Cisco ASA – Update Activation Key (From ASDM)
KB ID 0001662 Problem I recently did a post on adding extra licences to AnyConnect, (with the current surge of people working from home). I exclusively work at command line, so when I was asked how to do the same in the ASDM I had to go and check 🙂 Solution Connect to your firewalls ASDM console, then navigate to > Configuration > Device Management > Licensing > Activation Key > Enter you new Activation Key > Update...
Get Free Cisco AnyConnect Licences For COVID-19 Homeworkers
KB ID 0001661 Problem Cisco released information on their blog a few days ago to say that they would be offering free Umbrella, Duo and AnyConnect Licences to customers in the wake of the the COVID-19 outbreak. Thats great news, but there’s no information on how to get the AnyConnect licences. It just says speak to your Cisco partner. As I am a Cisco partner I was confused, and it seems my colleagues were also. So I contacted...
Windows Server – Schedule a Reboot
KB ID 0001321 Problem Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following; The AT command has been depreciated. Please use schtasks.exe instead Solution (The Quick Way) Execute the following command (change time and data accordingly); schtasks /create /tn “Scheduled Reboot” /tr “shutdown /r /t 0” /sc once /st...
Powershell: Get Folder Size ‘Quickly’
KB ID 0001660 Problem Right clicking a folder and selecting properties is usually how you would see how large a folder is. Which is great, but if your folder size is HUGE (i.e. many terabytes) then this takes ages! Solution If you use PowerShell you can get the figure considerably quicker! Below I want to ge the size of E:\Shared; In MegaBytes; “{0:N2}” -f ((Get-ChildItem -path E:\Shared -recurse | Measure-Object -property...
Cannot Recreate Azure AD ‘Local’ AD Connector
KB ID 0001659 Problem While trying to fix another Azure AD Replication problem today I managed to delete one of the connectors (the one for the local ‘on-prem’ Active Directory). In an effort to ‘recreate’ it, I ran the ‘Microsoft Azure Active Directory Connect’ and went to ‘Customise the Synchronisation Options’. Â Unfortunately I got this error; The forest {forest-name} cannot be added...
VMware Edge Gateway VPN to Cisco ASA
KB ID 0001658 Problem I was asked to setup a VPN to help out a colleague this week. When I had a look, one end turned out to be an Edge Gateway, I wasn’t that concerned, I’d done similar things in my prior role, I just didn’t have access to the vCloud or VMware at this datacenter. Depite my best efforts on the ASA, the tunnel refused to come up, it took a little looking ‘under the covers’ to accurately...
Adding Duo 2FA to Microsoft ADFS
KB ID 0001656 Problem I did a Duo run through a few weeks ago, and to be honest their documentation is usually pretty good. I was spinning this up as a PoC for a client so I thought I’d put my take on the procedure here. ADFS Duo Pre-Requisites I already have a Duo Authentication Proxy server setup and my users are enrolled, you will need to set this up first. See the following article; Duo: ADSync and Enroll Users via SMS Log...
PowerShell: Disable MFA For All O365 Users
KB ID 0001655 Problem If you have something boring/repetitive to do then Powershell is your friend! I needed to do this for a client that’s replacing their Office365/Azure AD MFA (Multi Factor Authentication) with Duo. Solution Connect to your Microsoft Services Online, i.e. Office365/Azure, using your administrative credentials with the following command; Connect-MsolService Then (Note: I’ve got more than 1000 users so I...
Group Policy: Item-Level Targeting
KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...
Configuring Cisco HSRP
KB ID 0000946Â Problem Cisco HSRP: Normally your client machines have one route off the network, (their default gateway). But what if that goes down? HSRP aims to solve this problem by assigning a ‘Virtual IP address’ to your default gateway (or default route). So that IP can be shared amongst two or more possible devices (routers, or layer 3 switches). Above, we have a client 192.168.1.10 that has two possible routes off...