Azure/Office365 domain/organisation trust - specifically sharing a resource

I thought it would be easy and quick to set up a shared room resource calendar between two separate domains on O365.
It wasn't! And I couldn't find anywhere online describing how to do this seemingly straightforwards task.
Also, it's not perfect. It can take up to 4 hours for the new appointment to appear in the remote user's view of the calendar (apparently MS are working on fixing this).

So here are the steps I used:

Set up two-way organization relationship between both domains (do this in both directions):

VMWare VSAN emergency shutdown procedure

You may need to get your VMWare/VSAN infrastructure to shut down quickly and safely. Usually a power cut/issues will force you to get everything shut down cleanly as quickly as possible.

Here's one way of doing this:
-Log onto VCenter or VSphere client and shut down the guests in your preferred order (eg shut down VCentre before the SQL server it relies on!).
-Now without the VSAN you could use the client to put the physical hosts into maintenance mode.
However with a VSAN (distributed storage across all the physical hosts) you'll want to shut down each portion of the storage cleanly. to do this you need to SSH onto each host and issue the following command:

esxcli system maintenanceMode set -e true -m noAction

Bitlocker - some notes

Bitlocker, the native windows encryption product should probably used by everyone who has this option (some older/home versions of windows don't have this option). Certainly it should be being used in the workplace, and as part of preparing for the upcoming GDPR regulations.

It can be enabled from within windows on a single user basis: settings->manage bitlocker
Or it can be managed from Active Directory/ Group Policy. Also from Azure intune/device management which has a nice interface for managing. Both AD/Azure routes have options for storing the recovery keys in the mangement console so that if a user loses his pin/password/usb you can still recover the PC.

Modern PCs often come with a security chip called a TPM. This chip will (among other things) store the private keys needed to encrypt/decrypt your hard drive. Some PCs don't have TPM

Azure - Security tools

Microsoft Azure is a comprehensive set of cloud services that developers and IT professionals use to build, deploy and manage applications through their global network of data centres.

It's a huge and complex set of resources.

Here's some useful links to help configuring and maintaining the security aspects of Azure services:

Main portal - all hosting controls, security and Azure Active Directory

Security monitoring with Sysmon

Sysmon from Microsoft is a great tool for monitoring activities in Windows desktop and server systems.

Once set up it simple runs in the background and logs interesting events to a separate section (Eventvwr->Microsoft-Windows-Sysmon->Operational) within the event viewer.

It very useful for setting up a log which can be checked for issues from finding when a file was deleted to monitoring malware.

A configuration file is used by Sysmon to store information about which events we want to include and which events we want to exclude.

3CX cloud/appliance/debian reinstall

Sometimes you may need to reinstall 3CX, but don't want to just recreate a new full machine. You want to re-use the current base machine.
Here is how to reinstall 3CX from scratch:

-Make sure your current 3cx is updated to the latest version.
-Make a full settings backup from within 3cx (if you are changing the licence key, you will need to choose the option to un-include this from the backup or it won't restore while using a new licence). Note: Move the backup, make a copy elsewhere as the current version (15) of 3CX DELETES the default backup folder when it is removed!!
-If you have an FQDN with you 3CX instance and are changing the licence key you will need to log into your 3cx account ( and 'release' the FQDN from the current licence key.

Now we are ready to do the uninstall.

Create a MS SQL mirrored database

Must have 2 SQL servers, 3 if you'd like a witness server:
Principal->Mirror Witness

2 servers need to have the same versions of SQL running on them.
The primary database will need to be in Full Recovery model (right click on db->properties->options)

-Full backup the Principal DB
-Create a database with the same name from the Principal SQL Server on the Mirroring SQL Server, then restore the backup on the Mirroring SQL Server with the option to Overwrite the existing database checked and RESTORE WITH NORECOVERY option.
-Check mirror database should show as being in 'Restoring' mode
-Full backup the transaction logs and restore (no recovery option switched on!)
-You may need to repeat last transaction log if failing as it needs to be as close as possible in time.

Google shell

This is interesting:

A free shell for any google account holder, and 5Gb persistent home directory.
Intended as a control point for your google cloud services, it's useful even if you don't use google cloud. Useful for troubleshooting network stuff.

Seems to have a good selection of normal tools such as nano editor, SSH etc.

Will add more here if I find interesting uses.


Edit bash config:
vi ./.bashrc

Building and testing Docker containers using cloud shell:
Click here

3cx VoIP phone system cheat sheet

Nginx web server conf file location:
C:\Program Files\3CX Phone System\Bin\nginx\conf\nginx.conf
(If provisioning options check the "listen 5000" section of this is configured correctly)

To switch off a stuck DND on an extension: dial *60. (Shows as red icon on Windows client CTI (or red with line (like no entry symbol)))

Windows client can no longer be manually configured. Have to use provisioning file from welcome message.

Path to provisioning stuff in linux:

VMWare vSAN/ESX host troubleshooting

In a VSAN ESXi environment, one of the hosts kept having issues. The virtual machines showed as 'disconnected' within VCentre and the host showed as unavailable in the console. The guests were still actually running. I could SSH to the host and the screen (via ILO) was showing eveything was ok. Here's what to do to troubleshoot:

Check for network issues. Can VCentre see the host which is having issues and all the connection paths?

IF DRS is enabled, try to put the host into maintenance mode to start a vmotion for the servers to another host.

-Check Health status in VCenter under vSAN Cluster > monitoring > VSAN > Health

-IF ESX host is not responding in vcenter (and guests show as 'disconnected', although they may still be running):

ILO to host (via IE) F2->Troubleshoot->restart management agents

Basic Network security tasks and tools

Clear space on SSD . Windows/Installer folder is huge!

Arrrrggghh on my own PC the SSD (110Gb) is full.
Digging around I can see the Windows/Installer folder is huge. Can we move it to my secondary hard drive?

What is this folder anyway?
- The WIndows installer cache. It keeps a local copy of everything you install so you can later uninstall it.
- It's not used too often so doesn't really need to be on the SSD. But you def want to keep it. Otherwise Add/remove programs will break and become messy.
- Mine was almost 45Gb!

How to fix:
I made a d:\windows folder and copied the C:\windows\installer folder into it
rename the c:\windows\installer to c:\windows\installer_old

Now startup an administrative cmd prompt
Now type
cd \windows
mklink /d installer d:\installer


A nice handy MTR tool for windows has recently been released.

MTR probes routers on the route path by limiting the number of hops individual packets may traverse, and listening to responses of their expiry. It will regularly repeat this process, usually once per second, and keep track of the response times of the hops along the path. Good for trying to figure out network issues along a route.


I've been playing around with encryption techniques recently.
I like this site which makes it easy to share and verify encryption keys

It's basically cloud key database, which also offers a secure messaging and collaboration service.

Here's my profile which verifies several services I use as being in my control. As well as sharing my public pgp key which can be used to send me encrypted messages/ verify my identity.

They also seem to host a cloud file storage with 10Gb in the free tier, which uses your keys to encrypt files at the client side. So this means that the files are always fully encrypted and even if their servers or connections are compromised then your files will be protected.