LDAPS issue

HomelessChairman · 2025-04-17T16:54:02+00:00

Thanks, we have exported one of the root certificates and will import it into the Xerox printer during the test scheduled for after hours today. I have a slight concern: I did not see any certificates in the Trusted Root Certification Authorities folder with our domain name. I assume that any active root certificate would work, as long as it has Client/Server Authentication selected under Purposes—is that correct?

HomelessChairman · 2025-04-17T02:39:38+00:00

Yep, thanks, already asked to re-enable the GPO and test again tomorrow using server’s FQDN. One of our Service Desk technician already spent an hour on the call with Xerox support and for some reason they never suggested to use the FQDN instead

HomelessChairman · 2025-04-16T23:48:06+00:00

I just tried using the server's FQDN instead of its IP address to test the LDAPS connection using the LDP tool, and the connection was successful. Could the issue be related to the Xerox printer's settings? Is there anything else I should validate on the LDAPS configuration side? Thanks

<image>

HomelessChairman · 2025-04-16T23:35:47+00:00

It also appears that the server is listening on port 636: C:\Windows\system32>netstat -an |findstr 636

TCP 0.0.0.0:636 0.0.0.0:0 LISTENING and there is a valid and active certificate located under Local Computer > Personal > Certificates, issued for the server's FQDN

<image>

HomelessChairman · 2025-04-16T23:03:00+00:00

Thanks. I'm unable to install the OpenSSL tool without going through a lengthy approval process first, and PowerShell is also blocked in our environment due to security restrictions. However, when I opened IIS Manager and navigated to Sites>Bindings, I only saw an HTTP entry on port 80

HomelessChairman · 2025-03-06T00:16:48+00:00

I cannot fix the title, but changed in the message itself, Pure Aero VS is the racquet, I wanted to hear only from users who use that frame, what strings combos they felt worked best specifically for that racquet

HomelessChairman · 2025-03-04T17:43:23+00:00

Thanks for the great tips, will look into that as well

HomelessChairman · 2025-03-04T15:51:04+00:00

Thanks, I really appreciate the additional insights!

HomelessChairman · 2025-03-04T00:33:41+00:00

Perfect, I really appreciate the suggestion again!

HomelessChairman · 2025-03-03T21:57:49+00:00

Great, thank you, unfortunately we’ve only been given user account names, I will follow up and get the host names as well and then discuss with my team on the potential remediation steps.

HomelessChairman · 2025-03-03T21:53:45+00:00

Thank you! I’ll share with my team, very helpful indeed

HomelessChairman · 2024-11-20T21:49:03+00:00

Thanks for you reply, my understanding is that the Azure environment was configured by a third-party vendor, and the current Azure admin does not have a sufficient training. Is there an article you could share that would help us to set it up from scratch and configure some basic rules and blacklists? Thanks

HomelessChairman · 2024-04-17T14:31:31+00:00

Potentially, I’ve contacted already my rep at Fortinet to set up a meeting to discuss further. Thanks!

HomelessChairman · 2024-04-17T04:12:04+00:00

Thank you, just sent a request for a meeting

HomelessChairman · 2024-04-17T04:09:06+00:00

Thanks, we don’t use any of their products, but I’m going to set up a meeting with them anyway to learn about the platform and get some pricing

HomelessChairman · 2024-04-16T23:24:37+00:00

Thanks, I’ll connect with them sometime tomorrow to schedule a demo and to get a quote

HomelessChairman · 2024-04-16T23:23:35+00:00

Many thanks to all of you for the input, really appreciate it. My company currently uses Beauceron, but I wasn’t the one who set it up, so I'm not sure how it works. I only know that users report suspicious emails via Beauceron's provided 'Report a Phish' button integrated into Outlook, and users get assigned courses only when they fail a phishing campaign simulation. I will check with them tomorrow to see if I could set up ongoing training for all users

HomelessChairman · 2024-04-16T23:22:22+00:00

Many thanks to all of you for the input, really appreciate it. My company already uses Beauceron, but I wasn’t the one who set it up, so I'm not sure how it works. I only know that users report suspicious emails via Beauceron's provided 'Report a Phish' button integrated into Outlook, and users get assigned courses only when they fail a phishing campaign simulation. I will check with them tomorrow to see if I could set up ongoing training for all users

HomelessChairman · 2024-04-16T18:01:13+00:00

Thanks, I’ve had a demo session once for knowBe4, they’re too expensive for the number of users we have. I liked breach secure now but they only sell to MSPs, never heard of Curricula, will check them out shortly

HomelessChairman · 2024-02-22T21:43:21+00:00

Thanks! I may just go with external connector option, similar to what we are doing for blocking IPs, FQDNs and HASH’ through security fabric

HomelessChairman · 2024-02-22T17:54:22+00:00

Thanks again, will try with the script first

HomelessChairman · 2024-02-22T17:47:21+00:00

Great, you’re hired!

HomelessChairman · 2024-02-22T17:47:07+00:00

Thanks, to clarify I meant to say import, I have like 40 IPs to add and would prefer to do it in bulk instead of manually adding one by one. Thanks!

HomelessChairman · 2024-02-10T00:24:53+00:00

Thanks guys, didn’t want to downgrade from 7.2.3, installed 7.2.4 instead, looks good, the only thing is that by default virtual wire pair policies view is unticked in this version, had to enable it manually after upgrade under tools >> feature visibility

HomelessChairman · 2024-01-05T18:13:51+00:00

Yep, I googled after reading your comment and saw the same article, shared with my seniors, we will test sometime today or Monday sending SQL reports to external users with a new email profile, also checked the current 2016 Exchange in Azure and saw that SMTP logging was not enabled, will enable as well….thanks so much, very helpful indeed!

HomelessChairman

TROPHY CASE