Memorise

Force Active Directory replication on a domain controller

To force Active Directory replication run the command ‘repadmin /syncall /AeD’ on the domain controller.  Run this command on the domain controller in which you wish to update the Active Directory database.  For example, if DC2 is out of Sync, run the command on DC2.

A = All Partitions
e = Enterprise (Cross Site)
D = Identify servers by distinguished name in messages.

By default, this does a pull replication – which is how AD works by default.  If you want to do a push replication use the following command:

repadmin /syncall /APeD

P = Push

You want to do a push replication if you make changes on a DC and you want to replicate those changes to all other DC’s.  For example, you make a change on DC1 and you want all other changes to get that change instantly, run repadmin /syncall /APeD on DC1.

For all repadmin syntax please see:

http://technet.microsoft.com/en-us/library/cc736571(v=ws.10).aspx


Juniper SRX – Configuring BT FTTP PPPoE

This configuration is set up on Juniper SRX 340 running JUNOS 20.2R1.10

Note: The username is the same for everyone
btbusinesshub@business.btclick.com
password is anything
chap authentication method
outside/untrust interface being ge-0/0/7.0


set interfaces ge-0/0/7 unit 0 encapsulation ppp-over-ether

–Optional —
set security zones security-zone Internet interfaces pp0.0 host-inbound-traffic system-services ping
set security zones security-zone Internet interfaces pp0.0 host-inbound-traffic system-services ssh
set interfaces pp0 traceoptions flag all
set interfaces pp0 unit 0 bandwidth 900m
–Optional —
set interfaces pp0 unit 0 ppp-options chap default-chap-secret “$9$kmPTn/A”
set interfaces pp0 unit 0 ppp-options chap local-name “btbusinesshub@business.btclick.com”
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/7.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 1
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 no-keepalives
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address

Troubleshooting

show ppp statistics
show pppoe statistics

show interfaces pp0
Check for
LCP state: Opened
NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured
CHAP state: Success

Cabling guide:

Plug the RJ45 cable direct from the Openreach socket to ge-0/0/7


Juniper SRX certificate ‘aamw-srx-cert’: certificate does not exist

error: certificate ‘aamw-srx-cert’: certificate does not exist .
error: trusted-ca ‘aamw-cloud-ca’ does not exist!
error: trusted-ca ‘aamw-secintel-ca’ does not exist!

Error:

{primary:node0}[edit]
root# commit and-quit
[edit security pki]
‘ca-profile aamw-secintel-ca’
Missing mandatory statement: ‘ca-identity’
[edit security pki]
‘ca-profile aamw-cloud-ca’
Missing mandatory statement: ‘ca-identity’
error: commit failed: (missing mandatory statements)

FIX:

{primary:node0}[edit]
root# delete security pki

{primary:node0}[edit]
root# commit and-quit
warning: You have changed enhanced services mode.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
node0:
commit complete
Exiting configuration mode

Once joined to the cluster sync this with working SRX that will update all the cert.

Location of Certificates

The certificates/key-pairs used for IKE negotiations are stored in following locations,

/var/db/certs/common/key-pair
/var/db/certs/common/local
/var/db/certs/common/certification-authority

If the cert is missing, use WinSCP to copy the /var/db/certs folder.


Aruba Resetting Admin Password

Resetting Admin Password

This section describes how to reset the password for the default administrator user account (admin) on the managed device. Use this procedure if the administrator user account password is lost or forgotten.

1. Connect a local console to the serial port on the managed device.

2. From the console, login into the managed device as a password recovery user. For information, read Password Recovery user.

3. Enter configuration mode by typing in configure terminal.

4. To reset the administrator user account password, use the mgmt-user admin root command.

5. Enter a new password for this account and retype the same to confirm.

6. Exit from the configuration mode and the user mode.

If you have defined a management user password policy, make sure that the new password conforms to this policy. For details, see Implementing Specific Management Password Policy.

The following is an example of how to reset the admin password as a default password recovery user. If you have configured an alternate password recovery user, use its credentials to login to the controller. The commands in bold type are what you enter:

User: password

Password: forgetme!

(host) #configure terminal

Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #mgmt-user admin root

Password:********

Re-Type password:********

(host) (config) #exit

(host) #exit

Password Recovery user

A password recovery user is a management user with root rights that is used to reset the admin password in the event of a lost or forgotten password. Starting with ArubaOS 8.4.0.0, a configurable alternate password recovery user can be created in addition to the default password recovery feature.

 Password recovery access using either the default password recovery user or the alternate password recovery user is allowed only through the serial console of a controller.
 Password recovery users can be configured only through SSH sessions and serial console sessions with a controller and not through WebUI.
 Aruba recommends to enable the default password recovery user before generating and sharing the tech-support logs or configuration files with customer support.
 It is recommended that either the default password recovery user is disabled or the alternate password recovery user is configured when setting up the network to ensure. This is to ensure that there are no vulnerabilities.

Default password recovery user

In the event of a lost/forgotten password, the administrator can login to the controller and reset the admin password as the default password recovery user using the username password and the password forgetme!. The default password recovery user is defined and is enabled by default . Disabling the Default password recovery user is recommended if the network uses a TACACS server to authenticate its management users.

To disable the default password recovery user, execute the following command in the configuration mode:

(host) (config) #password-recovery-disable

To enable the default password recovery user, execute the following command in the configuration mode:

(host) (config) #no password-recovery-disable

Alternate password recovery user

Starting with ArubaOS 8.4.0.0, an alternate password recovery user with a username and password can be created to reset the admin password. The alternate user’s username can be 16 characters long and the password can be 32 characters long. Configuring the alternate password recovery user automatically disables the default password recovery user. Configuring the alternate password recovery user is highly recommended if the network is managed locally.

 The alternate password recovery user will not be shown in the management user section of the WebUI. This user role cannot be configured through the WebUI.

To configure the alternate password recovery user, execute the following command in the configuration mode:

(host) (config) #password-recovery-user <username>

Password:******

Re-Type password:******

To disable the alternate password recovery user, execute the following command in the configuration mode:

(host) (config) #no password-recovery-user

The following is an example to configure the alternate password recovery user:

(host) #configure terminal

Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #password-recovery-user recadmin

Password:******

Re-Type password:******

(host) (config) #exit

Use the show mgmt-user command to view the configured management users and the status of the default password recovery user.

The following is an example of the show mgmt-user command with the default password recovery user enabled.

(host) #show mgmt-user

Default password recovery user: Enabled

Management User Table

———————

USER PASSWD ROLE STATUS

—- —— —- ——

admin ***** root ACTIVE

The following is an example of the show mgmt-user command when the alternate password recovery user is configured.

(host) #show mgmt-user

Default password recovery user: Disabled

Management User Table

———————

USER PASSWD ROLE STATUS

—- —— —- ——

admin ***** root ACTIVE

recadmin ***** passR ACTIVE

source: https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/Content/ArubaFrameStyles/Management_Utilities/enab_radsec_reset_admin_enabl_pwd.htm


Juniper SRX Stuck in loader prompt

Insert a USB on a working SRX, then copy the partition

Insert the USB on the broken SRX and boot from USB

loader> nextboot
Platform: srx-trident
eUSB
usb
loader> nextboot usb
Setting next boot dev usb
loader> reboot
Resetting…

To do so, use the command below: request system snapshot media internal slice alternate
The slice seems to be a hidden command; therefore, you would have to type it in manually.

Recovering the Junos image in primary partition

When you spot that a primary partition has failed you should try to recover it as soon as possible as you are left with only one root partition. The recovery of the primary partition can be done easily by taking a snapshot of the root file system in the secondary partition and copying it to the primary partition.

The following command takes a snapshot of the currently active partition (secondary partition) and copies it to the alternate partition (primary partition).

root@SRX345>request system snapshot slice alternate
Formatting alternate root (//dev//da0s1a)...
Copying '//dev//da0s2a' to '//dev//da0s1a' .. (this may take a few minutes)
The following filesystems were archived: //

Run the following command to verify that you have a valid backup image.

root@SRX> show system software backup
Backup JUNOS package information:
File name: //cf//packages//junos-15.1X49-D150.2-domestic
File size: 254838138

You can also use the show system storage partitions command to check both partitions.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB20554

Working output – shorten version

loader> ?
Available commands:
watchdog enable or disable kernel watchdog
bcachestat get disk block cache stats
autoboot boot automatically after a delay
boot boot a file or loaded kernel
lsdev list all devices
nextboot set next boot device
more show contents of a file
read read input from the terminal
echo echo arguments
unset unset a variable
set set a variable
show show variable(s)
? list commands
help detailed help
install install JunOS
include read commands from a file
ls list files
lsmod list loaded modules
unload unload all modules
load load a kernel or module
reboot reboot the system
heap show heap usage
save save U-Boot environment
export export variables to U-Boot environment
loader> boot
can’t load ‘/kernel’
can’t load ‘/kernel.old’
no bootable kernel
loader> nextboot
Platform: srx-trident
eUSB
usb
loader> nextboot usb
Setting next boot dev usb
loader> reboot
Resetting…

SPI stage 1 bootloader (Build time: Apr 26 2020 – 21:42:44)

U-Boot 2013.07-JNPR-3.9 (Build time: Apr 26 2020 – 21:42:45)

Octeon unique ID: 040000708015f31e0245
…..

PCIe: Port 2 not in PCIe mode, skipping
Net: octrgmii0
Node 0 Interface 4 has 1 ports (AGL)
Boot Media: eUSB usb
Found TPM SLB9660 TT 1.2 by Infineon
TPM initialized
USB1: Starting the controller
USB XHCI 1.00
scanning bus 1 for devices… 2 USB Device(s) found
USB0: Starting the controller
USB XHCI 1.00
scanning bus 0 for devices… 2 USB Device(s) found
scanning usb for storage devices… 2 Storage Device(s) found
Type the command ‘usb start’ to scan for USB storage devices.

Press SPACE to stop autoboot: 0
SF: Detected SF with page size 256 Bytes, erase size 64 KiB, total 8 MiB
SF: 1048512 bytes Read: OK
SF: 1048576 bytes Read: OK

Starting application …

SF: Detected SF with page size 256 Bytes, erase size 64 KiB, total 8 MiB
[0]Booting from usb slice 1
Consoles: U-Boot console
Found compatible API, ver. 3.9

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.10
(slt-builder@svl-junos-pool87.juniper.net, Sun Mar 4 10:30:52 PST 2018)
Memory: 4096MB
[0]Booting from usb slice 1
/boot/init.4th loaded.
Loading /boot/defaults/loader.conf
/kernel data=0x126bb74+0x1c04e4 syms=[0x4+0xba2c0+0x4+0x11d559]

Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]…
Kernel entry at 0x801000c0 …
init regular console
Primary ICache: Sets 16 Size 128 Asso 39
Primary DCache: Sets 8 Size 128 Asso 32
Secondary DCache: Sets 1024 Size 128 Asso 4

Timecounter “mips” frequency 1200000000 Hz quality 0
da1 at umass-sim1 bus 1 target 0 lun 0
da1: Removable Direct Access SCSI-4 device
da1: 40.000MB/s transfers
da1: 7680MB (15728640 512 byte sectors: 255H 63S/T 979C)
da0 at umass-sim0 bus 0 target 0 lun 0
da0: Fixed Direct Access SCSI-4 device
da0: 40.000MB/s transfers
da0: 7672MB (15712256 512 byte sectors: 255H 63S/T 978C)
random: unblocking device.
hwpmc: OCTEON/4/64/0x1ff
Trying to mount root from ufs:/dev/da1s1a
MFSINIT: Initialising MFSROOT
Process-1 beginning MFSROOT initialization…
Creating MFSROOT…
/dev/md0: 20.0MB (40956 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 5.00MB, 320 blks, 640 inodes.
super-block backups (for fsck -b #) at:
32, 10272, 20512, 30752
Populating MFSROOT…
Creating symlinks…
Setting up mounts…
Continuing boot from MFSROOT…
Attaching /cf/packages/junos via /dev/mdctl…
Mounted junos package on /dev/md1…
J
Automatic reboot in progress…
Verified jboot signed by PackageProductionECP256_2020 method ECDSA256+SHA256
Verified junos signed by PackageProductionECP256_2020 method ECDSA256+SHA256
Verified junos-20.2R1.10 signed by PackageProductionECP256_2020 method ECDSA256+ SHA256
Checking integrity of BSD labels:
s1: Passed
s2: Passed
s3: Passed
s4: Passed
** /dev/bo0s3e
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 94741 free (21 frags, 11840 blocks, 0.0% fragmentation)
** /dev/bo0s3f
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 1746346 free (386 frags, 218245 blocks, 0.0% fragmentation)
Checking integrity of licenses:
Checking integrity of configuration:
rescue.conf.gz: Passed

LPC bus driver
lpcbus0 on cpld0
tpm0: on lpcbus0
tpm: IFX SLB 9660 TT 1.2 rev 0x10
Loading configuration …
.
..
Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boo t/modules;/modules/ifpfe_drv;/modules;
kld netpfe drv: ifpfed_dialer pvid_cryptosoft0: on motherboard
IPsec: Initialized Security Association Processing.
db kld ipsecs
.
Doing additional network setup:.
Starting final network daemons:.
setting ldconfig path: /usr/lib /opt/lib
starting standard daemons: cron.
root@SEDG-ABC-SRX01% alization:.
root@SEDG-ABC-SRX01% ization:.
root@SEDG-ABC-SRX01% s:set cores for group access
root@SEDG-ABC-SRX01%

root@SEDG-ABC-SRX01% clear
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 98068 free (28 frags, 12255 blocks, 0.0% fragmentation)
chassis.ko loaded Loading JUNOS chassis module
chassis_init_hw_chassis_startup_time: chassis startup time 0.000000
Thu Jan 13 17:16:25 GMT 2022

SEDG-ABC-SRX01 (ttyu0)

login: root
Password:

— JUNOS 20.2R1.10 built 2020-06-25 13:55:10 UTC

— NOTICE: System is running on alternate media device (/dev/da1s1a).

root@SEDG-ABC-SRX01%
root@SEDG-ABC-SRX01%
root@SEDG-ABC-SRX01% cli
{secondary:node0}
root@SEDG-ABC-SRX01> show system snapshot media internal

node0:

Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Aug 27 17:03:31 2020
JUNOS version on snapshot:
junos : 20.2R1.10

node1:

Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Nov 27 18:07:49 2021
JUNOS version on snapshot:
junos : 20.2R1.10
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Aug 27 17:10:28 2020
JUNOS version on snapshot:
junos : 20.2R1.10

root@SEDG-ABC-SRX01> … media internal slice alternate

node0:

error: Snapshot to alternate slice cannot be performed as internal is not the boot media

node1:

Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were ABChived: /

{secondary:node0}
root@SEDG-ABC-SRX01>

{secondary:node0}
root@SEDG-ABC-SRX01> show system snapshot media internal

node0:

Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Aug 27 17:03:31 2020
JUNOS version on snapshot:
junos : 20.2R1.10

node1:

Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Nov 27 18:07:49 2021
JUNOS version on snapshot:
junos : 20.2R1.10
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jan 13 17:27:02 2022
JUNOS version on snapshot:
junos : 20.2R1.10

{secondary:node0}
root@SEDG-ABC-SRX01>

{secondary:node0}
root@SEDG-ABC-SRX01> show chassis cluster status
Monitor Failure codes:
CS Cold Sync monitoring FL Fabric Connection monitoring
GR GRES monitoring HW Hardware monitoring
IF Interface monitoring IP IP monitoring
LB Loopback monitoring MB Mbuf monitoring
NH Nexthop monitoring NP NPC monitoring
SP SPU monitoring SM Schedule monitoring
CF Config Sync monitoring RE Relinquish monitoring
IS IRQ storm

Cluster ID: 1
Node Priority Status Preempt Manual Monitor-failures

Redundancy group: 0 , Failover count: 0
node0 100 secondary no no None
node1 50 primary no no None

Redundancy group: 1 , Failover count: 0
node0 100 secondary no no None
node1 50 primary no no None

{secondary:node0}
root@SEDG-ABC-SRX01> show system snapshot media al?
No valid completions
{secondary:node0}
root@SEDG-ABC-SRX01> show system snapshot media ?
Possible completions:
internal Show snapshot information from internal flash
usb Show snapshot information from device connected to USB port

{secondary:node0}
root@SEDG-ABC-SRX01> show system snapshot media internal

node0:

Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Aug 27 17:03:31 2020
JUNOS version on snapshot:
junos : 20.2R1.10

node1:

Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Nov 27 18:07:49 2021
JUNOS version on snapshot:
junos : 20.2R1.10
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jan 13 17:27:02 2022
JUNOS version on snapshot:
junos : 20.2R1.10
root@SEDG-ABC-SRX01% unmount /altroot
unmount: Command not found.
root@SEDG-ABC-SRX01% unmount /altroot
unmount: Command not found.
root@SEDG-ABC-SRX01% exitcal, noatime, read-only)
logouton /dev (devfs, local, multilabel)
root@SEDG-ABC-SRX01% exitlocal, noatime)
exitpackages on /junos/cf/packages (nullfs, local, noatime)
devfs on /junos/cf/dev (devfs, local, noatime, multilabel)
{secondary:node0}s (cd9660, local, noatime, read-only, verified)
root@SEDG-ABC-SRX01> lfs, local, noatime)
devfs on /junos/dev/ (devfs, local, noatime, noexec, read-only, multilabel)
{secondary:node0}junos/cf/packages1 (nullfs, local, noatime)
root@SEDG-ABC-SRX01> fs, local, noatime)
/dev/bo0s3e on /config (ufs, local, noatime)
{secondary:node0}f/var (ufs, local, noatime)
root@SEDG-ABC-SRX01> , asynchronous, local, noatime)
/cf/var/jail on /jail/var (nullfs, local, noatime)
{secondary:node0}t-api on /web-api/var (nullfs, local, noatime)
root@SEDG-ABC-SRX01> var/log (nullfs, local, noatime)
devfs on /jail/dev (devfs, local, noatime, noexec, read-only, multilabel)
{secondary:node0}/mfs (ufs, asynchronous, local, noatime)
root@SEDG-ABC-SRX01>
root@SEDG-ABC-SRX01% su –
{secondary:node0}
root@SEDG-ABC-SRX01>

{secondary:node0}
root@SEDG-ABC-SRX01>

{secondary:node0}
root@SEDG-ABC-SRX01>

{secondary:node0}
root@SEDG-ABC-SRX01> request system snapshot slice alternate

node0:

Formatting alternate root (/dev/da1s2a)…
Copying ‘/dev/da1s1a’ to ‘/dev/da1s2a’ .. (this may take a few minutes)
The following filesystems were ABChived: /

node1:

Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were ABChived: /

{secondary:node0}
root@SEDG-ABC-SRX01> show system storage partitions

node0:

Boot Media: usb (da1)
Active Partition: da1s1a
Backup Partition: da1s2a
Currently booted from: active (da1s1a)

Partitions information:
Partition Size Mountpoint
s1a 579M /
s2a 587M altroot
s3e 185M /config
s3f 5.0G /var
s4a 324M recovery
s4b
s4e 15M

node1:

Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a
Currently booted from: active (da0s1a)

Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M

{secondary:node0}
root@SEDG-ABC-SRX01> request system reboot media internal
Reboot the system ? yes,no yes

Shutdown NOW!

[pid 5208]

{secondary:node0}
root@SEDG-ABC-SRX01>
*** FINAL System shutdown message from root@SEDG-ABC-SRX01 ***

System going down IMMEDIATELY

Jan 13 17:59:32 init: interface-control (PID 2371) terminate signal 15 sent
JWaiting (max 60 seconds) for system process vnlru_mem' to stop...done Waiting (max 60 seconds) for system processvnlru’ to stop…done
Waiting (max 60 seconds) for system process bufdaemon' to stop...done Waiting (max 60 seconds) for system processsyncer’ to stop…
Syncing disks, vnodes remaining…0 0 0 done

syncing disks… Syncing disks, buffers remaining… 2 2
Final sync complete
Uptime: 48m19s
Rebooting…

Starting application …

SF: Detected SF with page size 256 Bytes, erase size 64 KiB, total 8 MiB
[0]Booting from usb slice 1
Consoles: U-Boot console
Found compatible API, ver. 3.9

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.10
(slt-builder@svl-junos-pool87.juniper.net, Sun Mar 4 10:30:52 PST 2018)
Memory: 4096MB
[0]Booting from usb slice 1
/boot/init.4th loaded.
Loading /boot/defaults/loader.conf
/kernel data=0x126bb74+0x1c04e4 syms=[0x4+0xba2c0+0x4+0x11d559]

Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]…
Kernel entry at 0x801000c0 …
init regular console
Primary ICache: Sets 16 Size 128 Asso 39
Primary DCache: Sets 8 Size 128 Asso 32
Secondary DCache: Sets 1024 Size 128 Asso 4

Continuing boot from MFSROOT…
Attaching /cf/packages/junos via /dev/mdctl…
Mounted junos package on /dev/md1…
J
Automatic reboot in progress…
Verified jboot signed by PackageProductionECP256_2020 method ECDSA256+SHA256
Verified junos signed by PackageProductionECP256_2020 method ECDSA256+SHA256
Verified junos-20.2R1.10 signed by PackageProductionECP256_2020 method ECDSA256+SHA256
Checking integrity of BSD labels:
s1: Passed
s2: Passed
s3: Passed
s4: Passed
** /dev/bo0s3e
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 94741 free (21 frags, 11840 blocks, 0.0% fragmentation)
** /dev/bo0s3f
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 1746310 free (462 frags, 218231 blocks, 0.0% fragmentation)
Checking integrity of licenses:
Checking integrity of configuration:
rescue.conf.gz: Passed

Creating JAIL MFS partition…
JAIL MFS partition created
Boot media /dev/da1 has dual root support
** /dev/da1s2a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 98068 free (76 frags, 12249 blocks, 0.0% fragmentation)
chassis.ko loaded Loading JUNOS chassis module
chassis_init_hw_chassis_startup_time: chassis startup time 0.000000
Thu Jan 13 18:04:35 GMT 2022

SEDG-ABC-SRX01 (ttyu0)

login:
SEDG-ABC-SRX01 (ttyu0)


Last Error: Message deferred by categorizer agent.

Exchange 2013 mail flow issue. It turned out to be the Malware agent causing the issue

Once it is enabled and the Exchange transport service is restarted, all emails are stuck in the submission queue with “Last Error: Message deferred by categorizer agent.”

Check the mail queue

Get-Queue -Identity submission

Get-Transport Agent will list all the transport agents, you can disable one at a time to isolate problematic agents. in my case it was the Malware Agent.

Use the Shell to disable malware filtering on a specific Exchange server

To disable malware filtering, run the following command: PowerShellCopy

& $env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1

Note

To re-enable malware filtering, use Enable-Antimalwarescanning.ps1 instead of Disable-Antimalwarescanning.ps1.

How do you know this step worked?

To verify that malware filtering is disabled, run the following command and confirm that it returns a value of False: PowerShellCopy

Get-TransportAgent "Malware Agent"

https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help


Exchange ActiveSync iOS Device

Updated: May 2021

iOS devices unfortunately do not register with ActiveSync or other tools with a logical clear human-readable version number. Instead, they show up with strings like “Apple-iPhone3C1/902.206”  

Obviously, this makes discovery and reporting difficult.  To help ourselves, and the community at large, we now maintain this list of hardware and iOS versions for Apple gear.

Hardware Versions:

iPod2C1 = iPod Touch 2
iPod3C1 = iPod Touch 3
iPod4C1 = iPod Touch 4
iPod5C1 = iPod Touch 5

iPad1C1 = iPad 
iPad2C1 = iPad 2 WIFI 
iPad2C2 = iPad 2 WIFI + 3G 
iPad2C3 = iPad 2 WIFI + 3G CDMA 
iPad2C4 = iPad Mini - WIFI 
iPad2C5 = iPad Mini - WIFI + LTE
iPad3C1 = The New iPad (iPad 3)- WIFI
iPad3C2 = The New iPad (iPad 3) - WIFI + LTE 
iPad3C3 = iPad with Retina Display (iPad 4) - WIFI 
iPad3C4 = iPad with Retina Display (iPad 4) - WIFI + LTE  
iPad4C1 = iPad Air - WIFI 
iPad4C2 = iPad Air - WIFI + LTE 
iPad4C4 = iPad Mini with Retina Display - WIFI
iPad4C5 = iPad Mini with Retina Display - WIFI + LTE
iPad4C7 = iPad Mini 3 WIFI
iPad4C8 = iPad Mini 3 WIFI+LTE
iPad5C1 = iPad Mini 4 - WIFI
iPad5C2 = iPad Mini 4 - WIFI + LTE
iPad5C3 - iPad Air 2 - WIFI
iPad5C4 = iPad Air 2 = WIFI + LTE
iPad6C3 = iPad Pro (9.7") - WIFI
iPad6C4 = iPad Pro (9.7") - WIFI + LTE
iPad6C7 = iPad Pro (12.9") - WIFI
iPad6C8 = iPad Pro (12.9") - WIFI + LTE
iPad6C11 = iPad 5th Gen
iPad6C12 = iPad (9.7") 2017 - WIFI
iPad7C1 = iPad Pro (12.9") WIFI 2nd Gen
iPad7C2 = iPad Pro (12.9") WIFI + LTE 2nd Gen
iPad7C3 = iPad Pro (10.5") WIFI 2nd Gen
iPad7C4 = iPad Pro (10.5") WIFI + LTE 2nd Gen
iPad7C5 = iPad 6th Gen
iPad7C6 = iPad 6th Gen
iPad7C11 = iPad (10.2") 7th Gen WIFI
iPad7C12 = iPad (10.2") 7th Gen WIFI+LTE
iPad8C1 = iPad Pro (11")
iPad8C2 = iPad Pro (11")
iPad8C3 = iPad Pro (11")
iPad8C4 = iPad Pro (11")
iPad8C5 = iPad Pro (12.9") 3rd gen
iPad8C6 = iPad Pro (12.9") 3rd gen
iPad8C7 = iPad Pro (12.9") 3rd gen
iPad8C8 = iPad Pro (12.9") 3rd gen
iPad8C11 = iPad Pro - Wi-Fi 12.9", 4th gen
iPad8C12 = iPad Pro - Wi-Fi + Cellular 12.9", 4th Gen
iPad11C1 = iPad Mini 5
iPad11C2 = iPad Mini 5
iPad11C3 = iPad Air 3rd gen
iPad11C4 = iPad Air 3rd gen
iPad11C7 = iPad - WIFI+LTE 10.2", 8th Gen

iPhone1C2 = iPhone 3G 
iPhone2C1 = iPhone 3GS
iPhone3C1 = iPhone 4 GSM
iPhone3C2 = iPhone4 GSM
iPhone3C3 = iPhone 4 CDMA
iPhone4C1 = iPhone 4S
iPhone5C1 = iPhone 5 GSM/LTE
iPhone5C2 = iPhone 5 CDMA USA/China 
iPhone5C3 = iPhone 5C GSM/CDMA/Americas
iPhone5C4 = iPhone 5C Europe/Asia
iPhone6C1 = iPhone 5S GSM/CDMA/Americas
iPhone6C2 = iPhone 5S Europe/Asia
iPhone7C1 = iPhone 6 Plus
iPhone7C2 = iPhone 6
iPhone8C1 = iPhone 6S
iPhone8C2 = iPhone 6S Plus
iPhone8C4 = iPhone SE
iPhone9C1 = iPhone 7
iPhone9C2 = iPhone 7 Plus
iPhone9C3 = iPhone 7
iPhone9C4 = iPhone 7 Plus  
iPhone10C1 = iPhone 8
iPhone10C2 = iPhone 8 Plus 
iPhone10C3 = iPhone X 
iPhone10C4 = iPhone 8 
iPhone10C5 = iPhone 8 Plus 
iPhone10C6 = iPhone X
iPhone11C2 = iPhone XS
iPhone11C6 = iPhone XS Max
iphone11C8 = iPhone XR
iphone12C1 = iPhone 11
iphone12C3 = iPhone 11 Pro
iPhone12C5 = iPhone 11 Pro Max
iPhone12C8 = iPhone SE (Second Generation)
iPhone13C1 = iPhone 12 (?)
iPhone13C2 = iPhone 12 Mini (?)
iPhone13C3 = iPhone 12 Pro
iPhone13C5 = iPhone 12 Pro Max


iPhone OS Versions:

508.11 = 2.2.1
701.341 = 3.0
701.400 = 3.0.1 
703.144 = 3.1 
704.11 = 3.1.2 
705.18 = 3.1.3  
702.367 = 3.2 (original iPad only) 
702.405 = 3.2.1 (original iPad only) 
702.500 = 3.2.2 (original iPad only) 

From this point forward, iPhone OS was renamed iOS.

iOS Versions:

801.293 = 4.0
801.306 = 4.0.1
801.400 = 4.0.2
802.117 = 4.1
802.118 = 4.1 
803.148 = 4.2.1 
803.14800001 = 4.2.1 
805.128 = 4.2.5 
805.200 = 4.2.6 
805.303 = 4.2.7 
805.401 = 4.2.8 
805.501 = 4.2.9 
805.600 = 4.2.10 
806.190 = 4.3 
806.191 = 4.3 
807.4 = 4.3.1 
808.7 = 4.3.2 
808.8 = 4.3.2 
810.2 = 4.3.3 
810.3 = 4.3.3 
811.2 = 4.3.4 
812.1 = 4.3.5
901.334 = 5.0 
901.40x = 5.0.1 
902.17x = 5.1 
902.206 = 5.1.1 
1001.40x = 6.0 
1001.52x = 6.0.1
1002.14x= 6.1 
1002.146 = 6.1.2 
1002.329 = 6.1.3 
1002.350 = 6.1.3  
1101.465 = 7.0 
1101.470=7.0.1 
1101.47000001=7.0.1 
1101.501=7.0.2 
1102.511 = 7.0.3 
1102.55400001 = 7.0.4 
1102.601 = 7.0.5 
1102.651 = 7.0.6 
1104.167 = 7.1 
1104.169 = 7.1 
1104.201 = 7.1.1 
1104.257 = 7.1.2 
1201.365 = 8.0 
1201.366 = 8.0.1 
1201.405 = 8.0.2 
1202.410/411 = 8.1 
1202.435/436 = 8.1.1 
1202.440/445 = 8.1.2 
1202.466 = 8.1.3 
1204.508 = 8.2 
1206.69 = 8.3 
1208.143 = 8.4 
1208.321 = 8.4.1  
1301.4xxxxxx = 9.0 betas 
1301.342 = 9.0 (older devices) 
1301.344 = 9.0 
1301.402 = 9.0.1 (older devices) 
1301.404 = 9.0.1 
1301.452 = 9.0.2 
1302.143 = 9.1 
1303.075 = 9.2 
1304.15= 9.2.1 
1305.5234xxxx = 9.3 betas 
1305.234 = 9.3 
1305.328 = 9.3.1 
1306.69 = 9.3.2 
1306.72 = 9.3.2 (iPad Pro only) 
1307.34 = 9.3.3 
1307.35 = 9.3.4 
1307.36 = 9.3.5 (important security fix)
1305.5xxx = 10.0 betas 
1401.403 = 10.0.1 
1401.456 = 10.0.2 
1402.72 = 10.1 
1402.100 = 10.1.1 
1403.92 = 10.2 
1404.27 = 10.2.1 
1405.277 = 10.3 
1405.304 = 10.3.1 
1406.89 = 10.3.2 
1406.8089 = 10.3.2 (iPad Pro) 
1407.60 = 10.3.3  
1501.5xxx = 11.0 betas 
1501.372 = 11.0 
1501.402 = 11.0.1 
1501.421 = 11.0.2  
1501.432 = 11.0.3 
1502.5xx = 11.1 betas
1502.93 = 11.1 
1502.150 = 11.1.1 
1502.202 = 11.1.2 
1503.5xx = 11.2 betas 
1503.114 = 11.2 
1503.153 = 11.2.1 
1503.202 = 11.2.2 
1504.60 = 11.2.5 
1504.100 = 11.2.6 
1505.216 = 11.3 
1505.302 = 11.3.1  
1506.79 = 11.4 
1507.77 = 11.4.1
1601.5xx = 12.0 betas
1601.366 = 12.0 
1601.405 = 12.0.1
1602.5xx = 12.1 betas
1602.92 = 12.1
1603.50 = 12.1.1
1604.39 = 12.1.3 
1604.57 = 12.1.4
1605.5xx = 12.2 betas
1605.227 = 12.2 
1606.5xx = 12.3 betas
1606.156 = 12.3
1606.203 = 12.3.1
1607.5xx = 12.4 betas
1607.77 = 12.4
1607.102 = 12.4.1
1607.114 = 12.4.2
1607.130 = 12.4.3
1607.140 = 12.4.4
1607.161 = 12.4.5
1607.183 = 12.4.6
1607.192 = 12.4.7
1607.201 = 12.4.8
1608.5   = 12.4.9
1608.20 = 12.5.0

1701.55x = 13.0 betas
1701.577 = 13.0 
1701.58x = 13.1 betas
1701.844 = 13.1
1701.854 = 13.1.2 (latest devices)
1701.86x = 13.1.2
1702.5xx = 13.2 betas
1702.84 = 13.2 
1702.102 = 13.2.2 
1702.111 = 13.2.3 
1703.5xx = 13.3 betas
1703.54 = 13.3
1704.5xx = 13.3.1 beta
1705.255 = 13.4 
1705.262 = 13.4.1
1706.75 = 13.5
1706.80 = 13.5.1 
1707.68 = 13.6
1707.80 = 13.6.1
1708.35 = 13.7
1801.53x = 14.0 betas
1801.373 = 14.0 
1801.393 = 14.0.1
1801.8395 = 14.1
1802.5xxx = 14.2 betas
1802.92 = 14.2
1803.66 = 14.3
1804.52 = 14.4
1804.61 = 14.4.4
1804.70 = 14.4.2
1805.199 = 14.5
1805.212 = 14.5.1
1806.72 = 14.6 
1807.69 - 14.7 (current)

Samsung

Samsung encodes the Android OS version number at the end of their string, with zero paddings.

SAMSUNG-SGH-I337M/101.403 indicates Android 4.3 
SAMSUNG-SGH-I317M/100.40102 indicates Android 4.1.2 etc.

Python3 as a default python version on MacOS?

By default MacOS ships with Python-2.-. But, I guess most of us have long back started to work with Python-3 and it is very irritating to run python3 every time instead of python in terminal. Here is how to do this.

Open the terminal (bash or zsh) whatever shell you are using.

Install python-3 using Homebrew (https://brew.sh).

brew install python

Look where it is installed.

ls -l /usr/local/bin/python*

The output is something like this:

lrwxr-xr-x  1 irfan  admin  34 Nov 11 16:32 /usr/local/bin/python3 -> ../Cellar/python/3.7.5/bin/python3
lrwxr-xr-x  1 irfan  admin  41 Nov 11 16:32 /usr/local/bin/python3-config -> ../Cellar/python/3.7.5/bin/python3-config
lrwxr-xr-x  1 irfan  admin  36 Nov 11 16:32 /usr/local/bin/python3.7 -> ../Cellar/python/3.7.5/bin/python3.7
lrwxr-xr-x  1 irfan  admin  43 Nov 11 16:32 /usr/local/bin/python3.7-config -> ../Cellar/python/3.7.5/bin/python3.7-config
lrwxr-xr-x  1 irfan  admin  37 Nov 11 16:32 /usr/local/bin/python3.7m -> ../Cellar/python/3.7.5/bin/python3.7m
lrwxr-xr-x  1 irfan  admin  44 Nov 11 16:32 /usr/local/bin/python3.7m-config -> ../Cellar/python/3.7.5/bin/python3.7m-config

Change the default python symlink to the version you want to use from above.
Note that, we only need to choose the one that end with python3.*. Please avoid using the ones’ that end with config or python3.*m or python3.*m-config.

Below command shows how it should be done:

ln -s -f /usr/local/bin/python3.7 /usr/local/bin/python

Close the current terminal session or keep it that way and instead open a new terminal window (not tab). Run this:

python --version

You will get this:

Python 3.7.5

WTForms Install email validator for email validation support

PROBLEM

bash-3.2$ export FLASK_APP=flaskblog.py
bash-3.2$ flask runTraceback (most recent call last):
File “/Library/Frameworks/Python.framework/Versions/3.9/bin/flask”, line 8, in
sys.exit(main())
File “/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/flask/cli.py”, line 967, in main cli.main(args=sys.argv[1:], prog_name=”python -m flask” if as_module else None)
File “/Users/shiraj/Documents/GitHub/Python/Flask_blog-complete/forms.py”, line 10, in RegistrationForm validators=[DataRequired(), Email()])
File “/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/wtforms/validators.py”, line 332, in init
raise Exception(“Install ’email_validator’ for email validation support.”)
Exception: Install ’email_validator’ for email validation support.

SOLUTIONS

bash-3.2$ pip install email_validator
Collecting email_validator
Downloading email_validator-1.1.2-py2.py3-none-any.whl (17 kB)
Collecting idna>=2.0.0
Downloading idna-3.1-py3-none-any.whl (58 kB)
|████████████████████████████████| 58 kB 2.8 MB/s
Requirement already satisfied: dnspython>=1.15.0 in /Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages (from email_validator) (2.1.0)
Installing collected packages: idna, email-validator
Successfully installed email-validator-1.1.2 idna-3.1
bash-3.2$ flask run