Technology

WSUS Database is huge

On an 2008 server I had a space issue. Unwilling or unable to upgrade I needed to find the client some more space on the drive.
Even after cleaning out the usual temp files etc. I still needed more.
I noticed the WSUS database ,mdb was one of the largests files at 26Gb.

-How to reduce the size safely-
Open the SQL manager,
enter "\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query" in the 'server' field and connect.

You will now be connected to the WSUS SUDB database!

WSUS logs everything it does to a table in this database.
We don't need to keep all of this.

The logs live in the table "tbEventInstance".

Delete all of these like this:

Click on the database name 'SUSDB'
Click 'New Query'
Type 'truncate table tbEventInstance' in to the Query Editor
Click the 'Execute' button - or press F5.

Stop Windows 10 from using the UEFI preinstalled serial key

I came across an issue with upgrading a Win 10 Home laptop to Pro.
The issue was that no matter what I tried, typing in a Pro product key, installing from a Pro image, it re-installed the Home version which then refused to upgrade.

I realised that the windows key is stored in UEFI and the install was using this every time. The key was for the home edition.
It seems you can't remove or switch off or disable this key.

This is how to override the UEFI key:

First of all, make sure you have a regular (single-architecture) Windows ISO.
Then, try this method:

Create a Setup USB drive
Create a file named PID.txt in the Sources directory, with the following contents:

[PID]
Value=XXXX-XXXX-XXXX-XXXXX-XXXXX
Boot from this USB drive

Sonicwall NSA Packet Capture

Something I always have trouble setting up is the Sonicwall built in Packet Capture.
Normally in a tool, when you don't have anything in the fields, this means that everything in this category will be shown. The packet capture doesn't work like that!

But it's easy, just set the following settings to get a good basic start:

Make sure the filters are clear to start.

Then in the Monitor Filter tab:
Ether Type = IP
IP Type = TCP

Then add what you want to monitor:
Destination port = 465

Make sure "Enable Bidirectional" is checked to show the return traffic.

Then in the Display Filter tab:
All checkboxes selected

And in the Advance Monitor Filter:
You can enable all the checkboxes to see traffic injected by the sonicwall.

Windows 2012 R2 - We couldn't complete the updates

Running a Windows 2012 R2 Server in Hyper-V as a gen2 machine.
Make sure to switch off 'secure boot' in the VMMachine settings as otherwise you are likely to get the following issue with installing updates:

It'll get stuck in a reboot loop: We couldn't complete the updates. Undoing changes, Don't turn off your computer"

Urrgggghhh. So switch off secure boot, then if it doesn't fix itself, use this process:

Set the 'Auto Start' options for the VM in hyper-v to have a delay of 5 seconds.

Azure/Office365 domain/organisation trust - specifically sharing a resource

I thought it would be easy and quick to set up a shared room resource calendar between two separate domains on O365.
It wasn't! And I couldn't find anywhere online describing how to do this seemingly straightforwards task.
Also, it's not perfect. It can take up to 4 hours for the new appointment to appear in the remote user's view of the calendar (apparently MS are working on fixing this).

So here are the steps I used:

Set up two-way organization relationship between both domains (do this in both directions):

VMWare VSAN emergency shutdown procedure

You may need to get your VMWare/VSAN infrastructure to shut down quickly and safely. Usually a power cut/issues will force you to get everything shut down cleanly as quickly as possible.

Here's one way of doing this:
-Log onto VCenter or VSphere client and shut down the guests in your preferred order (eg shut down VCentre before the SQL server it relies on!).
-Now without the VSAN you could use the client to put the physical hosts into maintenance mode.
However with a VSAN (distributed storage across all the physical hosts) you'll want to shut down each portion of the storage cleanly. to do this you need to SSH onto each host and issue the following command:

esxcli system maintenanceMode set -e true -m noAction

Bitlocker - some notes

Bitlocker, the native windows encryption product should probably used by everyone who has this option (some older/home versions of windows don't have this option). Certainly it should be being used in the workplace, and as part of preparing for the upcoming GDPR regulations.

It can be enabled from within windows on a single user basis: settings->manage bitlocker
Or it can be managed from Active Directory/ Group Policy. Also from Azure intune/device management which has a nice interface for managing. Both AD/Azure routes have options for storing the recovery keys in the mangement console so that if a user loses his pin/password/usb you can still recover the PC.

Modern PCs often come with a security chip called a TPM. This chip will (among other things) store the private keys needed to encrypt/decrypt your hard drive. Some PCs don't have TPM

Azure - Security tools

Microsoft Azure is a comprehensive set of cloud services that developers and IT professionals use to build, deploy and manage applications through their global network of data centres.

It's a huge and complex set of resources.

Here's some useful links to help configuring and maintaining the security aspects of Azure services:

Main portal - all hosting controls, security and Azure Active Directory

Security monitoring with Sysmon

Sysmon from Microsoft is a great tool for monitoring activities in Windows desktop and server systems.

Once set up it simple runs in the background and logs interesting events to a separate section (Eventvwr->Microsoft-Windows-Sysmon->Operational) within the event viewer.

It very useful for setting up a log which can be checked for issues from finding when a file was deleted to monitoring malware.

A configuration file is used by Sysmon to store information about which events we want to include and which events we want to exclude.

3CX cloud/appliance/debian reinstall

Sometimes you may need to reinstall 3CX, but don't want to just recreate a new full machine. You want to re-use the current base machine.
Here is how to reinstall 3CX from scratch:

-Make sure your current 3cx is updated to the latest version.
-Make a full settings backup from within 3cx (if you are changing the licence key, you will need to choose the option to un-include this from the backup or it won't restore while using a new licence). Note: Move the backup, make a copy elsewhere as the current version (15) of 3CX DELETES the default backup folder when it is removed!!
-If you have an FQDN with you 3CX instance and are changing the licence key you will need to log into your 3cx account (customers.3cx.com) and 'release' the FQDN from the current licence key.

Now we are ready to do the uninstall.

Create a MS SQL mirrored database

Must have 2 SQL servers, 3 if you'd like a witness server:
Principal->Mirror Witness

2 servers need to have the same versions of SQL running on them.
The primary database will need to be in Full Recovery model (right click on db->properties->options)

-Full backup the Principal DB
-Create a database with the same name from the Principal SQL Server on the Mirroring SQL Server, then restore the backup on the Mirroring SQL Server with the option to Overwrite the existing database checked and RESTORE WITH NORECOVERY option.
-Check mirror database should show as being in 'Restoring' mode
-Full backup the transaction logs and restore (no recovery option switched on!)
-You may need to repeat last transaction log if failing as it needs to be as close as possible in time.

Google shell

This is interesting:
https://console.cloud.google.com/cloudshell

A free shell for any google account holder, and 5Gb persistent home directory.
Intended as a control point for your google cloud services, it's useful even if you don't use google cloud. Useful for troubleshooting network stuff.

Seems to have a good selection of normal tools such as nano editor, SSH etc.

Will add more here if I find interesting uses.

Notes:

Edit bash config:
vi ./.bashrc

Building and testing Docker containers using cloud shell:
Click here

3cx VoIP phone system cheat sheet

Nginx web server conf file location:
C:\Program Files\3CX Phone System\Bin\nginx\conf\nginx.conf
(If provisioning options check the "listen 5000" section of this is configured correctly)

To switch off a stuck DND on an extension: dial *60. (Shows as red icon on Windows client CTI (or red with line (like no entry symbol)))

Windows client can no longer be manually configured. Have to use provisioning file from welcome message.

Path to provisioning stuff in linux:
/var/lib/3cxpbx/Instance1/Data/Http/Interface/provisioning

VMWare vSAN/ESX host troubleshooting

In a VSAN ESXi environment, one of the hosts kept having issues. The virtual machines showed as 'disconnected' within VCentre and the host showed as unavailable in the console. The guests were still actually running. I could SSH to the host and the screen (via ILO) was showing eveything was ok. Here's what to do to troubleshoot:

Check for network issues. Can VCentre see the host which is having issues and all the connection paths?

IF DRS is enabled, try to put the host into maintenance mode to start a vmotion for the servers to another host.

-Check Health status in VCenter under vSAN Cluster > monitoring > VSAN > Health

-IF ESX host is not responding in vcenter (and guests show as 'disconnected', although they may still be running):

ILO to host (via IE) F2->Troubleshoot->restart management agents