WINDOWS2019 執行windows update離線安裝檔無反應

 在WINDOWS2019下載windows 的更新檔要進行安裝，但執行後都沒任何反應，或是要等很久才會跳出smart screnn的警告視窗。

這是因為系統設定中，有做安全性控管，設成警告。

只要先把它調成關閉，重新登入一次系統，這時後在點選安裝，視窗就會正常跳出，讓我們點進下一步進行安裝。

When attempting to install Windows updates on Windows Server 2019, nothing happens after execution, or it takes a long time before the SmartScreen warning window appears.

This is due to a security control setting in the system, which is currently set to "Warn."

Simply change the setting to "Off" and log in to the system again. After that, when you click the installer, the window will appear normally, allowing you to proceed with the installation.

excel 沒有任何頁籤

 有一份excel編輯到一半時當掉了，重開啟啟後，裡面完全沒任何東西，沒任何頁籤。

所以就用修復的方式再開啟一次，但還是沒效，想說沒救了。

結果就查了一下excel沒有任何頁籤，沒想到還真的有這個設定，去檢視裡面，取消隱藏頁籤，檔案裡的資料就全部出現，恢復正常了。

ad帳號鎖定查修

 偶爾都會遇到ad帳號一直被鎖的問題，就要去查明原因，下面就列出清查的方式。

事情準備 : dc主機上相關log功能一定要開。

1. 在gpo->domain controllers policy裡，要啟用下列三個稽核功能，這樣在事件檢視器裡的安全性事件裡，才能找到登入失敗的相關訊息。

2. 在gpo->domain controllers policy裡，NTLM的稽核也要開啟，這樣在事件檢視器裡的NTLM裡面，才能找到更準確的登入失敗訊息。

3. 要設定帳號鎖定的log產生時，發信通知相關人員，這樣才會知道是否有某帳號一直被鎖定的異狀發生。

清查流程 : 當發現某帳號一直被鎖定時

1. 先查安全性事件，找4625，4771，4776，如果能在這裡面找到來源的ip，那就趕快找到該電腦做處理。

2. 如果在安全性事件裡的log，找不到來源電腦，就要去NTLM的log裡，那邊也會顯示來源電腦。

最近遇到比較特別的狀況是a網域的帳號被鎖定，但從NTLM的log查到的安全通道名稱，是另一個信任網域b的dc主機，但上面顯示的工作站名稱，在b網域裡都查不到，而且會變來變去。

這時後就再去b網域的dc主機上，查詢NTLM log。結果log裡安全通道名稱，是顯示一台網域內的電腦。

後來發現是這台電腦有開放對外服務，有一些來自外部的異常連線，關閉服務後，帳號被鎖定的問題就解除了。

We occasionally encounter issues where an AD account keeps getting locked, and we need to investigate the cause. Below are the steps for troubleshooting.

Preparation:
Make sure the relevant logging features are enabled on the domain controller (DC).

1. In GPO -> Domain Controllers Policy, enable the following three audit policies. This will allow you to find failed login information under the Security events in Event Viewer.

2. Also in GPO -> Domain Controllers Policy, enable NTLM auditing. This helps you locate more accurate failed login details under the NTLM section in Event Viewer.

3. Configure alerts to notify relevant personnel via email when an account lockout log is generated. This ensures you're aware when an account is repeatedly getting locked.

---

Troubleshooting Process:
When you discover that a certain account keeps getting locked:

1. First, check the Security event logs for event IDs 4625, 4771, and 4776. If you can find the source IP there, locate the corresponding computer and take action.

2. If the source computer cannot be identified in the Security logs, check the NTLM logs. These also show the source machine involved in the failed login.

---

A recent unusual case:
An account from domain A was being locked, but the NTLM log showed that the secure channel name was a domain controller from trusted domain B. However, the workstation name shown could not be found in domain B and kept changing.

In this case, we checked the NTLM logs on the domain controller in domain B. The secure channel name in the logs pointed to a computer within the domain.

We later found that this computer was running a public-facing service, and there were some abnormal external connection attempts. After shutting down the service, the account lockout issue was resolved.

m365 office 在哪些設備啟用

 如果要查詢m365 office 帳號在哪一台設備啟用了，就要先進到Microsoft 365 admin center。

在"作用中的使用者"，點選該帳號，左邊會出現相關資訊，在最下面就有一個"檢視 ‎Microsoft 365‎ 啟用"。

裡面就會顯示在哪些裝置上啟用了這個帳號。

Next Terminal 遠端電腦鍵盤問題

 利用Next Terminal， 遠端連線到其他台windows電腦時，按某些鍵時，並不會出現正確的字，會變成其他快捷鍵功能。譬如說按下t，會跳出檔案總管之類的。

這時後就是把那台windows重開機，就會正常了。

WIN7無法使用FORTI SSLVPN -5029

 最近Fortigate 升級firmware後，某些win7在使用sslvpn連線都會出現 mismatch in the TLS version的錯誤。

有到網際網路選項裡，確確TLS裡面的選項 都有打勾了，還是連不到。

後來才發現是win7的有一些windows update沒安裝造成的。但不確定是哪一支更新，因為沒有一支一支測試，就是全部都裝上，就沒問題了。

After upgrading the Fortigate firmware, we observed that some Windows 7 systems encountered a "mismatch in the TLS version" error when attempting to connect via SSL VPN.

We verified that all TLS-related options were enabled under Internet Options, but the issue persisted.
Upon further investigation, we discovered that the problem was caused by missing Windows Updates on the affected Windows 7 machines.
However, we were unable to determine exactly which specific update resolved the issue, as we did not test each update individually. Instead, after applying all pending Windows Updates, the SSL VPN connection was successfully established.

PYTHON發訊息到telegram

 照著下列這編要做PYTHON發訊息到telegram(https://vocus.cc/article/67ca97aefd8978000187e654)，

結果出訊錯誤訊自 "{'ok': False, 'error_code': 400, 'description': 'Bad Request: chat not found'}"

原來是你要先在telegram搜尋到自己剛建立的bot，傳個訊息給它，才可以用python發訊息給它。

COMMVAULT備份工作失敗-錯誤碼： [32:399]

主機在意外當機後，有一個備份工作一直無法正常運作，會出現下列錯誤

錯誤碼： [32:399] 描述： Deduplication Database (DDB) access path [D:\xxx_dedup]

 on MediaAgent [commvault] is offline for Storage Policy Copy [VMBackup_Policy / xxx ]. 

Offline Reason: The active DDB of current storage policy copy is not available to use. 請啟動重複數據刪除DB重建作業。

查了一下原廠網站說明，我們就是因為ddb程序意外中斷的關係造成這個問題。

對照下面的解決方法，我們必預要手動執行復原 Deduplication Database的工作 。

方法就是從"儲存資源"->"DeDup引擎"，找到執行失敗的策略，去"所有工作"，裡面有個"復原存放區"，執行這個工作。

HP ESXI 6.5 升級7.0 U3

原本的ESXI是HP專用6.5版，為了安裝比較新的win server os，要升級ESXI。

目前ESXI已無免費版，所以是去HP的官網下載裡面最新版本的ESXI(https://support.broadcom.com/c/portal/login?formDate=1742174666301&saveLastPath=false&redirect=%2Fgroup%2Fecx%2Fproductfiles%3FsubFamily%3DVMware%2520vSphere%26displayGroup%3DVMware%2520vSphere%2520-%2520Enterprise%2520Plus%26release%3D7.0%26os%3D%26servicePk%3D202621%26language%3DEN&idpEntityId=https%3A%2F%2Faccess.broadcom.com%2Fdefault)

升級方式

1.先把iso做成開機usb，插上server。

2.server重開機，讀取usb。

3.在安裝選項的地方，選擇升級esxi。

4.安裝完成重開機。

時間很快，不到15分鐘就好了，但有一個地方要注意的事，升級後，之前使用的6.5免費版授權序號就不能用了，登入esxi web console時，就會提示目前是60天試用版。

這時只要在輸入7.0免費版的esxi序號啟動就行了，這個序號沒有分是不是用在某一廠牌伺服器專用的esxi，只要是7.0都通用。

The original ESXi was an HP-specific version of 6.5. To install a newer Windows Server OS vm, an ESXi upgrade is required.

Since ESXi no longer offers a free version, the latest version was downloaded from HP’s official website:
HP ESXi Download.

Upgrade Process:

1. Create a bootable USB from the ISO and plug it into the server.
2. Reboot the server and boot from the USB.
3. In the installation options, select "Upgrade ESXi."
4. After installation, reboot the server.

The upgrade is fast, taking less than 15 minutes. However, one important thing to note is that after upgrading, the previous ESXi 6.5 free license will no longer work. When logging into the ESXi web console, it will indicate that the current version is a 60-day trial.

To resolve this, simply enter a free ESXi 7.0 license key to activate it. This key is not brand-specific and works for any ESXi 7.0 installation.

Covered Call賠賠賠

用週選做covered call，遇到這種一直殺的盤，沒適時停損，愈賠愈多，最後受不了，心態扛不住昨晚才停損，停損後就往上噴了.....

前幾個月賺的都沒了還倒賠，做期權，紀律真的太重要了。