Mindeasy Technology Know how

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name of the security certificate is invalid or does not match the name of the site”

admin — Wed, 21 Jul 2010 23:10:22 +0000

I ran into an issue where I had imported a SAN certificate into my exchange organization. Once I had imported it I started to get outlook SSL warnings. The issue was that the internal URLs for many of the services outlook connects to were setup with my internal server domain IE host.internaldomain.com. Now I was faced with an issue where I could not get another SAN cert to encompass the host names of my internal domain, because the Domain admin previous to me named the internal domain of a legitimate domain and we did not own that domain. ie internal domain is contoso.com or yahoo.com these domains are owned by someone else thus no SAN cert will be issued. The way around this was I changed the internal URL entries for multiple virtual directories, and created a DNS look-up zone. I found A KB article that shows how to do this.

http://support.microsoft.com/kb/940726

Mail contacts or mailboxes now showing up in GAL

admin — Fri, 09 Jul 2010 18:41:14 +0000

I came a cross an issue where mail contacts and some mailboxes where not showing up in the Global Address List. The funny thing was they showed up in in Outlook Web Access (OWA). The reason this was happening was our outlook clients were running in cached mode and were using the Offline Address Book for GAL look ups (OAB). All I had to do was just update the OAB on the exchange server and hit send and receive from the client machine.

The command you use is below Use the Exhange Management Shell (EMS) to do these

To Update a particular OAB use the below command

Update-OfflineAddressBook “Name of Address Book”

To update all OABs use the belwo command

Get-OfflineAddressBook | Update-OfflineAddressBook

SCOM 2007 install error “Invalid Management Group name

admin — Tue, 06 Jul 2010 19:49:20 +0000

delete

HKLM\Software\Microsoft\Microsoft Operations Manager

powershell script not digitally signed will not execute

admin — Tue, 06 Jul 2010 00:35:25 +0000

Signing PowerShell Scripts

Execution Policies

PowerShell has four execution policies that are Restricted, AllSigned, RemoteSigned, and Unrestricted.

PowerShell is configured in “Restricted” execution policy by default. The Restricted policy will not allow any unsigned scripts to run. If you need to run a powershell script that is not signed then you need to change the policy powershell uses to “Unrestricted” . To do this run the below powershell command on the server that is having the issue.

Set-ExecutionPolicy Unrestricted

How to unseal a management packs in Operations Manager 2007 R2

admin — Tue, 06 Jul 2010 00:27:02 +0000

This article will be about how to convert the MP format to XLS so we can work with it.

I found a script from a person named Boris Yanushpolskyhis blog post is here http://blogs.msdn.com/b/boris_yanushpolsky/archive/2007/08/16/unsealing-a-management-pack.aspx

Pretty much we need to run his script and import it into Operations manager.

Script is

param($mpFilePath,$outputDirectory)

$assembly = [System.Reflection.Assembly]::LoadWithPartialName(“Microsoft.EnterpriseManagement.OperationsManager”)

$mp = new-object Microsoft.EnterpriseManagement.Configuration.ManagementPack($mpFilePath)

$mpWriter = new-object Microsoft.EnterpriseManagement.Configuration.IO.ManagementPackXmlWriter($outputDirectory)

$mpWriter.WriteManagementPack($mp)

Name the script MptoXml.ps1

Run this command:

powershell d:\MpToXml.ps1 -mpFilePath:’d:\Microsoft.Exchange.Server.2003.Monitoring.mp’ -outputDirectory:’d:\’

Changing RDP port in Windows server

admin — Fri, 02 Jul 2010 23:31:59 +0000

1. Start Registry Editor.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

3. On the Edit menu, click Modify, and then click Decimal.

4. Type the new port number, and then click OK.

5. Quit Registry Editor.

And that’s it. Just make sure if you have a windows firewall or another software firewall enabled to allow the new port to connect.

HP Storage Works MSA 2312i

admin — Wed, 30 Jun 2010 22:59:35 +0000

The MSA 2312 i is one of Hp’s iscsi storage appliances. This applianceis easy to setup and provides decent I/O’s for the price. Currently I use this appliance for my corporate VMware system and it has not had any issues yet, running 20 or so moderately used VM’s. The unit contains 2 controllers with a total of 4 iscsi ports that can be grouped together. Sadly though my biggest con for this appliance is that the iscsi ports can not be teamed together to increase throughput. They however can be grouped together to provide multipathing. The mutipathing will be active/passive and can not be active/active. The 2312i can be connected to up to 32 hosts and be directly connected to up to 4 more 2312i units, so the unit is expandable. Overall this is a good entry to mid level storage appliance for light duty to moderate duty work.

Specifications

Performance- Each controller boosts an Athlon 2600+ processor, 300 MBps data Transfer rates and 1 GB memory.

Raid Levels – The MSA 2312 i supports Raid 0, 1, 3, 5, 6, 10, 50

Drives- Sata and SAS

Ports- 4 x GB iscsi ports

Screen shots of the GUI

Disable SSL 2.0 in IIS

admin — Fri, 25 Jun 2010 23:34:48 +0000

Why do you want to Disable SSL 2.0 on your web server. Well the reason is all new SSL certificates now come as SSL 3.0 and the second reason SSL 2.0 is insecure. It is susceptible to man in the middle attacks. All Certificates now only Use SSL 3.0, Now if your site still uses a certificate with SSL 2.0 get a new one. Alsoif you have a system that scan your site like Macafee Hackersafe or Security Metrics, it will detect that you have SSL 2.0 and it will actually make you PCI in-compliant. Below are the steps on how to disable SSL 2.0 on a Windows 2003 server with IIS 6.0 installed.

Click Start, click Run, type regedt32 or type regedit, and then click OK
In Registry Editor, locate the following registry key:HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
On the Edit menu, click Add Value.
In the Data Type list, click DWORD
In the Value Name box, type Enabled, and then click OK
Click OK. Restart the computer

These Instructions work with both IIS 6.0 and IIS 7.0

Sender Policy Framework

admin — Thu, 10 Jun 2010 00:32:34 +0000

What is a SPF record? Well it is a DNS entry that is used to help combat SPAM and email spoofing. It does this by adding information to DNS about which servers are allowed to send email for that Domain. A SPF record is a custom record call txt in windows DNS. There are many tools that can help you automatically create a SPF record. At the end of this article I will list a great one. The way SPF combats SPAM and domain Spoofing is when an email is sent from XYZ domain the receiving server or mail gateway (if configured to do SPF checking) does a SPF check. Once it

Microsoft Window Installer Cleanup Utility

admin — Thu, 10 Jun 2010 00:27:22 +0000

Ever had a situation, where a machine was put in front off you and you where told this program doesn’t work? Well You are in IT so you obviously have and if not you are still in school. I had this happen to me when our CEO adobe acrobat was not working. Well I thought I will just un-install the program and reinstall. I soon found out Adobe would not uninstall and I could not install Acrobat until the old one was gone. Now reinstalling his machine was out off the question so I googled and found this tool. The Microsoft Window Installer Cleanup Utility. It pretty much un-installs any MSI on your system. Below is the link to where to get it and a nice description. This tool has saved my life a few times.

http://support.microsoft.com/kb/290301