Friday, September 24, 2010

Blackberry Internet Services (BIS) and Exchange 2010

If you have an Exchange 2010 infrastructure that contains more than one Client Access Server (CAS) in separate Active Directory (AD) sites - with one Internet-Facing and the rest not, you will have to make some registry tweaks in order to get Blackberry Internet Services (BIS) working.

If you are unsuccessful with setting up a Blackberry using BIS in the above scenario you might see a couple of Error(s) in the Application Event Logs in Event Viewer:

Log Name:      Application
Source:        MSExchange Web Services
Event ID:      17
Task Category: Core
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      (Internet-Facing CAS)
Description:
Client Access server (Internet-Facing CAS) tried to proxy Exchange Web Services traffic to Client Access server (Non-Internet-Facing CAS). This failed because the registry key "HKLM/System/CurrentControlSet/Services/MSExchange OWA/AllowInternalUntrustedCerts" is set to "0", but no certificate trusted by (Internet-Facing CAS) was available for the SSL encryption of the proxy connection.

and

Log Name:      Application
Source:        MSExchange Web Services
Date:          Event ID:      11
Task Category: Core
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      (Internet-Facing CAS)
Description:
Client Access server (Internet-Facing CAS) failed to proxy Exchange Web Services to Active Directory site CN=Non-Internet Facing AD Site,CN=Sites,CN=Configuration,DC=yourdomain,DC=com because none of the Client Access servers in this site are responding. Please check the configuration and status of the servers in site CN=Non-Internet Facing AD Site,CN=Sites,CN=Configuration,DC=yourdomain,DC=com.

The problem is that the Internet-Facing CAS is proxy'ing the request for the EWS Service to the Non-Internet Facing CAS. It is failing because the servers are not trusting the certificate. There will most likely be a self-assigned SSL (which is adequate for internal operations) but we have to configure Microsoft Exchange Server to let you use non-valid (or self-signed) certificates in the proxy scenario. (Side Note: This CAS-to-CAS Proxy'ing problem which was identified in Exchange 2007 and fixed by a Service Pack, so it may be fixed it future patches by Microsoft).

Although the above message says that the registry key AllowInternalUntrustedCerts is set to 0 (0 denying this rule) most likely it doesn't even exist. Another bug is that if it doesn't exist it should be allowing Untrusted Certs, but that isn't the case. So we have to add this key and set it to 1.

To do this, you must make a registry configuration change on the Client Access server that receives the proxy requests. Do the following:


Caution   Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Open the Registry (Start> Run > Regedit)

Browse to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/MSExchange OWA/

Right Click MSExchange OWA, then New > Key

Type in AllowInternalUntrustedCerts

On the right-hand side set the Default value to 1.





Close out of the registry

Note   You must restart Internet Information Services (IIS) by using the command iisreset/noforce for these changes to take effect. *You may also need to restart the World Wide Web Publishing Service

Saturday, October 18, 2008

Cisco VPN

Some people find it tricky (especially Windows users) when it comes to installing the Cisco VPN Client in Linux.

Once you have downloaded the compressed file (either officially from Cisco or by other means) create a folder in a location that you won't be deleting any time soon. (I usually create a sub-folder called "vpnclient" under a folder called "Support" on the root of the drive.)

Extract the files into this folder. Then bring up a terminal (a command prompt) and browse to the folder location where you extracted the files.

Run the command:

sudo ./vpn_install

*Except the Defaults

After it is installed you can either reboot or run the command:

sudo /etc/init.d/vpnclient_init start

This command will start the VPN subsytem.

Once this is done you can connect from the vpn by typing the command:

vpnclient connect [pcf file name]

And to disconnect you can bring up another terminal and type the command:

vpnclient disconnect

The pcf files from your Windows Cisco VPN client will work just fine in your Linux Cisco VPN. The pcf Profile files are located in etc/opt/cisco-vpnclient/Profiles/ so you can copy your .pcf files to this location.

Wednesday, September 10, 2008

Password Reset

If you forgot you password for your Ubuntu system you can recover using the following steps:

1. Turn your computer on.
2. Press ESC at the GRUB prompt.
3. Press e for edit.
4. Highlight the line that begins "kernel ………", press e
5. Go to the very end of the line, add rw init=/bin/bash
6. Press enter, then press b to boot your system.

Your system will boot up to a passwordless root shell.

Type in passwd "Username"
Set your password.
Type in reboot

*If you don't know your username or the root password you could follow the same steps to reset the root password; just type in passwd root instead of passwd "Username". Then after having reset the root password you could ssh from another box to your box login with the root credentials and browse the home folders for the Usernames.

Thursday, June 26, 2008

Video Drivers

If you have an advanced Video Card - (and it happens to be Nvidia or ATI) you can sometimes have trouble installing the drivers. Even if you don't have any troubles the process can be a bit much; even worse after you get done getting your video card setup a Kernel patch may come up and kill all your hard work.

A fast and easy way to install your Video drivers (again if they happen to be an Nvidia or ATI chip set) is to use a program called Envy. This can help you with your initial installation, and any time you have to reinstall because of a Kernel update - as well as keep your video drivers up-to-date.

In a terminal - run:

sudo apt-get install envyng-gtk

Then Launch EnvyNG's GUI (inside a Desktop Environment such as GNOME,KDE, etc.) by selecting it in the "Applications/System Tools" menu.

VirtualBox

Most of the time when you are running Ubuntu and the Kernel level gets upgraded the "virtualbox-ose-module-generic" does not get upgraded.

And so when you try to run VirtualBox you get the error "VirtualBox kernel driver not installed" or something related.

(This can also happen the first time you run VirtualBox on a new (but fully patched) install.)

To fix this run the following commands:

sudo apt-get install virtualbox-ose-source
sudo m-a update
sudo m-a prepare
sudo m-a a-i virtualbox-ose
sudo /etc/init.d/vboxdrv restart