ODBC Driver Update

Posted by robd on April 23, 2020
powershell, SQL / No Comments

Hello,

As many of you may know the latest round updates have disabled TLS 1.0 and TLS 1.2

For us that meant either enabling TLS everywhere or using newer methods. Below is a URL to enable:

https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/

A much better option is to install Microsoft® ODBC Driver 13.1 for SQL Server on the clients:

https://www.microsoft.com/en-us/download/details.aspx?id=53339

Then update a whole bunch of ODBC system DSNs.

Thats great but some of our Citrix servers have a lot of system DSNs and I didnt much fancy doing them one by one so here’s some PowerShell to do it for you:

$DsnArray = Get-OdbcDsn -DriverName 'SQL Server' ForEach ($Dsn in $DsnArray) { Remove-OdbcDsn -InputObject $Dsn Add-OdbcDsn -Name $Dsn.Name -DsnType $Dsn.DsnType -Platform $Dsn.Platform -DriverName 'ODBC Driver 13 for SQL Server' -SetPropertyValue $Dsn.PropertyValue }

 

Boom.

 

Tags: , , ,

Updating Cisco Prime 3.4 to 3.7

Posted by robd on March 06, 2020
Cisco / No Comments

Well what a fun few days its been.  I’ve been on a mad mission to update our Cisco products, first I did Cisco ISE (I’ll try and blog about that later) and then Cisco Prime.

Here’s the Cisco Prime tac I took:

SSH to Prime

First thing first, backup Prime.  In my case that was on the prime server in the default repo.

copy NAMEofBACKUP.tar.gz ftp://10.1.1.2/

Next now ftp the update the file to prime:

copy FTP://10.1.1.2/PI-Upgrade-31x_32x_33x_34x_to_3.7.0.0.159.tar.gz disk:/defaultRepo

next check its there:

show repository defaultRepo

Now update:

application upgrade PI-Upgrade-31x_32x_33x_34x_to_3.7.0.0.159.tar.gz defaultRepo

Oh no ERROR:

ERROR : Please run the application upgrade from the system console to monitor upgrade progress. Use system monitor, serial terminal or a virtual console to initiate the upgrade.

You have to open the VM console!!!!!!!

Try again!

application upgrade PI-Upgrade-31x_32x_33x_34x_to_3.7.0.0.159.tar.gz defaultRepo

Ugh, its full.  Delete the old backups

Delete disk://BACKUP.tar.gz defaultRepo

Try again

application upgrade PI-Upgrade-31x_32x_33x_34x_to_3.7.0.0.159.tar.gz defaultRepo

Arggggh now what, stop Prime….

Ncs stop

Try again:

application upgrade PI-Upgrade-31x_32x_33x_34x_to_3.7.0.0.159.tar.gz defaultRepo

Now its working!!

Tags: , ,

Vib Error updating ESXi from 6.0 to 6.7

Posted by robd on March 05, 2020
vmware / No Comments

Tried to upgrade ESX on a Cisco server today but kept getting the following today:

missing_dependency_VIBS ERROR. Found=[Qlogic_bootbank_scsi-qla2xxx….. These vibs on the host are missing dependency if you continue to upgrade.

So to fix, put the host in Maintenance mode then check if the device blocking is in use:

esxcfg-scsidevs -a 

esxcfg-nics -l 

esxcli software vib list | grep -i scsi-ql

In my case it wasnt so bin it off:

esxcli software vib remove -n scsi-qla2xxx

 

All done, reboot and try and upgrade

 

Tags: , ,

Check and change DNS on all the servers in the domain

Posted by robd on February 19, 2020
DNS, powershell / No Comments

Here’s a brilliant PowerShell scipt to check what the DNS servers are set as accross the domain then change it:

 

$allservers = @()
$domainpcs = Get-ADComputer -Filter * -Properties operatingsystem | where {$_.operatingsystem -like "*Server*"} | sort name
foreach ($pc in $domainpcs)
{
    if (Test-Connection $pc.DNSHostName -Quiet)
    {
        $thisserver = $null
        $DNSsettings = $null


        $DNSsettings = Get-DnsClientServerAddress -CimSession $pc.DNSHostName | where {($_.AddressFamily -eq 2) -and ($_.InterfaceAlias -notlike "Loopback*") -and ($_.InterfaceAlias -notlike "isatap*") -and ($_.ServerAddresses -ne $null)} | select @{n='DNSServers';e={$_ | select -ExpandProperty serveraddresses}},InterfaceIndex
        $thisserver =  New-Object psobject -Property @{
                       Servername = $pc.Name
                       interfaceindex = $DNSsettings.interfaceindex[0]
                       DNSsetting1 = $DNSsettings.dnsservers[0]
                       DNSsetting2 = $DNSsettings.dnsservers[1]
                       DNSsetting3 = $DNSsettings.dnsservers[2]
        }


        $allservers += $thisserver
        $thisserver
    }
    
}




foreach ($server in $allservers)

{

        $newdns1 = $null
        $newdns2 = $null
        $newdns3 = $null

        $needchange = $false

        write-host $server.Servername -ForegroundColor Green

       $newdns1 = $server.dnssetting1
        $newdns2 = $server.dnssetting2
        $newdns3 = $server.dnssetting3

       write-host $newdns1 -ForegroundColor Red
       write-host $newdns2 -ForegroundColor Red
       write-host $newdns3 -ForegroundColor Red


    

       Switch ($server.DNSsetting1)
       {
           "10.5.1.4" {$newdns1 = "8.8.8.8";$needchange =$true}
           "10.5.1.5" {$newdns1 = "8.8.4.4";$needchange =$true}
           "10.5.1.6" {$newdns1 = "1.1.1.1";$needchange =$true}
       }

       Switch ($server.dnssetting2)
       {
           "10.5.1.4" {$newdns2 = "8.8.8.8";$needchange =$true}
           "10.5.1.5" {$newdns2 = "8.8.4.4";$needchange =$true}
           "10.5.1.6" {$newdns2 = "1.1.1.1";$needchange =$true}
       }

       Switch ($server.dnssetting3)
       {
           "10.5.1.4" {$newdns3 = "8.8.8.8";$needchange =$true}
           "10.5.1.5" {$newdns3 = "8.8.4.4";$needchange =$true}
           "10.5.1.6" {$newdns3 = "1.1.1.1";$needchange =$true}
       }


       write-host $newdns1 -ForegroundColor Cyan
       write-host $newdns2 -ForegroundColor Cyan
       write-host $newdns3 -ForegroundColor Cyan

       $needchange
       if ($needchange)
       {      
           Set-DnsClientServerAddress -cimsession $server.servername -InterfaceIndex $server.interfaceindex -ServerAddresses ($newdns1,$newdns2,$newdns3)  -whatif
       }
}

 

Tags: ,

Dynamic vlan Assignment on Flexconnect using Cisco Wireless

Posted by robd on February 17, 2020
Wireless / No Comments

Hello,

I recently setup dynamic vlan assignment using Cisco ISE and a Cisco vWLC but had an issue where on some APs on some sites wouldnt move the devices to the correct DHCP scope.

So just make it clear what dynamic vlan assignment is, its when you have one SSID to rule them all and in the dark bind them.

So I have laptop and hand held scanners and only one SSID, I want my hand held scanner to go onto a different vlan and DHCP scope my laptops. So I use this option in profiles in ISE:

Then setup the scope option and bobs your uncle.

So back to the issue, some sites just wouldnt move scopes i.e. they’d stay on default scope.  So first thing I did was debug the client via the CLI on the vWLC:

debug client 94:fb:29:43:74:b9
*apfMsConnTask_1: Jan 30 13:09:53.561: 94:fb:29:43:74:b9 Encryption policy is set to 0x80000004
*apfMsConnTask_1: Jan 30 13:09:53.561: 94:fb:29:43:74:b9 10.51.140.17 8021X_REQD (3) Client already has IP 10.10.1.17, DHCP Not required on AP 70:79:b3:9f:4c:c0 vapId 1 apVapId 1
*apfMsConnTask_1: Jan 30 13:09:53.561: 94:fb:29:43:74:b9 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_1: Jan 30 13:09:53.561: 94:fb:29:43:74:b9 Vlan while overriding the policy = 153
*apfMsConnTask_1: Jan 30 13:09:53.561: 94:fb:29:43:74:b9 sending to spamAddMobile vlanId 153 flex aclName = , flexAclId 65535

So the client knows it should be on vlan 153 but isnt moving…….So after much googling I found that my flex connect groups hadnt been setup properly.

I was missing the vlans from the vlans from AAA VLAN-ACL Mapping.  Added them in and everything started working on every site!!!

Very weird how it ever worked but there you go.

 

Tags: , , ,

Checking MTU from a remote client without having to talk to anyone

Posted by robd on January 02, 2020
Networking / No Comments

We suspected we had some MTU issues at one of our remote sites and as a 3rd line engineer I don’t often have to talk with users and after a while you get in the habit of not talking to users which leads to never wanting to talk to users. – Note you’ll need admin access to the users machine.

So here’s a little guide to run tests from users computers without having to call and talk to them.

First download and put it somewhere you can cmd too on your machine.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Optional – Then download this if you for example want to test MTU.

https://elifulkerson.com/projects/mturoute.php

Next copy the MTUroute software to the user’s computer.

Next from your computer run the below command which will remotely execute mturoute.exe to test the MTU to 192.168.1.5 on UsersComputer:

PsExec.exe \\UsersComputer C:\temp\mturoute.exe 192.168.1.5

Tags: ,

Exchange 2010 On Premesis accessing Office 365 Mailboxes

Posted by robd on December 04, 2019
Office 2010, Office 365, Outlook 2010 / No Comments

Had a very weird issue where users on prem couldnt access mailboxes for users online even though the permissions were correct.

The error was:

Cannot expand the folder. The set of folders cannot be opened.

Had a good google and the recommendations were to do the following which didnt work for me:

Connect to 365 and run:

#remove permissions
Remove-MailboxPermission -Identity Manager@bohemiangrove.co.uk -User User1@bohemiangrove.co.uk -AccessRights FullAccess

#Add permissions
Add-MailboxPermission -Identity Manager@bohemiangrove.co.uk -User User1@bohemiangrove.co.uk -AccessRights FullAccess -InheritanceType All -AutoMapping:$false

So what I did to fix this was to add this for

  1. Exit Outlook.
  2. Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows:
  3. In Registry Editor, locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Exchange
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
  6. Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

Tags: , , ,

RSAT Windows 10 1809

Posted by robd on December 03, 2019
Windows 10 / No Comments

Couldnt install RSAT today on Windows 10 1809, the command I was running was:

Get-WindowsCapability -Online -Name RSAT* | Add-WindowsCapability -Online

The error I was getting was:

Add-WindowsCapability : Add-WindowsCapability failed. Error code = 0x800f0954

So to fix it I did the following:

Ran “gpedit.msc”, then looked for:

Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair

My local policy seems to have defaulted to “Disabled” –

Changed it to “Enabled” and selecting the checkbox labeled “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)”

Tried again and bobs your uncle.

Another way could of been:

Set-ItemProperty "REGISTRY::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" UseWUserver -value 0
Get-Service wuauserv | Restart-Service
Get-WindowsCapability -Online -Name RSAT* | Add-WindowsCapability -Online
Set-ItemProperty "REGISTRY::HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" UseWUserver -value 1

 

Tags: , , ,