In this article I’ll explain how it’s possible to secure OWA 2003 with a free 3rd party SSL certificate. Yes that’s right, free, like in permanently free, not some kind of 30 day trial period.
[Via MSExchange.org]
Another source of free SSL certificates is CAcert.
Sometime ago I configured my SBS server to be a fax server. Today my wife was expecting a fax and to my horror I noticed that the fax server modem was not picking up before the voicemail kicked in. It took sometime but I finally figured out what I was going wrong. Last week I added a new board to the server. When I reconnected the cables the fax modem was to the “other” com port. This com port was not configure to pick up. Oops! I put it back on the correct port and scanned for new hardware devices. Now the com port picks up on the first ring.
High Performance Enabled SSH/SCP [PSC]
SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links. Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients.
I saw HPN mentioned in conjunction with copSSH in a mailing list I monitor. This is a pretty neat performance improvement for OpenSSH.
I know there must be an easier way to do this but I gave up trying to get my new Samsung LCD monitor to stop complaining about not running at 1280×1024. I tried several things to fix the problem but it actually made it worse. So I re-installed Fedora. Since I dual boot that PC I forgot my procedure to set up the boot sector correctly. As a reminder to me, I need to check the advanced boot options. When I get to the Advance Boot Options screen I can tell it save the boot information on the first sector of /dev/hdb1(i.e. /boot). This way I can leave the MBR on /dev/hda untouched. The new installation is running fine with the new monitor and the default settings. I eventually did reconfigure Fedora for 1280×024.
Another problem I had was remembering the correct network settings again. I use ISA on my SBS server as my firewall and it requires authentication. I had this working so I knew the correct configuration existed. I remembered to set up my Fedora box as a static IP but I forgot how to setup the proxy correctly. In Fedora you need to go into the Desktop-Preferences-Network Proxy-Details and enter the userid and pasword. Then Yum and Yum Extender will work through the firewall. You can use Firefox to go through the firewall by setting the preferences but that does not help you with Yum. Environmental variables did not work for me. Once you have the Network Proxy set up correctly, everything thinks they have a direct connection.
My new Samsung LCD monitor is nice but it has an annoying habit of telling me I need to run at a higher resolution. For my windows workstations I just changed the resolution and move on to other things. With I cranked up Linux(FC4), linux locked up. That’s not good! I guess I have to go find my rescue disk.
I just implemented Spam Karma to minimize my comment spam(about 30 per day). Since I have used a previous version of the plugin I expect it to do the job without much fuss.
I have been getting a lot of spam in my blog recently. WordPress has put all of it into comment moderation. I have been going into WordPress daily and marking the comments as spam. This is getting annoying so I may start using an addin to automate this process.
The Soul of a Virtual Machine : Sysprepping a virtual machine
I learned how to do this at TechEd 2004 in a lab led by Robert Larson, one of our resident Virtual Server gurus. You can create a “base†virtual machine with the operating system and applications you want, and then copy its .vhd file to use for other virtual machines. When you do this, it’s important to run a tool called Sysprep on the base virtual machine. That way, when you start a virtual machine that uses a copy of the base virtual machine’s .vhd file, the guest operating system will be assigned a new SID, GUID, MAC address, and so forth when it starts up. This way you won’t end up with network conflicts between different virtual machines that use the same copied .vhd file.
I had been looking at the new backup options for SBS for some time. When you include SAN options there are a lot of options available. The SAN options are particularlly fascinating. Toms’s Hardware has some really interesting reviews of Infrant and Bufalo. I finally have decided to add an external drive to the server. The SAN option does not buy me any advantages since the data I want to save is on the server. A SAN might be handy if I wanted to backup my video and photo libraries that are located on my local hard drive and I was running a 1GB Lan. So I opted for a USB drive for my server. This drive will be connected via USB so I bought a USB2 board. The 250 GB should provide me with enough space to use incremental backups.
About a week ago my CRT monitor started making a popping sound once a day. The screen would temporarily lose its adjustment and then go back to normal. Two days ago the screen went black after the popping sound. So yesterday I ordered a new Samsung LCD monitor that Buy.com was pushing. It is 19 inches, has a 8 ms latency, and costs just under $300. Today my monitor failed. It works but the screen is more artsy than readable. So I borrowed my son’s CRT while I wait for delivery. My son has a tablet so his school work is not in danger. The only thing is danger is my son’s video game time.
This is pretty cool, I miss clicked and found a new feature in Word 2003. Hold down ALT and click on a word. The Research bar comes up with the definition, thesaurus, and a translation for the word you clicked on.
This is even cooler! If you click on translate, it takes you to WorldLingo.com and shows you a translated version of your document in the language of your choice.
I do have my gripes with Office, but this is pretty darn cool!
[Via SeanDaniel.com on SBS 2003 & other Tech-stuff]
Wow! I didn’t know this! This is pretty cool but I am not sure how much I am going to use this. I am an infrequent user of Word 2003. I can imagine it maybe more useful for some other people, such as, my son. He is fourteen and I am always telling him to look up words in the dictionary.
I am finally getting good at this. This took me ten minutes. My procedure is:
Last Friday I got Fedora FC4 to communicate with my SBS network. I have some bugs I am still working on. I had found several recent articles on the subject and it looked fairly easy. Setting up Keberos was fairly easy and I got my ticket. I setup Winbind and SMB but I am not happy with the configuration screen for Winbind since it doesn’t do anything. I had to configure the smb.conf file manually. I have been able to browse the Windows shares from Linux and transfer files okay but my single signon and access from my windows client is broken. I would kind of like these last two things to be working but it is a low priority. Ultimately I would like to see how hard it is too integrate a Linux file server into a network and it use it for a QuickBooks company file. So far it looks like SBS is an easier solution.
On Tue, Jul 19, 2005 at 02:16:09AM -0230, Shane Lahey wrote:
> MM> Install the “yum-utils” package from Fedora Extras, and run:
> MM> sudo package-cleanup –oldkernels
> MM> (assuming you have sudo privileges, of course).
>
> Im still new to Fedora Core myself, diden’t realize there was a
> package-cleanup. Would it be better to use the package-cleanup rather
> than ‘rpm -e’, or do they both do the same thing?yum-utils is new, so it’s no surprise it’s not widely known. Ultimately, it does the same thing as rpm -e, but it’s less prone to typos (oops! I removed all my kernels!) and has more features. Well, one feature — it can conveniently remove all kernels but the latest N (defaults to 2) in one swoop.
Local Admin/Power User Hall of Shame
This site contains a partial list of programs that require Admin rights and do not support current security patches. The SBS Diva was writing about a vendor whose program support would not support users who had installed the current set of XP security patches.
It also has instructions on how to use QuickBooks with a restricted user. I will have to try it out although I am uncomfortable with an non Intuit solution.
Yesterday I was working on updating the flyers for our farm. The stuff we have on the website is okay for quick prints but I would like to tweak the flyers to take advantage of the print format. This led me on another diversion. Sometime ago I had created the flyers in WordPerfect because it had the ability to export PDF files. So when I went back to work on the old flyers I realized that I have not installed WordPerfect anywhere. The support for WordPerfect file format is practically non-existent in Word. Since I was curious I looked at OpenOffice. It had a WordPerfect filter and I knew it had the ability to export PDF files. So I installed OpenOffice on my beta machine. Technically everything worked as expected. My problem was that I needed to replace almost all of the text and pictures. So I was back to square one. Since I had Writer open I went ahead, copied the web data into the flyer, and reformatted it to my liking. I then exported the document as a PDF. That was quick and accurate but not exactly what I wanted. I wanted the export to subset the font I used for the title. Instead it substituted another font. Not a big problem but I like the font I was using so I saved the document in Word97 format and opened it in Word 2003 on my main computer. Everything looked okay except the margins and the page breaks. I printed the document to PDFCreator and got the Acrobat I file I was looking for. I knew from previous experience that PDFCreator does subset the fonts. For kicks I went back to Writer and tried to print to PDFCreator but PDFCreator failed with an error message. Since both PDFCreator and Writer use Ghostscript as their engine someday I will probably go back and try to figure out why Writer did not subset the font.
After looking at the first flyer for a bit I noticed that I had used drop shadows on one of the photos. I like the look of drop shadowns so I decided to put drop shadows on the other photo. I went to Corel PhotoPaint because I was familiar with how I used to do it in PhotoPaint. I put the Drop Shadows on but I did not get the 3D effect I wanted. I tried changing several things but it wasn’t coming together fast enough for me. So I went to Photoshop Elements and read the Help file. Despite my best effort to try and make it different than PhotoPaint the procedure was almost the same. The effect was better but not quite right. Expanding the canvas helped but I was guessing at how much to expand it. I tried the Reveal All in the Resize menu and finally got the effect I wanted. I realize now that the canvas size was probably the same problem I had with making realistic drop shadows in PhotoPaint.
Email Service Provider Coalition
My host provider, bluehost, updated my TXT record yesterday with my Sender ID info. Unlike Domainkeys the mail receiver does all of the work so I needed a way to test out the changes. The answer was easy to find. The nice folks at the Email Service Provider Coalition provides this page so that you can verify that SPF is working. This was easy!
Yesterday I changed the MX record to point at my server. Inbound SMTP works. I briefly checked out Sender ID and the SPF wizard available at http://spf.pobox.com/wizard.html. I am going to send a support request in today to update my DNS to use it.
MSFN’s Unattended XP CD – Introduction
Have you ever wanted a Windows CD that would install Windows by automatically putting in your name, product key, timezone and regional settings?
I got carried away again! One of the default sites in the RSS reader for Desktop Sidebar was msfn.org. It just so happened that a beta for nLite had just been released. nLite is a more automatic way of creating bootable installation CD-ROM for W2K, WinXP, etc. with the service pack and patches already integrated. I am interested in having an up-to-date installation disk since it is my traditional way to fix unsolvable PC problems. A slip streamed XP is a step forward but a slip streamed XP with the patches integrated can be a major time saver and much more secure. So I installed Virtual PC 2004 Trial and nLite and went to work. After some initial success I tried Ryan’s update patch where I failed after multiple attempts. It all got very frustrating since I was very close. Yet it became even more frustrating since VPC uses all of my CPU(PIII-700) and the WinXP install under VPC was taking a very long time. I finally got smart and installed VPC on my son’s PC since he was out and his PC was available. His PC(AMD3000+) is much faster and he has the available disk space(2GB). Then I went back to the basics. I created a XP+SP2 disk image and listed the patches required. I downloaded the patches and integrated them individually into a new disk image. Now it works like a charm. I think I will try one more tweak. I am going to slipstream MP10 into the patched version. This would leave only dotnet, acrobat, and JRE for the post installation process. That would be pretty cool!
Last week I bit the bullet and ordered a static ip for my SBS server. It only costs $5/month extra. Yesterday I was informed it was ready to go in the traditional tech support way, my network stopped communicating with the internet. When I called to report the problem, they said I needed to update my router with the static IP address. Next I asked my web server provider to install an A record for the subdomain. That was finally ready today. I checked it using NSLOOKUP and www.dnsstuff.com. Then I ran ICEW and created a certificate for the new fully qualified domain name(FQDN). My final test was to login to OWA.
Since everything was working for http access I went back and ran ICEW again. This time I told it to change my email to use DNS rather than Smarthost to send mail. To test the outbound access I sent an email to my yahoo email address. Before I changed my MX record I decided to check my configuration for open SMTP relay. That is where I ran into this article. My server passed the test so I am ready to go live.