Welcome to the blog of mechanised.com

This blog is mainly a technical repository of information on Virtualisation tools and management for our hosting service.

Also for HP's Bladesystem that we use at both our datacentres.

Other articles are also included on .Net development and MS SQL Server as well as other interesting things we come across.

Friday, 22 May 2020

Error: Unable to load TALPA modules. On access scan is not enabled/running.

If you are running an unsupported RHEL/Centos distro you can get Sophos talpa modules enabled by installing the kernel modules to allow compilation.

yum install kernel-devel-`uname -r`

Then select the talpa modules again to build them

/opt/sophos-av/engine/talpa_select select

Also check on access scanning is enabled and running and start if not

/opt/sophos-av/bin/savdctl enable
service sav-protect status (Sophos Anti-Virus daemon is active)
/opt/sophos-av/bin/savdstatus (Sophos Anti-Virus is active and on-access scanning is running)

Check that AV is updated

/opt/sophos-av/bin/savupdate (Successfully updated Sophos Anti-Virus from sdds:SOPHOS)

Everything else should be configurable from Sophos Central

Tuesday, 29 October 2019

Installing Powershell 5 on older Windows servers

If you can't install modules due to an older Powershell install you can update to a newer version by installing WMF 5.1. Get it from here:

https://www.microsoft.com/en-us/download/details.aspx?id=54616

You will need a minimum of .Net 4.5.2 first though.

You'll also need a reboot after the install.

Thursday, 13 June 2019

Install Windows Updates from Powershell

To install you need to load this module:
Install-Module PSWindowsUpdate
Then to check which updates are available:
Get-WindowsUpdate
To then install all updates that are available:
Install-WindowsUpdate

Friday, 4 January 2019

Adding Exchange schema to AD so that Office 365 synced users can be hidden from address lists

Now that MS have removed the ability for users that were synced with AD to Office 365 to be 'cloud only' accounts (after a delete and restore user) this causes a few issues.
As the user accounts are still synced we must extend the AD schema to add additional Exchange properties that can be synced to Azure AD.
First find an install on the MS site for latest Exchange, you don't need a license as you're not actually going to install it.
Extract the package using 7-zip or similar into a folder.
Run the setup.exe with the following parameters on a domain controller with a user account that has admin privileges:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
This will add the extended Schema, you may need to wait for all DC's to sync or user repadmin to force a sync.
A few quick powershell commands to set the parameters to hide old users from the address lists (after you have renamed them and set their emails to a none default domain, we use the test onmicrosoft.com one)
Set-ADUser -identity zzzzz -Add @{msExchHideFromAddressLists=$true}
Use the short login name for identity.
Once AD is synced to Azure AD you should find that the users mailboxes (we convert to shared mailboxes) are now set to not show in address lists.

You may need to Refresh the Directory Schema in your Azure AD Connect after installing the Exchange Schema and run a full sync. (Still seems to be issues here with it not synchronising, still investigating and will update ASAP)

UPDATE: You need to specifically add the hide from address lists schema to the AD connect profile for it to sync, otherwise it'll ignore it.


Saturday, 26 May 2018

Using apex.run with cli53 AWS credentials without error

Using the cli53 command from https://github.com/barnybug/cli53 caused a slight issue with AWS credentials. We were seeing:

Error: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors

This was due to no credentials file in ~/.aws/ even though the config file there had the credentials in it. Easy fix is to copy the config file to credentials

Tuesday, 22 May 2018

Create certificate from root CA

On a root CA with a standard CSR from another webserver to create the crt file enter the following command at elevated command prompt:

certreq -submit -attrib "CertificateTemplate:Webserver" .\CSR.txt

Tuesday, 13 March 2018

Server core 2016 handy commands

Setting up new server with core (no GUI) handy commands for setting up:

1) Setting static IP (using sconfig) - unbinding components not needed (everything except IPv4)

Listing current bound components:
PS> Get-NetAdapterBinding -InterfaceAlias Ethernet

Disable with the following commands:
PS> Disable-NetAdapterBinding -InterfaceAlias "Ethernet" -ComponentID XXXXX

2) Create extra drives for data/SQL server etc.

Change current CDROM drive letter
>diskpart
DISKPART> list volume
DISKPART> select volume 0
DISKPART> assign letter=F

Create drive for SQL data/log files etc.
Use Get-Disk first to see the drive numbers
Get-Disk -Number 1 | Initialize-Disk -PartitionStyle MBR -PassThru | New-Partition -UseMaximumSize -DriveLetter D | Format-Volume -FileSystem NTFS -NewFileSystemLabel "DATA" -AllocationUnitSize 65536

Get-Disk -Number 2 | Initialize-Disk -PartitionStyle MBR -PassThru | New-Partition -UseMaximumSize -DriveLetter E | Format-Volume -FileSystem NTFS -NewFileSystemLabel "LOG" -AllocationUnitSize 65536

If installing SQL Server, this must be done on command line as the GUI doesn't work.
setup.exe /QS /ACTION=Install /FEATURES=SQL /INSTANCENAME=SQL2016 /TCPENABLED=1 /NPENABLED=1 /IACCEPTSQLSERVERLICENSETERMS=1 /UPDATEENABLED=True /SECURITYMODE=SQL /SAPWD="R@nd0mp4ssw0rd" /INSTALLSQLDATADIR=D:\DATA\ /SQLUSERDBDIR=D:\DATA\ /SQLUSERDBLOGDIR=E:\LOG\ /SQLCOLLATION="Latin1_General_CI_AS" /INDICATEPROGRESS /SQLSYSADMINACCOUNTS="Administrator"

3) When protected by additional firewall, turn off Windows local firewall:
Get-NetFirewallProfile | Set-NetFirewallProfile -enabled false

Check you can access the server remotely for settings you need to change etc. using Server Manager from another machine.

Change the port that SQL Server is listening on, as you can't use SQL Server Configuration Manager, run SQL Powershell from: C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\SQLPS.exe
Then run these commands:
$MachineObject = new-object ('Microsoft.SqlServer.Management.Smo.WMI.ManagedComputer') .
$ProtocolUri = "ManagedComputer[@Name='" + (get-item env:computername).Value + "']/ServerInstance[@Name='SQL2016']/ServerProtocol"
$tcp = $MachineObject.getsmoobject($ProtocolUri + "[@Name='Tcp']")
$MachineObject.getsmoobject($tcp.urn.Value + "/IPAddress[@Name='IPAll']").IPAddressProperties[1].Value = "1437"
$tcp.alter()

Stop and restart the SQL Service and then you can connect with SSMS on a remote machine to the new port:
net stop MSSQL$SQL2016
net start MSSQL$SQL2016

Friday, 2 March 2018

"maximum consolidate retries was exceeded for scsix:x" error in ESXi (2082886)

If disk consolidation retries are exceeded, try this KB article. Use the PowerCLI command, seems to do the trick.

https://kb.vmware.com/s/article/2082886


Wednesday, 26 July 2017

Connection limit reached in Windows Server

Windows server allows only 16384 connections to be open, if you need the maximum then run this:

netsh int ipv4 set dynamicport tcp start=1025 num=64510

To check this has worked correctly run this:

netsh int ipv4 show dynamicport tcp

Tuesday, 15 November 2016

Server core - assign static IPs on command line

First determine your interface names for multiple NICs:

netsh int ipv4 show interfaces

Next assign IP details to the interface name you require:

netsh interface ip set address "Ethernet1" static 192.168.99.101 255.255.255.0 192.168.99.1
netsh interface ip set dns "Ethernet1" static 192.168.99.2
netsh interface ip add dns "Ethernet1" 192.168.99.3 index=2