
2025 Trust Relationship KB ID 0001917 Problem Following a full upgrade of all domain controllers (DCs) to Windows Server 2025, organisations may experience trust relationship failures between domain-joined workstations and the domain. This issue predominantly affects clients running Windows 10/11 versions up to 23H2. Notably, environments retaining at least one older DC do not encounter this problem. Symptoms Users unable to log in to...
Cisco ASA – Remote VPN Client Internet Access
VPN Client Internet Access KB ID 0000977 Problem I have answered a lot of questions in forums, that are worded something like, “When I have a remote client connected to my firewall VPN they lose Internet access!” Traditionally that’s exactly what the ‘default’ remote VPN Internet access (IPSEC or AnyConnect) gave you. To ensure your remote VPN clients can access the Internet you have two options. The...
Windows – Firewall Group Policy
Firewall Group Policy KB ID 0000979 Problem For everyone who simply does not disable the Windows firewall, then you need to be able to manage what ports are open on your machines. The simplest way to do this is via firewall group policy. This week I had to open TCP port 9503 on the local firewall of my McAfee Move Offload Servers. Below I will open that port on all my machines, but in production I will only apply the GPO to...
Windows Displaying a Logon Notice (legal notices)
Logon Notice KB ID 0000328 Problem It’s been a while but when I was asked my notes were seriously out of date .Should you with to enable this feature then do the following. Solution : Logon Notice Logon Notice Option 1 – via Domain Policy 1. On a domain controller, Start > administrative tools > Group Policy Editor > Either edit an existing policy or create a new one (Remember its a computer policy you need to...
Windows 11 Bypass Microsoft Account Requirement
Bypass Microsoft Account Requirement KB ID 0001916 Problem Microsoft have been pushing for you to have a Microsoft account to login to windows for some time, originally you could open a shell window and use the oobe\bypassnro command, then they stopped that, but you could still add a registry key to bypass the requirement. But now there’s a much simpler way. Solution : Bypass Microsoft Account Requirement Some site...
Red Hat – Disable DNS Recursion (BIND)
Disable DNS Recursion KB ID 0000981 Problem I got a Tweet, to say the site was down. I checked and the VPS was off-line? So I powered it on and waited a few minutes. Linux is not one of my strongest technical areas so I did some Googling about what logs to check etc. When I looked in the var/log/messages log it was full of these, up to the point where it went down; Aug 7 03:51:52 MY-HOSTNAME named[490]: error (unexpected RCODE...
Cisco ASA – VPN Reverse Route Injection With OSPF
Reverse Route Injection KB ID 0000982 Problem Reverse Route injection is the process that can be used on a Cisco ASA to take a route for an established VPN, and populate/inject that route into the routing table of other devices in it’s routing group. In the example below, on the main site, we have a Layer 3 switch that’s routing all the 192.168.x.x networks, and we have an established site to site VPN to a remote site. To...