Cyber Security: Installing Microsoft Advanced Threat Analytics (ATA) version 1.8


Microsoft Advanced Threat Analytics (ATA) is a platform that enables you to protect your infrastructure from cyber attacks. ATA is using a parsing engine to capture network traffic of protocols such as Kerberos. It monitors authentication and authorization. This can be done with port mirroring from Domain Controllers and other important computers. You can also deploy ATA directly on Domain Controllers which is called ATA Lightweight Gateway.

You can check the original post, via Cyber Security: Installing Microsoft Advanced Threat Analytics (ATA) version 1.8

Advertisements

Error (0x0107, 0x0000) when trying to view a VM Console


Very Useful…

CroftComputers

I wanted to create a quick post about this just in case anyone else ever has a (0x0107, 0x0000) message when trying to view a VMs console session using VMM 2012.

Capture

This happens when you have a untrusted Hyper-V host in VMM 2012 such as a machine sitting in your DMZ (perimeter host). You will be able to see the Hyper-V host, the VMs and manage the VM properties but not connect to the console. When you try to connect to the VM you will be asked to authenticate against the host and then you will see a warning about an un trusted certificate and once you click OK you will receive the (0x0107, 0x0000) message.

RDP

To resolve this issue you need to import the certificate from the Hyper-V host onto the machine where you are running the VMM console.

Logon to your Hyper-V Server and create a new MMC…

View original post 153 more words

Volume Shadow Copy error after deleting an Unused SharePoint Service Account


My SharePoint Experiences

Recently, I deleted an Unused SharePoint Service Account in AD after figuring out we were not using that service account for any Service in SharePoint. This service account was also local admin on the server.  As I did this I could not start the Volume Shadow copy service and whenever I try to start it I would get initiation error message and the application log would have the following error

Event Type:    Error
Event Source:    VSS
Event Category:    None
Event ID:    12289
Date:        6/23/2009
Time:        8:59:06 AM
User:        N/A
Computer:    ServerName
Description:
Volume Shadow Copy Service error: Unexpected error LookupAccountName( NULL, [ServiceAccountName], NULL, p, NULL, p, p).  hr = 0x800706fc.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:

Blah blah Blah…..

I tried rebooting the server, same error reappeared.

I was not able open the tab Shadow Copies  from properties of any disk drive…

View original post 118 more words

Using Windows PowerShell to fix a broken Secure Channel and reset the computer account


When a computer joins a domain, a computer account is created in AD. The computer account gets its own password that will expire after 30 days (default). When the password expires, the computer itself will initiate a password change with a DC in its domain.

When the computer starts up, it uses this password to create a secure channel (SC) with a DC. The computer will request to sign all traffic that passes the SC. If a DC says “go ahead”, all traffic that is signed passes through this channel.

Traffic like NTLM pass through authentication is typically signed traffic.

So what happens if there is a mismatch between the computer account password? The computer tries to authenticate, but the DC says this is not the correct password.

The SC is down.

To reset the SC between a computer and a DC:

Open PowerShell on the local computer with the broken SC and run the cmdlet:

Test-ComputerSecureChannel -repair -credential (Get-credential)

Source: Using Windows PowerShell to fix a broken Secure Channel and reset the computer account