27 Oct 2022

Exchange Online Basic Auth Deprecation



Estimated start time: October 25, 2022 11:00 AM
Affected services
Exchange Online
User impact
If action is not taken, users with Basic Authentication enabled for the affected protocols will be unable to sign in.
Action needed

Today, we started to disable basic authentication for any protocol not opted-out prior to September 30, 2022.

For more information see the “Basic Authentication in Exchange Online - 7 Day Notice” notification in Message Center.

If you need to re-enable a protocol, you can do so once by following the process here.

Additional diagnostics

Please verify your clients are using clients configured with Modern Authentication.

Outlook 2013 – Office 2013 client applications utilize legacy authentication by default. Users may need to update their registry to fully enable Modern Authentication. Please reference this document for more information.

Exchange ActiveSync – Users may need to remove and re-add their account to fully switch to Modern Authentication on mobile devices using EAS protocol.

POP/IMAP clients – If your POP/IMAP clients or apps are unable to connect, you might need to change your email client to one that supports Modern Authentication (Outlook does not support Modern Authentication for POP/IMAP accounts), or switch to Outlook on the web. You can use your browser and access Outlook on the web via https://outlook.office.com.

19 Aug 2022

Blocking ICMP

DONT BLOCK ICMP  (Maybe rate limit !)


Since setting IP IPV6 networks  icmp has become more important

Most IPV6 test sites Test ICMP connectivity.

ipv6 test


I have found this one to be very important

IPv6 - (Type2, Code0)   Packet Too Big (IPv6)

This is essential for MTU path discovery


IPv6 Routers do not Fragment packets like IPv4 did,  they just send back Packet too big  and the sender need to adjust.  these messages need to get back to sender!


Also  IPv4 used ARP for Layer 2 to  Layer 3 mappings.

But IPv6 Uses ICMP  for  

Router Solicitation (RS) (Type133, Code0)
Router Advertisement (RA) (Type134, Code0)
Neighbor Solicitation (NS) (Type135, Code0)
Neighbor Advertisement (NA) (Type136, Code0)
Redirect (Type137, Code0)

These should be permitted in the network but not outside


I have found a great source of information here

 Should I block ICMP



27 Jul 2022

UBB Bridge Link Firmware Upgrade


SSH  192.168.1.20 (default)

Username ubnt

Password   ubnt


firmware

  https://www.ui.com/download/unifi/unifi-building-building-bridge



Should be 

upgrade http://http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8


Manual Way

wget -O /tmp/fwupdate.bin http://fw-download.ubnt.com/data/unifi-firmware/3134-UBB-2.1.3-2094415b625d477983f2a648b8

syswrapper.sh upgrade2




Default IP

Edit the file /etc/udhcpc/udhcpc

UDHCPC_FALLBACK_IP="192.168.1.20"UDHCPC_FALLBACK_NETMASK="255.255.255.0"



Unifi L3 Adoption with DHCP Option 43 on pfSense, Mikrotik and others - tcpip.wtf



http://unifi:8080/inform

16 Jan 2022

MS Update Breaks L2TP VPN (Including Meraki using the build in client)

UPDATE 18/1/2022

Microsoft have released fix to update that broke windows native to Meraki Client VPN.


You must be running the Latest windows 10   21H2 

check and update here for windows 10   

Update Windows 10


Update  to the problem is

Windows 10 - KB5010793

Windows 11 - KB5010795


Run Windows Update and it will appear under optional downloads


OR


Download the patch from there: Microsoft Update Catalog  windows 10

Download the patch from there: Microsoft Update Catalog windows 11


=====================================================================

Microsoft released Updates 11 Jan 2022

 KB5009566 (windows 11)

 KB5009543 (windows 10)

This update breaks Meraki Client VPN. 

 Need to uninstall to fix VPN.

 MS confirmed today they will fix in an up coming update. (but may take 2 weeks.)

When you uninstall this update you then need to pause updates for 14 days to stop it reinstalling.


Open a command prompt as Administrator

then on

Windows 10:

wusa /uninstall /kb:5009543

or
Windows 11: 

wusa /uninstall /kb:5009566


28 Dec 2021

Upgrading SYSVOL replication to DFSR

Migrating 2008 SBS to Server 2019  Domain Controller Migration


dfsrmig /getglobalstate

dfsrmig /setglobalstate 1

dfsrmig /getmigrationstate  (Wait till successful)  (10 min)

dfsrmig /setglobalstate 2

dfsrmig /getmigrationstate  (Wait till successful)   (10 min)

dfsrmig /setglobalstate 3

dfsrmig /getmigrationstate  (Wait till successful)  (20 min)


Confirm SYSVOL SHARE
Confirm NETLOGON SHARE

net share


make sure NTfrs service is disabled.