20 January 2013

Cisco Unified Call Manager Express (UCME) Cisco IOS basic configuration example 2

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname UCME
!
boot-start-marker
boot system flash c2800nm-ipvoicek9-mz.151-3.T.bin
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
clock timezone met 1 0
clock summer-time summertime recurring last Sun Mar 3:00 last Sun Oct 3:00
network-clock-participate wic 0
network-clock-participate wic 1
network-clock-select 1 BRI0/0/0
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name evo.local
ip name-server 10.2.2.20
ip name-server 10.2.2.21
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
isdn switch-type basic-net3
!
!
voice rtp send-recv
!
voice service voip
 qsig decode
 h323
  h225 h245-address on-connect
!
voice class codec 1
 codec preference 1 g711alaw
 codec preference 2 g711ulaw
!
voice class h323 1
  call start slow
!
voice class h323 333
  telephony-service ccm-compatible
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1115611083
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1115611083
 revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1115611083
 certificate self-signed 02 nvram:IOS-Self-Sig#2.cer
!
!
license udi pid CISCO2811 sn xxxxxxxxx
username admin privilege 15 password 7 xxxxxxxxxxxxxxxx
!
!
ip ssh time-out 60
ip ssh authentication-retries 4
!
translation-rule 1
 Rule 0 ^0 00
!
!
translation-rule 2
 Rule 0 ^9 10
!
!
!
!
!
!
interface FastEthernet0/0
 description LAN
 ip address 10.2.2.5 255.255.255.0
 duplex auto
 speed auto
 h323-gateway voip interface
 h323-gateway voip bind srcaddr 10.2.2.5
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface BRI0/0/0
 no ip address
 isdn switch-type basic-net3
 isdn overlap-receiving
 isdn point-to-point-setup
 isdn incoming-voice voice
 isdn send-alerting
 isdn sending-complete
 isdn static-tei 0
!
interface BRI0/0/1
 no ip address
 isdn switch-type basic-net3
 isdn overlap-receiving
 isdn point-to-point-setup
 isdn incoming-voice voice
 isdn send-alerting
 isdn sending-complete
 isdn static-tei 0
!
interface BRI0/1/0
 no ip address
 isdn switch-type basic-net3
 isdn overlap-receiving
 isdn point-to-point-setup
 isdn incoming-voice voice
 isdn send-alerting
 isdn sending-complete
 isdn static-tei 0
!
interface BRI0/1/1
 no ip address
 shutdown
 isdn switch-type basic-net3
 isdn overlap-receiving
 isdn point-to-point-setup
 isdn incoming-voice voice
 isdn send-alerting
 isdn sending-complete
 isdn static-tei 0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:
!
ip route 0.0.0.0 0.0.0.0 10.2.2.1
!
!
!
tftp-server flash:Desktops/320x212x12/CampusNight.png
tftp-server flash:Desktops/320x212x12/CiscoFountain.png
tftp-server flash:Desktops/320x212x12/MorroRock.png
tftp-server flash:Desktops/320x212x12/NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/TN-CampusNight.png
tftp-server flash:Desktops/320x212x12/TN-CiscoFountain.png
tftp-server flash:Desktops/320x212x12/TN-Fountain.png
tftp-server flash:Desktops/320x212x12/TN-MorroRock.png
tftp-server flash:Desktops/320x212x12/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/Fountain.png
tftp-server flash:Desktops/320x212x12/CiscoLogo.png
tftp-server flash:Desktops/320x212x12/TN-CiscoLogo.png
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:gui/admin_user.html
tftp-server flash:gui/admin_user.js
tftp-server flash:gui/CiscoLogo.gif
tftp-server flash:gui/Delete.gif
tftp-server flash:gui/dom.js
tftp-server flash:gui/downarrow.gif
tftp-server flash:gui/ephone_admin.html
tftp-server flash:gui/logohome.gif
tftp-server flash:gui/normal_user.html
tftp-server flash:gui/normal_user.js
tftp-server flash:gui/Plus.gif
tftp-server flash:gui/sxiconad.gif
tftp-server flash:gui/Tab.gif
tftp-server flash:gui/telephony_service.html
tftp-server flash:gui/uparrow.gif
tftp-server flash:gui/xml-test.html
tftp-server flash:gui/xml.template
tftp-server flash:ringtones/Analog1.raw
tftp-server flash:ringtones/Analog2.raw
tftp-server flash:ringtones/AreYouThere.raw
tftp-server flash:ringtones/AreYouThereF.raw
tftp-server flash:ringtones/Bass.raw
tftp-server flash:ringtones/CallBack.raw
tftp-server flash:ringtones/Chime.raw
tftp-server flash:ringtones/Classic1.raw
tftp-server flash:ringtones/Classic2.raw
tftp-server flash:ringtones/ClockShop.raw
tftp-server flash:ringtones/DistinctiveRingList.xml
tftp-server flash:ringtones/Drums1.raw
tftp-server flash:ringtones/Drums2.raw
tftp-server flash:ringtones/FilmScore.raw
tftp-server flash:ringtones/HarpSynth.raw
tftp-server flash:ringtones/Jamaica.raw
tftp-server flash:ringtones/KotoEffect.raw
tftp-server flash:ringtones/MusicBox.raw
tftp-server flash:ringtones/Piano1.raw
tftp-server flash:ringtones/Piano2.raw
tftp-server flash:ringtones/Pop.raw
tftp-server flash:ringtones/Pulse1.raw
tftp-server flash:ringtones/Ring1.raw
tftp-server flash:ringtones/Ring2.raw
tftp-server flash:ringtones/Ring3.raw
tftp-server flash:ringtones/Ring4.raw
tftp-server flash:ringtones/Ring5.raw
tftp-server flash:ringtones/Ring6.raw
tftp-server flash:ringtones/Ring7.raw
tftp-server flash:ringtones/RingList.xml
tftp-server flash:ringtones/Sax1.raw
tftp-server flash:ringtones/Sax2.raw
tftp-server flash:ringtones/Vibe.raw
tftp-server flash:APPS-1.2.1.SBN
tftp-server flash:SYS-1.2.1.SBN
tftp-server flash:GUI-1.2.1.SBN
tftp-server flash:CP7921G-1.2.1.LOADS
tftp-server flash:TNUX-1.2.1.SBN
tftp-server flash:TNUXR-1.2.1.SBN
tftp-server flash:WLAN-1.2.1.SBN
tftp-server flash:apps37sccp.1-2-1-0.bin
tftp-server flash:APPSH-1.3.1.SBN
tftp-server flash:GUIH-1.3.1.SBN
tftp-server flash:CP7925G-1.3.1.LOADS
tftp-server flash:SYSH-1.3.1.SBN
tftp-server flash:TNUXH-1.3.1.SBN
tftp-server flash:WLANH-1.3.1.SBN
tftp-server flash:B016-1-0-4.SBN
!
control-plane
!
!
voice-port 0/0/0
 translate calling 1
 translate called 2
 compand-type a-law
 cptone CH
!
voice-port 0/0/1
 translate calling 1
 translate called 2
 compand-type a-law
 cptone CH
!
voice-port 0/1/0
 translate calling 1
 translate called 2
 compand-type a-law
 cptone CH
!
voice-port 0/1/1
 translate calling 1
 translate called 2
 compand-type a-law
 cptone CH
!
voice-port 0/2/0
 description fax machine
 caller-id enable
!
voice-port 0/2/1
!
!
!
mgcp profile default
!
!
dial-peer voice 310 pots
 description INCOMING CALLS
 incoming called-number ..
 direct-inward-dial
 port 0/0/0
 forward-digits 0
!
dial-peer voice 311 pots
 description INCOMING CALLS
 incoming called-number ..
 direct-inward-dial
 port 0/0/1
 forward-digits 0
!
dial-peer voice 312 pots
 description INCOMING CALLS
 incoming called-number ..
 direct-inward-dial
 port 0/1/0
 forward-digits 0
!
dial-peer voice 313 pots
 description INCOMING CALLS
 incoming called-number ..
 direct-inward-dial
 port 0/1/1
 forward-digits 0
!
dial-peer voice 120 pots
 description OUTGOING CALLS
 destination-pattern 0T
 port 0/0/0
!
dial-peer voice 121 pots
 description OUTGOING CALLS
 destination-pattern 0T
 port 0/0/1
!
dial-peer voice 122 pots
 description OUTGOING CALLS
 destination-pattern 0T
 port 0/1/0
!
dial-peer voice 123 pots
 description OUTGOING CALLS
 destination-pattern 0T
 port 0/1/1
!
dial-peer voice 126 pots
 description FAX FXS PORT
 destination-pattern 109
 port 0/2/0
!
!
!
telephony-service
 max-ephones 30
 max-dn 140
 ip source-address 10.2.2.5 port 2000
 timeouts interdigit 8
 system message Evolve
 cnf-file location flash:
 user-locale U1 load CME-locale-it_IT-Italian-7.0.1.1.tar
 network-locale CH
 load 7916-12 B016-1-0-4.SBN
 load 7916-24 B016-1-0-4.SBN
 load 7911 SCCP11.8-4-2S.loads
 load 7942 SCCP42.8-4-2S.loads
 load 7965 SCCP45.8-4-2S.loads
 load 7975 SCCP75.8-4-2S.loads
 time-zone 23
 time-format 24
 date-format dd-mm-yy
 max-conferences 8 gain -6
 moh flash:/music-on-hold.au
 web admin system name mtfinfo password xxxxxxxxxxxxxxxx
 web admin customer name admin password xxxxxxxxxxxxxxxx
 dn-webedit
 time-webedit
 transfer-system full-consult
 transfer-pattern T
 directory last-name-first
 create cnf-files version-stamp 7960 Jul 02 2012 11:48:10
!
!
ephone-dn  1
 number 100
 pickup-group 11
 description Name
 name Name SName
 preference 1
 call-forward noan 101 timeout 4
 no huntstop
!
!
ephone-dn  2
 number 100
 pickup-group 11
 description Name
 name Name SName
 preference 2
 call-forward noan 101 timeout 5
 no huntstop
!
!
ephone-dn  3
 number 100
 pickup-group 11
 description Name
 name Name SName
 preference 3
 call-forward noan 101 timeout 5
 no huntstop
!
!
ephone-dn  4
 number 100
 pickup-group 11
 description Name
 name Name SName
 preference 4
 call-forward noan 101 timeout 5
 no huntstop
!
!
ephone-dn  5  dual-line
 number 105
 pickup-group 11
 description Name Miao
 name Name SName Miao
 preference 1
 no huntstop
!

!
ephone  1
 mac-address B8BE.BF22.79C8
 username "nSName" password xxxxxxxxxxxxxxx
 speed-dial 1 00913333333# label "Bookmark1"
 speed-dial 2 00913333334# label "Bookmark2"
 speed-dial 3 00913333335# label "Bookmark3"
 type 7975 addon 1 7916-24
 button  1:1 2:2 3:3 4:4
 button  5:5 8o130,131,132,133,134
!
!
!
ephone  2
 mac-address C062.6BD2.D514
 username "miao" password xxxxxxxxxx
 type 7942
 button  1:5 2o130,131,132,133,134
!
!

!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp source FastEthernet0/0
ntp server 10.2.2.1 prefer
ntp server 129.132.2.21
end

Unified CallManager Express FAX Configuration Example

FXS Port Configuration: Connecting a FAX to a CallManager Express with a VIC2-2FXS interface


Where the FAX machine is connected:

!
voice-port 0/2/0
description FAX MACHINE PORT
caller-id enable
!


FAX phone number configuration 

!
dial-peer voice 126 pots
description FAX EXTENSION NUMBER
destination-pattern 109
port 0/2/0
!



 

18 January 2013

Raspberry Rasbian Wheezy Install VNC Service

Use this commant to install VNC server

sudo apt-get install tightvncserver
 

Start the service with the foollowing command

vncserver

You'll be asked to set a password.
When asked to create a view only password, say No.


Every time you start VNC you'll see something like:

"New 'X' desktop is raspberrypi:1"


To connect run the VNC Viewer and enter:

192.168.1.10:1



Use this link to configure VNC autostart: VNC Auto Start




17 January 2013

Notepad++ How To Replace a Pattern with a Line Break (eg. Transform One Text Line to One Column)


All this steps are performed with Notepad++ (free from http://notepad-plus-plus.org)

If you have this text "AAAA BBBB CCCC" and you want to place all the words in one column, open Find then select Replace.

In Find What type " " (type just a space) and in Replace With filed \n 
Then check Search Mode with Extended (\n, \r ...). 

Click on "Replace All".

You will get:


AAAA
BBBB
CCCC


Into the Find What field you can use the search pattern you prefer (; , or text).




How To get rid of "Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available..."

If you get this error: “Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.” some of your users are overloading the Exchange server with RPC requests.
In my case was a CRM software using Outlook MAPI calls.

You can check the actual threshold using thew Powershell and running the following command:


Get-LogonStatistics –Identity <Username having the issue> | fl applicationid


Take a look to the value ApplicationID : Client=MSExchangeRPC you should count 20 occurrences.

 
In order to correct this issue you can create e new
Throttling Policy using the "New-ThrottlingPolicy" powershell command  (setting the value to 30 was OK for me), then assigning this new policy to the mailboxes that were experiencing the problem.


Powershell syntax:

New-ThrottlingPolicy –name <Name>

Set-ThrottlingPolicy –identity <Name> –RCAMaxConcurrency <Value>

Set-Mailbox –Identity “Username” –ThrottlingPolicy <Name>



Verify with:

Get-ThrottlingPolicy
 

16 January 2013

How To Fix Blogger.com Search Gadget

  1. Remove the Search gadget
  2. Add an HTML/Javascript gadget
  3. Give it a description and paste the following code in to the code field 

<form action="search" name="input" method="get">
<input value="" name="q" size="20" type="text"/>
<input value="Go!" type="submit"/>
</form>


Now try your new blogger.com search box

14 January 2013

Exchange Powershell - Update Global Address Lists Command

Exchange Update Global Address Lists Procedure


Use this command to update the GAL on Exchange Server

Get-GlobalAddressList | Update-GlobalAddressList

Then this command to update the Offline Address List

Get-OfflineAddressBook | Update-OfflineAddressBook

Then advertise the CAS service of the new Address Book

Get-ClientAccessServer | Update-FileDistributionService 


12 January 2013

Cisco Access Point Configuration Example with WPA v2, PEAP and Radius (NPS) on Windows 2008 R2 Server

In this example we have 2 running Radius servers (IAS) authenticating with domain user credentials the Wi-Fi clients.
The servers are defined into the configuration as 192.168.0.205 and .202 and share the secret Radius key with the Access Point.

!
! Last configuration change at 17:07:33 +0100 Fri Feb 10 2012 by admin
! NVRAM config last updated at 17:10:22 +0100 Fri Feb 10 2012 by admin
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap04
!
enable secret 5 XXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
!
aaa group server radius rad_eap
 server 192.168.0.205 auth-port 1645 acct-port 1646
 server 192.168.0.202 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authorization exec default local 
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone +0100 1
ip domain name domain.local
!
!
dot11 syslog
!
dot11 ssid wlanssidname
   authentication open eap eap_methods 
   authentication network-eap eap_methods 
   authentication key-management wpa version 2
   guest-mode
!
!
!
username admin privilege 15 password 7 XXXXXXXXXXXXXXXXXXXX
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 !
 broadcast-key change 84600
 !
 !
 ssid wlanssidname
 !
 antenna gain 6
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 192.168.0.104 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.253
ip http server
no ip http secure-server
ip radius source-interface BVI1 
snmp-server community name-snmp-ro RO
radius-server host 192.168.0.205 auth-port 1645 acct-port 1646 key 7 XXXXXXXX
radius-server host 192.168.0.202 auth-port 1645 acct-port 1646 key 7 XXXXXXXX
radius-server deadtime 120
radius-server vsa send accounting
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
!
sntp server 192.168.0.1
sntp broadcast client
end

  

How to Fix: A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator. OR Activesync Support Code: 0X85010014


A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.
Activesync Support Code: 0X85010014


From The Microsoft site:
http://support.microsoft.com/kb/817379



Disable the forms-based authentication for the Exchange virtual directory

To create a secondary virtual directory for Exchange that is based on steps 1 through 7 of the following procedure, make sure that forms-based authentication is disabled for the Exchange virtual directory before you make the copy. Before you follow these steps, disable forms-based authentication in Exchange System Manager. Then restart Internet Information Services (IIS). To do this, follow these steps:

  1. Open Exchange Manager.
  2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
  3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
  4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
  5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
  6. Close Exchange Manager.
  7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory for Exchange server

You must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:

  1. Start Internet Information Services (IIS) Manager.
  2. Locate the Exchange virtual directory. The default location is as follows:
    Web Sites\Default Web Site\Exchange
  3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
  4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
  5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
  6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
  7. Under Select a configuration to import , click Exchange, and then click OK.

    A dialog box will appear that states that the "virtual directory already exists."
  8. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
  9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
  10. Click the Directory Security tab.
  11. Under Authentication and access control, click Edit.
  12. Make sure that only the following authentication methods are enabled, and then click OK:
    • Integrated Windows authentication
    • Basic authentication
  13. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
  14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
  15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
  16. Click OK, and then close the IIS Manager.
  17. Click Start, click Run, type regedit, and then click OK.
  18. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
  19. Right-click Parameters, click to New, and then click String Value.
  20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.

    NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
  21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
  22. Quit Registry Editor.
  23. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.
  24. If you want to reuse Forms-based Authentication on the Exchange server, follow these steps to re-enable Forms-based Authentication on the /Exchange virtual directory in Exchange System Manager.
    1. Open Exchange Manager.
    2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
    3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
    4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
    5. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
    6. Close Exchange Manager.
    7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).
Note If the server is Microsoft Windows Small Business Server 2003 (SBS), the name of the Exchange OMA virtual directory must be exchange-oma.

The integrated setup of Microsoft Windows Small Business Server 2003 creates the exchange-oma virtual directory in IIS. Additionally, it points the ExchangeVDir registry key to /exchange-oma during the initial installation. Other SBS wizards, such as the Configure E-mail and Internet Connection Wizard (CEICW) also expect the virtual directory name in IIS to be exchange-oma.

Cisco ASA ASDM - Troubleshooting "Unable to launch device manager from" and "Unconnected Socket Not Implemented" errors.





Checklist - The basics:
  • Disable the Windows Firewall.
  • Clear the Java cache from Windows Control Panel - Java

Upgrade your Java version to JRE6u7.

If you get the error "Unconnected Socket Not Implemented", or the error "com.sun.deploy.net.FailedDownloadException: Can't load the object: https://X.X.X.X/admin/public/asdm.jnlp", please downgrade your Java JRE 6 from u10 to u7.

If you get the error java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 403 Forbidden, remove the proxy configuration from your browser.

Download the ASDM installer again from your asa (https://yourasaip) and run again the setup.


Reloading the appliance may fix the "1 year uptime" ASDM java bug.

 

Ping the device in order to check the connectivity

dos command:    ping 192.168.1.1
where 192.168.1.1 is your ASA inside network interface

 

Verify that http server is running on the device

cli command:    http server enable
or issue "http server enable XXX" where XXX is a custom port number

 

Verify that you can access the device via https

cli command:    http 192.168.1.0 255.255.255.0 inside
where 192.168.1.0 is your LAN network

 

Reissue the local keys (SSL Certificate)

pix cli command: ca zeroize rsa 

pix cli command: ca generate rsa key 1024 
pix cli command: ca save all

asa cli command: crypto key zeroize 
asa cli command: crypto key generate rsa general-keys


Verify the ASDM startup-config pointer

cli command:    dir
find the line listing the asdm image filename "asdm-xxx.bin"

cli command:    show run
find and compare the filename with the asdm load command "asdm image disk0:/asdm-xxx.bin"

 

Try downloading a new ASDM copy from Cisco.

Upload the new file to the ASA flash memory

Remove the old pointer issuing the command
cli command:     no asdm image disk0:/asdm-xxx.bin

Add the new filename to the configuration
cli command:    asdm image disk0:/asdm-yyy.bin


If these steps aren't useful, locate a new ASA version image and upgrade or downgrade the firewall








11 January 2013

Mythbuntu hot to set the video playback alaways to 16:9


Under mythbuntu frontend video settings add -aspect 16:9 to the mplayer startup options: 

mplayer -aspect 16:9 -fs -zoom -quiet -vo xv %s

How To Fix: HP Compaq dc7900 Blue Screen BOSD Error Code 100000d1

Download and install the AHCI Driver sp42232.exe from hp support website

FIXES:
- Fixes an issue where a "blue screen" event D1 occurs under certain
configuration and stress environments.

iPhone keep losing WPA-enterprise settings or iPhone doesn't reconnect to the wifi network


if you are using WPA-Enterprise and you can't get back automatically your wifi connection, the problem could be the local CA certificate that is different from the enterprise one, maybe because it has been changed centrally from your network administrator.

To delete the old settings from the iPhone, you have to create a new wifi connection using the same SSID as your company network name, but using only WPA as encryption. Use a random password and save the profile.


Now choose the company network click on proprieties (blue arrow) and click on Disassociate - if you were.


Configure again a new wifi connection with your SSID and WPA-Enterprise option enabled. Fill up you credentials, and accept the new CA certificate.


Now switching in airplane mode on and off doesn't make your phone loose the wifi network again.

Computer Accociates CA eTrust ITM 8.1 Removal Script

Needed files:

  • Taskkill.exe - (you can find it with google) placed in \\servername\AVDeploy\CARemoval\taskkill.exe
  • PsExec.exe - placed in \\servername\share\PsExec.exe - only if you want to start remotely the uninstallation process, with the second script shown in this page. 
  • The Following Scripts:

---------------SCRIPT START--- name the file as scriptcaremove.bat
@echo off

IF EXIST "C:\Temp\CARemoval\InstallCheck.txt" goto exit1

SET version=AutoRemove
SET interactive=no

goto %version%


REM ---- For AutoRemove
:AutoRemove
echo -- Removing Version 8.1
echo ---------------------

echo -- Stopping PestPatrol Service
net stop "CA pest patrol realtime protection service"
net stop "eTrust Antivirus Realtime Service"
net stop "eTrust ITM Job Service"
net stop "eTrust ITM RPC Service"
net stop "iTechnology iGateway 4.2"

echo -- Killing PestPatrol ppcl.exe using taskkill tool copied from a shared folder
md C:\Temp\CARemoval
\\servername\AVDeploy\CARemoval\taskkill.exe /f /im Ppcl.exe

rem copy \\servername\AVDeploy\CARemoval\taskkill.exe c:\temp\CARemoval\ /Y
rem C:
rem cd C:\Temp\CARemoval\
rem taskkill.exe /f /im Ppcl.exe

echo -- Uninstalling ITM Server
IF %interactive% == no MsiExec.exe /qn /X{279B9433-D04B-4BD1-B7A3-C3FA42291979}
IF %interactive% == yes MsiExec.exe /X{279B9433-D04B-4BD1-B7A3-C3FA42291979}
echo -- Uninstalling ITM Agent
IF %interactive% == no MsiExec.exe /qn /X{107558C8-458B-45EA-A0FE-7CC10D687DB6}
IF %interactive% == yes MsiExec.exe /X{107558C8-458B-45EA-A0FE-7CC10D687DB6}
echo -- Uninstalling iTechnology iGateway
IF %interactive% == no MsiExec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}
IF %interactive% == yes MsiExec.exe /X{847501DF-07C0-4691-B04A-893929F108AE}

echo -- Writing Removal Ticket
ipconfig > C:\Temp\CARemoval\removecacontrol-%computername%-%username%.txt

REM echo -- If needed install the NEW Antivirus
REM "\\servername\AVDeploy\Setup.exe"
REM echo -- Writing Installation Ticket
REM ipconfig > C:\Temp\CARemoval\InstallCheck.txt


echo -- Exit Code 1 of 3. AV Replace Task Done OK. Nothing More to Do. Bye.
Ping 1.2.3.4 -n 1 -w 5000
exit

:exit1
echo -- Exit Code 2 of 3. Installation Control File InstallCheck.txt present. Skipping Installation. Bye
Ping 1.2.3.4 -n 1 -w 5000
exit

---------------SCRIPT END------------------------------------------------




If you want to start the sctipt from a remote computer using psexec:

---------------SCRIPT START------------------------------------------------

REM ---- Remote Deployement
REM ---- Process start
REM ---- PsKill Options http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

\\servername\share\PsExec.exe \\targetcomputer1 -u domainname\administrator -p password -d -i \\servername\share\scriptcaremove.bat

\\servername\share\PsExec.exe \\targetcomputer2 -u domainname\administrator -p password -d -i \\servername\share\scriptcaremove.bat
\\servername\share\PsExec.exe \\targetcomputer3 -u domainname\administrator -p password -d -i \\servername\share\scriptcaremove.bat
Pause

---------------SCRIPT END------------------------------------------------



How to Migrate Symantec Endpoint Protection Manager to a New Server


this is a mix of information taken from the Symantec Forum and Support Case area


"How do I move Symantec Endpoint Protection Manager from one server to another with a different IP address and Host name"
Solution
Follow the steps below to move Symantec Endpoint Protection Manager from one server to another with a different IP address and Host name:
1. Install Symantec Endpoint Protection Manager on the new server
2. In the Management Server Configuration Wizard panel, check Install an additional site, and then click Next
3. In the Server Information panel, accept or change the default values for the following boxes, and then click Next
4. Installing and configuring Symantec Endpoint Protection Manager for replication
Server Name
Server Port
Server Data Folder
5. In the Site Information panel, accept or change the name in the Site Name box, and then click Next
6. In the Replication Information panel, type values in the following boxes:
Replication Server Name
(The Name or IP address of the old Symantec Endpoint Protection Manager)
Replication Server Port
(The default is 8443)
Administrator Name
(The Username used to log on to the old console)
Password
(The password used to log on to the old console.)
7. Click Next
8. In the Certificate Warning dialog box, click Yes
9. In the Database Server Choice panel, do one of the following, and then click Next
Check Embedded database, and complete the installation.
Check Microsoft SQL Server, and complete the installation.
Note
now choose your db engine
10. Log in to the new Symantec Endpoint Protection Manager (SEPM) and ensure that all the policies are Migrated sucessfully
11. Click Policies
12. Click Policy Components
13. Click Management Server Lists
14. Click Add Management Server List
15. Click Add > Priority and a new Prioriry would get added named as Priority2
16. Add the Old server under Prority2 and add the new one under Prority1

Assigning a management server list to a group and location
After you add a policy, you need to assign it to a group or a location or both. Otherwise the management server list is not effective. You must have finished adding or editing a management server list before you can assign the list.
To assign a management server list to a group and location:
  1. In the Symantec Endpoint Protection Manager console, click Policies .
  2. In the Policies page, under View Policies, click Policy Components > Management Server Lists.
  3. In the Policies page, under Tasks, click Assign the list.
  4. In the Apply Management server list, check the groups and locations to which you want to apply the management server list.
  5. Click Assign.
  6. When you are prompted, click Yes.

17. After the sucessful Migration uninstall the old Symantec Endpoint Protection Manager (SEPM)

Robocopy Batch Example

cd "c:\windows\system32\"
md c:\Scripts
robocopy.exe \\server\share\ D:\Share\Uffici\ /E /ZB /R:2 /W:2 /MIR /Log:C:\Scripts\Robocopy.log /TEE /SEC
pause


------------------------------

REM Disabled Option    /Log:C:\Scripts\Robocopy.log /TEE
REM Disabled Option    /SEC 

robocopy.exe E:\MTX-FS\FS\ Z:\Shares\ /E /ZB /R:2 /W:2 /MIR /MT /V

pause


------------------------------
Reference: http://technet.microsoft.com/en-us/library/cc733145(WS.10).aspx

HP P2000 Default User / Password Recovery

just login with user: admin
password: !admin
you can't change this password with ease... useful when your manage account is unknown...


Raspberry Rasbian Wheezy VNC Service Auto Start Script

Create the file with the following command:

sudo nano /etc/init.d/tightvncserver


Copy and pase the following:

#---------------------------START---------------------------#

### BEGIN INIT INFO
# Provides: vncserver
# Required-Start: networking
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts VNC
# Description:
### END INIT INFO

#!/bin/sh
# /etc/init.d/tightvncserver

# Set the VNCUSER variable to the name of the user to start vncserver under
VNCUSER='pi'

case "$1" in
start)
echo "Starting VNC server for $VNCUSER "
su $VNCUSER -c '/usr/bin/vncserver :1 -geometry 1920x1080 -depth 24'
;;

stop)
echo "Stopping VNC server"
/usr/bin/vncserver -kill :1
;;

*)
echo "Usage: /etc/init.d/tightvncserver {start|stop}"
exit 1
;;

esac

exit 0



#---------------------------FINISH---------------------------#


Give the script executable permission:

sudo chmod 755 /etc/init.d/tightvncserver



To start or stop the service manually:

sudo /etc/init.d/tightvncserver start

sudo /etc/init.d/tightvncserver stop



Make TNC Server start every time the Raspberry Pi starts up:

sudo update-rc.d tightvncserver defaults

How To Enable SSH access to VMWare ESX Server

By default the access to the SSH VMWare host is disabled. In order to remotely manage the host, allowing Putty or WinSCP to connect, follow these steps.



- Press Alt-F1 on the server console and login as root

- Find the ssh configuration folder typing "cd /etc/sshd" (could be different)

- Open the sshd_config file with a text editor, "vi sshd_config"

- Scroll down until "PermitRootLogin no", press the keyboard key insert, and change the text to "PermitRootLogin yes"

- Press the Escape key and type ":wq" to save and close

- To restart the sshd service, issue the command "service sshd stop" and then "service sshd start"

VMware Server 2.0 How To Fix: The VMware Infrastructure Web Service at "http://localhost:8222/sdk" is not responding (Connection Refused)

- Check the VMware Host Agent service is running under windows services
- Add to your host file ( C:\windows\system32\drivers\etc\ )the following entries

127.0.0.1 localhost
x.x.x.x   yourmachinename

- Add to the local windows administrators group the user that you use to log into the VMware web interface

- Add to the local windows __vmware__ group the user that you use to log into the VMware web interface




Disable IPMI error on VMWare ESX Server


In order to remove IPMI errors from your ESX server console, just disable the drivers:

Login via SSH with the root account and issue the command:

chkconfig --level 0123456 ipmi off

Enable round robin path selection for P2000 iSCSI storage on ESXi 5 host via Remote CLI

Base doc used: HP ESX and P2000 Best Pratices On every ESX host enable round robin access for iSCSI paths


esxcli -s 192.168.16.32 -u root -p password storage core claiming unclaim -t location

esxcli -s 192.168.16.32 -u root -p password storage nmp satp set -s VMW_SATP_ALUA -P VMW_PSP_RR

esxcli -s 192.168.16.32 -u root -p password storage core claimrule load

esxcli -s 192.168.16.32 -u root -p password storage core claimrule run

Set IOPS limit for each iSCSI connector

List connections

esxcli -s 192.168.16.32 -u root -p password storage core device list
Set IOPS limit (for HP P2000)

esxcli -s 192.168.16.32 -u root -p password storage nmp psp roundrobin deviceconfig set -d naa.600c0ff0001303de242e844f01000000 -I 1000 -t iops

esxcli -s 192.168.16.32 -u root -p password storage nmp psp roundrobin deviceconfig set -d naa.600c0ff0001304b7122e844f01000000 -I 1000 -t iops



How To Backup ESXi Host Configuration



From vSphere CLI installation folder:

Backup


vicfg-cfgbackup.pl --server servername -s e:\svesx01backup.txt

Restore (on the same ESXi version)



vicfg-cfgbackup.pl --server servername -l e:\svesx01backup.txt

The host must be in maintenance mode to perform the restore.

Astaro Security Gateway - Webadmin Password recovery procedure.


Login into the console or via SSH, and type the following commands:




cc

RAW

system_password_reset

Ctrl C

Browse the webadmin page https://x.x.x.x:4444  (x.x.x.x is the Astaro IP)

A new password request is displayed. Set new admin password.

Login using new admin password.



Astaro Security Gateway v7 – Solution to: Up2date from 7.202 to 7.300 error message

How to bypass the update error:

When the up2date process fails applying the 7.202 patch, you need to force the installation using the following command, via console or via SSH:

login as root (in console)
or
login as loginuser (via ssh)

su -

auisys.plx --oldestonly --rpmargs --force

Astaro V7 Active Directory SSO setup and HTTP Profiles Configuration Guide


This guide will help you setting up the Astaro Active Directory SSO Authentication in conjunction with HTTP Profiles.

Basic DNS request routing:
Configure the DNS to route the request for your AD domain to your internal DNS servers 




AD Groups setup:
Create two user groups (security, local) using Active Directory Users And Computers on your Server.
The OU location and name is not so important.
The users with full internet access are in astarohttpfull group. With restricted access in astarohttpbase.

The users not included in these groups, or the clients without the Proxy Settings configured, are forwarded to the "Default Falback Action".











User Authentication:
Enable The automatic user creation as follows. 




Service User in AD:
Create a new user using Active Directory Users And Computers on your Server under the default Organizational Unit "Users", name it as "astarosvc", give it a complex password.
The user should belong to the Domain Admin group in order to perform AD lookup requests without permission problems.



Configuring the AD tab:
Into the field "Server", use your Domain Controller network object.

As "Bind User DN" use:

CN=astarosvc,CN=Users,DC=yourdomain,DC=com    
(example)

CN=astarosvc,CN=Users,DC=a,DC=local     
(in my case)


CN=astarosvc,OU=,myunit,OU=mycompany,DC=yourdomain,DC=local   
(if you created the astarosvc user outside the default "Users" OU)

Press the Apply button, and the Test Server button will appear.

Join the domain using your domain administrator account and specifying into the "Domain" field the full name, like "mydomain.com"

Add your User OU container to the Prefetch pane and press the button Prefetch Now.
This command is going to populate the local user names.






Configure the AD Groups:
Under User - Groups, make a new group (in my case "astarohttpfull")
Select "Backend Membership", "Acrive Directory" and "Limit to backend membership"
In the Active Directory Groups field do NOT use the wizard to add the AD group with versions up to 7.306 ,you need to type in the exact AD group name manually (this is a bug). [With 7.401 up the wizard works well.]
Repeat this step to add another new group (the second) called "astarohttpbase"





HTTP Profiles setup:
Create two Filter action.





Apply the filters to the domain groups.





Create just one Profile (if you have all the users coming from the same Souce Network group).
Flag your custom filter assignments, and select "Active Directory SSO" as Operation Mode.
As Fallback action select "Default Filter Action" that you can configure it later selecting the Web Security - HTTP menu




Web Security - HTTP. This is the Fallback action.
Use the Content Filter to block all, or let your network services to upgrade their antivirus patterns only...





Block All...






Don't forget to configure the Proxy setting via GPO or using the Internet Explorer options.
These settings are necessary to send the username and the password to the Astaro authentication mechanism (SSO)