Hviidnet.com
28Jan/100

SSL Vpn With 2008 Server

Now-a-days, every business is mobile, which means a VPN connection is most likely needed.  The problem is when clients travel to hotels or other countries, where firewall compatiblity and configuration can cause connectivity issues.  Fortunately, there is an answer for this: SSL VPNs.  Since an SSL VPN connection is secure and allowed on almost all firewalls, remote users will have a much more reliable connection mechanism; no matter where they are.  To top it off, SSL VPN (SSTP) is a feature natively bundled with Windows Server 2008.

How does SSL VPNs help?

* A NAT device doesn’t need to support PPTP in order for it to work.
* Specific ports aren’t required to be open on the firewall (think hotels and other countries).
* Connectivity can be made through web proxy servers.
* The small footprint VPN client is easily accessible.

Clients supported: Vista SP1+, Windows 7, Windows Server 2008

What are the high level steps involved to setting up Windows Server 2008 SSL VPN connections (SSTP)?

* Obtain a certificate to be used for your connections (just as if you are installing an SSL certificate for your website)
* Install IIS on the VPN server
* Request a certificate for the VPN server using the IIS Certificate Request Wizard
* Install the SSL certificate
* Install the RRAS server role on the VPN server
* Enable the RRAS Server and configure it to be a VPN server
* Configure the User Account to allow dial-up connections
* Update DNS (ie. vpn.company.com)
* Configure the Client to use SSTP and Connect to the VPN Server using SSTP

How-To configure Windows 2008 for SSTP VPN

1.  Install IIS on VPN server with all security settings marked for installation
2.  Create a Certificate Request in IIS console
a.  Make sure common name is actual Internet Hostname clients will connect to (e.g. vpn.company.com)
3.  Cut and Paste the certificate request into your SSL provider’s website
4.  Install any Intermediary certificates and your SSL certificate per your SSL provider’s instructions (DO NOT bind the certificate to a website in IIS)
5.  Install Routing and Remote Access
6.  Load the Routing and Remote Access MMC and run the wizard to enable it (Select Custom -> VPN if you are using only 1 NIC)
8.  Enable Dial-In access for the remote user’s AD account
9.  Enabled SSL connection (port 443) from the outside
10. Update DNS for the domain with the common name of the certificate
11. Test the SSL VPN connection by choosing SSTP in the vpn network connection properties

If the connection doesn’t work, make sure the proper certificate is bound following:

1.  Make sure the right certificate hash is bound (netsh http show  ssl)
a. If necessary, delete and readd the correct certificate binding…
1. Remove binding from IPv4 (netsh http delete ssl 0.0.0.0:443)
2. Remove binding from IPv6 (netsh http delete ssl [::]:443)
3. Delete registry entry for the hash (reg delete hklm\system\currentcontrolset\services\sstpsvc\parameters /v sha256certificatehash /f)
4. Add binding from IPv4 (netsh http add sslcert ipport=0.0.0.0:443 certhash=<replace with your cert hash> appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY)
5. Add binding from IPv6 (netsh http add sslcert ipport=[::]:443 certhash=<replace with your cert hash> appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY)

Tagged as: , , , No Comments
27Dec/090

Check Ubuntu swap is allocated

swapon -s

Checks what paths are currently accepted for swap

Tagged as: No Comments
27Dec/092

Ubuntu wrong disk size with DF

Is your linux reporting the wrong disk size after expanding the disk?

get this: http://www.sysresccd.org/

1. Boot you system with a CDROM/USB using any of the rescue linux or knoppix etc. I used sysresccd.
2. After boot up

umount /dev/sda3 (just in case if it is mounted)

3. do a file system check
Code:

fsck -n /dev/sda3

Output shuld be

/dev/sda3: clean, >

4.Removed the journal from /dev/sda3, this will make it an ext2 partition

tune2fs -O ^has_journal /dev/sda3

5. run

e2fsck -f /dev/sda3

6. resize the partition (with resize2fs without options takes your max size of the disk)

resize2fs /dev/sda3

7. Next run

fsck -n /dev/sda3

8. Create journal on /dev/sda3, this will turn sda3 to ext3 partition again
Code:

tune2fs -j /dev/sda3

9. Reboot the system using your original OS

Tagged as: 2 Comments
29Jul/090

Getting timemachine to backup to NAS

Some of us may own Network Attached Storage (NAS) devices, and/or may feel that an Apple Time Capsule is too expensive, and hence would rather buy a seperate router, NAS and Hard Disk Drives. This guide will help you to enable Time Machine on any NAS, allowing you to have the functionality of a Time Capsule, with hardware of your own choosing.

  1. Prepare your NAS. Make sure it is fully functioning. This mini-guide assumes you already have one that is functioning well, and you know how to manage it.
  2. It would be preferable to assign your NAS a Static IP address. Check your router and NAS documentation for guidelines on how to do this.
  3. In OS X, open up Terminal and enter the following command to enable Time Machine to work with your NAS: defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
  4. Log out of OS X and Log in again. You do not need to reboot your machine.
  5. Time Machine saves backups in a very specific format, and we will use a sparsebundle to get this done. The sparsebundle name consists of your Computername_MACaddress.sparsebundle.
  6. Find the MAC address of the machine’s internal Ethernet port with ifconfig en0 | grep ether | sed s/://g | sed s/ether// in Terminal. This will return one line of output, which is the MAC address for the Ethernet port, which will be a string of 14 hexadecimal characters (letters and numbers, for example, 001ec4b8f9b3). 

Even if the network backups will be done using a different port (e.g. AirPort: usually en1), the system will use the MAC address of en0 as part of the system identifier.
  7. Make a new “sparsebundle” on a local disk (NOT the Time Machine disk!). This sparsebundle is a virtual filesystem image which we’ll copy to the NAS, and Time Machine will then access it remotely (that way Time Machine’s not limited by the filesystem features of whatever NAS it’s using: all the funky stuff happens within the sparsebundle). By default sparsebundles can keep growing until they fill up the NAS, but in this scenario we keep other things on the NAS as well as backups, and we’re going to limit the sparsebundle size to 70 GB.Enter the following command in Terminal:
    sudo hdiutil create -size 70g -type SPARSEBUNDLE -nospotlight -volname "Backup of My Mac" -fs "Case-sensitive Journaled HFS+" -verbose ./Computername_MACaddress. This will create a 70GB sparse-bundle as a case-sensitive, journaled HFS+ without spotlight indexing. Substitute variables in red for values you need. Computername_MACaddress may be in the form of “DansComputer_001ec4b8f9b3
  8. Log into your NAS and create a user Account (Eg, “TimeMachine”). You may want to assign disk space quotas for this user if you need to.
  9. On your NAS, create a shared folder (Eg, “TimeMachine”). Add the user account you created in step 8 above, and grant that user Read+Write privileges.
  10. In Finder, select Go>Connect to Server. For the server address, type smb://TimeMachine@ip-address-of-nas/TimeMachine. Click Connect and when prompted, enter the password and save in your keychain.
  11. Now copy your locally created sparsebundle into the TimeMachine share. If you did not change the folder when you entered command prompt, you may find this sparsebundle in your Home folder (/Users/yourusername).
  12. On your NAS, check to see that the file is copied under the correct user account.
  13. Open up Time Machine, select your “TimeMachine”-folder as the desired destination, and the backup will start.
  14. Tip: For the first backup it is recommended to connect via LAN, as you will be able to get a throughput of 10-30MB/sec.
  15. If your NAS allows for it, you may now hide your TimeMachine folder so they do not show up over the network share list.

Hope this helps.

Tagged as: , , , No Comments
24Jul/090

Exchange 2003 and pop3 timeouts

If you have a system where most users get timeouts on their pop3 accounts this might be the fix!

Install and open wireshark (google wireshark) and set it to filter to only pop3 with this:  "tcp.port == 110"

try to login to the pop3 server with telnet like this:

telnet exchangeserver.com 110

user userwithproblem@exchangeserver.com

pass testpassword

list

retr 1

see if you dont get signoff  message in wireshark you might have this problem. Its detailed in KB816896

Make this reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\POP3Svc\Parameters]
"CheckPop3Tail"=dword:00000001

(REMEMBER a return in the end or regedit wont eat the file is its supposed to)

Install the regfile, and restart the pop3 service.

Try and get your mail again.

Hope this helps someone out there :)

Filed under: Exchange, Servers, Windows No Comments
   Older Entries »

Categories

Account

Archives