Windows Server 2022 DC shows in Private Network Instead of Domain

Windows Server 2022 DC shows in Private Network Instead of Domain

Open Regedit, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc, edit DependOnService, add netlogon.

SQL Windows Firewall

I set up a lot of SQL servers. Here are the powershell commands to allow the sql ports. Please don't be 'that guy' who shuts off the firewall.

New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow

New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434 -Protocol UDP -Action Allow

You can also do it with netsh in DOS.

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT

How to set up a Site to Site VPN on AWS to your firewall

 AWS VPN-

1) First you need a "VIRTUAL PRIVATE GATEWAY"- this is the connection to the on-prem firewall. Use the amazon default ASN, that doesn't matter. Once you create it, attach it to the VPC. You only need one of these for all VPNs.

2) Next you go to Customer Gateways, don't worry about the BGP stuff. IP address is your firewall IP. Leavn certification blank.

3) Go into site-to-site VPN connections, create it and tie it to your virtual private gateway, select your existing customer gateway you created, set the routing option to static, static IP prefix is your remote lan. Leave local and remote IPv4 blank.

4) You will need to add routes in the route table. Create a route, point it to Virtual Private Gateway and select the gateway. 

5) You will need to allow access in the security groups from your on premise servers.

6) Once it completest, click download configuration to get the info for the local firewall.

Adding Users to Send to group but still receive

 First, make sure you have Advanced Features checked under the View menu. Then, open up the distribution group’s properties, and go to the Attribute Editor tab.

And here is the list of attributes you can update to meet your needs.

    authOrig – only these users can send to the distribution group
    unauthOrig – anyone but these users can send to the distribution group
    dLMemRejctPerms – anyone but members of these distribution groups can send to this distribution group
    dLmemSubmitPerms – no one but members of these distribution groups can send to this distribution group

Running IPerf on a point to point connection to test connection speed

iperf is a utility that (among other things) allows you to test the speed between two devices. I often use it to test communication over a site-to-site VPN or point-to-point circuits.

Download iperf-
https://iperf.fr/

Server Side-
    iperf3 -s-i 1

Client Side-
    iperf3.exe -c 172.30.250.25 -w 1025kb -P 10 -i 4

-s Server
-c Client
-w window size, optional, but reducing window size requires less CPU.
-i Sets the console output interval, -i 1 updates every 1 second
-P is the number of processes - each is good for about 50 Mbps. So for 200 Mbps you'd want -P 4

VMware Troubleshooting

Equalogic MEM - Multipathing Extension

Check VMware Version-
vmware -vl

Show Nics-

esxcfg-nics -l

Check SCSI Drives-

esxcfg-scsidevs -a

Firmware-
esxcli network nic get -n vmnic0 (NIC Version)
vmkload_mod -s lsi_mr3 | grep Version (SCSI Version)

Logs-
 /var/run/log

Scrolling installation with vreplication- 

1. SSH to the vSphere Replication appliance.

Disable automatic VIB installation and stop the looping installs:
    /opt/vmware/hms/bin/hms-configtool -cmd reconfig -property hms-auto-install-hbragent-vib=false

2.Then validate the particular VIB using the below command:
    esxcli software vib list | grep hbr

3. After this, Try restarting the HMS service using the below command.

service hms restart 

Azure AD Connect Incorrect Version of TLS

 

On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

On the Azure AD server, launch the Windows PowerShell ISE as administrator. Paste this PowerShell script and run the script. Running the below script enables TLS 1.2 on Windows Server. Once the TLS 1.2 has been enabled, close the PowerShell ISE.

Reboot