Sophos Active directory authentication with SSL/TLS Failure

Attempted to setup AD authentication to Sophos Firewall, and kept getting the following error: Test connection failed as server is down or unreachable

The connection would work successfully when using Plaintext, but fail when using SSL/TLS or STARTTLS.

The root issue was that the Domain Controller I was trying to connect to, did not have an SSL certificate associated with it. You could go out and purchase an SSL cert that matched the FQDN, or setup an internal CA service, but if you need a quick and dirty solution, you can just generate a self-signed cert and add it as a trusted CA.

  1. Open Powershell as Administrator
  2. Type in the following command to create a self-signed cert:
    New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName “fqdn-of-server” -FriendlyName “Server Cert” -NotAfter (Get-Date).AddYears(10)
  3. Next, copy the generated cert which will reside under the Personal\Certificates store to the Trusted Root Certification Authorities\Certificates Store

Now you should be able to test using any of the other connection security methods successfully.

Manually Remove I/O Filters From vSphere VM

I was attempting to move a VM from one host to another, and received the fallowing error: “Host does not support the virtual hardware configuration of virtual machine. The IO Filters(s) XXXX configured on the VM’s disk are not installed on the destination host.

At one point, I was using a VM accelerator solution that was not cleanly removed. It took me awhile to figure out how to remove the IO filter from the VM, so hopefully this guide will save you some time.

Part 1 – Remove setting from the VM

After searching the config files of the VM, I came across the VM’s VMDK descriptor file. This is not the storage VMDK file itself, but the 1KB sized descriptor file which I had to edit.

There are two lines that contain configurations for the IO filter, and both need to be removed. These are the ddb.iofilters and ddb.sidecars settings. Both lines can just be removed and the file saved.

Upon trying to migrate the VM after removing these lines, I received the same error as before. I needed to make the host aware of these changes somehow. This was achieved by right-clicking the VM –> VM Policies –> Edit VM Storage Policies..

I didn’t have to change anything, but just needed to click OK.

After doing those tasks, I was able to successfully migrate the VM!

Part 2 – Remove setting from the Host

Although I probably could have done this first, I was in a hurry and didn’t want to impact production VMs. The process to remove the IO filter from the host is fairly quick and easy, but will require the host to be in maintenance mode, and a reboot is probably useful afterwards.

Put the host into maintenance mode.
SSH into the host.
Run “esxcli software vib list” to view a list of all installed filters.
Run “esxcli software vib remove -n filtername” (replacing filter name) to remove the filter.
While a reboot isnt required, it is suggested.

Manage Bitlocker with PowerShell / Command Prompt

When attempting to enable Bitlocker on computers remotely, using an RMM tool, here are some PS commands that will assist in this process.

View the current status of Bitlocker on a machine.
manage-bde c: -status

Add a key protector so the machine can be encrypted. This is useful on some OEM machines that come with Bitlocker enabled, but no key can be retrieved from the machine.
manage-bde c: -protectors -add -rp

Backup the Bitlocker keys to Active Directory
manage-bde -protectors -adbackup c: -id “{3500023E-381E-449B-878B-0CD1067DCD79}”

Notice, the ID will be the unique ID shown from the manage-bde c: -protectors -add -rp command. You will need to add parenthesis before and after the brackets.

Lastly, if you need to require a user to login to the machine with a PIN, you can use the following command, in addition to those above:
manage-bde -protectors -add c: -TPMAndPIN

From there, you will enter the desired PIN and test by rebooting the machine.



PowerShell Script

$Pin = ConvertTo-SecureString “205020” -AsPlainText -Force


Enable-BitLocker -MountPoint “C:” -EncryptionMethod Aes256 -Pin $Pin -TPMandPinProtector -UsedSpaceOnly

Automatically Move Archived Event Logs to another Location

I have a client who requires security event logs be kept. They enabled archive log retention on the Security Event Logs, but it kept filling up their C: drive.

To remedy this, I created a PowerShell script that moves these files when they are 7 days old to another location, and then used Task Schedule to automate the process. Here are the steps to do that.

The source folder where these logs are stored: C:\Windows\System32\winevt\Logs
The destination folder where they want the logs moved to: E:\Windows-System32-winevt-Logs

Created a PowerShell script for this process:
get-childitem -Path “c:\windows\system32\winevt\logs” Archive-Security*.evtx | where-object {$_.LastWriteTime -lt (get-date).AddDays(-7)} | move-item -destination “E:\Windows-System32-winevt-Logs” -Verbose

Created a new Task Scheduler task called AutoMove Security Logs Its Actions are set to run PowerShell and execute the following: -ExecutionPolicy Bypass C:\support\AutoMove_SecurityLogs.ps1

Get iOS Device in Supervised Mode

When using Sophos Mobile or any other MDM solutions, putting a device is Supervised mode unlocks additional management capabilities. 

Requirements for putting a device in Supervised Mode:
– Apple Mac Computer running the Apple Configurator App
– iOS or iPad OS device will need to connect to that computer via USB cable
– This process will require the device to be wiped. All settings and content will be erased. 

Step by Step Process

  1. On the Mac computer, download and install the Apple Configurator App

2. In the Configurator App, select Account and login with the Apple Business Manager account.
Select the appropriate Location:  This is the Business that the IOS device will be deployed to.

3. Connect your device to the computer using a USB cable and select Trust when prompted on your iPad. Turn off Find My iPad by tapping SettingsApple ID, then iCloud.

4. In the Configurator App, right-click the device and select Prepare.


5. Prepare with Manual Configuration and select both Supervise devices and Allow devices to pair with other computers.


6. In the next section, select Do not enroll in MDM.


7. Select the appropriate location


8. Leave All Steps selected and click Prepare. It will ask to Erase the device to Continue, which you will agree to.

9. If you got into Settings App, you should see that the device is now in Supervised Mode

Upgrade to SQL 2019 Express for Veeam Backup

Veeam has been shipping with SQL 2012 which is end of life, and newer patches of Veeam does not upgrade SQL during the patching process. It is on the end-user to upgrade their instance of SQL, which is pretty easy to do.

Before you Upgrade

You will want to do a few things before you start the upgrade process:
– Disabled all Veeam jobs in Veeam
– Stop and Disable all Veeam Services on Windows, making sure you notate the original Startup state (Automatic vs Automatic Delayed Start).
– If Veeam is running on a VM, please snapshot the VM
– Backup the databases manually using SQL Studio

On to the Upgrade Process

  1. Download SQL 2019 Express from Microsoft. The download links always seem to change, so you will need to snag a copy yourself.
  2. Run the executable and select Custom as the Installation Type.
  3. Choose a location to save the files that will be downloaded for the install. The default path is fine.
  4. When the Installation Center window appears, choose Upgrade from a Previous Version of SQL Server.

5. Choose the SQL instance you would like to upgrade. For a reference of which build numbers equal which version of SQL, see this Microsoft Doc here:


6. The installation will then start.


I ran into an issue where SQL Upgrade was looking for a Microsoft OLE DB Driver from source installation. I tried to download this driver from Microsoft and point the installer there, but that did not work.

To remedy this, I uninstalled this driver, rebooted the server, and restarted the installation, and it upgraded the Database Engine Services which failed the first time, but was successful now.

Verify Upgrade Success

You can view the upgrade build status by opening the database in SQL Studio Manager and going to properties of the instance. Refer to the version build numbers link I posted earlier in this post.

You can also view this info by going to properties of the SQL service, and reference the path to the executable.

Post Upgrade

Now that the upgrade is complete, enable the Veeam services and Veeam jobs.

Veeam One Issue

After the upgrade, Veeam Backup worked great, but I noticed I could not get into Veeam One, and would receive the following error: “Veeam One monitoring service cannot access its database

This was resolved by opening the Veeam One Settings application (C:\Program Files\Common Files\Veeam\Veeam ONE Settings\VeeamOneSettings.exe) and testing the connection. All the settings looked good, but it would fail the connection test. I clicked Browse by Server Name and selected the server again, and this time it tested successfully and I could use Veeam One again.

Remove Duplicate Emails/Calendar Events from Public Folders on Exchange Online

Files required can be downloaded from Github: https://github.com/michelderooij/Remove-DuplicateItems

Details on the syntax can be found here: https://eightwone.com/2013/06/21/removing-duplicate-items-from-a-mailbox/

$cred = get-credential; #here I put in your o365 email and password as the credentials

.\Remove-DuplicateItems.ps1 -PublicFolders -Identity <user_email> -Server outlook.office365.com -Credentials $cred -PFStart “\”;

#the above connects to EO, cleans the public folders starting at the root.

System indexing mail based off query
Confirmation to remove found results
Process of deleting duplicate results

Pi-Hole on Ubuntu VM with TrueNAS

Having a dozen Raspberry Pi’s around the house is nice for random projects, but I would like to consolidate as much as I can into jails on FreeNAS/TrueNAS. Unfortunately, running Pi-Hole on a jail isn’t really supported at this point, with previous attempts being abandoned by the community. Deploying it as a VM is the next best thing.

Requirements

Ubuntu Server 21.x
VM with a minimum 1 vCPU, 512MB vRAM, and 10GB Drive

Deployment Steps

Download Ubuntu Server ISO

Create a new VM in TrueNAS, using whatever values you prefer.
Guest Operating System should be Linux
Boot Method should be UEFI
Bind should be the primary IP of your TrueNAS

Operating System

Configure desired system requirements
The minimum requirements were listed above, but I would add another vCPU core and some additional RAM

VM CPU and Memory

Configure VM Disks
Create new Disk Image and make sure to select AHCI as disk type.
Select a Zvol location on your NAS
I used a 12 GB Drive, which is probably overkill for this

Disks

Network Interfaces and Installation Media
You can take the defaults on Network Interfaces
On Installation Media, upload the Ubuntu ISO you downloaded earlier, or select it from your TrueNAS if you have already copied it to a share.

Installation Media

Install Ubuntu OS
After saving the VM settings, power on and run through a default setup of Ubuntu.
Make sure to set the IP address of this VM with a static IP on your network, as this will be your new PiHole DNS Server.
Also, install OpenSSH during the install if you wish to SSH to Pi-Hole.
After installing Ubuntu, update the Ubuntu OS

sudo apt update
sudo apt upgrade

Install Pi-Hole
Run the following command in an SSH or Console session on the Ubuntu VM

sudo curl -sSL https://install.pi-hole.net | bash

Follow the Pi-Hole Wizard to configure additional settings
Choose your DNS provider (I used OpenDNS)
Take the defaults on the rest of the items unless you have specific reasons otherwise.

Pi-Hole Wizard

Surface Dock won’t display second monitor

I have been using dual displays with my Surface Dock and Surface Dock 2 for awhile now, but recently the second external display would just go to sleep and not display anything no matter what I tried.
The solution was found in a Microsoft forum.

Clear your display cache.

  1. Undock your Surface from the Surface Dock.
  2. Download the Surface Dock registry file. Choose to Open the file.
  3. Select and run surface dock registry.reg.
  4. Select Yes to allow changes to your Surface, select Yes to confirm, and then select OK to close.
  5. Restart your Surface, reconnect it to the Surface Dock, and try your external display again.

Manually Update Resilio Sync – FreeNAS or TrueNAS

FreeNAS (Now called TrueNAS) recently removed the Resilio Sync Plugin from their repository which is a shame. Finding a tutorial on updating Resilio Sync that was created as a Plugin, and not a Jail, has been a time consuming waste. I am outlining steps on how to manually update Resilio Sync. I hope one day TrueNAS will add this back.

  1. Download Resilio Sync for FreeBSD x64 here.
  2. Extract the file so you can access the rslsync file

3. Stop the Resilio Sync Jail in FreeNAS

4. Using WinSCP or similar app, Replace the rslsync file located here: /mnt/FreeNAS/iocage/jails/rslsync/root/usr/local/bin
Your path may be different depending on your naming schema

5. Start the plugin in FreeNAS again
6. Using WinSCP Console or SSH to the rslsync file location, run the following:

chmod +x rslsync

7. Start the Jail again


8. Login to Resilio Sync and verify the version under Preferences

Note, the actual version under the plugin section does not get updated with the correct version. This version is controlled by the plugin manifest, and since TrueNAS/FreeNAS is no longer including Reslio Sync in the plugin collection, this will still show the old version.