Using NetScaler Responder policies to log source ip-address

Sometimes you need to decomission services, and move them to new servers. Sometimes this requires the change of the IP address. This is no big deal as long as accessing clients use DNS, or until you can change the IP address to connect to the services using a central mechanism. DNS and LDAP are two of these services. They come often as part of Microsoft Active Directory Domain Controllers. Sometimes customers use the IP address of a DC and put this IP address hard coded into other IT systems or config files.

External E-Mail tagging in Exchange Online

We all know the e-mail disclamer and “EXTERNAL” tags in subject lines that should make clear, that a specific e-mail is coming from external sender. Mostly this is done to make sure nobody clicks on links in external e-mails that might look like an external e-mail. This can easily be done by creating a transport rule in Exchange or Exchange Online that matches senders outside the organization. This rule adds something to the beginning of the subject line, and usually a preamble is added to the mail body.

hpe_hba_cabling_check falsely issues a warning

After a routine update of a 6-node Nutanix cluster, a Nutanix Cluster Check (NCC) warning popped up indicating a problem with the SAS cabling. Running the check on the CLI offered some more details. Running : health_checks hardware_checks disk_checks hpe_hba_cabling_check [==================================================] 100% /health_checks/hardware_checks/disk_checks/hpe_hba_cabling_check [ WARN ] -----------------------------------------------------------------------------------------------------------------------------------------------------------+ Detailed information for hpe_hba_cabling_check: Node WARN: Disk cabling for disk(s) S6GLNG0T610113 are detected at incorrect location(s) 3:251:8 respectively where each value in the location corresponds to box:bay Node 10.

Deploying CEP/ CES using a gMSA

The Certificate Enrollment Policy Web Service (CEP) and the Certificate Enrollment Web Service (CES) were introduced with Windows Server 2008 R2 in order to simplify the request for certificates, especially for devices that were not member of a Active Directory domain. The “classic” way of requesting a certificate from a Active Directory Enterprise CA involves LDAP and RPC/ DCOM, which was okay in the early days of Active Directory, but today, with a CA as a tier 0 asset, this is some kind of a problem.

ArubaOS: Encrypt credentials in config files

By default, credentials such as RADIUS or TACACS authentication keys, are stored separately from the switch configuration, and are not shown when saved or running configurations are displayed or copied using TFTP or SSH. You can change this behavior using the include-credentials command. This clearly seems to be a security issue, because the displays credentials are unencrypted. You can check the current status using show include-credentials. HP Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Include ClearPass Keys : No If you want to encrypt these credentials, you can use the encrypt-credentials command.

Deploying Joplin Server on Docker

Some weeks ago I decided to move my notes from Microsoft OneNote to Joplin. Microsoft OneNote is a great tool for taking notes collaborative, but sometimes it drives me insane and I wanted a more portable form at for my notes. Markdown is a perfect portable format, and it is widly adopted. I really like the idea behind Markdown, and I even supported a Microsoft User Voice to add native Markdown support into OneNote.

Using on your homenetwork

Many of you might know Pi-hole and use it for blocking ADs. I also used it for a long time in my homenetwork, running it on a Raspberry Pi. A customer of mine then drew my attention to What is is a censorship-free, secure and redundant DNS resolver without logging, but with an ad blocker. The server are hosted in Germany. also offers, which offers parental control blocklists and Safe Search for search engines and YouTube.

Redistribute VMs according to a stored mapping

This is a quick one. Sometimes you need to evacuate VMs from a host, do some maintenance, and redistribute the VMs to the originating host. This can be annoying, especially if you don’t have a vSphere Enterprise Plus license with DRS, DRS groups etc. These few PowerShell lines may help you. ,

VMware is now Broadcom - time to move on

In May 2022, Broadcom announced that it will buy VMware for outstanding $69 billion USD. 18 months later, in November 2023, China finally approved the merger. Chinese regulators were the latest in a long line of authorities to approve the takeover. VMware was gone. It was no “by Broadcom”. And not only the name changed. There were already countless rumors in the 18 months before the takeover. Broadcoms CEO, Hock Tan, was known for trimming companies for profit.

From Wordpress to Hugo in three days

This blog will mark its 10th anniversary in January 2024. A decade ago, I embarked on a new blogging journey with the domain Some of you might have known my former blog before I made the switch to I’d been running for over 7 years. However, by the end of 2013, I grew weary of Serendipity, a PHP-powered weblog engine. I craved a shift to Wordpress, but back then, a seamless migration path wasn’t available.