Notes

"Not Used" button in Cisco ASDM

You can say what you want about Cisco firewalls, but I recently discovered the "Not Used" button in Cisco ASDM. This button allows you to delete unused host objects. Nice :)

Published on 2022-03-26, 12:22 +0000

SSL on NetScaler not working anymore

We faced a very strange behaviour with Citrix ADC (NetScaler). We use two NetScaler VMs to load balance two Citrix StoreFront servers. The StoreFront is SSL / TLS secured.

They suddenly stopped serving to serve the StoreFront web site, but without any explanation. Every status sign in NetScaler was green, the SSL certificate was not expired and since we use the freemium version, there was no license that could expire. The HTTP and HTTPS ports were open (tested using Test-NetConnection) and even the HTTP to HTTPS redirect worked. But the StoreFront page did not show up. Also the NetScaler log did not show that there was any config change or any other problem.

We tried to failover the NetScalers, to reboot them and to restore an older config file. But none of these measures did work. We also considered some NetScaler experts, but like us, they had no idea what was wrong.

The last idea we had was to restore the last night's backup of the VMs. Whatever the problem was, restoring the backup solved it. We really had no idea what the problem was, it didn't reoccur the last few days.

Published on 2022-03-25, 18:47 +0000

The end of StudiVZ and MeinVZ

They are finally shutting down (german article) StudiVZ and MeinVZ. These were once the most popular social networks in Germany before Facebook became popular.

Published on 2022-03-22, 16:16 +0000

Dynamic distribution group based on security group membership

I wanted to create a dynamic distribution group in Exchange 2019 and wanted to include two kinds of users:

  1. Users where the Company field has a specific value
  2. Users that are members of a specific security group

The motivation was that our company has several sites. The Company states if a user is member of a site. And there are also users, that move between the sites. These users should be added using the security group.

To achieve this, I created the following recipient filter for the distribution group (indentation included for better readability):

(
    (
        (
            (
                (Company -eq 'My company')
                -or
                (MemberOfGroup -eq 'CN=my-group,OU=groups,DC=mycompany,DC=local')

            )
            -and
            (
                (
                    (RecipientType -eq 'UserMailbox')
                    -or
                    (RecipientType -eq 'MailUser')
                )
            )
        )
    )


    -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox'))-and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox'))
)

The import part is (Company -eq 'My company') -or (MemberOfGroup -eq 'CN=my-group,OU=groups,DC=mycompany,DC=local'). The long part at the bottom is the default filter.
There are some important things:

  • You must specify the distinguished name for the group
  • The users must be direct member of the group, nested groups do not work.

But hey, it works :)

Published on 2022-03-16, 18:38 +0000

RMV ticket machine in Wiesbaden: Bad request

I like to take photos of machines where the user interface failed and you can see some details behind it.

This is the upper display of a RMV ticket machine at the Wiesbaden-Schierstein railway station on 2021-08-17:

Bad request on ticket machine

Normally, the upper display shows advertisements and upcoming train departures. We can see that these information are displayed using a website and a web browser running in full screen mode. By the way the fonts look, this should be some Linux system.

Published on 2022-03-12, 16:15 +0000