Reboot, press e.
Add- rw init=/bin/bash to the Linux command, press F10
mount -o remount, rw /
To reset pw-
passwd
To unlock-
/sbin/pam_tally2 -r -u root
umount /
reboot -f
Thursday, October 3, 2019
Wednesday, July 3, 2019
Cisco Anyconnect, users intermittently do not have DNS Resolution
Cisco Anyconnect, users intermittently do not have DNS Resolution-
This is the bug, CSCtf20226 and CSCtz86314. You can work around it by bypassing IPv6.
Under the group policy for the VPN-
client-bypass-protocol enable
This is the bug, CSCtf20226 and CSCtz86314. You can work around it by bypassing IPv6.
Under the group policy for the VPN-
client-bypass-protocol enable
Wednesday, May 15, 2019
Cisco ASA ASDM IDM Launcher Won't Run on Windows 10 "this app can't run on your pc"
Go to Start, Cisco ASDM-IDM Launcher, right click the launcher and go to Open file location.
Right Click on the Shortcut and go to Properties. In the Target Field, you'll see a long path to wscript.exe. Change this to C:\Windows\System32\wscript.exe note - leave everything else alone including the invisible.vbs run.bat on the end as these scripts are used to open up ASDM.).
Right Click on the Shortcut and go to Properties. In the Target Field, you'll see a long path to wscript.exe. Change this to C:\Windows\System32\wscript.exe note - leave everything else alone including the invisible.vbs run.bat on the end as these scripts are used to open up ASDM.).
Tuesday, April 2, 2019
How to disable TLS 1.0 and TLS 1.1 on ASA
ssl server-version tlsv1.2 ssl cipher tlsv1.2 custom "ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256" ssl cipher dtlsv1 custom "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA" ssl dh-group group14
Then go to https://www.ssllabs.com/ssltest to test.
Friday, March 22, 2019
Web Management Service (WMSVC) Won't Start, Exchange Update Fails, Event ID 1007
You may notice this installing and Exchange 2013/2016 CU, you get-
Error:
The following error was generated when "$error.Clear();
$keyPath = "HKLM:\Software\Microsoft\WebManagement\Server";
if (!(Get-Item $keyPath -ErrorAction SilentlyContinue))
{
New-Item $keyPath -Force
}
Set-ItemProperty -path $keyPath -name "EnableRemoteManagement" -value 0x1 -Type DWORD -Force;
if (Get-Service WMSVC* | ?{$_.Name -eq 'WMSVC'})
{
Set-Service WMSVC -StartupType Automatic
Stop-SetupService -ServiceName WMSVC;
Start-SetupService -ServiceName WMSVC
}
" was run: "Microsoft.Exchange.Configuration.Tasks.ServiceDidNotReachStatusException: Service 'WMSVC' failed to reach status 'Running' on this server.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
You may see Event ID 1007 in the Event Log-
The description for Event ID 1007 from source Microsoft-Windows-IIS-IISManager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
IISWMSVC_STARTUP_UNABLE_TO_READ_CERTIFICATE
Unable to read the certificate with thumbprint 'a86cfd8dfd664487ae20e3a5fbcc5e762cf6f1ea'. Please make sure the SSL certificate exists and that is correctly configured in the Management Service page.
This may be because you are missing the WMSVC Certificate.
To resolve, open IIS, click on the server name on the left, click "Server Certificates"-
Click "Create Self-Signed Certificate", Specify the name "WMSVC", Hit OK.
Click on Management Service.
Change the "SSL Certificate" to WMSVC. Click Apply. Start the Web Management Service.
Error:
The following error was generated when "$error.Clear();
$keyPath = "HKLM:\Software\Microsoft\WebManagement\Server";
if (!(Get-Item $keyPath -ErrorAction SilentlyContinue))
{
New-Item $keyPath -Force
}
Set-ItemProperty -path $keyPath -name "EnableRemoteManagement" -value 0x1 -Type DWORD -Force;
if (Get-Service WMSVC* | ?{$_.Name -eq 'WMSVC'})
{
Set-Service WMSVC -StartupType Automatic
Stop-SetupService -ServiceName WMSVC;
Start-SetupService -ServiceName WMSVC
}
" was run: "Microsoft.Exchange.Configuration.Tasks.ServiceDidNotReachStatusException: Service 'WMSVC' failed to reach status 'Running' on this server.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
You may see Event ID 1007 in the Event Log-
The description for Event ID 1007 from source Microsoft-Windows-IIS-IISManager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
IISWMSVC_STARTUP_UNABLE_TO_READ_CERTIFICATE
Unable to read the certificate with thumbprint 'a86cfd8dfd664487ae20e3a5fbcc5e762cf6f1ea'. Please make sure the SSL certificate exists and that is correctly configured in the Management Service page.
This may be because you are missing the WMSVC Certificate.
To resolve, open IIS, click on the server name on the left, click "Server Certificates"-
Click "Create Self-Signed Certificate", Specify the name "WMSVC", Hit OK.
Click on Management Service.
Change the "SSL Certificate" to WMSVC. Click Apply. Start the Web Management Service.
Wednesday, March 6, 2019
Fixing Journal Wrap (JRNL_WRAP_ERROR) on a second DC (FRS)
1. Expand "HKLM\System\CurrentControlSet\Services\NtFrs\Parameters"
2. Change value for "Enable Journal Wrap Automatic Restore" from 0 to 1. If the DWORD Value does not exist, create a new one with the exact spelling as above, including spaces but without the quotes.
3. Stop the NTFRS Service (open a command prompt and type "net stop ntfrs"
4. Start the NTFRS Service (net start ntfrs)
5. Monitor the File Replication Service Event Logs for events:
• 13553 – The DC is performing the recovery process
• 13554 – The DC is ready to pull the replica from another DC. • 13516 - At this point go to step 6. (the problem is resolved if you receive this event) 6. Using a command prompt type: "net share" and look for the Netlogon and Sysvol Shares to appear. The error is only fixed after the Domain Controller receives the new SYSVOL replica from a peer Domain Controller. This may take a period of time depending on where your peer DC is located and on bandwidth. 7. Change value for "Enable Automatic Restore" from 1 to 0.
• 13554 – The DC is ready to pull the replica from another DC. • 13516 - At this point go to step 6. (the problem is resolved if you receive this event) 6. Using a command prompt type: "net share" and look for the Netlogon and Sysvol Shares to appear. The error is only fixed after the Domain Controller receives the new SYSVOL replica from a peer Domain Controller. This may take a period of time depending on where your peer DC is located and on bandwidth. 7. Change value for "Enable Automatic Restore" from 1 to 0.
Tuesday, March 5, 2019
How to bypass 12 second timeout on AnyConnect
1) Open ASDM.
2) Go to Configuration, Remote Access VPN, AnyConnect Client Profile.
3) Click Add, name it, select the group policy that is tied to your anyconnect VPN.
4) Click on Preferences Part 2, Scroll to the Bottom, change the Authentication Timeout to 60.
5) Click Server List, Click Add, enter the FQDN of the VPN under Display Name and FQDN.
6) Click OK, Save.
2) Go to Configuration, Remote Access VPN, AnyConnect Client Profile.
3) Click Add, name it, select the group policy that is tied to your anyconnect VPN.
4) Click on Preferences Part 2, Scroll to the Bottom, change the Authentication Timeout to 60.
5) Click Server List, Click Add, enter the FQDN of the VPN under Display Name and FQDN.
6) Click OK, Save.
Subscribe to:
Posts (Atom)