24 November 2014

Cisco IOS - How To Check Differences Between Startup Config and Running Config

Issue the following command:

show archive config differences nvram:startup-config system:running-config

Lines with beginning with - are missing from the running-config,  and lines with + are only there and not found in startup-config.

03 September 2014

How To Enable Message Retension Policy on Exchange 2010

By default all databases servers can be chosen by automatic mailbox distribution to store a new or moved mailbox.
To disable this feature using the following procedure.

To exclude a single database:
Set-MailboxDatabase -Identity ArchiveDB01 -IsExcludedFromProvisioning $true


View and set Managed Folder Assistant:
Get-MailboxServer | Format-Table Name,ManagedFolderWorkCycle* -Auto
Set-MailboxServer MyMailboxServer -ManagedFolderWorkCycle 1



Tip: Enable don’t permanently delete items until the database has been backed up, via mailbox DB proprieties.


Create a new retention policy:
New-RetentionPolicyTag "Test Mailbox 30 days" -Type All -Comment "All Mailbox elements move to archive in 30 days" -RetentionEnabled $true -AgeLimitForRetention 30 -RetentionAction MovetoArchive
 

New-RetentionPolicy "Test Managed Folders Retention Policy" -RetentionPolicyTagLinks "Test Mailbox 30 days"


If you don’t want Calendar and Tasks items to ever expire, you can disable the functionality  (included in Exchange 2010 SP2 RU4).
Add the following registry key to your Mailbox servers:
    Path: HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeMailboxAssistants\Parameters
    Name: ELCAssistantCalendarTaskRetentionEnabled
    Type: DWORD
    Value: 0 = Do not process Calendar and Task folders
    Value: 1 = Process (default with RU4)

   
If you want Calendar and Tasks folders to expire at a different interval than Default Policy Tag, you can follow these steps:
    Place all mailboxes on Retention Hold
    Apply Exchange 2010 SP2 RU4

    Create RPTs for Calendar and Tasks folders with the custom retention settings.
    Remove the retention hold from mailboxes.
 

Do not forget to exclude notes from archiving with a custom tag.

Now apply the policy to a test user using EMC.


Force policy run:
Start-ManagedFolderAssistant -Identity “user”


Applying retention policies to a distribution group of mailboxes:
Get-DistributionGroupMember -Identity "Test Distribution List" | Set-Mailbox -RetentionPolicy "Test Managed Folders Retention Policy" 





04 August 2014

Fix Adito - OpenVPN ALS ant install compile error

If you get the following error compiling OpenVPN ALS:
 
compile:
    [javac] Compiling 26 source files to /opt/openvpn-als/maverick-multiplex/build/classes
    [javac]
    [javac]           WARNING
    [javac]
    [javac] The -source switch defaults to 1.5 in JDK 1.5 and 1.6.
    [javac] If you specify -target 1.2 you now must also specify -source 1.1.
    [javac] Ant will implicitly add -source 1.1 for you.  Please change your build file.
    [javac] javac: invalid source release: 1.1
    [javac] Usage: javac <options> <source files>
    [javac] use -help for a list of possible options

BUILD FAILED
/opt/openvpn-als/build.xml:84: The following error occurred while executing this line:
/opt/openvpn-als/adito/build.xml:899: The following error occurred while executing this line:
/opt/openvpn-als/maverick-multiplex/build.xml:62: Compile failed; see the compiler error output for details.



Edit the following file:

vi /opt/openvpn-als/maverick-multiplex/build.xml


Go to line 62 and modify the following line:

         <javac debug="${build.debug}" target="1.1" compiler="${build.compiler}" destdir="${build.output}" srcdir="${build.tmp.src}" includeantruntime="false" includes="**/*.java" classpathref="maverick-multiplex.class.path">


In:
         <javac debug="${build.debug}" target="1.6" compiler="${build.compiler}" destdir="${build.output}" srcdir="${build.tmp.src}" includeantruntime="false" includes="**/*.java" classpathref="maverick-multiplex.class.path">

Close and save, then recompile using ant install again 




31 July 2014

HP Procurve Switch - Set NTP time sync commands

Using SSH:

 time daylight-time-rule western-europe 

 time timezone +120


 timesync sntp


 sntp unicast


 sntp server priority 1 <ip-of-the-ntp-server>





09 July 2014

Sonos Wifi Shutdown (toggle) Commands

Get IP Info:
http://<sonos_ip>:1400/status/ifconfig


Disable wifi until reboot:
http://<sonos_ip>:1400/wifictrl?wifi=off


Disable wifi permanently:
http://<sonos_ip>:1400/wifictrl?wifi=persist-off


(Ri)Enable wifi:
http://<sonos_ip>:1400/wifictrl?wifi=on

26 June 2014

Sophos UTM - How to generate a CSR (Certificate Signing Request) sign and install an official X509v3 certificate




Log in to the appliance via SSH and do the following
 


Switch the directory:

cd /home/login

Create the openvpn config file: 


cat /etc/ssl/openssl.cnf |grep -v SUBJECT_ALT_NAME > ./openssl.config



 

Generate the CSR:

openssl req -config ./openssl.config -new -newkey rsa:2048 -out
host.domain.com.csr

Type twice the certificate password (min 8 chars)
Insert the needed information when asked from the generation script (country, dept, ecc)

 

When the procedure is complete open the generated file:

vi /home/login/www.domain.com.csr

Copy and paste the CSR code to the certification authority interface.





To verify your CSR use this tool:

https://ssltools.websecurity.symantec.com/checker/



Convert the certificate to a PKCS12 chain in order to import everything (private and public keys) into the Sophos box

openssl pkcs12 -export -out certificateexportfile.pfx -inkey privkey.pem -in casignedcertificate.crt -certfile carootcertificate.crt


Where:
privkey.pem is the private key file in cd /home/login,
casignedcertificate.crt is the public certificate file signed from your CA,
carootcertificate.crt is the root/intermediate certificate of your CA


Now import the pfx file into the Appliance via Webadmin - Site to Site VPN - Certificates, and and select the certificate on the drop-down list under SMTP - Advanced - TLS Certificate

16 June 2014

How to Fix Exchange Error EventID 12014 - Microsoft Exchange could not find a certificate that contains the domain name mail.domain.local in the personal store on the local computer

Error:

Microsoft Exchange could not find a certificate that contains the domain name mail.domain.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default EXCHANGE with a FQDN parameter of mail.domain.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.



Cause:


The SMTP server is looking for a valid certificate name to use for TLS encryption.

If you do not use Exchange Server embedded mail encryption services you can generate a self signed certificate for SMTP to stop the server display error messages.



Solution:


Run the following command in powershell and create the certificate for the SMTP service.


New-ExchangeCertificate -DomainName mail.domain.public, servername.domain.local -Services SMTP


and

Enable-ExchangeCertificate -Services SMTP

Followed by the certificate Thumbprint when asked from the powershell.


Open the MMC Load the Certificates Snap-In for the Local Computer.

Export the generated certificate without the private key from personal certificates.

Still in the same MMC, import the certificate under the folder Trusted Root Certification Authorities directly on the Exchange server.





 

22 May 2014

Enable Veeam Single Item Restore on Exchange 2010 Mailbox

Issue this powershell command to enable the administrator user to restore items in user mailboxes:

New-ManagementRoleAssignment –Name:ImpersonationAssignmentName –Role:ApplicationImpersonation –User:Administrator





07 May 2014

Bandwidth Test and Measurement Tool: iperf


Client Side:

iperf -c 10.10.10.100


Server Side:

iperf -s



Options:

iperf -c 10.10.10.100 -f b

-f   display the results in the desired format: bits(b), bytes(B), kilobits(k), kilobytes(K), megabits(m), megabytes(M), gigabits(g) or gigabytes(G)


iperf -c 10.10.10.100 -r

-r   bi-directional bandwidth measurement


iperf -c 10.10.10.100 -d

-d   bi-directional bandwidth measurement but sequential



Iperf help:

Usage: iperf [-s|-c host] [options]
       iperf [-h|--help] [-v|--version]

Client/Server:
  -f, --format    [kmKM]   format to report: Kbits, Mbits, KBytes, MBytes
  -i, --interval  #        seconds between periodic bandwidth reports
  -l, --len       #[KM]    length of buffer to read or write (default 8 KB)
  -m, --print_mss          print TCP maximum segment size (MTU - TCP/IP header)
  -o, --output    <filename> output the report or error message to this specified file
  -p, --port      #        server port to listen on/connect to
  -u, --udp                use UDP rather than TCP
  -w, --window    #[KM]    TCP window size (socket buffer size)
  -B, --bind      <host>   bind to <host>, an interface or multicast address
  -C, --compatibility      for use with older versions does not sent extra msgs
  -M, --mss       #        set TCP maximum segment size (MTU - 40 bytes)
  -N, --nodelay            set TCP no delay, disabling Nagle's Algorithm
  -V, --IPv6Version        Set the domain to IPv6

Server specific:
  -s, --server             run in server mode
  -U, --single_udp         run in single threaded UDP mode
  -D, --daemon             run the server as a daemon

Client specific:
  -b, --bandwidth #[KM]    for UDP, bandwidth to send at in bits/sec
                           (default 1 Mbit/sec, implies -u)
  -c, --client    <host>   run in client mode, connecting to <host>
  -d, --dualtest           Do a bidirectional test simultaneously
  -n, --num       #[KM]    number of bytes to transmit (instead of -t)
  -r, --tradeoff           Do a bidirectional test individually
  -t, --time      #        time in seconds to transmit for (default 10 secs)
  -F, --fileinput <name>   input the data to be transmitted from a file
  -I, --stdin              input the data to be transmitted from stdin
  -L, --listenport #       port to receive bidirectional tests back on
  -P, --parallel  #        number of parallel client threads to run
  -T, --ttl       #        time-to-live, for multicast (default 1)
  -Z, --linux-congestion <algo>  set TCP congestion control algorithm (Linux only)

Miscellaneous:
  -x, --reportexclude [CDMSV]   exclude C(connection) D(data) M(multicast) S(settings) V(server) reports
  -y, --reportstyle C      report as a Comma-Separated Values
  -h, --help               print this message and quit
  -v, --version            print version information and quit

[KM] Indicates options that support a K or M suffix for kilo- or mega-

The TCP window size option can be set by the environment variable
TCP_WINDOW_SIZE. Most other options can be set by an environment variable
IPERF_<long option name>, such as IPERF_BANDWIDTH.




Please refer to Jperf for graphical interface.




16 April 2014

List Local Listening Ports with Netstat in Windows

To list all the local listening ports in Windows run this command in a command shell:


netstat -an | find /i "listening"





05 February 2014

How To Fix HP Insight Manager Agents Uninstall Hang

Uninstalling HP Insight Manager Agents from windows could be a painful job.

Often the uninstall process hangs for a long time and the fails due to cqmgserv.exe process lock.


Just kill the process cqmgserv.exe using Task Manager and the removal will run smoothly.





03 February 2014

How To Disable Out Of Office Reply for Active Directory Disabled Users using the PowerShell

In order to disable out of office replies for a disabled user in Active directory use the following power shell command:


Display settings

Get-MailboxAutoReplyConfiguration user@domain.local



Remove

Set-MailboxAutoReplyConfiguration user@domain.local –AutoReplyState Disabled –ExternalMessage $null –InternalMessage $null



You can even disable the user from EMC - deleting the AD user object.



14 January 2014

How To Rename a vSwitch in ESX 5

Using the ESX Console press F2 then Login and select the Troubleshooting menu.



 

Enable ESXi Shell selecting the option and pressing enter.



 

Now pres Alt-F1 on the keyboard.


You be presented with a Linux command prompt. Login wit root privileges and run this commands:

cd /etc/vmware

vi esx.conf


 

Scroll down the file or search for “name” using Esc, /name, Enter and keep hitting "n" until you find the vSwitch section you want to change.
Change the word by hitting Insert, writing the right name, and then hitting Escape.

/net/vswitch/child[0002]/name = “vSwitch3“

 

Now write :wq! and hit Enter to save the changes and exit.

Press Alt-F2 and disable the ESXi Shell.

Restart the host.