by

ADFS With Sophos XG Firewall

It’s basically simple process.
You may even use the Exchange ready-made firewall publishing policy as base for this one.
This is for SFOS 17.X

So, let’ move on:

1.      I assume you already have the SSL certificate installed properly on the XG box.

2.      Need to add the ADFS server to have a name under "Hosts andServices"

3.      Create new "Web Server" entry and use the host you added in step 1

4.      Create new protection policy with these settings:

a.       Set “Mode” to “Monitor”. You may use “Reject” if you’re concerned.

b.      Enable “Block clients with bad reputation”.

c.       Enable “Common threat filter”.

5.      Create new business rule with these settings:

a.       Hosted address “#Port2” assuming it’s the WAN port.

b.      Enable “HTTPS”.

c.       Select the SSL certificate, and add the URL under “Domains”.
For example “adfs.as7ablog.com”.

d.      Under “protected server(s)” select the ADFS server.

e.       Select the “Any IPv4” under “Access permission”.

f.        Select the protection policy you’ve created on step 4.

g.      Select the intrusion prevention policy if you like to.

h.      Enable "Pass host header"

by

Microsoft Teams Starts with White Page

If you search for this issue, you’ll find many results on the net regarding different reasons.

But, if you didn’t get into a result solving your case, you may need to check your user profile. If it’s not located on the default location or moved like I did in this article you’ll end up with above issue.

You can check this https://docs.microsoft.com/en-us/microsoftteams/known-issues for more details.

However, a workaround can be done by logging to another account that has the profile done properly, then copy the Teams folder from %userprofile%\AppData\Local\Microsoft to another location and create a shortcut for the Teams.exe file.
Although this will solve the startup issue as well as most of the functions, it won’t solve the download issue. Because the download folder is part of the profile.
So, you’ll need to right-click Downloads folder, select properties, and finally redirect the file location to the exact current location instead of using Symlink.

HTH some1,

by

Move Single User Profile to Another Location Manually

Yes,

There seems to be lack of such details on the Internet. All articles I came across were manipulating Windows registry in order to redirect the location of “C:\Users” folder.

Only this article mentioned the solution I wanted
https://www.easeus.com/pc-transfer/move-users-folder-to-another-drive-windows-10.html

Now, basically as it suggested, create a symbolic link of the folder. If you don’t know about symbolic links, please google it.
You’ll need to perform the following steps from another administrator account on the same computer, and make sure the targeted user is signed out, or even better you have fresh OS boot before you start these steps.

So first step is to create a new folder in the new location/path and assign the right permissions (usually full control for the profile owner, the system, and the local administrators group).

Second step, move all contents from old location to the new location. Probably you will not be able to move the symbolic links inside the profile’s folder. Don’t worry, we will re-create them.

Third step, rename the old profile folder (something like MyAccount ==> MyAccount.old).

Fourth step, create link to new location using the old name. To do that, open command line in elevated mode (click on start, type “cmd”, right click on “Command Prompt”, select “Run As Administrator”) and then execute the following command:
mklink /D “Name of old folder” “Full or relative path to new location and folder”
Example:
mklink /D “MyAccount” “E:\Encrypted Folder\MyNewProfileFolder”

Now, what is remaining is the symbolic links inside the profile by navigating to the new location, then execute the following commands based on path

Under Documents folder:
mklink /J “My Music” E:\Encrypted Folder\MyNewProfileFolder\Music
mklink /J “My Pictures” E:\Encrypted Folder\MyNewProfileFolder\Pictures
mklink /J “My Videos” E:\Encrypted Folder\MyNewProfileFolder\Videos

Under profile folder root:
mklink /J “Application Data” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming”
mklink /J “Cookies” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Local\Microsoft\Windows\INetCookies”
mklink /J “Local Settings” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Local”
mklink /J “My Documents” “E:\Encrypted Folder\MyNewProfileFolder\Documents”
mklink /J “NetHood” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Network Shortcuts”
mklink /J “PrintHood” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Printer Shortcuts”
mklink /J “Recent” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Recent”
mklink /J “SendTo” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\SendTo”
mklink /J “Start Menu” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Start Menu”
mklink /J “Templates” “E:\Encrypted Folder\MyNewProfileFolder\AppData\Roaming\Microsoft\Windows\Templates”

Of course, you need to replace values as need on your computer.
HTH,

by

Recover DC with Only System State Backup

Have you ever had to restore an Active Directory Domain Controller from scratch with only System State backup?

If so, and you already looked over the Internet, probably no direct results mentioned that procedure, basically due to it’s simplicity.

Indeed simple procedure. Starts by building (format and install Windows OS) the server and install all the updates to match the same version and edition used on the original DC.

Enable all features and roles needed and were on the original DC, but do not configure any of it.

Isolate the server, you may use an isolated port or simply change the IP address to something not in that subnet, to avoid conflicts and service interruption.

Promote to domain controller as new domain in new forest. Better to use the original names of DC and domain.

Reboot to DSRM, and login.

Start the system state restore process.

Once done and rebooted, check the event log for any critical / serious messages. If not exist, then you can connect to the network and resync with other domain controllers.

I’ve successfully applied this on Windows 2012R2 and will soon test it again with 2016 and 2019 servers.

However, I still strongly recommend you have the bare metal backup, and perform restore testing every six months.

HTH,

by

Tips for Me on Cisco Voice IOS

Hi,

I wrote this basically for my own remembering:

1. show call leg active / sh call leg act sum

Helps find active calls running on the voice gateway live.

2. sh call leg act | in Port

Helps filter which ports are being used in case I need to follow it with “shut/no shut” to reset hang ports.

3. csim start <number_to_dial>

Initiate a call from the voice gateway to the number.
Very helpful in troubleshooting voice routes.

4. debug voice ccapi inout / debug cch323 all / debug ip tcp transaction

Along with “csim” and “terminal monitor” it can provide great tool.

5. Check TCP ports on CUCM

As simple as “telnet <ip_address> 1720 / 1719 / 2000 / 2001” can help pointing a communications issue.

HTH,