howto

Set up the Default Domain for vCenter Single Sign-On | Tech-Short

vCenter Single Sign by default requires the user to specify the domain during authentication with vCenter.
Example: JERMSMIT\admin or admin@JERMSMIT.LAB.

You can eliminate the need to insert the domain in the username by following the following steps.

 

  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

  2. Browse to Administration > Single Sign-On > Configuration.
  3. Under the Administration, configuration locate the Identity Sources tab
  4. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
  5. In the domain display, the default domain shows (default) in the Domain column. Set the domain of choice as your new default.

The next time when you attempt to login into vCenter, you can omit the DOMAIN from your username.

Full ref located here
Full Link: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-11E651EF-4503-43BC-91F1-15502D586DE2.html

 

Install VMware Tools Windows Server 2016 Core

I just completed my install of Windows Server 2016 Core as a guest in my VMware Lab. Now that this has been completed the next step is for me to install the VMware tools so that I can take advantage of various features; specifically, template deployment with customization options

About:VMware:Tools: VMware software tools enhance the performance of the guest operating system and improve the management of the virtual machine guests operating systems.

How to install:

  1. Select your VM from vCenter and select ‘Guest OS > Install VMware Tools
    This mounts the VMware CD Image containing the installation files
  2. Inside the guest machine type ‘powershell’
    This will drop you from the command shell to powershell prompt
  3. Next type the command Get-PSDrive
    This will return the drives attached to the system
  4. Change to the drive that the VMware tools are currently mounted
    In my case, this was drive letter “D”
  5. Issue the command .\setup64.exe to start the install process

    Note: issuing just setup.exe or setup64.exe will end in an error as Windows poweshell does not load commands such as this by default 
  6. Follow the steps of the VMware tools installer and restart when completed.

 

Ref: http://jermsmit.com/howto-install-vmware-tools-on-windows-server-2102-r2-server-core/

Network Wide Ad & Malicious Website Blocking | Pi-Hole

For a few months now I have used the software package named Pi-Hole as an internal network DNS server to prevent ad sites in addition to malicious websites from being accessible form compute resources on my home network.

Pi-Hole is a small install that can be installed on any Linux system and it works like a charm.

Install is simple, just run the following command:

curl -sSL https://install.pi-hole.net | bash

Answer a few questions about how you would like the software configured and your up and running.

This is a very useful software this gives you many options to report on the activity of the systems on your network and what connections were requested and those blocked.

For more information and details please visit: https://pi-hole.net/

The following video also shows the installation process via a Putty SSH session.

 

Malicious Listsused to block phishing, and malware sites

 

https://v.firebog.net/hosts/Airelle-hrsk.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/Prigent-Phishing.txt
https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 

*Update*

Almost 50% of my home network traffic is junk, and so is yours. Do something about it, because your privacy is being taken from you and sold.

https://lnkd.in/eASeWW5

Check Point: Enable SSL Encryption for LDAP Accounts

Background:

Check Point users faced an issue when they wanted to change their expired passwords when logging into to the VPN via the SecureClient. Although they had been prompted to change password their attempts were not successful.

I did some investigation into this and discovered that SSL needs to be allowed for LDAP communication for credentials changes.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk40735

 

Symptoms

  • SecureClient user unable to change password when it expires while authenticating through LDAP server.
  • Error seen in Log Viewer: “reason: Client Encryption: Failed to modify password, LDAP Error.”
  • Error seen on SecureClient: “Negotiation with gateway <gateway_name> at site <site_name> has failed. Failed to modify password, LDAP error.”

 

Cause

Windows AD is denying changing passwords over unencrypted channel.

 

Solution

1. Enable SSL Encryption in the LDAP Account unit. Select ‘Manage –> Servers and OPSEC Applications –> LDAP Account Unit‘.

2. Under the Servers tab, after completing General tab, select Encryption tab.

3. Select “Use Encryption (SSL)“.

4. Port will be 636.
5. Fetch the server’s fingerprint.

6. Click “ok“, to save “ok” to exit LDAP Account Unit Properties
7. Click “close” on Servers and OPSE Applications

 

Tech Short: How To Change The MTU – Server 2016

 

Troubleshooting an application issues which could possibly be network related.  I found myself needing to make some adjustment to the maximum transmission unit (MTU) setting of my server.  As such what better time to post a quick technical short on how to go about doing this.

 

How To Change The MTU – Windows Server 2016

Requirements:

  • Logon and Administrator permission on Server
  • Network Connectivity
  • Time to reboot

 

Procedure:

From the desktop of your Windows Server 2016 server open an Administrative command prompt by Right-Clicking on the start button and select  – Command Prompt (Admin).

Once in the command prompt you we be using netsh to determine the IDX of the installed interface devices. this is performed by using the following command:  netsh interface ipv4 show interfaces

Take note of the IDX interface that you would like to change the MTU on as this is what we need to specify when changing the MTU settings.

Using netsh again you issue the following command: netsh interface ipv4 set subinterface “number-goes-here” mtu=1400 store=persistent

Please note that the subinerface will be the IDX number from the first netsh command and that the MTU setting is a value less than the original 1500.

Now you can reboot to have the changes take effect.  I have also noticed the disabling the interface and  re-enabling also works.