Windows Server 2022 DC shows in Private Network Instead of Domain

Windows Server 2022 DC shows in Private Network Instead of Domain

Open Regedit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc, edit DependOnService, add netlogon.

SQL Windows Firewall

I set up a lot of SQL servers. Here are the powershell commands to allow the sql ports. Please don't be 'that guy' who shuts off the firewall.

New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow

New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434 -Protocol UDP -Action Allow

You can also do it with netsh in DOS.

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT

How to set up a Site to Site VPN on AWS to your firewall

 AWS VPN-

1) First you need a "VIRTUAL PRIVATE GATEWAY"- this is the connection to the on-prem firewall. Use the amazon default ASN, that doesn't matter. Once you create it, attach it to the VPC. You only need one of these for all VPNs.

2) Next you go to Customer Gateways, don't worry about the BGP stuff. IP address is your firewall IP. Leavn certification blank.

3) Go into site-to-site VPN connections, create it and tie it to your virtual private gateway, select your existing customer gateway you created, set the routing option to static, static IP prefix is your remote lan. Leave local and remote IPv4 blank.

4) You will need to add routes in the route table. Create a route, point it to Virtual Private Gateway and select the gateway. 

5) You will need to allow access in the security groups from your on premise servers.

6) Once it completest, click download configuration to get the info for the local firewall.

Adding Users to Send to group but still receive

 First, make sure you have Advanced Features checked under the View menu. Then, open up the distribution group’s properties, and go to the Attribute Editor tab.

And here is the list of attributes you can update to meet your needs.

    authOrig – only these users can send to the distribution group
    unauthOrig – anyone but these users can send to the distribution group
    dLMemRejctPerms – anyone but members of these distribution groups can send to this distribution group
    dLmemSubmitPerms – no one but members of these distribution groups can send to this distribution group

Running IPerf on a point to point connection to test connection speed

iperf is a utility that (among other things) allows you to test the speed between two devices. I often use it to test communication over a site-to-site VPN or point-to-point circuits.

Download iperf-
https://iperf.fr/

Server Side-
    iperf3 -s-i 1

Client Side-
    iperf3.exe -c 172.30.250.25 -w 1025kb -P 10 -i 4

-s Server
-c Client
-w window size, optional, but reducing window size requires less CPU.
-i Sets the console output interval, -i 1 updates every 1 second
-P is the number of processes - each is good for about 50 Mbps. So for 200 Mbps you'd want -P 4

VMware Troubleshooting

Equalogic MEM - Multipathing Extension

Check VMware Version-
vmware -vl

Show Nics-

esxcfg-nics -l

Check SCSI Drives-

esxcfg-scsidevs -a

Firmware-
esxcli network nic get -n vmnic0 (NIC Version)
vmkload_mod -s lsi_mr3 | grep Version (SCSI Version)

Logs-
 /var/run/log

Scrolling installation with vreplication- 

1. SSH to the vSphere Replication appliance.

Disable automatic VIB installation and stop the looping installs:
    /opt/vmware/hms/bin/hms-configtool -cmd reconfig -property hms-auto-install-hbragent-vib=false

2.Then validate the particular VIB using the below command:
    esxcli software vib list | grep hbr

3. After this, Try restarting the HMS service using the below command.

service hms restart 

Azure AD Connect Incorrect Version of TLS

 

On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.

Reboot

How to create a "Mail User" that is synced from Active Directory (ADSync) (Mail Enabled Object) in Office 365

Creating Mail-Enabled Objects-

Filter: objectClass = user & objectClass = contact

Mandatory Attributes:
mailNickname: This attribute is the alias to the mailbox.

displayName: This attribute is the text that is the readable name that represents you for mail delivery, and also in the address book.

targetAddress: This attribute is the e-mail address to which you want to redirect the mail. This attribute is formatted like the proxyAddresses attribute, where there is a prefix that defines the address type, for example, "SMTP:gyip@microsoft.com".

How to determine which server is hosting Azure AD Connect (Sync) - The easy way

 In ‘Active Directory Users and Computers’ > Search for MSOL > This should display the GSMA (Group Managed Service Account) that is used to run the service* > In the account properties > on the Description attribute, scroll to the right and you should see the Computer/Server that the service was installed on.

SYSVOL and NETLOGON Shares Missing on New DC

 If you need to FORCE sysvol and netlogon to be shared for a down domain controller, you can add this registry key. You should figure out why your replication is broken, but this will force it onling.

 - Login to your Domain Controller that’s having the issue
 - Open Regedit
 - Browse to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 - Set SysVolReady from 0 to 1