Cisco ASA No Debug Output?
KB ID 0001477 Problem I see this get asked in forums A LOT, typically the poster has another problem they are trying to fix, someone has asked them to debug the problem and they cant see any debug output. Solution Firstly you need to understand what logging is, and how debugging fits within it. (Bear with me, this is good knowledge to have). The firewall saves logs in syslog format, and there are 8 Levels of logs, the one with the...
ASA Connection Error: ‘The First Key-Exchange Algorithm’
KB ID 0001476 Problem When attempting to connect to a Cisco ASA firewall via SSH you see the following error; The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1, which is below the configured warning threshold. Do you want to continue with this connection? Clicking ‘Yes’ will let you connect. Solution When connected, execute the following commands; conf t ssh key-exchange group...
PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...
Unable to Access ASDM – “Unable to launch device manager from…”
KB ID 0000915 Problem A colleague of mine was trying to connect to a firewall via ASDM last week, and was greeted by an error like this. Now this is a pretty standard error, and usually means you haven’t been allowed access, or there isn’t a firewall at that address, but in this case I knew that a) he did have access, b) that was the correct IP address, and c) it worked fine on my machine, so it was setup correctly. As I...
VMware vSphere Hot Add and Hot Plug
KB ID 0000527 Problem I was trying to hot add some memory to a VM the other day, and found the option grayed out. Normally I’d just down the VM, add the memory, then bring it back up. But it was a production server and I was pretty sure the OS supported it. A quick Google search told me why it was grayed out, but it also transpired there was little to no information on what version of Windows hot add and hot plug would work...
Connecting to and Managing Cisco Firewalls
Also see “Allow Remote Management” KB ID 0000075 Problem To connect to and manage a Cisco firewall you need three things, To be in possession of a password, (and in some cases a username). Have the ‘Method of Access granted to you’ (or have physical access to the firewall). Know a ‘Method of Access’ to the firewall for management. Cisco Firewall Passwords Unless your firewall is brand new (in which...
VMware: Creating a Storage Encryption Policy
KB ID 0001471 Problem This is essentially part-two of deploying encrypted virtual machines, in a vSphere VMware (6.5 and above) environment. Back in part-one we deployed a KMS server and registered it with vCenter. Now we will create a storage policy that enforces encryption, then apply that policy to a virtual machine. Solution While logged into vCenter > Home > Policies and Profiles > VM Storage Policies > Create VM...
VMware vSphere Virtual Machine Encryption
KB ID 0001470 Problem Other that learn this for an exam I’ve never had to deploy this in anger. So when I heard we had a customer at work who wanted to take a look at it I was quite keen to take a look. To encrypt a VM you need to have an additional KMS (Key Management server) which VMware do not provide. They do provide a list, so theres no point me posting a list that will be out of date in a couple of weeks. Our client...
PowerShell: Bulk Enable / Disable Users
KB ID 0001469 Problem I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up. Disable Domain Users in Bulk from CSV Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually; Then execute the following two commands; Import-Module ActiveDirectory ...