Archive for the ‘Networking’ Category

Delete dead DC from domain

March 1, 2018

OK so this post is going to be unusual for me cos I’m just going to post some links for now cos lots of other people have created nice guides.  It’s just a matter of trying to find them!

First one for us lazy folks… the GUI option;

Second is more traditional NTDSUTIL;

Third, everyone else;

More as I find them… I might even make a guide myself but right now I don’t have the time.


Windows Server 2016 Security Tab on OU’s

February 28, 2018

Why oh why Microsoft? By default, they decided to HIDE the security tab on Organizational Units. Sigh.

So in order to unhide (even though you’re a domain admin) you need to do the following;

  • Open Active Directory Users and Computers
  • Click View > Advanced Features.
  • Now, you will see the security tab when you get properties on an OU.

I really don’t know why this “feature” was added but there you have it.

Meraki VPN using AD

February 27, 2018

Key points;

  • Using Meraki VPN and want to use Active Directory.
  • Verified that it works with Meraki authentication.
  • Doesn’t work with Active Directory.

We had this issue with a client that had used an Windows Server 2003 AD server. Worked fine but I forgot how I had set it up and when we got them moved over to a shiny new 2016 server it broke the VPN and sharing.

Here’s the fix on the AD Server;

  • On new server create a self signed certificate.
    • If you don’t know how to do that follows these instructions;
    • Install IIS via Server Manager.
    • Once installed Click on Server Certificates under your IIS Server.
    • Click on Create Self-Signed Certificate.
    • Give it a name (can be anything) and choose Personal.
  • Now that you have a cert you can move to the next step which is Firewall.
  • Create a Firewall rule to open port 3268. This is the Meraki means of communication.

Now on the Meraki;

  • Go to Security Appliance > Client VPN
  • Under Authentication choose Active Directory.
  • Under Short domain, Server IP, “Domain Admin” and Password, fill those in with the relevant info. The Domain admin is the authentication user you’ll need to create to allow the Meraki to verify that the user is allowed.
  • At this point you will want to put the “Domain Admin” (not an actual domain admin! but the VPN authentication user) into a separate OU to wall off these VPN users. Instructions on how to do this will have to wait… I will update.

Should work now 🙂

nsurlsessiond uploading data

November 8, 2017

I traced this to the Photos App on Mac uploading all photos to an iCloud account.

To go preferences in the Photos app and turned it off.

It’s a shame that Apple don’t have a scheduled option to sync out of business hours for example but it is what it is.

Can’t join a Windows 2012 server to a 2003 forest

January 21, 2017

Simple solution but here’s the scenario;

I had to replace a 2003 server with a 2012 server. So the original forest and domain is 2003 (I had to upgrade that from 2000!) but when I tried to promote the 2012 server to a DC it balked with this error;

“A domain controller running 2008 or later could not be located in this domain.”

I did some digging and found that it’s really not stopping you but prompting you to put in a recovery password. Thanks for the intuitive message MS.

So simply type in a recovery password and it will allow you to continue the promotion.


Meraki Client VPN woes

January 7, 2017

I just spent two + hours trying to figure this out.

Setting the scene;

L2TP client VPN intermittently working…

Client VPN’s had been working just fine with a mix of Mac and Windows.

Today it might take 10 attempts to connect before it’s successful!

I will get right to the point. The issue was caused by a combination of Meraki having a bug and Comcast’s DNS being terrible.

We had configured our MX device to use Google’s DNS as primary and Comcast as secondary.

Beleive it or not but the problem was caused because of putting Comcast’s DNS in as a secondary. This is bug with Meraki as I said because all the DNS servers are referenced when the VPN is attempting to estabish. If ANY of the DNS servers don’t respond or are very delayed then your VPN won’t work.

The fix? Changed the secondary to Google’s secondary ( and boom. Works flawlessly.

[Emoji with the rolling eyes]

Stay strong out there 🙂

Computer won’t get an IP address

December 19, 2016

OK so first off this is a VERY unusual post for me because I didn’t figure out the cause of the problem.

What I wanted to do was to save you time (hopefully) in fixing the issue!

To that end, of course try the obvious things like connecting to a different network or using a different adapter (wired vs wireless) but if all else fails, simply run a System Restore to when it WAS working.

If I had taken this advice it would have saved me hours of investigative work 🙂

I’m sorry I don’t have the answer to the problem but this is at least a fix. (or it was for me anyway)

Office files won’t open from a shared drive but DO if copied locally

February 1, 2016

Weird would be a good word here…

Anyway long story short (as always) it was caused by corruption in the OFFICE profile – location found below.

Just rename the office folder – of course making sure you don’t have any office apps open at the time.

  • Rename %APPDATA%\Local\Microsoft\Office to something like Office.old.

Open Word (or Excel, etc.) by it’s self (not loading a file) and then close the application.

Then go open that pesky network file and it should fix it.


Access denied from browser to router

January 11, 2016

Browser denies access to router because security has been tightened on most browsers!

Quick and easy work around is to use Firefox and change the config as below;

Open Firefox and go to the about:config page

  • set security.ssl3.dhe_rsa_aes_128_sha = 0(false)
  • set security.ssl3.dhe_rsa_aes_256_sha = 0(false)

Close the browser and reopen (just to be safe) and you should be fine.