Redirect Website Root to /Exchange & Correct Protocols

By Craig May 6th, 2011, under Exchange, Internet Security

Just been working on a way around one of life’s annoyances. To get to an OWA 2003 site on a Windows SBS 2003 box, I have to remember to put in https:// and remember to put /exchange at the end. It annoys me having to remember, I often forget the protocol and it wastes my time.

Today I had a chance to find a workaround for this. Turns out to be really simple.

I am using Windows Small Business Server 2003 Premium, which includes ISA 2004.

Log on to your server and open up the ISA Management Console. Select the Firewall node on the left, and look down the list for ‘SBS OWA Web Publishing Rule’.

Open up the properties and select the Bridging tab. On this tab ensure that only the ‘Redirect requests to SSL port’ is selected, along with you relevant SSL port.

Next hop back to the Paths tab. In the paths tab there wiull be three entries, one for Exchange, one for ExchWeb and one for Public. These are important and you must not edit these. Instead add a new path, with the internal name as /Exchange and an external name of /. Your window should look something like below.

Apply your changes, and test your work from a remote machine.

These instructions should also work if you have a separate ISA and Exchange server and are not running SBS.

Unmark this post as useful.

Tags: ,
No Comments

ISA 2004: Configure HTTP Greyed Out

By Craig May 5th, 2011, under Internet Security, SharePoint

To set the scene, we have just created a WSS 3 site using forms based authentication. Published it through ISA 2004. Browsed to the site and we get this error.

Following Microsoft’s guidance and information on various blogs, it suggetsed to disable the Verify Normalisation and the Block High Bit Characters options in the HTTP filter. We browsed to the rule in question, opened the Properties and selected the Trafic tab. The HTTP and HTTPS protocols are listed, but the Filtering button is disabled.

Things to check to enable this Filtering button are:

  1. Go to Configuration –> Add-Ins
  2. Ensure that the Web Proxy Filter is shown and enabled (if you have the option to disable it)
  3. Select Web Filters and ensure that the HTTP Filter is present and enabled
  4. Go to Firewall Policy and open the HTTP Protocol Properties
  5. On the Parameters tab, in the Application Filters panel ensure that Web Proxy Filter is checked.
  6. Apply your changes.

The Filtering button on the Traffic tab will now be available and the Verify Normalisation and Block High Bit Characters can be disabled.

Unmark this post as useful.

Tags: ,
No Comments

TidyBackups – a neat way to manage SIMS backups

By Craig April 7th, 2011, under General Stuff

As Matt has now plugged my Absence work a couple of times now – I feel it is time that i reciprocated!!

TidyBackups is a small application which manages your SIMS backup files – including compressing them. Just one less thing for you to have to think about as a Network Manager. Set up a schedule, set the parameters, and forget that it is even there whilst it sorts out your SIMS backups and stops you wasting space unnecessarily on outdated backups.

Best of all it’s free. Cheers Matt – from systems admins across the schools.

Take a peek here: http://matt40k.co.uk/projects/tidybackups/

Unmark this post as useful.

No Comments

RSClientPrint.dll Not Updated with SQL Server 2008 SP2

By Craig March 22nd, 2011, under SQL Server

This error often shows itself as an error on clients where the user does not have administrative permissions to install the updated control. In this update, the files on the server are not updated though.

The fix is provided through the installation of Cumulative Update Package 2 for SQL Server 2008 SP2. Available here: http://support.microsoft.com/kb/2467239

If you can’t wait to test the package before deploying to your servers, and you need the RSClientPrint packages then I have uploaded them to my site and you can pick them up here. These are the latest versions included with SQL Server 2008 SP2 CU2.

RSClientPrint (316)

Extract the 3 files and put them in the ReportServer\bin directory of the Report Services instance on the server. You can also package them and install them to clients where the users do not have permissions to install the control themselves.

Hope this saves some people some time hunting for the files.

UPDATE

SQL Server 2008 SP2 Cumulative Update 6 also updates these files. The RSClientPrint.dll file has a version number of 10.0.4285.0

Download available below

RSClientPrint (325)

4 people found this post useful.
Unmark this post as useful.

Tags: , ,
3 Comments

Fast Reconnect with PEAP

By Craig March 11th, 2011, under Networking

I have been investigating issues with our laptops whereby they would freeze and become generally unresponsive when changing area and thus changing they connected WAP. This was causing big problems for staff who teach in multiple rooms and regularly change between wired and wireless connections.

We have a combination of HP ProCurve 420WW and HP ProCurve M110 AP’s. All AP’s are required to use 802.1x authentication against a Windows Server 2008 NPS. Two servers run this role – for resiliency.

Wireless settings for the clients are configured through Group Policy and enforced to all machines – specifying the connection protocols, authentication types, etc.

In the client connections, Fast Reconnect was enabled, as we knew users were going to be roaming across AP’s. However, the setting was not set on the server. This meant that although the client was permitted to allow Fast Re-connections, the server was rejecting fast reconnection attempts. I assume that the client continued to try Fast Reconnect, but it was continually being rejected by the server, and causing the client to freeze whilst it attempted the connection.

In NPS you need to enable the Fast Reconnect setting for your PEAP connection by:

  1. Expand Policies then Network Policies
  2. Open up your Wireless Policy.
  3. Select the Constraints tab, then Authentication
  4. Under EAP Types select Microsoft Protected EAP and then click Edit
  5. Make sure that Fast Reconnect is enabled.

As far as I know the setting takes effect the next time that a client completes a full authentication to the RADIUS server.

Another item to check, is that all the wireless AP’s authenticate to the same NPS server. Fast Reconnect only works for clients and AP’s that are connecting to the same RADIUS server. In my scenario I have set every AP to direct requests to a single RADIUS server, and fall back to a different secondary server. If the AP’s are assigned to a different RADIUS server, then a full authentication will occur every time that you change AP that has a different RADIUS server.

1 person found this post useful.
Unmark this post as useful.

Tags: , , ,
No Comments

Windows Update Error 80244023

By Craig March 10th, 2011, under Server 2008

Just a quick one here. I am sure there are a number of other fixes around for this error, but a reminder here to check for the simple things.

Running Windows Update using WSUS on Windows Server 2008. Clicked the Check for Updates option and this error came up.

Check your proxy settings. If you use a proxy trhen ensure that you can access your configured WSUS server through the proxy, or disable the proxy. It seems that when you run the check manually it uses the system proxy settings (set in Internet Explorer) but when it is run automatically it does not. Seems strange behaviour – but that is how it appears to work.

If you are getting this error on a standalone PC not connected to an enterprise network, then it is highly likely that this will not apply to you.

7 people found this post useful.
Unmark this post as useful.

Tags: ,
No Comments

Can ping a website but cannot browse to it

By Craig March 6th, 2011, under Networking, Windows 7

Just finished repairing a PC which could ping websites, but could not browse to them using Internet Explorer or Mozilla Firefox.

Turns out that Norton is once again to blame.

A fix is given on the link below. In short, use the Norton Removal Tool to remove any offending applications, rebott, and the joy of the Intenernt shall return to your PC.

http://amiatypist.blogspot.com/2009/12/can-ping-can-not-browse.html

Maybe at somepoint manufacturers might start bundling decent security software with laptops and PCs.

Unmark this post as useful.

Tags: , ,
No Comments

Page File Location when System drive is Mirrored

By Craig March 2nd, 2011, under Server 2003

I have been working on a server today which has 2 HDD, mirrored for redundancy. It is a software based mirror provided by Windows Server 2003. The server had been having a couple of performance issues, and whenlooking at the performance monitor, they tended to be caused by long write times to the Page File.

The page file was still in it’s default location on the C: drive – as this is SBS 2003 it had never been looked at. This meant that all page file write operations were being written to two HDD every time.

This is not neccessary. The solution that we have come up with to ealleviate this ‘dual-writing’ is to shrink the data partition (also mirrored) on the disk to give us back some unallocated space. I then created a simple volume on the first disk which could be used to host the page file. Assigned the next available drive letter and changed the page file drive assignments in the System Properties.

After a reboot and a couple of hours with loggin turned on I went back and found that the page file write time is significantly decreased.

This just goes to show how important it is to look where data is actually being stored on a system to make sure that you are getting the most from the hardware that you have.

Unmark this post as useful.

Tags: ,
1 Comment

Redirected My Documents folders showing as ‘Documents’ rather than the users name

By Craig December 20th, 2010, under Server 2008, VBScript, Vista

Had a complaint from a member of staff recently that all students work folders showed up as My Documents when he was browsing through their work.

Many of you may have been directed to this Microsoft KB as a ‘solution’. http://support.microsoft.com/kb/947222

Not much of a solution if you ask me. Redirection to a subfolder would work, but do you really want to change something that significant on your network? Enable exclusive access would be fine if you didn’t need to give other people access to the documents folder. In a student-teacher situation, teachers need to be able to see the students work, so this doesn’t work for us. Option 3 – deny permission to the desktop.ini. We have 1400 students. That’s a lot of changes – yes I could use xcacls or subinacl to automate it, but what a headache.

The best ‘solution’ that we have come up with, is to simply delete the desktop.ini file at logoff. We created a VB Script, which looks for a desktop.ini file in the user’s My Documents folder, and if it exists then delete it. Attach this into a GPO that affects the user as a logoff script.

The code we used is:

On Error Resume Next
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
DocsPath = WSHShell.SpecialFolders("MyDocuments")
If FSO.FileExists (DocsPath & "\desktop.ini") Then
  FSO.DeleteFile (DocsPath & "\desktop.ini")
End If

Next time the user logs on and then off again, the desktop.ini file will be deleted, and the folder will show as the username of the user.

Shame there isn’t a GPO option which allows you to turn off this feature. On a home machine it is great, but in a corporate environment you need to be able to turn off the fancy features and see exactly what you have got.

2 people found this post useful.
Unmark this post as useful.

Tags: , , ,
3 Comments

Active Directory Topology Diagrammer

By Craig December 13th, 2010, under General Stuff

Used this tool a couple of times – and it saves so much time when you need or want to draw out your AD structure.

This free download from Microsoft queries your AD for the domains, sites, OU’s, and Exchange structure, and draws it out with connectors and information in Visio. I’m using it with Visio 2010 and it works great. Just saved 2 hours of drawing out every OU and GPO assignment.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=cb42fc06-50c7-47ed-a65c-862661742764&displaylang=en#Overview

Unmark this post as useful.

No Comments

« Older Entries
Newer Entries »