Subscribe to " FACEITNET " Youtube channel for more interesting videos 

FaceITNet Youtube Channel

Windows 8.1 Update (KB2919355) is not applicable to your computer

Unable to install Windows 8.1 Update (KB2919355) on your server 2012R2 ( installing Sharepoint 2016) Even if you’ve enabled automatic update in Windows, you might find out that KB2919355 doesn’t appear in the list of available updates. 

If you download KB2919355 directly from Microsoft’s online website and then install it manually, Windows Update Standalone Installer will fail with the error message “The update is not applicable to your computer“.

So what we can do now???? 

What is KB2919355???

Windows 8.1 Update is a cumulative set of security updates, critical updates and updates. You must install Windows 8.1 Update to ensure that your computer can continue to receive future Windows Updates, including security updates. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

How to Install Windows 8.1 Update (KB2919355) Successfully?

In Windows Update window, click on the Check for updates link in the left pane. The search may take some time, depending on how many updates are waiting.

When the search is finished, click the link that says how many important updates are available.

In the list of available updates, select the update KB2919355, then click Install and you’re done! However, if the update KB2919355 doesn’t appear in the list of available updates, check ALL important updates and click Install.

After installing all available important updates, open your Web browse to download the Windows 8.1 Update from Microsoft’s website:

http://www.microsoft.com/en-us/download/details.aspx?id=42334

Now double-click on the update KB2919355 you’ve downloaded and it should be able to be installed successfully.

Installing  successfully, it would take time to finish as its even though Microsoft doesn't call its Service Pack but its a Service Pack....

Thanks 

Multi Tenant Email Server Configuration

Multi Tenant Email Server Configuration

In this tutorial I am going to explain how to host multiple email domains on one Domain controller and Exchange server. 

Say for example , A company have two Branches and they are namely Dandenong and Mulgrave. The company doesn't want to have common email address. They want to have emails specifically branches 

So the users in Dandenong will have their mail address as user@dande.mks.com.au and the user in Mulgrave will have user@mul.mks.com.au. We can do the same to even different domains , Lets see how we can do this...

First of all to do this we need to have UPN ( user principle names ) and OU ( organizational units ) to create emails and user account. Lets see how we can do this 

Create OUs

1.    . Navigated to ‘Active Directory Users and Computers’ and created OUs for Dandenong and Mulgrave:

2.    Created two users in each OU, Mulgrave One and Two for the Mulgrave OU, and Dandenong One and Two for the Dandenong OU:

       Create UPNs: 

       Navigated to ‘Active Directory Domains and Trusts’:

           Right-clicked ‘Active Directory Domains and Trusts’ and selected ‘Properties’. Added ‘mulgrave.mks.com’ and ‘dandenong.mks.com’ as alternate UPN suffixes and clicked ‘Apply’ and ‘OK’:

       On the Exchange server : 

   Navigated to ‘Accepted Domains’ and added the        ‘dandenong.mks.com’ and 'Mulgrave.mks.com' UPN as an accepted        domain on the Exchange server:

Create Email Policy     

Navigated to the Exchange Administration Centre, and went to ‘Mail Flow > Email Address Policies’:

     Under ‘Email Address Format’, changed the address format to      ‘dandenong.mks.com’

Under ‘Apply to’, added a new rule and selected ‘Recipient Container’. Selected the previously created ‘Dandenong’ OU and clicked ‘Save’

Created a new email policy named ‘Mulgrave’ and repeated Steps for the ‘Mulgrave’ OU:

Created Users Email

     Navigated to ‘Recipients’ on the Exchange Admin Centre and added the Dandenong One, Dandenong Two, Mulgrave One and Mulgrave Two users from the OUs previous created:

   Noted that each user had the proper sub-domain applied as their email address, so the Email Policies had been applied successfully:

** Thanks Tim Rees  **

Configuring VoIP Basic level Packet Tracer

Configuring VoIP  Basic level Packet Tracer

Cisco Unified Call Manager Express to configure a basic VoIP. 

So the first thing to be done is to configure the IP address of the router:

Router>enable

Router#configure terminal

Router(config)#interface FastEthernet0/0

Router(config-if)#ip address 192.168.100.1 255.255.255.0

Router(config-if)#no shutdown

A DHCP server is used to assign IP addresses to the IP Phones.

A TFTP server is used to allow the phones to get the firmware and certain configurations files from the router, this is done by the option 150 of the DHCP.

Router(config)#ip dhcp pool VOICE

Router(dhcp-config)#network 192.168.100.0 255.255.255.0

Router(dhcp-config)#default-router 192.168.100.1

Router(dhcp-config)#option 150 ip 192.168.100.1

Next step to do is to configure the Call Manager Express itself on the router

Router(config)#telephony-service

Router(config-telephony)#max-dn 5

Router(config-telephony)#max-ephones 5

Router(config-telephony)#ip source-address 192.168.100.1 port 2000

Router(config-telephony)#auto assign 1 to 5

1. Enters to the telephony services, if you don't have the telephony-service you have to enable by      typing the following in 2911 serious router. 

Note: license boot module c2900 technology-package uck9 

2. max number of phone lines

3. max number of telephones

4. The IP of the router, this is where the telephones will be registered and the source address where is running the DHCP and TFTP services, which will be the router itself. And the port used for the phones, the default one is 2000

5. This is to automatically register the phones, on this case is from phone 1 to 5 

Router(config)#ephone-dn 1

Router(config-ephone-dn)#number 100

Router(config)#ephone-dn 2

Router(config-ephone-dn)#number 200

Router(config)#ephone-dn 3

Router(config-ephone-dn)#number 300

Router(config)#ephone-dn 4

Router(config-ephone-dn)#number 400

Router(config)#ephone-dn 5

Router(config-ephone-dn)#number 500

We have configured 5 max IP Phones, so we will configure 5 max numbers for the line, 

Now thats all on the router, we have to configure the switch to access Voice VLAN. 

Switch(config)#int range fastEthernet 0/2-3

Switch(config-if-range)#switchport mode access

Switch(config-if-range)#switchport voice vlan 1

Interface 1 I have configured as Trunk interface 

Switch ( config) #int fastEthernet 0 /1

Switch(config-if)#switchport mode trunk 

If the encapsulation is Dot1q then just leave it as it is

That is all , now we must have our Phones configured with the numbers we have configured above 

 

Configure SSH access on a CISCO Router

Configure SSH access on a CISCO Router

There is only a way to access a cisco device physically is Console access ( of course we have USB now). But what if we have the Router or Switch in a remote location? 

We have to use Telnet to access the Router but Telnet is not a secure way of communication as the Username and Password transmit plane text format, Which is easy to capture the credentials. So we have to have a secure way of accessing the remote devices. This is where SSH comes in. SSH is a secure way of remote access with RSA encryption. Lets see how we can do configure SSH on a CISCO device

Login to the Router using console or Telnet and configure the following 

first we need to Configure the Basic configurations. 

1.Set hostname and domain-name

   Router>Enable

   Router#configure Terminal

   Router(Config)#hostname lab5

   Lab5(config)#ip domain-name lab5.com

   Lab5(config)#enable secret cisco123

   Lab5(config)#username XXXX privilege 15 secret XXXX

Now we have to configure RSA , if we use version 2 then we have to use 512 or above bits of encryption.

2.Generate the RSA Keys

   Router(config)#crypto key generate rsa

The name for the keys will be: lab5.com
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

3.Next setup VTY line 

Lab5(config)#line vty 0 4

Lab5(config-line)#login local

Lab5(config-line)#transport input ssh

4. Setup IP

Lab5(Config)# int g0/1

Lab5(Config-if)#ip add 192.168.100.1 255.255.255.0

Lab5(Config-if)#no shutdown

Thats all , Use the Putty or CMD to connect your Router

In CMD use SSH  -l Username IPaddress

How to configure and install self signed digital certificate on Exchange server 2013( No Certificate Authority )

How to configure and install self signed digital certificate on Exchange server 2013( No Certificate Authority ) 

After successfully installed exchange server every time when we go to OWA or ECP we could notice that it  says certificate error .

Here is how we can fix it..

First login to Exchange ECP and go to server and click Certificate

Click on the + and create new certificate

Make sure you have to select option two ( Create a self-signed certificate) and enter the friendly name.

Then on the next screen specify the server where you want to apply this certificate , In my case i will install on my mail server WIN2k12MAIL

Now click next and Specify the Domains you want to include, Click on Pencil and add the names...

Here i am adding for both intranet and Internet



Click Ok and move on to confirmation page

Click Finish, that is all we have created a new certificate

Click on the newly created certificate and assign the services, here i have assigned to IMAP and POP

Now we need to tell our IIS server to use this certificate to email server web request to do that, Go to IIS server

Go to Sites and then click default web sites
 
Click Add

Select HTTPS as Type and give your host name and then select the newly created certificate on the drop down menu. Then click ok and also restart the web service..
Now go to Exchange web access and you will still see the certificate error, Click on the certificate and install to Trust root..

Click install certificate

Select Local computer and select Trusted root


That is all close the web browser and reopen you should see the following screen now


Click on the Lock icon on the web browser and open the certificate , Subject alternative names

You can see the given domain names are there...

Thanks

Configure Audit Logon Events Policy in a GPO

Configure Audit Logon Events Policy in a GPO

Step by Step Guide

1)   Log on to Domain Controller with an account that has Administrator rights.    Ensure that the Group Policy snap-in is installed.

2)   Press “Win + R”, type gpedit.msc and press the Enter button to open Windows Group Policy Editor.

3)  Once you are in the Group Policy Editor, navigate to “Computer Configuration Windows Settings -> Security Settings -> Local Policies” and then select “Audit Policy” in the left pane.

     

4) Once the Window is opened, select both the check boxes “Success” and “Failure.” Now click on the “Apply” and “Ok” buttons to save the changes.

5) Once its Done go to event viewer and Check under Security....

How to configure Windows Event Log Forwarding

In a small and medium level business your budged will not allow you to buy and run a dedicated event reader. Since these days business depend on multiple servers and services its not easy for a system administrator to read all the events separately  on the servers. 

For this kind of situations Microsoft introduced Event Forwarding. Event Forwarding allows administrators to get events from remote computers, also called source computers or forwarding computers and store them on a central server; the collector computer.

Events can be transferred from the forwarding computers to the collector computer in one of two ways:

Collector initiated – Using this method, the collector will contact the source computers (clients) and ask them for any events they might have. The minimum operating system level required on the source computers is Windows XP SP2 with minimum Windows Remote Management 1.1 installed.

Source initiated – By using this method the clients or forwarders transfer events to the collector as required. Systems like Windows Vista, Windows 7, Windows Server 2008/R2 and Windows Server 2012/R2 can be Event Collectors, but this feature is not supported for down-level operating systems. Even tough there are no limitations when a client operating system is used as an Event Collector, a server platform is recommended since will scale much better in high volume scenarios.

(http://www.vkernel.ro/blog/how-to-configure-windows-event-log-forwarding)

Configuring event forwarding collector initiated subscriptions ( Step by Steps ) 

Let’s start by enabling WinRM on the Event Forwarders machines (the clients); and we have two choices here: we either use Group Policy to enable WinRM or we do it manually by issuing the bellow command on a client by client basis:

In my Example i have used WIN2K12MAIL as client.

winrm qc

If your clients are running Windows server 2012 and above, WinRM it’s enabled by default on them, but just to be sure, you can check the configuration using the bellow command line:

winrm get winrm/config

Now that WinRM it’s enabled on all our Event Forwarder computers
Now we have to configure Collector computer rights to read the logs from this computers
We can use the Event Collector computer account itself for authentication, or we can create a user account in Active Directory and use that
I have created an account called eventforwarder and added this to the default Event Log Readers Group.
Creating new user eventforwarder 
 

Adding eventforwarder to default Event Log Readers Group




The next step is to enable and start the event collector service on the collector machine, so i have logged in to WIN2k12DC server and issue the bellow command:



wecutil qc



Continue and if its Success let’s move forward and create a subscription on the collector computer which “tells” this one for what type of event logs to look for and collect from the forwarder computers
GO to Event Viewer and Right click on Subscription, Create new Subscription

Now click the Collector initiated radio button then hit Select Computers to add the source computers/forwarders from which the collector will pull the events

Now we have to select what events we wants to receive, so click on  Select Events button

The last step to make this work is to configure the account used by the collector machine to connect to clients. We already added this account to the local Event Log Readers group on every forwarder, so we should not have access problems.
Click the Specific User button, provide the account and credentials and click OK, then move down to the Event Delivery Optimization section where we have three options:
Normal This option ensures reliable delivery of events and does not attempt to conserve bandwidth.It gets the events every 15 minutes by using a pull delivery mode.
Minimize Bandwidth – This option ensures that the use of network bandwidth for event delivery is strictly controlled.
It uses push delivery mode and it uses a heartbeat interval of 6 hours.
Minimize Latency – This option ensures that events are delivered with minimal delay. It is an appropriate choice if you are collecting alerts or critical events. It uses push delivery mode every of 30 seconds.
I have done this way but it didn't work, Access Denied , So i have changed the User access to 
Administrator and it worked ..
Didn't work 

The one worked 

Now i can see the Forwarder is been added 

After ~10 minutes or less, depending on how you configured the Event Delivery Optimization options, logs should start coming in


That is all. Its working ...