Pacific Computer Wizards

The Issue

When Intrusion Prevention (IPS) is activated on Sophos UTM / Astaro gateways, WAN throughput speeds drop by approximately 50%. This happens because the Snort IPS engine is single-threaded per connection stream, bottlenecking the CPU on high-speed lines.

The Resolution

• Log into WebAdmin and go to Network Protection > Intrusion Prevention > Advanced.
• Modify the rule age parameters to drop signatures older than 12-24 months.
• Uncheck entire OS categories that do not apply to your local network (e.g., disable Linux or Solaris rules if you only run Windows Servers).
• Reducing the active rule count offloads the CPU overhead, restoring standard throughput speeds.

The Issue

When connecting Windows Server to a dual-controller SAN using iSCSI without Multipath I/O, the server sees identical storage volumes as separate, duplicate disks, leading to logical corruption.

The Resolution

• Open PowerShell as Administrator and run: Install-WindowsFeature -Name Multipath-IO
• Open the MPIO utility (mpiocpl.exe) from the start menu.
• Go to the Discover Multi-Paths tab.
• Check the box for Add support for iSCSI devices and click Add.
• Reboot the server. Reconnect the iSCSI target and configure the MPIO policy to "Round Robin".

The Issue

Transferring large files across an SMB network share or VPN fails randomly with error code 0x8007003b. This is typically a symptom of mismatched MTU sizes or aggressive hardware offloading interfering with LanmanWorkstation.

The Resolution

• Open PowerShell as Administrator.
• Disable Large Send Offload (LSO) on the network adapter by running: Disable-NetAdapterLso -Name "*" -IPv4
• If the issue persists, open the Registry Editor (regedit) and navigate to HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.
• Increase the SessTimeout and ExtendedSessTimeout DWORD values to extend connection tolerance.

Gmail and Google Docs web interfaces lack direct keyboard keys for standard en-dash and em-dash characters. To insert them efficiently:

• Google Docs automation: Go to Tools > Preferences > Substitutions. Enter -- in the "Replace" field, and paste an actual em-dash (—) into the "With" field.
• Windows ALT Codes: Hold ALT and type 0150 on the numpad for an en-dash (–), or 0151 for an em-dash (—).
• Mac Shortcuts: Press Option + Hyphen for an en-dash, or Option + Shift + Hyphen for an em-dash.

The Issue

Running Hyper-V on a laptop and binding an "External" virtual switch directly to the Wi-Fi adapter causes constant wireless dropouts and prevents the laptop from sleeping properly.

The Resolution

• Open the Hyper-V Virtual Switch Manager.
• Delete the External switch mapped to your Wi-Fi card.
• Create a new switch and set it strictly to Internal.
• Open Windows Network Connections, right-click your Wi-Fi adapter, go to Properties > Sharing, and enable Internet Connection Sharing (ICS), mapping it to the new Internal vSwitch.

To prevent your domain's outgoing mail from bouncing or hitting spam folders, use MXToolBox to verify your public DNS records are perfectly aligned:

• SPF (Sender Policy Framework): Ensure your TXT record lists all sending gateways. Example: v=spf1 include:_spf.google.com ~all
• DKIM: Ensure public cryptographic keys are properly pasted into your DNS host to sign outgoing envelopes.
• DMARC: Deploy a DMARC policy (v=DMARC1; p=quarantine;) to instruct receiving servers what to do if SPF or DKIM fails.

If automated API integrations or remote users are suddenly blocked from Salesforce, it is usually due to restrictive network security profiles.

• Log into Salesforce as an Administrator.
• Search for Network Access in the Quick Find box.
• Add your new corporate static IP addresses or API gateway IPs to the Trusted IP Ranges.
• Ensure external users append their Security Token to their password if connecting from outside these ranges.

The Issue

Clients drop Remote Desktop connections to unpatched host servers, showing a CredSSP encryption oracle remediation error. This was caused by the CVE-2018-0886 security patch.

The Resolution

• Run gpedit.msc on the connecting client machine.
• Navigate to: Computer Configuration > Administrative Templates > System > Credentials Delegation.
• Open Encryption Oracle Remediation.
• Enable the policy and set the Protection Level to Vulnerable. Apply the setting to regain emergency access, then fully run Windows Update on the target server.

When a print job corrupts and the print queue refuses to delete it, you must flush the system spooler directly via command line.

Run these commands in an Elevated Command Prompt:

net stop spooler
del /Q /F /S "%systemroot%\System32\spool\PRINTERS\*.*"
net start spooler

The Issue

Microsoft deprecated the public website hosting feature in SharePoint Online, rendering legacy public websites uneditable and eventually taking them offline.

The Resolution

• Migrate the front-end HTML/CSS assets to a modern static host like Cloudflare Pages, AWS S3, or GitHub Pages.
• Access your domain's public DNS records.
• Point the A Record and WWW CNAME to the new web host provider.
• Crucial: Leave your MX records pointing to yourdomain-com.mail.protection.outlook.com to ensure email delivery is not interrupted by the web migration.

The Issue

macOS backups get stuck on "Preparing backup..." when backing up to network drives due to stale state locks left over from sudden disconnections.

The Resolution

• Open Terminal and stop the stuck process: sudo tmutil stopbackup
• Mount the network backup drive via Finder.
• Open the .sparsebundle directory and find any file or folder ending in .inProgress. Delete it.
• Force a clean start: tmutil startbackup

To convert a standalone Server 2012 environment into a central identity hub:

• Open Server Manager and click Add Roles and Features.
• Check the box for Active Directory Domain Services and install.
• Once installed, click the yellow warning flag at the top of Server Manager and select Promote this server to a domain controller.
• Select Add a new forest, name your Root Domain (e.g., corp.local), set your DSRM password, and click Next through the prerequisite checks to install.

The Issue

Running apt-get update returns 404 Not Found errors because the Lucid Lynx distribution has reached End-Of-Life and its packages were moved off the main servers.

The Resolution

• Open your sources list: sudo nano /etc/apt/sources.list
• Find all references to us.archive.ubuntu.com and security.ubuntu.com.
• Replace those URLs entirely with http://old-releases.ubuntu.com/ubuntu/.
• Save the file and run sudo apt-get update to restore repository access.

On multi-GPU systems (like laptops with integrated graphics + dedicated Nvidia/AMD chips), you can force a specific app to use the high-performance GPU natively through the OS rather than relying on driver control panels.

• Open Windows Settings > System > Display.
• Scroll down and click Graphics settings.
• Select "Classic app" (or Desktop app), browse to the executable file of the software.
• Once added to the list, click the app, select Options, and choose High performance to bind it to the dedicated GPU.

Maintain central engineering folders for official Microsoft documentation to prevent configuration drift during deployments. Keep local copies of reference guides concerning Windows Server virtualization matrices, Azure landing zone structural setups, and security architecture baselines.