How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of you who are not aware what is EMBG (Unique Master Citizen Number), please check Unique Master Citizen Number . Long story short, it's a composition of 13 digits, where first 7 digits are representing date in format ddMMyyy, and for the rest of the digits please check the wiki link. The yyy are the last 3 digits of year. The last digit from the 13-digit composition is checksum number, and should be checked outside of regex checking. The following regex should be validating EMBG (Unique Master Citizen Number) for Macedonia, but can be modified to check Unique Master Citizen Number for the rest of exYu countries (except Croatia, which seems that has changed the format according to the wiki article). The regex is validating 20th and 21th century year. Also, it's aware of leap year, and validating 2902 in ddMM input, if applicable.
Here is the regex :

^(?:(?:(?:0[1-9]|1\d|2[0-8])(?:0[1-9]|1[0-2])|(?:29|30)(?:0[13-9]|1[0-2])|31(?:0[13578]|1[02]))[09]\d{2}|2902[09](?:[02468][048]|[13579][26]))4[1-9]\d{4}$

 

And the diagram for the syntax is following:


Here are some tests using powershell:


The usage of this regex can be various, starting from beginner code input testing, to some exchange transport rule or data loss prevention rules. 

Feel free to test, and have some fun.



Checking Cisco WSA For New Updates Availablity

In this post I will share my PowerShell code for querying the availability of new updates for Cisco WSA (Web Security Virtual Appliance). Unfortunately, Cisco has not created API for this product for querying the status, so I've created script with web requests that basically simulate user's interaction for accessing the web page with updates status info, that looks like this :

The column of interest is "New Update".

I will break the code in several sections for easy reading. So, here is the first part, where I'm ignoring the web certificate provided by the Cisco WSA :

add-type -TypeDefinition  @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
    }
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

In the next part, I'm collecting the proper credential for checking the updates status, and passing them to the Cisco WSA. In the web request, I'm creating the session variable ses, and collecting the CSRF token and storing it into $csrf variable.

$credential = get-credential -username user -Message "Type Credential"
$Req = Invoke-WebRequest 'https://cisco.wsa.url/login' ` -UseBasicParsing -SessionVariable ses
if (-not $? -or $Req.Content -notmatch '<.+csrf.+value=\"(.+)\"') {
                         return
                       }
$Csrf = $Matches[1]

Creating the body for the request, and sending to the login form of Cisco WSA:

$Body = @username = "$($credential.username)"; ` password = "$($Credential.GetNetworkCredential().password)"; ` action = "Login"CSRFKey = "$Csrf"}
$loginp = Invoke-WebRequest -Uri ("https://cisco.wsa.url/login") `  -Method POST -Body $body -WebSession $ses ` -ContentType "application/x-www-form-urlencoded"

After successful login in, I'm making web request to the URL that contains the update info. The content received, I'm converting it from JSON:

$status = Invoke-WebRequest ` -uri ("https://cisco.wsa.url/security_services/url_filters/anti_malware") ` -websession $ses  

if (-not $? -or $status.Content -notmatch '\"https.*GetAvailabilityStatus.*\"') {
  return
}

$UpdateURL = $Matches[0].Replace('"',"")

$updates = Invoke-WebRequest -uri ($UpdateURL-websession $ses

$updates.Content | ConvertFrom-Json

And the output looks like :

Cisco DVS Object Type Rules                                          : Not Available
Cisco DVS Engine                                                     : Not Available
Cisco DVS Malware User Agent Rules                                   : Not Available
Cisco Web Usage Controls - Application Visibility and Control Data   : Not Available
Cisco URL Categories Database                                        : Not Available
Cisco Web Usage Controls - Web Categorization Categories List        : Not Available
Cisco URL Categories Database Incremental Updates                    : Not Available
McAfee Engine Definition                                             : Not Available
L4 Traffic Monitor Anti-Malware Rules                                : Not Available
Web Reputation Rules                                                 : Not Available
Sophos IDE                                                           : Not Available
Web Reputation IP Filters                                            : Not Available
Webroot Anti-Malware Engine                                          : Not Available
Advanced Malware Protection - Engine Definition                      : Not Available
McAfee DATs                                                          : Not Available
Cisco URL Filtering Engine                                           : Not Available
Cisco Web Usage Controls - Dynamic Content Analysis Engine Data      : Not Available
Cisco Web Usage Controls - Web Categorization Engine                 : Not Available
Cisco Web Usage Controls - Application Visibility and Control Engine : Not Available
Cisco Certificate Blacklist                                          : Not Available
Web Reputation Engine                                                : Not Available
Cisco Internal Certificates - Advanced Malware Protection            : Not Available
Time zone rules                                                      : Not Available
Webroot Malware Categories DATs                                      : Not Available
McAfee Anti-Malware Engine                                           : Not Available
Cisco Trusted Root Certificate Bundle                                : Not Available
Webroot Engine Definition                                            : Not Available
Sophos Engine                                                        : Not Available
Advanced Malware Protection - Cloud Configuration and Settings       : Not Available
Cisco Web Usage Controls - Web Categorization URL Keyword Filters    : Not Available
Cisco Web Usage Controls - Web Categorization Prefix Filters         : Not Available
Web Reputation Prefix Filters                                        : Not Available
Cisco Web Usage Controls - Dynamic Content Analysis Engine           : Not Available


I hope you will find this code useful. It can be used in different scenarios when there are no APIs (like this one for example), and you will like to automate some manual tasks.

Happy codding !

Send Your NAME to MARS (free of charge)

Thanks to NASA, you can send your name to Mars. My name will land on Jezero Crater, and will fly with Atlas V-541 on July 2020. Here is my boarding pass :


Hurry up, apply on https://mars.nasa.gov/participate/send-your-name/mars2020/ and send your name to mars. Few seats left :)

A Room or Room List disappears from Outook Scheduling Assistant

This case is really cool, and on a first look it looks like there is some magic involved. Help desk support engineer has escalated a situation with a "problematic" user mailbox and outlook. Whenever this user has been scheduled a meeting in a room or room list, the scheduled room(s) automatically disappears from the scheduling assistant list in a few seconds. It sounds like magic, and I've checked with my outlook, and I couldn't believe my eyes how room(s) disappears automatically in a few seconds when this users was scheduled a meeting and meeting room(s).
So, I've started digging the properties of this users mailbox and bumped on following invalid configuration :


WorkingHoursStartTime and WorkingHoursEndTime were having invalid time set. Changing these values to correct time settings can be done using the Set-MailboxCalendarConfiguration. For example:
Set-MailboxCalendarConfiguration - identity "affected user" -WorkingHoursStartTime 08:00:00
Set-MailboxCalendarConfiguration -Identity "affected user" -WorkingHoursEndTime 17:00:00
After changing these values to regular working hours, the magical disappearance of the meeting room(s) has ended when this user was also scheduled.

There is also published support article from Microsoft about this phenomenon on https://support.microsoft.com/en-ca/help/2852702/a-room-or-room-list-disappears-in-scheduling-assistant . It's stated that Exchange online is affected, but in my case I have experienced with Exchange on premise.

Happy Scheduling :)

VMM Service Crashes Repeatedly

In this case sysadmins were patching with latest firmware and drivers one of the Hyper V cluster hosts, due to unexpected server reboots. HPE support has recommended patching the server DL 380 Gen8 with latest firmware and drivers. So, latest PSP from HPE has been downloaded, and drivers and firmwares were installed.
Few hours later, after the installation of updated drivers and firmwares on the Hyper V host, VMM console of the VMM server which was managing the host has become unavailable. Also, System Center Virtual Machine Manager service on VMM server was terminating unexpectedly and event id 7034 was logged in system event log with information:
The System Center Virtual Machine Manager service terminated unexpectedly.  It has done this 3 time(s).
Since, the event doesn't say much about why the service was crushing, VMM debug logging has to be enabled using the following article https://support.microsoft.com/en-us/help/2913445/how-to-enable-debug-logging-in-virtual-machine-manager .
After enabling debug logging, the log was showing that error was generated whenever VMM was trying to reach the affected Hyper V server using WinRM and querying the WMI, for example (content truncated):
[Microsoft-VirtualMachineManager-Debug]4,4,WsmanAPIWrapper.cs,1913,WinRM: URL: [http:\\affected.hyperv.host]… 
[Microsoft-VirtualMachineManager-Debug]4,1,WsmanAPIWrapper.cs,3148,Retrieving underlying WMI error to throw. Got string ...
So, going back to the "updated" server and checking the update log, I've found that HPE Insight Management WBEM Providers were updated, and checked the following HPE article https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00053606en_us .
If Hyper-V is installed before Downgrade/Upgrade/fresh installation of HPE WBEM Providers, run the following steps after installing HPE WBEM Providers:
  • net stop vmms
  • mofcomp %SYSTEMROOT%\System32\WindowsVirtualizationUninstall.mof
  • mofcomp %SYSTEMROOT%\System32\WindowsVirtualization.V2.mof
  • net start vmms
This will restore the Msvm_ classes under root\interop namespace that had been overwritten by HPE WBEM Providers.
After recompiling the "original" mof files, VMM functionality was back, and VMM was able to query the affected Hyper V host.

I hope this article will save some of your "precious" admin time in debugging of this kind of combination of Hyper V, HPE Updates and VMM, and … Happy patching :)

How to check EMBG (Unique Master Citizen Number) using regex

In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...