Getting Xbox Live Service to work with AT&T Fiber

The first thing you have to do is log on to your AT&T device. In my case, it's a BGW320-500. The default address will be 192.168.1.254. Open a browser and navigate to that address, once the page opens, select the Firewall option.

After clicking on Firewall, you will be presented with another set of options. From those, select NAT/Gaming. 

After clicking on NAT/Gaming, you will be prompted to enter a Device Access Code. This can be found on the back of your device. 

When you get to the NAT/Gaming section, you will see a button at the bottom called Custom Services under the Manage Custom Services section. It's here where you will have to enter some TCP and UDP ports required by Microsoft Xbox Live services.

Under the Service Entry section, you will fill out all the ports that you need to get the service working as intended. Under Service Name, you can put anything you want, I chose to type Xbox Live followed by the port number. Since there are no port ranges, only individual ports, you will enter the port number on all fields under Global Port Range and under Base Host Port. Under Protocol, select the indicated selection. It will look something like the following picture:

You will enter all the ports listed under Microsoft's Xbox Live documentation. The complete list of ports is listed below. Click here to see MS Xbox Live port documentation. 

• Port 88 (UDP)
• Port 3074 (UDP and TCP)
• Port 53 (UDP and TCP)
• Port 80 (TCP)
• Port 500 (UDP)
• Port 3544 (UDP)
• Port 4500 (UDP)

When you enter all the ports, your list should look something like this:

After you're done entering the service list, click on the button at the bottom, Return to NAT/Gaming.

The next step will be to assign all those ports to your Xbox. Under Application Hosting Entry, select one of the ports/services that you configured from the drop down list under Service. The second selection will be under Needed by Device, this is where you will select your Xbox. This will give you all your connected devices, make sure you select the right one, then click the button right underneath that says Add. You will repeat this step for all the ports under Service that you previously configured.

When you are done adding all the services, your list should look something like this. Please note that all the ports/services were added to the same device, the Xbox.

Once all these steps have been completed, you can go ahead and power down the Xbox completely. Doing a restart of the device doesn't always work. In my case, I powered down the Xbox and unplugged it for a few seconds before plugging it back in and turning it back on. You should be able to connect to Xbox Live services and your NAT should be set to Open.

Please note that in my configuration I did not setup TCP/80 or TCP-UDP/53. These ports are used by web and DNS services and I don't want to take any chance in possibly affecting other devices in my network. I also did not need them to get the NAT status to Open under Xbox Networking.

Opening links with Microsoft Edge or Google Chrome

I recently had a request to setup certain website links to open with a specific browser. In this case, it was with both Microsoft Edge and Google Chrome. For most people, creating links is as simple as right clicking the location where you want your link, then selecting New > Shortcut. Depending on what your default browser is, the link will be opened by that browser. In many corporate environments, however, Internet Explorer is still the default browser. In these cases, as long as you have a modern browser installed, you can create a shortcut to have a link open with a specific browser.

Google Chrome

In the case of Chrome, you will have to create a shortcut that points to the executable, followed by a URL switch and finally the URL you want the browser to open. It will look something like this:

       "C:\Program Files\Google\Chrome\Application\chrome.exe" -url https://www.google.com
 

This path code assumes that Google Chrome is installed in its default location, otherwise adjust that to reflect your installation location.

Microsoft Edge

In a system that has Edge installed, then the path code just needs the Edge URI followed by the URL. It will look something like this:

       microsoft-edge:https://www.google.com
 

As you can see, the solution is a simpler one, as you do not have to worry about installation location. This is a system wide setting and you just have to add the URI as a prefix, followed by the address you want to point to.

The above screenshot shows an example of what a MS link configuration would look like.

Displaying serial number and model of Pure Storage array

The command listed below will display the model, serial number and part number of controller 0. You can substitute CT0 for CT1 to get the information on controller 1. 

       
       purehw list CT0 --spec
 

Server 2019 - Windows 10 Start Menu & Display Settings Not Working *FIXED*

Recently I was setting up a new Microsoft Windows 2019 Server image and as part of our onboarding process, we are required to patch and secure any new system. Seeing how Server 2019 is a new O/S in our environment, we didn't have any automation script to take care of all this. Part of the onboarding consists in either disabling services that are not needed or providing a justification for our baselines. As we were tackling this step, a user reported that the Start Menu wasn't working. I checked, under my profile I did not experience this issue. Another user who had logged in also did not have the same problem. 

I went ahead and started looking up and remembered that we had a similar issue with Windows 10, the fix was making sure a couple of services were running and then running the following command in Power Shell:

       
       Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
 

Unfortunately that did not resolve the issue for the user. It wasn't until I tested another server that I started experiencing the issue. The above fix did not work for our Server 2019 image. At this point I decided to get Microsoft involved. We tried different variations of the above fix, a lot of permissions and other things but one thing we noticed that was that the ShellExperienceHost service was not running under affected accounts. No rhyme or reason. We tried local users, other domain users and the issue was there with any new user. Some of the errors that were being logged were ID 69 with source AppModel-Runtime.

The errors would generate any time you left clicked the Start Menu or you attempted to launch Display Settings and they would mention ShellExperienceHost, Cortana or another app.

Below is an example of the error you would receive whenever you would try to launch the Display Settings.

After a lot of back and forth with Microsoft and doing my own testing, it turns out that I disabled a critical service that was the culprit for all these issues. Microsoft tech support did not have this documented anywhere according to the tech whom I worked with, thus me posting this in case someone else runs into a similar issue. The service in question is the Capability Access Manager Service (camsvc). The description for the service states that it handles Universal Windows Platform (UWP) application access and capability. Whatever the case, I'm glad this was resolved after all the troubleshooting we ended up doing. 

tl;dr - do not disable the camsvc (Capability Access Manager) service as it will break your start menu and other Windows 10/Server 2019 features. 

Pure Storage Testing SMTP & Settings

Recently some changes within our network came about and had to make some changes to the SMTP alerts for our Pure Storage arrays. Since it's typically one of those things that you set and forget, I didn't pay much attention until now. If you're trying to test your changes/settings, the command changed in PurityOS 5.3.7 from the documentation that I found. Earlier versions you only had to run the following command from an SSH prompt:

       
       purealert test email@address.com
 

The above code was for the older OS version, on the newer 5.3.7 code (5.3.3 in this case) you need to run the following command:

       
       purealert watcher test email@address.com
 

The purealert command will utilize the settings entered on Settings - System - Alert Routing. Optionally, you can leave out the email address on the command, it will send it to whatever is configured under Settings - System - Alert Watchers. In my case, I don't want to send it to the distribution list so I was entering my email in the above command so only I received those emails.

If I can make a suggestion for the Pure Storage team, please add a test button within the GUI! It seems rather unnecessary to have to open up an SSH session for something this trivial (if this change has been implemented in newer code, thank you!).

Updating HPE Servers with SPP & iSUT

In my recent attempt to automate and get a better handle of some of the HPE servers in our fleet, I tried to use the HP SUM function of the SPP server remotely. If you're trying to patch a VMware host, especially a Gen10, you will need to make sure you download and configure the iSUT component on those servers from HP. I'll link to the two sites that I used to get a better handle of the steps necessary to proceed with the updates.

1. The Sleepy Admins - HPE Gen10 SUM iSUT
2. PLJDesigns - How to install iSUT on HPE Gen10 VMware Servers

From my research, it appears that the new VMware images from HPE already come with iSUT preloaded so if using a recent image, this might not be a requirements. If you're looking for the download links, you can find them for vSphere 6.5 and vSphere 6.7 here:

1. VMware vSphere 6.5 - HPE Download Link
2. VMware vSphere 6.7 - HPE Download Link

Nov 23, 2020 Edit - Found the github page from HPE for the iLO RESTful interface that contains a ton of good information. https://hewlettpackard.github.io/python-redfish-utility/

sut –set mode=AutoDeploy
 

Comprehensive Windows Services Examples and Tutorial

It's not often that I have to script items due to the nature of our environment, but with an upcoming project, an opportunity (and some time) came up so I decided I would tackle one of the security aspects - disabling services. I'm a tad bit rusty and I need to research some of the newer services that didn't exist in the previous O/S versions, but what better way to automate some of these things, right? Without having to replicate any work or take unwarranted credit, I came accross this site that has plenty of examples of configuring manually, via command line and with PowerShell.

Windows 10 Forums: Start, Stop and Disable Services

Windows Services Features: Essential Tools For Windows Services

Windows Services Listings: Security Guidelines For System Services