DefinIT Because if IT were easy, everyone would do it…

24Mar/110

Configuring SSTP VPN connections to Threat Management Gateway 2010

Posted by Sam McGeown

TMG2010SSTP or SSL VPN connections are great for people working on client sites or behind very restrictive firewalls – they only require HTTPS (port 443) to be open to be able to connect. Unfortunately, you need to be running Windows 7 or Server 2008 (or newer) in order to make use of them. Threat Management Gateway 2010 is one option for an SSL VPN endpoint.

SSTP VPN Requirements

  • Clients must be Windows 7/Server 2008 or newer
  • Certificate – either commercial or an internal Certificate Authority
  • Published CRL – SSTP clients check for the Certificate Revocation List of the CA
  • If you already have an SSL listener (e.g. for Exchange publishing rules) then you need a dedicated IP address for the SSTP connection
24Mar/110

Keep it simple stupid!

Posted by Simon Eady

iisselfsignedcertificatelogo.pngI am a firm believer in trying to keep things simpler where ever possible (but not for the sake of it) In years gone by I have heard many admins lament about the complexities of deploying IIS to work alongside third party plugins such as PHP. I can remember numerous occasions where I have wrestled with the config and "best practice".

I am however glad to say finally Microsoft have taken notice of this and produced a very simple and effective deployment toolkit.

The Microsoft Web Platform Installer (now in version 3.0)

I have recently deployed an IIS7.0 server that required PHP and MySQL using this tool and I am very happy with  the results!

I know generally any system admin will avoid "wizards" as it were but in this instance it is time well saved!

Filed under: IIS, IIS 7, Microsoft No Comments
22Mar/116

Online Archiving with Exchange 2010? Can’t see your Online Archive in Outlook?

Posted by Sam McGeown

Exchange-2010-Logo-748516

Having recently managed several Exchange 2010 migration projects, one of the best new features which really sells it to systems administrators is the Online Archive. “No more managing PST files? When can we have it installed by?”

The problem is, once they’ve purchased licensing for Exchange 2010 and installed and configured the server, migrated the users’ mailboxes and decommissioned the old Exchange 2003 server, the Online Archive feature is not available. The users have been enabled, and as of SP1 we have a separate Archive mailbox database configured on slow (cheap) storage, but the Online Archive is nowhere to be found in Outlook. If the users log on using OWA, lo and behold the Online Archive is available.

Now, fair enough, Microsoft require an Enterprise Client Access License (CAL) per user for this feature – it’s an Enterprise level feature and you pay for it. What is not so apparent unless you dig around the licensing site is that you also need the Volume Licensing version of Outlook 2010 or 2007 called “Pro Plus”. An OEM or Retail copy of Outlook will not cut it.

Where does this leave them then? Small companies who have shelled out for OEM/Retail copies of Office Professional cannot afford to simply purchase a whole new VLK copy and upgrade. You can’t upgrade and OEM/Retail license to a VLK license, there’s no path. These companies have paid for the Enterprise CALs to use Enterprise features, only to find out that it’s not just the CAL they need!

To me, this is a BIG flaw in the way Microsoft are selling Exchange 2010. Licensing is complex enough without adding this sort of gotcha to a solution, and the companies have paid for an Enterprise CAL. They’re not trying to use an Enterprise feature on a Standard license, they’ve paid for it!

And people like me can’t turn round and recommend an upgrade to a client without upgrading the entire Office licensing too. I hope Microsoft sort this out, I really do, because in all honesty, it puts a real downer on an otherwise superb product that up til now, I have had no hesitation in recommending.

I normally make it a rule that what I post on here is a solution, unfortunately in this case the solution is expensive and involves upgrading your licensing.

21Mar/1117

Exchange 2010 – CreateTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requirements

Posted by Sam McGeown

Exchange-2010-Logo-748516

While using the New-TestCasConnectivityUser.ps1 script to create a test user for Exchange 2010’s connectivity testing, I ran into an issue:

image

CreateTestUser : Mailbox could not be created. Verify that OU ( Users ) exists and that password meets complexity requirements.
At C:\Program Files\Microsoft\Exchange Server\V14\Scripts\new-TestCasConnectivityUser.ps1:255 char:27
+   $result = CreateTestUser <<<<  $exchangeServer $mailboxServer $securePassword $OrganizationalUnit $UMDialPlan $UMExtension $Prompt
+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,CreateTestUser

Oddly enough, that OU does exist (as it will by default on any Windows Domain!) and the password complexity more than satisfied the complexity requirements. The issue is simple enough to fix, I opened the script in notepad and found the line beginning “new-mailbox” – and deleted the parameter “–OrgainisationalUnit:$OrganistationalUnit”. This means the new user defaults to the default OU – Users!

Just a simple fix to save some time! Thanks MS for the buggy script!

Update: Looks like this occurs when there's more than one OU called Users - my fix will still sort it, but at least you know!

10Mar/110

Batch Converting Video Files on Ubuntu Linux using HandbrakeCLI

Posted by Sam McGeown

UbuntuDisclaimer: this post is more for my own recollection than anything else! When it comes to Linux, I’m an amateur and everything I do from the simplest thing upwards is copy-and-paste from much more informed bloggers and websites!

My home server is running Ubuntu Linux 10.10 – access is via an SSH client only. I run an NFS file server for my home network, which stores my Music and Video for the network, and is running an iTunes server. Most of my DVDs have been ripped to high quality MP4 files for viewing on PC, but they aren’t suitable for my iPhone, so I also frequently compress them for viewing on that device.

The following command lists the files in the Source folder and runs Handbrake via the CLI to convert the files using the iPhone template and spits them out to the Video folder.

for file in `ls /media/Data/NFS/Source/`; do $(HandBrakeCLI -v -i /media/Data/NFS/Source/${file} -o /media/Data/NFS/Video/"${file%.vob}.mp4" --preset="iPhone & iPod Touch"); done
Page 1 of 212