This section looks at what is new in the world of software (Operating Systems included) and how to take best advantage of what is out there.
The default graph options in PRTG (Setup > System Administration > User Interface) for extended periods of time (e.g. over 10 days) will display the average over a set period (e.g. 1 hour) – while this may be ideal for some data on occasion you may want to display the maximum or minimum value for the data over that period.
The example below shows just how much this can change the graphical representation of the data with the ‘max’ value when averaged as 48% while this climbs all the way to 53% when the graph purely displays the maximum values.
To change this display of data hop into the channel settings for the sensor and follow the screenshot guide below:
So after realising that my desktop PC has been running in BIOS mode (how 1970s and probably the result of multiple clones from HDD to 10k HDD, to 10k HDD in RAID0 to SSD and to another SSD) and with a free weekend I thought it was time to have a look at the MBR2GPT tool.
However in running the validate phase I was getting the error message:
Disk layout validation failed for disk 0
After following through a few red herrings on the internet I had a bit more of a dig into what the tool was up to and it appears that one of the first steps is to shrink the OS partition.
It appears that the fix is actually to preempt this and shrink the OS partition yourself (I reduced it by about 1GB – which made sense as one of the new partitions goes right in at the end of the disk), given these kinds of steps should only be performed by a person who knows what they are doing and understands the implications I won’t go into any detail as to how to do this other than providing the screenshot below.
Graylog is a brilliant (and Open Source) tool to easily capture logs from a variety of systems including good old fashioned syslog.
In the screenshot guide below you will learn how to use a set of extractors I constructed to parse out useful information from PAN NGFW syslog.
The link to the source files mentioned is: https://github.com/jamesfed/PANOSGraylogExtractor
For some time there have been plenty of examples of backing up Palo Alto Firewalls with curl commands (extracting the files using the XML API) however that may not sit well with some Windows administrators who want to use PowerShell. As such I’ve put together the BackupPANNGFWConfig repo on GitHub which contains the scripts to get ahold of the API keys needed and then to perform the backups for a series of firewalls.
To get the scripts drop by the link below and for the configuration see the screenshot sequences in this post. You will need a basic understanding of Palo Alto Firewalls, PowerShell and Windows Server to work through these steps.
Super important note, this script is configured to use a TLS1.2 connection to the firewall as well as only allow connections to a firewall with a trusted security certificate – if you jump on the web management interface of the firewalls from the server that you are running the script from you should see the ‘secure’ padlock icon in the address bar.
Bit of a crazy issue when deploying a new Ruckus wireless network – in first suspecting an issue with the controller software or perhaps some kind of access control list blocking traffic it turns out that the default Windows Firewall rule for allowing NPS traffic is broken in some fashion.
Having tried this (and it working fine) on Windows Server 2012 R2/2016 it really does appear to be isolated to Server 2019.
Discovering this came about with a few traffic captures combined with the wonderful NTRadPing tool. The fix is to manually create the rule, see the screenshots below on how to do this.
While iterating through an issue with our Ruckus SmartZone (with Ruckus R510 Access Points) controllers I was looking for a way to see when the Access Points had applied the new configuration; lone behold it’s quite easily done through both the CLI and the GUI.
Anyone who has used the new SmartZone controllers will know all too well that’s it’s not the fastest GUI to work with – thus if you have the option I’d suggest you go with the CLI method which is very responsive (and much more consistent!).
Via the CLI
Via the GUI
For a little while now we’ve had issues with the uniFLOW Server service (version 5.3) not starting in a timely fashion (2hrs+).
After a harrowing tale of working with their support going in circles looking at issues with SQL Server and suchlike we worked out that the issue seemed to be caused by stale files at ‘C:\Program Files (x86)\Common Files\NT-ware Shared\ActiveJobs’ some of which were many months old or 0KB in size.
Ultimately the solution was to stop the Uniflow Service (force quit it using Task Manager if it’s still in a broken ‘starting’ state) and then delete the contents of that folder with the exception of the readme_activejobsfolder.txt file (which mentions that you shouldn’t do anything to these files!) and then start the uniFLOW Service service (which started up in a few minutes).
While provisioning some new Ruckus R510 WAPs onto our SmartZone 100 (126.96.36.199.675) we’ve had a number of cases where the WAPs will reboot for their firmware update but will not proceed beyond that point. In particular the PWR and CTL lights stay lit but the radio lights do not come on at all.
Looking in Access Points > Affected WAP > More > Tunnel Diagnostics (we’re using AP tunnelling) I note errors along the lines of
ifconfig: gre1: error fetching interface information: Device not found
cat: can’t open ‘/proc/rksgre/gre1/stats’: No such file or directory
cat: can’t open ‘/proc/rksgre/gre1/cache’: No such file or directory
cat: can’t open ‘/proc/rksgre/gre1/cfg’: No such file or directory
cat: can’t open ‘/sys/kernel/debug/qca-nss-drv/stats/*’: No such file or directory
The solution thus far has been pretty simple – factory reset the WAP by pressing and holding the RESET button in the back for 6+ seconds. It’ll go through a process of about 5-10 minutes and thus far have been coming back in a functional state.
Today I had the pleasure of presenting at the Oxford ICTF Conference on Multi-Factor Authentication and Password Stores with Smart Cards and YubiKeys, the video recording is online now here – https://youtu.be/WGtCxS2YFNA and the presentation can be downloaded through the link below.
Presentation.pdf (5.5 MiB, 1,378 hits)
Having recently changed from using PowerShell ISE to VS Code I’m still discovering all the super awesome new features of it (be sure to get a copy of the Keyboard shortcuts from this page – https://code.visualstudio.com/docs/getstarted/keybindings). To get started I’ve changed the default new file language to PowerShell (not that you can’t change it to anything else though!).
To do this follow the short guide in the screenshots adding in the line shown in the gist below.