Jun 9, 2013

Configuring Windows Server 2008 Server Core Basic Networking Settings

11:16 PM 1 comment

In my previous articles (see list below) I have written about how, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection.


Like any other server, Server Core machines must be properly configured to be able to communicate on your network. Some of these settings include:
  • Configuring an IP address
  • Configuring an administrator's password
  • Configuring a server name
  • Enabling remote MMC snap-in management
  • Enabling remote RDP connections
  • Enabling remote Windows Firewall management
  • Enabling remote shell management
  • Activating the server
  • Joining a domain
  • Configuring Windows Updates
  • Configuring error reporting
  • Adding server roles and features
And other tasks.
Before you start, you need to configure the server's IP address.

To set the server with a static IP address

  1. At a command prompt, type the following: 
    netsh interface ipv4 show interfaces
  2. Look at the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.
  3. At the command prompt, type: 
    netsh interface ipv4 set address name="" source=static address= mask= gateway=
    Where:
    • ID is the number from step 2 above
    • StaticIP is the static IP address that you are setting
    • SubnetMask is the subnet mask for the IP address
    • DefaultGateway is the default gateway
  4. At the command prompt, type: 
    netsh interface ipv4 add dnsserver name="" address= index=1
    Where:
    • ID is the number from step 2 above
    • DNSIP is the IP address of your DNS server
  5. Repeat step 4 for each DNS server that you want to set, incrementing the index= number each time.
  6. Verify by typing ipconfig /all and checking that all the addresses are correct.

To set the administrative password in Windows Server 2008

  1. At a command prompt, type the following: 
    net user administrator *
  2. When prompted to enter the password, type the new password for the administrator user account and press ENTER.
  3. When prompted, retype the password and press ENTER.
Next, you might want to change the computer's name, as the default name is a random-generated name (unless configured through an answer file)

To change the name of the server

  1. Determine the current name of the server with the hostname or ipconfig /all commands.
  2. At a command prompt, type: 
    netdom renamecomputer  /NewName:
  3. Restart the computer by typing the following at a command prompt: 
    shutdown /r /t 0

To manage a server running a Server Core installation by using the Windows Remote Shell

  1. To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt: 
    WinRM quickconfig
  2. Click Y to accept the default settings. Note: The WinRM quickconfig setting enables a server running a Server Core installation to accept Windows Remote Shell connections.
  3. 3. On the remote computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type: 
    winrs -r: cmd
    Where ServerName is the name of the server running a Server Core installation.
  4. You can now type any command that you require, it will be executed on the remote computer.

To activate the server

  1. At a command prompt, type: 
    slmgr.vbs –ato
    If activation is successful, no message will return in the command prompt.

To activate the server remotely

  1. At a command prompt, type: 
    cscript slmgr.vbs -ato
  2. Retrieve the GUID of the computer by typing: 
    cscript slmgr.vbs -did
  3. Type 
    cscript slmgr.vbs -dli
  4. Verify that License status is set to Licensed (activated).

To join a Windows 2008 server to a domain

  1. At a command prompt, type: 
    netdom join  /domain: /userd: /passwordd:*
    Where:
    • ComputerName is the name of the server that is running the Server Core installation.
    • DomainName is the name of the domain to join.
    • UserName is a domain user account with permission to join the domain.
    Note: Entering * as the password means you will be prompted to enter it on the command prompt window in the next step. You can enter it in the initial command, if you wish to. Note: Note that the word "passwordd" has 2 d's in it…
  2. When prompted to enter the password, type the password for the domain user account specified by UserName.
  3. Restart the computer by typing the following at a command prompt: 
    shutdown /r /t 0

To remove the Windows 2008 server from a domain

  1. At a command prompt, type: 
    netdom remove
  2. Reboot the computer.

To configure automatic updates

  1. To enable automatic updates, type: 
    cscript C:'Windows'System32'Scregedit.wsf /au 4
  2. To disable automatic updates, type: 
    cscript C:'Windows'System32'Scregedit.wsf /au 1
    BTW, in order to view your current settings you can type:
    cscript C:'Windows'System32'Scregedit.wsf /au /v

To configure error reporting

  1. To verify the current setting, type: 
    serverWerOptin /query
  2. To automatically send detailed reports, type: 
    serverWerOptin /detailed
  3. To automatically send summary reports, type: 
    serverWerOptin /summary
  4. To disable error reporting, type: 
    serverWerOptin /disable
Read more »

Posted in: ,,

What is a VLAN? How to Setup a VLAN on a Cisco Switch

11:11 PM No comments

What is a VLAN? How to Setup a VLAN on a Cisco Switch
Have you ever wondered what a Virtual LAN (or VLAN) is or been unclear as to why you would want one? If so, I have been in your place at one time too. Since then, I have learned a lot about what a VLAN is and how it can help me. In this article, I will share that knowledge with you.

What is a LAN?

Okay, most of you already know what a LAN is but let’s give it a definition to make sure. We have to do this because, if you don’t know what a LAN is, you can’t understand what a VLAN is.
A LAN is a local area network and is defined as all devices in the same broadcast domain. If you remember, routers stop broadcasts, switches just forward them.

What is a VLAN?

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain.
This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.
Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.
Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:
  • You have more than 200 devices on your LAN
  • You have a lot of broadcast traffic on your LAN
  • Groups of users need more security or are being slowed down by too many broadcasts?
  • Groups of users need to be on the same broadcast domain because they are running the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.
  • Or, just to make a single switch into multiple virtual switches.

Why not just subnet my network?

A common question is why not just subnet the network instead of using VLAN’s? Each VLAN should be in its own subnet. The benefit that a VLAN provides over a subnetted network is that devices in different physical locations, not going back to the same router, can be on the same network. The limitation of subnetting a network with a router is that all devices on that subnet must be connected to the same switch and that switch must be connected to a port on the router.

With a VLAN, one device can be connected to one switch, another device can be connected to another switch, and those devices can still be on the same VLAN (broadcast domain).

How can devices on different VLAN’s communicate?

Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port.
A trunk port must run a special trunking protocol. The protocol used would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.

How do I create a VLAN?

Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, is to:
  • Create the new VLAN’s
  • Put each port in the proper VLAN
Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5 (Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is how you would do it:



At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5 should be able to communicate. That is because each of these is in its own VLAN. For the device on port 2 to communicate with the device on port 4, you would have to configure a trunk port to a router so that it can strip off the VLAN information, route the packet, and add back the VLAN information.

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts.
VLAN’s also provide security because you are essentially putting one group of devices, in one VLAN, on their own network.

Article Summary

Here is what we have learned:
  • A VLAN is a broadcast domain formed by switches
  • Administrators must create the VLAN’s then assign what port goes in what VLAN, manually.
  • VLAN’s provide better performance for medium and large LAN’s.
  • All devices, by default, are in VLAN 1.
  • A trunk port is a special port that runs ISL or 802.1q so that it can carry traffic from more than one VLAN.
  • For devices in different VLAN’s to communicate, you must use a router or Layer 3 switch.
Read more »

Posted in:

Jun 8, 2013

New features in Exchange Server 2013

10:58 PM No comments

Microsoft introduces a lot of new features in Exchange Server 2013 and we will discuss the notable new features here. So when it got released? General availability of Exchange 2013 released on December 3rd, 2012.
Exchange Server 2013 Architecture

Exchange Server 2010 and Exchange Server 2007 have 5 server roles like Mailbox Server, Client Access Server, Hub Transport Server, Unified Messaging Server and Edge Transport Server. On the new release of Exchange Server 2013, we have only two server roles, the Mailbox Server Role and the Client Access Server Role.
Only two Server roles in Exchange 2013 don’t mean that the Hub Transport and Unified Messaging Roles are completely removed on the release, those roles functionality are now incorporate or merged with the existing server role. In simple, we are now back to Exchange Server 2003 architecture by having a Backend and frontend architecture
The Edge Transport Server Role for Exchange 2013 is not released with Exchange 2013 RTM, but it may be available with Exchange 2013 Sp1. Also, we have the option to use Exchange Server 2010 SP2 or later Edge Transport Server with Exchange Server 2013
Exchange Admin Center

Exchange 2013 has a new web based management tool named Exchange Admin Center. Using EAC, we can perform most of the tasks as we did in Exchange Management console, but few of the tasks can only be done via Exchange Management Shell. EAC can be accessed using https://ClientAccessServer/ecp
Exchange Management Console is not available with Exchange 2013, Exchange Management Shell and Exchange Tools are available in Exchange 2013.
Mail Flow

With the architecture changes by having two server roles in Exchange Server 2013 has a new Mail flow architecture in Exchange Server 2013. The Transport Pipeline in Exchange 2013 is made up of different services.
  • Front End Transport Service
  • Transport Service
  • Mailbox Transport Service
The Client Access Server Role has a Frond End Transport Service which will send\receive emails from the external domain. The Mailbox Server role has two services, the Transport Service and the Mailbox Transport Service.
The Transport Service is similar to Hub Transport Server role in previous version of Exchange, which handles all SMTP traffic for the organization and performs the categorization etc.
Mailbox Transport Service responsible to handle SMTP traffic for inside Exchange Organization. Mailbox Transport Service has two services, the Mailbox Transport Submission Service and Mailbox Transport Delivery Service.
Unified Messaging

Unified Messaging Server Role functionality is now inbuilt with Exchange 2013 Mailbox Server Role. All the features of Unified messaging in earlier version of exchange is available in Exchange 2013 with some additional new features.
Public Folders

Public Folders are continued in Exchange Server 2013, where the Public Folders can be created on a special type of mailbox named Public Folder Mailbox. This allows the Public Folders to be highly available with DAG functionality and the Public Folder Database and its replications are removed in Exchange 2013
Site Mailbox

Site Mailbox is a new concept in Exchange 2013 which will allow users to access the emails and the SharePoint documents from the same interface like Outlook 2013
Database Availability Group

DAG is the high availability option available in Exchange 2013 for Mailbox Servers, which will allow having 16 member servers as like previous version of Exchange but there is a limitation to have only 50 Databases per server.
Batch Mailbox Moves

Exchange 2013 allows performing mailbox moves on large batch and there is an option to provide an report the mailbox move status as emails
Anti-Malware

Exchange 2013 has a new inbuilt antimalware protection which scans all the emails send or received by the exchange organization.
Lot more new features are there and we will discuss all of them on the coming posts.
Read more »

Posted in:

Jun 7, 2013

How to Setup Your Own Hotspot with MIKROTIK routers

11:49 PM 1 comment

Before starting, reset your router. If you see a message about "Default configuration" press Remove configuration.
You need to setup your Mikrotik router by using Winbox. Winbox is the graphical user interface for configuring the Mikrotik Router OS. You can get Winbox from Mikrotik's website.
1. First we need to define the first port for WAN connection so the router will connect to the internet via another router with DHCP.
In winbox click IP > DHCP Client and Add DHCP Client to port ether1


 2. Let's add the hotspot service to wlan Click IP > HotSpot and the hotspot Setup box, choose wlan1 as hotspot interface. You can accept default values but choose none for certificate. Leave the IP as it is (10.5.50.x). If you change this IP, the LOGIN and LOGOUT links will not work on your splash page.


3. The router should be placed in ap bridge mode.
Click interface, double click wlan1, click Mode: and select ap bridge
And make sure the frequency is set to 2.4 b/G.

4. You need to add our radius server as authentication and accounting server.
In the hotspot profiles (IP > HotSpot > Profiles) choose your hotspot profile and click the radius tab, check allow radius. Then click the login tab and de-select cookie, allow http pap and chap.



5. You need to define our radius server. Click Radius and the + sign to add our radius server.
Click Services > Hotspot, enter radius address: Radius.hotspotsystem.com, Secret: hotsys123
Check the box next to hotspot


6. You need to add the secondary radius server. Click Radius and the + sign.
Click Services > Hotspot, enter radius Address: radius2.hotspotsystem.com, Secret: hotsys123
Check the box next to hotspot 


7. We have to allow certain sites and servers for non authenticated users otherwise they can't buy access.
In the section IP > HotSpot > Walled Garden, click on + sign and add the following domains to Dst. Host one by one:
*.hotspotsystem.com
*.worldpay.com
*.paypal.com
*.paypalobjects.com
*.paypal-metrics.com
*.altfarm.mediaplex.com
*.akamaiedge.net
paypal.112.2O7.net
*.moneybookers.com
*.adyen.com *.directebanking.com
*.paysafecard.com
betalen.rabobank.nl
ideal.ing.nl
internetbankieren.frieslandbank.nl
ideal.abnamro.nl
ideal.snsreaal.nl
ideal.triodos-onlinebanking.nl

For Hotspot FREE SOCIAL locations: you must add 'www.apple.com' too!
Then in the section IP > HotSpot > Walled Garden > IP List add the following IPs to Dst. Address one by one (if your Mikrotik doesn't allow netmask values (.0/24) you can skip the netmask value):
194.149.46.0/24
198.241.128.0/17
66.211.128.0/17
216.113.128.0/17
70.42.128.0/17
128.242.125.0/24
216.52.17.0/24
62.249.232.74
155.136.68.77
66.4.128.0/17
66.211.128.0/17
66.235.128.0/17
88.221.136.146
195.228.254.149
195.228.254.152
203.211.140.157
203.211.150.204
82.199.90.136/29
82.199.90.160/27
91.212.42.0/24


8. You need to syncronize the router's time with our server.
Click on System > NTP Client. Enter primary and secondary NTP servers. To find NTP servers, go to http://www.pool.ntp.org/ and select the location's continent on the right side of the page. You'll find NTP servers there.
Be sure to leave TimeZoneName: manual, and TimeZone: 00:00 in System > Clock. (Don't set your own timezone, because the router has to show the GMT time!)

9. You need to change the router's NASID. The NASID setting in the Mikrotik is located under System > Identity. Default is 'MikroTik'.
Change this the following way: OPERATORUSERNAME_LOCATIONNUMBER
Example: Operator Username is 'globalhotspot', Location ID: '2', then NASID should be: 'globalhotspot_2'
NOTE: In case you are installing multiple routers in the same location, you should use different NAS IDs. For the second routers you need to add '_wds_1' to the NAS Id, for the third router '_wds_2', etc. So for example if you want to install the second router in location 3, the NASID should be set to 'globalhotspot_3_wds_1'.

10. You have to customize Mikrotik's built-in login page. On the side menu go to Files, and find the login.html file under the 'hotspot' directory. Double click on the file and choose Backup.
Open a simple text editor like notepad and copy and paste the following to the editor:

<html><head>
<title>HotSpot System Login</title>
</head>
<body>
<form name="redirect" action="https://customer.hotspotsystem.com/customer/hotspotlogin.php" method="GET">

<input type="hidden" name="res" value="notyet" />
<input type="hidden" name="mac" value="$(mac)" />
<input type="hidden" name="user" value="$(username)" />
<input type="hidden" name="uamport" value="mikrotik" />
<input type="hidden" name="userurl" value="$(link-orig)" />
<input type="hidden" name="nasid" value="$(identity)" />
<input type="hidden" name="uamip" value="$(server-address)" />
<input type="hidden" name="error" value="$(error)" />
<input type="hidden" name="chap-id" value="$(chap-id)" />
<input type="hidden" name="chap-challenge" value="$(chap-challenge)" />

</form>

<script language="JavaScript">

<!--

 document.redirect.submit();

 //-->

</script>
</body>
</html>
ave it as login.html to your Desktop.
Drag and drop this login.html to your "hotspot" directory in the Winbox program.
If you wish to use FTP you can FTP to your mikrotik router with the admin userid and password and replace the file there under the 'hotspot' directory.
If you don't wish to redirect users to our nice splash page you can continue to use the router's built-in login page but in this case it is important to add a link to the internal page where your users can buy access or activate their prepaid cards. Click here for more information.

10/b. In case you are using Hotspot FREE SOCIAL service, you also need to edit logout.html template. You need to use the same content as for the login.html (code above).

11. You have to set the Login/Logout URL IP addresses in the Control Center. Log in to the Control Center with your Operator Username and password and go to Manage > Locations. Click on the location, then click on Modify Hotspot Data & Settings. In Splash Page Settings modify the Internal Login/Logout URL Set to Mikrotik. Make sure that 'Display Login Box on Main Splash Page' option is CHECKED.

12. Extend the shared-users limit in your hotspot profile.
Sub-menu: /ip hotspot user profile
or go to IP > Hotspot > User Profiles > default > Shared-Users
Change shared-users to 5.

13. As the last step you have to add hourly checking for up status for the Router Alert feature.
Go to System > Scheduler and add a new task by pressing the plus sign.
Name: up
Interval: 01:00:00
On Event:

/tool fetch keep-result=no mode=http address=tech.hotspotsystem.com src-path=("up.php?mac=".[/interface ethernet get 0 mac-address]."&nasid=".[/system identity get name]."&os_date=Mikrotik&uptime=".[/system clock get time]."%20up%20".[/system resource get uptime].",%20load%20average:%20".[/system resource get cpu-load]."%")


Policy: enable all
Press Apply and OK.




That's all. You can setup hotspot service even on a wired connection. In this case you have to choose an ethernet port instead of wlan or you can setup hotspot on both ports.
If you have successfully setup your mikrotik router you have to see a login window when connecting via wireless. You can log in with username admin, blank password.



Read more »

Posted in:
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Computer Tricks and Tips