tag:blogger.com,1999:blog-43934371163285677562024-03-16T02:41:10.449-07:00Tommy's Tech TipsTommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4393437116328567756.post-57325264405504349492024-03-16T02:40:00.000-07:002024-03-16T02:40:14.331-07:00Minecraft Club Brightlingsea<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYJVTSq-sjkGUogd8qhtM3Z1MmrcFJdsh9Is2R1dGWyGTb-r140yFBXhNAhg-nwNQmuyBUuRCNiHsIRJu0IaRHKwp9kcz2rT3-DipNafau7eLy2GO0T3oke49uwgwekJgujseutvfd0bM9YwNhECWveWGKsYlnSJLGgAkqn4O6qCgFCqbYcl9Dmvj-Xc69/s840/a556d517-bdaa-4685-9dda-f8e2ca66a289~2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="597" data-original-width="840" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYJVTSq-sjkGUogd8qhtM3Z1MmrcFJdsh9Is2R1dGWyGTb-r140yFBXhNAhg-nwNQmuyBUuRCNiHsIRJu0IaRHKwp9kcz2rT3-DipNafau7eLy2GO0T3oke49uwgwekJgujseutvfd0bM9YwNhECWveWGKsYlnSJLGgAkqn4O6qCgFCqbYcl9Dmvj-Xc69/s320/a556d517-bdaa-4685-9dda-f8e2ca66a289~2.jpg" width="320" /></a></div><br /><p></p>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-24792644643089285382023-06-05T14:41:00.000-07:002023-06-05T14:41:34.964-07:00Business Central - Azure SSO Redirect Loop<p> </p><h2>Azure SSO Redirect Loop<o:p></o:p></h2>
<p class="MsoNormal">I noticed an odd issue when both Business Central application
servers were running at the same time, in which the Azure Single Sign-on page
would constantly loop round and round after entering your credentials. If I
disabled IIS and stopped the Business Central Service Instance on one of the servers,
the issue went away.<o:p></o:p></p>
<p class="MsoNormal">In Azure, I noticed that the following setting was enabled on
the Production Application Gateway, but was disabled on Test. Under Settings
> Backend Settings > navServiceTierBackendHttpSettings > Cookie-based
affinity.<o:p></o:p></p><p class="MsoNormal"></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg4s11uL-ngexuWInc1Xf_bZARcVQ77RK4HTxxoVLGmBot-YIAps5efy7vpZhup76MTG_yt_dFxMmGy797LvvxFW4eBZ5suwdL8ACats_gIpj0uI3REwK4_0qV9LU2LPW1ZgnOP5G62bd1JJpDZsek4l8qpJU7trGbE03VsH2J37JhgGfeOa00sumiyJg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="621" data-original-width="898" height="387" src="https://blogger.googleusercontent.com/img/a/AVvXsEg4s11uL-ngexuWInc1Xf_bZARcVQ77RK4HTxxoVLGmBot-YIAps5efy7vpZhup76MTG_yt_dFxMmGy797LvvxFW4eBZ5suwdL8ACats_gIpj0uI3REwK4_0qV9LU2LPW1ZgnOP5G62bd1JJpDZsek4l8qpJU7trGbE03VsH2J37JhgGfeOa00sumiyJg=w561-h387" width="561" /></a></div><br /><br /></div><i><span style="background: white; color: #292827; font-family: "Segoe UI",sans-serif; font-size: 9.0pt; line-height: 107%;"><b>The application gateway
can use cookies to keep a user session on the same server. You can enable this
feature if the client supports the use of cookies.</b></span></i><p></p>
<p class="MsoNormal">I enabled Cookie Based affinity for the navServiceTierBackendHttpSettings
port 443 and this resolved the issue.<i><span style="background: white; color: #292827; font-family: "Segoe UI",sans-serif; font-size: 9.0pt; line-height: 107%;"><o:p></o:p></span></i></p>
<div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg5B4Xed-jFV3GEW7UJNDKcDZ4iDjYksDNpz1kY9_CPSrF7BUARgSrNh0iCIeOKngFW-6Ea7Tl6DS9wh6DSX7RGSOwj-qtJ5YaHfBUb5hUF3aWH4mrw1xAp44V_3Qo11_BXXhYYVzl0yu_UCN1S8YQttHolwxGBJKhfyFv-u9ECRkSI5RyJr5IKuR4PVQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="568" data-original-width="901" height="504" src="https://blogger.googleusercontent.com/img/a/AVvXsEg5B4Xed-jFV3GEW7UJNDKcDZ4iDjYksDNpz1kY9_CPSrF7BUARgSrNh0iCIeOKngFW-6Ea7Tl6DS9wh6DSX7RGSOwj-qtJ5YaHfBUb5hUF3aWH4mrw1xAp44V_3Qo11_BXXhYYVzl0yu_UCN1S8YQttHolwxGBJKhfyFv-u9ECRkSI5RyJr5IKuR4PVQ=w798-h504" width="798" /></a></div><br /><br /></div><br /><br />
<br />Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-69767700256581977342023-02-13T13:23:00.006-08:002023-02-13T13:38:15.930-08:00Ditched the Cisco router for OpenWrt Dual WAN Setup<p></p><div style="text-align: left;"><span style="font-family: arial;">Due to the poor performance of my old POTS ADSL line, I decided to look at 4G Routers. Surprisingly, I could get over 200mbps download and around 50mbps upload!</span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">Compared to my ADSL line of 17mbps down and 1mbps up, this significantly increased speed and performance!</span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">I wanted to make use of my ADSL line, so I turned my Raspberry Pi into an OpenWrt router, and have it monitor both WAN connections.</span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">If it detects the 4G connection is down by performing regular pings to 1.1.1.1, it will set the metric to a value of 1, and set the backup ADSL interface metric to 0. </span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">The lowest value takes precedence, and the routing table is updated accordingly setting the default WAN interface to the ADSL interface. When the 4G interface comes back online the metric value is set back to 0, and the ADSL interface metric is set back to 1.</span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div style="text-align: left;"><span style="font-family: arial;">It works really well, and with OpenWrt, you can have many packages running that provide all sorts of extra functionality like Dynamic DNS updates, Private DNS, QOS and Bandwidth monitoring!</span></div><div style="text-align: left;"><span style="font-family: arial;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUR9_Gkb6qwVQ3yTC5YciUD7CemBpXszZ-dEzahDw5crVarLdWK2X7kjqobY3X-4JiDju1PbtkqiP9FVmHQk3Ag1Y7Zfg0xJhKHabuFZh36PAz8b3MbB0xwxUCvjF8hAFHUm_ScjrDFDE6VwwU_LcIVotCwsjWntgTOvXc01g2MWeMhNebx5uExi6o_g/s1552/Home%20Network.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="756" data-original-width="1552" height="448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUR9_Gkb6qwVQ3yTC5YciUD7CemBpXszZ-dEzahDw5crVarLdWK2X7kjqobY3X-4JiDju1PbtkqiP9FVmHQk3Ag1Y7Zfg0xJhKHabuFZh36PAz8b3MbB0xwxUCvjF8hAFHUm_ScjrDFDE6VwwU_LcIVotCwsjWntgTOvXc01g2MWeMhNebx5uExi6o_g/w919-h448/Home%20Network.png" width="919" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p></p>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-90642914861050362022-07-10T12:56:00.000-07:002022-07-10T12:56:15.681-07:00Azure SQL PaaS Private Endpoints & DNS<p><span style="background-color: white; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px;">So I have a SQL PaaS Server in Azure, typically you connect to it using the server name which is a domain name that resolves to a public IP address. Now we have disabled public access, so we connect to it via a Private Endpoint.</span></p><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">Private Endpoints link the Azure Virtual Network (vnet), and our network config is done so the routing tables send the traffic to the correct location via SD-WAN etc. Connecting to the SQL Database is done via the server name, but that resolves to a public IP, which I can’t use, due to public access being disabled.</p><br style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; outline-color: inherit;" /><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">Enabling Private Endpoints creates this private DNS alias, if public access was still enabled then this alias would not exist. So in Azure, you can have Private DNS Zones which use Azure’s own DNS servers and services. We don’t use Private DNS for the virtual network in production, we use our own DNS servers in AD.</p><br style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; outline-color: inherit;" /><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">If I do a nslookup on the server name you will see it has an alias with the zone I need to add.<br style="box-sizing: inherit; outline-color: inherit;" />When you do the nslookup for the main server name <a href="http://sql-server.datbase.windows.net/" style="background-color: rgba(0, 0, 0, 0); box-sizing: inherit; cursor: pointer; outline-color: inherit; outline-style: initial; outline-width: 0px; overflow-wrap: break-word; text-decoration-line: none;" target="_blank">sql-server.datbase.windows.net</a>, it resolves to the alias <a href="http://sql-server.privatelink.database.windows.net/" style="background-color: rgba(0, 0, 0, 0); box-sizing: inherit; cursor: pointer; outline-color: inherit; outline-style: initial; outline-width: 0px; overflow-wrap: break-word; text-decoration-line: none;" target="_blank">sql-server.privatelink.database.windows.net</a>.</p><br style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; outline-color: inherit;" /><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">So by creating the zone in our DNS servers in AD, Azure will look at this zone and return the private IP I need of 10.X.X.X for <a href="http://sql-server.privatelink.database.windows.net/" style="background-color: rgba(0, 0, 0, 0); box-sizing: inherit; cursor: pointer; outline-color: inherit; outline-style: initial; outline-width: 0px; overflow-wrap: break-word; text-decoration-line: none;" target="_blank">sql-server.privatelink.database.windows.net</a>. Now because it's an alias looking up the original server name will then eventually return my private IP.</p><br style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; outline-color: inherit;" /><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">The reason Microsoft does it this way is so if you wanted public access back again, Azure would add/remove this alias address providing you the correct IP you need.</p><br style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; outline-color: inherit;" /><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">Hope that helps.</p><p style="background-color: white; box-sizing: inherit; color: #333333; font-family: "Segoe UI", SegoeUI, "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;">For more information, see the original Microsoft community support post I made, along with a very useful video on Azure DNS in relation to Private Endpoints,</p><p style="background-color: white; box-sizing: inherit; margin: 0px 0px 10px; outline-color: inherit; padding: 0px;"></p><ul style="text-align: left;"><li><span style="color: #333333; font-family: Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif;"><span style="font-size: 14px;"><a href="https://docs.microsoft.com/en-us/answers/questions/910691/azure-sql-paas-server-private-endpoint-certificate.html#answer-919543 ">https://docs.microsoft.com/en-us/answers/questions/910691/azure-sql-paas-server-private-endpoint-certificate.html#answer-919543 </a></span></span></li></ul><div><span style="color: #333333; font-family: Segoe UI, SegoeUI, Helvetica Neue, Helvetica, Arial, sans-serif;"><br /></span></div><ul style="text-align: left;"><li><a href="https://www.youtube.com/watch?v=rXbamGNz-xQ&ab_channel=JohnSavill%27sTechnicalTraining" rel="nofollow" style="color: #1155cc; font-family: Roboto, Arial, sans-serif; font-size: 16px; font-variant-ligatures: none; letter-spacing: 0.1px; pointer-events: none; white-space: pre-wrap;" target="_blank">https://www.youtube.com/watch?v=rXbamGNz-xQ&ab_channel=JohnSavill%27sTechnicalTraining</a></li></ul><p></p>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-41413824194521983972022-06-06T06:20:00.001-07:002022-06-06T06:21:52.748-07:00IE Mode Microsoft Edge (Chromium) Default Policy<p class="MsoNormal" style="line-height: normal; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><span lang="EN-US" style="color: #538135; font-size: 12pt; mso-ansi-language: EN-US; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;"><b>Edge
IE Mode Microsoft Edge (Chromium) Default Policy - IE MODE<o:p></o:p></b></span></p>The group policy enables a feature in Edge called IE Mode, which adds legacy browser compatibility for Internet Explorer.<p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">1.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Download the policy file from <a href="https://www.microsoft.com/en-us/edge/business/download" style="box-sizing: border-box; cursor: pointer; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;" target="_blank" title="(Opens in a new tab or window)"><span style="border: 1pt none windowtext; color: #0f62fe; padding: 0cm; text-decoration-line: none;">Microsoft Edge Policy Template</span></a>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">2.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Extract the downloaded Policy File folder<span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;"> MicrosoftEdgePolicyTemplates</span></span></span>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; vertical-align: baseline;"><b><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Domain Controller Setup<o:p></o:p></span></b></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">3.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Copy <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">msedge.admx, msedgeupdate.admx</span></span></span> and <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">msedgewebview2.admx</span></span></span> file
from<span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;"> C:\Users\{user}\Downloads\MicrosoftEdgePolicyTemplates\windows\admx</span></span></span> to <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">C:\Windows\PolicyDefinitions</span></span></span>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">4.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Copy <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">msedge.adml, msedgeupdate.adml</span></span></span> and<span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;"> msedgewebview2.adml</span></span></span> file
from <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">C:\Users\{user}\Downloads\MicrosoftEdgePolicyTemplates\windows\admx\en-US</span></span></span> to <span class="ph"><span style="border: 1pt none windowtext; mso-border-alt: none windowtext 0cm; padding: 0cm;"><span style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit;">C:\Windows\PolicyDefinitions\en-US</span></span></span>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">5.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Open Group Policy Editor.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">6.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Click <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">User Configuration/Computer
Configuration</span></strong> > <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Administrative Templates</span></strong> > <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Microsoft Edge</span></strong>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">7.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Double-click <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Configure Internet Explorer
integration</span></strong>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">8.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Select <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Enabled</span></strong>.<o:p></o:p></span></p><p class="bx--listitem" style="background: white; margin-left: 36pt; mso-list: l2 level1 lfo2; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">9.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face=""Calibri",sans-serif" style="color: #161616; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Under <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Options</span></strong>, set
the drop-down value to <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Internet Explorer mode</span></strong> if
you want the sites to open in IE mode on Microsoft Edge<o:p></o:p></span></p><p>
</p><section aria-labelledby="d85786e136" class="section" role="region" style="background-color: white; border: 0px; box-sizing: border-box; color: #161616; font-family: "IBM Plex Sans", "Helvetica Neue", Arial, sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; letter-spacing: 0.16px; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">
<h2 id="d85786e136" style="box-sizing: border-box; font-size: 2rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: 2.5rem; margin: 0cm; padding: 2rem 0px 1rem; vertical-align: baseline;"><span face=""Calibri",sans-serif" style="font-size: 12pt; mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Configuring the Enterprise Mode
Site List policy<o:p></o:p></span></h2>
<p style="box-sizing: border-box; font-size: 1rem; font-stretch: inherit; font-style: inherit; font-variant: inherit; margin: 1rem; vertical-align: baseline;"><span face=""Calibri",sans-serif" style="mso-ascii-theme-font: minor-latin; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Configure IE
mode with a separate policy for Microsoft Edge. This additional policy allows
you to override the IE site list. For example, some organizations target the
production site list to all users. You can then deploy the pilot site list to a
small group of users using this policy.<o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif" style="letter-spacing: 0.25pt;">1.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Create or reuse a Site List.<span style="letter-spacing: 0.25pt;"><o:p></o:p></span></span></p>
<p align="center" class="bx--listitem" style="text-align: center; vertical-align: baseline;"></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg89uLyI2IX9u75Q9iChpzVcQ6pyspXc3FuM5ZzKeQsA3vKPl6S48-BgCHYinL_v8ww4TX3CZ8HE5Vs2phvaY1XEbhqIagumiAt_K3yRa2ODTTlhN3KKO99kEQrun7RhN1DUrkIdl_H76Kf_3HiPN1nIKkMy9JR2mDM7pa0AarUcbSejcvIi-pg0E2oCA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="433" data-original-width="693" height="288" src="https://blogger.googleusercontent.com/img/a/AVvXsEg89uLyI2IX9u75Q9iChpzVcQ6pyspXc3FuM5ZzKeQsA3vKPl6S48-BgCHYinL_v8ww4TX3CZ8HE5Vs2phvaY1XEbhqIagumiAt_K3yRa2ODTTlhN3KKO99kEQrun7RhN1DUrkIdl_H76Kf_3HiPN1nIKkMy9JR2mDM7pa0AarUcbSejcvIi-pg0E2oCA=w460-h288" width="460" /></a></div><p></p><p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><span face="Calibri, sans-serif"><button aria-label="Copy to clipboard" class="bx--copy-btn" data-copy-btn="" style="-webkit-box-align: center; -webkit-box-pack: center; align-items: center; background-color: #1e1e1e; border-color: initial; border-radius: 0px; border-style: none; border-width: initial; cursor: pointer; display: flex; font-family: "IBM Plex Sans", "Helvetica Neue", Arial, sans-serif; height: 2rem; justify-content: center; margin: 0px; padding: 0px; position: absolute; right: 0.5rem; top: 0.5rem; width: 2rem; z-index: 10;" tabindex="0" title="Copy to clipboard" type="button"><svg aria-hidden="true" class="bx--snippet__icon" focusable="false" height="16" preserveaspectratio="xMidYMid meet" style="will-change: transform;" viewbox="0 0 16 16" width="16" xmlns="http://www.w3.org/2000/svg"><path d="M14,5v9H5V5h9m0-1H5A1,1,0,0,0,4,5v9a1,1,0,0,0,1,1h9a1,1,0,0,0,1-1V5a1,1,0,0,0-1-1Z"></path><path d="M2,9H1V2A1,1,0,0,1,2,1H9V2H2Z"></path></svg></button>2. Open
Group Policy Editor.<o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif">3.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Click <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">User Configuration/Computer
Configuration</span></strong> > <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Administrative Templates</span></strong> > <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Microsoft Edge</span></strong>.<o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif">4.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Double-click <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Configure the Enterprise Mode
Site List</span></strong>.<o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif">5.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Select <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Enabled</span></strong>.<o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif">6.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Under <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Options</span></strong>, type
the location of the website list. <o:p></o:p></span></p>
<p class="bx--listitem" style="margin-left: 36pt; mso-list: l0 level1 lfo3; tab-stops: list 36.0pt; text-indent: -18pt; vertical-align: baseline;"><!--[if !supportLists]--><span face="Calibri, sans-serif">7.<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span face="Calibri, sans-serif">Click <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">OK</span></strong> or <strong style="box-sizing: border-box; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit;"><span style="border: 1pt none windowtext; padding: 0cm;">Apply</span></strong> to save these settings<o:p></o:p></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm;"><b><u><span style="font-size: 12pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">More Info<o:p></o:p></span></u></b></p>
<p class="MsoListParagraph" style="line-height: normal; margin-bottom: 0cm; mso-add-space: auto; mso-list: l1 level1 lfo1; text-indent: -18pt;"><!--[if !supportLists]--><span style="font-family: Symbol; font-size: 12pt; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol; mso-fareast-language: EN-GB;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 12pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;"><a href="https://www.youtube.com/watch?v=A2o0x9-0urE">https://www.youtube.com/watch?v=A2o0x9-0urE</a>
<br />
<a href="https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-site-list-manager">https://docs.microsoft.com/en-us/deployedge/edge-ie-mode-site-list-manager</a><o:p></o:p></span></p>
<p class="MsoNormal" style="line-height: normal; margin-bottom: 0cm;"><span style="font-size: 12pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 12pt; line-height: 107%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"> </span></p></section>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-26522598584402545682021-01-31T04:14:00.001-08:002022-04-07T04:10:07.477-07:00 IP on DNS blacklist (IP on DNS Blacklist) Down (Error checking bl.spamcop.net, it contains an entry for 127.0.0.1 )<p> </p><p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;">Our
PRTG server started alerting us to the following.<o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><b><i><span face=""Segoe UI",sans-serif" style="color: red; font-size: 10.5pt;">IP on DNS
blacklist (IP on DNS Blacklist) Down (Error checking bl.spamcop.net, it
contains an entry for 127.0.0.1)<o:p></o:p></span></i></b></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><b><i><span face=""Segoe UI",sans-serif" style="color: red; font-size: 10.5pt;">Also,
emails sent from Office 365, some at not getting through.<o:p></o:p></span></i></b></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><b><i><span face=""Segoe UI",sans-serif" style="color: red; font-size: 10.5pt;">watchdog.wmf.de
gave this error:<br />
Decision Engine classified the mail item was rejected because of IP Block (from
outbound normal IP pools) -> 550 40.107.14.123 blacklisted at bl.spamcop.net<o:p></o:p></span></i></b></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI", sans-serif" style="color: #333333; font-size: 10.5pt;">Appears </span><b><span face=""Segoe UI", sans-serif" style="font-size: 10.5pt;">bl.spamcop.net </span></b><span face=""Segoe UI", sans-serif" style="font-size: 10.5pt;"> have
not renewed their domain?</span></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;"><a href="https://forum.kpn.com/e-mail-10/spamcop-net-opgeheven-levert-problemen-op-530208?postid=1229636#post1229636">https://forum.kpn.com/e-mail-10/spamcop-net-opgeheven-levert-problemen-op-530208?postid=1229636#post1229636</a></span><span face=""Segoe UI",sans-serif" style="color: black; font-size: 10.5pt;"> </span><span face=""Segoe UI",sans-serif" style="font-size: 10.5pt;"><o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI",sans-serif" style="color: black; font-size: 10.5pt;">This
appears to be causing miss classifications of IP’s that are being blacklisted.</span><span face=""Segoe UI",sans-serif" style="font-size: 10.5pt;"><o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI",sans-serif" style="color: black; font-size: 10.5pt;">The server used at this time for Office 365 appears to on this backlist.</span><span face=""Segoe UI",sans-serif" style="font-size: 10.5pt;"><o:p></o:p></span></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><b><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;">Name:
mail-eopbgr140123.outbound.protection.outlook.com<o:p></o:p></span></b></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><b><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;">Address:
40.107.14.123<o:p></o:p></span></b></p>
<p class="MsoNormal" style="background: white; margin-bottom: 6pt;"><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;"> </span></p><p class="MsoNormal" style="background: white;"><span face=""Segoe UI",sans-serif" style="color: #333333; font-size: 10.5pt;"></span></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRM_Fshig-7Zqg6u9xd8odfU0N5YXdXLbMUZ1IwNcUsumwv8FGLXwendL-qbd_s9-vC7iug62armByNHb2peRe7LUmUcA67w0sYbwMIM636y9n3rrPy1ItLRzI-tc8DFOqJpwQnhJwVqyV/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="298" data-original-width="712" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRM_Fshig-7Zqg6u9xd8odfU0N5YXdXLbMUZ1IwNcUsumwv8FGLXwendL-qbd_s9-vC7iug62armByNHb2peRe7LUmUcA67w0sYbwMIM636y9n3rrPy1ItLRzI-tc8DFOqJpwQnhJwVqyV/w594-h249/image.png" width="594" /></a></div><br /><o:p></o:p><p></p>
<p class="MsoNormal"><span style="mso-fareast-language: EN-US;"><o:p> </o:p></span></p>
<p class="MsoNormal"><br /></p>
<p class="MsoNormal"><span style="mso-fareast-language: EN-US;"><o:p> </o:p></span></p>
<p class="MsoNormal"><br /></p>
<p class="MsoNormal" style="mso-line-height-alt: .75pt;"><span face=""Segoe UI",sans-serif" style="color: #f4f4f4; font-size: 1pt;">Tracking ID:
1ca78e52-284c-4af5-b352-1053cc27860f<o:p></o:p></span></p>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-2941120036585928672020-05-04T07:10:00.000-07:002020-05-20T13:40:20.228-07:00Home Network Setup<!--wp:paragraph--><p>Being someone who love playing around with Cisco kit I decided to annoy my wife and remove the standard cheap basic router from my ISP and go full enterprise at home!</p><p>The diagram below shows the topology of my setup, the broadband line uses a Fibre Line VDSL Broadband Fibre Connection. The main ISP router is a Cisco 887VA-M which has the firewall completely locked down with only ports 443 open for SSL VPN connection into my network. I gave the local interfaces an IP from the subnet of 192.168.2.X /30. This allows two IP addresses which can be used to connect the core ISP Cisco router to my Cisco ASA Firewall, which protects in the internal network. </p><p>The local LAN runs on a different subnet, 192.168.1.X /24, which uses DHCP reserved addresses. I allocate specific IP addresses and lock down the network with firewall rules on the Cisco ASA.</p><p>The local wireless access point is a Cisco AP541N-E which uses WPA2 PSK along with MAC Address filtering to further lock down who can access the network via MAC Addresses.</p><figure class="wp-block-image size-large"><img class="wp-image-130" height="302" src="https://tomstechprojects.files.wordpress.com/2020/05/newman-networks-2.png?w=758" width="640" /></figure><p>If you wanted to know how the network was configured please get in touch and I can always send you snippets of the configs. </p><p>Physical setup.</p><figure class="wp-block-image size-large"><img class="wp-image-132" height="640" src="https://tomstechprojects.files.wordpress.com/2020/05/img_20200504_132700.jpg?w=768" width="480" /></figure>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com2tag:blogger.com,1999:blog-4393437116328567756.post-18095262039871765062019-09-29T07:39:00.000-07:002022-04-12T13:04:07.577-07:00McAfee Web Control & Outlook Email Annotations<!--wp:paragraph--><p><strong>Summary</strong></p><p>This post explains the investigation steps we took and the tools we used to work out how McAfee Web Control functions within our IT Estate.</p><p>Topic on McAfee Forums: https://community.mcafee.com/t5/Endpoint-Security-ENS/Outlook-email-annotations-McAfee-Web-Control/m-p/636770#M5508</p><p><strong>Problem / Issue we have with McAfee Web Control</strong></p><p>Email annotations do not load on malicious sites that appear in emails in Microsoft Outlook.</p><p><strong>How does McAfee Web Control Work?</strong></p><p>Web Control uses JavaScript as its core to display the Web Control warning, So Web<br />Control uses executable mfewc.exe to do all the work.</p><figure class="wp-block-image size-large"><img alt="Image" class="wp-image-92" height="357" src="https://tomstechprojects.files.wordpress.com/2019/09/1.jpg?w=602" width="400" /></figure><p>It also calls a child process which can be seen.</p><figure class="wp-block-image size-large"><img class="wp-image-93" height="52" src="https://tomstechprojects.files.wordpress.com/2019/09/2.png?w=759" width="400" /></figure><p>Outlook references the DLL files which can be found in the Web Control installation<br />directory (C:\Program Files (x86)\McAfee\Endpoint Security\Web Control)<br />like <strong>wchook.dll</strong>.</p><p>There are two versions of the wchook.dll which are 32bit and 64bit. This has no effect on the Microsoft Office version, just the Windows Operating system architecture. </p><ul><li>C:\Program Files<br /> (x86)\McAfee\Endpoint Security\Web Control\x64\wchook.dll</li><li>C:\Program Files<br /> (x86)\McAfee\Endpoint Security\Web Control\wchook.dll</li></ul><p>I used a tool to check the DLL type to confirm this, as you can see the wchook.dll which I believe is used to hook into the Outlook.exe process, does support both 32 & 64bit Windows.</p><p>c:\program files (x86)\mcafee\endpoint security\web control\x64\wchook.dll:</p><p>Verified: Signed</p><p>Signing date: 10:54 28/11/2018</p><p>Publisher: McAfee, Inc.</p><p>Company: McAfee, LLC.</p><p>Description: Web Control</p><p>Product: Web Control</p><p>Prod version: 10.6.1.0</p><p>File version: 10.6.1.1082</p><p><strong>MachineType: 64-bit</strong></p><p>C:\Users\newmant>sigcheck "C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\wchook.dll"</p><p>c:\program files (x86)\mcafee\endpoint security\web control\wchook.dll:</p><p>Verified: Signed</p><p>Signing date: 10:50 28/11/2018</p><p>Publisher: McAfee, Inc.</p><p>Company: McAfee, LLC.</p><p>Description: Web Control</p><p>Product: Web Control</p><p>Prod version: 10.6.1.0</p><p>File version: 10.6.1.1082</p><p><strong>MachineType: 32-bit</strong></p><p><strong>NOTE</strong>: McAfee Web Control only works with 32bit versions of Outlook.</p><p>https://docs.mcafee.com/bundle/endpoint-security-10.5.0-web-control-interface-reference-guide-epolicy-orchestrator-macOS-windows/page/GUID-3A772EF7-241E-4E87-9417-7D405B4163F5.html</p><figure class="wp-block-image size-large"><img class="wp-image-98" height="262" src="https://tomstechprojects.files.wordpress.com/2019/09/99.png?w=1024" width="640" /></figure><p>Monitoring the behaviour of Web Control shows the Web Control Service in a “Wait” sate,<br />waiting for “mfewc.exe” to pickup any malicious URLS.</p><p><strong>"C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe" saHooker_Initialize_and_Wait </strong></p><figure class="wp-block-image size-large"><img class="wp-image-99" height="571" src="https://tomstechprojects.files.wordpress.com/2019/09/3-1.png?w=724" width="640" /></figure><p>When Web Control is running on a working 32bit version of Outlook, you will see Outlook loads the McAfee Web Control DLL file for use.</p><p><strong>outlook.exe pid: 6504</strong></p><p><strong>Command line: "C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE" </strong></p><p><strong>0x0000000070510000 0x1e000 <br /> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\wcHook.dll</strong></p><figure class="wp-block-image size-large"><img class="wp-image-100" height="440" src="https://tomstechprojects.files.wordpress.com/2019/09/4-1.png?w=1016" width="640" /></figure><p><strong>JavaScript</strong></p><p>How does Web Control make email annotations to emails like the ones below? Outlook doesn’t have a plugin for this, it’s all controlled with JavaScript.</p><figure class="wp-block-image size-large"><img class="wp-image-101" height="393" src="https://tomstechprojects.files.wordpress.com/2019/09/5-1.png?w=458" width="640" /></figure><p>So there are quite a few Javascript .js files that do the work of displaying the warning in Outlook, the main one is this JS file.</p><p> <strong>C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\scripts\safe_im.js </strong></p><p> <strong>Location of scripts</strong></p><p>C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\scripts</p><p>You can see if references various applications it can display the warning for, which<br />Outlook is a part of.</p><figure class="wp-block-image size-large"><img class="wp-image-102" height="153" src="https://tomstechprojects.files.wordpress.com/2019/09/6.png?w=1024" width="640" /></figure><p>Also I found this for McAfee Site Adviser which was the previous product before Web Control that did this, that “Message Preview” is required.</p><figure class="wp-block-image size-large"><img class="wp-image-113" height="285" src="https://tomstechprojects.files.wordpress.com/2019/10/2019-10-02-22_24_44-notcutts-mcafee-web-control-investigation-002.docx-read-only-word.png?w=569" width="640" /></figure><figure class="wp-block-image size-large">https://kc.mcafee.com/corporate/index?page=content&id=KB81730&ePO0514</figure><p><strong>Network Level Troubleshooting</strong></p><p>Where does Web Control obtain its ratings, is it from the ePO Server? Ratings do not come from the ePO server. Ratings come from <strong>sae.gti.mcafee.com</strong> on port 443.</p><p>https://kc.mcafee.com/corporate/index?page=content&id=KB73457</p><p>When corrections are made to the Web Control scripts, the Web Control client automatically downloads them from <strong>sadownload.mcafee.com</strong>.</p><figure class="wp-block-embed is-type-rich is-provider-embed"><div class="wp-block-embed__wrapper">https://kc.mcafee.com/corporate/index?page=content&id=KB87640<br /></div></figure><p>The URL McAfee looks up is below, it tags the malicious URL at the end and looks it up.</p><p>https://www.mcafee.com/enterprise/en-us/threat-intelligence.websitetc.html?vid=http%3A%2F%2Fcolorbackpack.best%2FIqMS7cn_G4zyR_it56S3FdKlt2Zl6yWxH6D4h2BQvrI</p><figure class="wp-block-image size-large"><img alt="Image" class="wp-image-104" height="99" src="https://tomstechprojects.files.wordpress.com/2019/09/8.jpg?w=884" width="618" /></figure><p>Looking at the logs and using Wireshark I was able to find the websites Web Control was using, and these interesting error messages about HTTP 403 return codes, which basically mean Web Control is unable to get to these sites.</p><!--wp:paragraph--><p><strong>McAfee Log: </strong> <a href="//wblt001/c%24/ProgramData/McAfee/Endpoint%20Security/Logs/WebControl_Debug.log"><strong>C:\ProgramData\McAfee\Endpoint Security\Logs\WebControl_Debug.log</strong></a><strong> </strong></p><p>http://sadownload.mcafee.com/products/sa/update.xml</p><p><em>Line 74275: 09/20/2019 11:08:07.056 AM<br /> mfewc(6344.7384) <SYSTEM> WebControl.SaSSHMod.Debug:<br />Http </em><strong><em>request<br />for url [</em></strong><a href="http://sadownload.mcafee.com/products/sa/update.xml"><strong><em>http://sadownload.mcafee.com/products/sa/update.xml</em></strong></a><strong><em>] is forbidden<br />(HTTP_STATUS_FORBIDDEN/403)</em></strong></p><p><em>Line 74274: 09/20/2019 11:08:07.056 AM <br /> mfewc(6344.7384) <SYSTEM> WebControl.SaSSHMod.Debug: Http status<br />code returned = 403 </em></p><p><em>09/23/2019 12:06:38.472 AM <br /> mfewc(2612.3016) <SYSTEM> WebControl.SaSSHMod.Debug: Http request<br />for url [</em><a href="http://sadownload.mcafee.com/products/sa/update.xml"><em>http://sadownload.mcafee.com/products/sa/update.xml</em></a><strong><em>] is forbidden<br />(HTTP_STATUS_FORBIDDEN/403)</em></strong></p><p><strong>What was the solution?</strong></p><p>I added the following exclusions to the “Semi Restricted Whitelist” and the “CFS URL” list in our SonicWall Firewall. I’m not sure if all these sites are needed such as “akamaitechnologies.com” but when running a packet capture on the client and firewall on a device with a malicious email open I could see this traffic being dropped, that’s why I whitelisted it.</p><p>A reboot is required before Web Control kicks in.</p><!--/wp:paragraph--><ol><li>akamaitechnologies.com (It’s a CDN, so<br /> probably used to speed up web control: <a href="https://en.wikipedia.org/wiki/Akamai_Technologies">https://en.wikipedia.org/wiki/Akamai_Technologies</a>)</li><li>*.akamaitechnologies.com</li><li>static.akamaitechnologies.com</li><li>sadownload.mcafee.com</li><li>mcafee.com</li><li>sae.gti.mcafee.com</li><li>sae.gti.mcafee.akadns.net</li></ol><p>To confirm this was the cause I used “Microsoft Network Monitor” on a working machine, which is a tool that shows you process level network traffic, and you can see that the process “mfewc.exe” McAfee Web Control is communicating on port 443 with McAfee servers.</p><figure class="wp-block-image size-large"><img class="wp-image-105" height="151" src="https://tomstechprojects.files.wordpress.com/2019/09/9.png?w=1024" width="640" /></figure><p><strong>Testing & Confirming the solution</strong></p><p>So as we know Web Control only works on 32bit versions of Outlook, after testing this on a few machines after rebooting them, I was able to get the warning message by using the test site <a href="http://www.screensavers.com/">www.screensavers.com</a>.</p><p>You can see this being flagged in Outlook and Internet Explorer.</p><figure class="wp-block-image size-large"><img class="wp-image-112" height="401" src="https://tomstechprojects.files.wordpress.com/2019/10/2019-10-02-22_23_13-notcutts-mcafee-web-control-investigation-002.docx-read-only-word.png?w=735" width="640" /></figure><p>If you look in the log, when McAfee Web Control has found the URL as malicious, it will log it here.</p><figure class="wp-block-image size-large"><img alt="Image" class="wp-image-107" height="129" src="https://tomstechprojects.files.wordpress.com/2019/09/11.png?w=1024" width="640" /></figure><p>Log tolook for "C:\ProgramData\McAfee\Endpoint Security\Logs\WebControl_Debug.log"</p><p>I passed on my findings to McAfee forums to help others. Was really pleased with the response.</p><p>https://community.mcafee.com/t5/Endpoint-Security-ENS/Outlook-email-annotations-McAfee-Web-Control/td-p/636137</p><p><br /></p><p><br /></p><!--/wp:paragraph-->Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-68979216697632342482018-06-27T13:23:00.000-07:002020-05-20T13:58:23.802-07:00Home Cisco LabCreated a home Cisco Lab to help me with my CCNA studies, with Google Home Integration and smart plug to remotely power on my Lab when I'm not at home.<br /><br /><span style="text-decoration: underline;"><strong>Setup</strong></span><br /><br />COM1 = WS-C3750-48P (Switch)<br />COM2 = Cisco 1841 (Router)<br />COM3 = Cisco 877W (Router)<br />COM4 = Cisco 2621XM (Router)<br />COM5 = WS-C3750-48P (Switch)<br /><br />Video Demo: <a href="https://photos.app.goo.gl/7StFR68GfBGtAdMN8" rel="noopener" target="_blank">https://photos.app.goo.gl/7StFR68GfBGtAdMN8 </a><img alt="IMG_20180402_214045" class="alignnone size-full wp-image-74" height="480" src="https://tomstechprojects.files.wordpress.com/2018/06/img_20180402_214045.jpg" width="640" /><br /><br /> Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com2tag:blogger.com,1999:blog-4393437116328567756.post-65198789678169967862018-03-20T14:30:00.000-07:002020-05-20T13:59:36.026-07:00vSphere Client could not connect to IP (The operation has timed out)<pre>We had an issue today where we were unable to logon <br />to a ESX host via the vSphere Client.<br /><br />These were the sort of error messages I was getting.<br /><img alt="" class="wp-image-32 alignleft" height="160" src="https://tomstechprojects.files.wordpress.com/2018/03/capture.png?w=300" width="444" /><br /><br />I spent a lot of time on Google, which lead me to many different knowledge base articles, which were <br />not related to the issue I was having.<br /><br />Most were relating to file locks on the database on the<br />ESX host, but the errors didn’t tie up with the logs on the ESX host.<br /><br />I ran Wireshark, and could see it had established a TCP three way handshake, but started to drop packets<br />when trying to communicate over port 443.</pre><pre><img alt="" class="alignnone wp-image-35" height="126" src="https://tomstechprojects.files.wordpress.com/2018/03/captur2.png?w=300" width="652" /><br />I found online the log that contains information for the sign on process is <br />located here:<strong style="background-color: transparent;"> /var/log/vmware/vpxd/vpxd.log</strong></pre><p style="font-weight: 400;">I checked in the log and found that port <strong>443 </strong>was already in use.</p><p style="font-weight: 400;"><strong> </strong><strong>2018-03-20T15:06:37.661Z [7F4321A15740 error 'vpxdvpxdMoReverseProxy'] [VpxdReverseProxy] Failed to create https proxy: Resource is already in use: <acceptor p:0x00007f4308117200, h:33, ></strong></p><p style="font-weight: 400;"><strong>2018-03-20T15:06:37.661Z [7F4321A15740 error 'vpxdvpxdMain'] [Init] Init failed: ReverseProxyMo::Init()</strong></p><p style="font-weight: 400;">I checked for <a href="https://support.rackspace.com/how-to/checking-listening-ports-with-netstat/">open ports</a> to work out what process was using port 443, and found it was using the process ID of <strong>5911</strong>.</p><p style="font-weight: 400;"><strong>netstat -plnt | grep ':443'</strong></p><p style="font-weight: 400;"><strong>tcp 129 0 0.0.0.0:443 0.0.0.0:* LISTEN 5911/vpxd</strong><strong>tcp 4 0 :::443 :::* LISTEN 5911/vpxd</strong></p><p style="font-weight: 400;">I then searched for <a href="https://www.howtogeek.com/107217/how-to-manage-processes-from-the-linux-terminal-10-commands-you-need-to-know/">the PID</a> to find the name of this process.</p><p style="font-weight: 400;"><strong> ps -A | grep 5911</strong></p><p style="font-weight: 400;"><strong>5911 ? 00:00:00 vpxd-worker</strong></p><p style="font-weight: 400;">I stopped the parent process <strong>vmware-vpxd</strong>, which should stop the child process <strong>vpxd-worker</strong> but it didn’t.</p><p style="font-weight: 400;"><strong>service vmware-vpxd stop</strong></p><p style="font-weight: 400;">I searched again for open ports, and even though the parent process <strong>vmware-vpxd</strong> had stopped, the port 443 was still in use.</p><p style="font-weight: 400;">The vpxd-worker process manages crash dumps. I killed off the process using the kill command.</p><p style="font-weight: 400;"><strong>kill -s KILL 5911</strong></p><p style="font-weight: 400;">I then started the service, and it managed to successfully start.</p><p style="font-weight: 400;"><strong>service vmware-vpxd start</strong></p>Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0tag:blogger.com,1999:blog-4393437116328567756.post-30282522597239661842017-04-25T13:48:00.000-07:002020-05-15T13:22:57.132-07:00Tired of Windows updates - Defer Updates in Windows 10Windows 10 has a feature to defer updates for several months, while still receiving critical security updates.<br/><br/>This is ideal for those who want to make sure updates are thoroughly tested before you install them on your beloved computer.<br/><br/><strong>1.</strong> Go to <strong>Settings</strong> (<a href="http://www.windowscentral.com/best-windows-10-keyboard-shortcuts">keyboard shortcut</a>: Windows key + I) > <strong>Update & security</strong><br/><br/><strong>2.</strong> Tap or click <strong>Advanced options</strong><br/><br/><strong>3.</strong> Check the box, <strong>Defer upgrades</strong><br/><br/><img src="https://www.howtogeek.com/wp-content/uploads/2015/07/ximg_55ab61bacf772.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.eeDjIJV7dP.png" />Tommy Newmanhttp://www.blogger.com/profile/06619258629409840944noreply@blogger.com0