Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...
Unable to Access ASDM – “Unable to launch device manager from…”
KB ID 0000915 Problem A colleague of mine was trying to connect to a firewall via ASDM last week, and was greeted by an error like this. Now this is a pretty standard error, and usually means you haven’t been allowed access, or there isn’t a firewall at that address, but in this case I knew that a) he did have access, b) that was the correct IP address, and c) it worked fine on my machine, so it was setup correctly. As I...
VMware vSphere Hot Add and Hot Plug
KB ID 0000527 Problem I was trying to hot add some memory to a VM the other day, and found the option grayed out. Normally I’d just down the VM, add the memory, then bring it back up. But it was a production server and I was pretty sure the OS supported it. A quick Google search told me why it was grayed out, but it also transpired there was little to no information on what version of Windows hot add and hot plug would work...
Connecting to and Managing Cisco Firewalls
Also see “Allow Remote Management” KB ID 0000075 Problem To connect to and manage a Cisco firewall you need three things, To be in possession of a password, (and in some cases a username). Have the ‘Method of Access granted to you’ (or have physical access to the firewall). Know a ‘Method of Access’ to the firewall for management. Cisco Firewall Passwords Unless your firewall is brand new (in which...
VMware: Creating a Storage Encryption Policy
KB ID 0001471 Problem This is essentially part-two of deploying encrypted virtual machines, in a vSphere VMware (6.5 and above) environment. Back in part-one we deployed a KMS server and registered it with vCenter. Now we will create a storage policy that enforces encryption, then apply that policy to a virtual machine. Solution While logged into vCenter > Home > Policies and Profiles > VM Storage Policies > Create VM...
VMware vSphere Virtual Machine Encryption
KB ID 0001470 Problem Other that learn this for an exam I’ve never had to deploy this in anger. So when I heard we had a customer at work who wanted to take a look at it I was quite keen to take a look. To encrypt a VM you need to have an additional KMS (Key Management server) which VMware do not provide. They do provide a list, so theres no point me posting a list that will be out of date in a couple of weeks. Our client...
PowerShell: Bulk Enable / Disable Users
KB ID 0001469 Problem I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up. Disable Domain Users in Bulk from CSV Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually; Then execute the following two commands; Import-Module ActiveDirectory ...
Exchange and the LegacyExchangeDN Problem
KB ID 0001468 Problem Why do we have the Exchange LegacyDN? It’s a throwback, from a time when we had our users, and our mail users in different databases. Below you can see the ExchangeLegacyDN for this Exchange on-premises user; /O=First Organisation/OU=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn={something-user-specific} Who cares? Well they are still important, if you send an internal email (to someone...
Forward Mail From Exchange (On-Prem) To Office 365
KB ID 0001467 Problem WARNING: Do not do this, if you are carrying out a Hybrid migration to Office 365! I’ve been doing an On-Prem to Office 365 migration recently. It was a little unusual because the ‘on-prem’ Exchange was not in the clients domain. So rather than migrate all the mail to their domain, and them migrate it to Office 365 we chose to use a third party migration solution ODME (Quest On Demand Migration...
Office 365: Grant a User Full Mailbox Access to all Mailboxes
KB ID 0001466 Problem Obviously there are some security concerns about having a user with full mailbox access to all mailboxes! But that aside, I was using a third party Migration tool last week, and it needed to connect to every mailbox with full access rights to perform the migration. So this is how I did it; Solution Firstly you need to connect to your Office 365 tenant with PowerShell; Connect to Office 365 Exchange PowerShell Now...