Micro$oft, what the.... ???

Got these a lot on my server for the last 4 days:

The IP 157.56.162.105 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 157.56.162.105:

Lines containing IP:157.56.162.105 in /var/log/auth.log

Aug 11 20:40:08 x sshd[60929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.56.162.105  user=root
Aug 11 20:40:10 x sshd[60929]: Failed password for root from 157.56.162.105 port 62640 ssh2
Aug 11 20:40:10 x sshd[60929]: Received disconnect from 157.56.162.105: 11: Bye Bye [preauth]
Aug 11 20:40:18 x sshd[60931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.56.162.105  user=root
Aug 11 20:40:20 x sshd[60931]: Failed password for root from 157.56.162.105 port 1112 ssh2
Aug 11 20:40:20 x sshd[60931]: Connection closed by 157.56.162.105 [preauth]
Aug 11 20:50:17 x sshd[60935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.56.162.105  user=root
Aug 11 20:50:18 x sshd[60935]: Failed password for root from 157.56.162.105 port 1064 ssh2
Aug 11 20:50:19 x sshd[60935]: Received disconnect from 157.56.162.105: 11: Bye Bye [preauth]
Aug 11 20:50:21 x sshd[60937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.56.162.105  user=root
Aug 11 20:50:23 x sshd[60937]: Failed password for root from 157.56.162.105 port 62560 ssh2
Aug 11 20:50:23 x sshd[60937]: Received disconnect from 157.56.162.105: 11: Bye Bye [preauth]
Aug 11 20:50:29 x sshd[60939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.56.162.105  user=root
Aug 11 20:50:31 x sshd[60939]: Failed password for root from 157.56.162.105 port 1184 ssh2
Aug 11 20:50:31 x sshd[60939]: Received disconnect from 157.56.162.105: 11: Bye Bye [preauth]
Aug 11 21:00:34 x sshd[60943]: Connection closed by 157.56.162.105 [preauth]

and guess who owns the 157.56.162.105?

Securing SSH Server with fail2ban and Email Notification

I use fail2ban to secure my SSH server, using the following guide

https://help.ubuntu.com/community/Fail2ban

this helps me to ban the IP address and notify me by email of the failed attempt
and I use the following script to notify me by email of the successful login

edit or create /etc/sshd/sshrc

DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`

echo "Subject: SSH Login Successfully" > /tmp/mail.content
echo "$DATE, user $USER just logged in from $IP ($REVERSE)" >> /tmp/mail.content 

sendmail -f "MyBox <fromemail@domain.tld>" -t "Lau, Laurence <me@domain.tld>" -s smtprelay.domain.tld < /tmp/mail.content &

MCSA 2012

Yay! just passed Microsoft Exam 70-417 and officially MCSA 2012

SMTP TLS Authentication Testing

To test the SMTP connection, sometimes we are using telnet to port 25 and run some SMTP commands to diagnose the problems. What if you want to test the SMTP authentication using telnet? What if the SMTP server only authenticates on TLS only?

To test whether your SMTP support authentication, try the following

telnet your-smtp-server.domain.tld 25

Connected to your-smtp-server.domain.tld.
Escape character is '^]'.
220 your-smtp-server.domain.tld ESMTP

EHLO localhost
250-your-smtp-server.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

As you can see, the responds from the SMTP server after your issued EHLO localhost command, is that it does not support Authentication, however it supports TLS (250-STARTTLS)

So now we can try to communicate using TLS, with the following

openssl s_client -starttls smtp -crlf -connect your-smtp-server.domain.tld:25

CONNECTED(00000003)

depth=0 C = AU, ST = NSW, L = Sydney, O = Laurence Corp, OU = IT, CN = your-smtp-server.domain.tld

verify error:num=18:self signed certificate

verify return:1

depth=0 C = AU, ST = NSW, L = Sydney, O = Laurence Corp, OU = IT, CN = your-smtp-server.domain.tld

verify return:1

---

Certificate chain

 0 s:/C=AU/ST=NSW/L=Sydney/O=Laurence Corp/OU=IT/CN=your-smtp-server.domain.tld

   i:/C=AU/ST=NSW/L=Sydney/O=Laurence Corp/OU=IT/CN=your-smtp-server.domain.tld

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIC8jCCAlugAwIBAgIJAMCZFNimordBMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD

VQQGEwJBVTEMMAoGA1UECAwDTlNXMQ8wDQYDVQQHDAZTeWRuZXkxJzAlBgNVBAoM

HkludmVzdGEgUHJvcGVydGllcyBQdHkgTGltaXRlZDELMAkGA1UECwwCSVQxLTAr

BgNVBAMMJG1haWwuYnVpbGRpbmdzZXJ2aWNlcy5pbnZlc3RhLmNvbS5hdTAeFw0x

MzA2MDUwMDQ5MzFaFw0yMzA2MDMwMDQ5MzFaMIGRMQswCQYDVQQGEwJBVTEMMAoG

A1UECAwDTlNXMQ8wDQYDVQQHDAZTeWRuZXkxJzAlBgNVBAoMHkludmVzdGEgUHJv

cGVydGllcyBQdHkgTGltaXRlZDELMAkGA1UECwwCSVQxLTArBgNVBAMMJG1haWwu

YnVpbGRpbmdzZXJ2aWNlcy5pbnZlc3RhLmNvbS5hdTCBnzANBgkqhkiG9w0BAQEF

AAOBjQAwgYkCgYEA3Vys9Nf1CpuBMzPWCIwldQkHY0EdMTAqh8sKhx/xhjOhRxwB

xKsZFrZ1guWBxqt5/JMt40BL80dpS6lLRZrz83TnFUm9FNZwjhD3mD1axqj2o4Nv

NFZ5I3Z3fP2hIj0y+urKVj81th/GMHrUBEBSqHUTGVEuRsCkJFuJIxYwTYMCAwEA

AaNQME4wHQYDVR0OBBYEFPvDIre1ur+c+i1H5EymKQrOU3vhMB8GA1UdIwQYMBaA

FPvDIre1ur+c+i1H5EymKQrOU3vhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF

BQADgYEAEgHjkzqZaZfWxALWTR/KEQsrE3NonN8cDefTtdaPPOaKXYPU/pKvogj2

TwouZpOQ7qaSrvgAMPLSYmMLuVVGzBccygN1f3xAXiTtOzaerLSJeelpYW2I5uRD

OJInTiHuzs/nnQa+3pT0IGS48fJJhn6xEBLsHrVzYl4Ud3iEsgo=

-----END CERTIFICATE-----

subject=/C=AU/ST=NSW/L=Sydney/O=Laurence Corp/OU=IT/CN=your-smtp-server.domain.tld

issuer=/C=AU/ST=NSW/L=Sydney/O=Laurence Corp/OU=IT/CN=your-smtp-server.domain.tld

---

No client certificate CA names sent

---

SSL handshake has read 1564 bytes and written 411 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: zlib compression

Expansion: zlib compression

SSL-Session:

    Protocol  : TLSv1.1

    Cipher    : ECDHE-RSA-AES256-SHA

    Session-ID: 163CF3718E7E3DAD34259654B2510CEFD6CDBFEE0D067FAF6D816C6145D45301

    Session-ID-ctx:

    Master-Key: FEEAB321DE6A876EB0954FB3372A540CC09D3E8F14D4EBBEB8448FE7D6CDADD3DAB9201B7450FDCAA7F2448BC0949AF7

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket lifetime hint: 3600 (seconds)

    TLS session ticket:

    0000 - 8f 85 00 21 ba e2 05 db-9d c2 1c 04 86 29 e2 68   ...!.........).h

    0010 - 1f 62 6a fa b8 d4 9f a6-a9 0b 1a 56 20 60 80 a2   .bj........V `..

    0020 - d0 67 1a 16 87 d0 a7 00-95 57 ff b1 14 1a fc f1   .g.......W......

    0030 - 3c 1e 4f 5e 9d 5a f7 d8-20 02 33 9a cf df 38 85   <.O^.Z.. .3...8.

    0040 - e6 bd fb 84 26 b7 90 6c-04 a3 aa 2e 61 f5 66 8d   ....&..l....a.f.

    0050 - d2 75 6e b3 04 f8 58 6c-e9 60 66 65 4d 25 63 a4   .un...Xl.`feM%c.

    0060 - 4f 11 cb 7e 67 49 77 cf-36 23 cc 9d 57 70 8d d4   O..~gIw.6#..Wp..

    0070 - 1e 34 3e 15 c0 ba 22 48-b1 d3 47 0e ca 16 08 79   .4>..."H..G....y

    0080 - e4 fc a6 7f 2f 8b 73 94-0d e9 dd e3 1c 82 a2 a9   ..../.s.........

    0090 - f7 00 94 ad 14 5d f7 c2-2b 3e d1 f7 4d 9c 9b 1c   .....]..+>..M...

    00a0 - 33 2b 54 8b dd 6e 96 70-83 77 47 c9 26 8c c0 df   3+T..n.p.wG.&...

    Compression: 1 (zlib compression)

    Start Time: 1370408569

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

250 DSN

EHLO localhost

250-your-smtp-server.domain.tld

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5

250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

As you can see now after we are connected using TLS, and issue EHLO localhost command, the 250-AUTH command is supported and it also supports PLAIN

To test the authentication, you need to generate encode base 64 value, using PERL. To do that, for example if you have a username: myname and password: mypass, you would run the following command in the format of: perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password")'

perl -MMIME::Base64 -e 'print encode_base64("myname\0myname\0mypass")'

bXluYW1lAG15bmFtZQBteXBhc3M=

You then have the encode base 64 value of bXluYW1lAG15bmFtZQBteXBhc3M=

You can then issue the AUTH PLAIN command

AUTH PLAIN bXluYW1lAG15bmFtZQBteXBhc3M=

235 2.7.0 Authentication successful

As you can see we are authenticated, you can then do the usual stuff with SMTP

FreePBX Voicemail Drops Call With Error: lack of rtp activity in 31 seconds

I have got FreePBX setup @home and for some reasons my voicemail is not working properly. It basically drops the connection after 30 seconds while the person on the phone is waiting on Music on Hold.

It turns out the FreePBX detects there was no audio/RTP activity within 30 seconds (configurable) and drops the connection.

To change this: on your FreePBX, navigate to: Settings > Asterisk SIP Settings > Media and RTP Settings
Change the rtptimeout from 30 to 300, change rtpkeepalive from 0 to 30

Blackberry Device Service 10 SSL Certificate

After you install your brand new Blackberry 10 server (Blackberry Device Service 10), you might want to replace the default self-signed SSL certificate. I do, because I think this what caused my Blackberry Management Studio not talking properly with the BAS 10, e.g. I have got bad_certificate error on the log file.

So, in summary you need to do the followings:

• Backup BAS keystore
• Delete the default alias from keystore
• Generate a new key in keystore
• Generate CSR
• Submit CSR to your CA
• Import CA(s)
• Import public key for your SSL certificate

Now, I am using Microsoft CA to generate the SSL certificate and my BAS 10 is running on Windows 2008 R2 (x64). All the commands below is using keytool.exe which is located in your JAVA JRE\bin folder.

You need either reset your web keystore password or get the current password from BES10 console- Servers and components - Blackberry Solution Topology - Blackberry Domain - Component View - Blackberry Administration Service. Under Security settings, there is a Default password to encrypt the web.keystore file

Backup BAS keystore

Just take a copy of the following file:

C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore

Delete the default alias from keystore

This will delete the key pair with an alias of httpssl - which is being used by BAS 10

keytool -delete -alias httpssl -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore"

This will ask for the keystore password - enter it

Generate aa New Key in Keystore

Replace the -dname with your own value. CN is the FQDN of the SSL to be used

keytool -genkey -alias httpssl -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore" -dname "CN=bes.domain.local, OU=IT, O=Laurence Blog, L=Sydney, ST=NSW, C=AU" -keyalg RSA -keysize 2048

Generate CSR

This generates a certreq.csr file which will be used for the next step

keytool -certreq -alias httpssl -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore" -file "C:\Temp\certreq.csr" -keyalg RSA -keysize 2048

Submit CSR to your CA

Navigate to your CA using IE browser: https://caserver.domain.local/certsrv

Navigate to Request a certificate

Navigate to Submit a certificate request by using a base-64-encoded CMC or ...

Paste the content of the CSR file to the Saved Request field

Use the default: Web Server template

Submit

Download the certificate

Download all the Root and issuing/intermediate CA as well

Import CA(s)

Import all the CA you have (e.g. root/issuing/intermediate). Make sure you are using a unique alias name for each CA

keytool -import -alias rootca -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore" -file "C:\Temp\rootca.cer"

keytool -import -alias intermediateca -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore" -file "C:\Temp\issuingca.cer"

Import Public Key for SSL Certificate

This imports the certificate from your CA to the keystore

keytool -import -alias httpssl -keystore "C:\Program Files (x86)\Research In Motion\BlackBerry Device Service\bas\bin\web.keystore" -file "C:\Temp\public.cer"

Restart the Blackberry Administration Service - Native Code Container

You can also do the same thing for the Blackberry Management Studio (*Fusion) using the same steps above

. 

The keystore location is:

C:\Program Files (x86)\Research In Motion\BlackBerry Management Studio\BlackBerryMobileFusion.keystore

The keypair name is: fusionssl

Active Directory Domain Controller GPO Reset

I have these 2x Windows 2012 Domain Controllers that inherited policies from the old GPO which were created since Windows 2003 days. I did not realize there were problems until some of the features that I want to use started acting badly (e.g. access denied, etc).

Obviously the DCs have been joined to the domain and be put in the "Domain Controllers" OU by default after they were dcpromo-ed, which then got the old GPO applied to them.

So to clean them up all the registries, file systems security configuration that have been applied to DC, I need to reset the default domain policy and the default domain controllers policy. Before I do that, I back them up first, just in case.

To clean up the GPO run the following command:

C:\> DCGPOFIX

Then I need to clean up the actual settings that have been applied to my DCs by running the following command on each DC:

C:\> secedit /configure /cfg C:\windows\inf\defltdc.inf /db defltdc.sdb /overwrite

Reboot the DC

Citrix StoreFront Authentication Check URL

Use the following URL to check the Authentication Method being used by a user:

https://storefront.domain.tld/Citrix/Authentication/Integrated/test.aspx

FreePBX SIP Debugging

To debug FreePBX SIP, just get into the asterisk context by typing:

> asterisk -vvvvvr

localhost*CLI> sip show peers

it shows all your peers, then:

localhost*CLI> sip set debug peer (peer_name)

To stop debug, type:

localhost*CLI> sip set debug off

Manage Workgroup Servers with SCOM 2012

This is a very high level steps how to have your workgroup servers to be managed by SCOM 2012.
I have this task to have my Exchange Edge Transport server sitting on DMZ to be managed by SCOM

For them to be able to communicate and authenticate each other, they must be using a certificate.
I have my internal CA (lucky me)

1. Make sure your Workgroup server trusts your CA.
You can browse to your https://internal-ca.domain.com/certsrv URL and download the CA certificate and import this to the Workgroup server's Trusted Root CA (Computer store)

2. Make sure you have a certificate template that has Server and Client Authentication purposes 
If you don't have one, duplicate one from the "Computer" template with Windows 2003 version. Make sure "allow export private key" is selected and "subject name" is supplied in the request.

3. Request a certificate from your Workgroup server to your internal CA 
Use the template you created on step 2

4. Move certificate from user store to computer store 
After request the certificate, it will automatically install the certificate on the user store. You need to export this (along with the private key) and import it back to the computer store

5. Install SCOM 2012 Agent 
Insert SCOM installation ISO/DVD and install SCOM Agent. Make sure you are using FQDN for the SCOM server during the installation wizard

6. Firewall port need to be allowed on TCP 5723 inbound and outbound 
SCOM Agent is using TCP 5723 port number to communicate with SCOM Server, open this on your firewall inbound and outbound

7. Import the certificate to SCOM Agent
On the installation ISO/DVD, navigate to SupportTools\AMD64 and run MOMCertImport.exe. It then asks you to select which certificate to use. Select the one that you created on step 3

8. Restart the System Center Management service

9. Request a certificate from your SCOM Management Server
Do exactly the same thing like step 3-4, but now do this from the SCOM Management Server

10. Import the certificate to SCOM Management Server
Do exactly the same thing like step 7-8, but now do this from the SCOM Management Server

11. Wait
Your agent should come out on the Pending Management section of your SCOM Administration console

VBScript Open Internet Explorer with No Address Bar

Sometime you need to open IE with no address bar, like when you publish IE through Citrix XenApp: Below VBScript is the way to go:

Dim objIENoToolbars
Set objIENoToolbars = WScript.CreateObject ("InternetExplorer.Application")
ObjIENoToolbars.Toolbar = false
objIENoToolbars.Navigate "http://mywebsite.domain.com/"
objIENoToolbars.Visible = true 

Just got finish my 642-874 Exam - officially CCDP

CCDP Wohoooo!!

Exchange 2010 SP2 RU 4v2 Bug - Mailbox Move

After applying the SP2 RU 4v2 to my Exchange 2010 environment, apparently there is a bug when a mailbox is moved between two different databases within the same server. According to Microsoft forum this bug was introduced by SP2 RU3. Anyone who is still running on SP2 RU2 is not affected.

When you move the mailbox, it will have the Move Request Status: Completed with warning
You also will get the following comment:

Warning: Failed to clean up the source mailbox after the move.
Error details: MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)

In the log of the move request, you will see the error:

Failed to clean up the source mailbox 'Primary (9105c233-5387-47bc-99ea-2c0255cf63ad)' after the move. Attempt 1/6.
Error details: MapiExceptionUnexpectedMailboxState MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634) at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcAdmin.DeletePrivateMailbox(Guid guidMdb, Guid guidMailbox, Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.DeleteMailboxInternal(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass2a.<Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox>b__29()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass6d.<PostMoveCleanupSourceMailbox>b__6b()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)

...
...

Post-move cleanup failed. The operation will try again in 30 seconds (5/6).
Failed to clean up the source mailbox 'Primary (9105c233-5387-47bc-99ea-2c0255cf63ad)' after the move. Attempt 6/6.
Error details: MapiExceptionUnexpectedMailboxState MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)
   at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcAdmin.DeletePrivateMailbox(Guid guidMdb, Guid guidMailbox, Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.DeleteMailboxInternal(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass2a.<Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox>b__29()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass6d.<PostMoveCleanupSourceMailbox>b__6b()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
 
Request is complete.

The implication of this bug:

• There will be delay of 30 seconds x 6 tries = 3 minutes for each mailbox being moved
• During the last 3 minutes of the mailbox move, the Outlook client is being disconnected
• Mailbox in the source database is not deleted, it is mark as soft deleted mailbox

 To view the Soft Deleted mailboxes:

Get-MailboxDatabase | Get-MailboxStatistics | where {$_.DisconnectReason -ne $null} | ft  displayname,database,disconnectreason -auto

To delete the Soft Deleted mailboxes:

Remove-StoreMailbox -database "Old database" -Identity "Smith, John" -MailboxState SoftDeleted

So far there is no report from my users who have got their mailboxes moved

DNS IP to localhost

While I am doing this coding of DNS server and using my development machine to debug the program, I need to somehow configure my Windows 7 client's DNS setting to point to itself as the DNS server (e.g. 127.0.0.1).

Surprisingly, Windows 7 rejects the setting when you put 127.0.0.1 as the DNS IP address of your network connection.

Found the following Powershell to change it easily

$wmi = Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'"
$wmi.SetDNSServerSearchOrder("127.0.0.1")

SSRS SQL 2008 R2 Export Reports

I need to migrate reports from the old SSRS to the new one. To do this, I need to export all the reports as an RDL file and upload them all to the new SSRS server

Found this article by geektrainer.com how to create a VB script .rss file to exports all SQL Server Report file as an .rdl file.

Here is the code:

'must use -v rootPath="C:\Reports"
Sub Main()    
    Dim items As CatalogItem() = rs.ListChildren("/", true)

    For Each item As CatalogItem in items
        If item.Type = ItemTypeEnum.Folder Then
            CreateDirectory(item.Path)
        Else If item.Type = ItemTypeEnum.Report Then
            SaveReport(item.Path)
        End If
    Next
End Sub

Sub CreateDirectory(path As String)
    path = GetLocalPath(path)
    System.IO.Directory.CreateDirectory(path)
End Sub

Sub SaveReport(reportName As String)
    Dim reportDefinition As Byte()
    Dim document As New System.Xml.XmlDocument()
    
    reportDefinition = rs.GetReportDefinition(reportName)
    
    Dim stream As New MemoryStream(reportDefinition)
    document.Load(stream)
    document.Save(GetLocalPath(reportName) + ".rdl")
End Sub

Function GetLocalPath(rsPath As String) As String
    Return rootPath + rsPath.Replace("/", "\")
End Function

Save the code below as export.rss file, create a folder where the reports will be stored (e.g. C:\Reports) then run the RS.EXE command against your report server web service URL

rs.exe -i export.rss -s http://reportserver.domain.local/ReportServer -v rootPath="C:\Reports"

This will create all the reports in the .rdl format in the folder specified above

Windows Vault - SharePoint 2010

I have seen a problem where a user always prompts for a username and password when they are trying to open a SharePoint 2010 site. The credential dialog box has got the username field as READ ONLY.

The reason for the prompt is that the username for unknown reason is wrong and cannot be changed!

If you check the security event log, you will see Event ID 4648

To fix this problem you need to check the Windows Credential Manager, start it from the CMD

control /name Microsoft.CredentialManager

and remove the wrongly assigned credential to the site

Cisco ASA on GNS3

I was planning to design our existing ASA firewalls that are currently running independently to be active/active firewall running on multiple contexts.

I need a test lab for this. I use GNS3 for this.

I also need the ASA image and kernel files to be loaded in GNS3. Those files can be found from here
Once you got those files, you need to configure Qemu with the following options:

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Also make sure you select the correct Initrd and Kernel files you downloaded earlier




You can now be able to start any ASA instance you have and when you do that, load the following keys:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6




Cisco 4500 Series Switch Software Upgrade

Just got a pair of Cisco 4500 series switches with dual sup 7E. Needed to be upgraded to the latest IOS version.

Here are the steps to upgrade it:

• Copy the .bin file from the TFTP server to both Sups (Active and Standby)

          copy source_device:source_filename bootflash:target_filename

          copy source_device:source_filename slavebootflash:target_filename

• Change the boot system command

no boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E5
wr mem


boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E6
wr mem


• Change the config register

config-register 0x2102
wr mem


• Reload the Standby Sup

          redundancy reload peer

• Failover the Sup

          redundancy force-switchover

App-V SQL Move Error 0000C800

Recently I just moved App-V SQL Database from one to the other. I use the following procedures:

http://technet.microsoft.com/en-us/library/gg252515.aspx

However, when trying to open the management console, I got the error code: 0000C800
One of the troubleshooting I have done was changing the UDL file and test connection was working, however the error persists.

It ended up I have to do the followings:

• Open the SftMgmt.udl file from the Notepad
• Copy the content of the file
• Rename the SftMgmt.udl file to SftMgmt.udl.old
• Create a new file using Notepad
• Paste the connection string to the newly created file and modify the connection string to use the new SQL name
• Save as the file to SftMgmt.udl
• DO NOT open this newly created file. Try to open the management console again, if that works, job is done!

SharePoint 2010 Version Number

Here is one handy command to get your SharePoint 2010 version number:

(get-spfarm).buildversion

Officially VCP 5 Today!

Just passed VCP510 exam today, yay!
Pretty difficult compare to the other exams

 

Exchange 2010 Distribution List Owner

I have been migrating user mailboxes from Exchange 2007 to Exchange 2010 lately. Apparently a user who has got the manage rights to a distribution list in Exchange 2007, might not be able to manage their DL anymore once his/her mailbox has been migrated to the Exchange 2010.

This is by design. Exchange 2010 by default does not allow individual users to create, modify, remove and add members to distribution groups they own

The user will get access denied if they were trying to add/remove a user from the DL they were managing. To fix this, you can tick the check box from the RBAC User Editor/Default Role Assignment Policy. However as you can see in the description of this option, it will also grant the user to add and delete the DL by them self.

If we were only want to enable them to only manage the DL their own, you need to use the following PowerShell script:

# Script for creating a Role that can manage distributions groups but can't create new ones 
#  
################################################################################# 
#  
# The sample scripts are not supported under any Microsoft standard support  
# program or service. The sample scripts are provided AS IS without warranty  
# of any kind. Microsoft further disclaims all implied warranties including, without  
# limitation, any implied warranties of merchantability or of fitness for a particular  
# purpose. The entire risk arising out of the use or performance of the sample scripts  
# and documentation remains with you. In no event shall Microsoft, its authors, or  
# anyone else involved in the creation, production, or delivery of the scripts be liable  
# for any damages whatsoever (including, without limitation, damages for loss of business  
# profits, business interruption, loss of business information, or other pecuniary loss)  
# arising out of the use of or inability to use the sample scripts or documentation,  
# even if Microsoft has been advised of the possibility of such damages 
# 
################################################################################# 
# 
# Written by Matthew Byrd 
# Matbyrd@microsoft.com 
# Last Updated 10.15.09 
 
 
# Parameter to get a different name than default for the new Role 
Param([string]$name="MyDistributionGroupsManagement",[string]$policy="Default Role Assignment Policy",[switch]$creategroup,[switch]$removegroup) 
 
# Help Function 
Function Show-Help { 
 
" 
This script is will create or manage a management role designed to allow users to modify groups that they already own 
but not create or remove any new distribution groups. 
 
Switches: 
-name           Name of the managment role you want to create or modify 
                    Defaults to: `"MyDistributionGroupsManagmenet`" 
                     
-policy         Name of the Role Policy you want to assign the role to 
                    Defaults to: `"Default Role Assignement Policy`" 
                     
-creategroup    Adds or Removes the ability of the Role to Create DLs 
 
-removegroup    Adds or Removes the ability of the Role to Remove DLs 
 
Examples: 
-------------------------------------------- 
This will Use the default names and Policy and will create a role that cannot 
Create or remove groups but can still modify them.  If the role already exists 
It will modify it by removing or adding the abiltity to create and remove groups 
based on the current state. 
 
Manage-GroupManagementRole -CreateGroup -RemoveGroup 
 
" 
 
 
} 
 
 
 
# Function to modify a role by removing or adding Role Entries 
# If no action is passed we assume remove 
# $roleentry should be in the form Role\Roleentry e.g. MyRole\New-DistributionGroup 
Function ModifyRole { 
 Param($roleenty,$action) 
     
    Switch ($action){ 
        Add {Add-ManagementRoleEntry $roleenty -confirm:$false} 
        Remove {Remove-ManagementRoleEntry $roleenty -confirm:$false} 
        Default {Remove-ManagementRoleEntry $roleenty -confirm:$false} 
    } 
} 
 
If (($creategroup -eq $false) -and ($removegroup -eq $false)){ 
    Show-Help 
    exit 
} 
 
 
# Test if we have a role that already has that name 
If (([bool](Get-Managementrole $name -erroraction Silentlycontinue)) -eq $true){ 
    Write-Warning "Found a Role with Name: $name" 
    Write-Warning "Trying to Modify Existing Role" 
} 
Else { 
    # Create the new Management Role 
    Write-Host "Creating Managmenet Role $name" 
    New-ManagementRole -name $name -parent MyDistributionGroups 
} 
 
# Determine if we have the New and Remove Role Entries on the Role Already 
$create = [bool](Get-managementroleentry $name\New-DistributionGroup -erroraction Silentlycontinue) 
$remove = [bool](Get-managementroleentry $name\Remove-DistributionGroup -erroraction Silentlycontinue) 
 
# If we have the switch CreateGroup add or remove the RoleEntry for New-DistributionGroup 
If ($creategroup -eq $true){ 
    If ($create -eq $true){ModifyRole $name\New-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} 
    elseif ($create -eq $false) {ModifyRole $name\New-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} 
} 
 
# If we have the switch RemoveGroup add or remove the RoleEntry for New-DistributionGroup 
If ($removegroup -eq $true){ 
    If ($remove -eq $true){ModifyRole $name\Remove-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} 
    elseif ($remove -eq $false) {ModifyRole $name\Remove-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} 
} 
 
# Test if we have the assignment for the Role and Policy 
# If we do ... write a warning 
# If not create a new assignment 
If (([bool](get-managementroleassignment $name-$policy -erroraction SilentlyContinue)) -eq $true){ 
    Write-Warning "Found Existing Role Assignment: $name-$policy" 
    Write-Warning "Making no modifications to Role Assignments" 
} 
Else { 
    # Assign the Role to the Role Policy 
    Write-Host "Creating Managmenet Role Assignment $name-$policy" 
    New-ManagementRoleAssignment -name ($name + "-" + $policy) -role $name -policy $policy 
} 

Save the code to as MyDistributionGroupsManagement.ps1 file
Run the script:

MyDistributionGroupsManagement.ps1 -creategroup -removegroup

The script is basically create another role as a child role of the MyDistributionGroups and remove the ability to create and remove DL.
Once you have run the script, you will have the following Role:

Thanks to MS Exchange Team to share the script here

Netbackup Skipping Backup ID

Using Netbackup 7.5, recently we encountered the following error:

no images were successfully processed (191)

and

found no images or media matching the selection criteria (190)

and if you do "Search Now" in the Catalog with Action: Verify, you will get the following error:

To fix this issue, run the following command:

bpexpdate -backupid XXXXX_1338296403 -d 0 -force

this will force the problematic backup id to expire

ESXi 5 Install Offline Bundle

To install the ESXi 5 host with the Offline Bundle:

• Download the ISO file from VMware
• Extract the ISO file and find the offline-bundle ZIP file
• SCP this ZIP file to the ESXi host (e.g. /tmp/driver.zip)
  
• Run the following command

esxcli software vib install -d /tmp/offline-bundle.zip

Reboot

iPhoto Backup

I am using iPhone and taking photos with it. As you know it imports the photos automatically to the iPhoto when it is connected to the OSX. I created the following bash script to mount the Windows file share and copy the photos to the Windows Server

#!/bin/bash
mount -t smbfs //username:password@windowsserver/pictures /Users/laurence/Mount
rsync -urz /Users/laurence/Pictures/iPhoto\ Library/Masters /Users/laurence/Mount/iPhoto
umount /Users/laurence/Mount

Exchange ExMon

Exchange ExMon tool is an awesome tool! by using this tool, for each user session, you can view

• Number of packets
• Number of operations
• CPU Time
• CPU %
• Avg and Max Server latency
• Bytes In and Out
• Client Version and IP Address
• Read, PreRead and Dirtied Pages
• Log Bytes

The Log Bytes information is particularly very helpful if you want to find out who is filling up your Exchange Server Logs

The program can be downloaded from here

Sometime when you run it, it crashes :) and if you try to run it again, you will get the following error:

Then you should do the followings:

Open the Command Prompt and type in:

logman query -ets

As you can see in the picture above, the last line is: Exchange Event Trace
You need to stop this trace, by typing:

logman stop "Exchange Event Trace" -ets

Then you can run the ExMon again.

 

Exchange 2010 Recovery

Recently I had to recover my Exchange 2010 Servers. One of them was the Mailbox server role part of the DAG and the other one was the CAS, Hub and UM server. Those 2 servers were totally gone, unrecoverable due to RAID controller failure

CAS + Hub + UM Server Recovery

• Build the server, Windows 2008 R2 SP1, name it EXACTLY the same name with the failed server name
• Add all the Windows Server role + features required for CAS+Hub+UM
• Patch it
• Join to the domain
• Extract the Exchange 2010 SP2 to the temp directory (e.g. C:\temp)
• Run setup.com /m:RecoverServer
• Reboot and check the configuration

Mailbox Server Recovery

• Build the server, Windows 2008 R2 SP1 (Enterprise), name it EXACTLY the same name with the failed server
• Add the Windows Server role + features required for Mailbox role
• Patch it
• Join to the domain
• Remove the database copy from this failure Mailbox server (e.g. do this from the running Exchange 2010 Server)

Remove-MailboxDatabaseCopy DB1\MBX1

• Remove the failed server's configuration from the DAG

Remove-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1 -ConfigurationOnly

• Extract the Exchange 2010 SP2 to the temp directory (e.g. C:\temp)
• Run setup.com /m:RecoverServer
• Reboot
• Add the server back to the DAG

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1

• Add the database copy

Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer MBX1

Trixbox + CUCM + Exchange UM + SP3102 + SRP527W Part 1

I have setup the voice network @home as per below picture

As you can see, there are a lot of SIP trunks between them. I will try to put the configuration for each of them

Exchange UM - CUCM

For Exchange UM and CUCM connection configuration, just follow the document published by Microsoft: http://www.microsoft.com/download/en/details.aspx?id=13591

The following is the CUCM Media Resource Group

The following is the CUCM Media Resource Group List

The following is the CUCM Configuration for the SIP Trunk to Exchange UM (e.g. mx01.domain.local), use the Media Resource Group List created above

CUCM - Trixbox

Create a new SIP Trunk Security Profile

Create a SIP trunk from CUCM to Trixbox, use the SIP Trunk Security Profile created above

Create a new Route Group

Create a new Route List

Create a new Route Pattern

I have extension 1499 and 1500 for Exchange UM Pilot and Auto Attendant respectively

I created a Route Pattern for default route to Trixbox when dial starts with 9. I also do exactly the same Route Pattern to the default route when dial starts with 0. The purpose for this is to use VOIP when dial with 9 and to use PSTN when dial with 0 first (configuration later on Trixbox)

Trixbox - CUCM

To be continue...

NetScaler MAC Based Forwarding

In the situation where you have deployed your NetScaler with 2 NICs, one connected to the DMZ network and the other one is connected to your Internal network, depending on your configuration, you might need to enable the MAC Based Forwarding on NetScaler

You probably assign the NSIP on your Internal Network, MIP on your Intenal Network, SNIP and VIPs on your DMZ Network (for example for publishing CAG/SSL VPN). You then trying to access your NetScaler services from your Internal Network. This means your traffic from the Internal network goes to your default gateway (e.g. the firewall) which then forwarded to the VIP on DMZ Network. NetScaler then accept the traffic, however, the returning traffic will not going back to through the firewall (e.g. NetScaler default gateway), it will be going to the other NetScaler's NIC that connects to Internal network. This will create asymmetric routing, and most router/firewall will drop the packets.

To avoid this, usually enabling the MAC Based Forwarding (MBF) will fix this.

The following is the definition of MBF:

With MAC-based forwarding (MBF) enabled, when a request reaches the NetScaler appliance, the appliance remembers the source MAC address of the frame and uses it as the destination MAC address for the resulting replies. MAC-based forwarding can be used to avoid multiple-route/ARP lookups and to avoid asymmetrical packet flows. MAC-based forwarding may be required when the NetScaler is connected to multiple stateful devices, such as VPNs or firewalls, because it ensures that the return traffic is sent to the same device that the initial traffic came from.

To enable it, from the NetScaler Console:

enable ns mode mbf

XenServer 6.0 Kill Dead VM

Sometime when you try to restart or shutdown the VM, its status get stuck with the yellow status on XenCenter.

To forcely kill that VM:

•  Login to the XenServer console where the VM is hosted
• Get the VM Dom ID 

xe vm-list name-label={VM Name} params=dom-id

• Get the list of live domains and see if the Domain ID of your VM is listed there

list_domains

• If your Domain ID VM is there, run the killing script

/opt/xensource/debug/destroy_domain -domid <dom id>

• Do another list_domain to check the Dom ID is gone
• Reset the power state of that VM

xe vm-reset-powerstate vm={VM Name} force=true

• If that still does not work do

xe-toolstack-restart

SharePoint 2010 - Get Logged In User Details

To get the user details using JavaScript from SharePoint 2010, use the following code:

the SP.JS file should be available from the standard installation folder of SharePoint 2010

FreeNAS 8 and Time Machine

I have just finished setting up the FreeNAS 8 on Hyper-V to backup my MAC using Time Machine.

Tricky bits settings up FreeNAS 8 on Hyper-V:

• Remove the default NIC when creating VM
• Add a new NIC, must be legacy NIC
• FreeNAS 8 does not recognize SCSI disks, only IDE
• After installed, change the IP to static
• do: ifconfig to find out the adapter name
• do: ifconfig down
• do: ifconfig up

Once the FreeNAS is up and running, go to its web console:

• Create a group called: backup-group
• Create a user called: backup-user, with primary group ID: backup-group, enter the password
• Go to Services, enable AFP
• Go to AFP Settings, make sure Local Access is ticked
• Go to Storage, and Create ZFS Data Set, called backup-apple
• Once it is created, edit its permissions, make sure owner-user is changed to backup-user and owner-group is changed to backup-group. Tick the option to have the Group the write access
• Go to Share, add Apple Share. Name it backup, path: /mnt/data/backup-apple. Make sure the Disk Discovery is ticked, Disk Discovery Mode is set to Time Machine. 

From my MAC, start Finder:

• Click Go, and select Connect to Server
• Enter Server Address: afp://freenas-ip
• It will ask you for the username: backup-user, password: password
• Start Console, type:defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
• Start Time Machine and Select Disk, select the backup

Thanks for reading :)

Exchange 2010 SP2 Upgrade

Just done my Exchange 2010 upgrade to SP2, which includes the following steps:

• Login to Active Directory Server which holds schema master, as schema master and enterprise admin user, and run: setup.com /ps and setup.com /p
• Upgrade all the Hub/CAS
• Upgrade all the UM
• Upgrade all Mailbox Servers:

1. Enable maintenance mode on the DAG of the server to be upgraded:

.\StartDagServerMaintenance.ps1 -server server1

1. Upgrade to SP2
2. Disable maintenance mode

.\StopDagServerMaintenance.ps1 -server server1

Sharepoint 2007 Access User Profile

To access user profile details from a page within SharePoint, you need the following:

Download the latest jQuery SPServices JavaScript from here
Upload the JavaScript to your SharePoint site
Add a Content Editor Web Part to the page
Edit the Content Editor Web Part, include the following:

The userName and Email have got the value of the logged on user

Passed Citrix XenServer 5.6 Exam

Yay! today I passed 1Y0-024 Citrix XenServer 5.6 Exam - 2 more to go to get the CCEE for Virtualization

ESXi 4.1 NIC Driver Update

To update the ESXi 4.1 host with the latest NIC driver

• Download the ISO file from VMware
• Extract the ISO file and find the offline-bundle ZIP file
• SCP this ZIP file to the ESXi host (e.g. /tmp/driver.zip)
  
• Run the following command

esxupdate –bundle=/tmp/driver.zip update

reboot

AppSense Upgrade from 8.0 to 8.1

Recently I have to upgrade AppSense from version 8.0 to 8.1

Our 8.1 environment was messy, the Outlook profile (e.g. registry entries) was stored in both Managed application registry and Desktop Settings registry. This caused a lot of problems, like secondary mailbox not being retained, unable to use "Send To Email" from any other application, etc.

To fix this, I had to do the following:

After the upgrade was done to 8.1, before the users start using Outlook, I exported all the users from EM personalisation DB, using the SQL query bellow:

SELECT [Name]

FROM [AppSensePersonalizationDB].[dbo].[User]

WHERE [DomainName] = 'DOMAIN'

Please note, my DB name is AppSensePersonalizationDB, yours probably has different name

Then save the result as a txt file, e.g. users.txt, which has entry like the following:

user1

user2

user3

You have to install AppSense EM Manager Tools to be able to use the EMPRegUtil. Once installed, create a batch file:

@echo off

SET EMPRegUtilConnectionString=Data Source=EMDB;Initial Catalog=AppSensePersonalizationDB;Integrated Security=SSPI

for /f "tokens=*" %%i IN (users.txt) DO call:doit %%i

:doit

if "%~1" == "" goto end

@echo %~1

@echo exporting MS Office 2010 Outlook profiles...

EMPRegUtil EXPORT DOMAIN\%~1 "Production" "MS Office 2010" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook" C:\temp\%~1.reg

@echo deleting MS Office 2010 Outlook profiles...

EMPRegUtil DELETE DOMAIN\%~1 "Production" "MS Office 2010" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem"

@echo deleting Session Data Outlook profiles...

EMPRegUtil DELETE DOMAIN\%~1 "Production" "Session Data" "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem"

@echo importing to Session Data Outlook profiles...

EMPRegUtil IMPORT DOMAIN\%~1 "Production" "Session Data" C:\temp\%~1.reg

:end

Please note:

my database server name is: EMDB

Run the batch script, it will export the Outlook profile from Managed application, delete the registry from managed application, delete the registry from session data and import the registry back to session data

Exchange 2007 Restore

Had to restore someone else mailbox today - using NetBackup 7.

Steps involved:

• Create the Recovery Storage Group
  
• Restore the Storage Group that has the database of the mailbox to be restored to the Recovery Storage Group
  
• Mount the database in that Recovery Storage Group
• Create an empty mailbox (AD User + Mailbox)
• Restore the mailbox to the new mailbox

Restore-Mailbox -RSGMailbox 'Doe, John' -RSGDatabase 'Recovery Storage Group\Mailbox Database 01' -id 'new mailbox' -TargetFolder 'myFolder'

Passed CCA for XenDesktop 5

Passed CCA for XenDesktop 5 - Next will be CCA for XenServer

Active Directory DNS Waiting for Initial Replication

When you boot the 1st domain controller within the environment which has more than 1 DC, by default the DC is waiting for initial inbound replication from the other DC. But because this is the first DC you boot, this is going to take a while

To avoid this, add the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Value name: Repl Perform Initial Synchronizations
Value type: REG_DWORD
Value data: 0

Add Reboot!
Do not use this method in the producation environment

MOSS 2007 Shared Service Provider - ACCESS DENIED

I have just done a clean MOSS 2007 installation and tried to open the Shared Service Provider Link and got a BIG ACCESS DENIED ERROR!!

Here is the fix

http://support.microsoft.com/kb/896861

PowerShell AD Group Membership Listing

To get the member of a particular group in Active Directory:

Get-ADGroup -filter 'name -eq "Group Name" | Get-ADGroupMember -Recursive | fl name

Replace the "Group Name" with the group name from which you want to get the member of

PS3 Media Server + Samsung TV

Just got my Samsung TV, connected to the network WiFi.
Got the PS3 Media Server installed on my OSX, with a little bit tweak:

PS3 Media Server\renderers\Samsung.conf:

MimeTypesChanges=audio/wav=audio/L16|video/x-matroska=video/avi
StreamExtensions=mkv,mp3,mp4,avi

The movies are streamed awesomely to the TV!

Citrix XenApp Management Console Bug

Citrix XenApp 5 or 4.5FP2 has got a bug - when you launch CMC and run the discovery, it does not find the XenApp farm, only the Web Interface module.

To fix it, run the following:

cd %CommonProgramFiles%\Citrix\*Present*
%windir%\microsoft.net\framework\v2.0.50727\regasm /codebase pse.core.dll
cd %CommonProgramFiles%\Citrix\*Framew*
CmiLaunch.exe

Run the discovery again and it should find it now

Upgrade IOS on 877W ISR Wireless Module

It is a bit tricky to update the AP module inside the Cisco ISR 877 Series.

1st, assign an IP address to the VLAN of the router

interface vlan 1

ip address x.x.x.x y.y.y.y

no shut

2nd, assign the wlan-ap 0 interface with IP unnumbered

interface wlan-ap 0

ip unnumbered vlan 1

3nd, access the wlan-ap 0 module console

service-module wlan-ap 0 session

4th, assign an IP address to BVI0/BVI1 interface

interface BVI0

ip address z.z.z.z y.y.y.y

no shut

5th, get the IOS image from the tftp

archive download-sw tftp://x.x.x.x/ios.version.tar

6th, write mem and reload

wr mem

reload

HP Blade E-Fuse

To reset one of the blades on the HP enclosure, telnet to the OA, then issue the following command:

reset server [bay no]

[bay no] is the bay number of the blade that you want to reset

Remote Assistant with Mandatory Profile

By default, you cannot launch Remote Assistant to help a user who is running on Mandatory Profile. For example, running XenDesktop + AppSense + Mandatory Profile is a good mix of technologies - however when a user having problem, you won't be able to start Remote Assistant session to their XenDesktop session.

To fix this, use the following VBScript to modify the registry:

Option Explicit
Const HKLM = &H80000002

Dim objReg, strRegKey, strRegValue, strRegData, objAdInfo, objUser, username, objWMIService, objAccount, strComputer, wmipath, oShell, usersid, domain
strComputer = "."

Set oShell = CreateObject( "WScript.Shell" )

username = oShell.ExpandEnvironmentStrings("%UserName%")
domain = oShell.ExpandEnvironmentStrings("%UserDomain%")

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
wmipath = "Win32_UserAccount.Name='" & username & "',Domain='" & domain & "'"

Set objAccount = objWMIService.Get(wmipath)
usersid = objAccount.SID

Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & ".\root\default:StdRegProv")
strRegKey = "Software\Microsoft\Windows NT\CurrentVersion\ProfileList\" & usersid & "\"

strRegValue = "State"
strRegData = "0"

objReg.SetStringValue HKLM, strRegKey, strRegValue, strRegData

WScript.Quit 0 'Return success

They way we do it, we attach this VBScript everytime the msra.exe process starts - this makes sure the "State" is set to 0 before the msra.exe process started

Certified ITILv3

Officially ITILv3 certified... what's next??