Wednesday, November 15, 2017

How to prevent an RDS (Terminal Services) Server from prompting you for credentials before logging in.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer value from 1 to 0 does indeed allow the user to change their expired password on Windows Server 2012 R2. I also found that, as an alternative, leaving the SecurityLayer value set to 1 but changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MinEncryptionLevel value from 3 or 2 to 1 also allows the user to change their expired password.

Wednesday, October 18, 2017

How to mount a VMDK in Linux Mint / Ubuntu

This took way too much googleing.  This is what worked-

sudo su
losetup /dev/loop0 <vmdk file>
kpartx -av /dev/loop0
mkdir /mnt/vmdk
mount /dev/mapper/loop0p1 /mnt/vmdk

If loop0 comes back as busy, use another one like loop5.

Thursday, August 3, 2017

How to configure Exchange 2013 to Rest the Out of Office to send an email every day instead of once-

Here is how you set up Exchange 2013 to send an Out of Office Response Daily instead of just once-

1) Create a folder on your Exchange server.  For Example, C:\ExchangeOOOReset.

2) Open Notepad and enter the following-
$enabled = get-mailbox -resultsize unlimited |get-mailboxautoreplyconfiguration | where {$_.autoreplystate -eq "enabled"} | select identity,autoreplystate

$enabled | foreach-object {
 set-mailboxautoreplyconfiguration $_.identity -autoreplystate "Disabled"
 set-mailboxautoreplyconfiguration $_.identity  -autoreplystate $_.autoreplystate
 }

3) Save the file as OOOReset.ps1, save it in C:\ExchangeOOOReset.  Make sure you select "All Files" so it doesn't add .txt to the files.

4) Open Task Scheduler, click Create Basic Task.

5) Name it, ExchangeOOO, click Next, Next, select the time of day it should reset, Next, Start a Program.

6) Under Program/Script-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

7) Under Add Arguements-
-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\ExchangeOOReset\oooreset.ps1"

That's it!

Tuesday, June 6, 2017

How to Secure ECP on a Single Exchange 2013/2016 Server

You do not want ECP accessible from the internet.  Here is an easy way to resolve this.  Note, if you do not have a wildcard cert you will get an SSL error.  Do not create an EXTERNAL dns record for this or you will re-enable ECP to the internet.

In my example-
Server Name- ExchSRV1
Default web site- Default Web Site
New ECP Site- InternalECP
Domain Name- contoso.com
New ECP URL- ecp.contoso.com

1) Go into IIS, right click on Sites, Add Website.  

Name- "InternalECP"
Physical Path- "C:\inetpub\wwwroot2"
Binding, Type- https
IP address- All Unassigned,
Port- 443 (Feel free to use another port for added security.)
Host Name- "ecp.contoso.com"

2) On your DNS servers, make a DNS A record for "ecp.contoso.com" pointing to your exchange server IP address.

3) Open the Exchange Management Console and enter the following commands-

New-EcpVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

New-OWAVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

4) Test that you can log into the new url and get into ECP.

5) Enter the following to disable ECP on the main site-

Set-EcpVirtualDirectory -identity "ecp (Default Web Site)" -AdminEnabled $false


Monday, June 5, 2017

"Adam's List" - Best Businesses I've deal with in Brighton, CO

Electrician

Quynmlectric, Inc.
644 N. 7th Ave. #1 Brighton, CO 80601
Phone: (303) 835-2258
http://www.quynnlectric.com/

Quynnlectric doesn't shy away from the small jobs.  I needed an electric service upgrade.  I had other companies flat out refuse to do it, or quote me exorbitant prices.  Quynnlectric gave a fair price, communicated their availability, and even called me the day before to ensure I knew they were coming and what to expect.  These guys are great!

Roofing

Paramount Enterprises
992 S. 4th Ave., Suite 100 # 116  Brighton, CO 80601
Phone: (303) 659-3735
http://paramountroofingandgutters.com/

Paramount earned my business by coming out and replacing shingles for a few hundred bucks.  No other company would take a small job like that.  They did a new roof for us, at a very fair price.  They were fast and professional.

Plumbing, Heating & Air

FixIT 24/7
12061 Pennsylvania St #105  Thornton, CO 80241
Phone: (303) 659-3400
https://www.fix-it24.com/

FixIT is a good company that publishes there rates up-front.  They replaced my furnace and did a good job.  They also snaked out a drain and gave me a coupon price that I didn't even know about.

Fireplace Service & Repair

A Brighter Glow
Phone: (303) 655-9595
http://www.abrighterglow.com/

A Brighter Glow did a wonderful job servicing our gas fireplace.

Garage Doors

Alpha Door Systems
212 Mesa St  Brighton, CO 80601
Phone: (303) 210-9893
http://www.alphadoorsystemsinc.com/

When a spring broke on my Garage Door, these guys did a great job.


Friday, May 12, 2017

Add Second NIC to Ubuntu Server

1) Type- dmesg | grep enp

2) Look for your network adapters, you'll see you're primary one (enp1s0) - look for the second one.  In my case in was enp2s0.

3) Type- sudo nano /etc/network/interfaces and add the following (using the name of your adapter you found in step 2)
For DHCP-
auto enp2s0
iface enp2s0 inet dhcp

For Static ip-
auto enp2s0
iface enp2s0 inet static
        address 192.168.0.3
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-search example.com
        dns-nameservers 8.8.8.8 4.2.2.2


Ubuntu Server Command-line black screen instead of login, Intel Graphics Media Accelerator (GMA) 3600

I bought this cool little MITXP D2500CCE, basically a tiny little Intel Atom PC with dual nics with the intention on loading Debian on it.  All I got was a black screen after the initial boot.  I loaded Ubuntu Server (16.04) and same thing.  Since I installed SSH, I SSH'd in and dug around.

It took me a near eternity to figure out the solution.  So in the interest in saving you an eternity, here's what fixed it-

Type-
sudo nano /etc/default/grub

Change-
GRUB_CMDLINE_LINUX_DEFAULT=""
to
GRUB_CMDLINE_LINUX_DEFAULT="video=LVDS-1:d"

Hit Control X, save the file.

Type-
sudo update-grub
sudo update-grub2

sudo reboot

That's it!  :)

Wednesday, January 25, 2017

Troubleshooting Windows Server Account Lockouts when the Security Log Fails You

Many times, you may encounter a windows domain account that rapidly locks out.  You've enabled auditing and used tools to evaluate the security log.  And you come up with something like-

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: adam1115
Source Workstation:
Error Code: 0xC0000234


Great!  I'll head right over to the blank source workstation and check it out.  One option is to find out what domain controller is locking it out and enable verbose logging of the netlogon service.

Open up the command prompt as administrator and run the following-

nltest /dbflag:0x2080ffff

Then once the account locks out again, open the log file as administrator (I do it from the same command prompt)-

notepad c:\windows\debug\netlogon.log 

You will see each logon attempt and which machine is generating them.  To turn off the debuging, type the following-

nltest /dbflag:0x0


In Exchange, you can check the IIS logs and device statistics-

Get-ActiveSyncDeviceStatistics -Mailbox <Mailbox Name> | ft DeviceType, DeviceUserAgent, LastSuccessSync