Exchange Server Authentication Failure Bad GPO

Had an issue with Exchange 2016 CU14 not allowing users to login, but administrators could login just fine.

Turns out the policies on the server were corrupted, and a full reset needed to be done to fix the issue.

Move Exchange Computer account to OU with Blocking Inherritance

RUN: RD /S /Q “%WinDir%\System32\GroupPolicyUsers”
RUN: RD /S /Q “%WinDir%\System32\GroupPolicy”
RUN: GPupdate /force
RUN: secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

TEST you can connect to OWA ECP Outlook…  it should work 🙂

Move your Exchange server Back to its normal out, then execute “gpupdate /force”

Confirm it still works, if not fix your Group Policies.

Maybe its this problem?

1.Click on Start/Run type secpol.msc.

2.Click OK

3.Expand Local Policies -> Click on User Rights Assignment

4.In the right pane double click Access this computer from the network.

5.Click Add user or Group ->Type in Authenticated Users (by default only Administrators is entered)

6.Click Ok -> Click Ok

That should do it. You may need to reboot.

Windows Packet Capture

You can capture packets without using the installed version of Wireshark, but you still need to be an admin of the system.

If you want to capture just a specific IP, you can use the below, if not you can take out the IP address part

netsh trace start capture=yes IPv4.Address=X.X.X.X

Once your complete you can stop it

netsh trace stop

Then take Both the CAB and ETL files, you can then open with Microsoft Message Analyzer.

You can then Export them to a cab file.

Dell N Series Switch Port Mirror

Need to Monitor some Traffic with Wire shark?

First, set the port you are sending the traffic to have no config

Then setup the configuration:

monitor session 1 source vlan 25 rx
monitor session 1 destination interface Gi1/0/10
monitor session 1 mode

NOTE: The last line enables the monitor session, you can disable it by using the No command in front

Centos 7 Add Space VLM

First check to see if you need to add a new Virtual Disk, or if you can just increase the current Virtual disk

Login to the VM and look at this command

fdisk -l

If you already have 4 separate Partitions, you will need to add a New Virtual Disk, Otherwise you can increase the current size, and we’ll add a new LVM Partition to the new space thats added.

Make Linux Find the new space

You NEED to do this as the Root user. So ‘sudo su -‘

If you expanded the existing disk

echo 1 > /sys/block/sda/device/rescan

If you added a new disk

ls /sys/class/scsi_host/

Depending on what your host is, adjust the next command as needed

echo “- – -” > /sys/class/scsi_host/host0/scan

Create the new Parition

Once the rescan is completed, verify you see the new disk, or the new size

fdisk -l

Now we will go into fdisk for the disk that needs the changes, either the free space on the original disk, or the new blank disk

fdisk /dev/sda

enter ‘n’ to create a new partition

enter ‘p’ for a primary partition

enter the partition number that is one higher then the current highest one

First cylinder should default to the first available one in free space

Last Cylinder should default to the last available one in the free space

Now you need to tell it what type of partition it is

enter ‘t’

enter the partition number you just created (eg 4)

the Hex code for VLM is ‘8e’ you can verify that by entering ‘L’

enter ‘q’ to wright the configuration to the disk

Rescan partition table for linux to find the updates

partprobe -s

Sometimes that doesn’t work and you need to do

partx -v -a /dev/sda

Check your work

fdisk -l

You should now see an additional partition you just made (eg /dev/sda4)

Create the Physical Logical Volume

Note, i’ll be using /dev/sda4, be sure to use the correct one you made

pvcreate /dev/sda4

You should see it was created, now find our your Volume Group name


Now add the Physical volume to the Volume Group

vgextend cl /dev/sda4

Check your work


Now you can extend your Logical Volume (eg var) to use the space thats available on the new Physical volume you added. Use lvdisplay to see what the name is.

lvextend /dev/cl/var /dev/sda4

Extend the File system

Assuming your using XFS:

xfs_growfs /dev/mapper/cl-var

If your using EXT:

resize2fs /dev/mapper/cl-var

Free VMware Encryption – Bitlocker

You have a requirement for Full Disk Encryption, but have no Budget (like with all other IT related items)
Its free and Easy.
This is assuming your system is standalone and you have full control of the vCenter Server, cluster, and storage. Also assumes you know what your doing and take responsibilities for your own actions.
Some changes would need to be made if integration of AD.

  1. Set Encryption settings and policies
      • Run gpedit.msc
      • Click on Computer Configuration –> click Administrative Templates –> click Windows Components –> click on Bitlocker Drive Encryption.
      • Modify “Choose drive encryption method and cipher strength” and set it to Enabled, AEC 256-bit (Do the same for the Vista, 2008, 7 & 2008R2 entry if using older version)
      • Click OK to save
      • Click on Operating System Drives
      • Modify “Require Additional Authentication at Startup”
        • Set to Enable:
        • Allow BitLocker without compatible TPM (requires…….)
        • Leave the rest at defaults
        • Click OK
      • Modify “Choose How BitLocker-protected operating system drives can be recovered
        • Allow data recovery agent
        • Omit recovery options from BitLocker setup wizard (everything should be done command line anyway)
        • Save BitLocker recovery information to AD DS for Operating system drives
        • Do not enable BitLocker until recovery information is stored in AD DS for Operating system drives
      • Navigate Back to BitLocker Drive Encryption –> Fixed Data Drives
      • Modify “Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
        • Enable
        • Leave checkbox unchecked for “Do not install BitLocker…”
        • Click OK
      • Modify “Configure use of passwords for fixed data drives”
        • Enable
        • Click OK
      • Modify “Choose how BitLocker-protected fixed drives can be recovered
        • Enable
        • Check “Allow data recovery agent”
        • Check “Omit recovery options from the BitLocker setup wizard”
        • Check “Do not install BitLocker…”
        • Click OK
      • Close gpedit.msc
  2. Create Virtual Floppy drive in Vmware
    • Connect to vSphere web server (using the old Flash one as of 6.5 works, the HTML5 doesn’t have the floppy options)
    • Shutdown the VM
    • Add a Floppy drive to the VM, Creating a New Image and saving it on your data-store (somewhere you feel safe storing the keys) MAKE SURE YOU HAVE IT SET TO CONNECT AT POWER ON.
    • Set the VM to go into the BIOS at next power on
    • Power on the VM, it should go into the BIOS config automatically
    • Change the Boot Order to Hard Disk First (move the Removable media below the hard drive)
    • Save and exit the BIOS and let windows boot normally.
    • Once in Windows you will need to “Format” the A: Drive, you can just right click on it, select Format, and accept the default values.
  3. Enable the Encryption
    • Login to Windows with admin account
    • Open Command prompt with Elevated Administrative rights
    • The Following command will Create the keys and instruct Windows to save the Key to the A: drive, and Display the Recovery password to you.
      • manage-bde.exe –on C: -rp –sk A:
    • If your hard disk is Thin Provisioned and not Think Provisioned, you will need to use this command
      • Option:manage-bde.exe –on C: -used -rp –sk A:
    • TAKE NOTE OF THE RECOVERY PASSWORD YOU RECEIVE ON SCREEN AFTER RUNNING THE ABOVE COMMAND. You will need this if your Floppy image ever gets lost/corrupted/etc.
    • You will need to reboot windows to get the initial Test completed so it can start encrypting your Disks.
    • Windows should boot up normally.  Log into windows
    • Windows will automatically start the encryption process after a minuet or so. Run this command to Monitor its progress.
      • manage-bde -status
    • You should see the Percentage increase as it goes.  Also Verify you see External Key & Numerical Password under the “Key Protectors”
    • That’s it. Just keep that Recovery key handy, you will need it one day.  Two Different Locked Draws at Two different buildings is best.
  4. Enable Encryption for Secondary hard drives.
    • If your C drive is already encrypted, this process is fairly smooth. This Example the Second drive is letter “E”
    • Login to Windows, Verify the C drive is 100% encrypted
      • manage-bde -status
    • The Following command will Create the keys and instruct Windows to save the Key, and Display the Recovery password to you, as well as start the Encryption Process.
      • manage-bde.exe –on E: -rp
      • If you have Thin provisioned hard drive
      • manage-bde.exe –on E: -used -rp
    • TAKE NOTE OF THE RECOVERY PASSWORD YOU RECEIVE ON SCREEN AFTER RUNNING THE ABOVE COMMAND. You will need this if your key ever gets lost/corrupted/etc.
    • Then you need to set it to Auto unlock so you don’t have to manually enter that password
      • manage-bde.exe -autounlock E: -enable
    • This will create an ‘External Key’ that is stored on your C drive (which is encrypted) that is used to decrypt the drive when the server boots.
    • Monitor the progress
      • manage-bde -status
    • It should go to 100% Encrypted.
    • Verify you see External Key & Numerical Password under the “Key Protectors”
    • Also Verify Automatic Unlock shows Enabled.
  5. Keep Those Floppy Images safe.  One way would be to put them on a ‘nas’ that has a NFS share, only accessible from the IP(s) of the ESXi servers.  The NAS is located in a different area of your building, and then is backed up/snapshots & replicated to another Building