Kemp Load Master – SAML via OKTA with KCD to Microsoft Exchange OWA (Outlook Web Access)

The Kemp Load Master allows for the configuration of authentication offloading to itself (from the Microsoft Exchange server supporting Kerberos) to allow for the Kemp Load Master to act as a sP (Service Provider) against an IdP (Identity Provider) for example OKTA. The use of SAML via OKTA allows for any SAML (and Kerberos KCD […]

More...

Active Directory Certificate Services (ADCS) PKI Domain Admin Vulnerability

Microsoft have published a vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 which allows an attacker to use the NTLM authentications to begin an attack chain to make an unauthenticated NTLM connection that is then relayed to allow a connection to the Active Directory Certificate Services (ADCS), this assuming the auto-enrollment is enabled means that an attacker can make a request […]

More...

Dell Openmanage DNS Records for Server Initiated Discovery (with Microsoft DNS)

OpenManage Enterprise version 3.4 allows automatic discovery of servers that have iDRAC firmware version 4.00.00.00 or later. The appliance can be configured to allow these servers to automatically locate the console by querying the DNS and initiate their discovery. The instructions (and this) give the use of the TUI or manual creation for Dell Openmanage […]

More...

Leaky Print Spooler Vulnerability (CVE-2021-1675)

So it appears that there is a vulnerability identified in Microsoft Windows machines running Active Directory, this is covered on the Register: https://www.theregister.com/2021/06/30/windows_print_spool_vuln_rce/ Until you patch this you can just disable the “Printer Spooler” service on your Domain Controllers and well to be honest you don’t need this running on the Domain Controller anyway. Edit: […]

More...

Exchange 2010 – Can’t Delete Mailbox Database

While doing some housekeeping on an Exchange 2010 server, I needed to delete a mailbox database but couldn’t getting the error shown below: PROBLEM: The mailbox database ‘Mailbox Database 2 G-L’ cannot be deleted. Mailbox Database 2 G-L Failed Error:This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To […]

More...

Exchange 2010 Restoration fails with: ROP Error: 0x80070057 Error: MapiExceptionInvalidParameter: Unable to modify table.

A colleague had a problem when attempting a restore a mailbox, this error was generated: Error: MapiExceptionInvalidParameter: Unable to modify table. (hr=0x80070057, ec=-2147024809) Diagnostic context: Lid: 55847 EMSMDBPOOL.EcPoolSessionDoRpc called [length=228] Lid: 43559 EMSMDBPOOL.EcPoolSessionDoRpc returned [ec=0x0][length=348][latency=15] Lid: 23226 — ROP Parse Start — Lid: 27962 ROP: ropModifyRules [65] Lid: 17082 ROP Error: 0x80070057 Lid: 27745 Lid: […]

More...

Check if two domain controllers are in-sync

PROBLEM: You need to check if two domain controllers are in sync with each other. SOLUTION: To do this you need to understand a bit about how Active Directory reports if a domain controller replication is in sync. There is something called a UTDV up-to-dateness vector that is basically a number representing what the domain […]

More...

Exchange 2013 – What does good mailflow look like?

You’ll probably find yourself using the message tracking logs to find if an email has gone missing. But what should a normal working mail transaction look like? Well below shows it, where the mailboxes are stored on the same server. EventId Source Sender Recipients MessageSubject NOTIFY STOREDRIVER {} RECEIVE STOREDRIVER fred@sender.com {bob@receive.com} Hello! SUBMIT STOREDRIVER […]

More...