How to Infrastructure.

If your deploying the Splunk Forwarder to send event logs to your Splunk servers, you may or may not know that it doesn't just grab your logs and send them off.  Binds to a port for some reason.  By default it grabs 8089. If you're in a decent sized environment, which if you can afford Splunk I assume you are, then you will probably find at least 1 existing app that is already using that port and that's where this post comes in. The problem will present itself by you trying to start the Splunk service and the Splunk service telling you, "nope I am not starting." First thing to check is the log file.  This can be found in the install directory under the var\log\splunk subfolders.  By default, the full path will be c:\program files\SplunkUniversalForwarder\var\log\splunk. Once you're here, open up the splunkd.log file.  Scroll through for something listed as FATAL.  In our case, that shows HTTPServer - Could not bind to port 8089.  Now if you...

Got yourself a Hyper-V host on a nice HP server and can't connect to it remotely from the Hyper-V manager?  You are not alone.  Assuming your error is something like the error below then I may be able to help. The WS-Management service cannot process the request.  The class Msvm_RegisteredProfile does not exist in the root/interop namespace. This has something to do with the HP tools messing with the registration of the MOF's.  All we need to do to fix it is register the MOF files.  To do this, open an administrative command prompt on the server and run the following command. MOFCOMP %SYSTEMROOT%\System32\WindowsVirtualization.V2.mof That will parse through the MOF file and register it on the system leaving you with the nice screenshot below. You should now be able to use your local Hyper-V console to connect to the server and manage away. As with anything you find on the Internet use this at your own risk.  Just because it...

We have all come across it.  It's a problem as old as the computer itself.  Ever since those first few engineers sat around the PC and said, "Hey Frank, I can'y log in.  What's the password?"  I am of course talking about local admin passwords.  For what ever reason your local admin password will eventually leak out and when it does, it spreads quicker than rumors of free donuts in the break room. You may have combated this with a script that you run once a year that changes the local admin password.  The problem with this solution is that if a machine is turned off or remote then it won't get the script run against it.  You could put the script into a logon script but then your sticking a clear text version of the script onto your network somewhere. "Well, I just use GPO to deploy my passwords using Group Policy Preferences." I hear you say.  This I will agree was an excellent solution until https://technet.microsoft.com/en-us/library/se...

Trying to log into your fancy new exchange 2013 management page and it keeps showing you the old 2010 one?  There is a quick and dirty way around this.  Stick the version of the page you want to see in the address bar.  So if your exchange server is called mailsrv then you would open your browser and enter the following: https://mailsrv/ecp/?ExchClientVer=15 That will force the page to be the 2013 version and not that dirty old 2010 version. As with anything you get from the Internet, use the above at your own risk.  Just because it worked for me doesn't mean it will work for you.

While I appreciate Microsoft attempting to stop me from stubbing my virtual toe, sometimes they can be a little like the annoying, overbearing parent asking, "Are you sure you want to do that, Jimmy?" This is one of those times.  I am note sure what version this particular protective bubble came with, but either way it's annoying my users, and as a result, annoying me. I am talking about the warning The current webpage is trying to open a site in your Trusted sites list. Now asking me if I want to go from a site that isn't trusted to one that is seems a little odd, especially seeing as I am obviously attempting to get to a place that I feel is safer with it being added to my trusted sites. Now full disclosure here.  While this is annoying, it only actually pops up if a website that isn't trusted tries to redirect to one that is trusted with you the user having clicked on a specific link.  Even so, if a website I don't trust is trying to t...

This week's moment is brought to you by an organizational reorg, a group initiative to centralize certain aspects of IT, and the letters WTF. One of these aspects required my little branch of the organization to give up its Azure UPN suffix and hand it over to the mothership. Before we get into the hows, lets go over some configs.  First off, we are not using Exchange Online. If your email is in the cloud and is linked to via the AD Connector to Azure, then this won't work for you as part of the process is to remove all the users' email addresses.  Also in my environment, we were using the mail attribute in AD as the Azure UPN.  We were not using the userPrincipalName attribute.  If you are using this attribute then you should still be able to follow these steps.... roughly .  By that, I mean either follow them exactly which will end up with you using a different attribute to sync the UPN to Azure or follow it roughly and add a different UPN suffix to your d...