Wednesday, January 25, 2017

Troubleshooting Windows Server Account Lockouts when the Security Log Fails You

Many times, you may encounter a windows domain account that rapidly locks out.  You've enabled auditing and used tools to evaluate the security log.  And you come up with something like-

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: adam1115
Source Workstation:
Error Code: 0xC0000234


Great!  I'll head right over to the blank source workstation and check it out.  One option is to find out what domain controller is locking it out and enable verbose logging of the netlogon service.

Open up the command prompt as administrator and run the following-

 nltest /dbflag:0x2080ffff

Then once the account locks out again, open the log file as administrator (I do it from the same command prompt)-

notepad c:\windows\debug\netlogon.log 

You will see each logon attempt and which machine is generating them.  To turn off the debuging, type the following-

nltest /dbflag:0x0


In Exchange, you can check the IIS logs and device statistics-

Get-ActiveSyncDeviceStatistics -Mailbox <Mailbox Name> | ft DeviceType, DeviceUserAgent, LastSuccessSync
Posted by at No comments:

Wednesday, November 23, 2016

Using PSCP.EXE to transfer files from/to ASA on Windows

Lately I've been utilizing PSCP.EXE instead of TFTP on windows system to transfer files.

To enable-

ciscoasa(config)# ssh scopy enable

Then from your windows box-
pscp.exe asa921-k8.bin admin@192.168.0.1:disk0:/asa921-k8.bin

You can backup the config by doing-

copy running-config disk0:ASA112316.txt
pscp.exe admin@192.168.0.1:disk0:/ASA112316.txt ASA112316.txt

You get the added benefit of storing a copy on the device for future review.


Posted by at No comments:

Wednesday, August 24, 2016

How to upgrade Dell Server to latest Bios and Firmware with ISO for VMware or other non-windows servers

Dell keeps an up-to-date linux ISO image that you can boot with CD, USB, or Virtual CD.  Just go to-

https://dell.app.box.com/bootabler620

Note- simply replace the "620" with the appropriate model of your server.  620 would be for a PowerEdge R620.
Posted by at No comments:

Wednesday, April 13, 2016

Exchange 2013 in EMC you get he WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota.

I use a powersehell command to give a certain mailbox full control of all mailboxes.  In Exchange 2013's EMC, I started getting the following error-

Sending data to a remote command failed with the following error message: The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota.

I found some info on-line related to Exchange 2010, but to resolve this in 2013 with Windows 2012 was slightly different.

In a command line (not powershell)-
winrm get winrm/config

Look for this-
MaxEnvelopeSizekb = 2000

I upped it to 8000-  (Note, I had to use quotation marks)
winrm set winrm/config @{MaxEnvelopeSizekb="8000"}

              ୍୎

                                                                                                                     
Posted by at No comments:

Thursday, March 31, 2016

How to update file attachment size in Exchange 2013

To check-
get-transportconfig | ft maxsendsize, maxreceivesize
get-receiveconnector | ft name, maxmessagesize
get-sendconnector | ft name, maxmessagesize
get-mailbox Administrator |ft Name, Maxsendsize, maxreceivesize

To Fix-
Set-TransportConfig -MaxSendSize 50MB -MaxReceiveSize 50MB
Get-Mailbox | Set-Mailbox -MaxSendSize 50MB -MaxReceiveSize 50MB
get-transportconfig | Set-TransportConfig -maxsendsize 50MB -maxreceivesize 50MB; get-receiveconnector | set-receiveconnector -maxmessagesize 50MB; get-sendconnector | set-sendconnector -maxmessagesize 50MB; get-mailbox | Set-Mailbox -Maxsendsize 50MB -maxreceivesize 50MB

Posted by at No comments:

Tuesday, March 8, 2016

You can't get your Cisco ASA to work with CenturyLink's GPON DSL product on a cisco ASA 5506

So CenturyLink has a new product called GPON.  It is delivered via a DSL modem connected to an Adtran TA324 which is connected via Fiber to their backbone.  The service utilized PPPOE however I couldn't make this work to save my life.

Turns out, you have to tage VLAN 201.  On an ASA 5506 / 5512 this is how you do it-

interface GigabitEthernet1/2
 description Connection to Clink GPON DSL
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/2.201
 vlan 201
 nameif outside
 security-level 0
 pppoe client vpdn group Qwest
 ip address pppoe setroute

Posted by at 1 comment:

Thursday, March 3, 2016

You have one user who continuously gets "Outlook cannot log on. Verify you are connected to the network and using the proper server and mailbox name." with Exchange 2013

You have one user who continuously gets "Outlook cannot log on.  Verify you are connected to the network and using the proper server and mailbox name." with Exchange 2013.  Blowing away their outlook or even machine profile doesn't resolve it.



On the Exchange server, restart the Microsoft Exchange RPC Client Access service.
Posted by at No comments:
Subscribe to: Posts (Atom)