Category Archives: Support

Block / Deny ICMP Replies on ASA 5505

4 Replies

Cisco_Logo

So I finally managed to replace my aging ZyXeL ZyWALL 5 firewall with ASA 5505 from Cisco. VirginMedia (again, finally!) doubled my speed from 50 to 100Mbps downsteam and ZeXeL just couldn’t cope. In fact my download, when still having 50Mb/s, was around 30Mb/s anyway due to CPU being maxed out. Amount of LAN to WAN traffic (and vice versa) was simply too much for 266MHz Intel IXP422 CPU.

Anyway my ASA has been with me for some time and I didn’t actually do anything with it until last week. Here is my post from June, 10th 2012 talking about upgrading CF card and RAM. It really has been that long!

I started configuring the device and I have most of my stuff already done apart from one thing that became apparent today – my WAN IP is responding to pings! Not good. Quick command to get it fixed:

icmp deny any outside

Now the command above will deny pings on the OUTSIDE (untrusted) interface. In reality you just knocked off any pings that ASA will allow even on the internal interfaces – to fix this you have to allow ICMP as a protocol in default global policy map. Once done ICMP will be allowed back in (from OUTSIDE to INSIDE) because ASA will “know” about the connection that was made in the first place.

Block_ Deny_ICMP_Replies_on_ASA_5550

Commands (assuming default policy/inspections name):

policy-map global_policy
class inspection_default
inspect icmp

Domain Controller status is unavailable

22 Replies

Windows_Server_2008_R2_Logo

This problem was bugging me for a while now. Every time I have to connect to a different DC, status for one of them is showing as “Unavailable” In my case this hasn’t got anything to do with the domain controller actually functioning or having connectivity. DC works fine and I haven’t had any problems with it.

Few screenshots demonstrating the issue as well as explaining what’s the cause:

Domain_Controller_status_is_unavailable_1

Domain_Controller_status_is_unavailable_2

Continue reading

“Exception message: The user has insufficient access rights.” while logging in to Outlook Web Access (OWA)

Leave a Reply

Windows_7_Logo

Interesting error message indeed! Some screenshots as soon as you hit ‘OK’ on time zone screen and after logging in to OWA:

Exception_message_The_user_has_insufficient_access_rights_while_logging_in_to_Outlook_Web_Access_(OWA)_1

Continue reading

How to deploy 7-Zip 9.20?

8 Replies

7-Zip_Logo

Following on from my last post which talked about deployment of VLC Media Player 2.0.4 we are going to look at pushing out 7-Zip 9.20 in the enterprise.

7-Zip has been around for as long as I can remember and its a very good alternative to WinRAR and WinZIP – both of which are chargeable. Functionality wise its definitely on pair with any paid solution available today. Also .7z compression format is one of the best to use if you care about final file size – to quote 7-Zip themselves here is what they have to say:

Compression ratio results are very dependent upon the data used for the tests. Usually, 7-Zip compresses to 7z format 30-70% better than to zip format. And 7-Zip compresses to zip format 2-10% better than most of other zip compatible programs.

Quick compression ratio stats show how well 7-Zip does against the competition:

How_to_deploy_7-Zip_9.20_1

FILE SETS: Mozilla Firefox 1.0.7 for Windows and Google Earth 3.0.0616 for Windows after full installation.
Continue reading

Converting template to a VM fails on “This Host or Cluster is not Valid Selection”

Leave a Reply

VMware_vSphere_Logo

So here I am, sitting at 10PM converting templates (.vmtx) to VMs (.vmx) – nothing simpler to do right? Wrong! It fails on “This Host or Cluster is not Valid Selection” as soon as you click next on cluster selection… Great, just great. Exactly what I wanted before heading off to bed.. Here is the error:

Converting_template_to_a_VM_fails_on_This_Host_or_Cluster_is_not_Valid_Selection_1

And the solution (as usual, very simple) is to manually remove any entries to .iso files referenced in .vmtx file. I had one to volume where the .iso used to sit that was no longer connected as storage to my ESXi host:

Converting_template_to_a_VM_fails_on_This_Host_or_Cluster_is_not_Valid_Selection_2

Now you can happily click your favorite ‘Next’ button just to see it completing without problems.

Life is awesome!

How to find out which Domain Controller my PC is talking to?

7 Replies

Windows_Server_2008_R2_Logo

One very useful piece of information to know, if you’re working in large Active Directory implementation with multiple DC’s and Sites, is to be able to determine which Domain Controller machines are authenticating against at any given time.

Here’s the command to tell us exactly that:

nltest /dsgetdc:domain_name

Rather handy if you’re testing whether Sites and Services have been setup correctly or are moving computer objects in Active Directory and want the quickest turnaround for GPO’s etc.

You could always use built-in ‘set l’ command but that’s not always accurate due to %logonserver% variable taking a bit of time to update if you change Active Directory site and ultimately domain controller you’re authentication against. Remote workers are good example as they tend to be all over the place and ‘set l’ might give misleading and not precise results.

How to List Add/Remove Programs on a Local/Remote Machine

1 Reply

Windows_7_Logo

Another quick post to show how to list installed programs in Add/Remove programs on local and/or remote machine(s).

wmi is what makes this possible and the command we need on local machine is as follows:

wmic product get name,version

– on remote one we have to add node parameter to our wmi statement:

wmic /node:”FQDN_Goes_Here” product get name,version

Either one can be exported by adding:

/format:csv > Export.csv

at the end.

That’s it!

Active Directory Script to Shutdown Computers per OU

Leave a Reply

Windows_Server_2008_R2_Logo

If you need to shutdown computers per OU in Active Directory here is one way of doing it:

The only change you have to make for this script to work is to provide an LDAP string/path to the OU in AD where you’d like to shut the PCs.

In my company we had to come up with a solution to comply with the “green” policy enforced upon us. Initially I have tried the built-in shutdown command and feeding in computer names using Excel and CONCATENATE function. Issue with that approach was that my script was trying to reach out to each machine to check if its on the network and pingable taking too long to complete. Script above doesn’t have the same issues – it literally fires up shutdown request simultaneously to all machines on the specified OU – much quicker and definitely more effective!

If you guys have other ideas or have other solutions please let me know in comments below!

Find All Duplicated Computer Objects in SCCM Database…

4 Replies

SCCM_Logo

Here is the query that will find all duplicated computer objects in your database. Really useful when OSD is involved! Example of that we are trying to get rid of:

Now, in order to identify the duplicates we need to create a new collection with following query:

Code:

select R.ResourceID,R.ResourceType,R.Name,R.SMSUniqueIdentifier,R.ResourceDomainORWorkgroup,R.Client from SMS_R_System as r full join SMS_R_System as s1 on s1.ResourceId = r.ResourceId full join SMS_R_System as s2 on s2.Name = s1.Name where s1.Name = s2.Name and s1.ResourceId != s2.ResourceId and R.Client = null

Once done you can click on the collection itself and safely select “Delete Special” to remove all duplicates!

If you guys have any questions please leave a comment down below.