FreePBX SIP Debugging

To debug FreePBX SIP, just get into the asterisk context by typing:

> asterisk -vvvvvr

localhost*CLI> sip show peers

it shows all your peers, then:

localhost*CLI> sip set debug peer (peer_name)

To stop debug, type:

localhost*CLI> sip set debug off

Manage Workgroup Servers with SCOM 2012

This is a very high level steps how to have your workgroup servers to be managed by SCOM 2012.
I have this task to have my Exchange Edge Transport server sitting on DMZ to be managed by SCOM

For them to be able to communicate and authenticate each other, they must be using a certificate.
I have my internal CA (lucky me)

1. Make sure your Workgroup server trusts your CA.
You can browse to your https://internal-ca.domain.com/certsrv URL and download the CA certificate and import this to the Workgroup server's Trusted Root CA (Computer store)

2. Make sure you have a certificate template that has Server and Client Authentication purposes 
If you don't have one, duplicate one from the "Computer" template with Windows 2003 version. Make sure "allow export private key" is selected and "subject name" is supplied in the request.

3. Request a certificate from your Workgroup server to your internal CA 
Use the template you created on step 2

4. Move certificate from user store to computer store 
After request the certificate, it will automatically install the certificate on the user store. You need to export this (along with the private key) and import it back to the computer store

5. Install SCOM 2012 Agent 
Insert SCOM installation ISO/DVD and install SCOM Agent. Make sure you are using FQDN for the SCOM server during the installation wizard

6. Firewall port need to be allowed on TCP 5723 inbound and outbound 
SCOM Agent is using TCP 5723 port number to communicate with SCOM Server, open this on your firewall inbound and outbound

7. Import the certificate to SCOM Agent
On the installation ISO/DVD, navigate to SupportTools\AMD64 and run MOMCertImport.exe. It then asks you to select which certificate to use. Select the one that you created on step 3

8. Restart the System Center Management service

9. Request a certificate from your SCOM Management Server
Do exactly the same thing like step 3-4, but now do this from the SCOM Management Server

10. Import the certificate to SCOM Management Server
Do exactly the same thing like step 7-8, but now do this from the SCOM Management Server

11. Wait
Your agent should come out on the Pending Management section of your SCOM Administration console

VBScript Open Internet Explorer with No Address Bar

Sometime you need to open IE with no address bar, like when you publish IE through Citrix XenApp: Below VBScript is the way to go:

Dim objIENoToolbars
Set objIENoToolbars = WScript.CreateObject ("InternetExplorer.Application")
ObjIENoToolbars.Toolbar = false
objIENoToolbars.Navigate "http://mywebsite.domain.com/"
objIENoToolbars.Visible = true 

Just got finish my 642-874 Exam - officially CCDP

CCDP Wohoooo!!

Exchange 2010 SP2 RU 4v2 Bug - Mailbox Move

After applying the SP2 RU 4v2 to my Exchange 2010 environment, apparently there is a bug when a mailbox is moved between two different databases within the same server. According to Microsoft forum this bug was introduced by SP2 RU3. Anyone who is still running on SP2 RU2 is not affected.

When you move the mailbox, it will have the Move Request Status: Completed with warning
You also will get the following comment:

Warning: Failed to clean up the source mailbox after the move.
Error details: MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)

In the log of the move request, you will see the error:

Failed to clean up the source mailbox 'Primary (9105c233-5387-47bc-99ea-2c0255cf63ad)' after the move. Attempt 1/6.
Error details: MapiExceptionUnexpectedMailboxState MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634) at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcAdmin.DeletePrivateMailbox(Guid guidMdb, Guid guidMailbox, Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.DeleteMailboxInternal(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass2a.<Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox>b__29()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass6d.<PostMoveCleanupSourceMailbox>b__6b()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)

...
...

Post-move cleanup failed. The operation will try again in 30 seconds (5/6).
Failed to clean up the source mailbox 'Primary (9105c233-5387-47bc-99ea-2c0255cf63ad)' after the move. Attempt 6/6.
Error details: MapiExceptionUnexpectedMailboxState MapiExceptionUnexpectedMailboxState: Unable to delete mailbox. (hr=0x80004005, ec=2634)
   at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcAdmin.DeletePrivateMailbox(Guid guidMdb, Guid guidMailbox, Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.LocalMailbox.DeleteMailboxInternal(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.<>c__DisplayClass2a.<Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox>b__29()
   at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(GenericCallDelegate operation)
   at Microsoft.Exchange.MailboxReplicationService.MailboxWrapper.Microsoft.Exchange.MailboxReplicationService.IMailbox.DeleteMailbox(Int32 flags)
   at Microsoft.Exchange.MailboxReplicationService.MoveBaseJob.<>c__DisplayClass6d.<PostMoveCleanupSourceMailbox>b__6b()
   at Microsoft.Exchange.MailboxReplicationService.CommonUtils.CatchKnownExceptions(GenericCallDelegate del, FailureDelegate failureDelegate)
 
Request is complete.

The implication of this bug:

• There will be delay of 30 seconds x 6 tries = 3 minutes for each mailbox being moved
• During the last 3 minutes of the mailbox move, the Outlook client is being disconnected
• Mailbox in the source database is not deleted, it is mark as soft deleted mailbox

 To view the Soft Deleted mailboxes:

Get-MailboxDatabase | Get-MailboxStatistics | where {$_.DisconnectReason -ne $null} | ft  displayname,database,disconnectreason -auto

To delete the Soft Deleted mailboxes:

Remove-StoreMailbox -database "Old database" -Identity "Smith, John" -MailboxState SoftDeleted

So far there is no report from my users who have got their mailboxes moved

DNS IP to localhost

While I am doing this coding of DNS server and using my development machine to debug the program, I need to somehow configure my Windows 7 client's DNS setting to point to itself as the DNS server (e.g. 127.0.0.1).

Surprisingly, Windows 7 rejects the setting when you put 127.0.0.1 as the DNS IP address of your network connection.

Found the following Powershell to change it easily

$wmi = Get-WmiObject win32_networkadapterconfiguration -filter "ipenabled = 'true'"
$wmi.SetDNSServerSearchOrder("127.0.0.1")

SSRS SQL 2008 R2 Export Reports

I need to migrate reports from the old SSRS to the new one. To do this, I need to export all the reports as an RDL file and upload them all to the new SSRS server

Found this article by geektrainer.com how to create a VB script .rss file to exports all SQL Server Report file as an .rdl file.

Here is the code:

'must use -v rootPath="C:\Reports"
Sub Main()    
    Dim items As CatalogItem() = rs.ListChildren("/", true)

    For Each item As CatalogItem in items
        If item.Type = ItemTypeEnum.Folder Then
            CreateDirectory(item.Path)
        Else If item.Type = ItemTypeEnum.Report Then
            SaveReport(item.Path)
        End If
    Next
End Sub

Sub CreateDirectory(path As String)
    path = GetLocalPath(path)
    System.IO.Directory.CreateDirectory(path)
End Sub

Sub SaveReport(reportName As String)
    Dim reportDefinition As Byte()
    Dim document As New System.Xml.XmlDocument()
    
    reportDefinition = rs.GetReportDefinition(reportName)
    
    Dim stream As New MemoryStream(reportDefinition)
    document.Load(stream)
    document.Save(GetLocalPath(reportName) + ".rdl")
End Sub

Function GetLocalPath(rsPath As String) As String
    Return rootPath + rsPath.Replace("/", "\")
End Function

Save the code below as export.rss file, create a folder where the reports will be stored (e.g. C:\Reports) then run the RS.EXE command against your report server web service URL

rs.exe -i export.rss -s http://reportserver.domain.local/ReportServer -v rootPath="C:\Reports"

This will create all the reports in the .rdl format in the folder specified above

Windows Vault - SharePoint 2010

I have seen a problem where a user always prompts for a username and password when they are trying to open a SharePoint 2010 site. The credential dialog box has got the username field as READ ONLY.

The reason for the prompt is that the username for unknown reason is wrong and cannot be changed!

If you check the security event log, you will see Event ID 4648

To fix this problem you need to check the Windows Credential Manager, start it from the CMD

control /name Microsoft.CredentialManager

and remove the wrongly assigned credential to the site

Cisco ASA on GNS3

I was planning to design our existing ASA firewalls that are currently running independently to be active/active firewall running on multiple contexts.

I need a test lab for this. I use GNS3 for this.

I also need the ASA image and kernel files to be loaded in GNS3. Those files can be found from here
Once you got those files, you need to configure Qemu with the following options:

Qemu Options: -vnc none -vga none -m 1024 -icount auto -hdachs 980,16,32

Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

Also make sure you select the correct Initrd and Kernel files you downloaded earlier




You can now be able to start any ASA instance you have and when you do that, load the following keys:

activation-key 0x4a3ec071 0x0d86fbf6 0x7cb1bc48 0x8b48b8b0 0xf317c0b5
activation-key 0xb23bcf4a 0x1c713b4f 0x7d53bcbc 0xc4f8d09c 0x0e24c6b6




Cisco 4500 Series Switch Software Upgrade

Just got a pair of Cisco 4500 series switches with dual sup 7E. Needed to be upgraded to the latest IOS version.

Here are the steps to upgrade it:

• Copy the .bin file from the TFTP server to both Sups (Active and Standby)

          copy source_device:source_filename bootflash:target_filename

          copy source_device:source_filename slavebootflash:target_filename

• Change the boot system command

no boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E5
wr mem


boot system flash bootflash:c6msfc2-jsv-mz.121-8a.E6
wr mem


• Change the config register

config-register 0x2102
wr mem


• Reload the Standby Sup

          redundancy reload peer

• Failover the Sup

          redundancy force-switchover

App-V SQL Move Error 0000C800

Recently I just moved App-V SQL Database from one to the other. I use the following procedures:

http://technet.microsoft.com/en-us/library/gg252515.aspx

However, when trying to open the management console, I got the error code: 0000C800
One of the troubleshooting I have done was changing the UDL file and test connection was working, however the error persists.

It ended up I have to do the followings:

• Open the SftMgmt.udl file from the Notepad
• Copy the content of the file
• Rename the SftMgmt.udl file to SftMgmt.udl.old
• Create a new file using Notepad
• Paste the connection string to the newly created file and modify the connection string to use the new SQL name
• Save as the file to SftMgmt.udl
• DO NOT open this newly created file. Try to open the management console again, if that works, job is done!

SharePoint 2010 Version Number

Here is one handy command to get your SharePoint 2010 version number:

(get-spfarm).buildversion

Officially VCP 5 Today!

Just passed VCP510 exam today, yay!
Pretty difficult compare to the other exams

 

Exchange 2010 Distribution List Owner

I have been migrating user mailboxes from Exchange 2007 to Exchange 2010 lately. Apparently a user who has got the manage rights to a distribution list in Exchange 2007, might not be able to manage their DL anymore once his/her mailbox has been migrated to the Exchange 2010.

This is by design. Exchange 2010 by default does not allow individual users to create, modify, remove and add members to distribution groups they own

The user will get access denied if they were trying to add/remove a user from the DL they were managing. To fix this, you can tick the check box from the RBAC User Editor/Default Role Assignment Policy. However as you can see in the description of this option, it will also grant the user to add and delete the DL by them self.

If we were only want to enable them to only manage the DL their own, you need to use the following PowerShell script:

# Script for creating a Role that can manage distributions groups but can't create new ones 
#  
################################################################################# 
#  
# The sample scripts are not supported under any Microsoft standard support  
# program or service. The sample scripts are provided AS IS without warranty  
# of any kind. Microsoft further disclaims all implied warranties including, without  
# limitation, any implied warranties of merchantability or of fitness for a particular  
# purpose. The entire risk arising out of the use or performance of the sample scripts  
# and documentation remains with you. In no event shall Microsoft, its authors, or  
# anyone else involved in the creation, production, or delivery of the scripts be liable  
# for any damages whatsoever (including, without limitation, damages for loss of business  
# profits, business interruption, loss of business information, or other pecuniary loss)  
# arising out of the use of or inability to use the sample scripts or documentation,  
# even if Microsoft has been advised of the possibility of such damages 
# 
################################################################################# 
# 
# Written by Matthew Byrd 
# Matbyrd@microsoft.com 
# Last Updated 10.15.09 
 
 
# Parameter to get a different name than default for the new Role 
Param([string]$name="MyDistributionGroupsManagement",[string]$policy="Default Role Assignment Policy",[switch]$creategroup,[switch]$removegroup) 
 
# Help Function 
Function Show-Help { 
 
" 
This script is will create or manage a management role designed to allow users to modify groups that they already own 
but not create or remove any new distribution groups. 
 
Switches: 
-name           Name of the managment role you want to create or modify 
                    Defaults to: `"MyDistributionGroupsManagmenet`" 
                     
-policy         Name of the Role Policy you want to assign the role to 
                    Defaults to: `"Default Role Assignement Policy`" 
                     
-creategroup    Adds or Removes the ability of the Role to Create DLs 
 
-removegroup    Adds or Removes the ability of the Role to Remove DLs 
 
Examples: 
-------------------------------------------- 
This will Use the default names and Policy and will create a role that cannot 
Create or remove groups but can still modify them.  If the role already exists 
It will modify it by removing or adding the abiltity to create and remove groups 
based on the current state. 
 
Manage-GroupManagementRole -CreateGroup -RemoveGroup 
 
" 
 
 
} 
 
 
 
# Function to modify a role by removing or adding Role Entries 
# If no action is passed we assume remove 
# $roleentry should be in the form Role\Roleentry e.g. MyRole\New-DistributionGroup 
Function ModifyRole { 
 Param($roleenty,$action) 
     
    Switch ($action){ 
        Add {Add-ManagementRoleEntry $roleenty -confirm:$false} 
        Remove {Remove-ManagementRoleEntry $roleenty -confirm:$false} 
        Default {Remove-ManagementRoleEntry $roleenty -confirm:$false} 
    } 
} 
 
If (($creategroup -eq $false) -and ($removegroup -eq $false)){ 
    Show-Help 
    exit 
} 
 
 
# Test if we have a role that already has that name 
If (([bool](Get-Managementrole $name -erroraction Silentlycontinue)) -eq $true){ 
    Write-Warning "Found a Role with Name: $name" 
    Write-Warning "Trying to Modify Existing Role" 
} 
Else { 
    # Create the new Management Role 
    Write-Host "Creating Managmenet Role $name" 
    New-ManagementRole -name $name -parent MyDistributionGroups 
} 
 
# Determine if we have the New and Remove Role Entries on the Role Already 
$create = [bool](Get-managementroleentry $name\New-DistributionGroup -erroraction Silentlycontinue) 
$remove = [bool](Get-managementroleentry $name\Remove-DistributionGroup -erroraction Silentlycontinue) 
 
# If we have the switch CreateGroup add or remove the RoleEntry for New-DistributionGroup 
If ($creategroup -eq $true){ 
    If ($create -eq $true){ModifyRole $name\New-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} 
    elseif ($create -eq $false) {ModifyRole $name\New-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} 
} 
 
# If we have the switch RemoveGroup add or remove the RoleEntry for New-DistributionGroup 
If ($removegroup -eq $true){ 
    If ($remove -eq $true){ModifyRole $name\Remove-DistributionGroup Remove;Write-Host "Removing ability to create distribution Groups from $name"} 
    elseif ($remove -eq $false) {ModifyRole $name\Remove-DistributionGroup Add;Write-Host "Adding ability to create distribution Groups to $name"} 
} 
 
# Test if we have the assignment for the Role and Policy 
# If we do ... write a warning 
# If not create a new assignment 
If (([bool](get-managementroleassignment $name-$policy -erroraction SilentlyContinue)) -eq $true){ 
    Write-Warning "Found Existing Role Assignment: $name-$policy" 
    Write-Warning "Making no modifications to Role Assignments" 
} 
Else { 
    # Assign the Role to the Role Policy 
    Write-Host "Creating Managmenet Role Assignment $name-$policy" 
    New-ManagementRoleAssignment -name ($name + "-" + $policy) -role $name -policy $policy 
} 

Save the code to as MyDistributionGroupsManagement.ps1 file
Run the script:

MyDistributionGroupsManagement.ps1 -creategroup -removegroup

The script is basically create another role as a child role of the MyDistributionGroups and remove the ability to create and remove DL.
Once you have run the script, you will have the following Role:

Thanks to MS Exchange Team to share the script here

Netbackup Skipping Backup ID

Using Netbackup 7.5, recently we encountered the following error:

no images were successfully processed (191)

and

found no images or media matching the selection criteria (190)

and if you do "Search Now" in the Catalog with Action: Verify, you will get the following error:

To fix this issue, run the following command:

bpexpdate -backupid XXXXX_1338296403 -d 0 -force

this will force the problematic backup id to expire

ESXi 5 Install Offline Bundle

To install the ESXi 5 host with the Offline Bundle:

• Download the ISO file from VMware
• Extract the ISO file and find the offline-bundle ZIP file
• SCP this ZIP file to the ESXi host (e.g. /tmp/driver.zip)
  
• Run the following command

esxcli software vib install -d /tmp/offline-bundle.zip

Reboot

iPhoto Backup

I am using iPhone and taking photos with it. As you know it imports the photos automatically to the iPhoto when it is connected to the OSX. I created the following bash script to mount the Windows file share and copy the photos to the Windows Server

#!/bin/bash
mount -t smbfs //username:password@windowsserver/pictures /Users/laurence/Mount
rsync -urz /Users/laurence/Pictures/iPhoto\ Library/Masters /Users/laurence/Mount/iPhoto
umount /Users/laurence/Mount

Exchange ExMon

Exchange ExMon tool is an awesome tool! by using this tool, for each user session, you can view

• Number of packets
• Number of operations
• CPU Time
• CPU %
• Avg and Max Server latency
• Bytes In and Out
• Client Version and IP Address
• Read, PreRead and Dirtied Pages
• Log Bytes

The Log Bytes information is particularly very helpful if you want to find out who is filling up your Exchange Server Logs

The program can be downloaded from here

Sometime when you run it, it crashes :) and if you try to run it again, you will get the following error:

Then you should do the followings:

Open the Command Prompt and type in:

logman query -ets

As you can see in the picture above, the last line is: Exchange Event Trace
You need to stop this trace, by typing:

logman stop "Exchange Event Trace" -ets

Then you can run the ExMon again.

 

Exchange 2010 Recovery

Recently I had to recover my Exchange 2010 Servers. One of them was the Mailbox server role part of the DAG and the other one was the CAS, Hub and UM server. Those 2 servers were totally gone, unrecoverable due to RAID controller failure

CAS + Hub + UM Server Recovery

• Build the server, Windows 2008 R2 SP1, name it EXACTLY the same name with the failed server name
• Add all the Windows Server role + features required for CAS+Hub+UM
• Patch it
• Join to the domain
• Extract the Exchange 2010 SP2 to the temp directory (e.g. C:\temp)
• Run setup.com /m:RecoverServer
• Reboot and check the configuration

Mailbox Server Recovery

• Build the server, Windows 2008 R2 SP1 (Enterprise), name it EXACTLY the same name with the failed server
• Add the Windows Server role + features required for Mailbox role
• Patch it
• Join to the domain
• Remove the database copy from this failure Mailbox server (e.g. do this from the running Exchange 2010 Server)

Remove-MailboxDatabaseCopy DB1\MBX1

• Remove the failed server's configuration from the DAG

Remove-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1 -ConfigurationOnly

• Extract the Exchange 2010 SP2 to the temp directory (e.g. C:\temp)
• Run setup.com /m:RecoverServer
• Reboot
• Add the server back to the DAG

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1

• Add the database copy

Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer MBX1

Trixbox + CUCM + Exchange UM + SP3102 + SRP527W Part 1

I have setup the voice network @home as per below picture

As you can see, there are a lot of SIP trunks between them. I will try to put the configuration for each of them

Exchange UM - CUCM

For Exchange UM and CUCM connection configuration, just follow the document published by Microsoft: http://www.microsoft.com/download/en/details.aspx?id=13591

The following is the CUCM Media Resource Group

The following is the CUCM Media Resource Group List

The following is the CUCM Configuration for the SIP Trunk to Exchange UM (e.g. mx01.domain.local), use the Media Resource Group List created above

CUCM - Trixbox

Create a new SIP Trunk Security Profile

Create a SIP trunk from CUCM to Trixbox, use the SIP Trunk Security Profile created above

Create a new Route Group

Create a new Route List

Create a new Route Pattern

I have extension 1499 and 1500 for Exchange UM Pilot and Auto Attendant respectively

I created a Route Pattern for default route to Trixbox when dial starts with 9. I also do exactly the same Route Pattern to the default route when dial starts with 0. The purpose for this is to use VOIP when dial with 9 and to use PSTN when dial with 0 first (configuration later on Trixbox)

Trixbox - CUCM

To be continue...