Some Notes on the Machines

Microsoft has a global MFA override coming to all accounts as a default; their term is “Security Defaults”. To turn this off, log in as Office 365 admin and then:

entra.microsoft.com/#blade/Microsoft_AAD_ConditionalAccess/SecurityDefaults?Microsoft_AAD_IAM_legacyAADRedirect=true

Just now, 2023-06-30 12:50PM CST, I searched in multiple different search engines for something simple but very unusual. All of them but one gave me dozens of pages of useless and irrelevant links which had a word close to the goal but spelled a bit differently. This one, only, gave me just what I needed:

DuckDuckGo

Can be visited at either duckduckgo.com or https://ddg.gg.

This writer will be using DDG by default.

A sample SMTP conversation.  You’ll need Putty (telnet mode!) in Windows, or Cygwin with ‘inetutils’ installed (for telnet), or the telnet for your Linux. The idea is that you are playing the role of a machine trying to send email through a mail server you select. You can learn causes of failure this way that you cannot learn any other way, or not at all easily.

• Blue is transmit.
• Red is receive. 
• We start with a telnet on port 25. The first step is a Linux command line as written, directly translatable to Cygwin’s telnet, and GUIable in Putty.
• The messages received will vary somewhat, but the initial numbers won’t. 
• The greater-than and less-than signs (< >) are required.
• Replace mail.domain.com with the FQDN or IP of the mail server. This is essential to get to the correct SMTP server.
• Replace test.domain.com with the Internet FQDN of the machine you are on if it exists, and otherwise, use test and the final domain name of the mail server you are trying to reach. This is how you are identifying yourself, as legitimately as available, to that mail server.
• Most SMTP servers, especially ESMTP servers, respond well to EHLO these days. A few still need the original, HELO.
• If it says OK at each step, the mail server has accepted what you have sent. Otherwise, it will give a short error, generally with a standard SMTP error code which you can look up.
• Choose the sender and the recipient carefully, according to what kind of test you are needing. For instance, if you are testing a simple mailbox, the FROM can be your own email address, and the TO can be a mailbox to which you have access, behind that mail server. Distribution lists and scan-to-email can indicate needed variations.

telnet mail.domain.com 25

220 mail.domain.com ESMTP

EHLO test.domain.com

250 test.domain.com

MAIL FROM: <sender@domain.com>

250 2.1.0 Sender OK

RCPT TO: <recipient@domain.com>

250 2.1.5 Ok

DATA

354 Enter mail, end with “.” on a line by itself

testing
testing
testing
.

250 2.0.0 Ok: queued as xxxxxxx

There are machines with (say) 16 gigabytes of RAM, where Task Manager shows 97% or more memory in use, but the numbers don’t add up even close to 16G. The first step is to get RAMMap:

learn.microsoft.com/en-us/sysinternals/downloads/rammap

and study the Use Counts tab list. There may be more than one cause, but the one I’m looking at, shows most of my RAM used by “Driver Locked”. Microsoft says updated drivers will fix it. Will continue this article when I have data. Current references:

learn.microsoft.com/en-us/answers/questions/128755/driver-locked

learn.microsoft.com/en-us/windows-hardware/test/assessments/windows-assessment-console

learn.microsoft.com/en-us/windows-hardware/get-started/adk-install

At least on this office LAN, this is helping. Not clear whether it helps everywhere and all.

In Regedit, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

You’ll notice several GUIDs. These are all of the network interfaces Windows knows about, virtual, Bluetooth, whatnot. You’ll want to try adding the below to any of them that you use.

TCPAckFrequency = 1

Technically this is called “disabling delayed ACK”. It seems to be helping me a lot for all accesses, including SMB, intranet, and Internet.

Interesting tool by an interesting community.

www.sysnative.com/forums/downloads/sfcfix/

And they have volunteers to help, with another interesting tool which does fixes as well:

www.sysnative.com/forums/threads/windows-update-forum-posting-instructions.4736/

This one works very well indeed. It does need a bit more technical intervention:

https://www.bcuninstaller.com

A customer had several of these errors being reported in Azure AD Connect. They were all users which had been converted to cloud-only. Several solutions are on Microsoft and related sites, none worked except this on the domain controller which has AAC:

1. Open administrative Powershell
2. To stop synchronization: set-adsyncscheduler -synccycleenabled $false
3. In the AAC Synchronization Service Manager, click Connectors
4. Right-click on the AD connector, click delete, choose “Deleted connector space only”, click OK
5. Do the same for the Azure connector
6. To restart synchronization: set-adsyncscheduler -synccycleenabled $true
7. In services.msc, restart “Microsoft Azure AD Sync”
8. Reinitialize sync: Start-ADSyncSyncCycle -PolicyType Initial

Here is how to add Send As permissions for a user, to a distribution list, in Powershell.

1. First, connect to the 365 tenant.

Install modules if needed:

Set-Executionpolicy Bypass -Scope Process 
Install-Module PowerShellGet -Force -AllowClobber
Install-Module ExchangeOnlineManagement -Force -AllowClobber

Connect to the tenant:

Connect-ExchangeOnline -UserPrincipalName adminuser@domain.com

2. Then make the setting:

Add-RecipientPermission -Identity distgroup@domain.com -Trustee user@domain.com -AccessRights SendAs

Here’s a search which got me to it, once logged into HPE.com.

You’ll also need a driver, which does not come with the SPP.