Workaround solution to fix “Windows failed to apply the Deployed Printer Connections settings” issue

November 24, 2021

Last year, Microsoft released the patch for “Windows Print Spooler Remote Code Execution Vulnerability” (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481), then Deployment Printers stopped working with the new profile. I still do not know why it will take a long time since July last year to permanently fix the issue.

Windows 10 clients cannot find our printers on Control Panel and access the printers with the “Operation failed with error 0x0000011b”.

Below is a workaround solution to fix the issue.

Create a new Dword-32 entry is RpcAuthnLevelPrivacyEnabled with its value is 0 as the following screenshot.

HKLM\SYSTEM\CurrentControlSet\Control\Print
RpcAuthnLevelPrivacyEnabled = 0

Go to Printer GPO – Computer setting – Administrative Templates – Printers – Point and Print Restrictions. Add a couple of pieces of information like the screenshot below.

Restart Windows clients, we can see our printers are showing up.

Force installing Windows updates via PowerShell PSWindowUpdates

November 12, 2021

F_PSWindowsUpdates.PS1 is shared on \\DC1\Shared

# This is PowerShell script to force on installing Windows Updates via PSWindowsUpdate on Windows machines
# https://www.powershellgallery.com/packages/PSWindowsUpdate/2.2.0.2
# It is created on 2021-10-21
# Allow PowerShell to be run on Windows machines with PSWindowsUpdate module
Set-ExecutionPolicy RemoteSigned
# Installs everything (newest version) along with required modules.
Install-Module PSWindowsUpdate
# Import Module PSWindowsUpdate before running the script
Import-Module -Name PSWindowsUpdate
# Force Windows updates are completely downloaded, installed and then restarted. Will check if we have a WSUS server
Install-WindowsUpdate -AcceptAll -AutoReboot
# Send an email after running PSWindowsUpdate command
# Will send email if the last previous command is successful.
if ($? -eq $True){
        # Use this command for TLS requirement
        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
        # Get machine name
        $machinename = get-content env:computername
        # Get current date and time
        $currentdate = get-date
        # Get current date and time
        $currentdate = get-date
        # SMTP server of Xyz.com</p>
        $SMTP = "smtp-mail.xyz.com"
        # Mail from<
        $From = "youremail@xyz.com"
        # Rcpt to
        $To = "youremail@xyz.com"# Subject line
        $Subject = "Windows updates on $cname"
        # Email body
        $Body = "Finising running Windows updates on $machinename on $currentdate"
        #Create a connection to SMTP Outlook via the port 587</p>
        $Email = New-Object Net.Mail.SmtpClient($SMTP, 587)
        # Enable SSL for the connection
        Email.EnableSsl = $true
        #Log in to xyz mail server with your credential
        $Email.Credentials = New-Object System.Net.NetworkCredential("youremail@xyz.com", "yourpassword");
        # Send email syntax
        $Email.Send($From, $To, $Subject, $Body)
}

Assign this script on Task Scheduler.

Install a Proxmox cluster

November 11, 2021

Below is a lab to create a Proxmox cluster.

Node1: pve01.linuxlab.local – 192.168.5.19

Node2: proxmox02.linuxlab.local – 192.168.5.21

Node3: proxmox03.linuxlab.local – 192.168.5.22

Step #1 Check hostname, date and /etc/hosts

192.168.5.19 pve01.linuxlab.local pve01
192.168.5.21 pve02.linuxlab.local pve02
192.168.5.22 pve03.linuxlab.local pve03

ping pve01
ping pve02
ping pve03

Creating Cluster via Proxmox GUI interface.

Click on Datacenter | Cluster | Create Cluster

Click on Copy information.

Install a LinuxMint VM on Proxmox node 3.

Install Proxmox on Virtualbox (Nested VT-x)

November 7, 2021

Proxmox Virtual Environment is an open-source server virtualization management solution based on QEMU/KVM and LXC. It is an affordable virtualization solution for small businesses

Create a new Linux VM on Virtualbox to install Proxmox. Click the link below to download Proxmox VE 7.1 ISO Installer, then mount the iso to the VM to install Proxmox.

https://www.proxmox.com/en/downloads/category/iso-images-pve

To enable “Nested VT-x/AMD-V” function on Proxmox, open a terminal console and type the command below.

VBoxManage -nologo list vms
vboxmanage modifyvm "Virtual machine name of Proxmox" –nested-hw-virt on
vboxmanage modifyvm "proxmox1" --nested-hw-virt on
vboxmanage modifyvm "proxmox2" --nested-hw-virt on
vboxmanage modifyvm "proxmox3" --nested-hw-virt on

After installing Proxmox, open any web browser (such as Firefox on LinuxMint), access Proxmox web management interface (https://IPaddressofProxmox:8006).

Upload source installation such as LinuxMint, Windows OS iso files to install Linux and MS Windows VMs.

Create and install a Linux machine on Proxmox server.

LinuxMint VM can ping google.ca.

Typing keyword in VirtualBox VM is very slow and lag on MacOS Monterey

October 21, 2021

Below is a workaround solution to fix VirtualBox issue is running in MacOS Monterey.

Open Terminal.

sudo nano /Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/Info.plist

Changed the following parameter from true to false: <key>NSHighResolutionCapable</key> <false/>

Saved the file, reopen VirtualBox. We can see typing keyword in Virtualbox VM is faster than before.

Create a Global Protect VPN on Palo Alto

October 20, 2021

This is a lab to use for deploying Global Protect VPN on PA.

Create an authentication profile.

Assign user to this profile.

Configure Global Protect.

Create a new tunnel (tunnel 2) for GLobal Protect.

Configure Global Protect Portal.

Define my Gateway.

Create a new tunnel (tunnel2) for Global Protect.

Configure security policy to allow traffic from VPN to trusted zone and vice versa.

Enable “User Authentication ACL” setting on the untrusted zone.

Access global protect VPN from a Windows client.

Ping a Windows machine on a trusted (inside) network.

Access Global Protect from Kali Linux.

Download Global Protect (.tgz) file, then extract the file, and install the program.

Basic setup on Palo Alto

October 7, 2021

Basic setup on Palo Alto.

admin@PA-VM> configure
admin@PA-VM# set deviceconfig system type static
admin@PA-VM# set deviceconfig system 192.168.1.1 netmask 255.255.255.0
admin@PA-VM# set deviceconfig system ip-address 192.168.1.1 netmask 255.255.255.0
admin@PA-VM# commit

Assign an IP address for the E1/1 interface.

Assign DHCP IP address on E1/2 interface.

Create a virtual Router on PA.

Create an internal DHCP server on PA.

Create a basic rule on PA.

Create a SNAT rule on PA.

Monitor PA.

Use Ansible to automatically insert CME configuration on CME Routers

October 5, 2021

+ Step #1

Install Ubuntu version to work with SSHv2 and ansible 2.9.

Test SSH connection on both CME Routers

Check the configuration on R2/R3.

R3 does not have any CIPC registered directory number.

+ Step #2:

Create ansible.cfg, hosts file and ansible yaml file to insert configuration on R3

tung@tung-VirtualBox:~/Documents/Ansible$ cat tung.yml

---

- name: Manage Cisco Router CME devices

  hosts: r1

  gather_facts: false

  connection: local

  vars:

    cli:

      username: admin

      password: cisco

  tasks:

    - name: Configure Ephone-dn on R2

      ios_config:

        provider: "{{ cli }}"

        authorize: yes

        parents: ephone-dn  1

        lines:

          - number 1111

          - name tungle1-1111

          - hold-alert 30 originator

    - name: Configure Ephone-dn on R2

      ios_config:

        provider: "{{ cli }}"

        authorize: yes

        parents: ephone-dn  2

        lines:

          - number 1112

          - name tungle1-1112

          - hold-alert 30 originator

    - name: Configure Ephone number on R2

      ios_config:

        provider: "{{ cli }}"

        authorize: yes

        parents: ephone  1

        lines:

          - mac-address 0800.AAAA.28C0

          - username "tungle1-1111" password Pa$$w0rd

          - type CIPC

          - button  1:1

    - name: Configure Ephone number on R2

      ios_config:

        provider: "{{ cli }}"

        authorize: yes

        parents: ephone  2

        lines:

          - mac-address 0800.BBBB.1234

          - username "tungle1-1112" password Pa$$w0rd

          - type CIPC

          - button  1:2

      register: print_output -  debug: var=print_output

tung@tung-VirtualBox:~/Documents/Ansible$ cat ansible.cfg

[defaults]

inventory = ./hosts

host_key_checking = false

deprecation_warnings=False

timeout = 5

Run ansible-playbook

tung@tung-VirtualBox:~/Documents/Ansible$ ansible-playbook tung.yml

Check on CME Router

CIPCs have been registered successfully via Ansible

Configure HA on Cisco CME

September 30, 2021

This is a topology for this lab.

On Cisco CME R1 and R2:

+ On R1:

Configure secondary Cisco CME on the IP address 192.168.5.251 and register CIPC phone on Cisco CME R1 with DN is 1111

“ip source-address 192.168.5.250 port 2000 secondary 192.168.5.251 “

+ On R2:

Configure secondary Cisco CME on the IP address 192.168.5.250

“ip source-address 192.168.5.251 port 2000 secondary 192.168.5.250 “

telephony-service

max-ephones 2

max-dn 25

ip source-address 192.168.5.251 port 2000 secondary 192.168.5.250

system message TUNGLEVoIP

max-conferences 4 gain -6

web admin system name admin password Pa$$w0rd

dn-webedit

time-webedit

transfer-system full-consult

create cnf-files version-stamp Jan 01 2002 00:00:00

+ Next, configure CIPC softphone on Windows VM.

TFTP server 1: 192.168.5.210

TFTP server 2: 192.168.5.251

+ Shutdown R1 (192.168.5.250)

The phone has been switched to successfully register on CME R2.

Install TP-Link AC600 Archer T2U Plus WiFi USB Adapter In LinuxMint

September 15, 2021

It is capable to provide 433 Mbps speed on 5GHz with a dual USB adapter by using this adapter.

Install TP-Link AC600 Archer T2U Nano on LinuxMint.

sudo apt install dkms git build-essential libelf-dev linux-headers-$(uname -r)
# Cloning into 'rtl8812au'
git clone https://github.com/aircrack-ng/rtl8812au.git
cd rtl8812au/
sudo make dkms_install

Unplug the TP-Link Archer T2U Plus adapter and plug it in again. The LED will start to blink. Verify the driver has been installed successfully.

sudo dkms status

Then setup your new wireless USB adapter device.

Tung Le

Cloud. Virtualization. PowerShell. Automation. Network. Security