Logparser in CAS Exchange 2013 for users and their version of Outlook

In this article I want to share the search script in logs CAS Exchange 2013 current users and their version of Outlook. The script requires two CAS server, the script must be run under the administrator of these servers, the path to the log specified standard.

Download ex13_username_version.ps1

$cas1 = "cas1.blogspot.com"

$cas2 = "cas2.blogspot.com"

$LogFile = "ex13_username_version.csv"

$LogParser = "C:\Program Files (x86)\Log Parser 2.2\LogParser.exe"

$LogTime = Get-Date -Format "yyyyMMdd"

$LogHProxy = "RpcHttp" + $LogTime + "*.log"

$query = """SELECT DISTINCT EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') as username,EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,2,';'),1,'}') as client `

         into $($LogFile) FROM '\\$($cas1)\c$\Program Files\Microsoft\Exchange Server\V15\Logging\RpcHttp\W3SVC1\$($LogHProxy)', `

         '\\$($cas2)\c$\Program Files\Microsoft\Exchange Server\V15\Logging\RpcHttp\W3SVC1\$($LogHProxy)' `

         where (EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') NOT LIKE '%{%' AND EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,1,';'),1,'=') IS NOT null `

         AND EXTRACT_TOKEN(EXTRACT_TOKEN(EventData,2,';'),1,'}') IS NOT null)"""

$LogParserStr = "-i:csv -o:csv " + $query + " –nSkipLines:4"

$LP = Start-Process -FilePath $LogParser -ArgumentList $LogParserStr -Wait -Passthru -NoNewWindow

Exchange, EventID 1135 This could also be due to the node having lost communication with other active nodes in the failover cluster.

In this article, I provide a list of actions to resolve the error 1135 Exchange 2013 in Windows 2012 R2. Windows 2012 R2 use IPv6 for Failover Cluster...

1. Check IPv6 enabled (network adapter and registry)

2. Check firewall rules, add expections:
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)
Failover Cluster Manager (ICMP6-ER-In)
Failover Clusters (ICMP6-ER-In)
Failover Clusters (ICMP6-ERQ-In)

001 002 003 004 005

netsh.exe advfirewall firewall set rule name="Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)" new enable=Yes profile=any netsh.exe advfirewall firewall set rule name="Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)" new enable=Yes profile=any netsh.exe advfirewall firewall set rule name="Failover Cluster Manager (ICMP6-ER-In)" new enable=Yes profile=any netsh.exe advfirewall firewall set rule name="Failover Clusters (ICMP6-ER-In)" new enable=Yes profile=any netsh.exe advfirewall firewall set rule name="Failover Clusters (ICMP6-ERQ-In)" new enable=Yes profile=any

3. Install updates:
http://support.microsoft.com/kb/3033918 Disk resource does not come online in Windows Server 2012 R2 or Windows Server 2008 R2-based failover cluster
http://support.microsoft.com/kb/3066427  You cannot compress Windows image files because of memory leak in Windows 8.1
http://support.microsoft.com/kb/3078584  0x133 or 0x13C Stop error occurs in Windows 8.1 or Windows Server 2012 R2
http://support.microsoft.com/kb/3033930  Hotfix increases the 64K limit on RIO buffers per process for Azure service in Window
http://support.microsoft.com/kb/3077354  Computer freezes when WFP leaks nonpaged pool memory in Windows Server 2012 R2
http://support.microsoft.com/kb/3065013  "0x0000007F" and "0x0000009F" Stop errors in Windows 8.1 or Windows Server 2012 R2
https://support.microsoft.com/kb/3013769 December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
https://support.microsoft.com/en-us/kb/3076953 Cluster services go offline when there's a connectivity issue in Windows Server 2012 R2 or Windows Server 2012
Other updates https://support.microsoft.com/en-us/kb/2920151 Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters

4. If you use different network adapters, disable "Register this connection’s address in DNS" checkbox on the advanced TCP properties of the network adapter used for Cluster Communication/Exchange replications.

5. Check bind order with nvspbind for network adapter http://blogs.technet.com/b/askcore/archive/2010/04/15/windows-server-2008-failover-clusters-networking-part-4.aspx, eg:

6. If use VMWare ESX:
6.1 Remove vShield (VMware Guest Introspection Network Filter Driver, VMware Guest Introspection Driver)

6.2 Increase value (Large Rx Buffers, Small Rx Buffers, Rx Ring # 1, Rx Ring # 2) to maximize network cards VMXnet3 kb.vmware.com/kb/2039495

6.3 Update ESX http://kb.vmware.com/kb/2124669
6.4 Check CPU settings http://kb.vmware.com/kb/1005362

Exchange Edge 2010/2013 corrupt encrypted (smime) message

In this article I want to talk about damage to encrypted messages Exchange Edge 2010/2013.
First, you must make sure that the antivirus program is made exception for the recipient or to the sender or IP address.
With the shutdown agents found that the message is corrupt "Attachment Filtering Agent".
There are three ways to correct the error:
1. Disable "Attachment Filtering Agent"

001	Disable-TransportAgent "Attachment Filtering Agent"

2. Make an exception for IP address in "Attachment Filtering Agent":
create new receive connector, eg

001	New-ReceiveConnector -Name EcryptMessage -Bindings 1.1.1.1:25 -RemoteIPRanges 2.2.2.1,2.2.2.2 -AuthMechanism none -Fqdn mx1.blogspot.com -MaxMessageSize 60Mb -PermissionGroups AnonymousUsers -ProtocolLoggingLevel Verbose -TarpitInterval 00:00:00

Find Guid for new connector

002	Get-ReceiveConnector EncryptMessage | fl guid

Add connector to "Attachment Filtering Agent" config

003	Set-AttachmentFilterListConfig –ExceptionConnectors "your guid"

3. Disable checking encrypted messages in "Attachment Filtering Agent":
Add key in section <AppSettings> for file "C:\Program Files\Microsoft\Exchange Server\V15\Bin\EdgeTransport.exe.config"

001	<add key="SkipDigitalSignedMessageFromAttachmentFilterAgent" value="true" />

I like the third way.

A more detailed study of the problem by using "PipelineTracing" we see that the "Attachment Filtering Agent" changes the encoding message.

Exchange 2013 "(413) Request Entity Too Large"

This error "(413) Request Entity Too Large" occurs when working with Web services Exchange 2013. Caught by a cmdlet "Test-OutlookWebServices" or Wireshark

Fix you can do this on CAS servers:
1. Back up files
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\autodiscover\web.config
C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ews\web.config
2. Replace the value "uploadReadAheadSize" of 0 to 1048576 (bytes) in both files

017	<serverRuntime uploadReadAheadSize="1048576" />

How to Migrate Windows User Profile to New Account. User Profile Migration Script.

In this article, I share the script with which you can quickly migrate user profile. The script assigns the rights to the profile folder and registry files, and then change the path to the profile for the new user. This script free and was preferred (for me) than a means "User State Migration Tool".

Example usage:
We need to migrate user "contoso\i-evgeny" to domain "blogspot.com"
1. Create user "blogspot\i-evgeny"
2. Join PC to new domain "blogspot.com", reboot
can remotely with powershell:

Add-Computer -ComputerName PC.contoso.com -DomainName blogspot.com -newname PC-blog -PassThru -Force -restart

3. Logon to PC-blog with user "blogspot\i-evgeny", reboot
4. Logon to PC-blog with Administrator:
- disable UAC
can with powershell:

New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force

- run powershell script ".\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny"
- reboot
5. Logon to PC-blog with "blogspot\i-evgeny", check your files, application etc
6. If your have errors when use Certificates additional reassign rights to
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
%userprofile%\Application Data\Microsoft\SystemCertificates

"Download .\ProfileMigrate.ps1":

[CmdletBinding()]

Param (

  [Parameter(Mandatory=$True,Position=0)]

  [string]$U_S,

  

  [Parameter(Position=1)]

  [string]$U_D

)

if ($U_S -and $U_D) {

    write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green

    $objUser = New-Object System.Security.Principal.NTAccount($U_S)

    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

    $Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath

    $path = $Profile.ProfileImagePath

    $acl= (Get-Item $path).GetAccessControl('Access')

    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"

    $propagation = [system.security.accesscontrol.PropagationFlags]"None"

    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule ($U_D,"FullControl",$inherit,$propagation,"Allow")

    $acl.addaccessrule($rule)

    Set-ACL $path $ACL

    reg load hklm\sourceuser $path\NTUSER.DAT

    reg load hklm\sourceuser2 $path\AppData\Local\Microsoft\Windows\UsrClass.dat

    $path = "hklm:\sourceuser"

    $acl= get-acl -path $path

    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"

    $propagation = [system.security.accesscontrol.PropagationFlags]"None"

    $rule=new-object system.security.accesscontrol.registryaccessrule $U_D,"FullControl",$inherit,$propagation,"Allow"

    $acl.addaccessrule($rule)

    $acl|set-acl

    $path2 = "hklm:\sourceuser2"

    $acl2 = get-acl -path $path2

    $acl2.addaccessrule($rule)

    $acl2|set-acl

    do {

    Start-Sleep -s 10

    reg unload hklm\sourceuser

    } while (test-path $path)

    do {

    Start-Sleep -s 10

    reg unload hklm\sourceuser2

    } while (test-path $path2)

    $objUser = New-Object System.Security.Principal.NTAccount($U_S)

    $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

    $Profile = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -Name ProfileImagePath

    $Profile.ProfileImagePath

    $objUser2 = New-Object System.Security.Principal.NTAccount($U_D)

    $strSID2 = $objUser2.Translate([System.Security.Principal.SecurityIdentifier])

    $Profile2 = Get-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -Name ProfileImagePath

    $Profile2.ProfileImagePath

    Set-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID2" -name ProfileImagePath -Value $Profile.ProfileImagePath

    Remove-ItemProperty "hklm:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$strSID" -name ProfileImagePath

} else {

    write-host "Usage example: .\ProfileMigrate.ps1 contoso\i-evgeny blogspot\i-evgeny" -fore green

}

Control user application on Microsoft TMG

In many organizations, there is a question how to block unwanted applications (viruses, torrent etc) for the proxy server Microsoft TMG. In this article I show an example of application lock "torrent"  Microsoft TMG.
Background: We have a proxy server Microsoft TMG and it stores logs in Microsoft SQL

1. First, install the server "SQL Server Managment Studio"
2. Connect the "SQL Server Managment Studio" to the SQL server

create a function (convert IP address from HEX to String http://blogs.technet.com/b/isablog/archive/2009/06/04/isa-bpa-7-and-forefront-tmg-for-windows-essential-business-server.aspx) New query - run this:

CREATE FUNCTION [dbo].[fnIpAddressToText]

(

    @Ipv6Address [uniqueidentifier]

)

RETURNS varchar(40) AS

BEGIN

    DECLARE @strInAddress varchar(40)

    DECLARE @strOutAddress varchar(40)

    SET @strInAddress = LOWER(CONVERT(varchar(40), @Ipv6Address))

    SET @strOutAddress = ''

    IF (SUBSTRING(@strInAddress, 10, 4) = 'ffff')

    BEGIN

        -- ipv4 (hex to int conversion)

        DECLARE @IsNum int, @ZERO int, @IsAlpa int

        set @ZERO = ASCII('0')

        set @IsNum = ASCII('9')

        set @IsAlpa = ASCII('a') - 10

        DECLARE @intH int, @intL int

        SET @intH = ASCII(SUBSTRING(@strInAddress, 1, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 2, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 3, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 4, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 5, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 6, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 7, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 8, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL)

    END

    ELSE

    BEGIN

        -- ipv6

        SET @strOutAddress = @strOutAddress + SUBSTRING(@strInAddress, 1, 4) + ':'

                                        + SUBSTRING(@strInAddress, 5, 4) + ':'

                                        + SUBSTRING(@strInAddress, 10, 4) + ':'

                                        + SUBSTRING(@strInAddress, 15, 4) + ':'

                                        + SUBSTRING(@strInAddress, 20, 4) + ':'

                                        + SUBSTRING(@strInAddress, 25, 4) + ':'

                                        + SUBSTRING(@strInAddress, 29, 4) + ':'

                                        + SUBSTRING(@strInAddress, 33, 4)

    END

    ---- guid sample '6F9619FF-8B86-D011-B42D-FFF34FC964FF'

    RETURN @strOutAddress

END

3. Create rules Microsoft TMG blocking Internet access for the computer set "deny_pcs"

4. Create folder c:\scripts and powershell script on the TMG server. In a script, you must specify:

YourSQL.blogspot.com
SQLport
YourArray

cd c:\scripts

$ServerInstance = "YourSQL.blogspot.com\msfw,SQLport"

$FPCobjs = New-Object -comObject FPC.root

$FPCobj = $FPCobjs.arrays | where {$_.Name -eq "YourArray"}

$Database = "master"

$ConnectionTimeout = 30

$QueryTimeout = 12000

$Query = "declare @dbname nvarchar(255)

declare @db cursor

set @db = CURSOR FOR select name from sys.databases where owner_sid<>0x01

USE tempdb

IF EXISTS (SELECT 1

           FROM [INFORMATION_SCHEMA].[TABLES]

           WHERE TABLE_NAME like '%#SampleTableApps%')

DROP TABLE [tempdb].[dbo].[#SampleTableApps]

CREATE TABLE [tempdb].[dbo].[#SampleTableApps](

[app] [varchar](max) NULL,

[iphex] [uniqueidentifier] NULL,

[username] [varchar](max) NULL

) ON [PRIMARY]

OPEN @db

FETCH NEXT FROM @db into @dbname

WHILE (@@FETCH_STATUS = 0)

BEGIN

declare @Cmd nvarchar(max)

set @Cmd=N'IF (EXISTS (SELECT *

                 FROM ['+@dbname+'].INFORMATION_SCHEMA.TABLES

                 WHERE TABLE_SCHEMA = ''dbo''

                 AND TABLE_NAME = ''FirewallLog''))

   BEGIN

    insert into [tempdb].[#SampleTableApps] (app,iphex,username) select DISTINCT clientagent, SourceIP, ClientUserName from ['+@dbname+'].dbo.FirewallLog

   END

   IF (EXISTS (SELECT *

                 FROM ['+@dbname+'].INFORMATION_SCHEMA.TABLES

                 WHERE TABLE_SCHEMA = ''dbo''

                 AND TABLE_NAME = ''WebProxyLog''))

   BEGIN

    insert into [tempdb].[#SampleTableApps] (app,iphex,username) select DISTINCT clientagent, ClientIP, ClientUserName from ['+@dbname+'].dbo.WebProxyLog

   END'

  exec sp_executesql @Cmd

    FETCH NEXT FROM @db INTO @dbname

END

CLOSE @db

DEALLOCATE @db

select app, [master].[dbo].fnIpAddressToText(iphex) as ip, username from [tempdb].[#SampleTableApps]"

$conn=new-object System.Data.SqlClient.SQLConnection

$ConnectionString = "Server={0};Database={1};Integrated Security=True;Connect Timeout={2}" -f $ServerInstance,$Database,$ConnectionTimeout

$conn.ConnectionString=$ConnectionString

$conn.Open()

$cmd=new-object system.Data.SqlClient.SqlCommand($Query,$conn)

$cmd.CommandTimeout=$QueryTimeout

$ds=New-Object system.Data.DataSet

$da=New-Object system.Data.SqlClient.SqlDataAdapter($cmd)

[void]$da.fill($ds)

$apps = $ds.Tables[0].Rows

$conn.Close()

if ($apps) {$apps | Export-Csv .\app1.csv -Encoding utf8 -NoTypeInformation}

$user_torrent = $apps | where {$_.app -match "torrent"}

$user_torrent_sort = $user_torrent | Sort username,ip -unique

if ($user_torrent_sort) {$user_torrent_sort | Export-Csv .\app_torrent.csv -Encoding utf8 -NoTypeInformation}

$CS_deny_pcs = $FPCobj.RuleElements.ComputerSets | where {$_.name -eq "deny_pcs"}

foreach ($pc in $CS_deny_pcs.computers) {

$CS_deny_pcs.computers.remove($pc.name)

}

$CS_deny_pcs.computers.save()

foreach ($line in $user_torrent_sort) {

if ($line.ip -notmatch ":") {

$CS_deny_pcs.computers.add($line.username,$line.ip)

}

}

$CS_deny_pcs.computers.save()

5. Now you can schedule the script eg each hour

How to configure checkpoint (Gaia) firewall as a proxy server?

In 2015, ends support for MS TMG, so many are looking for a replacement. One of these can be Checkpoint. This article demonstrates step by step deployment Checkpoint as a proxy server with basic settings to begin further testing.
Also immediately tried to take into account some mistakes deployment:
Not ping/not telnet 8080 the cluster IP - disable anti-spoofing
Find mac-address for cluster IP
Rules "URL filtering" are not working  - replace Destination from Internet to Any

1. Download "Check_Point_Install_and_Upgrade_R77.Gaia.iso" (http://supportcontent.checkpoint.com/file_download?id=41337)

2. Think of your topology, eg 2 gateways, 2 managment, 2 ISP

3. Choose IP addresses, eg
2 checkpoint gateways
nic1 (DMZ1) 1.1.1.2, 1.1.1.3 and cluster 1.1.1.4
nic2 (DMZ2) 2.1.1.2, 2.1.1.3 and cluster 2.1.1.4
nic3 (Internal) 10.0.0.2, 10.0.0.3 and cluster 10.0.0.4
nic4 (Managment and Sync) 10.0.1.2, 10.0.1.3
2 checkpoint managment
nic1 (Managment) 10.0.1.4, 10.0.1.5

4. Install Gaia on 2 gateways:
for system partition more or equal 15 Gb
assign IP for nic4 (Managment and Sync) 10.0.1.2, 10.0.1.3, managment default gateway 10.0.1.1

5. Install Gaia on 2 managment:
for system partition more or equal 15 Gb
assign IP for nic1 (Managment) 10.0.1.4, 10.0.1.5, managment default gateway 10.0.1.1

6. Login to 2 checkpoint gateways with https://10.0.1.2, https://10.0.1.2
enter name, domain, dns servers
choose "Secure Gateway", "ClusterXL"

generate and remember "Activation Key" - then the password will be used for communication between nodes

assign all IPs for NICs

change static route:
add route for Internal: 10.0.0.0 mask 255.255.0.0 gateway 10.0.0.1
change route for External: 0.0.0.0 mask 0.0.0.0 gateway 1.1.1.1

if you lost connection to GUI, you can do it from console (suffix on - add command, off - delete command)

show configuration static-route
show route
set static-route default nexthop gateway address 1.1.1.1 on
set static-route 10.0.0.0/16 nexthop gateway address 10.0.0.1 on

7. Login to 2 checkpoint managment with https://10.0.1.4, https://10.0.1.5
enter name, domain, dns servers
choose "Primary Managment", "Secondary Managment"

8. Install updates:

 login to Checkpoint with browser, open policy, choose "Automatic" in "Download Hotfix"

install updates

9. Download and install "Smart Console" on managment pc

10. Open "Smart Console" connect to primary managment server

11. Create Cluster: Network Objects - Check Point - Security Cluster - Check Point Appliance/Open Server

ClusterXL, Load Sharing

add members, enter Activation Key

choose network type, eg 

nic1, nic2, nic3 - representing a cluster interface (enter cluster ip)

nic4 - cluster synchronization

12. Change Cluster Properties

open "Topology", click Edit

check IPs, change type External/Internal, rename interface name (one name for one ISP - for ISP Redundancy). 

Next find mac-address for internal cluster IP/disable anti-spoofing: click on internal cluster IP, click edit

click Advanced

copy mac-address

goto "Topology" tab, unmark "Perform Anti-Spoofing based on interface topology"

Close Interface Properties, goto "HTTPS/HTTPS Proxy": mark "Use this gateway as an HTTP/HTTPS Proxy"

Click "Advanced": mark "X-Forward-For header (original client source IP address)"

Goto "Identity Awareness": mark "Detect users located behind http proxy using X Forward-For header"

Goto "General Properties" - mark/unmark Blades

Open "ISP Redundancy" - mark "Support ISP Redundancy" (It works only when a Checkpoint Default Gateway)

Next click Add in "ISP Links", enter name (such as interface name) and choose interface

Close "Cluster Properties"

13. Create "Test" Firewall policy

14. Create Application & URL Filtering policy. You must change Destination to Any.

15. "Save Settings" and "Install Policy"

16. Open router configuration and add cluster virtual IP, mac, eg cisco

arp 10.0.0.4 0100.0100.0100 ARPA

mac-address-table static 0100.0100.0100 vlan 2 interface Port-channel1 Port-channel2 Port-channel3

17. Add DNS A record: 

cp.blogspot.com A 10.0.0.4

18. Configure browser for new proxy and try go to Internet