I have been getting this error message from our SharePoint server:
Time: 20071227163429.000000+660
Type: Error
Event ID: 6482
Message: Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchAdminSharedWebServiceInstance (6de3e5d2-33f9-4223-a750-284f8d826641).
Reason: Not enough storage is available to process this command.
Techinal Support Details:
System.Runtime.InteropServices.COMException (0x80070008): Not enough storage is available to process this command.
Server stack trace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_IsContainer()
at System.DirectoryServices.DirectoryEntries.CheckIsContainer()
at System.DirectoryServices.DirectoryEntries.Find(String name, String schemaClassName)
at Microsoft.SharePoint.AdministrationOperation.Metabase.MetabaseObjectCollection`1.Find(String name)
at Microsoft.SharePoint.AdministrationOperation.Metabase.MetabaseObjectCollection`1.get_Item(String name)
at Microsoft.SharePoint.AdministrationOperation.SPProvisioningAssistant.ProvisionIisApplicationPool(String name, ApplicationPoolIdentityType identityType, String userName, SecureString password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)
at Microsoft.SharePoint.AdministrationOperation.SPAdministrationOperation.DoProvisionIisApplicationPool(String name, Int32 identityType, String userName, String password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.PrivateProcessMessage(RuntimeMethodHandle md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.SharePoint.AdministrationOperation.SPAdministrationOperation.DoProvisionIisApplicationPool(String name, Int32 identityType, String userName, String password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)
at Microsoft.SharePoint.Administration.SPMetabaseManager.ProvisionIisApplicationPool(String name, Int32 identityType, String userName, SecureString password, TimeSpan idleTimeout, TimeSpan periodicRestartTime)
at Microsoft.Office.Server.Administration.SharedWebServiceInstance.Synchronize()
at Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob) http://eventid.net/display.asp?eventid
and
Time: 20071227163341.000000+660
Type: Error
Event ID: 6398
Message: The Execute method of job definition Microsoft.Office.Server.Administration.ApplicationServerAdministrationServiceJob (ID 60dda38f-4b1d-4286-a12d-3cfbb8eb02b8) threw an exception. More information is included below.
Old format or invalid type library.
There are a lot of talks about this issue on the Net - solution with hotfix: KB923145 or KB923028 - but I am not convinced that was the solution for this issue.
The work around is to reboot the server - but this is not a solution at all for a production server!
To temporarily stop this event error, restart the "Windows SharePoint Services Administration" and "Windows SharePoint Services Timer" services.
I hope SP1 will fix this issue :)
Thursday, December 27, 2007
Monday, December 24, 2007
BlackBerry Enterprise Server Upgrade
If you have a plan to upgrade your BES from version 4.0 to version 4.1, read on...
There are 3 methods of upgrade options: in-place, cutover and phased. I am going to show you the cutover method which installs the new BES on the new computer and migrates database from the old BES to the new one.
Let's assume your existing server name is oldbes, the new server name is newbes. You have an AD service account called: besadmin and your MSDE configuration database is stored in BESMgmt
Step-by-step
There are 3 methods of upgrade options: in-place, cutover and phased. I am going to show you the cutover method which installs the new BES on the new computer and migrates database from the old BES to the new one.
Let's assume your existing server name is oldbes, the new server name is newbes. You have an AD service account called: besadmin and your MSDE configuration database is stored in BESMgmt
Step-by-step
- Install Windows 2003 + SP2 on the new server and name it newbes. Join to the domain where the oldbes server domain is located. Give a temporary static IP address
- Add besadmin as a local administrator and give right to 'Log on as a service' in the local security settings of the newbes computer
- Login to the oldbes computer as besadmin; we are going to backup the database (MSDE): Open the cmd prompt and run:
osql -E
1> backup database BESMgmt to disk="C:\BESMgmt.bak"
2> go
3> quit
- Login to the newbes computer as besadmin; install the MSDEA from microsoft with the following command, and start the MSSQLSERVER service and change the startup type to automatic:
setup.exe SAPWD="yoursapassword"
- Download the MAPI client and CDO from Microsoft, and install it on newbes computer
- Restore the database to the newbes computer (login as besadmin); copy the BESMgmt.bak file from the oldbes computer to C:\ drive of newbes computer. Open the command prompt:
osql –E
1> restore database BESMgmt from disk = “C:\BESMgmt.bak” with recovery, replace
2> go
3> quit
- Login to oldbes computer as besadmin, and stop all BES services and change all the services startup type to disabled. Change the IP address of oldbes to different IP address; Change the IP address of newbes to oldbes's old IP address - this to make sure the Firewall still allow port 3101 outbound to RIM from the newbes computer
- Now depending on your service pack level of BES installed on the oldbes computer, you need to install them again exactly to the same service pack level on the newbes computer. For example: if your oldbes is version 4.0.6, then you need to install the same version of BES to the newbes computer
- During the installation on the newbes, it will ask you for the "BlackBerry Server Name:" you need to give the oldbes computer name, NOT the newbes!
- Once you have got to the same service pack level installed on the newbes computer, start install the 4.1 version of BES; It will ask you to upgrade the database, and Click Yes to upgrade the database
- Follow the rest of the installation and you are done!
Thursday, December 13, 2007
BartPE with USB key
I've got this working finally - install BartPE to USB key. With additional plugins, this helps a lot when you want to 'ghost' and doing other stuff
steps:
Buy a USB flash disk > 1 GB
Download the latest BartPE - link
Install BartPE, e.g. C:\bartpe
Download Windows 2003 SP1 - link
Extract the Windows 2003 SP1 to temp folder:
w2k3sp1.exe -x, e.g. c:\temp
Create a folder in the bartpe:
c:\bartpe\srsp1
Copy the extracted files to the srsp1 folders:
copy c:\temp\i386\setupldr.bin c:\bartpe\srsp1
Expand ramdisk.sys file
expand -r c:\temp\i386\ramdisk.sy_ c:\bartpe\srsp1
Build your BartPE as normal, use the Windows 2003 + SP1 CD as the source files and you must output the file to "BartPE" folder. You do not need to generate ISO file. You might want to add plugins, and drivers before you build this
To format and build the image to the USB Drive - Z: - (first time only):
pe2usb -f Z:
If you do not want to format, just run:
pe2usb Z:
steps:
Buy a USB flash disk > 1 GB
Download the latest BartPE - link
Install BartPE, e.g. C:\bartpe
Download Windows 2003 SP1 - link
Extract the Windows 2003 SP1 to temp folder:
w2k3sp1.exe -x, e.g. c:\temp
Create a folder in the bartpe:
c:\bartpe\srsp1
Copy the extracted files to the srsp1 folders:
copy c:\temp\i386\setupldr.bin c:\bartpe\srsp1
Expand ramdisk.sys file
expand -r c:\temp\i386\ramdisk.sy_ c:\bartpe\srsp1
Build your BartPE as normal, use the Windows 2003 + SP1 CD as the source files and you must output the file to "BartPE" folder. You do not need to generate ISO file. You might want to add plugins, and drivers before you build this
To format and build the image to the USB Drive - Z: - (first time only):
pe2usb -f Z:
If you do not want to format, just run:
pe2usb Z:
USB drive won't get assigned drive letter automatically
I had this issue with my computer:
when I plug in any USB drive to my computer, the disk management can see the drive, but it won't assign any drive letter to it. I have to assign the letter manually before I can see the files in it.
To fix it, I disable a service called: SPTD
go to the regedit:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd
change the Start key from 0 (start) to 4 (disable)
when I plug in any USB drive to my computer, the disk management can see the drive, but it won't assign any drive letter to it. I have to assign the letter manually before I can see the files in it.
To fix it, I disable a service called: SPTD
go to the regedit:
My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd
change the Start key from 0 (start) to 4 (disable)
Monday, November 19, 2007
Unified Communications Launch 2007
Today, I was attending the Microsoft Unified Communications Launch 2007 at Westin, Sydney. It was a great event - there were talk about Exchange 2007 UM with voice-mailbox, Office Communication Server 2007 (OCS) architecture, OCS integration with existing PABX environment with mediation server and how Microsoft IT deployed OCS to its corporate environment!
Thanks to Jabra for giving us a free headset! :)
For more details: click here
Sunday, November 11, 2007
Flex dynamically create ComboBox with dataProvider from HTTPService
Well, now I am working on my own (sponsored) project during my free time. Cut the long story short, I have been working on Stock Control application for a major eBay seller in Australia. The project has been running for about 4 years now. The application is complex and fun, it supports multiple sites and items synchronization.
The existing application runs on PHP5 and MySQL. Furthermore, NUSOAP is also used to support third-party Web Service API calls to the application.
Fun has the limit for this project until I recently come out with the idea to re-design the client user interface (UI) and the integration layer to connect to the existing business/backend layer. I have decided to taste the sweetness of Flex and Zend Framework and they are awesome!
Flex uses HTTPService to asynchronously get the data from the PHP that produces XML. This XML is used to bind to a datasource for a Flex component (e.g. ComboBox). If you are using MXML tag to create the ComboBox, and assign the dataProvider to HTTPService result, you won't have issue.
However, if you need to create the ComboBox dynamically using Action Script, when you try to bind the dataSource to the XML result from the HTTPService, you will get an error saying:
Cannot access a property or method of a null object reference
This is because the execution of binding the dataSource to the XML returned from HTTPService is faster than the HTTPService itself, for example:
You have HTTPService and ComboBox objects:
1 var httpTemp:HTTPService = new HTTPService();
2 httpTemp.url = http://www.tempuri.org/xml.php;
3 httpTemp.resultFormat = "e4x";
4 httpTemp.send();
5
6 var newComboBox:ComboBox = new ComboBox();
7 newComboBox.dataProvider = httpTemp.result;
Even though line 4 is executed first, however because it takes a while to return the XML data, thus when line 7 is executed, the httpTemp.result object does not exist yet and error occurs.
To solve this:
Create a bindable vars
[Bindable] public var xmlResult:XML;
[Bindable] public var newComboBox:ComboBox;
Create a result event handler for HTTPService:
private function httpTempResultHandler( e:ResultEvent ):void
{
xmlResult = e.result as XML;
newComboBox.dataProvider = xmlResult.Category;
}
Create the ComboBox object:
//create a new instance of ComboBox
newComboBox = new ComboBox();
var httpTemp:HTTPService = new HTTPService();
Create a dummy result:
var tempString:String = '0 ';
xmlResult = new XML(tempString);
Create a result event listener:
httpTemp.url = "http://www.tempuri.org/xml.php";
httpTemp.resultFormat = "e4x";
//add the result event listener
httpTemp.addEventListener(ResultEvent.RESULT, httpTempResultHandler, false, 0);
httpTemp.send();
Assign the XML to the dataProvider:
newComboBox.dataProvider = xmlResult.Category;
This assigns a dummy result to the dataProvider and when the HTTPService result event handler called, the bind-able xmlResult will be used with the result from the HTTPService.
The existing application runs on PHP5 and MySQL. Furthermore, NUSOAP is also used to support third-party Web Service API calls to the application.
Fun has the limit for this project until I recently come out with the idea to re-design the client user interface (UI) and the integration layer to connect to the existing business/backend layer. I have decided to taste the sweetness of Flex and Zend Framework and they are awesome!
Flex uses HTTPService to asynchronously get the data from the PHP that produces XML. This XML is used to bind to a datasource for a Flex component (e.g. ComboBox). If you are using MXML tag
However, if you need to create the ComboBox dynamically using Action Script, when you try to bind the dataSource to the XML result from the HTTPService, you will get an error saying:
Cannot access a property or method of a null object reference
This is because the execution of binding the dataSource to the XML returned from HTTPService is faster than the HTTPService itself, for example:
You have HTTPService and ComboBox objects:
1 var httpTemp:HTTPService = new HTTPService();
2 httpTemp.url = http://www.tempuri.org/xml.php;
3 httpTemp.resultFormat = "e4x";
4 httpTemp.send();
5
6 var newComboBox:ComboBox = new ComboBox();
7 newComboBox.dataProvider = httpTemp.result;
Even though line 4 is executed first, however because it takes a while to return the XML data, thus when line 7 is executed, the httpTemp.result object does not exist yet and error occurs.
To solve this:
Create a bindable vars
[Bindable] public var xmlResult:XML;
[Bindable] public var newComboBox:ComboBox;
Create a result event handler for HTTPService:
private function httpTempResultHandler( e:ResultEvent ):void
{
xmlResult = e.result as XML;
newComboBox.dataProvider = xmlResult.Category;
}
Create the ComboBox object:
//create a new instance of ComboBox
newComboBox = new ComboBox();
var httpTemp:HTTPService = new HTTPService();
Create a dummy result:
var tempString:String = '
xmlResult = new XML(tempString);
Create a result event listener:
httpTemp.url = "http://www.tempuri.org/xml.php";
httpTemp.resultFormat = "e4x";
//add the result event listener
httpTemp.addEventListener(ResultEvent.RESULT, httpTempResultHandler, false, 0);
httpTemp.send();
Assign the XML to the dataProvider:
newComboBox.dataProvider = xmlResult.Category;
This assigns a dummy result to the dataProvider and when the HTTPService result event handler called, the bind-able xmlResult will be used with the result from the HTTPService.
Friday, October 19, 2007
MCTS: SQL Server 2005
After about 2 months studying the SQL Server 2005 books, today I took the 70-431 exam and pass with the score 940! I am now Microsoft Certified Technology Specialist (MCTS): SQL Server 2005
It was a great experience to know how great is SQL Server 2005. It has all the capabilities and capacity to host enterprise level data.
High availability is very important these days and SQL server 2005 has the technology to make sure the data is available 24/7/365 through either mirroring, replication, log shipping or snapshot.
The reason for me learning SQL Server 2005 is because the working environment that I am with is full of SQL Server 2005. I need to be able to support them and I need the necessary skills to do the job for mission critical database
Thursday, October 04, 2007
Virtualization Forum 2007
Today, I went to this VMware forum at Darling Harbour.
A lot of talk about Green technology and how hardware vendors with VMWare can reduce the CO2 emission by consolidating servers to Virtual infrastructure.
They were talking about VDI as well - Virtual Desktop Infrastructure - with thin clients, which is cool for large enterprise company with thousands of client PCs.
IBM was talking about their System X Servers which is pretty impressive!
some photos:
Thursday, September 06, 2007
BackupExec 11d - GRT Backup for Exchange 2003
BackupExec 11d has a new feature called GRT - Granular Restore Technology - which allows you to restore emails at the brick level with Information Store backup only!
This is very exciting for most of us who know how painful is doing brick level backup, especially the time it takes.
Now Veritas with its BackupExec product has a great solution for us. This blog will show you a very quick way to make this happen. Of course you can do more tweaking:
1st step - very obvious, install your BackupExec Server
2nd step - once you have finished installing the BackupExec server - install the remote agent to your exchange server
3rd step - Create a backup selection list and choose the Information Store you'd like to backup
4rd step - Create backup-to-disk folder, this to store the backup files
5th step - Create a backup job with the selection list created on the 3rd step, use the backup-to-disk folder as the device and make sure on the Microsoft Exchange settings, tick the checkbox 'Enable the restore of individual mail messages and folders from Information Store backups'
6th step - create an Active Directory account for doing the backup. Make sure this account is mailbox enabled (send a test email to this account to trigger the mailbox creation after the AD account has been created). Run the BackupExec services using this account and use this account for the logon account that runs the backup and restore. Finally, assign this account as a local administrator of the exchange server and delegate this account as an Exchange administrator
Good luck! and I'll be posting again with Exchange 2007 backup
This is very exciting for most of us who know how painful is doing brick level backup, especially the time it takes.
Now Veritas with its BackupExec product has a great solution for us. This blog will show you a very quick way to make this happen. Of course you can do more tweaking:
1st step - very obvious, install your BackupExec Server
2nd step - once you have finished installing the BackupExec server - install the remote agent to your exchange server
3rd step - Create a backup selection list and choose the Information Store you'd like to backup
4rd step - Create backup-to-disk folder, this to store the backup files
5th step - Create a backup job with the selection list created on the 3rd step, use the backup-to-disk folder as the device and make sure on the Microsoft Exchange settings, tick the checkbox 'Enable the restore of individual mail messages and folders from Information Store backups'
6th step - create an Active Directory account for doing the backup. Make sure this account is mailbox enabled (send a test email to this account to trigger the mailbox creation after the AD account has been created). Run the BackupExec services using this account and use this account for the logon account that runs the backup and restore. Finally, assign this account as a local administrator of the exchange server and delegate this account as an Exchange administrator
Good luck! and I'll be posting again with Exchange 2007 backup
Saturday, July 21, 2007
Passed ONT (642-845) Today - CCNP -
Yes!! Finally, the final fourth exam, Optimizing Converged Cisco Networks (ONT), was done today with the score 955/1000.
This marks special moment in my career as a Certified Cisco Network Professionals (CCNP). I learnt a lot of new stuff when studied for this certification. It is the best certification so far :)
Next one is probably CCDP
This marks special moment in my career as a Certified Cisco Network Professionals (CCNP). I learnt a lot of new stuff when studied for this certification. It is the best certification so far :)
Next one is probably CCDP
Sunday, July 15, 2007
Cisco ISCW Exam Passed!
I have passed the 3rd Cisco exam toward the CCNP.
It is the ISCW, and my score is 966/1000!!
This is the best exam so far of getting the current knowledge; it includes:
It is the ISCW, and my score is 966/1000!!
This is the best exam so far of getting the current knowledge; it includes:
- site-to-site VPN
- ADSL configuration with PPPoE and PPPoA
- SDM
Wednesday, July 04, 2007
The Best PST Password Recovery Utility
I've been trying to recover a PST file for the last 4 weeks!
Yes, I know there are a lot of utilities out there that promise you to recover the password of your PST file.
I tell you something, none of them is able to recover a password of a PST file that has a size of 4.0 GB - yes it is four GIG! All of them saying the file is corrupted! but it is not.
Only one utility can open the file and recover the password: PstPassword
This is the best utility for this matter, it is free and it works!
The website has a lot of other utilities, check it out.
Yes, I know there are a lot of utilities out there that promise you to recover the password of your PST file.
I tell you something, none of them is able to recover a password of a PST file that has a size of 4.0 GB - yes it is four GIG! All of them saying the file is corrupted! but it is not.
Only one utility can open the file and recover the password: PstPassword
This is the best utility for this matter, it is free and it works!
The website has a lot of other utilities, check it out.
Sunday, July 01, 2007
Cisco BCMSN Exam Passed!
I have passed the 2nd Cisco exam toward the CCNP.
It is the BCMSN, and my score is 978/1000!!
2 more 2 go :)
It is the BCMSN, and my score is 978/1000!!
2 more 2 go :)
Sunday, June 24, 2007
Checkpoint and Cisco site-to-site VPN
This guide shows you how to create site-to-site VPN tunnel between checkpoint firewall and cisco router. Let's begin:
Checkpoint
IP address: 1.1.1.2
Network behind: 172.20.200.0/24
Create a network object that is the network that will be sitting behind the new Cisco router
Set the NAT – for Internet routing
Create a network object that is the network that will be sitting behind Checkpoint firewall:
Set the NAT – for Internet routing
Create a new interoperable device on CheckPoint for Cisco router
On Topology option, add external Interface
Note picture above is wrong (should be 1.1.1.1) – sorry$
Mark it as an external interface
Create an internal Interface:
Mark it as an Internal interface which leads to the network behind Cisco router
On the VPN domain option, choose manually defined: and assign the network that is behind Cisco router
On the VPN Manager, create a new community or join the new interoperable device to the existing community (either meshed or star)
Create a new one:
On the participating gateway, put the Cisco router and Checkpoint firewall
On the VPN properties, make sure the phase 1 and phase 2 is having the same setup in both Cisco (later) and Checkpoint
In this example we are using 3des-md5 for phase 1 and aes-128-md5 for phase 2
On the Advanced Properties, make sure the phase 1 and phase 2 is having the same setup in both Cisco (later) and Checkpoint
In this example we are using group 2 for phase 1 diffie-hellman group
Disable NAT inside VPN community – so that site-to-site VPN is not Natted
On Shared Secret page, put the share secret on to be used with Cisco router:
Create a rule in Checkpoint firewall to encrypt the traffic between network behind each firewall:
Push the policy to the CheckPoint firewall!
Cisco
IP address: 1.1.1.1
Network behind: 172.20.199.0/24
Create the isamkmp policy:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
Create the crypto key:
crypto isakmp keyaddress 1.1.1.2 no-xauth
where shared-key is the shared key you setup in Checkpoint and 1.1.1.2 is the checkpoint IP address
Create transform set:
crypto ipsec transform-set cm-transformset-1 esp-aes esp-md5-hmac
Create the crypto-map:
crypto map cm-cryptomap 1 ipsec-isakmp
description VPN tunnel to Checkpoint
set peer 1.1.1.2
set security-association lifetime seconds 28800
set transform-set cm-transformset-1
match address 111
Create the outbound access list inside VPN (allow Cisco network to Checkpoint network):
access-list 111 permit ip 172.20.199.0 0.0.0.255 172.20.200.0 0.0.7.255
Create the inbound access list for external interface:
access-list 101 permit icmp any any
access-list 101 permit ip 1.1.1.2 0.0.0.0 any
access-list 101 permit ip 172.20.200.0 0.0.0.255 any
access-list 101 deny ip any any log
Assign crypto-map to the external interface:
interface Serial0/0
bandwidth 2048
ip address 1.1.1.1 255.255.255.0
ip access-group 101 in
no ip proxy-arp
ip nat outside
ip route-cache flow
no cdp enable
crypto map cm-cryptomap
Configure internal interface:
interface FastEthernet0/0
description Cisco LAN
ip address 172.20.199.254 255.255.255.0
no ip proxy-arp
ip nat inside
ip route-cache flow
speed 100
full-duplex
ntp broadcast
no cdp enable
Create the NAT rule:
ip nat inside source route-map nonat interface Serial0/0 overload
route-map nonat permit 10
match ip address 150
Create access list for NAT:
Do-not NAT traffic between sites
NAT everything else
access-list 150 deny ip 172.20.199.0 0.0.0.255 172.20.200.0 0.0.0.255
access-list 150 permit ip 172.20.199.0 0.0.0.255 any
Checkpoint
IP address: 1.1.1.2
Network behind: 172.20.200.0/24
Create a network object that is the network that will be sitting behind the new Cisco router
Set the NAT – for Internet routing
Create a network object that is the network that will be sitting behind Checkpoint firewall:
Set the NAT – for Internet routing
Create a new interoperable device on CheckPoint for Cisco router
On Topology option, add external Interface
Note picture above is wrong (should be 1.1.1.1) – sorry$
Mark it as an external interface
Create an internal Interface:
Mark it as an Internal interface which leads to the network behind Cisco router
On the VPN domain option, choose manually defined: and assign the network that is behind Cisco router
On the VPN Manager, create a new community or join the new interoperable device to the existing community (either meshed or star)
Create a new one:
On the participating gateway, put the Cisco router and Checkpoint firewall
On the VPN properties, make sure the phase 1 and phase 2 is having the same setup in both Cisco (later) and Checkpoint
In this example we are using 3des-md5 for phase 1 and aes-128-md5 for phase 2
On the Advanced Properties, make sure the phase 1 and phase 2 is having the same setup in both Cisco (later) and Checkpoint
In this example we are using group 2 for phase 1 diffie-hellman group
Disable NAT inside VPN community – so that site-to-site VPN is not Natted
On Shared Secret page, put the share secret on to be used with Cisco router:
Create a rule in Checkpoint firewall to encrypt the traffic between network behind each firewall:
Push the policy to the CheckPoint firewall!
Cisco
IP address: 1.1.1.1
Network behind: 172.20.199.0/24
Create the isamkmp policy:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
Create the crypto key:
crypto isakmp key
where shared-key is the shared key you setup in Checkpoint and 1.1.1.2 is the checkpoint IP address
Create transform set:
crypto ipsec transform-set cm-transformset-1 esp-aes esp-md5-hmac
Create the crypto-map:
crypto map cm-cryptomap 1 ipsec-isakmp
description VPN tunnel to Checkpoint
set peer 1.1.1.2
set security-association lifetime seconds 28800
set transform-set cm-transformset-1
match address 111
Create the outbound access list inside VPN (allow Cisco network to Checkpoint network):
access-list 111 permit ip 172.20.199.0 0.0.0.255 172.20.200.0 0.0.7.255
Create the inbound access list for external interface:
access-list 101 permit icmp any any
access-list 101 permit ip 1.1.1.2 0.0.0.0 any
access-list 101 permit ip 172.20.200.0 0.0.0.255 any
access-list 101 deny ip any any log
Assign crypto-map to the external interface:
interface Serial0/0
bandwidth 2048
ip address 1.1.1.1 255.255.255.0
ip access-group 101 in
no ip proxy-arp
ip nat outside
ip route-cache flow
no cdp enable
crypto map cm-cryptomap
Configure internal interface:
interface FastEthernet0/0
description Cisco LAN
ip address 172.20.199.254 255.255.255.0
no ip proxy-arp
ip nat inside
ip route-cache flow
speed 100
full-duplex
ntp broadcast
no cdp enable
Create the NAT rule:
ip nat inside source route-map nonat interface Serial0/0 overload
route-map nonat permit 10
match ip address 150
Create access list for NAT:
Do-not NAT traffic between sites
NAT everything else
access-list 150 deny ip 172.20.199.0 0.0.0.255 172.20.200.0 0.0.0.255
access-list 150 permit ip 172.20.199.0 0.0.0.255 any
Sunday, May 27, 2007
Encode movies to Zune player
Since I've got my Zune player from Microsoft, I could not sync some movies to it. Those movies are Microsoft Webcast files, weird huh? Yes! On Demand Webcast is using .wmv file format and Zune player supports .wmv format, but it's just does not work.
The only way to do it is to convert the webcast file to Zune 'compatible' format. There are many products available on the market to do this, but they are not free.
Alternatively, you can use the Windows Media Encoder 9 to help you to encode the .wmv file to be Zune 'compatible' format.
I've created a video how to do it, and posted it on Youtube - have fun :)
The only way to do it is to convert the webcast file to Zune 'compatible' format. There are many products available on the market to do this, but they are not free.
Alternatively, you can use the Windows Media Encoder 9 to help you to encode the .wmv file to be Zune 'compatible' format.
I've created a video how to do it, and posted it on Youtube - have fun :)
Thursday, May 17, 2007
Citrix Conference 2007
Today is the Citrix day.
Darling Harbour was the place for Citrix Conference 2007!
Citrix has got a great range of solutions for Enterprise:
- Presentation Server
- Desktop Server
- Access Gateway
- WANScaler
- NetScaler
WANScaler rocks as well!! It optimizes traffic between main office and branch offices by caching and compressing the data and use token to simplify the traffic.
There is a new coming appliance product which is based on Citrix and Microsoft technology, not available yet now. They are saying this product can be used as a Domain Controller at branch office as well as the WANScaler!
Some notes from the session about upgrading to Presentation Server 4.5:
- Parallel Migration
- Build Presentation Server 4.5 Data Store
- Build License Server 4.5 (member server 4.5 does not work with earlier version of license server)
- Build new zone data collector
- Create a Web Interface Site 4.5 (using access management console -> create site)
- Add Server Farms
- Migrate Servers (install PS4.5 to the existing member server - note: maske sure the one that has data store installed is the last one to be migrated
- In-place Upgrade (insert the CD to the existing server and install)
- First to upgrade -> License Server
- Upgrade Farm Metric Server
- Upgrade Consoles
- Upgrade Web Interface 4.5
- Upgrade Zone data collector
- Upgrade Member Server
Tuesday, May 15, 2007
APAC SharePoint Conference 2007 - 1st Day
Today, I attended the 1st day of APAC SharePoint Conference 2007 in Hilton, Sydney.
Very exciting !! met a lot of MVPs and SharePoint guru from Microsoft and the Partners. I was attending cool stuff sessions about InfoPath 2007, Groove 2007, Security and Disaster Recovery.
If you don't know what Groove is, check this and this out. It is basically the collaboration tool you can use to share files securely, collaborate with other people around the world without having to worry about the underlying infrastructure such as the firewall.
Met with Joel Oleson - check his blog here. One of the most active SharePoint blogger dude :)
Some pictures:
Sunday, May 13, 2007
Microsoft Zune
Ahh... finally, after 3 months - the most existing gadget has arrived safely to Sydney, Australia :)
It is the reward for winning the Microsoft ASAP Pro Infrastructure Architect design contest on February 2007.
The Zune looks great - and it's got the most existing Digital FM Radio! However, it is very hard to find any accessories on the market, since it is not officially released in Australia yet by Microsoft.
Some pictures:
It is the reward for winning the Microsoft ASAP Pro Infrastructure Architect design contest on February 2007.
The Zune looks great - and it's got the most existing Digital FM Radio! However, it is very hard to find any accessories on the market, since it is not officially released in Australia yet by Microsoft.
Some pictures: