24. April 2014 · Comments Off on Creating Read-Only User Accounts on Cisco ASA5500 · Categories: Cisco · Tags: , , , , , ,

All users configured on the ASA are assigned a privilege level. This privilege level is specified when configuring the username as follows:

hostname(config)# username name password password privilege priv_level

The privilege level can be any value from 0 (least permissive) to 15 (most permissive), with 2 being the default. Do note that if you want to grant the user access to privileged EXEC mode, you should use the range from 2 to 15. For the purpose of assigning read-only access to a user, we will use a privilege level of 5.

AAA refers to authentication, authorization and accounting. It allows us to authenticate who the user is, authorize what that user is allowed to do, and then keep an accounting record showing what that user has done. In order to create a read-only user account, we need to define which commands the user should be granted access to. This requires knowledge of who the user is, so we first need to ensure that user authentication is configured.

To enable AAA authentication, use the following command:

More »

17. April 2014 · Comments Off on OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics · Categories: Cisco, Linux, Microsoft, Office365, VMWARE, Windows · Tags: , , , , , , ,

Cisco Devices are not effected as they are running OpenSSL version 0.9.8 on the newest 9.01 IOS Software. Most Cisco Firewalls have Older IOS versions and therefore have older versions of OpenSSL.

The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in
• 1.0.1
• 1.0.1a
• 1.0.1b
• 1.0.1c
• 1.0.1d
• 1.0.1e
• 1.0.1f
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL.

26. February 2014 · Comments Off on Browser Not Supported, IE10, IE11 – Remote Desktop Services 2008 R2 · Categories: Microsoft · Tags: , , , , ,

Microsoft Remote Desktop Services / RDS website Errors from a Windows 8 machine or a pc with Internet Explorer 10 or 11. You get the below Error

65436543653624231213

Browser Not Supported - This Web browser is not supported by RD Web Access. RD Web Access requires Internet Explorer 6.0 or later. You can download the latest version of Internet Explorer from the Windows Update Web site

This is caused by Microsoft not releasing an update to 2008 to allow it to be accessed in the later browsers. In order to get it to work we can implement a workaround that forces machines with newer browsers to access the site as IE9 compatability view.
More »

31. December 2013 · Comments Off on Exchange 2007 SP3 – New-ReceiveConnector fails · Categories: Microsoft · Tags: , , , , , , ,

When creating a new Receive Connector on Exchange Server 2007 SP3 (Update Rollup 2) the creation failed with a non-retriabele error and a “the requested attribute does not exist” error:

Error:
Active Directory operation failed on GL-SRV.test.local. This error is not retriable. Additional information: The parameter is incorrect.
Active directory response: 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772

The requested attribute does not exist.

Exchange Management Shell command attempted:
new-ReceiveConnector -Name ‘mail.gltest.com’ -Usage ‘Internet’ -Bindings ‘0.0.0.0:25’ -Fqdn ‘mail.gltest.com’ -Server ‘GL-SRV’

Elapsed Time: 00:00:00

According to this article on the Microsoft Exchange Team site more people are facing this issue (scroll through the comments). It looks like something specific to UR1 and UR2 for Exchange Server 2007 SP3:http://blogs.technet.com/b/exchange/archive/2010/09/09/3410985.aspx

Microsoft is aware of this issue and it is currently being investigated. It looks like the schema upgrade during SP3 is not performed properly sometimes, resulting in an incorrect schema for Service Pack 3. Unfortunately the setup application of SP3 continues, resulting in these kind of errors.

You can solve it by running the Exchange 2007 SP3 schema upgrade again:

Setup.com /PrepareSchema

After this creation of a new Receive Connector is successful.

31. December 2013 · Comments Off on [Windows 2012 Fix] Microsoft Office Word Has Not Been Installed For The Current User Error · Categories: Windows · Tags: , , , , , ,

office

 

Click Start, click Run, type “regedit” in the Open box, and then click OK.
In the left pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller

On the Edit menu, click “Permissions”.
In the “Permissions for Installer” dialog box, consider the “Administrators” and the “Users” in the “Group or user names” list.
Make sure that the Full Control permission is set for the “Administrators” and the “Users” group.
If this permission is not set, click to select the Full Control check box under “Allow”.
Click “OK”.

11. December 2013 · Comments Off on Windows Server 2012 – Migrating FSMO Roles · Categories: Microsoft · Tags: , , , , ,

A new server has been added to the forest as a new domain controller, on the new server after launching PowerShell command line, Use the Move-ADDirectoryServerOperationMasterRole command to transfer all the FSMO roles. Each role corresponding to a number :

 

Role Name Number
PDCEmulator 0
RIDMaster 1
InfrastructureMaster 2
SchemaMaster 3
DomainNamingMaster 4


Moving FSMO roles

Move-ADDirectoryServerOperationMasterRole -Identity “DC01” -OperationMasterRole 0,1,2,3,4

05. December 2013 · Comments Off on Fix vMA 5.0 password complexity issue · Categories: VMWARE · Tags: ,

 

image1

  1. Set valid password for vi-admin, for example F0t56otk!# should do
  2. Login to vMA shell as vi-admin
  3. Elevate session as root with “sudo –s”
  4. Run “pam-config –d –-cracklib” (note double dashes on front of cracklib)
  5. Exit root shell with “exit”
  6. Change vi-admin password with “passwd” to any password you’d like

Above pam-config command disables cracklib in vMA PAM (pluggable authentication module) configuration, cracklib is a PAM library which is used to enforce Linux, and it this case vMA account password strength.

28. November 2013 · Comments Off on Password Recovery Procedures for Cisco Products · Categories: Cisco · Tags: , ,

This post is an index of password recovery procedures for Cisco products. For security reasons, the password recovery procedures listed here require physical access to the equipment.

Index

Routers

Cisco 2600 Series Routers Cisco 3600 Series Routers Cisco 3700 Series Routers
Cisco 801, 802, 803, 804, 805, 811, and 813 Series Routers Cisco 806, 826, 827, 828, 831, 836 and 837 Series Routers Cisco SOHO 76, 77, 78, 91, 96, and 97 Routers

 

Integrated Services Routers (ISR) Products

Cisco 1800 Series Routers Cisco 2800 Series Routers Cisco 3800 Series Routers
Cisco 2900 Series Routers Cisco 1900 Series Routers

 

High-End Routers

Cisco 12000 Series Routers Cisco uBR7100 Cisco 7200 Series Routers
Cisco 7000 Series Routers Cisco uBR7200 Cisco AGS
Cisco 7000 Series Route Switch Processor (RSP7000) Cisco uBR10000 Route Processor Module
Cisco 7100 Series Routers Cisco 7500 Series Routers Cisco XR 12000 Series Routers

 

LAN Switches

EtherSwitch/FastSwitch/FastHub Catalyst 2800 Series Switches Catalyst 4000/2980G/2948G Series Switches running Catalyst OS
Catalyst 1200 Series Switches Catalyst 2900-XL/3500-XL Series Switches Catalyst 4000/4500/4900 Switches running Cisco IOS
Catalyst 1600 Series Switches Catalyst 2901-2 Series Switches Catalyst 5500/5000/2926G/2926 Series Switches
Catalyst 1700 Series Switches Catalyst 2948G-L3/4908G-L3/4840G Series Switches Catalyst 6000 Series Switches Running Native IOS
Catalyst 1800 Series Switches Catalyst 2940, 2950/2955, 2960, 2970 Series Switches Catalyst 6500/6000 Series Switches running Catalyst OS
Catalyst 1900/2820 Series Switches Catalyst 3000/3100/3200 Series Switches Cisco Catalyst 6500 Series SSL Services Module in Native (IOS) Mode
Catalyst 2100 Series Switches Catalyst 3550, 3560, 3750 Series Switches Catalyst 8510-CSR Series Switch
Catalyst 2600 Series Switches Catalyst 2970 Switch Catalyst 2950 and Catalyst 2955 Switch
Catalyst 3550 Multilayer Switch Catalyst 3560 Switch Catalyst 3750 Switch
Catalyst 3900 Series Switches Catalyst 8540-CSR Series Switch Catalyst 6500 with Supervisor 720 Running Cisco IOS Software Prior to 12.2(17)SX

More »

09. November 2013 · Comments Off on Subnetting · Categories: Cisco · Tags: , ,

subnetting