Monday, April 15, 2019

SuperMicro - Control Fan Speed via IPMICFG (Command Line)

Issue:

Need to change the fan speed for SuperMicro servers.

Resolution:

  1. Download and extract IPMICFG on the target server
  1. Open CMD prompt as ADMIN
  2. Change Directory to the extracted folder, and drill down to the Windows\64bit folder
    1. EXAMPLE: cd c:\ADMIN\Installs\IPMICFG_1.29.0_build.181029\Windows\64bit\
  3. To view the current Fan Profile
    1. RUN: IPMICFG-Win.exe -fan 
  4. To change the current Fan Profile
    1. RUN: IPMICFG-Win.exe -fan x
      1. x can equal one of the following:
        1. 0 for Standard (BMC control of both fan zones, with CPU zone based on CPU temp (target speed 50%) and Peripheral zone based on PCH temp (target speed 50%))
        2. 1  for Full (all fans running at 100%)
        3. 3 for PUE2 Optimal (BMC control of the CPU zone (target speed 30%), with Peripheral zone fixed at low speed (fixed ~30%))
        4. 4 for Heavy IO (BMC control of CPU zone (target speed 50%), Peripheral zone fixed at 75%)
      2. EXAMPLE: To set fans to Standard
        1. RUN: IPMICFG-Win.exe -fan 0

Source:

IMPICFG_UserGuide.pdf (in the zip downloaded in step 1a)

Windows Update - Defer feature updates and Delivery Optimization

Issue:

You do not want Windows Machines in your AD environment to update automatically on Patch Tuesday 

Resolution:

  1. Create a new group Policy 
  2. Set Windows Components>Windows Update>Defer Windows Updates>Select when Feature Updates are received to: enabled
    1. Set Branch Readiness level to: Current Branch for Business (this feature is being deprecated soon, but it won't hurt to have it on)
    2. Set After a feature update is released, defer receiving it for this many days to: 30
  3. Set Windows Components>Delivery Optimization>Download Mode to: Enabled
    1. Set Download Mode to: Group 2 (Group 2 only allows the P2P sharing of an update on devices in the same Active Directory Site)

Source:

Friday, October 20, 2017

Sophos Endpoint Protection - Uninstall without Tamper Protection Password

To uninstall Sophos Endpoint Protection, or install a new copy if you are not able to disable the tamper protection, follow the directions below

1. If BitLocker is enabled, suspend it. You will need to boot into safe mode and BitLocker will trigger if it’s not suspended
2. Create a .reg file with the info below, and save it to the desktop
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\SavService\TamperProtection]
"Enabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config]
"SAVEnabled"=dword:00000000
"SEDEnabled"=dword:00000000
            
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos MCS Agent]
"Start"=dword:00000004
3. Restart the computer in Safe Mode
Start>Settings>Update & Security>Recovery>Restart Now (Under the Advanced Startup Section).
Then when the blue screen pops up, click on Troubleshoot>Advanced Options>Startup Settings> Restart
Press number 5 for Safe Mode with Networking
4. Right click on the .reg file you created and click merge.
5. Reboot into Windows normally, and then you are able to uninstall or install over the current Sophos installation.

Monday, October 9, 2017

BitLocker Triggering Every Reboot - One Possible Cause and it's Solution

We had a few machines that were triggering BitLocker every time they rebooted. We tracked the issue down to the fact that SSD were formatted as MBR, and the BIOS mode in System Info was showing as legacy.

(We had 4 brand new machines with the same hardware and the only difference was that the 2 that were working were GPT and UEFI, and the 2 that weren't were MBR and Legacy)

This is how I fixed it:

  1. I suspended Bitlocker but did not turn it off (I tried one computer with turning it off and it wasn't good... had to rebuild the machine to get the TPM working with bitlocker)
  2. I converted the SSD to GPT (Read my directions here)
  3. Made sure I set the BIOS options to UEFI
  4. Booted back into windows, and bitlocker wasn't working. When I tried to manually reactivate bitlocker it gave an error saying "The system cannot find the file specified"
  5. Rename or Delete the  REAgent.xml file (in C:\Windows\System32\Recovery) to fix the error from Step 4
  6. Manually activate BitLocker again and it works. 
  7. Reboot a couple of times to test. Everything works! No more triggering of Bitlocker.

Convert MBR System Disk to GPT for Free! - Windows 10 - 1703

We had an issue recently where the solution was to convert the system disk from MBR to GPT. We didn't want to rebuild the computer, and didn't want to pay for some of the commercial tools out there. The fix as it turns out is built into Windows 10 (1703).

To convert the disk, Microsoft has made a little command line tool called mbr2gpt.

To use it is simple:


  1. Boot into Windows Recovery
    1. Select the Start  button, then choose Settings
    2. Select Update & security  > Recovery.
    3. Under Advanced startup select Restart now.
    4. After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options> Command Prompt
  2. Confirm the disk number you want to work on. If you only have one disk, it should be Disk 0
    1. Type "diskpart" to start the DiskPart Tool
    2. Type "list disk" to view the disks.
    3. Type "Exit" after you determine which Disk you want to edit. In this case, Disk 1 contains my Windows installation.
  3. run "mbr2gpt /convert /disk:X" (Replace X with your disk number)
  4. When it completes, your System disk will be converted to GPT. Make sure you make the appropriate BIOS/UEFI changes to allow you to boot to UEFI instead of Legacy.

Friday, September 29, 2017

Domain Accounts instantly locking out after unlocking them

We deployed a lockout policy for a client and they had a couple of user accounts that were immediately getting locked out again after we unlocked them. I dug around and tried to figure out what was going on. MS Server doesn't have the best reporting for accounts locking out, but I found a Freeware tool that did a excellent job helping me troubleshoot the issues.

It is called Netwrix Account Lockout Examiner and it is a lifesaver when it comes to trying to diagnose these issues. You can download it here: https://www.netwrix.com/account_lockout_examiner.html

Using that tool, I was able to figure out that the login attempts that were locking the user accounts were brute force attacks coming in on RDP on the desktop machines.

We use non-standard ports other than 3389 for RDP at this client, but they were using the correct port and the correct username for the computers. I used a free 30 day demo of  RDPGuard (https://rdpguard.com) to block the incoming brute force attack by automatically adding a deny rule for the originating IP address to the windows firewall. It looks like the 2 ip address it caught were hitting our systems from Russia. As soon as RDPGuard  did its job, the accounts stopped locking out instantly.

We have since changed how the users remote in at this client to a much more secure process so we have less of a chance of this occurring again. As we all know, no form of security is absolutely perfect.

Anyways, I will have to look into purchasing RDPGuard for protecting our public facing servers. It never hurts to have an extra layer of security. It can also protect other protocols like ftp, sql, iis and others.

(This is a not a sales pitch for either of these programs. I just like to share tough fixes, and neat tools when I find them.)

Thursday, July 13, 2017

Check Replication Status of Domain/Forest

Source: https://technet.microsoft.com/en-us/library/dd464018(WS.10).aspx

"Run the following Repadmin.exe command to ensure that replication is working throughout the forest:

repadmin /replsum /bysrc /bydest /sort:delta

All domain controllers should show 0 in the Fails column, and the largest deltas (which indicate the time that has elapsed since the last successful replication) should be less than or roughly equal to the replication frequency of the site link that the domain controller uses for replication. The default replication frequency is 180 minutes."