Set-Up
This section describes how the system was initially set up

Base Deployment
The base system was deployed from the AWS Debian image, upgraded to Debian 11 (Bullseye)

The AWS instance needs an elastic IP

You will also need to choose an IP range for the DMVPN tunnels. In the example below, we have used 10.255.193.x

You will also need to choos an IP range for wireguard tunnels. In the example below, we have used 10.255.192.x

We also deployed the google authenticator SSH-Google-Authentictor package for remote access

I have recently run into a number of situations where a domain controller develops an issue with issuing Kerberos keys, resulting in Event ID 4 from Security-Kerberos with the text "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ..."

The solution for me was found in this article:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/r…

The steps followed are:

On the broken DC, run the following:

Starting from Server 2016, you can change the installed edition of windows by running the following:

DISM /online /Set-Edition:edition ID /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

The editions can be serverDatacenter or serverStandard, but this can only be used to upgrade to a higher edition (e.g. standard->datacenter).

If you have KMS set up, you can use the following keys:

If AAD connect creates a second Office 365 account, you can fix this up with the following steps:

Move user outside sync scope in AD
On the machine that has AAD connect installed, run delta sync

Start-ADSyncSyncCycle -PolicyType Delta


Confirm that duplicate account is gone from the Office 365 admin centre

On a domain controller run the following to get the anchor GUID:

[system.convert]::ToBase64String(((get-aduser ).Objectguid).tobytearray())


If an organisation has AADSync set up without exchange hybrid sync, it is possible for a user to have mailboxes both in Office 365 and on-premises. Assuming that there is no mail in Office 365, the following powershell will clean up the old attributes.

Note: if anything uses the Office 365 mailbox (e.g. Teams person to person chat), this data will be lost.

From https://pleasework.robbievance.net/howto-force-really-wsus-clients-to-c…


$updateSession = new-object -com "Microsoft.Update.Session"; $updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates
wuauclt /reportnow


BTRFS and XFS support reflinks, where a userspace program can deduplicate data by telling the filesystem to point a block of data within one file to an existing block of data. The filesystem then makes sure that if the data is updated in one of the files, it makes a copy and does not update both files.

https://strugglers.net/~andy/blog/2017/01/10/xfs-reflinks-and-deduplica…

Today I needed to recover a windows server that would not boot, and was getting a stop error. It had been converted from VMWare to HyperV, and the boot devices were not loading.

The fix was as follows:

The following function can be created to dyanmically create a number list in SQL:

In order to replace a predicitve failed drive without triggering a rebuild onto the hot spare and then a copy back, use the following procedure:
(this example is replacing the drive in slot 84:4 on adapter 0)