Archive for the ‘Networking’ Category

Windows Server 2008 FTP setup issue

March 26, 2019

I won’t go into WHY I was setting up a WINDOWS server with FTP but I wanted to share a little troubleshooting tip.

The standard setup is super simple – just install IIS (6 or 7 for server 2008) and then add FTP as an option.

You can mess around with the permissions, ports numbers, users, etc.

What tripped me up, and it’s obvious in hindsight, is the port numbers. I had wrongly assumed that if I change the port number for the FTP server (which is recommended anyway) from the default, Windows would update the firewall. It does NOT update the firewall… Doh.

A quick disable of the standard FTP firewall rule and creation of a new one with the new port number fixed the issue.


Missing Computer Browser service?

May 24, 2018

There are various ways that this service can be uninstalled or removed but a quick a simple way to get it back is as follows;

Open Control Panel  >  Add/Remove Programs

Go to Windows features.

Scroll down the list to see if SMB 1.0/CIFS File Sharing Support is installed.  If not, check the box and install it.

That should fix the issue.

Meraki blocking File and Print on LAN

April 16, 2018

Trying to restrict a PC using group policy within Meraki.

I add the MAC addresses of wifi and Ethernet NIC’s and then proceed to restrict as much as I can through the reduced license that Meraki sell (not the bells and whistles version) and so I add everything I can think of that I would like to restrict…

Screen Shot 2018-04-16 at 4.45.18 PM

Which is all good… except when I try to get to the local file server.

Long story short, the “File Sharing” rule will kill any UNC or print connection!

Take out that rule and you’re good to get to the local shares and print to the local printer. The thing that got me was that I could ping the servers and printers – even setting up the printer too!

Anyway, in this case, delete rule #11 and you’re golden.

Delete dead DC from domain

March 1, 2018

OK so this post is going to be unusual for me cos I’m just going to post some links for now cos lots of other people have created nice guides.  It’s just a matter of trying to find them!

First one for us lazy folks… the GUI option;

Second is more traditional NTDSUTIL;

Third, everyone else;

More as I find them… I might even make a guide myself but right now I don’t have the time.

Windows Server 2016 Security Tab on OU’s

February 28, 2018

Why oh why Microsoft? By default, they decided to HIDE the security tab on Organizational Units. Sigh.

So in order to unhide (even though you’re a domain admin) you need to do the following;

  • Open Active Directory Users and Computers
  • Click View > Advanced Features.
  • Now, you will see the security tab when you get properties on an OU.

I really don’t know why this “feature” was added but there you have it.

Meraki VPN using AD

February 27, 2018

Key points;

  • Using Meraki VPN and want to use Active Directory.
  • Verified that it works with Meraki authentication.
  • Doesn’t work with Active Directory.

We had this issue with a client that had used an Windows Server 2003 AD server. Worked fine but I forgot how I had set it up and when we got them moved over to a shiny new 2016 server it broke the VPN and sharing.

Here’s the fix on the AD Server;

  • On new server create a self signed certificate.
    • If you don’t know how to do that follows these instructions;
    • Install IIS via Server Manager.
    • Once installed Click on Server Certificates under your IIS Server.
    • Click on Create Self-Signed Certificate.
    • Give it a name (can be anything) and choose Personal.
  • Now that you have a cert you can move to the next step which is Firewall.
  • Create a Firewall rule to open port 3268. This is the Meraki means of communication.

Now on the Meraki;

  • Go to Security Appliance > Client VPN
  • Under Authentication choose Active Directory.
  • Under Short domain, Server IP, “Domain Admin” and Password, fill those in with the relevant info. The Domain admin is the authentication user you’ll need to create to allow the Meraki to verify that the user is allowed.
  • At this point you will want to put the “Domain Admin” (not an actual domain admin! but the VPN authentication user) into a separate OU to wall off these VPN users. Instructions on how to do this will have to wait… I will update.

Should work now 🙂

nsurlsessiond uploading data

November 8, 2017

I traced this to the Photos App on Mac uploading all photos to an iCloud account.

To go preferences in the Photos app and turned it off.

It’s a shame that Apple don’t have a scheduled option to sync out of business hours for example but it is what it is.

Can’t join a Windows 2012 server to a 2003 forest

January 21, 2017

Simple solution but here’s the scenario;

I had to replace a 2003 server with a 2012 server. So the original forest and domain is 2003 (I had to upgrade that from 2000!) but when I tried to promote the 2012 server to a DC it balked with this error;

“A domain controller running 2008 or later could not be located in this domain.”

I did some digging and found that it’s really not stopping you but prompting you to put in a recovery password. Thanks for the intuitive message MS.

So simply type in a recovery password and it will allow you to continue the promotion.


Meraki Client VPN woes

January 7, 2017

I just spent two + hours trying to figure this out.

Setting the scene;

L2TP client VPN intermittently working…

Client VPN’s had been working just fine with a mix of Mac and Windows.

Today it might take 10 attempts to connect before it’s successful!

I will get right to the point. The issue was caused by a combination of Meraki having a bug and Comcast’s DNS being terrible.

We had configured our MX device to use Google’s DNS as primary and Comcast as secondary.

Beleive it or not but the problem was caused because of putting Comcast’s DNS in as a secondary. This is bug with Meraki as I said because all the DNS servers are referenced when the VPN is attempting to estabish. If ANY of the DNS servers don’t respond or are very delayed then your VPN won’t work.

The fix? Changed the secondary to Google’s secondary ( and boom. Works flawlessly.

[Emoji with the rolling eyes]

Stay strong out there 🙂