If you have event id: 1219 on your Windows 2003 Server
Logon rejected for domain\user. Unable to obtain Terminal Server User Configuration. Error: The RPC server is unavailable
and you could not connect your server remotely with remote desktop session.
Make sure your RPC service and TCP/IP NetBIOS Helper service is up and running
Monday, July 31, 2006
Friday, July 21, 2006
Friday, July 14, 2006
LDAP Query to Active Directory
To make your life easier when trying to find the objects in AD:
Password never expired set:
(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Users never login:
(&(&(objectCategory=person)(objectClass=user))((lastLogon=0)(!(lastLogon=*))))
Users almost locked up:
(&(objectCategory=user)(badPwdCount>=2))
Find a particular email address:
(&(mail=*)(proxyAddresses=smtp:email@domain.com))
Password never expired set:
(objectcategory=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Users never login:
(&(&(objectCategory=person)(objectClass=user))((lastLogon=0)(!(lastLogon=*))))
Users almost locked up:
(&(objectCategory=user)(badPwdCount>=2))
Find a particular email address:
(&(mail=*)(proxyAddresses=smtp:email@domain.com
Thursday, July 13, 2006
BartPE + VMWare Plugin
I've been working on servers consolidation with P2V implementation with various tools:
Those tools are great, but they are very expensive!!
Found this website: Ultimate P2V - details
Excellent stuff!! Build your own boot CD, install the plugin, boot the CD, wallaaa... NO COST!!
I've got very old server, tried to boot it with VMWare P2V software. It did not recognise the SCSI controller card!! However, the Ultimate P2V works!! That's because you can inject your own hardware drivers to the boot CD
Tuesday, July 04, 2006
Proxy setting for Debian/Ubuntu apt-get
If you need to do apt-get and need to get out to the Internet via proxy, you need to configure either /etc/apt/apt.conf or /etc/apt/apt.conf.d/proxy and put the following entry to the file:
Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT/";
Acquire::http::Proxy "http://MYDOMAIN\MYNAME:MYPASS@MY.PROXY.COM:MYPORT/";
Thursday, June 29, 2006
Saturday, June 10, 2006
Automatic Outlook Profile Generator With Multiple Exchange Servers
Have you ever encountered about making an automatic Outlook profile for your users with PRF file? How about if you have multiple Exchange servers accross diffirent sites? and publish it on your Citrix Presentation Server? It's fun...
Ok, let's started:
Install and run Custom Installation Wizard
Choose Outlook Customize Default Profile
Configure the profile based on your Exchange server information
For each of your Exchange Server - generate the profile
optional - if you want to rename the profile name of the Outlook, use this VBScript to change the profile name (PRF File) - prfMod.vbs
Have fun!
Ok, let's started:
- Generating PRF file
Install and run Custom Installation Wizard
Choose Outlook Customize Default Profile
Configure the profile based on your Exchange server information
For each of your Exchange Server - generate the profile
- Find the user mailbox
optional - if you want to rename the profile name of the Outlook, use this VBScript to change the profile name (PRF File) - prfMod.vbs
- Publish on Citrix
Have fun!
Wednesday, May 31, 2006
Certificate Request Generator with Cygwin
To generate Certificate Request for SSL, we can use cygwin with openssl package and send the CSR file to any trusted CA (e.g. Verisign or Thawte).
To generate it:
openssl req -new -nodes -keyout privateKeyFilename -out certRequestFilename
for example:
openssl req -new -nodes -keyout private.key -out public.csr
Then you will have 2 files, the private key file and the csr file, send the csr file to the trusted CA. Once you've got the certificate signed by the trusted CA, you can use it as your SSL certificate along with the private key
If you need to convert the certifate with X509/DER format to PEM format:
openssl x509 -in certFile -inform DER -outform PEM -out convertedCertFile
To generate it:
openssl req -new -nodes -keyout privateKeyFilename -out certRequestFilename
for example:
openssl req -new -nodes -keyout private.key -out public.csr
Then you will have 2 files, the private key file and the csr file, send the csr file to the trusted CA. Once you've got the certificate signed by the trusted CA, you can use it as your SSL certificate along with the private key
If you need to convert the certifate with X509/DER format to PEM format:
openssl x509 -in certFile -inform DER -outform PEM -out convertedCertFile
Tuesday, May 30, 2006
Citrix Solutions Conference 2006
Yes,
Access Tomorrow's Technology Today
it's the motto of Citrix Solutions Conference 2006 which I attended today. It was about promoting their new product line: Citrix Access Gateway.
Citrix Access Gateway is a great solution for remote access, especially with the End-Point analysis. Integrated with Advanced Access Control, it provides granular policy to control the user access based on their conditions.
Citrix Solutions
Access Tomorrow's Technology Today
it's the motto of Citrix Solutions Conference 2006 which I attended today. It was about promoting their new product line: Citrix Access Gateway.
Citrix Access Gateway is a great solution for remote access, especially with the End-Point analysis. Integrated with Advanced Access Control, it provides granular policy to control the user access based on their conditions.
Citrix Solutions
Monday, May 01, 2006
Microsoft Windows 2003 Cluster
Setup a cluster node is not as hard as you think. It is a powerful feature to have more than 2 nodes to make a cluster. I setup the cluster nodes with Microsoft Virtual Server 2005 based on Technet.
Try the following and you will learn a new thing :)
Microsoft
Try the following and you will learn a new thing :)
Microsoft
Friday, April 28, 2006
MTU Size
To check the MTU size between your PC and server, do the following in DOS:
ping mail.internode.on.net -f -l 1500
Pinging mail.internode.on.net [203.16.214.182] with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 203.16.214.182:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
It means the packet is to big for the MTU size, reduce the size of the packet until you find out what is the optimum size:
ping mail.internode.on.net -f -l 1473
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
...
ping mail.internode.on.net -f -l 1472
Reply from 203.16.214.182: bytes=32 time=6ms TTL=64
Reply from 203.16.214.182: bytes=32 time=3ms TTL=64
...
as you can see the optimum packet size is 1472. Now set your MTU size on your network adapter to: 1472 + 28 (You add 28 bytes because 20 bytes are reserved for the IP header and 8 bytes must be allocated for the ICMP Echo Request header).
Yes, it is 1500 MTU size. That is because I am using ADSL with PPPoA, which by default has MTU size of 1500.
Note: for Linux, the command is:
[root@fedora postfix]# ping -s 1480 -c 100 yahoo.com.au -M do
PING yahoo.com.au (203.84.217.26) 1480(1508) bytes of data.
ping: sendmsg: Message too long
ping: sendmsg: Message too long
--- yahoo.com.au ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
reduce the size of the packet to 1472
[root@fedora postfix]# ping -s 1472 -c 100 yahoo.com.au -M do
PING yahoo.com.au (203.84.217.26) 1500(1528) bytes of data.
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=0 ttl=248 time=298 ms
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=1 ttl=248 time=390 ms
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=2 ttl=248 time=294 ms
--- yahoo.com.au ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 294.271/327.895/390.728/44.468 ms, pipe 2
ping mail.internode.on.net -f -l 1500
Pinging mail.internode.on.net [203.16.214.182] with 1500 bytes of data:
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
Ping statistics for 203.16.214.182:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
It means the packet is to big for the MTU size, reduce the size of the packet until you find out what is the optimum size:
ping mail.internode.on.net -f -l 1473
Packet needs to be fragmented but DF set.
Packet needs to be fragmented but DF set.
...
ping mail.internode.on.net -f -l 1472
Reply from 203.16.214.182: bytes=32 time=6ms TTL=64
Reply from 203.16.214.182: bytes=32 time=3ms TTL=64
...
as you can see the optimum packet size is 1472. Now set your MTU size on your network adapter to: 1472 + 28 (You add 28 bytes because 20 bytes are reserved for the IP header and 8 bytes must be allocated for the ICMP Echo Request header).
Yes, it is 1500 MTU size. That is because I am using ADSL with PPPoA, which by default has MTU size of 1500.
Note: for Linux, the command is:
[root@fedora postfix]# ping -s 1480 -c 100 yahoo.com.au -M do
PING yahoo.com.au (203.84.217.26) 1480(1508) bytes of data.
ping: sendmsg: Message too long
ping: sendmsg: Message too long
--- yahoo.com.au ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1000ms
reduce the size of the packet to 1472
[root@fedora postfix]# ping -s 1472 -c 100 yahoo.com.au -M do
PING yahoo.com.au (203.84.217.26) 1500(1528) bytes of data.
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=0 ttl=248 time=298 ms
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=1 ttl=248 time=390 ms
1508 bytes from i1.aunz.vip.aue.yahoo.com (203.84.217.26): icmp_seq=2 ttl=248 time=294 ms
--- yahoo.com.au ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 294.271/327.895/390.728/44.468 ms, pipe 2
Thursday, April 27, 2006
Exchange 12 ROCKS!!
I can't wait for this one coming out!! The new Microsoft Exchange Server -
code name Exchange 12 is massive and very flexible. Check the following
features:
Automatic Client Configuration
Today, configuring the Outlook desktop or mobile clients prior to first use
is complicated, requiring users to enter confusing technical information.
Exchange 12 includes a new automatic discovery and configuration feature
that Outlook 12 and next generation mobile devices will use to configure
themselves completely, including all appropriate corporate policies. End
users will not be required to enter Exchange server names or other technical
information. This capability will spare the IT staff from having to create
complicated deployment or configuration scripts that help users set up
Outlook to connect to Exchange. Additionally, mailbox moves will not require
manual reconfiguration of clients, and if a disaster occurs, clients will
automatically connect to moved or failed-over mailboxes on different
Exchange servers with no manual editing of Outlook or device connection
settings required
Mailboxes Etcetera
Users already rely on their mailboxes as repositories for every work
message they've ever received and even for actual deliverables. As mailbox
sizes have grown to accommodate user needs, the costs associated with
backup, restore, and migration have skyrocketed. Users need larger mailboxes
to handle this workload, but IT is hesitant to supply more space because of
the time and cost associated with managing a large mailbox. As a native
64-bit application (compatible with x64 servers), Exchange 12 lets an
organization keep all of its users' mail and calendar data on the server
where it can be reliably secured, backed up, and made available on a range
of devices. The 64-bit performance allows Exchange to address more memory,
it increases cache sizes, and it helps reduce disk I/O operations. As a
result, Exchange 12 makes more efficient use of each spindle (physical disk
drive) in existing Storage Area Network (SAN) systems while also enabling
inexpensive high-capacity disk drives to be used.
To address the high cost of backup associated with most messaging systems,
Exchange 12 introduces continuous replication features that use log file
shipping to keep a "rolling backup" of a mailbox database either on a local
disk set or on a disk set attached to a second, clustered server. In the
event of a disaster, a replica can be brought online and attached to any
Exchange 12 server in the network. These capabilities will allow many
organizations to move from expensive nightly tape backup procedures to
less-frequent tape or archival backups.
One Inbox
Users aren't just worried about e-mail, of course; they have to deal with
e-mail, faxes, voicemail, and documents-all of which have to be checked
constantly. But most users don't have the level of access they need away
from the office. Exchange 12 will provide a new unified messaging (UM)
solution that will enable end users to receive e-mail messages, faxes, and
voicemails in one Inbox (see Figure 3). Because in some cases the telephone
may be available when other clients are not, UM will support PIM access over
the phone. Users will be able to access their Inbox from any touch-tone
phone using either touch-tone commands or speech recognition. And via
text-to-speech translation, users can listen to their main Inbox items
(including e-mail, calendar, tasks, and contacts) read back to them. Users
can also interact with messages (reply, forward, and so on) and call other
users when appropriate. Corporate directory access will also be supported.
Flexible Server Roles
The next release of Exchange is being designed as a distributed system of
five server roles (see Figure 1). These roles-Mailbox, Hub Transport, Edge
Transport, Client Access, and Unified Messaging-allow Exchange 12 systems to
be installed with exactly the components organizations need, aiding
performance and reducing the surface area for attacks. Server roles are
deployed within the corporate network, with Active DirectoryR access, and
can also be deployed on a single server if needed. The only exception to
this is Edge Transport, which is deployed in the perimeter network with no
Active Directory access.
code name Exchange 12 is massive and very flexible. Check the following
features:
Automatic Client Configuration
Today, configuring the Outlook desktop or mobile clients prior to first use
is complicated, requiring users to enter confusing technical information.
Exchange 12 includes a new automatic discovery and configuration feature
that Outlook 12 and next generation mobile devices will use to configure
themselves completely, including all appropriate corporate policies. End
users will not be required to enter Exchange server names or other technical
information. This capability will spare the IT staff from having to create
complicated deployment or configuration scripts that help users set up
Outlook to connect to Exchange. Additionally, mailbox moves will not require
manual reconfiguration of clients, and if a disaster occurs, clients will
automatically connect to moved or failed-over mailboxes on different
Exchange servers with no manual editing of Outlook or device connection
settings required
Mailboxes Etcetera
Users already rely on their mailboxes as repositories for every work
message they've ever received and even for actual deliverables. As mailbox
sizes have grown to accommodate user needs, the costs associated with
backup, restore, and migration have skyrocketed. Users need larger mailboxes
to handle this workload, but IT is hesitant to supply more space because of
the time and cost associated with managing a large mailbox. As a native
64-bit application (compatible with x64 servers), Exchange 12 lets an
organization keep all of its users' mail and calendar data on the server
where it can be reliably secured, backed up, and made available on a range
of devices. The 64-bit performance allows Exchange to address more memory,
it increases cache sizes, and it helps reduce disk I/O operations. As a
result, Exchange 12 makes more efficient use of each spindle (physical disk
drive) in existing Storage Area Network (SAN) systems while also enabling
inexpensive high-capacity disk drives to be used.
To address the high cost of backup associated with most messaging systems,
Exchange 12 introduces continuous replication features that use log file
shipping to keep a "rolling backup" of a mailbox database either on a local
disk set or on a disk set attached to a second, clustered server. In the
event of a disaster, a replica can be brought online and attached to any
Exchange 12 server in the network. These capabilities will allow many
organizations to move from expensive nightly tape backup procedures to
less-frequent tape or archival backups.
One Inbox
Users aren't just worried about e-mail, of course; they have to deal with
e-mail, faxes, voicemail, and documents-all of which have to be checked
constantly. But most users don't have the level of access they need away
from the office. Exchange 12 will provide a new unified messaging (UM)
solution that will enable end users to receive e-mail messages, faxes, and
voicemails in one Inbox (see Figure 3). Because in some cases the telephone
may be available when other clients are not, UM will support PIM access over
the phone. Users will be able to access their Inbox from any touch-tone
phone using either touch-tone commands or speech recognition. And via
text-to-speech translation, users can listen to their main Inbox items
(including e-mail, calendar, tasks, and contacts) read back to them. Users
can also interact with messages (reply, forward, and so on) and call other
users when appropriate. Corporate directory access will also be supported.
Flexible Server Roles
The next release of Exchange is being designed as a distributed system of
five server roles (see Figure 1). These roles-Mailbox, Hub Transport, Edge
Transport, Client Access, and Unified Messaging-allow Exchange 12 systems to
be installed with exactly the components organizations need, aiding
performance and reducing the surface area for attacks. Server roles are
deployed within the corporate network, with Active DirectoryR access, and
can also be deployed on a single server if needed. The only exception to
this is Edge Transport, which is deployed in the perimeter network with no
Active Directory access.
Sunday, April 23, 2006
Internet Explorer Corrupted!!
I had a problem with IE6 installed on Windows XP SP2. It was complaining about Visual C++ error on iexplorer.exe and close the browser once you clicked OK.
I run this command to restore IE to its original state:
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\Inf\ie.inf
it needs a CD for Windows XP SP2 as well as Windows XP to get the original files.
It doesn't really fix the issue, then I downloaded Hijack This:
http://www.majorgeeks.com/download3155.html
Run the scan and paste the log to:
http://www.hijackthis.de/
and remove the Nasty item from the computer. Reboot and aha!! fixed!!
I run this command to restore IE to its original state:
rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\Inf\ie.inf
it needs a CD for Windows XP SP2 as well as Windows XP to get the original files.
It doesn't really fix the issue, then I downloaded Hijack This:
http://www.majorgeeks.com/download3155.html
Run the scan and paste the log to:
http://www.hijackthis.de/
and remove the Nasty item from the computer. Reboot and aha!! fixed!!
Wednesday, April 19, 2006
Netbios over TCP/IP
If you have issue with Netbios over TCP/IP (e.g. can not browse computers on the network) you need to check and make sure the "TCP/IP Netbios Helper" is started.
If it could not start, make sure you have "Enable Netbios over TCP/IP" selected on your TCP/IP advanced setting.
However, if that setting has been selected but the service could not be started, go to your device manager, view hidden devices and Enable Netbios over TCP/IP, and restart.
original link: microsoft
If it could not start, make sure you have "Enable Netbios over TCP/IP" selected on your TCP/IP advanced setting.
However, if that setting has been selected but the service could not be started, go to your device manager, view hidden devices and Enable Netbios over TCP/IP, and restart.
original link: microsoft
Friday, April 07, 2006
Windows Event Triggers email notification
Tired of watching your Windows server event log? try with this VB Script to send email notification once Windows writes event to its event log.
How to setup the event triggers to notify you by email
=======================================================
1. Modify the eventSystemError.vbs and eventApplicationError.vbs script to suit your need (e.g. Computer name and email address )
2. Put your scripts on any folder (e.g. c:\tools )
3. Create the eventtriggers with the following syntax:
This will create eventtriggers called System Error, monitor the system log for any error and run the event.vbs
-------------------------------------------------------------------------------
eventtriggers /create /tr "System Error" /l system /t error /tk c:\tools\eventSystemError.vbs
This will create eventtriggers called Application Error, monitor the application log for any error and run the eventSystemError.vbs
-------------------------------------------------------------------------------
eventtriggers /create /tr "Application Error" /l application /t error /tk c:\tools\eventApplicationError.vbs
4. Please refer to this website if you need more options (e.g. domain\username authentication):
microsoft
Files:
Application
System
How to setup the event triggers to notify you by email
=======================================================
1. Modify the eventSystemError.vbs and eventApplicationError.vbs script to suit your need (e.g. Computer name and email address )
2. Put your scripts on any folder (e.g. c:\tools )
3. Create the eventtriggers with the following syntax:
This will create eventtriggers called System Error, monitor the system log for any error and run the event.vbs
-------------------------------------------------------------------------------
eventtriggers /create /tr "System Error" /l system /t error /tk c:\tools\eventSystemError.vbs
This will create eventtriggers called Application Error, monitor the application log for any error and run the eventSystemError.vbs
-------------------------------------------------------------------------------
eventtriggers /create /tr "Application Error" /l application /t error /tk c:\tools\eventApplicationError.vbs
4. Please refer to this website if you need more options (e.g. domain\username authentication):
microsoft
Files:
Application
System
Thursday, April 06, 2006
Dual Daemon Postfix log rotate
With dual daemons Posftix, you might want to separate the log file for each daemon.
Let's say the 1st daemon logs to /var/log/maillog and the 2nd daemon logs to /var/log/maillog2, and you want to rotate the log files. I encountered issue when tried to rotate the second log file because maybe the pid of the daemons.
Anyway, I created the second logrotate file /etc/logrotate.d/maillog2 with the following content:
/var/log/maillog2
{
notifempty
daily
rotate 7
compress
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null true
/etc/init.d/postfix reload > /dev/null
/etc/init.d/postfix2 reload > /dev/null
endscript
}
Let's say the 1st daemon logs to /var/log/maillog and the 2nd daemon logs to /var/log/maillog2, and you want to rotate the log files. I encountered issue when tried to rotate the second log file because maybe the pid of the daemons.
Anyway, I created the second logrotate file /etc/logrotate.d/maillog2 with the following content:
/var/log/maillog2
{
notifempty
daily
rotate 7
compress
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null true
/etc/init.d/postfix reload > /dev/null
/etc/init.d/postfix2 reload > /dev/null
endscript
}
Tuesday, March 28, 2006
Linux World Expo and Conference
Tuesday, March 07, 2006
I've got CCDA today!!!
I've got CCDA Today!!!!!
It was really difficult, after long long long time of study... I managed to get it done!
Next target: CCNP or CCDP!!
Or maybe CCA or RHCA or MCSE? arrghh!!!!
It was really difficult, after long long long time of study... I managed to get it done!
Next target: CCNP or CCDP!!
Or maybe CCA or RHCA or MCSE? arrghh!!!!
Thursday, March 02, 2006
Password change reminder for VPN Users
Set a schedule task on one of the servers to run the VBScript.
The script is running by querying LDAP (Active Directory) for the members of a particular group (e.g. VPN Users) and check the password expire age. If the password is almost expired, send the email to remind them to change the password
The script:
[attached vbs file]
password reminder.zip
The script is running by querying LDAP (Active Directory) for the members of a particular group (e.g. VPN Users) and check the password expire age. If the password is almost expired, send the email to remind them to change the password
The script:
[attached vbs file]
password reminder.zip
Friday, February 03, 2006
PC-DUO problem
When you install PC-DUO on your windows xp system, you won't be able to do remote desktop to that machine anymore. It is because PC DUO modify the registry not to use msgina.dll. It uses PCIgina.dll. To remedy this issue, edit the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
find: GinaDLL and change the entry to msgina.dll
ref:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829715&Product=winxp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
find: GinaDLL and change the entry to msgina.dll
ref:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829715&Product=winxp