Windows unable to check for updates - says service not started (even though the service is started)

I've seen a few Windows 7 machines that have Windows Update problems where the machine says the service is not started even the service is started.  When this happens, the computer can no longer check for updates and it'll go indefinitely without checking for updates. The fix is to wipe out the update cache and then check for updates again.

The process as described here:

Stop the Windows Update process
Delete the content from c:\windows\softwaredistribution
Start the Windows Update process

Check for Updates.

I also recommend that you make sure the system is set to install updates for all Microsoft products as well.  To do that, open Internet Explorer and put microsoft.com in the Compatibility View sites.  Then go to http://update.microsoft.com/microsoftupdate in IE.   

Fix for CredSSP terminal server errors

As of May 2018, I'm seeing several instances of errors connecting to terminal servers due to CredSSP errors.  Microsoft released a fix that needs to be applied to both the client and the server.  If one is patched, the other needs to be patched.  If one is patched and the other is not, the connection will fail.

The download will vary based on the OS of the unpatched system.  Here's the link

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0886

Here's what the error looks like:

Storing Mac primary data storage folders within cloud storage folders

One of my favorite methods of backup is redirecting the primary data storage folders to a cloud service (like Dropbox or Google Drive).  On a Mac, the process is not intuitive.  Here's my process.

You need to perform the steps once for each folder you want to move.  So if you want to move three folders (desktop, documents, pictures), you'll need to perform the steps three times.  The steps involved two commends.

First, you move the data to the new location.  Then you create a symbolic link to the new location.  In the examples below are a series of commands for desktop, documents, pictures, music, and movies.  The commands with %username% and %Company% would be altered to match the real world situation.

iMac:~ username$ sudo mv ~/Documents "/Users/%username%/Dropbox (%Company%)/laptopdata/Documents"
iMac:~ username$ sudo rm -rf ~/Documents/
iMac:~ username$ ln -s "/Users/%username%/Dropbox (%Company%)/laptopdata/Documents" ~
iMac:~ username$ sudo mv ~/Desktop "/Users/%username%/Dropbox (%Company%)/laptopdata/Desktop"
iMac:~ username$ sudo rm -rf ~/Desktop/
iMac:~ username$ ln -s "/Users/%username%/Dropbox (%Company%)/laptopdata/Desktop" ~
iMac:~ username$ sudo mv ~/Movies "/Users/%username%/Dropbox (%Company%)/laptopdata/Movies"
iMac:~ username$ sudo rm -rf ~/Movies/

iMac:~ username$ ln -s "/Users/%username%/Dropbox (%Company%)/laptopdata/Movies" ~

iMac:~ username$ sudo mv ~/Pictures "/Users/%username%/Dropbox (%Company%)/laptopdata/Pictures"
iMac:~ username$ sudo rm -rf ~/Pictures/

iMac:~ username$ ln -s "/Users/%username%/Dropbox (%Company%)/laptopdata/Pictures" ~

iMac:~ username$ sudo mv ~/Music "/Users/%username%/Dropbox (%Company%)/laptopdata/Music"
iMac:~ username$ sudo rm -rf ~/Music/

iMac:~ username$ ln -s "/Users/%username%/Dropbox (%Company%)/laptopdata/Music" ~

IPS error initiated by Fortigate firewall

In this case, we had a user who had no internet access and got this screen when web browsing.

We found that the Fortigate 60D we had was causing this.  The cause seems to have been multiple invalid DNS lookups.  We didn't find any error logs that suggested that problem, but this is what this IPS block is typically caused by.  In the end, we fixed this by changing the user's LAN IP address, but we also could have seen the blocked IP addresses via these commands from the CLI:

OS 5.0:
get user ban list

OS 5.2
diagnose firewall ip_host list

To delete an entry, you'd enter this command:
diagnose firewall ip_host delete src4/src6

Exmaple:
diagnose firewall ip_host delete src4 10.10.10.21

The information from this page came from here:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36211

Ruckus daemon.err wsgclient errors every 5 seconds in the logs (firmware 104.0.0.0.1347)

I'm running a Ruckus R600, and I was getting errors every 5 seconds in the logs that looked like this:

---
Oct  4 13:37:15 RuckusAP daemon.err wsgclient[528]: communicatorInit:364 Init connection failed, ret:124, connectRetry:86990

Oct  4 13:37:15 RuckusAP daemon.err wsgclient[528]: registration:594 Failed to init socket! ret:124 url:https://RuckusController/wsg/ap

Oct  4 13:37:20 RuckusAP daemon.err wsgclient[528]: crResloveAddrInfo:152 getaddrinfo failed, ret:-2/Name or service not known

Oct  4 13:37:20 RuckusAP daemon.err wsgclient[528]: cmrInit:138 Call 'crDefSocketInit()' failed, ip: port:443, ret:124/CR initial socket failed


---

I worked with Ruckus support and found that the Ruckus was reaching out to a cloud server that it was not registered with and receiving these errors.  Ruckus said that these errors were normal and not a problem.  They walked me through the fix.  You fix it by SSLing to the Ruckus (I use Putty for this) and then log in and run these commands (the commands I'm typing are in bold):

Please login: super
password :
Copyright(C) 2016 Ruckus Wireless, Inc. All Rights Reserved.

** Ruckus R600 Multimedia Hotzone Wireless AP: 971603500291

rkscli: set scg disable
OK
rkscli: set discovery-agent
Commands starting with 'set discovery-agent' :
set discovery-agent : set controller discovery agent {options}
                 -> disable/enable
                 -- Configure Controller Discovery Agent Info

rkscli: set discovery-agent disable
OK

Submitting phishing and spam emails to Office365 for analysis

I found this link for how you can forward emails that are spam or phishing that are not caught by the Office365 junk filter for further analysis:

https://technet.microsoft.com/en-us/library/jj200769%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

Remove HP Client Security for Windows 7 to Windows 10 upgradres

I was doing a Windows 7 to Windows 10 upgrade the other day on an HP EliteBook 840 and after a series of failures (error code 0xc1900208 - the eventual solution was to remove HP Client Security.  It's an incompatible app.