SfB 2019 Server Security Update – October 2023

This Security update for SfBS 2019 is build 7.0.2046.530, up from July’s 7.0.2046.524. It updated two components on my Standard Edition Front-End.

What’s Fixed?

KB5032429 Description of the security update for Skype for Business Server: October 10, 2023

This security update resolves vulnerabilities in Microsoft Skype for Business Server. To learn more about these vulnerabilities, see the following security advisories:

What’s New?

Nothing noted. No cmdlets have been added to the SfB module in this update.

What’s Changed?

Nothing noted.

Continue reading ‘SfB 2019 Server Security Update – October 2023’ »

SfB 2015 Server Security Update – October 2023

This security update for SfBS 2015 is build 6.0.9319.869, up from August’s 6.0.9319.853. It updated two components on my Standard Edition Front-End.

What’s Fixed?

KB5032429 Description of the security update for Skype for Business Server: October 10, 2023

This security update resolves vulnerabilities in Microsoft Skype for Business Server. To learn more about these vulnerabilities, see the following security advisories:

What’s New?

Nothing noted. No cmdlets have been added to the SfB module in this update.

What’s Changed?

Nothing noted.

Continue reading ‘SfB 2015 Server Security Update – October 2023’ »

SfB 2015 Server Update August 2023

In June we saw an update for SfBS 2019 that added the new “Emergency Mitigation Service”, and now it’s 2015’s turn. This is build 6.0.9319.853, up from last December’s 6.0.9319.842. As expected, it’s only updating two components on my Standard Edition Front-End and delivers only one fix.

What’s Fixed?

  • 5030764 Emergency Mitigation Service for Skype for Business Server

What’s New?

This article announces the arrival of the Emergency Mitigation Service, with some companion commandlets.

Microsoft takes security very seriously and we continue to work hard to protect your systems and data from cyber threats and to comply with evolving regulations. In line with this, we have introduced the Skype for Business Server Emergency Mitigation Service to help protect your servers from potential threats. This service provides a temporary and interim mitigation until you can install an update that fixes the vulnerability.

Continue reading ‘SfB 2015 Server Update August 2023’ »

SfB 2019 Server Update July 2023

Hot on the heels of last month’s update to 7.0.2046.521 comes another.

Today we see build 7.0.2046.524, which updated three components on my Standard Edition Front-End.

What’s Fixed?

All three components updated contain the same fix:

  • 5030100 Disable Legacy Control Panel (CSCP)

What’s New?

The above fixes support the replacement of the old “CSCP”, the Communication Server Control Panel – a name that goes back to before Lync was Lync – with the Modern Admin Control Panel (MACP).

The story is documented in the article Disable Legacy Control Panel (CSCP).

After you run the PowerShell script included in the above article, launching the old CSCP instead pops a browser and the MACP.

The script includes an uninstall option if you want to revert.

Any new Commandlets?

Nope.

What’s Changed?

Nothing (else) noted.

Continue reading ‘SfB 2019 Server Update July 2023’ »

Get-EnphaseProduction-v7.py

Enphase has caused an ongoing kerfuffle by changing the authorisation mechanism of their Envoy solar controllers, usually without notice, by virtue of a firmware update.

Where previously you could login to your Enphase solar setup with basic username and password authorisation, now you need to provide an authorisation token created by the Enphase website.

We fell foul of the same update and have lost some data, but here I present the updated version of the script.

If you’re still running v5, this script is the one you need. To determine your own Envoy version, login to the Enlighten website, click the hamburger then System / Devices / Gateway.

Additional Pre-Requisites

The pre-requisites for this script are the same as for v5, but with some extras:

  • You need to provide the script with your (Enphase/Enlighten) username, password, and the serial number of your Envoy.
  • Your Envoy now needs access to the Internet (so it can request the token as required). The tokens are “long-lived”, and could last a year, so if you’re concerned by the open internet access you can allow it for the setup, then block it until it stops working and requires another token. (The script automatically attempts to update the token if the one it’s been using dies.)

Download and install the Script

You’ll find the script Get-EnphaseProduction-v7.py on Github.

Setup

The PRTG side of things is unchanged from the v5 version here.

Where the v5 version had your *local* credentials baked into the script, now it requires your *online* cred’s, as outlined above. Don’t forget to edit the script with these details before proceeding. You’ll find them at around line 30.

Revision History

26th July 2023. This is the initial publication.
 
– Greig.

Get-EnphaseData-v7.py

Enphase has caused an ongoing kerfuffle by changing the authorisation mechanism of their Envoy solar controllers, usually without notice, by virtue of a firmware update.

Where previously you could login to your Enphase solar setup with basic username and password authorisation, now you need to provide an authorisation token created by the Enphase website.

We fell foul of the same update and have lost some data, but here I present the updated version of the script.

If you’re still running v5, this script is the one you need. To determine your own Envoy version, login to the Enlighten website, click the hamburger then System / Devices / Gateway.

Additional Pre-Requisites

The pre-requisites for this script are the same as for v5, but with some extras:

  • You need to provide the script with your (Enphase/Enlighten) username, password, and the serial number of your Envoy.
  • Your Envoy now needs access to the Internet (so it can request the token as required). The tokens are “long-lived”, and could last a year, so if you’re concerned by the open internet access you can allow it for the setup, then block it until it stops working and requires another token. (The script automatically attempts to update the token if the one it’s been using dies.)

Download and install the Script

You’ll find the script Get-EnphaseData-v7.py on Github.

Setup

The PRTG side of things is unchanged from the v5 version here.

Where the v5 version had your *local* credentials baked into the script, now it requires your *online* cred’s, as outlined above. Don’t forget to edit the script with these details before proceeding. You’ll find them at around line 30.

Revision History

25th July 2023. This is the initial publication.
 
– Greig.

SfB 2019 Server Update – June 2023

It’s been a while since we’ve seen an update to Skype for Business Server 2019, October’s 7.0.2046.409.

Today we see build 7.0.2046.521, which updated six components on my Standard Edition Front-End.

What’s Fixed?

“KB” numbers seem to have gone the way of the dodo…

What’s New?

This article announces the arrival of the Emergency Mitigation Service, with some companion commandlets.

Microsoft takes security very seriously and we continue to work hard to protect your systems and data from cyber threats and to comply with evolving regulations. In line with this, we have introduced the Skype for Business Server Emergency Mitigation Service to help protect your servers from potential threats. This service provides a temporary and interim mitigation until you can install an update that fixes the vulnerability.

Continue reading ‘SfB 2019 Server Update – June 2023’ »

Another chapter ends…

I returned these number plates to the motor registry recently, in preparation for our new car’s arrival.

I found it quite poignant that the introduction of Exchange 2007 Unified Messaging (EX-07-UM) marked the beginning of the Microsoft chapter of my career, and now that I’ve retired, I’m also retiring the plates that accompanied me throughout.

Continue reading ‘Another chapter ends…’ »

Packet sniffing your UniFi Access Points

We had a new Widget arrive in the house recently, and it required a connection to the Wi-Fi network. It was duly connected to the untrusted ‘IoT’ network, where it’s denied Internet access by default. It WASN’T happy.

The supplier assured me it *didn’t* require Internet access, so I set about finding out what was going on, and Wireshark was going to figure into that equation.

A brief web search revealed that the Ubiquiti UniFi Access Points have “tcpdump” installed, and in conjunction with PowerShell and WinSCP I had my answers. Here’s how I did it.

Continue reading ‘Packet sniffing your UniFi Access Points’ »