Firewall - License Expired and Palo Alto behavior

In case your Palo Alto licenses suddenly expires Palo Alto will face below behavior.

What Happens When Licenses Expire?

What Happens When Licenses Expire? #2

Consider that, in case Firewall/VM will be rebooted only 1200 sessions, at the same time, will be available

Server - How to debug DNS queries on Domain Controllers

On windows Server environment, it could be useful to debug and save any DNS query submitted to your domain controllers/DNS servers.

There is an easy way to achieve this goal.

In fact you need to enable DNS debugging mode.

After this feature is enabled you can check logs and identify devices that are querying specific DNS entries/websites.

This approach it is useful, at first, about security interdipendence as well...

  1. Open DNS Manager (dnsmgmt.msc)
  2. Right-click the DNS server and click Properties.
  3. Click the Debug Logging tab.
  4. Select Log packets for debugging.
  5. Enter the File path and name, and Maximum size.


[related articles]

Firewall - Complete list URL Filtering Categories #PALO ALTO

Palo Alto has URL filtering feature possibility.

About complete list URL Filtering Categories here it is official web link:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC

In case you would like to test web site link and find relative categorization here it is another useful link:

https://urlfiltering.paloaltonetworks.com/

2016 #Multiple RDP connections #how to bypass 2 session limit

If you need to allow RDP multiple connection to windows 2016 server you can follow below procedure.

Be aware that alrerady installed internal RDS cal server is a prerequisite

Here they are minimal steps that need to be followed:

  1. Go to Server Manager in Windows Server 2016
  2. Click Add Roles and Features
  3. Then select Role-based or feature-based installation
  4. Choose:  Remote Desktop Services
  5. Then choose:  Remote Desktop Session Host
  6. Install the role
  7. restart server
  8. GDPEdit.msc
  9. Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
    • Set Limit number of connections to Disable.
    • Set Restrict Remote Desktop Services users to a single session to Disable.
    • Set Limit number of connections to enabled 999999
  10. Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
    • Set Use the specified Remote Desktop license servers to enabled (indicate FQDN server name)
    • Set the Remote Desktop licensing mode to enabled (Per User or Per Device)
  11. gpupdate /force
  12. Test multiple RDP connections
  13. Launch RD Licensing Diagnoser snap-in to check that everything is working properly.


Firewall #Palo Alto and dynamic/blacklist IP

Palo Alto permit to read proper .txt file exposed through https/http website (usually IIS) to import IP list to that must blacklisted

I am taking note about official article:

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/configure-the-firewall-to-access-an-external-dynamic-list

O365 #OUTLOOK & OWA#EMAIL RECALL

Office 365 through Outlook or Owa/Web link give you possibility to recall/modify email sent but not already read.

Here they are some exemplificative screenshots and procedure.

Recall or replace an email message that you sent

a) OWA SETTING

b) OUTLOOK SETTING




Extra IT - Artistic products #yasmeenkarts

I always admired those persons who have artistic abilities like drawing, painting, music playing and so on…

But, I admire much more who shine in scientific disciplines and more and more who shine artistic field at the same time.

For this reason I would like to mention and endorse works and products created by this artist.

https://www.instagram.com/yasmeenkarts/

I indicated some photos, without wanting to be exhaustive ( just to give products quality major idea)

Finally, I total agree, with this assertion (indicated, in previous Instagram Profile)

 “…The way to know life is to love many things…”








Windows 10/11 - how to limit Windows Update bandwidth

Here it is article that explain on how to limit badnwidth used for Windows updates background and foreground downloading.

https://www.thewindowsclub.com/limit-windows-update-bandwidth-windows-10#

WIFI #HOW TO RETRIEVE STORED PC PASSWORD

In case you have necessity to view stored wifi passwords this is command that is necessary to be executed. (with administrative rights)

for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr -i -v echo | netsh wlan show profiles %j key=clear

Windwos - How to throttling Network file transfer speed

I am taking note, on blog, about an interesting article that explain several ways used to limit bandwitch usage during file transfer.

From my side, GPO, related to QoS was decisevely useful.

https://woshub.com/limit-network-file-transfer-speed-windows/

Vmware #Vmware tools & Windows update

Windows Update permit to download updated Vmware Tools.

On Virtual environment it is important to know if this behavior is acceptable or might arise outages risks.

Here it is Vmware article that confirm that this update approaching way it is both safe and acceptable

https://kb.vmware.com/s/article/82290

Security - Kerberos and CVE-2022-37967

The November 8, 2022 Windows updates address security bypass and elevation of privilege vulnerabilities with Privilege Attribute Certificate (PAC) signatures. This security update addresses Kerberos vulnerabilities where an attacker could digitally alter PAC signatures, raising their privileges.

After this patch patch installation you must, to prevent DC problems, following 4 steps indicated in bottom article

KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967

Office - 2016/2019 stop supported for connecting MS 365 services (a.e. Exchange online, Sharepoint on line or OneDrive for business) #October 10, 2023

 


https://learn.microsoft.com/en-us/deployoffice/endofsupport/microsoft-365-services-connectivity

CISCO - Show the Complete Configuration without Breaks/Pauses on Cisco Router/Switches, ASA Firewall and WLC

On Cisco Network devices you could have necessity to show running configuration withouth breaks/pauses:

switches/router:

show terminal | in Length

terminal length 0

show run

show run brief 

WLC

config paging disable

show run-config" to display the config.

Cisco ASA

Pager (saved)

terminal pager (telnet session not saved)

The default is 24 lines; 0 means no page limit.

1. Type "pager 0" in priviledged mode to set your terminal to display without any breaks.

2. Type "show run-config" to display the config.

3. Type "pager 20" in priviledged mode to set your terminal to display with breaks every 20 lines.


full article:

https://community.cisco.com/t5/networking-knowledge-base/show-the-complete-configuration-without-breaks-pauses-on-cisco/ta-p/3115114

Antivirus - Windows 7 high memory usage due to SophosFileScanner.exe

Since yesterday night several Windows 7 O.S. was affected by high memory usage due to SophosFileScanner.exe process.

CPU usage was constantly at 100%.

Sophos support indicated that problem was due to this reason:

  • During a staged roll-out of an updated machine learning model, customers began reporting excess CPU usage.  As it became apparent that the performance issues were related to this silent update, the decision was made to roll back to the previous version. 
  • The problematic model version identifier is 20230629.  The rolled back version is 20230202.  The rollback should be completed imminently. 




Server - REBOOT IDRAC and fix email sending problem (on dell Server)

In case you need to restart server idrac (or reset it) you can follow this youtube video explanation



otherwise if you are facing email sending errors you should fix putting:
emailname@emaildomain
A) Static DNS Domain Name: emaildomain
B) DNS iDRAC Name: emailname
Here it is relative screenshot



Security - Sophos AV stop definitions updates #WORKAROUND & #DETAILS **JULY 2023**

During these latter weeks Sophos released new AV version. (Core Agent 2023.1/Server Core Agent 2023.1 )

PROBLEM

  • This letter Sophos version require that these O.S. have propter September 2021 patches installed.
  • In case you are not on track with MS updates or Windows version it will occur this problem
  • End point Sophos definition updates will stop working
    • Client: Early of July 2023
    • Server: End of July 2023

AFFECTED SYSTEMS AND DEVICES

    • Windows computers:
      • From early-June 2023, Windows 10 (x64) operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Core Agent 2023.1 and above.
    • Windows servers:
      • From late-July 2023, Windows 2016 operating systems and above that don't support Azure Code Signing (ACS) will fail to complete the upgrade process to Server Core Agent 2023.1 and above.

  WORKAROUND APPLICABLE TO POSTPONE PROBLEM

  • The Software Packages functionality in Sophos Central can be used to assign devices to a Fixed term support (FTS) version.
  • The current version for Windows computers and servers is FTS 2022.4.3.2 and can be assigned to devices for the duration of time it takes to apply the Windows Security Updates.
  • Note: There is an expiry date for all software package versions after which devices will stop updating.
    • The expiry date for FTS 2022.4.3.2 on Windows computers is October 10, 2023.
    • The expiry date for FTS 2022.4.3.2 on Windows servers is November 14, 2023.
  • To achieve this goal you must modify Update Management policy as indicated in below screenshots.

 


APPENDIX

Full details on required updates can be found in Microsoft’s official KB5022661 on this topic. 
https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea6-85dd-6630229e8ef4

In addition to having the required Windows Security Updates to verify modules signed by Azure Code Signing, devices must have the "Microsoft Identity Verification Root Certificate Authority 2020" certificate authority (CA) installed.

Generally impacted O.S. are Windows 10/11 and Windows 2016/2019/2021 server versions.

Legacy O.S. are not impacted:

Windows 8.1

  1. Windows Server 2012 R2
  2. Windows Server 2012
  3. Windows 7.0 SP1
  4. Windows Server 2008 R2
  5. Windows Server 2008 SP2 

New Installation

From the 18th of April 2023, new installations to operating systems that don't support Azure Code Signing (ACS) will fail.

CITRIX #PVS Machine Account Password

On PVS Citrix servers you have to do this configuration avoiding that provisioned server, using VHDX technology, will face Machine Account password misalignement.

https://support.citrix.com/article/CTX132289/how-to-troubleshoot-provisioning-services-server-machine-account-password

Command line - findstr paramater

There is an easy way to find string internally command output.

This command is Findstr known.

systeminfo | findstr /i "system model" 

To find local server/pc network connection in plase below command it could be very useful

nestat -ano | findstr /i "x.y.z.w"

Security #How to encrypt 7zip folders using as repository

If you have necessity to protect some folders using passwords/encryption using as single repository (where copy/modify/delete folders/Files) consider that 7zip has a simple feature that permit to get this result.

An alternative way is using EFS (more secure) or attaching .VHD file and proceeding, furthermore, to apply bitlocker encryption.

Here they are related articles useful to go deeper on this topic.



7zip, EFS

 https://helpdeskgeek.com/windows-10/how-to-password-protect-a-folder-in-windows-10/

Bitlocker e VHD

https://www.tenforums.com/tutorials/138500-create-bitlocker-encrypted-container-file-vhd-vhdx-windows.html



Server - MMC GPO Security Options errors - MMC cannot initialize the snap-in

Using MMC snapin, on windows server (in my case on 2016 version), basically managing GPOs, you might face below errors.

I get the error message stated in the subject line whenever I try to open Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> from GPO.



I found three alternatives to manage this error:

Option 1

  1. This was broken with the September 8, 2020—KB4577015 update. currently the only solution is to uninstall it.

    https://community.spiceworks.com/topic/2291581-windows-2016-mmc-snap-in-error

  2. Then install KB4571694, reboot and try again or patch KB4580346 (I did not investigate at 100%)

    https://community.spiceworks.com/topic/2291581-windows-2016-mmc-snap-in-error

    https://learn.microsoft.com/en-us/answers/questions/124913/server-2016-mmc-has-detected-an-error-in-a-snap-in
Option 2
  1. Export REG key:

    reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId" C:\Temp\DontDisplayLockedUserId.reg

  2. Deleting REG key

    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLockedUserId" /f

  3. Change GPO 

  4. Reimport Register key
    Double clicking here
    C:\Temp\DontDisplayLockedUserId.reg
  5. Original article: 

    https://learn.microsoft.com/en-us/answers/questions/124913/server-2016-mmc-has-detected-an-error-in-a-snap-in
Option 3

  1. On a full patched server or PC install RSAT and solve problem in this way
    https://www.alessandromazzanti.com/2019/05/windows-10-how-to-install-rsat-on.html

  2. Server - How to Execute RSAT snapins with different users without server/client logon necessity
    https://www.alessandromazzanti.com/2017/10/server-how-to-execute-rsat-snapins-with.html

REFERENCES

Tutorial - PFX to PEM certificate exporting procedure #HOW TO

If you have necessity to transform .PFX certificate to .PEM files you have to follow a specific procedure:

Consider that PFX file is a certificate, in PKCS#12 format, it contains SSL certificate (public keys) and corresponding private keys.
Be aware that a PEM file is a text file, containing one or more items, in Base64 ASCII encoding, each with plain-text headers and footers (e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)

Here they are steps that you should take place

  1. Install OpenSSL
    https://slproweb.com/products/Win32OpenSSL.html

  2. Copy .pfx files in same folder where OpenSSL.exe is located

  3. First case: To convert a PFX file to a PEM file that contains both the certificate and private key:

    Launch below commands:
    openssl pkcs12 -in original_certificate.pfx -nocerts -out Exported_certificate_private_key-encrypted.key

    (you will be prompted to insert original password and new one)

    openssl pkcs12 -in original_certificate.pfx -clcerts -nokeys -out Exported_certificate_private_key-encrypted.crt

  4. Second case: How to convert PFX file to PEM file (that contains both certificate and private key):
    openssl pkcs12 -in original_certificate.pfx -out Exported_certificate.pem -nodes

    (you will be prompted to insert original password and new one)
[Original articles]



Veeam - Free Guide "Vmware Backup For Dummies"

Veeam give you ability to freely download Vmware Backup dummies edition.

It is simple necessary to insert, on web form, few personal/working information and download link is available.

English version

https://go.veeam.com/wp-vmware-backup-for-dummies

Italian Version

https://www.veeam.com/it/wp-vmware-backup-for-dummies.html

On blog you can review old blog posts at below link:

https://www.alessandromazzanti.com/search/label/Veeam





Teams - New version faster and with less memory usage

Microsoft, released, during these days, a new Teams versions that it should be decisevely faster and with less memory usage.

This is official Microsoft article.

Here you can find other blog teams related articles:

Teams - How to disable message reading acknowledgement

Citrix - Teams installation & Remote Assistance Request/Offer limitation


Active Directory - FSMO Seizing, DRSM Password Reset and Dc health checks/best practices

As mentioned on old blog posts it is important to know which DCs (in your domain/Forest) are holding five Active directory roles using this command line.

netdom query fsmo

At the same time it is important to test your DCs health.

https://www.alessandromazzanti.com/2015/05/server-commands-to-verify-domain.html.

If you are facing unlike situation that DCs holding all 5 Ad roles (or few of them)  are no longer working you should start planning Seizing roles activity.

Here it is a Microsoft article that well apply to all Microsoft Server versions.

https://support.microsoft.com/en-sg/help/255504/using-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control

Here they are other important suggests:
  1. Microsoft best practices suggest to have at least a Physical Domain controller indeed to have all them virtualized:
  2. I warmly suggest to check all your server and to have local Administrator password (and account enabled).
  3. To check, on all your servers/Dcs to have indicated DNS1, DNS2 and DNS3 pointing to active DCs/DNS
  4. Have 5 AD roles splitted between at least two domain controllers.
  5. About Domain controllers have DRSM Administrator password, if not known proceed to have it resetted.




Firewall - How to backup configuration #PALO ALTO

Here it is official article that well explain on how to backup Palo Alto configuration.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POICCA4&lang=en_US%E2%80%A9

Below you can find relative explicative screenshot.



Firewall - What happens when licenses Expires #PALO ALTO

I am taking note about what happen when Palo Alto licenses expires.

These are weblinks that well explain all details:

https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/license-the-vm-series-firewall/what-happens-when-licenses-expire

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/subscriptions/what-happens-when-licenses-expire

Be Aware that if you get unexpected Firewall/VM reboot only 1200 internet sessions are supported. (and this is a big problem in case license renew process is not yet completed)

Indeed here are located Palo Articles that explains how to proceed with license renewal process

Action Required:

To complete the credit renewal process, you will need to follow the instruction in the following document https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/license-the-vm-series-firewall/software-ngfw/renew-your-software-ngfw-credit-license

Tech Docs:


OUTLOOK - HOW TO RESIZE .EDB FILE

 Here it is an interesting article that well explain on how to proceed resizing .EDB file.

https://woshub.com/windows-edb-file-too-big-how-to-reduce-size/

USB/LIVE CD - DLC BOOT and HD Cloning

I am taking note on blog this product that has several integrated features.

DLC Boot permit to create LIVE USB with several tools installed.

Be aware that some Antivirus Detection might occur so be aware, security side, to double check..

You can have a look to youtube video that explain on how to create USB Key and how to simulate its usage.

This are major features:

- Integrated Mini Windows 10 32Bit & 64Bit and similar to Mini Windows XP in Hiren's version BootCD

- Integrated Mini Windows 11 64Bit and similar to Mini Windows XP in Hiren's version BootCD

- Integrated Mini Windows XP extracted from Hiren's BootCD 15.2 and has been built and re-optimized.

Considering SSD/HD cloning necessity here they are steps necessary to reach this goal:

  1. Create bootable USB previously indicated.
  2. Extract HDD/SSD from old pc/laptop.
  3. Connect HDD/SSD to your pc/laptop.
  4. Boot from usb and launch Aomei Backupper
  5. Select Clone.
  6. Select correct Source.
  7. Select correct Destination.
  8. Check windows activities.



[original articles]

https://www.fcportables.com/dlc-boot/




Monitoring - LibreNMS

Today I would like to mention LibreNMS product

https://www.librenms.org/#features

It has several features like:

  1. Automatic Network Discovery using CDP, FDP, LLDP, OSPF, BGP, SNMP and ARP.
  2. Alerting Service lie email, irc etc. etc.
  3. API access
  4. SNMP walink putting devices under monitoring
  5. Devices monitoring
  6. Graphs and reporting
  7. Android and iPhone app

Here they are some screenshots

Cisco - Mac AnyConnect VPN Client

I am taking note on blog Mac AnyConnect VPN client download link

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5642-install-cisco-anyconnect-secure-mobility-client-on-a-mac-com-rev1.html

Sophos - How to recover a tamper protected system

If you have pc that was deleted on Sophos Central Console Antivirus installation cannot be done unless you do not follow this Sophos procedure:

https://support.sophos.com/support/s/article/KB-000036125?language=en_US