So if you suspect you may have a bad Cat5/6 Ethernet patch cable, you can use a cisco switch cli interface and a few commands to diagnose if the copper pairs of cables connected to the switch are bad. The commands and explanation of TDR (Time-Domain Reflectometer) I found here.
First, ssh or telnet or use the web interface to connect to the switch with the suspect cable.
Use the following command to show the list of interfaces on your switch:
show interfaces
You’ll want to make note of how the interface is described in the previous command because Cisco is pretty particular. In my case I’ll test GigabitEthernet1/0/1.
Next issue the following command to first test the interface in question:
test cable tdr interface GigabitEthernet1/0/1
You will probably get something like the following result:
TDR test started on interface Gi1/0/1
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
Wait 10 seconds and then issue the command to show the cable diagnostics result:
show cable-diagnostics tdr interface GigabitEthernet1/0/1
And the output will look something like the following:
TDR test last run on: December 05 18:50:53
Interface Speed Local pair Pair length Remote pair Pair status
Gi1/0/1 1000M Pair A 19 +/- 10 meters Pair B Normal
Pair B 19 +/- 10 meters Pair A Normal
Pair C 19 +/- 10 meters Pair D Normal
Pair D 19 +/- 10 meters Pair C Normal
In our results we see Normal under Status. The following could be your status if there is a problem.
Result
Explanation
Normal
Ideal result you want. If testing FastEthernet, you want Pair A and B as “Normal”. If testing GigabitEthernet, you want ALL as “Normal”.
Open
Open circuit. This means that one (or more) pair has “no pin contact”.
If you have a disk drive that is running out of space because a database is starting to grow too large for the drive in an EBS volume on AWS, you may be asked to modify or expand the volume. In this case, we are tasked with expanding the “E drive” on a Windows Server 2012 AWS virtual machine. Because this is not a boot volume, and because it is an NVMe-based gp2 volume, it will be fairly easy to expand the volume without having to do things like shut down the instance, take a snapshot, expand the snapshot etc.
When you have a lot of disks attached to a Windows Server corresponding to a lot of different volumes attached to the instance in AWS, it can be a little tricky identifying the correct volume to expand. Read below to learn how to match an EBS volume in AWS to a Disk drive in Windows, expand the volume in AWS, and then finally resize the disk in Windows.
Identify Volumes Associated with Instance
First, log into AWS
Next, Go to EC2 > Find your instance in EC2 by name, select it, then copy the instance ID.
get instance id
Next, navigate in AWS to EBS > Volumes.
Find all the volume names associated with the instance by pasting the Instance ID into the search box at the top of the screen.
Next find the command prompt and open CMD as administrator (right-click on CMD icon > run as administrator.)
Run CMD as Administrator
Change directory in CMD to your desktop with the command:
cd c:\users\jcoltrin\desktop
Run the ebsnvme-id.exe in the Administrator Command Prompt
run ebsnvme-id.exe in cmd
Identify Disk in Windows and Match to Volume ID
Next, on the Windows server, open Server Manager
Windows 2012 Server Manager
In the upper-right corner of Server Manager, go to Tools > Computer Management
Server 2012 Computer Management
Make note of which disk (Disk 0, Disk 1, Disk 2, etc) corresponds to the Device Name and Volume ID that you want to change. In my case I want to expand Disk E, which is also known as Disk 3. Looking at the output of the CMD screenshot above, I can see Disk 3 shows my Volume ID is vol-0a17e…, and Device Name is XVDB.
Server 2012 Disk Management
Modify and Expand EBS Volume in AWS
Now that we are sure which volume it is we want to expand, and that this is not our Boot drive we can right-click on the vol-0a17e… volume in EBS and choose Modify Volume. **If the Disk is your boot drive, a snapshot should be taken first, and then shut down to expand the snapshot volume, then detach the snapshot, and attach the expanded volume.
EBS Modify Volume
A new dialog box pops up asking for the new size of the volume:
EBS Modify Volume Size Dialog
Enter the new size and click Modify.
Switch gears and now go back to your RDP session, go to Disk Managment, Right click on the volume and choose Extend Volume… > use all of the available space and click ok.
Our Volume size has now been increased and we can continue to grow!
To enable Bitlocker on your Windows computer, you first need to be running the Windows 10 Pro operating system. Windows 7, Windows 8, and ‘Windows 10 Home’ versions do not support Bitlocker.
It’s a good idea to first know your current operating system version. To do so, click on the Start Button and type “WinVer” and then press Enter:
Check the version of operating system. You need to have Windows 10 Pro. As of the time of writing this article, the most version of Windows 10 is Version 1909 (OS Build 18363.592).
If you have Windows 7, follow the upgrade instructions below. If you have Windows 10 Home, then you need to purchase the upgrade to Windows 10 Pro, and follow instructions here.
You need to upgrade from Windows 7 Home to Windows 10 Home before you can upgrade to Windows 10 Pro.
When running the Media Creation Tool, run the Upgrade option. It will take a while and several reboots to upgrade from Windows 7 or 8 to Windows 10. If you started with Windows 7 Home or Windows 8 Home, the tool will most likely upgrade your PC to Windows 10 Home.
After you’ve finished the ‘Windows 7 Home’ to ‘Windows 10 Home’ upgrade, you now need to upgrade from Windows 10 Home to Windows 10 Pro in order to get the Bitlocker feature.
Upgrade from Windows 10 Home to Windows 10 Pro
To upgrade from Windows 10 Home to Windows 10 Pro, click on the start button and type ‘Microsoft Store‘ and press Enter.
In the store, search for Windows 10 Pro in the upper-right corner of the store:
Purchase the upgrade ($99) and then run the upgrade. The process will take a while and several reboots.
Once you are on Windows 10 Pro, open the File Explorer, click This PC, then Righ- click on the C: drive and choose Turn on Bitlocker or Manage Bitlocker.
Enable Bitlocker for the C: drive – Save the Bitlocker encryption/decryption key to a removable USB drive, save to the cloud, and print for a hard copy. This password to unlock the drive and the Recovery/Decryption key are very important, do not lose them.
Follow the default prompts (ok to skip system check) and the drive will begin encryption. You should see a status bar and progress indicator showing the percentage of encryption. When it reaches 100%, the encryption process has finished.
Reboot the system to complete the encryption of the drive.
After the reboot, log in to the desktop again, and use the Windows Control Panel to check the status. Please follow instructions here:
If you have recently enabled MFA multi factor authentication or 2FA on your Office 365 tenant, your Microsoft Outlook for Office 365 MSO 16.0.11929 (desktop version) users may be prompted over and over for their password, even though you are sure you have the correct password and even the apppassword / app password hash. I’m sure you’ve tried to re-configure Outlook, look at Azure settings, reinstall Outlook, check your autodiscover records, make sure you have the correct Office Suite version and perhaps have even attempted to change the windows 10 registry with the following settings:
So I thought it would be helpful to have a step-by-step how to enable modern authentication in Exchange Online for Office 365 based on the instructions provided in the link above.
With MFA enabled, connecting to Exchange Online with powershell is not as simple as it used to be, but still not all that bad. I’ve found the easiest way to connect to Exchange Online with Powershell is to do the following.
Note: A forewarning here, with certain browsers, when clicking on the Exchange Hybrid “Configure” button, and then installing the Hybrid configuration, the Office 365 login screen may may flash on the screen as a white box, and then disappears before you can authenticate and use your 2FA txt code. I’ve seen this when using Microsoft Edge, Chrome, and even the new version of Microsoft Edge based on Chromium. The only browser I’ve gotten this to consistently work with is the Internet Explorer browser built into Windows 10. The Internet Explorer browser is installed on Windows 10 by default, it’s hidden in the start menu under Accessories:
If you do attempt to run the Exchange Powershell Module using chrome you may encounter the error:
“Application cannot be started. Contact the application vendor.”
When clicking the Details… button, you may find information similar to the following:
PLATFORM VERSION INFO
Windows : 10.0.18363.0 (Win32NT)
Common Language Runtime : 4.0.30319.42000
System.Deployment.dll : 4.8.3752.0 built by: NET48REL1
clr.dll : 4.8.4121.0 built by: NET48REL1LAST_C
dfdll.dll : 4.8.3752.0 built by: NET48REL1
dfshim.dll : 10.0.18362.1 (WinBuild.160101.0800)
SOURCES
Deployment url : file:///C:/Users/Jason/Downloads/Microsoft.Online.CSE.PSModule.Client%20(3).application
IDENTITIES
Deployment Identity : Microsoft.Online.CSE.PSModule.Client.application, Version=16.0.3527.0, Culture=neutral, PublicKeyToken=45baf49ae30bdb15, processorArchitecture=msil
APPLICATION SUMMARY
* Installable application.
* Trust url parameter is set.
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Users\Jason\Downloads\Microsoft.Online.CSE.PSModule.Client (3).application resulted in exception. Following failure messages were detected:
+ Deployment and application do not have matching security zones.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [4/3/2020 3:32:57 PM] : Activation of C:\Users\Jason\Downloads\Microsoft.Online.CSE.PSModule.Client (3).application has started.
* [4/3/2020 3:32:57 PM] : Processing of deployment manifest has successfully completed.
* [4/3/2020 3:32:57 PM] : Installation of the application has started.
ERROR DETAILS
Following errors were detected during this operation.
* [4/3/2020 3:32:57 PM] System.Deployment.Application.InvalidDeploymentException (Zone)
- Deployment and application do not have matching security zones.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.DownloadManager.DownloadApplicationManifest(AssemblyManifest deploymentManifest, String targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, Uri& appSourceUri, String& appManifestPath)
at System.Deployment.Application.ApplicationActivator.DownloadApplication(SubscriptionState subState, ActivationDescription actDesc, Int64 transactionId, TempDirectory& downloadTemp)
at System.Deployment.Application.ApplicationActivator.InstallApplication(SubscriptionState& subState, ActivationDescription actDesc)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl, Uri& deploymentUri)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivationWithRetry(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
At this point, it may be necessary to uninstall the existing module and then re-install and run using Internet Explorer. You may even receive the following error:
"You cannot start application Microsoft Exchange Online Powershell Module from this location because it is already installed from a different location."
To uninstall the module, click the Start Button > type “appwiz.cpl” and press Enter.
Inside of the Programs and Features screen find the application and click Uninstall.
After uninstall, log into your tenant (with an administrator account) at https://www.office.com using Internet Explorer 11, and click the Admin link:
Next, Expand the Menu on the left menu by clicking Show All… and then click on Exchange:
Next we want to click on the Hybrid link to get to our Powershell Configure button:
Go ahead and install the component if it asks, and when it completes, you’ll be greeted with a Windows Powershell screen with the following message:
Experience the fast and reliable Exchange PowerShell V2 Cmdlets via new PowerShellGallery module. Go to https://aka.ms/exops-docs
This PowerShell module allows you to connect to Exchange Online service.
To connect, use: Connect-EXOPSSession -UserPrincipalName <your UPN>
This PowerShell module allows you to connect Exchange Online Protection and Security & Compliance Center services also.
To connect, use: Connect-IPPSSession -UserPrincipalName <your UPN>
To get additional information, use: Get-Help Connect-EXOPSSession, or Get-Help Connect-IPPSSession
We now want to initiate our session using the instructions provided. At the prompt, type in the command:
You’ll now be prompted to sign into your tenant (Work or School). You’ll see some status bars go by and then be prompted with a warning about unapproved verbs (for example banish?)
So now we want to (only look before making changes) get our organization structure, and more precisely, find the status of our OAuth2ClientProfileEnabled setting by issuing the command:
That’s about it! Give the setting about an hour to propagate and then try testing Outlook on the desktop again. You may get a few clients where their profile needs to be recreated. You can do this by going into the control panel > (1) choose Small Icons > (2) Mail Microsoft Outlook 2016.
Then click Show Profiles
Click Add…
Now when setting up the new mail account, you should be prompted with the modern authentication and you’ll be prompted for your txt code or Microsoft Authentication Application.
If you’re working remote with just a laptop, or
a laptop and a small 2nd monitor, the desktop gets pretty cramped
for a sysadmin. One way to mitigate the pain is to use your OS’s virtual
desktops functionality.
Here’s links to guides for Windows, Ubuntu, and MacOS on how to get started with them for your OS. Using Windows as the example, you just press Win-Tab and click the plus sign at the top for New Desktop.
Then drag existing windows on to it, and now they’re on a separate screen. To quickly move between virtual desktops, you can use the CTRL-WIN-left/right arrows.
Once you get in a habit of using them, it’s great for keeping multiple small applications visible on a whole desktop, or multiple full screen apps on their own window that you don’t have to constantly minimize/maximize. You can use Win-Tab (or the Task View button next to the Cortana button on your taskbar) to mass organize things or rearrange, and your Taskbar will reflect what items are open on that particular Desktop.
Alerts and notifications will still appear, even if you’re on a different virtual desktop, and interacting with the notification will teleport you to the relevant desktop.
One gripe with the Windows Virtual desktops is that there’s no easy way to move between desktops without taking your hand off the mouse. You can use the buttons on the side of your mouse (if your mouse has them) to switch desktops if you have the buttons on the side. If your mouse software doesn’t support the windows key combos check out X-Button Mouse Control. Set the buttons to generic and tell X-BMC to change it to the virtual desktop switches.
In order to display an application on all virtual desktops, do Win+Tab, then Right click the Chrome window you want Show window on all desktops.
One thing to note is if you have an AWS Workspace desktop open inside of a virtual desktop, it’s best to have the workspaces desktop in the far-left/primary desktop.
When working remotely in RDP, and you have multiple monitors, and you remote into a machine with multiple monitors, when you open the Remote Desktop client, click the Show Options button then under the display tab, ‘select use all my monitors’ for the remote session.
A user complained that valid good email was being sent to the Junk email folder on outlook on the web. To get to the setting, click on the Gear Icon > View all outlook settings > Junk Email. Attempts to uncheck “Only trust email from addresses in my safe senders and domains list and safe mailing lists.” were unsuccessful and we cannot save the setting.
In the event our Ubuntu server has an incorrect time, a clock that is offset may prevent users from logging in, or for example, synchronizing databases. If OpenVPN is in use with 2FA and google authenticator, their login is dependent on the time of the server being correct . We want to ensure our end users can log into the server or OpenVPN successfully. Let’s start by viewing the clock on our server, and then synchronize the clock with an internet-based time service.
First issue the command:
date
If we compare this time with an accurate clock, such as a cell phone, we may see this time is no accurate. The date display in the above screenshot shows the Day, Date, Hours, Minutes, Seconds, TimeZone and Year.
Let’s check to see if our clock is set to be synchronized. Do this by issuing the command:
timedatectl status
Here we see that our “NTP synchronized: no” status indicates our Network Time Protocol synchronization is turned off.
In order to get our clock synchronized and change it to NTP synchronized: yes, we need to do the following.
Stop the ntp service
Sync the time using ntpd with the -g and -q switches (allows the time to be set without restriction)
Start the ntp service
We can do this by issuing the commands:
Sudo service ntp stop
Sudo ntpd -gq
This will produce something like the following output:
In this output we can see that our time was offset and adjusted by -49.77 seconds.
Next let’s start the ntp service again with the command:
Sudo service ntp start
Lastly we can confirm that our time is set correctly and that NTP synchronized: is now set to yes with the command:
timedatectl
That should do it! Try issuing the command date again and compare it to an accurate clock. Check to see that your OpenVPN users can log in. If they continue to have issues, check out the article on Troubleshooting OpenVPN
When
trying to install Microsoft Visio or Publisher with a Volume License MAK
license key alongside Office 365 Pro Plus, the Visio .iso installer may give
the error: “this version of O365 does not get along with the Installer, or you
cannot install 32bit with 64bit”. You may even have tried uninstalling the 32
bit version of Office, install the 64 bit version, only to receive the same
exact message. You may find installing 64 bit Visio Volume License with 64 bit
Office 2016 Pro Plus doesn’t work, nor does 32 bit with 32 bit, nor 64 bit with
32 bit. It can be frustrating.
The problem is that Microsoft has moved away from mixing the Volume License .iso installations (downloaded from the Volume Licensing website here: https://www.microsoft.com/Licensing/servicecenter/default.aspx ) – on the same computer with the “Click to Run” versions of Office you typically download from within Office 365 online. Instead, to get around the issue, you need to use the Office Deployment Tool. This will allow you build a build a package you’ll run from the command prompt to install for example, Visio or Publisher, on the same computer as Office 365 Pro Plus Click to Run. The configuration and setup is not all too difficult and we’ve documented the installation instructions below.
*NOTE: While I’ve found Visio .ISO/MAK can be happy with CTR, and although I have gotten it to work in a few instances, I wholeheartedly recommend to bite the bullet and use O365 Visio monthly licensing alongside the O365 Click-to-Run suite. It’s orders of magnitude easier to deploy Visio with O365 than to mix CTR with ISO’s/MAKs! It will save you worlds of frustration when someone moves to a new PC, or MAK licensing changes. Instead, go to Office365 licensing, purchase a Visio license, and assign it to a user. Any money saved by mixing MAK licensing with click to run, in my opinion is not worth the headache. That being said, a lot of the instructions below are relevant to a sysadmin’s job, and you should be familiar with how the deployment tools and office ‘configurator’ works, so read on.
The first thing we need to do is download the Office deployment tool from the following site:
Run the .exe you downloaded, accept the license terms, and extract the tool to a new folder you create named c:\admin\ODT
Click OK
Next, let’s switch gears and configure and run the online XML generator tool to build the XML file which we’ll need to configure the tool we just downloaded and extracted above.
At this website you can log into your office account (Recommended), or alternatively choose to continue without signing in:
In our example we’ll create the file by logging in first by clicking “Sign in.”
Once logged in, click on Customization > Device Configuration > +Create.
You’ll notice in the screenshot above we’ve already created a customization file which installs the 64 Bit version of Office Click to Run along with Visio 2016 Standard Volume license. We can download ImageFileNamethis configuration file again at a later date if we lose our .xml file.
In this example, we’ll create a customized file that pairs and combines installations of 32bit Office 365 Pro Plus with Visio Standard 2016 Volume License.
Click on the + Create button.
We first give the configuration a title, something like:
32-Office365CTR_and_Visio2016-32-VL_Key
Our configuration will be setup something similar to the following:
Take note that Office365 has different versions, and you click the “Learn More” link to decide which version to install or accept the default “Latest”. You might want to install the version that all of your other deployed Office365 versions are using. If you choose “Latest” you’ll most likely get a newer version of Office365 installed than everyone else. As a reference, I’ve copied one of the version tables below:
Also take a look at the primary language, and any other Office Suite apps you don’t want installed. It’s worth it to click through each heading to see what’s inside.
Next, we need to provide our Visio Standard 2016 volume license key. Do this by first logging into the Microsoft Volume Licensing Center here: https://www.microsoft.com/Licensing/servicecenter/default.aspx , find your product, your version, expand the license keys, and copy the license key into the Office Customization Tool under the heading Licensing and Activation > Product Key > Multiple Activation Key:
Finish by clicking Done in the upper right-hand corner.
Next, place a check next to the configuration file we’ve just created and click Download:
Once you’ve downloaded the .xml file, copy it into the c:\admin\ODT folder.
Open the command prompt on the computer onto which we’ll be installing Office 365 and Visio.
Change directory to c:\admin\ODT with the command:
cd c:\admin\ODT
Run the setup.exe tool from the command Prompt first with the /download switch, followed by the name of your .xml configuration file (use tab to auto-complete the long file name.) For example the filename would look like:
setup.exe /download configurationFileName.xml
The download will be “silent” – it will take about 10 minutes to download the installer to the c:\admin\ODT\Office folder.
Once the download completes, the cmd prompt will be waiting for input again. Next run the setup.exe, except this time, with the /configure switch (again, reference your .xml file.) The /configure switch will process and install your applications as demonstrated in the following screenshot. For example the command would look like the following:
setup.exe /configure ConfigurationFileName.xml
When it finishes both the click to run Office365 will be installed as well as the Visio Volume License MAK version.
We’re done! Now if we need to do another install on a different computer of our Office365+Visio, we can copy the deployment tool and the .xml file to the computer and run the command prompt installer again.
Thanks for all your support. Some of you may have noticed a little downtime. I invested a little professional expertise in the site and you should now see better performance and more site reliability and uptime. Special thanks to Gregory Morozov at upwork.com who quickly identified and resolved the following issues:
Convert PHP to php-fpm – for many reasons, but one is control over max php processes (I’ll use: service php7.2-fpm restart – if I need to restart php.)
Relaxed Wordfence triggers so users don’t get denied access
Dropped memory usage from 700+MB to 400MB
Fixed invalid Repos, other updates and maintenance.
We’ll monitor the site usage into the beginning of next week to see if we need to add more memory to the instance.
Say you have a Windows 7 or Windows 10 PC that has Sophos installed on it, but you cannot find the device in the management console in order to disable tamper protection. You want to uninstall Sophos because it is out of date or cannot communicate with the Sophos cloud. However, when you search for the device name in the console, it isn’t listed with the current computer name. The device was probably renamed several times. So how do you remove or uninstall Sophos without disabling tamper protection? My best advice is don’t try to uninstall the client without first disabling tamper protection.
In many instances, the Sophos client is out of date and cannot communicate with “Management Communication”. In the bottom-right corner of the Sophos client, you can click on “About”.
Here we can find the “Run Diagnostic Tool”. After running the tool you may find some errors such as the following: Last Communication – Failed with error ‘504 Gateway Time-out’ at 08:40:48 Jun 28, 2019 (UTC-07:00)
Reading the knowledge base articles about this and attempting to restart MCS Client services etc didn’t work for me. Instead, we need to find the identifier for the device so that we can get to the device page and obtain the Tamper Protection Password. To do this, on the computer with the bad installation of Sophos, open the File Explorer and go to:
C:\programdata\sophos\management communication system\endpoint\persist\
Inside this directory we will want to open the file named EndpointIdentity.txt
Copy the string of letters and numbers into your clipboard.
Next, log into your Sophos Cloud Console at https://cloud.sophos.com/manage/login then go to Overview > Devices. Click on any existing device and you’ll be directed to the page of that identity. At the top of the page, replace the identity string of the device you copied from the EndpointIdentity.txt file into the URL of the sample device, then hit Enter.
You should now be directed to the page with the correct device identity and password to disable Tamper Protection.
*If this article helped you please click on an ad to help pay for hosting and new content. 🙂
