Symbol RF Scanners and Cisco WLC

Posted by robd on November 13, 2018
Wireless / No Comments

Had a roaming issues with Symbol MC9090 RF scanners on a Cisco virtual WLC (AIR-CTVM-K9) but weirdly only at one site, even though the same setting were applied across all sites.

The issue was the scanners would drop their SSH connection when moving between APs.

Here’s all my findings:

  • Update the scanner firmware, do this, it’s a pain but the newer firmware has so many features that are beneficial.
  • Some Scanner firmware would not allow them to connect using the security method WPA2, so enable WPA /TKIP or a better option, update the scanner firmware.
  • Secondly change the Scanners to CAM Mode = constant awake mode.
  • Thirdly, Cisco TAC recommended using these settings:

Ensure the fast transition is set to adaptive (if you don’t see this then update the code on your WLC):

The Symbol RF scanners support CCKM according to the manual so enable this:

Weird one this one, Cisco told us to disable “Enable Session Timeout” (also disable Aironet IE)

Tags: , , , ,

Forcing a SMTP on a Mailbox fails

Posted by robd on October 24, 2018
Exchange Online / No Comments

As I mentioned in another post, you can force a EoL mailbox to take on a SMTP with this command:

But occasionally it won’t work:

So to find who’s using the address you can search all of Azure using:

 

Tags: ,

Exchange Online – Hybrid – Missing SMTP

Posted by robd on October 23, 2018
Exchange Online / No Comments

Strange issue today, synced a bunch of users from on prem to Exchange which was successful.

Then the user was missing his default SMTP address on EoL but the SMTP was there on prem:

EoL, no COM:

EX prem, has COM

First thing to check, is the domain setup as a accepted domain in EoL (should be as the migration would of failed otherwise).

Next you can “override” the sync process by using the following EoL cmdlet:

 

Tags: ,

AD Attributes Tab Missing

Posted by robd on October 22, 2018
Active Directory / No Comments

Had a few people ask me recently why the attribute tab is missing for AD users in Active Directory Users and Computers.

First thing to check, is Advanced Features enabled:

Are you searching for the user??  If so then thats the issue, you CAN NOT get to the attribute tab from the search:

Go to the OU, open the user, booooom:

Tags: , ,

Check the PowerShell version

Posted by robd on October 20, 2018
Server / No Comments

Anothe quick one, to check PowerShell version:

 

Install the Remote Server Administration Tools (RSAT) on Windows 10 1809 via PowerShell

Posted by robd on October 19, 2018
powershell / No Comments

Just a quick one, to install RSAT on Windows 10 1809 via PowerShell:

then check:

 

Tags: , ,

Use PowerShell to Remotely Enable Firewall Exceptions

Posted by robd on October 18, 2018
powershell / No Comments

Got this today while connecting to Event viewer on a remote windows 10 machine:

To Fix remotely:

 

 

 

Tags:

Office 365/Outlook 2016 with MFA and the dreaded Password prompt of doom

Posted by robd on October 12, 2018
Exchange Online / No Comments

We recently started implementing Multiple Factor Authentication with office 365 and today I ran into a weird issue while working from home.

Laptop – Windows 10 1703

Outlook 2016 – 16.0.7726.1049

While opening Outlook 2016 I was prompted for my 365 credentials (over and over again) without any MFA prompt.

Would not not go away and would not connect.

So I checked

OWA – https://outlook.office365.com/owa – worked no problem and was prompted with MFA.

Teams – local install, worked no bother with MFA.

So I went to Azure Active Directory and could see loads of failed attempts:

Specifically: User did not pass MFA challenge (non Interactive)

So my guess was Outlook wasnt prompting me for MFA for what ever reason. I tried a new Outlook profile which wouldnt connect and the following registry entried to try and force basic connections from Outlook:

HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL

dword value 0

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

DisableADALatopWAMOverride

dword value 1

None of this worked so I went all out and did the following which fixed the issue:

  1. Sign out of Office 365
    1. Open Word
    2. In the upper-right corner of the Office 2016 app, click your name, and then click Switch Account.
    3. On the Accounts screen, click Sign out.
    4. Locate the account that you want to remove, and then click Sign out.
  2. Remove the cached credentials in Credentials Manager.
    1. To do this, follow these steps: Open Control Panel, and then click Credentials Manager.
    2. Under Windows Credentials, remove all the accounts under Generic Credentials
  3. Clear cached credentials on the computer from the registry.
    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate and backup then delete the following registry subkey:

4. Launch Word and sign into Office 365 (it logged in without issue)

5. Launch Outlook and I was prompted for my MFA credentials and which I authenticated via my phone and I was in.

 

Tags: , ,

WSUS – Updates not downloading updates

Posted by robd on October 11, 2018
WSUS / No Comments

Had this very annoying issue on the WSUS console where updates would just stick.

The fix was really very simple although I tried a varierty of things that didnt work first.

The fix:

Stop the following services (I actually had to disable and reboot as they wouldnt stop):

Then delete this folder:

Restart the services and bobs your uncle.

 

What didnt work but might for you (or me in the future):

Find the failed update:

From the WSUS management console, you can go to Updates -> All Updates. After searching out the approved updates, and then adding the column for File Status, you can see the updates in downloading.

For the updates downloading incompletely, you can decline these updates.

or

Look for these events and decline the update:

Or

Cancel all updates from PowerShell

Then let them download and keep and eye on which is struggling and decline it.

Or

Reset WSUS content:

1) Correct any settings above or disapprove any unneeded updates.

2) Close any open WSUS consoles.

3) Go to Administrative Tools – Services and STOP the Update Services service.

4) In Windows Explorer browse to the WSUSContent folder (typically D:\WSUS\WSUSContent or C:\WSUS\WSUSContent)

5) Delete ALL the files and folders in the WSUSContent folder.

6) Go to Administrative Tools – Services and START the Update Services service.

7) Open a command prompt and navigate to the folder: C:\Program Files\Update Services\Tools.

8) Run the command WSUSUtil.exe RESET

Or

Check the permission of the WSUS Content folder, check if NETWORK SERVICE and WSUS administrators have full permission

Or

Reindex the SQL DB:

https://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61

Tags: ,

Direct Access – IPSec Issue

Posted by robd on October 10, 2018
Direct Access / 2 Comments

Had a odd issue with our Direct Access servers today, We kept getting the following errors:

“There is no valid certificate to be used by IPsec which chains to the root/intermediate certificate configured to be used by IPsec in the DirectAccess configuration.”

After a day or two of not doing anything we couldnt event open the direct access console:

Or see any of the settings in PowerShell:

So whats the issue?  Turns out our Certificates had updated, namly our root and intermediate certificate and the direct access console didnt know what to do.

So to fix it, I’ll need to update the cert.

Open PowerShell and find the cert you want to use (the root or intermediate cert you used before):

Then set this cert:

Open the Direct Access console and give it a try.

Tags: , ,

Copy Protected by Chetan's WP-Copyprotect.