We use cookies on this page to better serve you. You can find more information about cookies here.

Latest posts

Palo Alto Predefined IP Commit Error Fix
by

In this post I will detail how to resolve the Palo Alto commit error when trying to commit a predefined IP list.

Below is an example of the error

Validation Error:
external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url 'panw-torexit-ip-list' is not a valid reference
external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url is invalid

I’ve commonly ran into the issue on a fresh Palo Alto setup right after loading the day 1 configuration and trying to make that commit.

Here is step-by-step how to fix the predefined IP list error.

  • Login to the Palo Alto firewall.
  • Click on Device
  • Click on Dynamic Updates
Read more
FixesIT
FirewallFixHow ToNetworkingPalo Alto NetworksPAN-OS

Onyx (MLNX-OS) Upgrade
by

In this post I will show you how to upgrade your switch running Onyx (MLNX-OS). I will detail how to do it via command line and via the web interface.

The best way to make sure your upgrade is a success is to plan your upgrade path. I recommend following the upgrade paths as sometimes jumping from an old version to the newest version isn’t supported and could lead to issues.

When Nvidia purchased Mellanox some of the upgrade path planning resources became locked away behind a login/pay wall. One of the items behind the wall are the detailed release notes.

The release notes are the documents that will tell you exactly which versions are supported on which switches and what your upgrade path should be as sometimes direct upgrades skipping version can cause issues.

You get access to the release notes on your switch directly but only for the version you are currently running. I tried to see if I could extract the release notes from the upgrade image but they seem to be stored as blobs and I couldn’t figure out a way to open them.

Fortunately Onyx is used by other OEMs like Hewlett Packard Enterprise for example. You can find a public version of the upgrade path the HPE documentation here.

My SN2410 switch was originally running version 3.6.6102 my upgrade path was the following

  • 3.7.1134
  • 3.8.2204
  • 3.9.1020
  • 3.9.3302
  • 3.10.2102
  • 3.10.4006

With the upgrade path planning out of the way I will now show you step-by-step how to upgrade Onyx (MLNX-OS) via CLI or the Web UI.

The CLI Way

  • SSH into the switch.
  • Run the show version command to see what version you are currently running.
Read more
IT
FirmwareHow ToMellanoxMLNX-OSNetwork OSNetworkingNvidiaOnyxSwitchUpdateUpgrade

Create Active Directory Central Store
by

The default setup of Windows Active Directory is no central store. A central store is a central place to store your group policy definitions. If you only have one domain controller and make all your GPOs (Group Policy Objects) on that domain controller this likely wouldn’t be much of a problem.

The limitations start to show their faces when you have a second domain controller or you use a different system to make your GPOs. They also show up if you import GPOs that were build using newer group policy definitions. If you want to know how to import GPOs from another system I detailed the full process in a post called GPO Export and Import.

When you create or edit a GPO with the Group Policy Management Editor it checks to see if it can find a central store, if it can’t find one or if none exist it uses the group policy definitions from your computer which are stored in C:\Windows\PolicyDefinitions.

GPO not using the central store

Here’s how to create an Active Directory Central Store for all your group policy definitions on your domain.

Read more
IT
Active DirectoryCentral StoreGPOHow ToMicrosoft

Moving Windows Recovery Partition Correctly
by

Recently I needed to expand a disk on a Windows 10 VM and a Windows Server 2022 VM, but I couldn’t because the Recovery Partition was in the way.

When searching for a way to do this I discovered that the internet is full of posts about simply deleting the Windows Recovery Partition. I am not a fan of simply deleting a recovery tool. On numerous occasions the recovery partition has been instrumental in helping me to fix a system.

If you search for how to move the Windows Recovery Partition the internet has many posts of fake ways to do it or ways to do it with third-party tools like GParted. I have nothing against third-party tools or GParted and I don’t doubt some of those methods do work. The issue I have with those methods is that you have to take the system offline in order to do them or the tools cost money.

Now yes you could just delete the Windows Recovery partition, but before you do that make sure you understand that you will lose a bunch of recovery options. You can read more about the recovery options you’ll lose in an earlier post I made about the Windows Recovery Partition.

Here’s how to correctly move the Windows Recovery Partition on a Windows server or a normal Windows system.

Read more
IT
EUCHow ToMicrosoftRabbit HoleRecoveryServersVirtual MachinesWindowsWindows Server

Microsoft 365 Enable Organization Customization
by

Right out of the box the initial configuration of Microsoft 365 (aka Office 365) isn’t bad, but there’s a lot more you can do to harden it and to make it fully yours.

By default all Microsoft 365 tenants are in a state that is called dehydrated. Microsoft places all the tenants in this state in order to save space, as there are likely many Microsoft 365 tenants that will never change anything past the defaults, but that’s no fun.

In order to rehydrate our Microsoft 365 tenant to allow for a whole number of customizations we need to enable something that is called organization customizations.

Once we have enabled organization customizations we will be able to customize a lot more things in our Microsoft 365 tenant.

Here’s how to do that.

The Process

  • Connect to Exchange Online with PowerShell
  • Double check the hydration status of your Microsoft 365 tenant by running the following command Get-OrganizationConfig | FL isDehydrated
Read more
IT
CustomizeExchange OnlineHow ToMicrosoftMicrosoft 365Office 365PowerShell

Intune Silently Enable BitLocker
by

When you are managing devices with Microsoft Intune aka Microsoft Endpoint Manager it’s great to control BitLocker but silently enabling BitLocker for all devices is even better.

Here is everything you need to know to silently enable BitLocker with Intune.

Disk Encryption Policy Profile

First up we need to create a disk encryption policy profile that we can use later on with our configuration profile. The Disk Encryption Policy Profile by itself really does nothing other than defining the settings that will apply when referenced by a configuration profile.

  • Login to Microsoft Intune admin center
  • Click on Endpoint Security
  • Click on Disk encryption
  • Click on Create Policy
Read more
IT
BitLockerEUCHow ToIntuneMicrosoftMicrosoft Endpoint ManagerWindows

VMware Horizon Customize Web Portal
by

VMware Horizon’s web portal has a decent appearance out of the box. However, I wanted to customize it to make it look like my own.

If you have a customized login background on your Microsoft 365, it could be beneficial to create a consistent end-user experience by making them look similar.

I couldn’t find any official documentation from VMware about this. I suspect the customizations might break when you upgrade to a new version of VMware Horizon. With all of that aside altering the images on the HTML portal is actually really straightforward.

Here’s how to change the default background and the default logo on the VMware Horizon HTML web portal.

  • Go to your current VMware Horizon web portal and right click on the VMware Horizon logo and select Open image in new tab
  • You will now have a new tab that has a URL that looks something like this horizon.yourwebsite.com/portal/webclient/icons-21414280/logo.png
Read more
IT
CustomizeEUCHow ToVMwareVMware Horizon

ESXi Config Restore
by

Having a backup is great, but it only helps if you know how to restore it. Previously I showed you how to take an ESXi Config Backup. Now let me show you the process to restore that ESXi config backup.

The Process

  • Make a note of your current ESXi build number and the build number of the ESXi config backup file.

If you aren’t sure how, here’s a post I made about how to get your ESXi Build Number without vCenter for your current ESXi and your ESXi config backup file.

Your current ESXi build number and the ESXi build number in the ESXi config backup file must match.

Technically you can still restore with mismatching build numbers however that is a bug and it could cause unexpected behavior and based on VMware’s documentation it would likely not be supported if something goes wrong later on.

You can read more about this bug on my post called ESXi Config Restore Bug.

  • Rename the ESXi config backup file you want to restore to configBundle.tgz
  • Enable SSH by right clicking on the host and selecting Services > Enable Secure Shell (SSH)
Read more
IT
ESXiHow ToRestoreVMware

Onyx (MLNX-OS) BIOS Password Reset
by

Recently I’ve been playing with some Nvidia/Mellanox switches specifically the SN2410. An issue that I ran into was that I didn’t have the BIOS password.

All of the documentation says that the default BIOS password is admin. That password did not work on my switch.

You can absolutely use the switch even without the BIOS password, however it may limit some of your options in the future specifically recovery options if needed.

The documentation that I found says that if the default password doesn’t work you need to contact Mellanox/Nvidia support. The issue with that is I’m playing with this switch in my home lab so I don’t exactly have a support contract to contact support.

I took the switch apart and there doesn’t appear to be a CMOS battery to pull to clear the BIOS either. There might be a jumper for it but it wasn’t obvious which one it might be and I didn’t want to risk breaking it.

Inside the SN2410 switch

In the end I ended up figuring out a way to reset the BIOS password back to default.

Here’s how to do it.

Read more
IT
BIOSHow ToMellanoxMLNX-OSNetwork OSNetworkingNvidiaOnyxSwitch

Intune Dynamic Device Groups
by

Intune aka Microsoft Endpoint Manager can be extremely powerful but as it always goes with great power comes great responsibility.

To make sure I’m only targeting the devices I want, I like to make a few dynamic device groups that I’ll use for various Intune policy targeting.

The dynamic device groups I create are:

  • Windows AAD Joined for all the Windows devices joined to Azure AD.
  • Windows Hybrid AAD Joined for all the Windows devices that are hybrid joined to Azure AD.
  • Windows AAD Registered for all the Windows devices that are registered to Azure AD this is typically BYOD (Bring Your Own Device).
  • Windows Personal for all the personal Windows devices.

By creating these groups I can correctly target my Intune policies to always have the intended outcome.

Here are the dynamic membership rules I use for the dynamic device groups.

Read more
IT
Active DirectoryAzure ADDynamic GroupIntuneMicrosoftMicrosoft Endpoint ManagerWindows
theDXT on GitHub
theDXT on Twitter
theDXT on YouTube