Came across this error recently.
The fix?
Go to the cmd line and type "net start httpfilter".
This will start up the SSL service. Then type "iisreset" to restart IIS.
This should fix it.
Saturday, February 17, 2007
Sunday, February 11, 2007
What can you tell from a MAC address?
I re-learned recently that you can tell the vendor from a MAC address:
This site has a nice search facility, nice if you are searching through your dhcp db for a particular client (and you know the network card).
This site has a nice search facility, nice if you are searching through your dhcp db for a particular client (and you know the network card).
PPPoE, problem with some websites
If you are using a modem in bridge mode and then using PPPoE it may be worth noting your network MTU values.
Fortinet have a good article on the problem here, quoted below:
The configuration obviously applies to their particular firewall range, but is applicable to any product.
Fortinet have a good article on the problem here, quoted below:
Problem: Certain web sites are not viewable. The Fortigate is configured to use PPPoE to connect to the ISP.
Solution:Use the "tcp-mss-sender" option in the firewall policy configuration.
Topology:
HTTP Client----(internal)FGT(pppoe)----dsl----ISP----Internet----Web Server
----Ethernet MTU 1500----PPPoE MTU 1492………..Ethernet MTU 1500
The reason for this is that a PPPoE frame takes an extra eight bytes off the standard Ethernet MTU of 1500. When the server sends the large packet with DF bit set to 1, the ADSL provider's router either does not send an 'ICMP fragmentation needed' packet or the packet gets dropped along the path to the web server. In either case, the web server never knows a fragmentation is required to reach the client.
After you configure 'set tcp-mss-sender' on the firewall policy setting, this command changes the incoming packets and sends the packets with a new TCP MSS (maximum sending size) value out the downstream (external) interface. By default the MSS is MTU minus 40 byes (TCP and IP headers). When the HTTP client initiates a TCP connection, the following example changes the MSS value from 1460 to 1452 when leaving the PPPoE interface and eventually reaches the web server. The web server will also choose the smaller MSS, and therefore no fragmentation is needed. The client can now view web pages properly.
config firewall policy
edit 1
set srcintf "internal"
set dstintf "external"
set srcaddr "all"
set dstaddr "www.canada.com"
set action accept
set schedule "always"
set service "ANY"
set tcp-mss-sender 1452
set nat enable
next
end
Alternatively, you can also edit the option on the internal interface(s) of the FortiGate unit rather than individual firewall policies.
For example:
config system interface
edit
set tcp-mss 1452
end
Thecan be replaced by any internal-facing port.
The configuration obviously applies to their particular firewall range, but is applicable to any product.
Thursday, February 08, 2007
Cisco: SOHO in Bridge mode
Why: You have only 1 static IP and you do not want the ADSL router being the perimeter device with that IP.
How:Put the router into bridge mode - essentially 'converting' ATM to ethernet and let the next device establish the ppp session and get the IP!
Original Cisco article here.
How:Put the router into bridge mode - essentially 'converting' ATM to ethernet and let the next device establish the ppp session and get the IP!
Original Cisco article here.
Configuring Bridging
Bridges are store-and-forward devices that use unique hardware addresses to filter traffic that would otherwise travel from one segment to another. You can configure the routers as pure bridges.
To configure bridging, use the following table, beginning in global configuration mode.
Command Purpose
Step 1
no ip routing
Disables IP routing.
Step 2
bridge number protocol protocol
Specifies the bridge protocol to define the type of Spanning-Tree Protocol (STP).
Step 3
interface ethernet 0
Enters configuration mode for the Ethernet interface.
Step 4
bridge-group number
Specifies the bridge-group number to which the Ethernet interface belongs.
Step 5
no shutdown
Enables the Ethernet interface.
Step 6
exit
Exits configuration mode for the Ethernet interface and the router.
Step 7
interface ATM 0
Enters configuration mode for the ATM interface.
Step 8
dsl equipment-type {co | cpe}
Configures the DSL equipment type, if applicable.
Step 9
dsl linerate {number | auto}
Specifies the G.SHDSL line rate, if applicable. The range of valid numbers is between 72 and 2312.
Step 10
dsl operating-mode gshdsl symmetric annex annex
Sets the G.SHDSL operating mode, if applicable, and select the G.991.2 annex.
Step 11
pvc vpi/vci
Creates an ATM PVC for each end node with which the router communicates.
Step 12
encapsulation type
Specifies the encapsulation type for the PVC.
Step 13
bridge-group number
Specifies the bridge-group number to which the ATM interface belongs.
Step 14
no shutdown
Enables the ATM interface.
Step 15
end
Exits the configuration mode for the ATM interface.
For complete information on the bridging commands, see the Cisco IOS Release 12.2 documentation set. For more general concepts on bridging, see Chapter 1, "Concepts."
Configuration Example
The following configuration example uses bridging with AAL5SNAP encapsulation. You do not need to enter the commands marked "default." These commands appear automatically in the configuration file generated when you use the show running-config command.
This configuration example shows the Ethernet and ATM interfaces configured. The Ethernet interface has IP addressing turned off for bridging, and IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge-group number to which the ATM interface is associated is set to 1.
The ATM interface has a PVC of 8/35, and the encapsulation is set to AAL5SNAP. The IP address is disabled for bridging and the IP directed broadcast is disabled, which prevents the translation of directed broadcasts to physical broadcasts. The bridge protocol is set to 1 to define the STP.
no ip routing
!
interface Ethernet0
no ip address
no ip directed-broadcast (default)
bridge-group 1
!
interface ATM0
no ip address
no ip directed-broadcast (default)
pvc 8/35
encapsulation aal5snap
!
bridge-group 1
!
ip classless (default)
!
bridge 1 protocol ieee
!
end
Cisco: Password Recovery Procedure, SOHO series
Having been handed a preconfigured SOHO - and needing to reconfigure it to work another way, I have had the pleasure of performing this procedure. Pretty similar to other Cisco reset prodecures.
I have quoted this article:
I have quoted this article:
If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command
Note: The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.
Use the power switch in order to turn off the router, and then turn the router back on.
Important Notes:
In order to simulate this step on a Cisco 6400, pull out and then plug in the Node Route Processor (NRP) or Node Switch Processor (NSP) card.
In order to simulate this step on a Cisco 6x00 with NI-2, pull out and then plug in the NI-2 card.
Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.
If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.
Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.
This step bypasses the startup configuration where the passwords are stored.
Type reset at the rommon 2> prompt.
The router reboots, but ignores the saved configuration.
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
Type enable at the Router> prompt.
You are in enable mode and should see the Router# prompt.
Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.
Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.
Type show running-config.
The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.
Type configure terminal.
The hostname(config)# prompt appears.
Type enable secretin order to change the enable secret password. For example:
hostname(config)#enable secret cisco
Issue the no shutdown command on every interface that you use.
If you issue a show ip interface brief command, every interface that you want to use should display up up.
Type config-register. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:
hostname(config)#config-register 0x2102
Press Ctrl-z or end in order to leave the configuration mode.
The hostname# prompt appears.
Type write memory or copy running-config startup-config in order to commit the changes.
Tuesday, February 06, 2007
MS: Backup your certificates
For whatever reason you have purchased a commercial certificate.
This electronic assest must be backed up like any other aspect of your system.
Assuming you are using IIS6 you can you these instructions.
This electronic assest must be backed up like any other aspect of your system.
Assuming you are using IIS6 you can you these instructions.
Saturday, February 03, 2007
MS: Removing the First Exchange 2000 server
I thought I would post this with Exchange 2007 hitting the limelight.
The fact is that the very first EX server you install holds certain roles - and just taking it offline is not sufficient.
Below text taken from the MS website:
The fact is that the very first EX server you install holds certain roles - and just taking it offline is not sufficient.
Below text taken from the MS website:
For a Microsoft Exchange Server 2003 version of this article, see 822931.
SUMMARY
This article describes the steps to remove the first Exchange 2000 Server computer from an administrative group.
The first Exchange 2000 Server computer installed in an administrative group holds certain important roles. For example, the first server hosts the Offline Address Book folder, the Schedule+ Free Busy folder, the Events Root folder, and other folders. Therefore, you must use caution when you remove this server from the administrative group to which it belongs.
MORE INFORMATION
To remove the first Exchange 2000 Server computer from the site: 1. Rehome all public folders, which includes system folders, to another Exchange 2000 Server computer in the site. The remainder of this article refers to this other server as the "destination server". The server that is being removed is referred to as the "source server". a. Start Exchange System Manager (ESM), expand Administrative Groups, expand the name of your administrative group, expand Folders, and then expand Public Folders.
b. Right-click a top-level public folder, and then click Properties.
c. Click the Replication tab, and then click Add.
d. In the Select a Public Store box, select the name of the server where you want a replica of this public folder (the destination server), and then click OK.
e. Click Apply, and then click OK.
f. If this public folder has any subfolders and you want these subfolders to have a replica on the destination server, right-click the top-level public folder, click All Tasks, and then click Propagate Settings.
g. In the Propagate Folder Settings box, click to select the Replicas check box, and then click OK. When you complete this step, all subfolders of that top-level folder have a replica on the destination server.
Note For performance reasons, you may not always want to have replicas of all subfolders of a top-level folder on another server. You must consider this scenario before you do this procedure. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
273479 Description of the public folder referral functionality in Exchange 2000 Server and in Exchange Server 2003
169198 Tips for managing public folders
h. Repeat steps a through g for all top-level folders and subfolders that you want to rehome.
i. After replicas have been made to the destination server, wait for replication to complete, and then make sure that the replica folders are synchronized with the source folders. To do so, view the properties of the specific public folder, click the Replication tab, and then click Details. The Replication Status column indicates In Sync.
j. After you confirm that the replicas are synchronized, repeat steps a through g. However, in step c, in the Replicate content to these public stores section, click the name of the public folder store on the source server, click Remove, click Apply, and then click OK.
2. Rehome the Offline Address Book folder: a. Start Exchange System Manager, expand Administrative Groups, expand the name of your administrative group, expand Folders, and then click Public Folders.
b. Right-click Public Folders, and then click View System Folders.
Note If you do not see a View System Folders option, then you are already viewing system folders.
c. Expand the Offline Address Book folder.
d. Right-click the /o=Organization Name/cn=addrlists/cn=oabs/cn=Default Offline Address List folder, and then click Properties.
Note If you receive a message that the mail proxy for this folder not being found, click OK.
e. Add a replica of this folder to the destination server, as explained in step 1.
f. Expand the /o=Organization Name/cn=addrlists/cn=oabs/cn=Default Offline Address List folder, and then click the OAB Version 2 folder. Right-click this folder, and then click Properties.
g. Add a replica of this folder to the destination server, as explained in step 1.
h. After replicas have been made to the destination server, wait for replication to complete, and then make sure that the replica folders are synchronized with the source folders. To do so, view the properties of the specific public folder, click the Replication tab, and then click Details. The Replication Status column indicates In Sync.
i. After you confirm that the replicas are synchronized, remove the replica of this folder from the source server, as explained in step 1.
3. Change the server that is responsible for generating the Offline Address List: a. Start Exchange System Manager, expand Recipients, and then click the Offline Address Lists container.
b. In the right pane, right-click Default Offline Address List, and then click Properties.
c. In the Default Offline Address List Properties dialog box, the server that is going to be removed from the site will be in the Offline address list server box.
d. Click Browse.
e. Type the name of the server that the replica of the Offline Address Book was added to in step 2. Click OK.
The new server is now listed as the Offline address list server.
f. Click OK.
Note You may have to quit and restart the Exchange System Manager before the change is displayed.
4. Rehome the Schedule+ Free Busy folder: a. Start Exchange System Manager, expand Administrative Groups, and then expand the name of your administrative group. Expand Folders, and then click Public Folders.
b. Right-click Public Folders, and then click View System Folders.
Note If you do not see a View System Folders option, then you are already viewing system folders.
c. Expand the Schedule+ Free Busy folder.
d. Right-click the EX:/o=Organization Name/ou=Administrative Group Name folder, and then click Properties.
Note If you receive a message about the mail proxy for this folder not being found, click OK.
e. Add a replica of this folder to the destination server, as explained in step 1.
f. After replicas have been made to the destination server, wait for replication to complete, and then make sure that the replica folders are synchronized with the source folders. To do so, view the properties of the specific public folder, click the Replication tab, and then click Details. The Replication Status column indicates In Sync.
g. After you confirm that the replicas are synchronized, remove the replica of this folder from the source server, as explained in step 1.
5. Rehome the Organization Forms folder. If the server that is being decommissioned has the Organization Forms folder homed and has the only replica, replicate the Organization Forms folder to another server in the site. If you do not replicate the Organization Forms folder, clients stop responding when they open system-generated messages such as non-delivery reports (NDRs) and read receipts. To rehome the Organization Forms folder, follow these steps: a. Start Exchange System Manager.
b. Expand Administrative Groups, and then expand the name of your administrative group.
c. Expand Folders, right-click Public Folders, and then click View System Folders.
Note If you do not see the View System Folders option, you are already viewing system folders.
d. Expand the EFORMS REGISTRY folder. If there is no Organization Forms library folder, ignore steps 5e through 5h.
e. Right-click the Organizational Forms folder, and then click Properties.
Note If you receive a message that states that the mail proxy for this folder is not found, click OK.
f. Add a replica of this folder to the destination server. To do this, see step 1.
g. After replicas have been made to the destination server, wait for replication to finish. Then, make sure that the replica folders are synchronized with the source folders. To do this, view the properties of the specific public folder, click the Replication tab, and then click Details. The Replication Status column indicates In Sync.
h. After you confirm that the replicas are synchronized, remove the replica of this folder from the source server. To do this, see step 1.
6. Rehome the Recipient Update Service (RUS): a. In Exchange System Manager, expand the Recipients container, and then click Recipient Update Services.
b. On the right pane, you see the available Recipient Update Services. Click the Exchange Server column to sort the available Recipient Update Services by the Exchange Server computer that hosts them.
c. For every Recipient Update Service that is hosted on the Exchange 2000 Server computer that you plan to remove, open the properties of the Recipient Update Service. Click Browse next to the name of the Exchange 2000 Server computer, and then select another Exchange 2000 Server computer as the new server to host the Recipient Update Service.
7. If this server is the routing group master, you must designate another server to be the routing group master.
To designate another server to be the routing group master, under Routing Groups, expand the Members folder, right-click the server that you want to designate as the new routing group master, and click Set As Master. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
239556 How to change the role of a server within a routing group
8. If this Exchange 2000 Server computer has the Site Replication Service (SRS) installed and running on it, you must create a new SRS in Exchange System Manager: a. Start Exchange System Manager on the Exchange 2000 Server computer on which you want to create the SRS, and then expand Tools.
b. Right-click Site Replication Service, click New, and then click Site Replication Service. When you receive the Are you sure you want to install a new Site Replication Service on this server (ServerName) prompt, click Yes.
c. When you receive the In order to create a Site Replication Service on the local machine, enter the password for the Exchange service account (Domain\service account) prompt, type the password for the Exchange service account. This creates the SRS. It also creates an associated Configuration Connection Agreement. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
255285 How to create an additional Site Replication Service for a mixed site
9. If this Exchange 2000 Server computer has any connectors hosted on it, these connectors must be rehomed to another server before you remove this Exchange 2000 Server computer from the site. If this server is responsible for distribution group expansion, make sure that a new server is given the responsibility.
10. Insert the Exchange 2000 Server CD-ROM in the Exchange 2000 Server computer, and then click Remove for each component that has been installed.
MS: Vista SP1 on the way
Preview page here.
Mass adoption of a next gen Windows OS usually only happens after SP1 is released, so expect it soon.
Mass adoption of a next gen Windows OS usually only happens after SP1 is released, so expect it soon.
Tuesday, January 30, 2007
MS: Mount ISO files for free!
Download the 'virtual CD ROM Control Panel' here.
Follow these instructions:
Readme for Virtual CD-ROM Control Panel v2.0.1.1
THIS TOOL IS UNSUPPORT BY MICROSOFT PRODUCT SUPPORT SERVICES
System Requirements
===================
- Windows XP Home or Windows XP Professional
Installation instructions
=========================
1. Copy VCdRom.sys to your %systemroot%\system32\drivers folder.
2. Execute VCdControlTool.exe
3. Click "Driver control"
4. If the "Install Driver" button is available, click it. Navigate to the %systemroot%\system32\drivers folder, select VCdRom.sys, and click Open.
5. Click "Start"
6. Click OK
7. Click "Add Drive" to add a drive to the drive list. Ensure that the drive added is not a local drive. If it is, continue to click "Add Drive" until an unused drive letter is available.
8. Select an unused drive letter from the drive list and click "Mount".
9. Navigate to the image file, select it, and click "OK". UNC naming conventions should not be used, however mapped network drives should be OK.
You may now use the drive letter as if it were a local CD-ROM device. When you are finished you may unmount, stop, and remove the driver from memory using the driver control.
Follow these instructions:
Readme for Virtual CD-ROM Control Panel v2.0.1.1
THIS TOOL IS UNSUPPORT BY MICROSOFT PRODUCT SUPPORT SERVICES
System Requirements
===================
- Windows XP Home or Windows XP Professional
Installation instructions
=========================
1. Copy VCdRom.sys to your %systemroot%\system32\drivers folder.
2. Execute VCdControlTool.exe
3. Click "Driver control"
4. If the "Install Driver" button is available, click it. Navigate to the %systemroot%\system32\drivers folder, select VCdRom.sys, and click Open.
5. Click "Start"
6. Click OK
7. Click "Add Drive" to add a drive to the drive list. Ensure that the drive added is not a local drive. If it is, continue to click "Add Drive" until an unused drive letter is available.
8. Select an unused drive letter from the drive list and click "Mount".
9. Navigate to the image file, select it, and click "OK". UNC naming conventions should not be used, however mapped network drives should be OK.
You may now use the drive letter as if it were a local CD-ROM device. When you are finished you may unmount, stop, and remove the driver from memory using the driver control.
DNS: A good ip for DNS forwarding
Check out www.opendns.com
They provide a number of DNS server with 'large' caches.
With ISPs now locking down the ip ranges the accept DNS requests you need some IPs to replace the default BT DNS server which comes preconfigured in most routers/firewalls these days!
208.67.222.222
208.67.220.220
They provide a number of DNS server with 'large' caches.
With ISPs now locking down the ip ranges the accept DNS requests you need some IPs to replace the default BT DNS server which comes preconfigured in most routers/firewalls these days!
208.67.222.222
208.67.220.220
Monday, January 29, 2007
Subscribe to:
Posts (Atom)
