On some 2008 R2 domain controllers that I manage I have noticed seveal events each week that are categorised as Error events, with the event 36887 & source Schannel.
The only information displayed is the message:
"The following fatal alert was received: 48."
Not much to see there, but when I expanded the Details section I found the Execution ProcessID matched up to the lsass.exe process ... so at least now we know we are dealing with the local security authentication server service ... and on a domain controller this means domain clients are also being authenticated via this service.
Some searching & I found a reference for the error numbers: http://msdn.microsoft.com/en-us/library/ff476074(VS.85).aspx
... so error number 48 is defined as TLS1_ALERT_UNKNOWN_CA & further searching * it appears that the best explanation of these messages appearing in the domain controller logs is that there are clients that are presenting certificates that are not recognised by the domain controllers. If this is the case, then it appears to be a bit extreme to log them as Error events on the domain controller ...
* http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/dae11f0b-2d90-4da6-8c5b-27bc236f6441
Thursday, January 12, 2012
Monday, December 12, 2011
Get all active leases on all DHCP servers
echo off
for /F "eol== tokens=7" %%d in ('netsh dhcp show server') do if NOT %%d==directory call :S1 %%d
GOTO :END
:S1
echo ============================================
echo Scopes on %2
echo ============================================
for /F "eol== tokens=1" %%i in ('netsh dhcp server \\%2 show scope') do if NOT %%i==Scope if NOT %%i==Total if NOT %%i==Command netsh dhcp server \\%2 scope %%i show clients 1
:END
Powershell one-liner to find large files
PS> get-childitem -Path "H:\MyPath" -recurse | ? { $_.GetType().Name -eq "FileInfo" } | where-Object {$_.Length -gt 134217728}| sort-Object -property length -Descending | export-csv -path "S:\LargeHFiles.csv"
134217728 is bytes, so 134217728/1024/1024 = 128Mb
How to digitally sign your powershell script
First open up the Certificates snap-in for your user account in MMC
Have a look in your Personal Certificates store to see if you have a Code Signing certificate - if not, import one if you have one from a trusted CA, or request one from the CA on your AD domain ... if a Code Signing certificate is not available you will need to get your CA to publish a Code Signing certificate template.
Once you have a Code signing cert in your Personal store:
Have a look in your Personal Certificates store to see if you have a Code Signing certificate - if not, import one if you have one from a trusted CA, or request one from the CA on your AD domain ... if a Code Signing certificate is not available you will need to get your CA to publish a Code Signing certificate template.
Once you have a Code signing cert in your Personal store:
PS>$cert=Get-ChildItem -Path cert:\CurrentUser\my -CodeSigningCert
PS>Set-AuthenticodeSignature -FilePath MyScript.ps1 -certificate $cert
How to find out all the active clients serviced by your DHCP server
At the cmd line:
--------------------------------------------------------------
In a script:
for /F "eol== tokens=1" %i in ('netsh dhcp server show scope') do if NOT %i==Scope if NOT %i==Total
if NOT %i==Command netsh dhcp server scope %i show clients 1
--------------------------------------------------------------
In a script:
for /F "eol== tokens=1" %%i in ('netsh dhcp server show scope') do if NOT %%i==Scope if NOT %%i==Total
if NOT %%i==Command netsh dhcp server scope %%i show clients 1
Friday, June 25, 2010
Powershell script to find large files
http://blogs.techrepublic.com.com/networking/?p=3098&tag=nl.e071
Powershell script to find large files
http://blogs.techrepublic.com.com/networking/?p=3098&tag=nl.e071
Subscribe to:
Posts (Atom)