Godaddy having login issues

@Obsolesce said in I just thoroughly helped someone solve their problem on Spiceworks:

People like to repeat replies there just for the points, like the 5 or so there in your case.

Like most of the people that replied to this post ? sound familiar

Intermedia Exch080 server still down supposedly an issue with security... no many updates and it has been more than 24 hours.

@Dashrender said in Website not working - looking to troubleshoot:

We are having issues connecting to our EHR website - this will be a long post, I hope to answer most questions in this post, please read the whole thing.

First things first: Windows 2012R2 and Windows 2016 AD/DNS servers, Windows 10 1703-1803 clients, SonicWall firewall

Client machines can access the logon page (most but not 100% of the time during an outage). Assuming they get a logon prompt, they are offered to pick their location (the typical second page after logging in), Then either the page displays - This page cannot be displayed - or it just sits white.

All other LAN traffic seems fine - can reach printers, file shares, email (locally hosted), etc.
All other WAN traffic seems fine - can reach google and search for random things and visit those pages without issue.
EHR vendor had me specifically test www.bankofamerica.com - and that did work!

When I ping the EHR server (https://athenanet.athenahealth.com) it resolves (208.78.143.100), and replies to the ping.

I asked my neighboring office (they have their own connection to Cox) to try getting to the website, and while we were not getting the logon page, nor were they.

Thoughts on what to try next?

DO a tracerroute to the site from your location. Then try it from a mobile hotspot and check where they differ, we have that issue today with one of our customers to a state site and the Verizon and Level3 routing is going crazy, on the Sonicwall we did a routing through the secondary ISP and it works fine.

@WrCombs said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Happy Thursday!

Wipe it

you'd think right?
but no- boss told me to quarantine and then delete. restart and run another scan.

Okay... man I don't know what they are doing there.

@Dashrender said in Website not working - looking to troubleshoot:

assuming pinging is working - why would tracerts be helpful?

To locate which route fails on your end.

Maná - Rayando el Sol
Youtube Video

@Mike-Davis said in printer VLAN firewall rules:

@JaredBusch said in printer VLAN firewall rules:

@Mike-Davis said in printer VLAN firewall rules:

So just allow full communication from the guest-wifi VLAN to the PrinterVLAN and do the same for the DefaultVLAN to the PrinterVLAN? Seems like you would want to block port 80/443 from the guest-wifi to the PrinterVLAN to block guests from trying to get to the admin interfaces on the printers.

No, I said why make a printer VLAN in the first place? It is still going to have full capabilities back to the LAN.

So having a rule between the guest VLAN and the LAN or the guest VLAN and the printer VLAN is no different.

I'm thinking have a printerVLAN so I can only allow port 9100 from Guest-wifi to printerVLAN.

That's the only thing I have done when I need to on Sonicwall or any other firewall rules.

Monsterjam trucks with the Kids

@StuartJordan said in SPAM Filtering with Zimbra:

Don't know if you want to try these: https://www.mxguarddog.com/
think it's only $0.25 per mailbox per month....

For my personal test, I just started using them. But other than that we use Barracuda CLoud and Mimecast on other servers that are on production.

BEst luck on your next venture!

@wirestyle22 said in Deprecation of the TLS-SNI challenge:

Received this error when trying to renew my LE cert via Certbot

Incorrect validation certificate for tls-sni-01 challenge.

From Certbot's website:

"Under the hood, plugins use one of several ACME protocol challenges to prove you control a domain. The options are http-01 (which uses port 80), tls-sni-01 (port 443) and dns-01 (requiring configuration of a DNS server on port 53, though that’s often not the same machine as your webserver). A few plugins support more than one challenge type, in which case you can choose one with --preferred-challenges."

sudo certbot renew --preferred-challenges http worked. My question is, is just an http challenge the correct way to do this?

I just started doing my challenges through DNS but some might think it is not the best. For me it works with CloudFlare.

@CCWTech said in What Are You Watching Now:

Medal of Honor - Netflix

I can only watch an episode every few days. It's just unbelievable what some of the men featured went though. One of the best shows I have ever seen.

It was good! I love those type of shows.

@travisdh1 said in SPAM Filtering with Zimbra:

@dbeato I'm a fan of using their RBL list. Anyone know if that's still available for free?

You can still use it but request access to it
http://www.barracudacentral.org/rbl/how-to-use

Working from home

@travisdh1 said in SPAM Filtering with Zimbra:

@dbeato I'm a fan of using their RBL list. Anyone know if that's still available for free?

@travisdh1 also the server is b.barracudacentral.org

Testing Zimbra 8.8.15 for Ubuntu 18.04

https://www.zimbra.org/download/zimbra-collaboration
https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3829.UBUNTU18_64.20190718141144.tgz

@Mike-Davis said in Microsoft Multi factor auth down worldwide:

@Obsolesce said in Microsoft Multi factor auth down worldwide:

So how do you get in now?

You don't. You sit and stew and think about the credit you're going to put in for when it comes back up.

Unless your user has the 14 day cookie on their account, we have partial outage because of that.

Finally a decent KB on the issue I have encountered with Amazon EC2 instances on Ubuntu and Debian lately
https://www.vultr.com/docs/force-apt-get-to-ipv4-or-ipv6-on-ubuntu-or-debian

@siringo said in Run RSAT tools. Non domain joined PC?:

@IRJ said in Run RSAT tools. Non domain joined PC?:

@Obsolesce said in Run RSAT tools. Non domain joined PC?:

@siringo said in Run RSAT tools. Non domain joined PC?:

@JaredBusch said in Run RSAT tools. Non domain joined PC?:

@siringo said in Run RSAT tools. Non domain joined PC?:

Anyone know of a way in which I can run the Windows RSAT tools from my non domain joined W10 PC?

I go from client to client and I'm hoping to be able to run the Windows admin tools from my PC.

Or anyone know of an alternate program that may work?

That is totally not how any of that works.

About the only thing that I can think of is to simply right click and run as.

But you also will run into the problem that RSAT tools are different on ever system

Nah, that'll only run the app as whoever on the local PC, it doesn't parse auth credentials to the external entity.

This works "runas /netonly /user:domain\username "mmc dsa.msc /server=REMOTEDC" but you have to run it from a cmd/powershell box & wait for the password prompt. It's also fiddly if you want to work in different apps that reside within different domains.

That's the beauty of security. Some outsider can't just come in to someone's network with their own hardware and successfully connect from all the RSAT tools.

Isnt that what PAW is for?

What is PAW?

Privileged Access Workstations

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations