Search This Blog

Wednesday, December 29, 2010

SSL test

A nice tool to check your SSL servers: http://www.ssltest.net/

Friday, December 10, 2010

Juniper and Exchange 2010 OWA

In one of our locations we use "Log on to" restriction for some users in Active Directory (attribute UserWorkstation). And this creates issue for Webmail users (Juniper SSL and Exchange 2010). To solve this add word "Workstation" to the list of allowed workstations in the attribute above or remove restriction at all.

Customised Netgear router firmware

I'm not sure exactly from where the issue is coming, but my netgear DGN2000 is not working correctly. Having issues to work wirelessly with my Macbook. Tried also to use cable the same result. Now I use old linksys and it seems to give less headaches.

When I have time I wil try customised firmware for netgear to see if issue goes away:

Here it is: http://jake-tm.co.uk/?page_id=259

D.

Tuesday, December 7, 2010

Netgear dgn2000

After several issues with this router, I decided to stop using it. When you boot it first time, the power led will not be on, and the network is unstable. After several reboots, the led finaly will be ok, but still a lot of network issues. Wifi and cable both. Temporary I enabled my very old linksys befw1154 (11b, WEP only). Very disappointed with netgear and will never buy it.

Friday, November 26, 2010

Monday, November 15, 2010

Cisco VPN client registers local LAN IP

You may notice that when connected VPN client registers in DNS the VPN IP and also local LAN IP. To prevent client registering local LAN, you should add to vpnclient.ini entry

[DNS]
EnableDNSRedirection=0

Wednesday, November 3, 2010

ManageEngine ADManager Plus install certificate

You can obtain a certificate from Windows CA and save it in PKCS12 format (in Windows extension pfx) together with the private key, set file password as adventnet.
Then modify conf/server.xml file in the path where AdManager is installed to point to new keystorefile with setting of keystoretype="PKCS12" and keystorepass="adventnet"

Tuesday, November 2, 2010

How to install Microsoft Windows CA certificate into Nessus linux?

You need a combination of these two

http://blogx.co.uk/ViewItem.asp?Entry=813
http://www.nessus.org/documentation/nessus_4.2_installation_guide.pdf

Path for the cert and key is:

/opt/nessus/com/nessus/CA/servercert.pem
/opt/nessus/var/nessus/CA/serverkey.pem


Obtain a certificate from MS CA Web - something like http://ca-server/certsrv
Click Request certificate- select advanced and then follow the dialog and save the certificate in Windows client. Type mmc and add certificate add-in, for my user.

Then you can export it in pksc12 format and then split into key and cert as:

Type "openssl pkcs12 -in filename.pfx -nocerts -nodes -out PBX_PrivateKey.pem" (you will be prompted for the password) to export the private key (no certificates at all will be output).

Then type "openssl pkcs12 -in filename.pfx -clcerts -nokeys -out PBX_Certificate.pem" to export the certificate.

Oops, checkpoint reboots worldwide

I'm glad that we retired Checkpoint a year ago.

http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html


https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk56641&js_peid=P-114a7ba5fd7-10001

Monday, October 25, 2010

New Mac Air from inside

http://www.ifixit.com/Teardown/MacBook-Air-11-Inch-Model-A1370-Teardown/3745/1

Macbook Pro June 2009 DVD region unlock

Hello, there are some sources on how to unlock region on the DVD: http://www.powerbook-fr.com/dossiers/dvd_region_free_en_article30.html
On the Macbook pro June 2009 you will need a bootcamp windows, the original firmware and the MSCE tool.
The effect is that you will be able to change region many times, the counter will be reset after each reboot.

Wednesday, October 6, 2010

5651

Does Bluecoat SG provides a "compliance" with Turkish 5651st law? any practical advises? http://www.tbmm.gov.tr/kanunlar/k5651.html

Tuesday, October 5, 2010

Fixing IIS apps issues

If you have errors in Windows IIS7 like:
"Faulting application w3wp.exe, version xx, faulting module unknown, fault address yy"

you may find this quite instructive:


http://blogs.msdn.com/b/david.wang/archive/2005/08/29/howto-understand-and-diagnose-an-apppool-crash.aspx

Enjoy!

Monday, September 6, 2010

Audit full access in Exchange

Use this command in powershell EMC: Get-Mailbox -Server “server-name” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } |export-csv c:\full.txt

Friday, September 3, 2010

EFI and SMC firmware updates for Intel-based Macs

New firmware for Mac Pro and others. It will not be available via Software update, but can be obtained manually
http://support.apple.com/kb/HT1237

Intel NIC low power mode

We have a lot of Event 27 in the eventlogs of dc7900 dc7800 HP business desktops:

Event Type: Warning
Event Source: e1kexpress
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 16:45:58
User: N/A
Computer: xxx
Description:
Intel(R) 82567LM-3 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5e 00 ......^.
0008: 00 00 00 00 1b 00 04 a0 ....... 
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ... 


and

Event Type: Warning
Event Source: e1express
Event Category: None
Event ID: 27
Date: 03.09.2010
Time: 14:14:54
User: N/A
Computer: yyy
Description:
Intel(R) 82566DM-2 Gigabit Network Connection Link has been disconnected.
Data:
0000: 00 00 04 00 02 00 5c 00 ......\.
0008: 00 00 00 00 1b 00 04 a0 ....... 
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 1b 00 04 a0 ... 


Apparently many other users seing that: http://communities.intel.com/thread/9913?start=90&tstart=0

It look like the problem is the Intels power saving mode - here is the utility from HP that disables it: sp47442.exe http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=nl&prodTypeId=12454&prodSeriesId=3785404&prodNameId=3785039&swEnvOID=2097&swLang=13&mode=2&taskId=135&swItem=vc-80464-1

Monday, August 30, 2010

CLOCK_WATCHDOG_TIMEOUT (101)

Having several BSOD with memory.dmp reporting CLOCK_WATCHDOG_TIMEOUT (101). It looks like an Intel CPU E5500 bug - Microsoft is aware about this - http://support.microsoft.com/kb/2264080 and http://support.microsoft.com/kb/975530/

Thursday, August 26, 2010

Exchange 2010 Organisational health - ECAL count is wrong

Confronted with this issue, I tried to search if and why the report lies, I found that others have the same opinion:

http://www.robichaux.net/blog/2009/11/exchange-2010-enterprise-health-and-the.php

Wednesday, July 14, 2010

How to disable ActiveSync for whole OU in Exchange 2010

Get-Mailbox -OrganizationalUnit GR | Set-CASMailbox -ActiveSyncEnabled $false

RDCMan

nice tool for Windows servers support: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4603c621-6de7-4ccb-9f51-d53dc7e48047

Exchange 2010 OWA calendars

For those who use OWA calendars on MOSS 2007 intranet: this feature is depreciated in Exchange 2010, you must use web services instead of URL. There is a Virto webpart for Sharepoint 2007 that can help. I think MOSS 2010 should also support web services of Exchange.

Free SSL certificates

You can get free 1 year SSL certificates from https://www.startssl.com/

Monday, May 31, 2010

FTP does not work with UPN -with @ in the account

Oops! FTP might give an error 530 if you use UPN accounts (like zz@xx.yy) and if you moved Active Directory controllers to W2008 while your FTP is W2003.

You need a patch from Microsoft: http://support.microsoft.com/kb/956114

Friday, May 28, 2010

SCVMM 2008 - cannot remove missing VM

When you see in SCVMM Virtual Machine status "missing", it means scvmm sql db is corrupted, most probably due to cluster mis-operation.

Try to start migrate VM on another host. When you see the duplicate VM and one of them running correctly, then you may remove mising VMs:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;983839

http://technet.microsoft.com/en-us/library/ff641854.aspx


The state "missing" has a code 220, and "update failed" 107. You may need to modify script, since the code is hardcoded there:

dbo.tbl_WLC_VObject WHERE [ObjectState] = 220
vs
dbo.tbl_WLC_VObject WHERE [ObjectState] = 107

Thursday, May 27, 2010

Outlook 2010 direct resource booking

in Outlook 2010 direct resource booking does not work out of box:
http://support.microsoft.com/kb/982774

I learned this hard way, I was kicked out from the conference room when I was sure it was reserved by me. :)

Wednesday, May 26, 2010

Xen editions differences

XenDesktop editions:
http://www.citrix.com/English/ps2/products/subfeature.asp?contentID=2300383

Windows VDA license

Microsoft® has announced the following licensing changes for virtual desktops that will come into effect on July 1st, 2010:
• Windows® Virtual Enterprise Centralized Desktop (Windows VECD) and Windows VECD for Software Assurance (SA) will no longer appear on the price list.
• Virtual desktop access rights will become a Windows Client Software Assurance benefit. Customers who intend on using PCs covered under SA will now be able to access their Virtual Desktop Infrastructure (VDI) desktops at no additional charge.
• Customers who want to use devices such as thin clients that do not qualify for Windows Client SA would need to license those devices with a new license called Windows Virtual Desktop Access (Windows VDA) to be able to access a Windows VDI desktop. Windows VDA is also applicable to third party devices, such as contractor or employee-owned PCs.

Thursday, May 20, 2010

TFTP GET from Cisco

If you see strange TFTP GET packets on your network then disable service config in your Cisco:

https://supportforums.cisco.com/docs/DOC-4668;jsessionid=0551B9C9734E97DBDD582F6090C88734.node0

Wednesday, May 19, 2010

Gigabit

Spent few moments trying to figure out why server's giga NIC sets to 100MB only... Twicked cisco switch port, restarted interface few times, even tried different distro - ubuntu instead of centos - result zero! Finally went and changed a patch cable - surprise-surpise: 1GB! IT is used to blame OS or driver, but HW is equally important...

Wednesday, May 12, 2010

Windows account lockout troubleshooting

Here is a native tool to troubleshoot Windows accounts lock out:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en


You can find a DC where account was locked, as well as you can to search all Event logs from all DCs:

EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.
LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs.

Monday, May 3, 2010

Sharepoint errors 5552 and 7888

To remove repetitive errors on the MOSS 2007, set a valid domain account for the web applications.

here is someone who had similar issue in the past: http://vspug.com/rlangley/2007/10/10/failure-trying-to-sync/

In meantime trying out this free and gret app: http://spi.codeplex.com/

It helps to decypher GUIS in the event viewer. I could see that these errors are coming MySite and SSP sites.

VLAN between HP Procurve and Cisco

http://www.tecnocael.it/ftp/docs/ProCurve_Cisco.pdf

Tuesday, March 9, 2010

Alerts in Sharepoint MOSS 2007

We have several complaints from users that they do not receive alerts. The log shows that alerts subscription are ok, but they are security trimmed. Looks strange because users actully can see the files in this document library. Logs looks like:
02/23/2010 09:10:55.88 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95lg Verbose Alertsjob results for immediate delivery: 334 prematches, 54 passed filtering, 24 of 54 passed security trimming, 24 final after rollup
02/23/2010 09:10:56.36 OWSTIMER.EXE (0x04F0) 0x03C8 Windows SharePoint Services Timer 95l5 Verbose AlertsJob processed 24 immediate notifications in 24 digests, sent 24 emails, failed to send 0 emails

I opened a call at Microsoft, but they could not get more data on why this security trimming is happening. They start claiming that nested AD groups are not supported by Sharepoint. Indeed the users that are included to nested AD groups were trimmed. They provided few links, but mentioned that Technet article is not released for public. After a while I discovered that alerts started to work normally even with nested AD groups. In meantime I changed account under which timer job is working from local to Domain. I can not recall any other change, may be except refreshing security on the library in question. So that must be it, timer job account must be domain in order to send alerts even to users of nested Active Direcotry groups. In any case let me give you MS provided links here:


http://blogs.msdn.com/joelo/archive/2007/06/29/sharepoint-groups-permissions-site-security-and-depreciated-site-groups.aspx - Explains the problem & a work around is provided
http://social.msdn.microsoft.com/Forums/en/sharepointworkflow/thread/65e5dfc7-626b-47f0-bf56-b58a08219db7
http://hermansberghem.blogspot.com/2008/04/windows-security-groups-vs-sharepoint.html - # 3 is Important
http://objectmix.com/sharepoint/731902-add-active-directory-user-group-sharepoint-user-group.html - It talks about work around as well

Tuesday, February 2, 2010

disable LDAPS/SSL weak ciphers

Disable weak ciphers in Windows 2003 DC LDAPS protocol on a domain controllers:

you may follow the tip from http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/

Wednesday, January 20, 2010

Linux from USB

A reminder - there is a great tool UNETBOOTIN that allows to create USB bootable for many distros - Ubuntu, Suse, FreeBSD, etc.

Monday, January 18, 2010

Windows 7 profile problems

In order to delete local copies of romaing profile, together with C: profile directory, you needs to clean ProfileList registry. Otherwise Windows 7 goes crazy.

Monday, January 11, 2010

Nessus scripts and credentials protection

Please read here to set Windows domain account that can be used in Nessus scripts:

http://www.nessus.org/documentation/nessus_domain_whitepaper.pdf

The account has registry read access, however it's not part of Domain admins.

Wednesday, January 6, 2010

Window position is off screen - black magic

right click on window in taskbar – select Move, then move mouse a little bit – you should see 4 arrows cursor– then press _keyboard_ arrow then left click mouse – windows will appear on the desktop

http://www.howtogeek.com/howto/windows/bring-misplaced-off-screen-windows-back-to-your-desktop-keyboard-trick/