XG Virtual Firewall on KVM and Openstack ERROR firstboot failed

Yep, no much result on the web about this subject.

I don’t know what the cause, nor why Sophos didn’t take it seriously.

Anyway, if you’ve downloaded version 16 of Sophos XG virtual appliance for KVM and you got the nice error message of

firstboot failed: swapon /dev/swap

But, if you know and sure you’ve done everything right and as per Sophos documents, then most likely you have the same issue we run through.

For some unclear reason we were able to solve this by having the Hyper-V version of the same appliance and run it on KVM platform 🙂

Our team members are testing it now on OpenStack with our service provider to make sure of the compliance.


HAproxy Errors and No Logging

Basically, you’re running HAproxy 1.7.x on Debian/Ubuntu and have no logging under /var/log or you’re getting log files full of errors like:

haproxy-systemd-wrapper [26417] sendmsg logger #2 failed: Connection refused

There are many reasons for this problem, but most of the solutions are related to standard setups, which means if you have version 1.7 by the time this post is published, you’re not getting the binaries through standard apt-get libraries. Thus, you don’t have standard setup 😉

Anyway, if you’ve installed version 1.7 directly, then simply remove it, and remove pointers in apt-get libraries to its source.

Install version 1.6 from the standard libraries, and test the functionality of HAproxy, then test the functionality of the logging.

Finally, you can upgrade to version 1.7 and logs will keep working for you.

Don’t ask me why, I don’t have time to find the root cause 🙂


Change Password on OWA Using UPN

Exchange 2013/2016 OWA allows users to change their passwords, and additionally, helps administrators to force users to change their passwords.
After first login, and when the user tries to use UPN on password change page, OWA will return an error saying username/password combination is not correct. Which is not true, but OWA tells the user to use the format domain\username not the UPN.
This is because the home directory (OWA Virtual Directory) is configured to use that format for authentication. Although it’s ok to use UPN to login, for some reason the DLL file responsible for the password change is not able to tolerate that format.
Changing OWA virtual directory authentication settings to use UPN format will solve this issue for your users.

Exchange 2016 Readiness Checks Error

I’m not an expert of Exchange, but I wasn’t able to find something clear in the documentation saying I must install new Exchange server (2016) on the same site as existing one (2013) and move it later!

Anyway, the list of errors I got in the Readiness Checks page wasn’t useful at all. However, looking at the ExchangeSetup log file was.

If you are receiving something like:

Global updates need to be made to Active Directory, and this user account isn’t a member of the ‘Enterprise Admins’ group


You must be a member of the ‘Organization Management’ role group or a member of the ‘Enterprise Admins’ group to continue

And you’re sure the account running the setup has these rights, then most likely you’re trying to install the first Exchange server of this version on AD site that has no Exchange servers at all.

My solution, actually it was a work around, was simply to move domain controllers to a site with Exchange servers, remove the subnet from AD Sites and Services, and reboot the new Exchange server.

After 15 minutes, just enough time for AD replication to take place, I logged in again to the server and started the Exchange setup, and it works just fine.


Domain Controller Status Unavailable

When running MMC with any AD management component inside it, and try to switch to another server you may notice sometimes the status shows “Unavailable”.

Most likely this is due to IPv6 not fully disabled, or not fully enabled (if you decide to run it), and you will need to update the registry value as per Microsoft article:



Sample WMI Filters for GPO in AD

Hereafter listed few filters I keep using on my projects.

Almost every client I’ve worked with had these filters implemented in their Group Policy Console of Windows Active Directory.

So I keep it here for faster access, and easier than searching for it every time on different sites on the the web.

FILTER 1: Select DCs & Member Servers

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ OR ProductType=”2″

FILTER 2: Select Domain Controllers (DCs) Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”2″

FILTER 3: Select Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″

FILTER 4: Select Workstations Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”1″

FILTER 5: Select Win 2008 Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ AND Version like “6.%”

What to Do? Exchange Server ContentIndexState Failed or Unknown with DAG

Yep, you’ve seen so many like this one, mostly they will suggest you to stop Exchange searching services, then delete the indexing folder (located inside the database folder) and then restart the searching services.

Well, that would work if you don’t have DAG.

Again, mostly you’ll find suggestions to use the update-mailboxdatabase with -catalogonly key

Yeah, that would work if any of the DAG members have a healthy catalog. Now what if all DAG members doesn’t have it?

You’ve two options, but both are risky and I have no responsibility what so ever happens to your data.

Option 1:

Remove one of the copies of the database from one DAG member

Delete the database folder copy from that member’s disk

Add the database copy again to the DAG member

Database index shows crawling for few hours, then healthy

Finally, you can use this new catalog to update other DAG members

Option 2 (have downtime):

Dismount all database copies on all DAG members

Shutdown Exchange searching services (two services) on all DAG members

Delete the catalog folder from all copies on all members

Restart Exchange searching services (two services) on all DAG members

All servers will start crawling


Import Using CSVDE with Unicode Switch Error

This is an old method, yeh I know. But not everyone moved on to the PowerShell yet.

Anyway, if you’re trying to import a CSV file to Active Directory, and got the error  message says:
Invalid file format. DN Attribute not defined

Just try to remove the Unicode switch “-u” from your command. If that works, then re-save (save as) the CSV file using Notepad, and make sure to select the unicode option, NOT the UTF-8

HTH some1

Reset Exchange Logs without Backup


You may come to a situation where the client is unable to use an Exchange aware backup solution, and for temporary situation, they cannot use the Windows backup. So basically you need to reset the Exchange LOGs without performing any actual backup.

This is applicable to Exch 2010 & 2013 on Windows 2008, 2008R2, 2012, and 2012R2
It works with single server, as well as DAG setups

Open elevated CMD

Run Diskshadow
Type “add volume E:”
(considering E: is the drive where LOG files exists)
Type “begin backup”
Type “create”
(This action will take some time, depending on the number of LOG files exist, and connection speed)
Type “end backup”

You should notice now the LOGs are being deleted

Make a full backup after this to protect the data