Bring up a VPN Tunnel From the ASA
KB ID 0001604 Problem A colleague was doing a firewall migration yesterday and I offered to sit in, in case he had any problems, one of the tasks was a VPN tunnel getting migrated, this is usually painless, (if you have control of both ends!) But in this case we didn’t, and it’s usually the case, when there’s VPN problems, the people at the {ahem} ‘less experienced,’ end of the tunnel tend to blame the...
PowerCLI: Connect-VIServer Certificate Errors
KB ID 0001603 Problem When attempting to connect to a vCenter or ESXi host, you see the following error; Connect-VIServer : {Date} {Time} Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship...
Group Policy Preferences and Client Side Extensions
Group Policy Preferences KB ID 0000389 Problem Group Policy Preferences (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the “Client side Extensions” (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way. From windows 7 onwards they are already installed....
Cisco ASA Site to Site IKEv2 VPN Static to Dynamic
KB ID 0001602 Problem Site to Site VPNs are easy enough, define some interesting traffic, tie that to a crypto map, that decides where to send the traffic, create some phase 1 and phase 2 policies, wrap the whole lot up in a tunnel-group, and you’re done! But there needs to be a ‘peer address’ in the crypto map, and if one end of the VPN is on DHCP that address is likely to change, so you cant supply that? The...
EVE-NG on VMware ESX Strange ARP Problems?
KB ID 0001601 Problem I use EVE-NG a lot, it’s an awesome tool. Also I’m lucky enough to have my own ESX servers, so that’s where it lives. I’ve noticed this problem before, but I’ve either given up, and done something else, or it’s manifested itself in an ‘odd’ way that I can work around. If you’re new to connecting EVE-NG to a live network you might want to read the following...
Windows Server: Stop Programs Auto Starting / Auto Running
KB ID 0001600 Problem I like to learn the keyboard shortcuts for these sort of things, (because developers will change the way things are done in the GUI). So in the good old days I simply ran msconfig, and located the offending software on the startup list and disabled it. Then that got removed and put in ‘Task Manager’, then that got removed. So I’m pulling a frowny face at Microsoft Developers for their lack of...
Management Framework 5.1 Update Not Applicable
KB ID 0001599 Problem Seen while attempting to install Microsoft Management Framework 5.1 on Server 2012 R2, (to upgrade PowerShell). Windows Update Standalone Installer The update is not applicable to your computer Solution Well in the the end it turns out I was being a doofus! I was installing W2K12-KB3191565-x64.msu which is for Server 2012 (Not Server 2012 R2!) Look a bit lower, you need Win8.1AndW2K12R2-KB3191564-x64.msu. The...
Adding Rights to Public Folders (Recursively)
KB ID 0001598 Problem After a recent Exchange migration (2007 > 2013 > 2016), I had problems with users not being able to see public folders, one user could see them all, (so I know they were present and correct, content wise,) but other users could not even see them. Normally in this situation I’d test them in Outlook Web App first, if they work there then look at Outlook, but Public folders just didn’t work in...
Adding a Windows Server 2019/2016 Domain Controller
KB ID 0001262 Problem Once upon a time, adding a domain controller that was running a newer version of the Windows Server family involved opening command line and schema prepping, and GP prepping etc. Now all this happens in the background when adding a 2019 domain controller and the wizard is doing the heavy lifting for you. Solution 2008 to 2019 Domain Controller 2008 to 2016 Domain Controller Obviously the server needs to be a...
Moving Certificate Services To Another Server
KB ID 0001473 Problem If you are retiring a CA Server, or there’s a problem with the server and you want to move Microsoft Certificate Services to another server, the procedure is pretty straight forward. BE AWARE: We are moving the CA Server Name , NOT the Server Name (FQDN), the two things are NOT the same, (you might have called them the same thing!) But a Certificate Authority has a name of its own, and that’s what we...