Tuesday, October 26, 2010

Setting up time clock in AD Domain Controller

Knowing how it works is great, but having it handy it better.

Normally I've seems Domain Controller without a NTP server, and
have to fight with my head trying to get the right syntax.

Here are the lines that I normally use to set this up.

This will tell you the time difference between the local computer and target computer.

w32tm /stripchart /computer: target /samples: n /dataonly

w32tm /stripchart /computer:time.nist.gov /samples:3 /dataonly

Log into you PDC-Emulator and type this

w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /update

w32tm /config /manualpeerlist:”time.nist.gov” /reliable:yes /update

NTP uses UDP Port 123 egress only so make changes on you firewall accordingly

Thursday, September 23, 2010

ASA 8.2 and 8.3 Site to Site VPN Setup with Watchguard Branch Office VPN Part 1 of 2

This part will cover the setup of a two ASA using versions 8.2 and 8.3. Part 2 will add a Watchguard Firebox will be added to the ASA Site 2 Site VPN as a Branch Office VPN BOVPN.
All setup for the ASA will be done using CLI, for the Watchguard will be using GUI since current version won’t support CLI.

Topology will be ASA A <-> ASA B for Part 1. We will use a DIA Metro E for one of the ASA and DSL with Static IP using PPPOE for the second ASA.

This setup covers only the setup part related with Site 2 Site VPN rest of the configuration was skip.

HQ Setup


: Saved
:
HostName ASA_HQ
ASA Version 8.3(2)
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 72.14.253.226 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2

object network vpn-local
host 10.1.1.15
object network vpn-remote
host 192.168.1.240

access-list acl_vpn_asa2asa extended permit ip host 10.1.1.15 host 192.168.1.240

nat (inside,any) source static vpn-local vpn-local destination static vpn-remote vpn-remote
!

crypto ipsec transform-set set_asa2asa esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map map_asa2asa 10 match address acl_vpn_asa2asa
crypto map map_asa2asa 10 set pfs group5
crypto map map_asa2asa 10 set peer 207.46.197.32
crypto map map_asa2asa 10 set transform-set set_asa2asa
crypto map map_asa2asa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

tunnel-group 207.46.197.32 type ipsec-l2l
tunnel-group 207.46.197.32 ipsec-attributes
pre-shared-key THIS_MUST_BE_THE_SAME_ON_EACH_ASA
!
: end

Brach Setup


: Saved
:
HostName ASA_Branch
ASA Version 8.2(3)
!
interface Ethernet0/0
switchport access vlan 2
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group BellSouth
ip address pppoe setroute
!

access-list acl_vpn_asa2asa extended permit ip host 192.168.1.240 host 10.1.1.15
!
nat (inside) 0 access-list acl_vpn_asa2asa
!
crypto ipsec transform-set set_asa2asa esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map map2firebox 10 match address acl_vpn_asa2asa
crypto map map2firebox 10 set pfs group5
crypto map map2firebox 10 set peer 72.14.253.226
crypto map map2firebox 10 set transform-set set_asa2asa
crypto map map2firebox interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
!
vpdn group BellSouth request dialout pppoe
vpdn group BellSouth localname dummy@matostech.com
vpdn group BellSouth ppp authentication pap
vpdn username dummy@matostech.com password MatosTech store-local
dhcpd auto_config outside
!
tunnel-group 72.14.253.226 type ipsec-l2l
tunnel-group 72.14.253.226 ipsec-attributes
pre-shared-key THIS_MUST_BE_THE_SAME_ON_EACH_ASA
!
: end

Thursday, April 8, 2010

Exchange’s shared mailbox won’t save your sent or deleted Items in its mailbox owner.

Normally on a Microsoft Exchange shared mailbox you will like to save your information on your personal mailbox, and the shared mailbox info in its mailbox (OWA does it like that, but no Outlook). I was surprise that this is not the default configuration of Outlook, and Microsoft has their reason which I don’t plan to cover here.

This is a known [issue, option] on Outlook 2007. Basically you will need to add these two entries in the registry. The first one is focus on the Sent Item, next one on Delete items.

You must add a DWORD = 1 value or update any value it already exists for the sent mails to go to its respective mailbox.

HKEY_CURRENT_USER\Software\Microsoft\Office\[version]\Outlook\Preferences\DelegateSentItemsStyle


You must add a DWORD = 8 to stored items on your personal mailbox, or 4 to stores deleted items in the mailbox owner (Shared mailbox).

HKEY_CURRENT_USER\Software\Microsoft\Office\[version]\Outlook\Options\General\ DelegateWastebasketStyle

Note: both registries entries have a section [version] replaced this with 9.0 for Outlook 2000, 10.0 for 2002, 11.0 for 2003, 12.0 for 2007, etc.

Of course you can supply this info to you AD Admin, this way he send this registry to your AD machines through a GPO.

http://support.microsoft.com/kb/202517
http://support.microsoft.com/kb/972148

Monday, April 5, 2010

Sharepoint Read-Only after restore and (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

After restoring your Sharepoint Collection Site you get access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

You notice that owners, Administrator, an members don’t have write access and when trying to add a user, or any other write command to the site you get:

stsadm -o adduser -url http://wssServer -userlogin matOS\e1m -useremail e1m@theemail.com -role "Full Control" -siteadmin -username "Eddie"

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


I personally started getting this error when the site was in a locked state, drove me crazy since I thought it was related with permissions or inheritance. Plus my restored at the moment came from a production Domain, and I was restoring in a Testing environment with a testing Domain with different SID

Another reason is because your site it’s over the Quota limit, or because the site was locked when you took the backup of the site.

Not even the Owners, Members, or even Application Administrator will have write access to the site.

This command will remove the lock of you site collection.

stsadm -o setsitelock -url http://wssServer -lock none

Using the Central Administration you can click under Application Management
Click on "Site Collection Quotas and Locks", select your site collection and set it to “Not locked”.

More info at http://technet.microsoft.com/en-us/library/cc287893.aspx

Saturday, March 13, 2010

Backup/Move/Migrate Windows Sharepoint Services 3 Sites

We know there are multiples way to backup an WSS ( Windows Sharepoint Services ) stsadm/Central Administration/BE Agent/System Center DPM, etc.

Out of all of them I prefer to use stsadm. Specially because it allows you me to backup and specific site collection and restore it to any other server in another AD ( Adtive Directory ) or the same AD.

It won't matter if it's a different Hardward or topology.

Here are the steps

Source server you just run

stsadm.exe -o backup -url http://wss-matostech -filename c:\site1.bak -overwrite
stsadm.exe -o backup -url http://wss-matostech/sites/main -filename c:\site2.bak -overwrite


Targe server

You must create two new sites http://new-server/s1-s2, or http://new-server/sites/s1-s2. Not doing this will override any new information of thi server.

stsadm.exe -o restore -url http://new-server/s1 -filename c:\site1.bak -overwrite
stsadm.exe -o restore -url http://new-server/s1 -filename c:\site2.bak -overwrite

Friday, March 12, 2010

Print all documents from a folder to default printer

This script will allow you to print multiple files ( words,Excel, pdf,etc. ) withou having to open one by one.

Create a notepad file and copy and paste this to a file.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
set shApp = CreateObject("shell.application")
currentPath = CreateObject("Scripting.FileSystemObject").GetAbsolutePathName(".")
set shFolder = shApp.NameSpace( currentPath )
set files = shFolder.Items()
for each files in files

if files.name <> Wscript.ScriptName then
' msgbox("printing "&files.name)
files.invokeverb "&Print"
end if
next
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Save this notepad named printall.vbs or any other name just make sure you end up with .vbs

Place this new .vbs in folder and it will print everything in the folder ( not sub folders ).

Tuesday, March 9, 2010

After upgrading to Exchange 2007, BES Alert Stop working

BES Alerts fix

Don't ask me why/how/when but add this and see what happend

HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\BESAlert.

DWORD value - MxDisabled=1