Sunday, March 28, 2010

This blog has moved

This blog is now located at
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to

Monday, March 22, 2010

Running PEAP with Cisco Aeronet 1231G and Cisco Wireless IP Phone 7925G

To run WiFi with WPA and PEAP using Cisco Aeronet and Windows IAS/NPS, you need the following:
  • Cisco Aeronet Access Point
  • Windows Server (2003/2008) running IAS/NPS as the Radius server
  • Server authentication certificate (commercial or self-signed)

Setting the Access Point

Login to the access point using HTTP/HTTPS, navigate to Security - Server Manager


Create a new radius server, point it to the Windows IAS/NPS (installed later). Speficy the shared secret and port for authentication and accounting


Set the default server priorities to or the new Radius server's IP address you just added


Navigate to Security - SSID Manager


Create a new SSID, attach it to the VLAN and tick the Radio checkbox


For Client Authentication Settings, tick Open Authentication with EAP and Network EAP. Change the Server Priorities to Customize or use defaults


For Client Authentication Key Management, select Mandatory for Key Management and tick WPA


SSID Settings. (optional) select Multiple SSID if you are running this SSID as multiple SSID


Navigate to Security - Encryption Manager


Select Encryption Modes to Chipher with AES CCMP + TKIP


Select Encryption Keys to Key 2 and let the value blank


Setting IAS/NPS

Once the NPS installed, run the wizard to setup the Wireless network.
We need to add a radius client which is the IP address of the Cisco Access Point


Navigate to Advancced tab, select the vendor name to Cisco


Navigate to Policies and select Connection Request Policies. Select the Secure Wireless Policy


Most of the following settings are the default value









Navigate to Use Windows authentication for all users. The following settings are having the default value



Navigate to Secure Wireless Connections. The following settings are having the default value


We specify which AD Security Group has access to this policy



Up to this stage, you need to import a server authentication certificate. This can be a commercial certificate or self-signed certificate. If you use self-signed certificate, you need to make sure the clients machine that is going to connect to this WiFi must trust the Root CA who generate this certificate

Select Microsoft Protected EAP (PEAP) and select Edit


If you have the certificate installed correctly, you should see the option which certificate you want to use


On the Settings tab








Wednesday, March 17, 2010

CCNA Voice

Yesterday, I passed the 642-436 CVOICE 6.0 which makes me officially a CCNA Voice, yahoo!! CCVP here I come...

Thursday, March 04, 2010

BES Upgrade 4.1.7 to 5.0.1

Recently we had to upgrade BES 4.1.7 to BES 5.0.1.
We use the following methods and upgrade was a success:

- Prepare the new server (e.g. set local permission for BESadmin, install MAPI Client and CDO, etc)

- Stop and disable all the BES Services on the old BES

- (optional) Take a backup of the BESMgmt database from the old SQL server

- From the new BES Server, run the Tools\BB50preptool.exe, specify the old SQL server and the BESMgmt database. This will prepare the database to be upgradable to ver 5.x

- Take another backup of the BESMgmt database

- Restore the database to the new SQL server

- Edit the database

In SQL Manager expand the BESMgmt database and select Tables. In the centre window right mouse click ServerConfig and select Open Table. Now edit the columns below and update them to display the new server name

-RPCEndPoint (only edit the name after “\pipe\BESMonitor” )

Still within the ServerConfig table scroll to the MDSAGConfigId column and ensure it is set to NULL. Now close the ServerConfig table and reselect the Tables fold in the left column and locate the MDSAGConfig table in the centre section. Once again right mouse click and select Open Table and ensure you can only see one row containing all NULL values. If a row containing server settings appears select that entire row and delete it.

You can now close the MDSAGConfig table and we can now be assure no old MDS Service settings are migrated and they can be installed fresh on this new server.

Now select the Tables folder in the left column again. In the centre window right mouse click MDSConfig and select Open Table. Now edit the columns below and update them to display the new server name.
-ServerName (only edit the name before “_MDS-CS_X”)

- From the new BES Server, run the setup.exe. Select use existing database and point it to the new SQL server

After finished installing, reboot the BES Server

You may get the following error in the System Event Log:

Application popup: BBConvert.exe - System Error : The program can't start because WMVCore.DLL is missing from your computer. Try reinstalling the program to fix this problem.

If so, run the following command: (for Windows 2008 R2)

Pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"