Author Archive
Recreating the Exchange 2013 Receive connectors
by Brian on Feb.10, 2016, under Computer Stuff, Windows Info
Just in case you ever have to recreate the default receive connectors in Exchange 2013, here you go:
Default Client Front End Transport (FrontEnd Transport)
TLS, Basic, Integrated, Exchange users, port 587
Default Client Proxy (Hub Transport)
TLS, Basic, Offer Basic after TLS, Integrated, Exchange Server Auth, Exchange Servers, Exchange users, port 465
Default Front End Transport (FrontEnd Transport)
TLS, Basic, Offer Basic after TLS, Integrated, Exchange server auth, Exchange Servers, Legacy Exchange Servers, Anonymous Users, port 25
Default Hub Transport (hub transport)
TLS, Basic, Offer Basic after TLS, Integrated, Exchange Server Auth, Exchange Servers, Legacy, Exchange Users, port 2525
Default Outbound Proxy Frontend Transport (Frontend transport)
TLS, Enable domain security, Basic, Offer basic after TLS, integrated, Exchange server auth, exchange servers, anonymous, port 717
It’s finally here!! Defer Windows Updates using Group Policy!!
by Brian on Nov.16, 2015, under Computer Stuff, Windows Info
This is big. This changes things. Read this.
Containers are coming to Windows Server 2016
by Brian on Aug.19, 2015, under General Info
Leave a Comment more...R.I.P., 2003
by Brian on Jul.16, 2015, under Windows Info
Microsoft ended support for Windows Server 2003 on July 14th, 2015
http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/
CA Root services cannot start after CA Root certificate expires
by Brian on Dec.04, 2014, under Computer Stuff, Windows Info
Since by design, you cannot recover from a CA root certificate expiring, sometimes you need to limp along, and continue to issue certs even though you cannot necessarily revoke them, because the CRL published in Active Directory is now incorrect, or offline.
While we can argue all day about the benefits/detractors of this, here it is:
To bring the CA Root back online after the Root certificate expires, issue these commands in an elevated powershell:
certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc
Now, go back to the drawing board, and PLAN your PKI implementation, and DON’T LET YOUR CA ROOT CERTIFICATE EXPIRE!!!
Incidentally, once you’ve fixed your certificate snafu, to stop ignoring offline CRLs, do this in an elevated command prompt:
certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc
Cannot print to an HP Laserjet 1020 using Terminal Services
by Brian on Jul.22, 2014, under Networking, Windows Info
Terminal Services can only print to your LPT printers (with proper driver installed on the server). In order to print to network printer or USB printer,
1. Install the printer normally (connecting via TCP port or USB port) and make it a shared printer (ie. \\COMPUTERNAME\PRINTER)
2. Install ANOTHER instance of the printer, using the LPT1: (or LPT2:) port
3. Launch an administrative command prompt, and map the LPT port to the shared printer instance:
net use lpt1: \\COMPUTERNAME\PRINTER /persistent:yes
Now, you have an LPT: printer. If you set it as your default printer you can print locally, and Terminal services should now allow you to print from your TS session, as well.
Setting a PTR record at Comcast
by Brian on Jul.01, 2014, under Networking
To setup a reverse DNS record for a Comcast IP address, please contact the Enterprise Care Center (ECC) at 1-800-741-4141 (option 2, and then option 1).
Winmail.dat issues when using an SMTP Proxy
by Brian on Mar.17, 2014, under Computer Stuff, Windows Info
I’ve run into this a couple times recently after clients have been migrated to Office 365. Office 365 by default sends messages in the Transport Neutral Encapsulation Format (TNEF) format. This is a rich text format and some email servers aren’t able to interpret it, and will therefore replace attachments with winmail.dat files (very common with clients on Macs). The fix is to use PowerShell to change disable TNEF. There is a TechNet article that shows you how to disable TNEF for when sending to specific domains or email addresses, but in my opinion that’s not acceptable for a client because they will need to contact us to have it changed every single time they encounter someone who cannot receive attachments from them. The fix is to connect to Office 365 via PowerShell and then do one of the following…
Option 1: Disable for Specific Domain (example uses wyldehare.com as the domain you are sending to)
1. New-RemoteDomain -DomainName wyldehare.com -Name WyldeHare
2. Set-RemoteDomain -Identity WyldeHare -TNEFEnabled $false
3. Get-RemoteDomain -Identity WyldeHare| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)
Option 2: Disable for Specific Email Address
1. No point in doing this since the email server is usually what causes this.
Option 3: Disable Globally (recommended)
1. Set-RemoteDomain Default -TNEFEnabled $false
2. Get-RemoteDomain -Identity Default| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)
The change does not take immediately. I have not seen it documented anywhere, but I do know it doesn’t take place immediately. I had a client test this right after I made the change and it didn’t work, so I had them try again in the morning and it worked. I would guess at somewhere between 15 minutes and a few hours.
We’ve also run into some issues recently where users have been receiving winmail.dat attachments. This is usually caused in cases where the client has the SMTP proxy enabled on their WatchGuard. By default, the SMTP proxy strips some of the headers out of the email that identify it as a Rich Text Formatted email. If the email client does not have the header information needed to interpret the winmail.dat attachment, the email client cannot display the proper formatting of the email, and incorrectly displays the attachment as a winmail.dat file. To resolve, do the following…
- Start Policy Manager for your XTM device.
- Double-click the SMTP-Proxy used for inbound email.
Or, right-click the SMTP-proxy and select Modify Policy.
The New/Edit Policy dialog box appears with the Policy tab selected. - Adjacent to the Proxy action drop-down list, click View/Edit Proxy.
The SMTP Proxy Action Configuration dialog box appears. - From the Categories tree, select Headers.
- In the Pattern text box, type each of these patterns and click Add to add them to the Rules list.
- X-MS-Has-Attach:*
- X-MS-TNEF-Correlator:*
- X-MimeOLE:*
- From the If matched drop-down list, select Allow.
- From the Categories tree, select Content Types.
- In the Pattern text box, type application/ms-tnef and click Add.
The pattern appears in the Rules list. - From the If matched drop-down list, select Allow.
- From the Categories tree, select Filenames.
- In the Pattern text box, type winmail.dat and click Remove.
The winmail.dat pattern is removed from the Rules list. - From the None matched drop-down list, select Allow.
Now, having said that, we had a client *not* using the SMTP proxy have a similar issue. This client has Securence for SPAM filtering and there is a feature you can enable within Securence that attempts to extract the contents of Winmail.dat when necessary. To enable, go to Settings -> Filters -> Winmail.dat Extraction.
Happy Birthday, Internet!
by Brian on Mar.12, 2014, under Amusement, Networking
On this day in 1989, British computer scientist Tim Berners-Lee presented to CERN management a proposal for a “universal linked information system” called Mesh, meant to help staff at the Swiss research center coordinate their work. Today, what we now know as the World Wide Web turns 25. Berners-Lee gave several interviews for the occasion. Looking back on his creation, he told CNet he’s glad the Web has developed as a “non-national” entity but deplores that most people on the Web still stick to their own cultures and their own ways, using the technology to reinforce their biases rather than open their world:
“I’d like it if developers on the Web could tackle the question of how to make Web sites that actually make us more friendly to people we don’t know so well,” he said.
ATARI 2600 Forever!!
by Brian on Dec.27, 2013, under Amusement, Computer Stuff
I’m almost *giggling* while I post this..
FREE ATARI!!!
THANK YOU, Archive!!