Skip navigation

Category Archives: Microsoft

Bit of an awkward fix, unfortunately, as this involves having access to a Windows/Outlook setup, but to add a Public folder that exists on Exchange, it needs to be bookmarked as a favourite for Evolution to pick it up.

For example, we use a public folder for shared (company-wide) contacts here.  To add the folder I just log onto my account on a Windows machine, then added that public folder as a favourite.

After logging out of evolution and back in, I could then see these “public” contacts under the contact folder (CTRL+2).

For roaming users who need to connect to services where there is no available WiFi, this is a useful solution.

We use an unlimited data plan with O2 which also has advantages – no further costs for users using the Blackberry as a GPRS modem!

1 – Ensure latest version of Blackberry Desktop Software is installed.

2 – Connect the Blackberry and check that under Device Manager->USB Devices that the Blackberry is listed (if it is not installed correctly, reinstall drivers from:

C:program filescommon filesresearch in motionDrivers

3 – In Device Manager, under ports, you should see an RIM Virtual Serial Port – if not install from the location above.

4 – Next, add a modem in Control panel (using a Standard 33.6 modem). Connect to the virtual serial port listed in step 3.

5 – Under the advanced tab for the modem we just added in the extra initialisation commands box type:

+cgdcont=1,”IP”,”mobile.o2.co.uk”

…assuming o2 is your mobile carrier!

Now set up a new dialup connection using this modem.  Username and password have no significance, just set the phone number to dial as:

*99#

Uncheck the box that says “make this the default internet connection”
:D

This error occurs when trying to view Public Folders in the Exchange System manager when he SSL certificate name differs between the FQDN and the local server name.  The Exchange System Manager will not allow you to view the public folders as it believes the folder name to be incorrect.

This can be resolved using a front-end, back-end scenario, but what if you are stuck with a single Exchange server (ie. SBS) in your environment?

On following a few blogs and sites, the solution seems to be to remove SSL requirement for that particular folder in the IIS Manager.  This didn’t work for me though – and I found a lot of people out there with unresoved issues on Experts Exchange etc.

The end solution was to use the ADSIEdit utility to manually stop the Exchange System Manager from using SSL.

The steps are as follows:

1) Install the ADSIEdit Utility (one of the Windows Server 2003 Support tools) from your SBS2003 CD (CD2) using suptools.msi

2) Run a Microsoft Management console (Start->Run->MMC)

3) Open the ADSIedit.msc (browse to the Support Tools folder)

4) Browse through to

Configuration > Services >  Microsoft Exchange > Domain Name > Administrative Groups >     First Administrative Group > Servers > Servername > Protocols > HTTP > 1 > Exadmin

5) Right click msExchSecureBindings, and click Properties

6) Highlight :443: and click Remove

7) Click OK

8) Restart the Exchange System Attendant and the IIS Admin service

Exchange system manager will now no longer try to use SSL when connecting to the service.

Occasionally you find a piece of software that makes life infinitely easier….this has been a very good week, I’ve found 2!

I’ve just installed GLPI as a trouble ticketing system to assist with management of workflow and to track recurring faults.  It’s an open-source, web based tool that uses apache, php and mysql to track issues and produce good quality reports.

It seems extremely stable in trials so far, but I will keep on using for the next few weeks before I roll out to users in our organisation for fault reporting.

Available from here: http://www.glpi-project.org/spip.php?lang=en

The next find was a tool called OCS Inventory.  It’s another web/mysql app that is used for asset management.  The useful thing about this tool is that it uses an agent installed as a service on workstations that can be deployed using a login script.  This then updates the server on workstation boot with an abundance of information about the workstation, such as hardware info, serial number, installed software, installed printers, logged on user, etc

This has turned into a real time-saver for me! It’s available for download from http://www.ocsinventory-ng.org/

We have a user who runs a regular mail merge, and since migrating to Office 2007 has been experiencing problems merging using an Excel source into a Word document.  The merge fails to display characters following the decimal point.

The resolution is to highlight the merge field in the document template and press ALT+F9.  This will then display

{MERGEFIELD FIELD_NAME}

This needs to be edited to include the number of characters before and after the decimal place using the # switch.  # then defines the number of characters.  It’s worth noting that if no characters exist then Word ignores the #.  To get around this, adding a subsequent .00 ensures that if there is a 0 value after the decimal place then it is included.  Our edited mergefield therefore looks like:

{MERGEFIELD “FIELD_NAME” # £##,###.00}

Managing a Windows environment (2 separate domains, one running a couple of 2003 Servers and Exchange, the other running SBS2003), there are times when I need to run a Windows client.  Not least because the management tools required for our PBX phone systems (an Avaya IP Office and an Alcatel OmniPCX), our CCTV system (RMC), our photographic archive (iBase), our EPOS system and Sage Line 50 require windows to run and Wine is insensitive to. There are various other windows specific tools that effectively mean that I need a functional copy of windows to work, rather than beng able to switch over to linux as my sole desktop machine.

At the moment I use a KVM switch to swap between the 2 desktops I use (one is XP the other Ubuntu Hardy Beta).  I spend about 99% of my day in Ubuntu, but can’t escape windows completely….this means 2 machines under the desk – which at best is not very environmentally sound, and at worst is downright inconvenient.

The solution? well a virtualised copy of Windows running on the Linux box is the obvious solution, but what about all the apps and data accumulated on the Windows machine over the last x years…..this may seem like a small concern, but it would take a LONG time to reinstall these apps – because of the custom nature of them they are heavy on configuration time, and while they could be installed, it would be a pain in the backside….

Along come the nice people at VMWare though with the Vmware Converter (http://www.vmware.com/products/converter/) a tool that simply installs and then allows you to convert a physical install of an OS into a Virtual OS that can then be opened in VMware Workstation, Server or Player!

While it is designed to allow for the virtualisation of server environments this is the perfect solution for the likes of myself who still need to use Windows apps, that aren’t Wine compatible but REALLY want to ditch the spare Windows machine sat under the desk…

Working for a number of clients, it’s surprising how many people assume that an email sent is secure by default.  The number of people (including e-commerce providers) who feel comfortable sending (and requesting) credit card information via email is quite shocking…

It’s worth clarifying that sending an email is the digital equivalent of sending a postcard….anyone, on any number of the hops between the sender and the recipient, could read the contents of that email with relative ease, in the same way that if you sent a postcard, anyone en route between the sender and the recipient who handles that card could read the contents.  Worse yet, there are methods of spoofing (pretending to be) the recipient mail server – causing all emails that are destined for the recipient to be captured then forwarded on without the recipient even knowing that this has happened….

There are methods of securing email, however – one of these is worth noting as a free solution – GNUPG http://www.gnupg.org/ and it is worth considering if you need to send any information that you feel is sensitive.  GNUPG can be used for digital signing of emails (proving that the email is really from you) and also for the encryption of emails using a private key pair.

There are resources on the use of GNUPG on the site, and it can be used on a variety of platforms (Windows, Linux, Mac) etc.

Thanks go to Simon Butler for this (aka. Sembee on Experts-Exchange or http://www.amset.info).  His resources on this helped me iron out the problems and get this working beautifully!

I’d struggled getting RPC/HTTPS working for ages using a self -signed certificate, and while it’s still recommended using a purchased certificate, I needed to get a particular user working extremely quickly – within about 4 hours.  Waiting for appropriate DNS to propogate to get the cert approved wasn’t an option so the existing self signed cert I used for OWA was the only option…

NOTE:  THIS SOLUTION INVOLVES EDITING THE REGISTRY ON YOUR SBS SERVER – USE AT YOUR OWN RISK!

First things first, the certificate needed to be installed in the Root Certification Authorities store on the client machine.  Note that adding the cert to the default store WILL NOT work.

Then create split DNS by adding the corresponding external DNS zone to your internal DNS server, and a host record for the SBS server.  Remember, if your external web site is hosted externally you need to ensure that there is an A record that points to the web servers IP address.

Next, a couple of Registry keys needed to be added (I would have never have sussed this if it wasn’t for the resources on Amset!). A reg key needs to be created on the SBS server as follows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters]
“NSPI Interface protocol sequences”=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00, 68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00

Copy and paste the above into notepad and save with a .reg extension, then run.  This will create a key that looks like:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters Type REG_MULTI_SZ Name: NSPI Interface protocol sequences Value: ncacn_http:6004

Next on the Exchange server (this will be the same machine if using SBS) a different registry key needs to be created:

NOTE: THIS NEEDS TO BE ON A SINGLE LINE AND EDITED TO SHOW SERVER SETTINGS FOR YOUR SERVER

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcRpcProxy]
“ValidPorts”=”server:100-5000; server:6001-6002; server:6004;server.domain.local:6001-6002; server.domain.local:6004; mail.external.com:6001-6002; mail.external.com:6004;”

Save as a .reg file and run.

Then simply configure Outlook to use RPC over HTTPS and specify the FQDN of the server.  You can test the connection by holding CTRL and right-clicking the Outlook icon, then looking at the Connection Status in the taskbar.  If it is trying to resolve the external FQDN of the server then Outlook is configured correctly. Then just ensure that port 443 on your firewall is forwarded to the SBS server….

….sorted :)

The Project

Having now got my head around working with Linux, I’ll be putting what I know to the test with a large(r) project.

I have a Dell Poweredge 1600SC server left over from a former enterprise at home – this currently runs Windows Server 2003, with Exchange 2003. It has a 73Gb RAID 5 array with SCSI disks and has dual NICS. It also hosts a couple of websites and has a Quantum DLT 80/160 drive I’ve been toying with the idea of selling it (all licences are legit, OEM and included), but I’m now leaning towards integrating it into this project. I also run a knackered old P75 with IPCop.

The scope of the project is to bring the server functionality and firewall under the same box. Yes this is less effective from a security perspective (particularly when you consider I’ve done nothing on this scale on Linux before, and therefore am likely to create a couple of vulnerabilities inadvertently), but it’s a learning curve and I’m keen to try my hand at something like this. I’m fully aware that there are some open source projects that include a lot of these features “out-of-the-box”, such as Ebox but I want to have a go at this as a project to test what I’ve learned over the last year or so…

The server will need to do the following:

a) Security -Firewalling
b) Mail Server supporting IMAP (and possibly Pop3)
c) File Server – Limited number of files, but will need to be accessible from Linux/Windows machines
d) Webmail – so mail can be collected from externally

in addition to this, I would like some extra functionality, but this is not a necessity.

e) IDS
f) Traffic Shaping/monitoring
g) Some fom of VPN server
h) Calendar server…..this might be useful for Linda managing her appointments

The Plan

Job number one of course is to back up data. This mainly constitutes Exchange Mailboxes so I’ll be exmerging data out into .pst files to start with. Migrating the mailboxes (as there aren’t many) can be done throughThunderbird or even in an Outlook client!

Next I’ll be grabbing a list of all hardware – i’ll need appropriate modules to manage my Raid 5 array, so controller details are essentialTo start with my base system will be Fedora Core 8 – I’ve been using Fedora as my work box, and I like the feel of it and have kind of got used to it. Plus Fedora seems very stable, the repositories contain most of the items i’ll need and the package management is really straightforward. As soon as the core system is on there and SSH is up and running, the box will be headless as well, so it’ll be shell acess only. I’ll be starting with an absolute minimal install to ensure reasonable security steps.

At this stage, additional packages will be:

Security/IDS – IPTables, Netfilter, TCPDump, libpcap, Snort
Mail Server – Dovecot(or Courier – not sure yet), Qmail, Squirrelmail web interface, ClamAV, Spamassasin
File Server – Samba, NFS
Calendar – Using WebDAV
Web server – Apache
Monitoring – ntop, logs for each package
VPN – Openswan, OpenVPN

Thats the list so far – if anyone has any comments or advice, I’m open to suggestion…..

A couple of people have asked me about what causes the accursed “red cross” when editing/composing an email in OWA in Vista and newer versions of internet explorer and how to resolve it.

It turns out Microsoft have discontinued support for the ActiveX control that is used in the OWA Compose/Edit window, but have released a hotfix here:

http://support.microsoft.com/kb/911829

Fortunately it doesn’t require a restart of the Exchange server….