27 Oct 2022

Exchange Online Basic Auth Deprecation

Estimated start time: October 25, 2022 11:00 AM
Affected services
Exchange Online
User impact
If action is not taken, users with Basic Authentication enabled for the affected protocols will be unable to sign in.
Action needed

Today, we started to disable basic authentication for any protocol not opted-out prior to September 30, 2022.

For more information see the “Basic Authentication in Exchange Online - 7 Day Notice” notification in Message Center.

If you need to re-enable a protocol, you can do so once by following the process here.

Additional diagnostics

Please verify your clients are using clients configured with Modern Authentication.

Outlook 2013 – Office 2013 client applications utilize legacy authentication by default. Users may need to update their registry to fully enable Modern Authentication. Please reference this document for more information.

Exchange ActiveSync – Users may need to remove and re-add their account to fully switch to Modern Authentication on mobile devices using EAS protocol.

POP/IMAP clients – If your POP/IMAP clients or apps are unable to connect, you might need to change your email client to one that supports Modern Authentication (Outlook does not support Modern Authentication for POP/IMAP accounts), or switch to Outlook on the web. You can use your browser and access Outlook on the web via https://outlook.office.com.

19 Aug 2022

Blocking ICMP

DONT BLOCK ICMP  (Maybe rate limit !)

Since setting IP IPV6 networks  icmp has become more important

Most IPV6 test sites Test ICMP connectivity.

ipv6 test

I have found this one to be very important

IPv6 - (Type2, Code0)   Packet Too Big (IPv6)

This is essential for MTU path discovery

IPv6 Routers do not Fragment packets like IPv4 did,  they just send back Packet too big  and the sender need to adjust.  these messages need to get back to sender!

Also  IPv4 used ARP for Layer 2 to  Layer 3 mappings.

But IPv6 Uses ICMP  for  

Router Solicitation (RS) (Type133, Code0)
Router Advertisement (RA) (Type134, Code0)
Neighbor Solicitation (NS) (Type135, Code0)
Neighbor Advertisement (NA) (Type136, Code0)
Redirect (Type137, Code0)

These should be permitted in the network but not outside

I have found a great source of information here

 Should I block ICMP

27 Jul 2022

UBB Bridge Link Firmware Upgrade

SSH (default)

Username ubnt

Password   ubnt



Should be 

upgrade http://http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8

Manual Way

wget -O /tmp/fwupdate.bin http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8

syswrapper.sh upgrade2

Default IP

Edit the file /etc/udhcpc/udhcpc


Unifi L3 Adoption with DHCP Option 43 on pfSense, Mikrotik and others - tcpip.wtf


16 Jan 2022

MS Update Breaks L2TP VPN (Including Meraki using the build in client)

UPDATE 18/1/2022

Microsoft have released fix to update that broke windows native to Meraki Client VPN.

You must be running the Latest windows 10   21H2 

check and update here for windows 10   

Update Windows 10

Update  to the problem is

Windows 10 - KB5010793

Windows 11 - KB5010795

Run Windows Update and it will appear under optional downloads


Download the patch from there: Microsoft Update Catalog  windows 10

Download the patch from there: Microsoft Update Catalog windows 11


Microsoft released Updates 11 Jan 2022

 KB5009566 (windows 11)

 KB5009543 (windows 10)

This update breaks Meraki Client VPN. 

 Need to uninstall to fix VPN.

 MS confirmed today they will fix in an up coming update. (but may take 2 weeks.)

When you uninstall this update you then need to pause updates for 14 days to stop it reinstalling.

Open a command prompt as Administrator

then on

Windows 10:

wusa /uninstall /kb:5009543

Windows 11: 

wusa /uninstall /kb:5009566

28 Dec 2021

Upgrading SYSVOL replication to DFSR

Migrating 2008 SBS to Server 2019  Domain Controller Migration

dfsrmig /getglobalstate

dfsrmig /setglobalstate 1

dfsrmig /getmigrationstate  (Wait till successful)  (10 min)

dfsrmig /setglobalstate 2

dfsrmig /getmigrationstate  (Wait till successful)   (10 min)

dfsrmig /setglobalstate 3

dfsrmig /getmigrationstate  (Wait till successful)  (20 min)


net share

make sure NTfrs service is disabled.