Sunday, March 28, 2010

This blog has moved


This blog is now located at http://blog.laurence.id.au/.
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to
http://blog.laurence.id.au/rss.xml.

Monday, March 22, 2010

Running PEAP with Cisco Aeronet 1231G and Cisco Wireless IP Phone 7925G

To run WiFi with WPA and PEAP using Cisco Aeronet and Windows IAS/NPS, you need the following:
  • Cisco Aeronet Access Point
  • Windows Server (2003/2008) running IAS/NPS as the Radius server
  • Server authentication certificate (commercial or self-signed)

Setting the Access Point

Login to the access point using HTTP/HTTPS, navigate to Security - Server Manager

1

Create a new radius server, point it to the Windows IAS/NPS (installed later). Speficy the shared secret and port for authentication and accounting

2

Set the default server priorities to or the new Radius server's IP address you just added

3

Navigate to Security - SSID Manager

4

Create a new SSID, attach it to the VLAN and tick the Radio checkbox

5

For Client Authentication Settings, tick Open Authentication with EAP and Network EAP. Change the Server Priorities to Customize or use defaults

6

For Client Authentication Key Management, select Mandatory for Key Management and tick WPA

7

SSID Settings. (optional) select Multiple SSID if you are running this SSID as multiple SSID

8

Navigate to Security - Encryption Manager

9

Select Encryption Modes to Chipher with AES CCMP + TKIP

10

Select Encryption Keys to Key 2 and let the value blank

11

Setting IAS/NPS

Once the NPS installed, run the wizard to setup the Wireless network.
We need to add a radius client which is the IP address of the Cisco Access Point

12

Navigate to Advancced tab, select the vendor name to Cisco

13

Navigate to Policies and select Connection Request Policies. Select the Secure Wireless Policy

14

Most of the following settings are the default value

15

16

17

18

19

20

21

22

Navigate to Use Windows authentication for all users. The following settings are having the default value

23

24

Navigate to Secure Wireless Connections. The following settings are having the default value

25

We specify which AD Security Group has access to this policy

26

27

Up to this stage, you need to import a server authentication certificate. This can be a commercial certificate or self-signed certificate. If you use self-signed certificate, you need to make sure the clients machine that is going to connect to this WiFi must trust the Root CA who generate this certificate

Select Microsoft Protected EAP (PEAP) and select Edit

28

If you have the certificate installed correctly, you should see the option which certificate you want to use

29

On the Settings tab

30

31

32

33

34

35

36

Wednesday, March 17, 2010

CCNA Voice

Yesterday, I passed the 642-436 CVOICE 6.0 which makes me officially a CCNA Voice, yahoo!! CCVP here I come...

Thursday, March 04, 2010

BES Upgrade 4.1.7 to 5.0.1

Recently we had to upgrade BES 4.1.7 to BES 5.0.1.
We use the following methods and upgrade was a success:

- Prepare the new server (e.g. set local permission for BESadmin, install MAPI Client and CDO, etc)

- Stop and disable all the BES Services on the old BES

- (optional) Take a backup of the BESMgmt database from the old SQL server

- From the new BES Server, run the Tools\BB50preptool.exe, specify the old SQL server and the BESMgmt database. This will prepare the database to be upgradable to ver 5.x

- Take another backup of the BESMgmt database

- Restore the database to the new SQL server

- Edit the database

In SQL Manager expand the BESMgmt database and select Tables. In the centre window right mouse click ServerConfig and select Open Table. Now edit the columns below and update them to display the new server name

-ServiceName
-MachineName
-RPCEndPoint (only edit the name after “\pipe\BESMonitor” )

Still within the ServerConfig table scroll to the MDSAGConfigId column and ensure it is set to NULL. Now close the ServerConfig table and reselect the Tables fold in the left column and locate the MDSAGConfig table in the centre section. Once again right mouse click and select Open Table and ensure you can only see one row containing all NULL values. If a row containing server settings appears select that entire row and delete it.

You can now close the MDSAGConfig table and we can now be assure no old MDS Service settings are migrated and they can be installed fresh on this new server.

Now select the Tables folder in the left column again. In the centre window right mouse click MDSConfig and select Open Table. Now edit the columns below and update them to display the new server name.
-MDSHost
-MachineName
-ServerName (only edit the name before “_MDS-CS_X”)

- From the new BES Server, run the setup.exe. Select use existing database and point it to the new SQL server

After finished installing, reboot the BES Server

You may get the following error in the System Event Log:

Application popup: BBConvert.exe - System Error : The program can't start because WMVCore.DLL is missing from your computer. Try reinstalling the program to fix this problem.

If so, run the following command: (for Windows 2008 R2)

Pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"