 Marc Pauls
| Marc Pauls 7 November 2023 14:14:20https://vninja.net/2022/08/08/expired-vmware-vcenter-7-certificates/ https://kb.vmware.com/s/article/76719 https://vkasaert.com/2023/02/13/expired-vcenter-certificates-how-to-get-back-in-the-game/ to investige or expired certificates use: for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done; restarting services with: service-control --stop --all && service-control --start --all in rare cases use "lsdoctor": python lsdoctor.py --stalefix and python lsdoctor.py --trustfix (depending what python "lsdoctor.py -l" shows) also "fixsts" may help Comments Disabled Marc Pauls 15 November 2022 10:57:49on the DC where the update was installed just state: reg add "HKLM\SYSTEM\CurrentControlSet\services\kdc" /v ApplyDefaultDomainPolicy /t REG_DWORD /d 0 /f Comments Disabled Marc Pauls 23 October 2022 12:47:53After investigating several hours why the HEI installation in version 12.0.1 hangs after entering the server names I found out that the note at the end of the article https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0094809 where is stated "You may also need to verify if the .bash_profile for root and notes user has been set as per the KB0088565" should be taken seriously and the environment variables in the NOTES user profile should be set up correctly. Comments Disabled Marc Pauls 11 April 2022 09:33:51When working with IPSec on LANCOM routers you might need to create IPv4 rules / rulesets to manage SAs between you and the remote site. Always take care not to name the ruleset equal to any rule! In case you did you will see that the single IPv4 rule will be used instead of the ruleset where the rule is included. LANCOM should prevent the double naming conditions in its firmware. Comments Disabled Marc Pauls 1 January 2022 13:17:06For everyone wondering why their on-premise Exchange Server doesn't deliver any mails anymore - there is a kind of a year 2022 problem :). You may suddenly see an error from "FIPFS" (error code 5300) in your event log stating "can't convert 2201010001 to long". For a quick workaround: start the Exchange Management Shell cd $exscripts .\Disable-AntimalwareScanning.ps1 restart the MSExchangeTransport service by: net stop msexchangetransport net start msexchangetransport Dear Microsoft: signed int32 max value can only be 2.14... * 10^9 - and 2147483647 < 2201010001 :-D Looking forward for a Hotfix published my Microsoft. HNY 2022! Comments Disabled Marc Pauls 14 October 2021 22:52:55As the AR4050S determines all IKE-IDs with an "@" in it as FQUN and without an "@" as FQDN in its IPsec implementation it was difficult (especially with the Mac client where no expert mode exists) to establish a proper connection without much handwork if you want to use usual usernames that are not email addresses. Now NCP released a new client plugin in their SEM that has the possibility to define the FQDN or FQUN manually (in the client template or delegated to the client itself). This makes it finally possible to use the NCP client together with the great firewall products of Allied Telesis in a perfect way without the need of any strange OpenVPN clients. Both together - the NCP Client and the AR4050S firewall - let you build a solid and reliable VPN login platform for your business. The outstanding performance in IPsec routing in comparison to other competitors makes this combination an excellent solution for a secure access to your company network. Thank you NCP for the excellent job! Comments Disabled Marc Pauls 7 October 2021 11:56:36After promoting a Windows Server to a DC you can't access the desktop icon menu anymore. Workaround: desk.cpl ,,5 Comments Disabled Marc Pauls 13 June 2021 20:10:51worked perfect... Comments Disabled Marc Pauls 24 April 2021 08:35:23Am 22./23.04.2021 war die Thüringer Schulcloud bzw. der dortige Login-Bereich nicht von allen Anschlüssen erreichbar. Grund dafür war eine aktivierte DDoS-Protection bei dem zuständigen Hoster 1&1 IONOS. Dort wurden ganze Netzbereiche vorsorglich gesperrt, von denen man meinte sie könnten eine "Gefahr" darstellen. Nach einiger Korrespondenz mit dem Support konnten wir nun ein Whitelisting zumindest unserer IP-Adressbereiche erwirken. Comments Disabled |
|