VMware vCenter Server 6.7 Update 3 can TLS in SMTP (STARTTLS)

Working with vCenter Server for a long time, recently in a first time I faced with the need to use secure SMTP session by TLS. And I was confused when I found that it not supported (in 2019!) - https://kb.vmware.com/s/article/2063147
I opened the ticket in VMware support and they said that it works in the latest updates, but the article still not updated.

I tested it on VMware vCenter Server 6.7 Update 3 (14367737) and it really works!

Powershell script: Outlook To Exchange connection test

Outlook can lose connection with Exchange for various reasons and even if it happened once, it still can impact the business. To help administrators identify the core of an issue I wrote this Powershell script.
The script is designed for Outlook 2013-2019 clients that connected to Exchange 2016-2019 by "MAPI over HTTP" protocol.
Before start the script change two variables:
$Exchange = "exchange.test.local"
$SMTPDomain = "test.local"
The result is presented as an HTML page.

Windows 10 - Recovery / Error code 0xc0000185 / BCD / BitLocker

Recently I suddenly (I thought so) faced with a problem of booting my PC. Windows 10 (LTSB 1607) can't start and shows Recovery blue screen with an error "Your PC needs to be repaired. File: 0xc0000185\EFI\MICROSOFT\BOOT\BCD. Error code: 0xc0000185".

None of the tips from the Internet (e.g. http://www.pcerror-fix.com/solved-windows-10-boot-configuration-data-error-code-0xc0000185) didn't help me (there was no recovery point; bootrec doesn't identified Windows Installation).

VMware vSphere: comparison of Paravirtual and LSI SCSI adapters

You may know that VMware vSphere offers several types of SCSI adapters for virtual machines depending on the OS. The main types are "LSI Logic SAS" and "VMware Paravirtual". There are a lot of articles on this topic (e.g. https://blogs.vmware.com/vsphere/2014/02/vscsi-controller-choose-performance.html). But the real comparison of the performance I saw once, but it's a bit outdated (ESXi 5.0 and Windows Server 2008R2).

Therefore, I did my tests (although not on the latest versions of OS) and compare IOPS, Latency and CPU usage. As a load generator used IO meter 1.1.0.

Outlook 2013/2016: How Microsoft Outlook (MAPI over HTTP) works with network delays

A long time ago I read an article of Neil Johnson on TechNet about research on the effects of network latency and different Outlook operating modes (Online, RPC/HTTP, Cached).
Since then, it took 8 years, changed several generations of server client applications and most important is that Exchange now use newest "MAPI over HTTP" protocol. I propose to do several tests to check what has changed during this time.

As a generator of interference on the network, I used a simple, but very functional tool - http://jagt.github.io/clumsy/.

Test your connection to BlackBerry NOC/Cloud Servers

The BlackBerry UEM system administrator (BlackBerry Proxy & Control) periodically faced with situations when part or all of the BlackBerry Work clients cannot connect to their mailboxes / calendars. The reason may be on BlackBerry servers, an ISP or in home WiFi router.
To identify issues on the client side, I decided to write a PowerShell script that checks the availability of the main components that necessary for BlackBerry Work.

The script has several settings that determine which types of servers need to be checked. You can also change the server list.

The list of settings:
$country = "us"                                                            # <<<<<< 'ca' = Canada | 'ru' = Russia | 'us' = United States only (US)
$ShowBlocking = "no"                                                       # <<<<<< Set 'yes' if you want to check blocking IP and domain in Russia.
$ShowPush = "no"                                                           # <<<<<< Set 'yes' if you want to see Push Notification servers (a lot).
$ShowCloud = "yes"                                                         # <<<<<< Set 'yes' if you want to see BlackBerry UEM Cloud servers.
$ShowDirectConnect = "no"                                                  # <<<<<< Set 'yes' if you want to set dedicated BlackBerry Direct Connect servers.
$ShowBlackberryConnectivityNode = "yes"                                    # <<<<<< Set 'yes' if you want to see BlackBerry Connectivity Nodes.
$ShowBlackberrySite = "yes"                                                # <<<<<< Set 'yes' if you want to see BlackBerry site.
$ShowBEMS = "yes"                                                          # <<<<<< Set 'yes' if you want to see which serevers needed for BlackBerry Enterprise Mobility Server (BEMS).

Functions

• Checks DNS records.
• Checks delays to NOC servers.
• Checks for opening ports on NOC servers.
• “Alive” URLs of NOC servers are checked.
• Especially for Russia, the check of blocking of IP addresses and domains by Roskomnadzor is thought out (can be turned on and off).
• For companies that use Direct Connect servers, the ability to check them (you need to fill 2 variables inside the script).
• Added a block of information on connecting the computer to the Internet.
• Added check of BlackBerry Connectivity Node, BlackBerry Cloud and Push Notification servers.
• The report is presented in the HTML format.

Exchange 2016 - Brief of vulnerabilities CVE-2018-8581, CVE-2019-0724 and CVE-2019-0686

January 21, 2019 was published an exploit that exploited 3 vulnerabilities to Exchange. Perhaps this is what accelerated their solving.

History

2017 - Researchers Andy Robbins and Will Schroeder highlighted issues with Exchange permissions in a document "Designing Active Directory DACL Backdoors".
2018.04.26 - Rindert Kramer and Dirk-jan Mollema at published an article "Escalating privileges with ACLs in Active Directory".

2018.11.13 - Microsoft published "CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability".
2018.12.19.12 - The ZDI published article "AN INSINCERE FORM OF FLATTERY: IMPERSONATING USERS ON MICROSOFT EXCHANGE" with exploit for CVE-2018-8581.
2019.01.21 - Hacker Dirk-jan Mollema published the PoC "Abusing Exchange: One API call away from Domain Admin".
2019.01.28 - CERT Coordination Center published vulnerability note VU#465632 "Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks".
2019.02.05 - Microsoft published "ADV190007 | Guidance for "PrivExchange" Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published articles "CVE-2019-0686 | Microsoft Exchange Server Elevation of Privilege Vulnerability" and "CVE-2019-0724 | Microsoft Exchange Server Elevation of Privilege Vulnerability"
2019.02.12 - Microsoft published "February 2019 Quarterly Exchange Updates" with patches for all related vulnerabilities.

Android 9 does not show notifications from WhatsApp and Viber

After updating my Nokia 5.1 Plus from Android 8.1 to Android 9, I noticed that after a while I am not receiving notifications from any messengers like WhatsApp or Viber. This should not happen!

Method №1 (Official)

To fix this you need to perform 4 steps:

1) Turn "Adaptive Battery" on.
Settings → Battery → Adaptive Battery → On

2) Specify applications that do not need to be optimized.
Open "Settings → App & notifications → Advanced → Special app access → Battery optimization → All apps" and then open needed apps (e.g. WhatsApp or Viber) and choose "Don't optimize".

3) Check app's notifictions settings.
Open "Settings → App & notifications → <Needed application> → Notifications" and make sure that all necessary options are turned on.

4) Reboot the phone.

Windows 10 please STOP reboot my PC/Laptop

Most of all in Windows 10 I hate preinstalled games and that it rebooting my laptop as he wants (most often at night and mostly without any notification).
To prevent it I have found a simple solution - disable "Reboot" task. But everything turned out to be more difficult. Windows still reboot my laptop (the screenshot below shows that task started even it disabled ("Отключено" in Russian)).

Therefore I decide to write a powershell script to prevent it once and for all.