Sunday, March 28, 2010
This blog has moved
This blog is now located at http://blog.laurence.id.au/.
You will be automatically redirected in 30 seconds, or you may click here.
For feed subscribers, please update your feed subscriptions to
http://blog.laurence.id.au/rss.xml.
Monday, March 22, 2010
Running PEAP with Cisco Aeronet 1231G and Cisco Wireless IP Phone 7925G
- Cisco Aeronet Access Point
- Windows Server (2003/2008) running IAS/NPS as the Radius server
- Server authentication certificate (commercial or self-signed)
Setting the Access Point
Login to the access point using HTTP/HTTPS, navigate to Security - Server Manager
Create a new radius server, point it to the Windows IAS/NPS (installed later). Speficy the shared secret and port for authentication and accounting
Set the default server priorities to
Navigate to Security - SSID Manager
Create a new SSID, attach it to the VLAN and tick the Radio checkbox
For Client Authentication Settings, tick Open Authentication with EAP and Network EAP. Change the Server Priorities to Customize or use defaults
For Client Authentication Key Management, select Mandatory for Key Management and tick WPA
SSID Settings. (optional) select Multiple SSID if you are running this SSID as multiple SSID
Navigate to Security - Encryption Manager
Select Encryption Modes to Chipher with AES CCMP + TKIP
Select Encryption Keys to Key 2 and let the value blank
Setting IAS/NPS
Once the NPS installed, run the wizard to setup the Wireless network.
We need to add a radius client which is the IP address of the Cisco Access Point
Navigate to Advancced tab, select the vendor name to Cisco
Navigate to Policies and select Connection Request Policies. Select the Secure Wireless Policy
Most of the following settings are the default value
Navigate to Use Windows authentication for all users. The following settings are having the default value
Navigate to Secure Wireless Connections. The following settings are having the default value
We specify which AD Security Group has access to this policy
Up to this stage, you need to import a server authentication certificate. This can be a commercial certificate or self-signed certificate. If you use self-signed certificate, you need to make sure the clients machine that is going to connect to this WiFi must trust the Root CA who generate this certificate
Select Microsoft Protected EAP (PEAP) and select Edit
If you have the certificate installed correctly, you should see the option which certificate you want to use
On the Settings tab
Wednesday, March 17, 2010
CCNA Voice
Thursday, March 04, 2010
BES Upgrade 4.1.7 to 5.0.1
We use the following methods and upgrade was a success:
- Prepare the new server (e.g. set local permission for BESadmin, install MAPI Client and CDO, etc)
- Stop and disable all the BES Services on the old BES
- (optional) Take a backup of the BESMgmt database from the old SQL server
- From the new BES Server, run the Tools\BB50preptool.exe, specify the old SQL server and the BESMgmt database. This will prepare the database to be upgradable to ver 5.x
- Take another backup of the BESMgmt database
- Restore the database to the new SQL server
- Edit the database
In SQL Manager expand the BESMgmt database and select Tables. In the centre window right mouse click ServerConfig and select Open Table. Now edit the columns below and update them to display the new server name
-ServiceName
-MachineName
-RPCEndPoint (only edit the name after “\pipe\BESMonitor” )
Still within the ServerConfig table scroll to the MDSAGConfigId column and ensure it is set to NULL. Now close the ServerConfig table and reselect the Tables fold in the left column and locate the MDSAGConfig table in the centre section. Once again right mouse click and select Open Table and ensure you can only see one row containing all NULL values. If a row containing server settings appears select that entire row and delete it.
You can now close the MDSAGConfig table and we can now be assure no old MDS Service settings are migrated and they can be installed fresh on this new server.
Now select the Tables folder in the left column again. In the centre window right mouse click MDSConfig and select Open Table. Now edit the columns below and update them to display the new server name.
-MDSHost
-MachineName
-ServerName (only edit the name before “_MDS-CS_X”)
- From the new BES Server, run the setup.exe. Select use existing database and point it to the new SQL server
After finished installing, reboot the BES Server
You may get the following error in the System Event Log:
Application popup: BBConvert.exe - System Error : The program can't start because WMVCore.DLL is missing from your computer. Try reinstalling the program to fix this problem.
If so, run the following command: (for Windows 2008 R2)
Pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"