Top Level Category

Table of Contents

  1. Contents of Top Level Category
    1. Backup Software
      1. Amanda
      2. Backup Exec
      3. NTBackup
    2. Database
      1. MySQL
      2. Oracle
    3. Document Processing
      1. Adobe PDF
      2. Microsoft Word
    4. Email
      1. General Issues
      2. Microsoft Exchange
      3. Outlook (Outlook category)
      4. Scalix
      5. SpamAssassin
    5. Handhelds
      1. Blackberry (Blackberry Category)
      2. Palm
      3. Treo
    6. How-To (General How-To Category)
    7. Internet
      1. Browsers
        1. Internet Explorer
      2. SSL
    8. Linux
      1. Red Hat
        1. Security
    9. Networking (Networking Category)
      1. Cisco
      2. Connectivity Problems
      3. Linksys
      4. Netgear
      5. Security
    10. Peachtree Accounting
    11. Solutions (Solutions to Problems Category)
    12. Storage
      1. Mirra Servers
    13. VNC
    14. Web Servers
      1. Apache
      2. IIS
      3. PHP
    15. Windows
      1. XP (Windows XP Documents)
        1. How-To (How To Documents)
        2. Technical Solutions (Technical solutions)
      2. Vista
      3. Windows 7
      4. Windows 8
    16. Windows 2000
    17. Windows Server (Windows Server)
      1. Active Directory (Active Directory /Domains)
      2. Server 2003 (Windows Server )

Top Level Category

Parent category to all other categories

Venice Computer Services LLC Knowledge Base Collection




This knowledge base has been created during the course of solving various client problems and is used not only for technical reference for Venice Computer Services LLC Help Desk personnel, but also can be used by anyone searching for answers to the same questions and problems.


Click here to return to main site.
Ruth Miller

Backup Software

There are no articles in this category.

Amanda

Amanda Error: Socket Operatioin on non-socket

I had been running the RH EL 4 distributed version but wanted to explore the new encryption options, and encountered the following problems when running amcheck on the 252p1 community edition.

The system is RH EL 4, IPV6 stack is turned off via modprobe.conf:

#Disable IPv6
alias net-pf-10 off

Amanda configured to use BSD auth and udp in both xinetd and amanda.conf.

disklist is setup to run only the local host, using either localhost or the FQDN.

With or without the IPV4 flag thrown in the xinetd.d/amanda file.

amcheck returns:

Amanda Backup Client Hosts Check
--------------------------------
WARNING: MyHost.MyDomain.com: selfcheck request failed: error sending REQ: send REQ to MyHost.MyDomain.com failed: Socket operation on non-socket
Client check: 1 host checked in 0.007 seconds, 1 problem found

/tmp/amanda/server/DailyActiveSet/amcheck..... returns:

amcheck: debug 1 pid 2719 ruid 33 euid 0: start at Sat Sep 15 20:09:52 2007
amcheck: debug 1 pid 2719 ruid 33 euid 33: rename at Sat Sep 15 20:09:52 2007
amcheck-clients: time 0.007: security_getdriver(name=bsd) returns 0x8fe3c0
amcheck-clients: time 0.007: security_handleinit(handle=0x86242e0, driver=0x8fe3
c0 (BSD))
amcheck-clients: time 0.014: dgram_bind: socket() failed: Address family not sup
ported by protocol
amcheck-clients: time 0.014: dgram_send_addr(addr=0x8624300, dgram=0x910544)
amcheck-clients: time 0.014: (sockaddr_in6 *)0x8624300 = { 10, 10080, ::ffff:99.
99.99.99 }
amcheck-clients: time 0.014: dgram_send_addr: 0x910544->socket = 0
amcheck-clients: time 0.014: dgram_send_addr: sendto(::ffff:99.99.99.99.10080) fa
iled: Socket operation on non-socket
amcheck-clients: time 0.014: security_seterror(handle=0x86242e0, driver=0x8fe3c0
(BSD) error=send REQ to MyHost.MyDomain.com failed: Socket operation on non-s
ocket)
amcheck-clients: time 0.014: security_seterror(handle=0x86242e0, driver=0x8fe3c0
(BSD) error=error sending REQ: send REQ to MyHost.MyDomain.com failed: Socket
operation on non-socket)
amcheck-clients: time 0.014: security_close(handle=0x86242e0, driver=0x8fe3c0 (B
SD))
amcheck: time 3.995: pid 2719 finish time Sat Sep 15 20:09:56 2007

After converting to tcp/bsdtcp auth the problem goes away. So this is not critical for my environment where I can use tcp. But there appears to be a problem in the ipv4-ipv6 mapping... The check code is attempting to use an ipv4 address mapped to ipv6 on a system that is not configured to run ipv6.

It took several hours to verify my configuration in detail, and then attempted work arounds to discover that things seem to work using tcp as opposed to udp.

I thought I should pass it on as it may be causing others problems.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Solution:


Since you are using amanda-2.5.2p1, I suggest you use the bsdtcp auth.
It will require no firewall rules.
Port 10082 and 10083 are not use in 2.5.2 and above, your server need them only if you have older client (amrecover).
To use bsdtcp auth:
- change your dumptype to have: auth "bsdtcp"
- change your amanda xinetd configuration:
socket_type = stream
protocol = tcp
wait = no
server_args = -auth=bsdtcp amdump amindexd amidxtaped

Jean-Louis
Ruth Miller

The 15 Minute Amanda Backup How-To

This is not an original article - it has been saved from zmanda.com for reference purposes only.

The 15-Minute Backup Solution

Note: This setup was performed using Amanda 2.5.1p2 community edition.

Secure Network Backups in a Heterogeneous Environment in the Time it Takes to Have Pizza Delivered (All Using Open Source Software!)

By Lois Garcia and Pavel Pragin
The Problem

Today's businesses rarely run on just one operating system. Linux users and administrators often have strong preferences for one distribution over another; web designers might lean towards the Mac; legacy software and hardware can include various UNIX operating systems. Despite the complexity of modern business computing environments, a system administrator is expected to find a reliable backup solution.

Even in the case where users are expected to keep important files on networked resources, for true intellectual data security, desktop machines and laptops will also be backed up. The price of hard disk storage is continuously falling, bringing terabytes of storage within reach, and increasing the amount of data that can potentially be lost. (The amount of data that you have will always expand to fit the storage available; as the golden rule states.) We live in a global and e-commerce economy, where businesses run around the clock and crucial business data changes commensurately.

The Challenge

For our 15-minute challenge, you will backup two Linux systems (each running a different Linux distribution) and one Windows system, using freely downloadable open source software.

Our scenario is as follows:

The user "pavel" works with sensitive information. We need to make an encrypted backup of his home directory, /home/pavel, which resides on a Fedora Core Linux system called Iron. Our webmaster needs the webserver's document home backed up, the /var/www/html directory on a SUSE Enterprise Linux system called Copper. Our manager works solely on a Windows XP system called Uranium, and keeps all of his work in the MyDocuments folder, so we will need to add //Uranium/MyDocuments to our backup configuration.

The Solution: Amanda

Amanda is open-source backup software that is flexible, secure and scalable to dynamic computing environments. Amanda can save you from expensive proprietary backup software and those custom backup scripts that have a propensity to break at the worst times. Dating back to 1991, Amanda has been used successfuly in environments from one standalone machine to hundreds of clients. Amanda is so thoroughly documented, from community wikis to published system administration texts, that it might be hard to discern just how easy an Amanda backup can be.

This article will show you how, in about 15 minutes, you can:

1. Install and configure the Amanda backup server.

2. Prepare three different clients for backup.

3. Set backup parameters.

4. Verify the configuration.

5. Verify the backup.

[-PAGE-]

We will install and configure Amanda backup server software on Quartz, which is running Red Hat Enterprise Linux. We will install and configure Amanda backup client software on Copper and on Iron. The Windows XP client, Uranium, will be backed up with Amanda server software running in conjunction with Samba on the backup server, Quartz.

Client

Filesystem

OS

Compression

Encryption

Copper

/var/www/html

SLES9

Yes

No

Iron

/home/pavel

FC4

Yes

Yes

Uranium

//uranium/MyDocuments*

WINXP

Yes

No

* using Samba (i.e. without installing any software on the Windows system)

chart - 15 minute setup

Amanda gives you the capability to use disk storage as backup media. Configuring, initiating and verifying a backup will complete the backup cycle, all in less than the time it takes for a pizza to be delivered!

Prerequisites

The basic Amanda setup consists of an Amanda server, the Amanda client or clients that are to be backed up, and the backup storage media such as a tape or hard disk device. An intermediate holding area for caching data is not absolutely necessary, but will improve performance significantly and is considered part of a basic setup.

Before we begin, please review the introduction to Amanda. Then, note the following prerequisites:

To support the encrypted backup of /home/pavel on Iron, the following packages should be installed and available on Iron:

Also note that this article assumes a fresh install of Amanda. If you have an existing Amanda installation, additional steps are needed to ensure the proper upgrade to the latest Amanda release, (2.5.1p2 and later).

TIP: You can copy and paste all of the examples here, making appropriate modifications for your environment.

Order Pizza

Call your favorite pizza delivery place, set your stopwatch and...

Install and Configure the Amanda Backup Server

1.    Log in as root on Quartz, the Red Hat Enterprise Linux 4 server.

2.    Install the Amanda 2.5.1p2 amanda-backup_server RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

[root@quartz server]# rpm -ivh amanda-backup_server-2.5.1p2-1.rhel4.i386.rpm

warning: amanda-backup_server-2.5.1p2-1.rhel4.i386.rpm: V3 DSA signature: NOKEY, key ID 3c5d1c92
Preparing...                ########################################### [100%]
Jan  5 2007 12:12:55: Preparing to install: Amanda Community Edition - version 2.5.1p2
Jan  5 2007 12:12:55: Checking for 'amandabackup' user...
Jan  5 2007 12:12:55:
Jan  5 2007 12:12:55:  The Amanda backup software is configured to operate as the
Jan  5 2007 12:12:55:  user 'amandabackup'.  This user exists on your system and has not
Jan  5 2007 12:12:55:  been modified.  To ensure that Amanda functions properly,
Jan  5 2007 12:12:56:  please see that the following parameters are set for that
Jan  5 2007 12:12:56:  user.:
Jan  5 2007 12:12:56:
Jan  5 2007 12:12:56:  SHELL:          /bin/sh
Jan  5 2007 12:12:56:  HOME:           /var/lib/amanda
Jan  5 2007 12:12:56:  Default group:  disk
Jan  5 2007 12:12:56:
Jan  5 2007 12:12:56:  Checking ownership of '/var/lib/amanda'... correct.
Jan  5 2007 12:12:57:
Jan  5 2007 12:12:57: === Amanda backup server installation started. ===

   1:amanda-backup_server   ########################################### [100%]

Jan  5 2007 12:13:05: Updating system library cache...done.
Jan  5 2007 12:13:21: Installing '/etc/amandates'.
Jan  5 2007 12:13:21: The file '/etc/amandates' has been created.
Jan  5 2007 12:13:21: Ensuring correct permissions for '/etc/amandates'.
Jan  5 2007 12:13:21: '/etc/amandates' Installation successful.
Jan  5 2007 12:13:22: Checking '/var/lib/amanda/.amandahosts' file.
Jan  5 2007 12:13:22: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
Jan  5 2007 12:13:23: Setting ownership and permissions for '/var/lib/amanda/.profile'
Jan  5 2007 12:13:23: === Amanda backup server installation complete. ===
Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

3.    The Amanda services are started by the extended internet daemon, xinetd, which is why you must have xinetd installed on every Amanda server and client. In any text editor, create one xinetd startup file, /etc/xinetd.d/amandaserver , with content as follows.

For the /etc/xinetd.d/amandaserver file, on Quartz:

# default: on
#
# description: Amanda services for Amanda server and client.
#
service amanda
{
        disable         = no
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = amandabackup
        group           = disk
        groups          = yes
        server          = /usr/lib/amanda/amandad
        server_args     = -auth=bsdtcp amdump amindexd amidxtaped
}

4.    Restart xinetd on Quartz.

[root@quartz xinetd.d]# service xinetd reload
Reloading configuration:                                   [  OK  ]

5.    Note the time. Only about five minutes should have passed!

[-PAGE-]

Install and Configure Three Different Amanda Clients

Installation of Amanda Client RPM on Iron (FC4)

1.    Log in as root on Iron, your Fedora Core 4 client.

2.    Install the Amanda 2.5.1p2 backup_client RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

[root@iron client]# rpm -ivh amanda-backup_client-2.5.1p2-1.fc4.i386.rpm
warning: amanda-backup_client-2.5.1p2-1.fc4.i386.rpm: Header V3 DSA signature: NOKEY, key ID 3c5d1c92
Preparing...                ########################################### [100%]
Jan  5 2007 10:17:16: Preparing to install: Amanda Community Edition - version 2.5.1p2
Jan  5 2007 10:17:16: Checking for 'amandabackup' user...
Jan  5 2007 10:17:16:
Jan  5 2007 10:17:16:  The Amanda backup software is configured to operate as the
Jan  5 2007 10:17:17:  user 'amandabackup'.  This user exists on your system and has not
Jan  5 2007 10:17:17:  been modified.  To ensure that Amanda functions properly,
Jan  5 2007 10:17:17:  please see that the following parameters are set for that
Jan  5 2007 10:17:17:  user.:
Jan  5 2007 10:17:17:
Jan  5 2007 10:17:17:  SHELL:          /bin/sh
Jan  5 2007 10:17:17:  HOME:           /var/lib/amanda
Jan  5 2007 10:17:17:  Default group:  disk
Jan  5 2007 10:17:17:
Jan  5 2007 10:17:17:  Checking ownership of '/var/lib/amanda'... correct.
Jan  5 2007 10:17:17:
Jan  5 2007 10:17:17: === Amanda backup client installation started. ===

   1:amanda-backup_client   ########################################### [100%]

Jan  5 2007 10:17:21: Updating system library cache...done.
Jan  5 2007 10:17:30: Checking '/var/lib/amanda/.amandahosts' file.
Jan  5 2007 10:17:31: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
Jan  5 2007 10:17:31: Setting ownership and permissions for '/var/lib/amanda/.profile'
Jan  5 2007 10:17:31: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
Jan  5 2007 10:17:31: Setting ownership and permissions for '/var/lib/amanda/.profile'
Jan  5 2007 10:17:31: === Amanda backup client installation complete. ===
Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

3.    In any text editor, create an xinetd startup file, /etc/xinetd.d/amandaclient, with content as follows.

# default: on
#
# description: Amanda services for Amanda client.
#
service amanda
{
        disable         = no
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = amandabackup
        group           = disk
        groups          = yes
        server          = /usr/lib/amanda/amandad
        server_args     = -auth=bsdtcp amdump
}

4.    Restart xinetd on Iron.

[root@ironxinetd.d]# service xinetd reload
Reloading configuration:                                   [  OK  ]

5.    Become the amandabackup user and append the line "quartz.zmanda.com amandabackup amdump" to the /var/lib/amanda/.amandahosts file on Iron. This allows Quartz, the Amanda backup server, to connect to Iron, the Amanda client.

Note that you should use fully qualified domain names when configuring Amanda.

-bash-3.00$ echo quartz.zmanda.com amandabackup amdump >> /var/lib/amanda/.amandahosts
-bash-3.00$ chmod 700 /var/lib/amanda/.amandahosts

6.    Save the passphrase as a hidden file in the home directory of the amandabackup user. Protect the file with the proper permissions.

As the user amandabackup: 

-sh-3.00$ chown amandabackup:disk ~amandabackup/.am_passphrase
-sh-3.00$ chmod 700 ~amandabackup/.am_passphrase

7.    Create a script that enables encryption on the client Iron.

As root create a file /usr/sbin/amcryptsimple:
 

#!/usr/bin/perl -w
use Time::Local;
my $AMANDA='amandabackup';
$AMANDA_HOME = (getpwnam($AMANDA) )[7] || die "Cannot find $AMANDA home directory\n" ;
$AM_PASS = "$AMANDA_HOME/.am_passphrase";
$ENV{'PATH'} = '/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin';
$ENV{'GNUPGHOME'} = "$AMANDA_HOME/.gnupg";
sub encrypt() {

   system "gpg --batch --disable-mdc --symmetric --cipher-algo AES256 --passphrase-fd 3  3<$AM_PASS";}
sub decrypt() {

    system "gpg --batch --quiet --no-mdc-warning --decrypt --passphrase-fd 3  3<$AM_PASS";
}
if ( $#ARGV > 0 ) {

    die "Usage: $0 [-d]\n";
}
if ( $#ARGV==0 && $ARGV[0] eq "-d" ) {

   decrypt();
}
else {

   encrypt();
}

7.    Change the owership and the permissions on the file /usr/sbin/amcryptsimple you just created:

[root@iron sbin]# chown amandabackup:disk /usr/sbin/amcryptsimple
[root@iron sbin]# chmod 750 /usr/sbin/amcryptsimple

9.    This completes configuration of the Amanda client on Iron.

[-PAGE-]

Installation of Amanda Client RPM on Copper (SLES9)

1.    Log in as the root user on Copper, your SUSE Linux Enterprise Server 9 client.

2.    Install the Amanda 2.5.1p2 backup_client RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

copper:/ # rpm -ivh amanda-backup_client-2.5.1p2-1.sles9.i586.rpm
warning: amanda-backup_client-2.5.1p2-1.sles9.i586.rpm: V3 DSA signature: NOKEY, key ID 3c5d1c92

Preparing...                ########################################### [100%]

Jan  5 2007 07:20:21: Preparing to install: Amanda Community Edition - version 2.5.1p2
Jan  5 2007 07:20:21: Checking for 'amandabackup' user...
Jan  5 2007 07:20:21:
Jan  5 2007 07:20:21:  The Amanda backup software is configured to operate as the
Jan  5 2007 07:20:21:  user 'amandabackup'.  This user exists on your system and has not
Jan  5 2007 07:20:21:  been modified.  To ensure that Amanda functions properly,
Jan  5 2007 07:20:21:  please see that the following parameters are set for that
Jan  5 2007 07:20:22:  user.:
Jan  5 2007 07:20:22:
Jan  5 2007 07:20:22:  SHELL:          /bin/sh
Jan  5 2007 07:20:22:  HOME:           /var/lib/amanda
Jan  5 2007 07:20:22:  Default group:  disk
Jan  5 2007 07:20:22:
Jan  5 2007 07:20:22:  Checking ownership of '/var/lib/amanda'... correct.
Jan  5 2007 07:20:22:
Jan  5 2007 07:20:22: === Amanda backup client installation started. ===

   1:amanda-backup_client   ########################################### [100%]

Jan  5 2007 07:20:26: Updating system library cache...done.
Jan  5 2007 07:20:26: Checking '/var/lib/amanda/.amandahosts' file.
Jan  5 2007 07:20:27: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
Jan  5 2007 07:20:27: Setting ownership and permissions for '/var/lib/amanda/.profile'
Jan  5 2007 07:20:27: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
Jan  5 2007 07:20:27: Setting ownership and permissions for '/var/lib/amanda/.profile'
Jan  5 2007 07:20:27: === Amanda backup client installation complete. ===
Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

3.    In any text editor, create an xinetd startup file, /etc/xinetd.d/amandaclient, with content as follows.

# default: on
#
# description: Amanda services for Amanda client.
#
service amanda
{
        disable         = no
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = amandabackup
        group           = disk
        groups          = yes
        server          = /usr/lib/amanda/amandad
        server_args     = -auth=bsdtcp amdump
}

5.  Restart xinetd on Copper.

copper:/ # /etc/rc.d/xinetd restart
Reload INET services (xinetd).                                       done

6.  Become the amandabackup user and append the line "quartz.zmanda.com amandabackup amdump" to the /var/lib/amanda/.amandahosts file on Copper. This allows Quartz, the Amanda backup server, to connect to Copper, the Amanda client.
Note that you should use fully qualified domain names when configuring Amanda.

-bash-3.00$ echo quartz.zmanda.com amandabackup amdump >> /var/lib/amanda/.amandahosts
-bash-3.00$ chmod 700 /var/lib/amanda/.amandahosts

7.    This completes configuration of the Amanda client on Copper. If you check your watch, you should find that only about ten minutes have passed!


Configurations Required to Backup Windows Client Uranium

·       Configuration done on backup server Quartz:

1.    The file /etc/amandapass must be created manually, owned by the amandabackup user and have permissions of 700. The amandapass file contains share name to user name, password and workgroup mapping.

As the root user:

[root@quartz /]# echo //uranium/MyDocuments zmanda%amanda Workgroup >> /etc/amandapass

2.    Change the ownership and permissions on this file:

[root@quartz etc]# chown amandabackup:disk /etc/amandapass
[root@quartz etc]# chmod 700 /etc/amandapass

·       Configuration done on Windows client Uranium:

The directory getting backed up must be shared from Windows and must be
accessible by the Windows user zmanda with the password amanda.

[-PAGE-]

Set Backup Parameters

1.    On Quartz, as the amandabackup user, create the Amanda configuration directory.

[root@quartz etc]# su - amandabackup
-bash-3.00$ mkdir /etc/amanda/DailySet1

2.    Copy the /var/lib/amanda/example/amanda.conf file to the /etc/amanda/DailySet1 directory. The amanda.conf file is the most important file for configuring your Amanda setup.

-bash-3.00$ cp /var/lib/amanda/example/amanda.conf /etc/amanda/DailySet1

3.    The sample amanda.conf distributed with Amanda is over 700 lines long and is extensively commented. For more information, search for amanda.conf on the Amanda wiki. We will focus on just a few lines and make minimal modifications.

Open /etc/amanda/DailySet1/amanda.conf with any text editor and edit it to suit your environment.

·       The following lines control some details specific to your organization and to your tape configuration.

org "YourCompanyName"                          # your organization name for reports
mailto "root@localhost"                        # space separated list of operators at your site
tpchanger "chg-disk"                           # the tape-changer glue script
tapedev "file://space/vtapes/DailySet1/slots"  # the no-rewind tape device to be used
tapetype HARDDISK                              # use hard disk intead of tapes (vtape config)

·       We add the following lines to specify the size of the virtual tapes:

define tapetype HARDDISK {
 length 100000 mbytes
}

·       We add the following lines to support the encrypted backup of /home/pavel on Iron:

define dumptype encrypt-simple {
root-tar
comment "client simple symmetric encryption, dumped with tar"

encrypt client
compress fast
client_encrypt "/usr/sbin/amcryptsimple"
client_decrypt_option "-d"
}

      . Go to the “define dumptype global” section in the amanda.conf file and add the “auth "bsdtcp"” line right before the last “}” bracket. This is done to enable “BSDTCP” authentication.

# index yes
# record no
# split_diskbuffer "/raid/amanda"
# fallback_splitsize 64m
auth "bsdtcp"

4.    As the root user, create a cache directory to use as a holding disk.

[root@quartz ~]# mkdir -p /dumps/amanda
[root@quartz ~]# chown amandabackup:disk /dumps/amanda
[root@quartz ~]# chmod 750 /dumps/amanda

5.    Create the virtual tapes. Dedicated directories are used as “virtual tapes” called vtapes. You work with vtapes in the same way that you work with physical tapes. Vtapes can even simulate tape changers, as you will see in our example.

For security reasons, limit access to the vtapes directory to the amandabackup user.

As the root user:

[root@quartz ~]# mkdir -p /space/vtapes
[root@quartz ~]# chown amandabackup:disk /space/vtapes
[root@quartz ~]# chmod 750 /space/vtapes

As the amandabackup user:

-bash-3.00$ touch /etc/amanda/DailySet1/tapelist
-bash-3.00$ mkdir -p /space/vtapes/DailySet1/slots
-bash-3.00$ cd /space/vtapes/DailySet1/slots
-bash-3.00$ for ((i=1; $i<=25; i++)); do mkdir  slot$i;done
-bash-3.00$ ln -s slot1 data

6.    Test the virtual tape setup.

-bash-3.00$ ammt -f file:/space/vtapes/DailySet1/slots status
file:/space/vtapes/DailySet1/slots
status: ONLINE

7.    Just as with physical tapes, the virtual tapes now need to be labeled. (Please note that the output below has been truncated.)

bash-3.00$ for ((i=1; $i<=9;i++)); do amlabel DailySet1 DailySet1-0$i slot $i; done
changer: got exit: 0 str: 1 file://space/vtapes/DailySet1/slots
labeling tape in slot 1 (file://space/vtapes/DailySet1/slots):
rewinding, reading label, not an amanda tape (Read 0 bytes)
rewinding, writing label DailySet1-01, checking label, done.
...
changer: got exit: 0 str: 9 file://space/vtapes/DailySet1/slots
labeling tape in slot 9 (file://space/vtapes/DailySet1/slots):
rewinding, reading label, not an amanda tape (Read 0 bytes)
rewinding, writing label DailySet1-09, checking label, done.

-bash-3.00$ for ((i=10; $i<=25;i++)); do amlabel DailySet1 DailySet1-$i slot $i; done
changer: got exit: 0 str: 10 file://space/vtapes/DailySet1/slots
labeling tape in slot 10 (file://space/vtapes/DailySet1/slots):
rewinding, reading label, not an amanda tape (Read 0 bytes)

 rewinding, writing label DailySet1-10, checking label, done.
...
changer: got exit: 0 str: 25 file://space/vtapes/DailySet1/slots
labeling tape in slot 25 (file://space/vtapes/DailySet1/slots):
rewinding, reading label, not an amanda tape (Read 0 bytes)
rewinding, writing label DailySet1-25, checking label, done.

8.    Now we need to reset the virtual tape changer back to the first slot.

-bash-3.00$ amtape DailySet1 reset
changer: got exit: 0 str: 1
amtape: changer is reset, slot 1 is loaded.

9.    Create an /etc/amanda/DailySet1/disklist file in the Amanda configuration directory. The disklist contains the fully qualified backup client names, the directory or directories to be backed up and the dumptype.

copper.zmanda.com /var/www/html comp-user-tar
iron.zmanda.com /home/pavel encrypt-simple
quartz.zmanda.com //uranium/MyDocuments comp-user-tar

10.                        As the user amandabackup, append the following lines to the /var/lib/amanda/.amandahosts file to allow the backup clients to connect back to the server when doing restores. Specify fully qualified domain names.

iron.zmanda.com root amindexd amidxtaped
copper.zmanda.com root amindexd amidxtaped
quartz.zmanda.com root amindexd amidxtaped
quartz.zmanda.com amandabackup admump

11.                        Create a cron job that will execute amdump and initiate your backups automatically. As the amandabackup user, run crontab -e,and add the following line to run backups Monday through Friday at 1am.

0 1 * * 1-5 /usr/sbin/amdump DailySet1


[-PAGE-]

Verify Your Configuration

1.    On Quartz, as amandabackup, run the amcheck tool to verify that you can successfully perform a backup.

-bash-3.00$ amcheck DailySet1
Amanda Tape Server Host Check
-----------------------------
Holding disk /dumps/amanda: 16714488 KB disk space available, using 16612088 KB
slot 1: read label `DailySet1-01', date `X'
NOTE: skipping tape-writable test
Tape DailySet1-01 label ok
NOTE: conf info dir /etc/amanda/DailySet1/curinfo does not exist
NOTE: it will be created on the next run.
NOTE: index dir /etc/amanda/DailySet1/index does not exist
NOTE: it will be created on the next run.
Server check took 4.259 seconds
Amanda Backup Client Hosts Check
--------------------------------
Client check: 3 hosts checked in 27.097 seconds, 0 problems found
(brought to you by Amanda 2.5.1p2)


Run a Backup

1.    On Quartz, as amandabackup, run amdump to start the DailySet1 backup.

-bash-3.00$ amdump DailySet1

2.    Amanda will email a detailed status report from the amandabackup user to you, the root user on Quartz.

From amandabackup@quartz.zmanda.com  Fri Jan  5 13:04:20 2007
Date: Fri, 5 Jan 2007 13:04:19 -0800
From: Amanda user <amandabackup@quartz.zmanda.com>
To: root@quartz.zmanda.com
Subject: YourCompanyName AMANDA MAIL REPORT FOR January 5, 2007

These dumps were to tape DailySet1-02.
The next tape Amanda expects to use is: a new tape.
The next new tape already labelled is: DailySet1-02.

STATISTICS:
                          Total       Full      Incr.
                        --------   --------   --------

Estimate Time (hrs:min)    0:00
Run Time (hrs:min)         0:00
Dump Time (hrs:min)        0:00       0:00       0:00
Output Size (meg)           3.5        3.5        0.0
Original Size (meg)        11.8       11.8        0.0
Avg Compressed Size (%)    29.7       29.7        --
Filesystems Dumped            3          3          0
Avg Dump Rate (k/s)       292.8      292.8        --
Tape Time (hrs:min)        0:00       0:00       0:00
Tape Size (meg)             3.7        3.7        0.0
Tape Used (%)               0.0        0.0        0.0
Filesystems Taped             3          3          0
Chunks Taped                  0          0          0
Avg Tp Write Rate (k/s)  8509.1     8509.1        --
 

USAGE BY TAPE:

  Label              Time      Size      %    Nb    Nc
  DailySet1-02       0:00     3744K    0.0     3     0 

NOTES:
  planner: Forcing full dump of copper.zmanda.com:/var/www/html as directed.
  planner: Forcing full dump of iron.zmanda.com:/home/pavel as directed.
  planner: Forcing full dump of quartz.zmanda.com://uranium/MyDocuments as directed.
  taper: tape DailySet1-02 kb 3744 fm 3 [OK]

DUMP SUMMARY:
                                       DUMPER STATS               TAPER STATS
HOSTNAME     DISK        L ORIG-KB  OUT-KB  COMP%  MMM:SS   KB/s MMM:SS   KB/s
-------------------------- ------------------------------------- -------------
copper.zmand -r/www/html 0    7640    2336   30.6    0:03  910.6   0:00 8680.7
iron.zmanda. /home/pavel 0    3530    1024   29.0    0:07  149.1   0:00 12486.1
quartz.zmand -yDocuments 0     960     384   40.0    0:03  101.0   0:00 4295.3
(brought to you by Amanda version 2.5.1p2)

3.    You can also run the tool amadmin with a find argument for a quick summary of what has been backed up.

-bash-3.00$ amadmin DailySet1 find
Scanning /dumps/amanda...

date                host              disk                  lv tape or file file part status
2007-01-05 13:04:03 copper.zmanda.com /var/www/html          0 DailySet1-02    2   -- OK
2007-01-05 13:04:03 iron.zmanda.com   /home/pavel            0 DailySet1-02    3   -- OK
2007-01-05 13:04:03 quartz.zmanda.com //uranium/MyDocuments  0 DailySet1-02    1   -- OK

  • Success!

    In just about 15 minutes, we installed and configured a secure, heterogeneous network backup, verified our configurations and ran a backup. We did it with freely downloadable open source software that you can install from binaries or compile for your unique needs. The pizza, which should be getting delivered right about now, will be that much more enjoyable with the clear conscience and peace of mind that comes with knowing that your data is secure.

  • [-PAGE-]
    Recovery
     
  • Based on feedback received on our forums we are adding a section that shows the ability to do a restore.

    1. On Copper, as root, create the "/etc/amanda" directory.

    copper:~ # mkdir /etc/amanda

    copper:~ # chown amandabackup:disk /etc/amanda


    2. As amandabackup, create a file "/etc/amanda/amanda-client.conf" and insert the lines below in to the file.

    # amanda.conf - sample Amanda client configuration file.
    #
    # This file normally goes in /etc/amanda/amanda-client.conf.
    #
    conf "DailySet1" # your config name

    index_server "quartz.zmanda.com" # your amindexd server

    tape_server "quartz.zmanda.com" # your amidxtaped server

    #tapedev "/dev/null" # your tape device
    # auth - authentication scheme to use between server and client.
    # Valid values are "bsd", "bsdudp", "bsdtcp" and "ssh".
    # Default: [auth "bsdtcp"]

    auth "bsdtcp"

    # your ssh keys file if you use ssh auth

    ssh_keys "/var/lib/amanda/.ssh/id_rsa_amrecover"


    3. As root run "amrecover" to initiate the data recovery process.

    copper:/etc/amanda # amrecover
    AMRECOVER Version 2.5.1p2. Contacting server on quartz.zmanda.com ...
    220 quartz AMANDA index server (2.5.1p2) ready.
    Setting restore date to today (2007-01-08)
    200 Working date set to 2007-01-08.
    200 Config set to DailySet1.
    501 Host copper is not in your disklist.
    Trying host copper.zmanda.com ...
    200 Dump host set to copper.zmanda.com.
    Use the setdisk command to choose dump disk to recover
    amrecover>


    4. The list of commands below will demonstrate a recovery of a set of different files and directories to the "/tmp" directory.

    amrecover> listdisk
    200- List of disk for host copper.zmanda.com
    201- /var/www/html
    200 List of disk for host copper.zmanda.com
    amrecover> setdisk /var/www/html
    200 Disk set to /var/www/html.
    amrecover> ls
    2007-01-05-13-04-03 tar-1.15/
    2007-01-05-13-04-03 .
    amrecover> cd tar-1.15
    /var/www/html/tar-1.15
    amrecover> ls
    2007-01-05-13-04-03 scripts/
    2007-01-05-13-04-03 doc/
    2007-01-05-13-04-03 configure
    2007-01-05-13-04-03 config/
    2007-01-05-13-04-03 COPYING
    2007-01-05-13-04-03 AUTHORS
    2007-01-05-13-04-03 ABOUT-NLS
    amrecover> add scripts/
    Added dir /tar-1.15/scripts/ at date 2007-01-05-13-04-03
    amrecover> add configure
    Added file /tar-1.15/configure
    amrecover> add doc/
    Added dir /tar-1.15/doc/ at date 2007-01-05-13-04-03
    amrecover> lcd /tmp
    amrecover> extract
    Extracting files using tape drive chg-disk on host quartz.zmanda.com.
    The following tapes are needed: DailySet1-02
    Restoring files into directory /tmp
    Continue [?/Y/n]? y
    Extracting files using tape drive chg-disk on host quartz.zmanda.com.
    Load tape DailySet1-02 now
    Continue [?/Y/n/s/t]? y
    ./tar-1.15/doc/
    ./tar-1.15/scripts/
    ./tar-1.15/configure
    ./tar-1.15/doc/Makefile.am
    ./tar-1.15/doc/Makefile.in
    ./tar-1.15/doc/convtexi.pl
    ./tar-1.15/doc/fdl.texi
    ./tar-1.15/doc/freemanuals.texi
    ./tar-1.15/doc/getdate.texi
    ./tar-1.15/doc/header.texi
    ./tar-1.15/doc/stamp-vti
    ./tar-1.15/doc/tar.info
    ./tar-1.15/doc/tar.info-1
    ./tar-1.15/doc/tar.info-2
    ./tar-1.15/doc/tar.texi
    ./tar-1.15/doc/version.texi
    ./tar-1.15/scripts/Makefile.am
    ./tar-1.15/scripts/Makefile.in
    ./tar-1.15/scripts/backup-specs
    ./tar-1.15/scripts/backup.in
    ./tar-1.15/scripts/backup.sh.in
    ./tar-1.15/scripts/dump-remind.in
    ./tar-1.15/scripts/restore.in
    amrecover> quit
    200 Good bye.


    5. We can now verify that the files have been recovered successfully by running run the following command.

    copper:/ # tree /tmp/tar-1.15
    /tmp/tar-1.15
    |-- configure
    |-- doc
    | |-- Makefile.am
    | |-- Makefile.in
    | |-- convtexi.pl
    | |-- fdl.texi
    | |-- freemanuals.texi
    | |-- getdate.texi
    | |-- header.texi
    | |-- stamp-vti
    | |-- tar.info
    | |-- tar.info-1
    | |-- tar.info-2
    | |-- tar.texi
    | `-- version.texi
    `-- scripts
    |-- Makefile.am
    |-- Makefile.in
    |-- backup-specs
    |-- backup.in
    |-- backup.sh.in
    |-- dump-remind.in
    `-- restore.in


    2 directories, 21 files

    For more information about Amanda, please visit http://amanda.zmanda.com.

  • Ruth Miller

    Amanda Windows client wiki


    Amanda Windows Client How-To


    Amanda windows client is a packaged version (Microsoft installer) of Amanda client for Windows. It is built from the Amanda sourceforge tree.

    [edit]

    Downloads

    the HTML link will not work in some browsers.

    [edit]

    Supported versions

    [edit]

    Installation

    The Amanda Windows client package uses the Microsoft Windows installer and includes Amanda client dependencies (Gnu tar, GnuZip, OpenSSH) as part of the package. This Windows client uses Cygwin and will install Cygwin binaries. If you have Cygwin installed, this package may not work.

    [edit]

    Pre-installation checklist

    You will need:

     The Amanda server should be accessible and should be part of
    your network's LDAP/DNS name services.
     Example: TestConfig.
     ssh provides a more secure backup but will require
    additional steps to configure.


    Windows client installation creates two Amanda users: amandabackup and amandaroot.

     The Amanda Maintenance Shell runs with amandabackup
    access rights and is used for all Amanda operations except recovery.

     amandaroot is used for all Amanda recovery operations.
    The amrecover and amoldrecover programs are run using
    Amanda Data Recovery Shell shell with amandaroot
    access rights.

    Installation on Windows Server 2003 also requires user sshd_server to be created.

    [edit]

    Client installation

    You must have Administrator privileges in order to install Amanda Backup Client.

    To install Amanda simply double-click on the downloaded package and the first screen in the installation process will appear:

    Page 1 - Copyright information


    This screen of the Amanda installation wizard gives you an opportunity to cancel or continue the installation.

    Click Next to proceed with the installation process.


    Page 2 - Network Authentication Selection


    Select the desired authentication method to be used between the Windows client and the Amanda server.

    Select BSDTCP if the network is secure enough and performance is an issue.
    Select SSH if network security is an issue.

    Click Next when the correct authorization is selected.


    Page 3 - Server Configuration


    The parameters are:

     This must be the fully qualified domain name of the tape/index server.
    The server should be available for access during the installation process.
     The installation process will use the provided name to create a working
    set of amanda client configuration files.
     If the configuration already exists it will not be overwritten or
    modified by the installer.
     This parameter is ignored for bsdtcp authentication.
    For ssh authentication this will normally this will be amandabackup.
     Another user with access to /var/lib/amanda/.ssh/authorized_keys may be used.
     Leaving this field blank will force the installer to skip the ssh key exchange.
    Instructions for setting up manually will be printed out at the end of the
    installation process.

    Click Next when finished editing the server parameters.


    Page 4 - Set User and Group Names
     This screen allows entry of standard account names for non-english installations.
    Only change these values if you are installing on an non-english version of Windows and the standard
    account names differ from those shown on the screen.

    Click Next when the account names are correct.


    Page 5 - Confirm installation


    This is the last point at which you can change your installation settings before beginning the actual installation. Please consider your choices carefully, as later changes will require manual modifications to configuration files. To modify your settings, click Back.

    Click Next if the supplied parameters are acceptable.


    Page 6 - Installation progress


    The installer will continue automatically to the next screen.

    [-PAGE-]


    Page 7 - Enter Password

    After the basic files are loaded on the client a post-installation script is run. Output from the post-installation process will be displayed in a command shell and also logged to /tmp/amanda/amanda_install.log.

    The first thing the script does is ask for a password to be used when setting up local accounts:
    Amanda requires an amandabackup user and an amandaroot user for normal operations. The installer will create any required account with the password supplied here.

    Amanda accounts will not be displayed on the login screen or in the user manager program.

     net user amandabackup <New Password>
     net user amandaroot <New Password>

    It is important to remember the password: it will be required every time an Amanda Maintainence Shell or an Amanda Data Recovery Shell is started.


    Page 8 - Server Key Exchange

    If SSH authentication is selected the ssh is used to swap keys with the server. You may be prompted for acceptance of the server's fingerprint and password at this point:
    The installation process will proceed after required information is entered.


    Page 9 - Confirm Successful Installation

    If everything has gone well then the following screen will be displayed:
    Press return or enter to proceed.


    Page 10 - Confirm With Additional Instructions

    If there were problems then instructions on how to correct the problems manually will be displayed:
    Follow the displayed instructions to manually complete the installation.

    Press return or enter to proceed.


    Page 11 - Installation Complete

    The end of the configuration process displays a confirmation screen which informs you of a successful Amanda installation.
    Click Close and you are done.


    If ssh authentication is used then you now need to exchange transfer the host fingerprints to the known_hosts files.

     Client> ssh amandabackup@server.company.com  #Note: amandabackup is not a typo.
     Server> ssh amandabackup@client.company.com 

    If the logins were successful, you are now ready to start using Amanda.

    [edit]

    Check installation logs

    [edit]

    Windows client configuration

    [edit]

    Changes to configuration files on the server

    For example:

    amandawindowsclient.company.com amandabackup amindexd amidxtaped

    For example:

    AmandaServer> ssh amandabackup@amandawindowsclient.company.com
    The authenticity of host 'amandawindowsclient.company.com (192.168.10.203)' can't be established.
    RSA key fingerprint is 38:d3:9c:a6:96:43:50:c8:29:90:3e:7e:41:86:b1:57.
    Are you sure you want to continue connecting (yes/no)? yes
    [edit]

    Check the Windows Start programs menu

    After a standard installation, under Start > Programs > Amanda, you will find:

    [edit]

    List of configuration files in the Windows client

    The Amanda client installation process creates or modifies multiple configuration files on the Windows client. The amanda configuration files modified and their locations are as follows:

    [edit]

    Changing client configuration

    To change the configuration of the Amanda Windows client, use the Amanda Maintenance Shell.
    From Start > Programs > Amanda, select Amanda Maintenance Shell.

    Modify amanda.conf to change:

    Please note that switching from bsdtcp to ssh authentication will require additional changes to the Windows client.

    [edit]

    Changing amandabackup/amandaroot Password

    Amanda Windows client creates two users : amandabackup and amandaroot
    amandabackup is the default user for Amanda Maintenance Shell and amandaroot is the user for the Amanda data recovery shell

    To change the password for these users, type the following in "Start > Run" or in your command prompt: Type

     net user <user-name> <new password> 

    For example:

     net user amandabackup <new password>


    [edit]

    Windows client configuration on Amanda server

    All Windows filesystems can be added to the disklist file on the Amanda server. Only GNU tar program can be used in the dumptype. An example disklist entry for Windows filesytem :

    winxp.company.com /cygdrive/c root-tar

    You can also use C:\ (drive letter) notation to specify filesystems.

    [edit]

    Run amcheck on the Amanda server

    Fix all configuration problems found by the amcheck command. Run amcheck as the amandabackup user on the Amanda server.

    For example:

    $ amcheck -c TestConfig

    If there are no amcheck errors, you are ready to do backup of Windows client. In case of amcheck errors, take a look at amcheck troubleshooting section.

    [edit]

    Restoring files on the Windows client

    Ruth Miller

    Backup Exec

    There are no articles in this category.

    NTBackup

    There are no articles in this category.

    Database

    There are no articles in this category.

    MySQL

    There are no articles in this category.

    Oracle

    TNS Listener Dies when accessed - but starts up normally as a service

    Windows 2000 - Oracle 9i

    Try the following tests to confirm that it is not remote connectivity problem:

    1. On Oracle Server,open a command prompt and execute a tnsping to the database and check if the TNS Listener service crashes
    2. if it does, see related article on fixing corrupt Winsock/TCP/IP in the operating system and try the test again when complete
    Ruth Miller

    Document Processing

    There are no articles in this category.

    Adobe PDF

    Exporting PDF to Word loses header/footer images

    Problem:   Converting PDF file to Word loses images in header area

    Explanation:  This occurred because the original document was created in Word and then converted to PDF with the PDFMaker plugin for Word. The images are in the header and footer area and they appear fine in the resulting PDF.  However, for some reason trying to export these BACK to Word will lose the images in the headers and footers.

    Solutions:   If you must get this document BACK to Word - Solid Converter PDF was able to convert this PDF back to Word and preserve the images in the headers, although it does not put the images back into the header area, but instead just creates the images and places them in the document in the relative area of the original.   I was also able to export the images separately from the PDF file, which can then be subsequently re-inserted into the Word document.

    Ultimately I found the original Word document which could then be used instead of worrying about converting the PDF back to Word. I could not find any settings in the Word to PDF conversion settings that might preserve the headings better for converting BACK to Word.
    Ruth Miller

    Microsoft Word

    Exporting PDF to Word loses header/footer images

    Problem:   Converting PDF file to Word loses images in header area

    Explanation:  This occurred because the original document was created in Word and then converted to PDF with the PDFMaker plugin for Word. The images are in the header and footer area and they appear fine in the resulting PDF.  However, for some reason trying to export these BACK to Word will lose the images in the headers and footers.

    Solutions:   If you must get this document BACK to Word - Solid Converter PDF was able to convert this PDF back to Word and preserve the images in the headers, although it does not put the images back into the header area, but instead just creates the images and places them in the document in the relative area of the original.   I was also able to export the images separately from the PDF file, which can then be subsequently re-inserted into the Word document.

    Ultimately I found the original Word document which could then be used instead of worrying about converting the PDF back to Word. I could not find any settings in the Word to PDF conversion settings that might preserve the headings better for converting BACK to Word.
    Ruth Miller

    Email

    There are no articles in this category.

    General Issues

    550 5.1.0 Invalid Sender Domain

    Scenario was on host example.com (fictitious domain used as example) the MX record for the example.com DNS was set to the following:

       MX    10   mailhost.samehost.com

    The IP address for mailhost.samehost.com and host.example.com are identical and they are the same server.

    Mail was sent out from this host using a from address of a gmail account using a pipe.  User was able to confirm that the from address was set correctly as most recipients could receive the email.

    Only COMCAST had a problem because of their more restrictive spam filtering rules that require adhering to RFC822.

    ----- Transcript of session follows -----
    ... while talking to mx2.comcast.net.:
    >>> MAIL From:< www@hostname.example.com> SIZE=1137
    <<< 550 5.1.0 Invalid sender domain
    554 5.0.0 Service unavailable

    --lAT45KS2084846.1196309120/hostname.example.com
    Content-Type: message/delivery-status

    Reporting-MTA: dns; hostname.example.com
    Received-From-MTA: DNS; localhost
    Arrival-Date: Wed, 28 Nov 2007 22:05:17 -0600 (CST)

    Final-Recipient: RFC822; recipient@comcast.net
    Action: failed
    Status: 5.1.0
    Diagnostic-Code: SMTP; 550 5.1.0 Invalid sender domain
    Last-Attempt-Date: Wed, 28 Nov 2007 22:05:20 -0600 (CST)

    --lAT45KS2084846.1196309120/hostname.example.com
    Content-Type: message/rfc822

    SOLUTION:

    Added the following additional MX record to the DNS for host.example.com that said

           MX           20      host.example.com

    This provided a proper reverse lookup when the mail was received by Comcast from host.example.com even though the desired main mail server with preference of 10 remains mailhost.samehost.com
    Ruth Miller

    Duplicate emails or missing emails


    Duplicate Emails or Missing Emails Intermittently

    Once you see a more detailed sendmail exchange on your mail server by turning up the logging level, you might see this sort of exchange:

     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: <-- XXXX LLweb01.somehost.com
     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: --- 500 5.5.1 Command unrecognized: "XXXX LLweb01.somehost.com"
     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: <-- HELO LLweb01.somehost.com


    This points directly to a combination of a PIX Firewall using Mailguard or "fixup protocol smtp 25" on the receiving mail server side and the sender is using Microsoft Exchange 2003 Version.

    To disable mailguard:

         no fixup protocol smtp 25

    To re-enable it if this was not the issue:

         fixup protocol smtp 25

    On Cisco firewalls, the command "fixup protocol smtp 25" in your configuration will essentially disallow EHLO commands.
    By removing this command, you will allow the Enhanced SMTP protocols (EHLO commands).

    References:

    http://www.mombu.com/microsoft/exchange-server-administration/t-exchange-server-does-not-forward-all-mails-just-sends-helo-and-quit-329275.html

    http://chris-linfoot.net/d6plinks/CWLT-6F6LHT

    https://supportwiki.cisco.com/ViewWiki/index.php/Mail_traffic_does_not_pass_through_a_PIX_Firewall_with_ESMTP
    Ruth Miller

    Microsoft Exchange

    Microsoft Exchange Relays

    Source:   http://msexchange.org/tutorials/Mail_Relays_Enhance_Exchange_Security.html

    What Is A Mail Relay?

    The first mechanism to be used against attacks is a mail relay. A mail relay is basically just a simple mail server that accepts e-mails, filters it according to pre-defined criteria and then delivers them to another server. Your mail relay will only allow mails that are destined to user in your SMTP domain to be relayed to the internal server. A mail relay could also filter out viruses and junk e-mail if you install the right software package for it.

    You would definitely want one of those so that your Exchange server will not be directly connected to the Internet for inbound connections.  A mail relay is typically placed in a DMZ, which a dedicated network, protected by a Firewall and separated from both the internal LAN and the Internet. This allows the Firewall administrator to determine who is trying to get into the mail relay and what is passing from the mail relay to the internal LAN.

    Tips Regarding Mail Relay deployment

    1. Don't forget the mail relay! Make sure that you secure the mail relay as much possible, install new security related patches, etc. One of the perks of having a mail relay is that you can reboot it more often than you could an Exchange Mailbox server.
      Linux is no more secure than Windows and more difficult to manage, so make sure you have the knowledge to handle it if you choose Linux as your solution.
    2. Don’t over-do your junk e-mail detection or you'll be fishing out deleted e-mails from your mail relay forever. Better choose a solution that blocks some junk mail at the mail relay level, and the rest at the server level, delivering suspected mail to a folder in the users' mailbox.
    3. Using a different anti-virus at the mail relay level than the one you use internally can lessen the chances of infections.
    4. Usually backing up mail relays is not really required but when your Exchange server is unavailable due to maintenance, internal virus outbreak or a Firewall problem you should be able to backup your mail relay so that a sudden crash doesn't take all your mail away.
    5. Monitor your mail relay queue to find out if there is a problem sooner rather then later.
    6. If you have POP3/SMTP clients, use the mail relay as an outgoing mail server instead of Exchange. This allows you to uncheck the SMTP authentication checkbox of the Exchange SMTP virtual server Relay options that is used by Trojan attacks.
      Trojans hijack username and password on workstations using various methods. They use this information to authenticate to the Exchange SMTP virtual server. Then they spoof the mail so that it appears as if it is coming from a valid IP for a large Internet E-mail supplier. However if you uncheck this option regular SMTP clients that you might find in most large enterprises such (For example, UNIX and Mac clients) will not be able to use Exchange to send mail. This quite alright as your mail relay can be configured for this purpose.

    Can I Use My Front End Server as a mail relay?

    Front End Servers are the not the ideal candidate for a mail relay, security-wise, they can be configured as such like any other Exchange server. You would need to have at least on mailbox store available for some SMTP operations.

    However I think it is best to separate this functions and place them in separate DMZs so that hacking one of them doesn't expose both of them.

    Virus, Trojan and denial of service attacks are quite common these days and Exchange is a popular target for these attacks due its popularity and inherent vulnerabilities. Mail relays can be used to thwart most attacks. I'm constantly discovering that although the concept of mail relays is not new they can be used against the latest sophisticated attacks, just long as they're not the weakest link in the chain of e-mail delivery.

    Ruth Miller

    How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server

    Source: http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958

    SUMMARY

    In a Small Business Server environment, you may have to prevent your Microsoft Exchange Server-based server from being used as an open relay SMTP server for unsolicited commercial e-mail messages, or spam. You may also have to clean up the Exchange server's SMTP queues to delete the unsolicited commercial e-mail messages. If your Exchange server is being used as an open SMTP relay, you may experience one or more of the following symptoms:
    The Exchange server cannot deliver outbound SMTP mail to a growing list of e-mail domains.
    Internet browsing is slow from the server and from local area network (LAN) clients.
    Free disk space on the Exchange server in the location of the Exchange information store databases or the Exchange information store transaction logs is reduced more rapidly than you expect.
    The Microsoft Exchange information store databases spontaneously dismount. You may be able to manually mount the stores by using Exchange System Manager, but the stores may dismount on their own after they run for a short time. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    321825 (http://support.microsoft.com/kb/321825/) Databases become dismounted because of lack of disk space

    Back to the top

    Determine whether the Exchange Server is an open SMTP relay

    Note All Exchange clients (Microsoft Outlook or other clients) must log off the Exchange server before you follow the steps in this section. Additionally, you must follow these steps from a remote client.

    These steps involve establishing a Telnet session from a computer that is not located on the Small Business Server local network to the public IP address of the Small Business Server computer. If you are physically located at the Small Business Server computer, you can use a Terminal Services client to connect to a computer that is not on the local network and then use the Telnet tool from that remote station to connect to the appropriate IP address.

    Note A webcast is available that demonstrates the steps for identifying an open SMTP relay. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_1.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_1.asx)
    From the remote client, follow these steps:
    1. Click Start, click Run, type telnet, and then click OK.
    2. At the Telnet command prompt, type set local_echo, and then press ENTER.
    3. At the Telnet command prompt, type open sbs-IP-address 25, and then press ENTER (where sbs-IP-address is the external public IP address of the Small Business Server computer).

    The output is similar to the following:
    220 server.smallbusiness.local Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at "date" -0500
    Note The "Version" reference may vary, depending on the version of Small Business Server.
    4. Type ehlo anydomain.com, and then press ENTER (where anydomain is not the Small Business Server computer's e-mail domain. Make sure that the last line is:
    250 OK
    5. Type mail from:youremail@anydomain.com, and then press ENTER (where youremail@anydomain is an SMTP address that is not hosted on the Small Business Server computer). Make sure that the result is:
    250 2.1.0 youremail@anydomain.com....Sender OK
    6. Type rcpt to:user@spam.com, and then press ENTER (where user@spam is not your e-mail domain). Make sure that the result is one of the following two responses:
    550 5.7.1 Unable to relay for user@spam.com

    -or-

    250 2.1.5 user@spam.com
    7. If the result is "550 5.7.1 Unable to relay for user@spam.com," the Exchange server is not an open SMTP relay. If you previously configured Exchange Server to block open SMTP relaying and you want to clean up the Exchange server, go to the "Clean Up the Exchange Server's SMTP Queues" section of this article.
    8. If the result is "250 2.1.5 user@spam.com," the Exchange server is an open SMTP relay. Go to the "Configure the Exchange Server to Block Open SMTP Relaying" section of this article.


    Back to the top

    Determine whether an authenticated user is relaying

    This section enables logging in the Windows Event Viewer such that any authentication attempts against the SMTP service (successful or failures) are logged in the application log.
    1. Start Exchange Administrator.
    2. Double-click Servers.
    3. Under Servers, right-click ServerName, and then click Properties.
    4. Click the Diagnostic Logging tab.
    5. Click MSExchangeTransport on the left.
    6. On the right, click SMTP Protocol.
    7. Under Logging Level, click Maximum.
    8. Click OK to close Server Properties.
    If a remote user is authenticating against the Small Business Server computer as part of an operation to relay SMTP e-mail, you will see an event that is similar to the following in the application log:

    Event Type: Information
    Event Source: MSExchangeTransport
    Event Category: SMTP Protocol
    Event ID: 1708
    Date: 8/13/2003
    Time: 10:13:24 AM
    User: N/A
    Computer: SERVER
    Description: SMTP Authentication was performed successfully with client remote_computername. The authentication method was LOGIN and the username was company\username.

    In this case, if the relaying appears to come from a hacked account password, go to the Active Directory Users and Computers snap-in and delete the account, disable the account, or change the password on the account.

    Microsoft recommends that you implement a strong password policy. For additional information, visit the following Microsoft Web site:
    http://www.microsoft.com/athome/security/privacy/password.mspx (http://www.microsoft.com/athome/security/privacy/password.mspx)


    If a remote user is authenticating against the Small Business Server as part of an operation to relay SMTP e-mail using the guest account, you will see an event that is similar to the following in the application log:

    Event Type: Information
    Event Source: MSExchangeTransport
    Event Category: SMTP Protocol
    Event ID: 1708
    Date: 8/13/2003
    Time: 10:27:52 AM
    User: N/A
    Computer: SERVER
    Description: SMTP Authentication was performed successfully with client remote_computername. The authentication method was LOGIN and the username was COMPANY\Guest.

    In this case, the remote user is exploiting the guest account. Use the Active Directory Users and Computers snap-in to disable the guest account. Note It is not sufficient to change the password on the guest account. You must disable the guest account.



    Back to the top

    Configure the Exchange Server to block open SMTP relaying

    Note A webcast is available that demonstrates how to configure Exchange Server to block open SMTP relaying. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_2.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_2.asx)
    There are two Exchange Server components that permit SMTP relaying to be turned on or off:
    The Default SMTP Virtual Server
    The SMTP Connector

    Additionally, if the server is running Microsoft Internet Security and Acceleration (ISA) Server 2000, the server may be an open relay if the following conditions are true:
    ISA Server is configured with a server publishing rule for the SMTP protocol.
    127.0.0.1 is in the list of IP addresses that are allowed to relay in the properties of the default SMTP Virtual Server.


    To check the properties on the Default SMTP Virtual Server, follow these steps:
    1. Click Start, click All Programs, click Microsoft Exchange, and then click System Manager.
    2. Expand Servers, expand Servername, expand Protocols, and then expand SMTP.

    If the server is an upgrade from Small Business Server 4.x, expand Administrative Groups, expand Servername, expand Servers, expand Servername, expand Protocols, expand SMTP.
    3. Right-click Default SMTP Virtual Server and then click Properties.
    4. Click the Access tab.
    5. Click the Relay button at the bottom.
    6. The default settings block open relay. The default settings are as follows:
    Select Only the list below.
    The Computers dialog box shows Access Granted to the Internal IP address of the Small Business Server network and to the external IP address (if the server has more than one network card.)
    Make sure that Allow all computers which successfully authenticate to relay, regardless of the list above is selected.
    7. Set the Default SMTP Virtual Server configuration for relaying as indicated, which restores its settings to their defaults.
    To check the properties for the SmallBusiness SMTP Connector, follow these steps:
    1. In the Exchange System Manager, expand Connectors, and then locate the SmallBusiness SMTP Connector.

    If the server is an upgrade from Small Business Server 4.x, expand Administrative Groups, expand Servername, and then expand Connectors.

    Note: The SmallBusiness SMTP Connector is created when you run the Small Business Server 2000 Internet Connection Wizard. If you have manually created an SMTP connector, it may not be named SmallBusiness SMTP connector. Also be aware that the SMTP connector is not required for external mail flow. The absence of a connector may not indicate a problem.
    2. Right-click the SmallBusiness SMTP connector (or on the connector name that you manually created), and then click Properties.
    3. Click the Address Space tab.
    4. The default settings (when this connector is created by means of the Small Business Server 2000 Internet Connection Wizard) block open relay. The default settings are:
    Address Space -Type: SMTP
    Address: *
    Cost: 1
    The Connector Scope is Entire Organization.
    Allow messages to be routed to these domains is cleared (not selected).
    5. Configure the SMTP Connector as indicated to restore its settings to their default values.


    To examine ISA Server configuration, follow these steps:
    1. Open the ISA Management Console.
    2. Expand Servers and Arrays, expand Computer name, expand Publishing, and then click Server Publishing Rules.
    3. If you see Create Server Publishing Rules on the right side together with some text, you do not have any server publishing rules defined. You may go to the end of this section. If you do not see Create Server Publishing Rules, you will see a list of rules defined. Go to step 4.
    4. View the Protocol column to see if SMTP Server is listed. SMTP Server is the name of the default protocol definition for TCP port 25 Inbound in ISA Server 2000. If this protocol definition exists, an SMTP server publishing rule has been added to ISA Server.

    Note Administrators can add a custom protocol definition by using a different name to define TCP port 25 Inbound. If you do not specifically see SMTP Server in the Protocol column, but see a protocol definition that defines TCP port 25 Inbound, it may also be an SMTP Server Publishing Rule.
    5. To resolve this, disable or delete the SMTP Server Publishing Rule in ISA Server. To disable this rule, right-click the rule, and then click Disable. To delete this rule, right-click the rule, and then click Delete.
    6. Run the Internet Connection Wizard in SBS 2000 or run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 to configure ISA Server to enable SMTP Inbound. To run the Internet Connection Wizard in Small Business Server 2000, click Start, click Run, type icw, and then click OK.

    To run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003, follow these steps:
    a. Click Start, and then click Server Management to start the Configure E-mail and Internet Connection Wizard.
    b. In the left pane, expand To Do List. In the details pane, click Connect to Internet.

    Note The Internet Connection Wizard and the Configure E-mail and Internet Connection Wizard add a packet filter to ISA Server to enable SMTP incoming from the Internet. If you want to continue to use a server publishing rule for the SMTP protocol, make sure 127.0.0.1 is not in the allowed relay list in Exchange. If you run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 and choose the option to configure Exchange, 127.0.0.1 will be added back. You must remember to remove the address every time that you run the Configure E-mail and Internet Connection Wizard and configure Exchange. This issue does not occur in SBS 2000.
    After you follow the steps in this article to check the Default SMTP Virtual Server,the SmallBusiness SMTP Connector settings, and the ISA Server configuration, the Exchange server is configured to block open SMTP relaying. You must follow these steps again for the telnet procedure in the "Determining if the Exchange Server Is an Open SMTP Relay" section of this article to make sure that the Exchange server returns "550 5.7.1 Unable to relay for user@spam.com" when you try to send mail to a recipient who is not homed on the Exchange server. After you have verified that Small Business Server is not an open SMTP relay, go to the Clean Up the Exchange Server's SMTP Queues section of this article.

    Back to the top

    Clean up the Exchange Server's SMTP queues


    Warning During this process, ALL messages that are destined for external SMTP recipients are deleted. Internal e-mail and incoming e-mail from the Internet are not affected. The settings below are temporary and steps to undo these changes will be included later in this section.

    Note A webcast is available that demonstrates how to clean up the Exchange Server's SMTP queues. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_3.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_3.asx)
    1. In Exchange System Manager, click SmallBusiness SMTP Connector under Connectors. This phase requires an SMTP connector. If the Exchange server does not have an SMTP connector, create one. To do this, follow these steps:
    a. Right-click Connectors, click New, and then click SMTP Connector.
    b. On the General tab, type a temporary name (Temp Connector, for example) in the Name box.
    c. Click Add at the bottom, select the server name and its associated SMTP Virtual Server, and then click OK.
    d. Click Address Space.
    e. Click Add, click SMTP, and then click OK.
    f. In the Internet Address Space Properties dialog box, leave the default settings (E-mail domain * and Cost 1), and then click OK.
    g. Click the General tab, and then go to step 4.
    2. Right-click SmallBusiness SMTP Connector, and then click Properties. If you have more than one SMTP Connector, the one that you want to work with in the following steps is the one that contains the "*" (asterisk) for the SMTP address on the Address Space tab.

    3. Click the General tab. Make a note of all the settings on this tab. You have to return these settings later in this article.
    4. Click Forward all mail through this connector to the following smart hosts.
    5. In the field provided, type a false IP address and enclose it in brackets. For example, type [99.99.99.99].
    6. Click the Deliver Options tab .
    7. Click Specify when messages are sent through this connector.
    8. In the Connection Time list, click Run daily at 11:00 PM.
    9. Click OK to close the SMTP Connector Properties dialog box.
    10. Expand Servers, expand Servername, expand Protocols, expand SMTP. Right-click the Default SMTP Virtual Server, and then click Stop.
    11. It may take several minutes for the SMTP Virtual Server to stop. After the Default SMTP Virtual Server has stopped, right-click the Default SMTP Virtual Server again, and then click Start. It may take several minutes for the Default SMTP Virtual Server to start.
    12. After the Default SMTP Virtual Server has started, wait about 10 minutes.

    Now the Default SMTP Virtual Server can re-enumerate the messages and put them in a single queue for the SmallBusiness SMTP Connector or for the one that you named when you created it in step 1.b.
    13. After about 10 minutes, expand Default SMTP Virtual Server, and then click Queues.
    14. Note the total number of messages on the right next to the Small Business SMTP Connector.

    This number has to stabilize so that all the messages can be deleted at the same time.
    15. Right-click Queues, and then click Refresh approximately every 15 minutes.
    16. Repeat step 15 until the total number of messages remains constant.
    17. Locate the queue for the SmallBusiness SMTP Connector. The queue is indicated by the small red clock on the yellow folder icon.
    18. Depending on your version of Small Business Server installation, follow the appropriate section to delete the messages from the queues:
    Small Business Server 2003: Right-click SmallBusiness SMTP Connector, and then click Find Messages. In the corresponding box, click the dropdown and select an appropriate number in Number of messages to be listed in the search. Click Find Now. In the results, select all the messages (SHIFT+PAGE DOWN). Right-click the selected messages, and then click Delete All Messages (No NDR).
    Small Business Server 2000: Right-click SmallBusiness SMTP Connector, and then click Delete All Messages (No NDR).
    19. Click Yes when you are prompted with the question of whether to delete messages in the selected queue. Deleting these message may take some time, depending on the number of messages in the queue.
    20. After the messages are deleted, right-click Queues, and then click Refresh.
    21. Note the total number of messages for the SmallBusiness SMTP Connector queue. The number is zero.
    22. Wait approximately 5 minutes, and then refresh Queues again. The goal is to have the number of messages in the SmallBusiness SMTP Connector queue reach zero and stay at zero. If this number increases, the Exchange server is still processing messages for external delivery through the SmallBusiness SMTP Connector. Repeat this step until the number stabilizes again.
    23. Repeat steps 19 through 23 until the number of messages in the SmallBusiness SMTP Connector queue is consistently zero. When it is, the Exchange server's SMTP queues have been purged of the unsolicited commercial e-mail.


    After Exchange has been cleaned of the unsolicited commercial e-mail, you have to undo the changes that you made in steps 2 through 8. To undo the changes, follow these steps:
    1. In Exchange System Manager, expand Connectors, right-click the SmallBusiness SMTP Connector, and then click Properties.

    If you created a temporary SMTP connector in step 1, click Delete instead of Properties, and then go to step 7.
    2. On the General tab, change these settings to those documented in step 3 under Clean Up the Exchange Server's SMTP Queues.
    3. Click the Delivery Options tab.
    4. Verify that Specify when messages are sent through this connector is selected.
    5. In the Connection Time list, click Always Run.
    6. Click OK.
    7. Expand Servers, expand Servername, expand Protocols, and then expand SMTP. Right-click Default SMTP Virtual Server, and then click Stop.
    8. After the SMTP Virtual Server has stopped, right-click Default SMTP Virtual Server again, and then click Start.
    Now you have configured the Exchange server to block open SMTP relaying and you have removed the unsolicited commercial e-mail from Exchange Server's SMTP queues. The next step is to clean up the file system.

    Back to the top

    Clean up the Exchange Server's file system

    Note A webcast is available that demonstrates how to clean up the file system after relaying has occurred in Exchange Server. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_4.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_4.asx)
    Exchange Server tries to deliver e-mail based on the specific settings for the SMTP Virtual Server. After these delivery thresholds have been met, Exchange Server stops trying to deliver the e-mail and moves the messages out of the SMTP queues into a BadMail folder. This folder may take up a lot of space on the drive.

    To remove these unnecessary files, follow these steps:
    1. In Windows Explorer, locate the C:\Program Files\Exchsrvr\Mailroot\Vsi 1 folder. To do this, expand C:\Program Files in the left pane, expand Exchsrvr, expand MailRoot, and then expand Vsi 1.

    Important Do not open the Badmail folder. Depending on how much spam the Small Business Server computer processes, this folder may contain several hundred thousand files. If you open this folder, the server may appear to have stopped responding.
    2. On the File menu, point to New, and then click Folder.
    3. Type BadMail2 for the name of the new folder.
    4. Click Start, click Programs or All Programs, click Microsoft Exchange, and then click System Manager.
    5. Expand Servers, expand Server name, expand Protocols, and then expand SMTP.

    If administrative groups are displayed, expand Administrative Groups, expand Server name, expand Servers, expand Server name, expand Protocols, and then expand SMTP.
    6. Right-click Default SMTP Virtual Server, and then click Properties.
    7. Click the Messages tab.
    8. In the Badmail directory box, change the name of the BadMail folder to BadMail2, and then click OK.
    9. Permanently delete the BadMailOld folder. To do this, click the BadMailOld folder in Windows Explorer, press and hold down the SHIFT key, and then press DELETE.
    10. Click Yes when you are prompted to confirm the deletion. Deleting this folder may take a long time, depending on the number of files in this folder.

    Back to the top

    Defragment the Exchange server's drives

    Because you have moved or deleted many files, you may want run Disk Defragmenter on the affected drive or drives.

    Back to the top

    Remove the Exchange server from "black hole" lists

    You may have to take the appropriate steps to remove your Exchange Server domain name or the Exchange server's external IP address from various "black hole" lists.

    Back to the top

    REFERENCES

    For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
    313395 (http://support.microsoft.com/kb/313395/) How to examine relay restrictions for anonymous SMTP connections and filter unsolicited e-mail messages in Exchange 2000 Server
    321825 (http://support.microsoft.com/kb/321825/) Databases become dismounted because of lack of disk space
    319356 (http://support.microsoft.com/kb/319356/) How to prevent unsolicited commercial e-mail in Exchange 2000
    Ruth Miller

    Outlook 2003 Crashing on use

    Outlook 2003 Client Crashes on Use


    Installed a new user on an XP Professional computer where there had been a prior user with an Exchange mailbox.

    I copied the prior user's profile over so that the new person had same desktop icons and programs etc.
    Then I configured Outlook with the Change/Add Email Accounts and changed the username to the new person and also a new data file.

    Outlook began to crash after opening - usually within a couple of minutes and would force a restart.

    Event log looked like this (not exactly mine - used one found in google that matched)

    Event Type: Error
    > Event Source: Microsoft Office 11
    > Event Category: None
    > Event ID: 1000
    > Date: 6-1-2006
    > Time: 23:36:05
    > User: N/A
    > Computer: DRIFTER
    > Description:
    > Faulting application outlook.exe, version 11.0.6565.0, stamp 42cacc7d,
    > faulting module msmapi32.dll, version 11.0.6566.0, stamp 42cdb657, debug?
    > 0, fault address 0x00014a12.

    Solution

    Go into Control Panel - Mail and remove the old/existing Exchange Account completely. Then add the new user's Exchange email account.
    This fixed the crashing problem.
    Ruth Miller

    Duplicate emails or missing emails


    Duplicate Emails or Missing Emails Intermittently

    Once you see a more detailed sendmail exchange on your mail server by turning up the logging level, you might see this sort of exchange:

     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: <-- XXXX LLweb01.somehost.com
     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: --- 500 5.5.1 Command unrecognized: "XXXX LLweb01.somehost.com"
     Nov 26 09:49:10 mh1 sendmail[31414]: AmAQEnAKL031414: <-- HELO LLweb01.somehost.com


    This points directly to a combination of a PIX Firewall using Mailguard or "fixup protocol smtp 25" on the receiving mail server side and the sender is using Microsoft Exchange 2003 Version.

    To disable mailguard:

         no fixup protocol smtp 25

    To re-enable it if this was not the issue:

         fixup protocol smtp 25

    On Cisco firewalls, the command "fixup protocol smtp 25" in your configuration will essentially disallow EHLO commands.
    By removing this command, you will allow the Enhanced SMTP protocols (EHLO commands).

    References:

    http://www.mombu.com/microsoft/exchange-server-administration/t-exchange-server-does-not-forward-all-mails-just-sends-helo-and-quit-329275.html

    http://chris-linfoot.net/d6plinks/CWLT-6F6LHT

    https://supportwiki.cisco.com/ViewWiki/index.php/Mail_traffic_does_not_pass_through_a_PIX_Firewall_with_ESMTP
    Ruth Miller

    Outlook

    Outlook category

    Repair Outlook Express mailbox

    How to repair your outlook express mailbox files


    Created: Jul 1, 2005
    Updated: Aug 16, 2005
          

     Introduction


    In some situations your mailbox file of outlook express could get corrupted in a manner that outlook itself is unable to repair it.
    If this is the case outlook express might hang on opening the file.

    It is often possible to overcome this problem by following the next steps.
     

     Locate your file(s)


    To be able to find the location where outlook express stores its files you should start the registry editor.
    Do NOT make any changes in the registry as this could have unpredictable results !

    Start the registry editor by typing regedit in the Run item in your Start menu.

    In the left pane:
    In the right pane:
    You will now see the path where outlook stores its files. Select the full path and press CTRL+C to copy the value


     Move mailbox file(s)


     Import


    This step will import the old (corrupted) data into outlook express. Outlook Express will import these file in most cases without any problems.

     Done


    Start outlook express. You should now see your mailbox folders again.

     Remarks


    THIS PROCEDURE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, USE AT YOUR OWN RISK!

    Use information from this site elsewhere? Check our legal information page!
    Legal information - [07/10/04]

    Copyright (c) 2000-2007 by Martin Borkhuis. All rights reserved.
    Ruth Miller

    Migrate Outlook AutoComplete data from one computer to another

    Migrating Outlook Autocomplete Data (NK2 File Data) to a New Vista/Office 2007 Computer

    I'm in the process now of moving all my data over from my old computer to my new computer and remembered that autocomplete information is not stored in the Outlook profile. Autocomplete is the drop-down suggestion window that appears when you start entering in an address in the To, CC:, or BCC: bar. Like you, this data is something I can't live without.

    That data is stored in an NK2 file that for previous (non-Vista) O/S's used to be stored in C:\Documents and Settings\{username}\Application Data\Microsoft\Outlook. Note that this location is not where your Outlook profile is by default stored. That location on non-Vista O/S's is C:\Documents and Settings\{username}\Local Settings\Application Data\Microsoft\Outlook. Notice the difference in the two paths above: The second includes traversal through the "Local Settings" folder.

    Now, in Windows Vista, that folder doesn't exist. So, I had problems finding it...

    ...Turns out that the new location in Vista where your NK2 file is located has moved to fit it into the new structure. That new location where you need to copy the NK2 file is:

    C:\Users\{username}\AppData\Roaming\Microsoft\Outlook

    Nice to know!

    Ruth Miller

    Outlook 2003 Crashing on use

    Outlook 2003 Client Crashes on Use


    Installed a new user on an XP Professional computer where there had been a prior user with an Exchange mailbox.

    I copied the prior user's profile over so that the new person had same desktop icons and programs etc.
    Then I configured Outlook with the Change/Add Email Accounts and changed the username to the new person and also a new data file.

    Outlook began to crash after opening - usually within a couple of minutes and would force a restart.

    Event log looked like this (not exactly mine - used one found in google that matched)

    Event Type: Error
    > Event Source: Microsoft Office 11
    > Event Category: None
    > Event ID: 1000
    > Date: 6-1-2006
    > Time: 23:36:05
    > User: N/A
    > Computer: DRIFTER
    > Description:
    > Faulting application outlook.exe, version 11.0.6565.0, stamp 42cacc7d,
    > faulting module msmapi32.dll, version 11.0.6566.0, stamp 42cdb657, debug?
    > 0, fault address 0x00014a12.

    Solution

    Go into Control Panel - Mail and remove the old/existing Exchange Account completely. Then add the new user's Exchange email account.
    This fixed the crashing problem.
    Ruth Miller

    Outlook crashes because Outlook.pst file is too large

    Microsoft Outlook will become very unstable if the Outlook.pst file (or whatever the main data file is named) grows to a size that is over 4gb.  There is a relatively easy fix for this compared to the painful and time consuming "compact" option, which, even after deleting tons of emails, your file size may still be too large for Outlook to handle without crashing.

    To find out if your main pst file has become too large do the following steps:

     1.  Open Folder and Search Options - in Vista it is in My Computer under Organize drop down
     2.  Click the View tab
     3.  Select the radio button for "Show hidden files and folders" and click Apply and then Ok to close the window
     4. Open My Computer ---> your username ---> AppData
     5. In the search box in the upper right corner, type *.pst   Look for the file Outlook.pst (to check your data file name you must be able to open Outlook so look for the largest pst file with current date on it)
         (You need to change the view to View Details to see the file dates and sizes )
     6. If in fact, the Outlook.pst file is over 4gb in size, highlight Outlook.pst and right click to rename it. Rename it to something like Outlook_todaysdate.pst
     7. You should now be able to open your Outlook and it will complain about not being able to find the default data file - this is fine - it will create a new blank one
     8. Once Outlook is opened you will want to Import the pst file which you renamed in Step 6    Visit this Microsoft link to see details about importing pst files and other data file help
     9. Make sure when you import the old over-sized pst file that you do not import it into your CURRENT Personal folder. You want it to be available as a separate Archive folder.
    10. Once you have imported your old data file you can now open it and choose emails that you would like to save and file under your Main Personal Folders - just don't put them in your Inbox or you will be right back in the same situation. Ideally, you should create folders under your Personal Folders for organizing email that you want to save.

    Make sure that when you are finished, you go back to Folder and Search Options and choose "Don't show hidden files" so that you don't inadvertently delete some system files that are usually hidden.

    The problem with Outlook is - it has a "high water mark" setup so that as you receive emails, the size keeps growing and growing and even after you delete emails, the high water mark remains at the same level.  If you don't have a large Inbox, you CAN use the Compact option to shrink it back down after deleting emails - however I have found that this usually is not very useful once the pst file gets to be very large, and very large means when it gets to between 2gb and over.

    If you have Microsoft Exchange, your data file will have the extension .ost instead of .pst.
    Ruth Miller

    Scalix

    Troubleshooting SpamAssassin Socket Errors

    SpamAssassin - fixing errors with socket

    OS being described here is RedHat Linux EL4
    SpamAssassin is integrated with sendmail as a front end to Scalix 11.3


    Startup script is /etc/init.d/spamass-milter

    In that file it specifies creation of a socket at (hopefully) /var/run/spamass-milter/spamass-milter.sock

    In /etc/sendmail.cf should be a line looking for the above socket. The paths and socket names should match.

    If they don't, fix the spamass-milter startup script first to match what is in sendmail.cf, then make sure the paths match with /etc/sendmail.cf and

    then restart  SpamAssassin and sendmail as follows:

    /etc/init.d/spamassassin restart
    /etc/init.d/spamass-milter restart
    /etc/init.d/sendmail restart

    If they don't match you may see the following error in /var/log/maillog:

    Feb 18 12:52:03 mailserver sendmail[23268]: m1IHq3xq023268: Milter (spamassassin): error connecting to filter: Connection refused by /var/run/spamass-milter/spamass-milter.sock
    Feb 18 12:52:03 mailserver sendmail[23268]: m1IHq3xq023268: Milter (spamassassin): to error state

    You can easily see the health of spamassassin with the following command:

    tail -f /var/log/maillog | grep spam


    evidence of restarting milter in /var/log/maillog:

    Feb 18 13:16:03 mailpa spamass-milter[26409]: SpamAssassin: mi_stop=1
    Feb 18 13:16:03 mailpa spamass-milter[26409]: spamass-milter 0.3.0 exiting
    Feb 18 13:16:06 mailpa spamass-milter[26662]: spamass-milter 0.3.0 starting
    Ruth Miller

    SpamAssassin

    Troubleshooting SpamAssassin Socket Errors

    SpamAssassin - fixing errors with socket

    OS being described here is RedHat Linux EL4
    SpamAssassin is integrated with sendmail as a front end to Scalix 11.3


    Startup script is /etc/init.d/spamass-milter

    In that file it specifies creation of a socket at (hopefully) /var/run/spamass-milter/spamass-milter.sock

    In /etc/sendmail.cf should be a line looking for the above socket. The paths and socket names should match.

    If they don't, fix the spamass-milter startup script first to match what is in sendmail.cf, then make sure the paths match with /etc/sendmail.cf and

    then restart  SpamAssassin and sendmail as follows:

    /etc/init.d/spamassassin restart
    /etc/init.d/spamass-milter restart
    /etc/init.d/sendmail restart

    If they don't match you may see the following error in /var/log/maillog:

    Feb 18 12:52:03 mailserver sendmail[23268]: m1IHq3xq023268: Milter (spamassassin): error connecting to filter: Connection refused by /var/run/spamass-milter/spamass-milter.sock
    Feb 18 12:52:03 mailserver sendmail[23268]: m1IHq3xq023268: Milter (spamassassin): to error state

    You can easily see the health of spamassassin with the following command:

    tail -f /var/log/maillog | grep spam


    evidence of restarting milter in /var/log/maillog:

    Feb 18 13:16:03 mailpa spamass-milter[26409]: SpamAssassin: mi_stop=1
    Feb 18 13:16:03 mailpa spamass-milter[26409]: spamass-milter 0.3.0 exiting
    Feb 18 13:16:06 mailpa spamass-milter[26662]: spamass-milter 0.3.0 starting
    Ruth Miller

    Handhelds

    Blackberry Sync Error 4238 with Outlook

    I have a 7520 that I synchronize (USB) with my corporate Outlook calendar, tasks, etc., using Desktop Manager. A few days ago during synchronization, I began getting an error message that the connection to the MS Exchange server was not available, and an "internal synchronization error #4238" in the sync log. This would terminate the synchronization. I've confirmed that it only effects the calendar, since the other items (tasks, notes, contacts) sync appropriately if I don't sync the calendar.

    I've done multiple searches, and even found a Blackberry tech note about this error. The note discusses creating a more elaborate log file that is sent to Blackberry support for analysis.

    I've tried the suggestions I've seen in the forum for similar issues, i.e., created a new Outlook profile, performed a hard reset of the 7520, but nothing seems to help.

    --------------------------------------------------------------------------------------------------------

    Solution 1: In my case, I encountered this same problem when syncing with Exchange public folders (via USB). When I removed the public folders from the sync setup, the synchronization proceeded without a problem.

    To continue syncing with the Exchange Public Folders, turn OFF Cached Exchange Mode. One can still use the Cached Exchange mode in Outlook by letting Intellisync sync with an Outlook profile that does not use Cached Exchange mode, while letting Outlook default to a second profile that uses Cached Exchange mode.

    More info

    http://blackberryforums.pinstack.com/16673-cache_mode.html



    Environment




    Problem

    The user is unable to reconcile email between the BlackBerry device and the user's mailbox. The user is also receiving emails that say "Using Unknown 'Secure.'"

    Cause

    The Service Books on the handheld have become corrupted.

    Resolution

    To resolve this issue, complete the following steps:

    1. Create a new MAPI profile called BlackBerry. Do not use cached Exchange mode.
    2. In BlackBerry Desktop Manager, set the new profile as the default in Redirector Settings.
    3. Perform a security wipe on the BlackBerry device.
    4. Connect the BlackBerry device to the Desktop Manager to retrieve a new set of Service Books.


    Still having problems do this

     

    OK - here are some generic trouble shooting ideas, unfortunately I've never used Notes.

    First - delete the directory in C:\Documents and Settings\<<userID>>\Application Data\Research In Motion\BlackBerry\Intellisync

    Second - does Notes use some sort of profile to store information on how to get to the Domino server. I am trying to come up with an analogy for the Outlook Profile, which tends to get screwy with the Desktop Manager software.

    Third - are you running the latest Desktop Manager (3.6.2.9)?

    Ruth Miller

    Blackberry

    Blackberry Category

    Blackberry Sync Error 4238 with Outlook

    I have a 7520 that I synchronize (USB) with my corporate Outlook calendar, tasks, etc., using Desktop Manager. A few days ago during synchronization, I began getting an error message that the connection to the MS Exchange server was not available, and an "internal synchronization error #4238" in the sync log. This would terminate the synchronization. I've confirmed that it only effects the calendar, since the other items (tasks, notes, contacts) sync appropriately if I don't sync the calendar.

    I've done multiple searches, and even found a Blackberry tech note about this error. The note discusses creating a more elaborate log file that is sent to Blackberry support for analysis.

    I've tried the suggestions I've seen in the forum for similar issues, i.e., created a new Outlook profile, performed a hard reset of the 7520, but nothing seems to help.

    --------------------------------------------------------------------------------------------------------

    Solution 1: In my case, I encountered this same problem when syncing with Exchange public folders (via USB). When I removed the public folders from the sync setup, the synchronization proceeded without a problem.

    To continue syncing with the Exchange Public Folders, turn OFF Cached Exchange Mode. One can still use the Cached Exchange mode in Outlook by letting Intellisync sync with an Outlook profile that does not use Cached Exchange mode, while letting Outlook default to a second profile that uses Cached Exchange mode.

    More info

    http://blackberryforums.pinstack.com/16673-cache_mode.html



    Environment




    Problem

    The user is unable to reconcile email between the BlackBerry device and the user's mailbox. The user is also receiving emails that say "Using Unknown 'Secure.'"

    Cause

    The Service Books on the handheld have become corrupted.

    Resolution

    To resolve this issue, complete the following steps:

    1. Create a new MAPI profile called BlackBerry. Do not use cached Exchange mode.
    2. In BlackBerry Desktop Manager, set the new profile as the default in Redirector Settings.
    3. Perform a security wipe on the BlackBerry device.
    4. Connect the BlackBerry device to the Desktop Manager to retrieve a new set of Service Books.


    Still having problems do this

     

    OK - here are some generic trouble shooting ideas, unfortunately I've never used Notes.

    First - delete the directory in C:\Documents and Settings\<<userID>>\Application Data\Research In Motion\BlackBerry\Intellisync

    Second - does Notes use some sort of profile to store information on how to get to the Domino server. I am trying to come up with an analogy for the Outlook Profile, which tends to get screwy with the Desktop Manager software.

    Third - are you running the latest Desktop Manager (3.6.2.9)?

    Ruth Miller

    Email How-to for Blackbery


    Perhaps you bought your Blackberry second hand on Ebay and when you try to setup your email, it says there is already an account for your PIN.  There is a solution to that problem - call your provider (Verizon, Cingular etc) and ask them to reset it. But there is an alternative method that may even be better - use GMAIL.

    Gmail has a Blackberry Client which you can download.  Gmail itself has many nice features to allow you to retrieve mail from many other mail servers for various accounts as long as you know the POP or IMAP mail server name and your account name and password.  Gmail will allow you to set up filters for those accounts so that you can specify that only certain emails go to the Inbox for Gmail, so that you don't get Blackberry alerts every 3 minutes telling you there is new mail when it might be new mail you don't care about.

    You can setup filters and LABELS in Gmail for each account and how they should be handled.  So when you get an alert that you have a new mail on your Gmail account and your Blackberry has received it, you can get it to the point that you will know it is an important email.

    Furthermore, you can setup message filters if you retrieve your mail normally using Thunderbird.  I have message filters that move messages from certain users out of the Inbox and to folders and I have filters that forward all mail from a particular set of users to my business email address so that I get notified via Gmail. 

    Because I have set these all up with IMAP in Gmail, when I open All Mail on my Blackberry on my Gmail client, I can see all the headers for the non-urgent accounts and reply to them from the Blackberry and it will show as coming from those email accounts - not the Blackberry.

    When I want to clean out the mail sitting on the Blackberry Gmail client, instead of fussing with highlighting multiples with the trackwheel and the Shift-Del combo, I just open Gmail on my desktop computer and clear it all out there and then it clears it out from the Blackberry as well.

    Here is a discussion regarding Gmail vs Blackberry Internet Service for email on a Blackberry...
    Ruth Miller

    Blackberry Sync Hangs and Crashes Desktop Manager

    Blackberry Sync Hangs During Sync and Crashes Desktop Manager


    In this particular case, the sync was hanging during the Calendar Sync - which would generate a Windows error and then the Desktop Manager would crash. Bringing up Desktop Manager again, it would not detect the Blackberry unless you unplug and reconnect the Blackberry to the USB cable or if you reboot the server it is connected to (if working on this remotely). 

    The following steps resolved the issue:

    1. Disconnect the Blackberry from the usb cable
    2. Start Desktop Manager and choose Synchronize and then uncheck the box that says to Automatically Synchronize when connected
    3. Connect the Blackberry to the usb cable
    4. Immediately do a Backup/Restore and create a Backup
    5. When the Backup completes, choose Advanced
    6. You will see the data file sizes and number of items stored on the handheld and in the database backup you just made
    7. Select the sync item you are having trouble with on the Blackberry column and clear it. In my case, it was the Calendar. I selected the Calendar database item ON THE HANDHELD and chose CLEAR
    8. Now close the Backup/Restore and open Synchronize and choose Synchronize Now
    9. This should now be a smooth Sync
    10. Remember to re-check the box that says to Automatically Sync when connected
    Ruth Miller

    Palm

    Share Palm Calendar on Network for Viewing

    Needed to be able to have office secretary view the Palm Desktop calendar of the boss. Here is how we did it:

    1. In Palm Desktop on boss computer, under Tools ---> Options - change Data Directory path to a shared network drive.  IE   s:\shared\username\Palm Desktop
    2. Install Palm Desktop software on Secretary's computer - set it up with her own username - but skip the hardware sync step so it just installs the Palm Desktop
    3. Open the Palm Desktop one time on Secretary machine so it creates the data directory paths
    4. Create the following batch file - name it  with a .bat extension so it will run in DOS

    @echo off
    echo "Updating Calendar from Network for the Boss"
    s:
    cd JTJ*
    cd Palm*
    cd Boss
    cd datebook
    copy datebook.dat "C:\Documents and Settings\secretary_name\My Documents\Palm OS Desktop\secretary_name\datebook\datebook.dat"
    rem pause
    echo "Starting Palm Desktop....."
    PING -n 6 127.0.0.1 >nul
    call "C:\Program Files\Palm\Palm.exe"
    return
    exit

    Make sure your palm.exe is in the same path. You can check by looking at the properties of your Palm Desktop icon.
    Change the paths for your shared filesystem.

    A delay was inserted so that the new file is read before opening Palm Desktop. When opening too soon, it did not pick up the new file and created a blank one.
    Ruth Miller

    Fix Missing Profile in Palm Desktop

    How to Fix Missing Profile in Existing Palm Desktop Setup


    Problem:  

    You start up Palm Desktop with the intent of syncing your Palm and there is no profile found at all!   This could have happened if you have specified a network share drive for storing your Calendar data for the purpose of sharing the Calendar data and that shared drive is not available.

    Solution:  

    If Palm Desktop does not find your profile you simply need to find your users.dat file  on the shared drive or last known location and place it in the location where it defaults to look for this file which is your My Documents/Palm OS Desktop. Close Palm Desktop before copying the file there to the default location.

    Once you have copied the users.dat file there, open Palm Desktop and it should find your profile and your data (although it may be old local data) now.  At this point you can again point the Palm Desktop folder in Options to the shared drive if you like.  However, you must remove or rename the users.dat on the network drive location or it will tell you that the directory is in use by another user.

    This can occur if you are having problems with your network that make the shared drive unavailable when you start Palm Desktop up. If it cannot locate the users.dat file locally, it gives up and doesn't know anything about you.  Once this happens, it loses the connection to that shared drive so even if the shared drive connection is restored, Palm Desktop will not even start up to let you direct it to that shared drive location. So you must do this little trick to restore it.

    One word of caution - if you manually added your user again and then did a sync locally and THEN you do this move, it will delete the local folder when you point to the new location on the shared drive.  It is always a good idea to get a backup of your data just in case and you can do that in File - Export which creates an .mdb file with your data, which you can then restore to any other Palm Desktop software, even a different user.

    Here is another thing to consider. If you have Hotsync software loading on startup, sometimes it will try to locate your data on the network drive and if that drive is not available, you will be in the "no profiles" situation again.


    Ruth Miller

    Networking Palm Desktop

    [ Credit for this solution goes to a guy with a handle CactusJack on MobileRead.com forums]

    Networking Palm Desktop

    I recently had a customer who bought a TW and she wanted to have the Palm Desktop networked so her receptionist could make appts etc and then sync them to the Palm. But lo the desktop is not networkable, everyone agrees it cant be done various gurus, swamis and bagwans.

    I am not a man who like to be told I cant do it so a surfing I went and heres what I found.

    Networking Palm Desktop (Yes it works and works well)


    1) Install PDS to the first machine.
    2) Create all users you require in that Palm Desktop. Don't put the info into them yet.
    3) Close Palm Desktop
    4) Open the palm folder. Find the user folders, and delete then.
    5) Make sure the driver (or better yet, just the folder) that palm is installed to is set as shared, with create/modifiy access as well.

    6) Go to the second computer.
    7) Install Palm Desktop on the 2nd computer. (this is where it's critical that you have removed the user folders from the first palm folder)
    Create the user names, ensuring the are 100% the same as what you entered on the first
    9) Map a network drive on the 2nd computer, pointing to the palm folder on the 1st computer. Make sure you set this to connect at login
    10) In PDS on the 2nd computer, open tools, options. Change the data directory to the mapped drive from step 9


    Now hopefully at this point, the folder should be re-created back in the palm folder on the first computer. Two important notes:

    I) If you didn't remove (or rename) the user folders before starting the second installation, PDS will create a new folder with a different name, so each copy of PDS will be looking in different spots, and thus not sharing data.
    II) If the user names were not 100% identical, PDS will probably create a folder with a different user name, and therefore won't share data.


    At this point, if everything seems to be coming on well, test it out -- before going any further.
    - Open PDS on the 1st computer.
    - Enter some data into one of the apps
    - close PDS on computer 1

    - Open PDS on the 2nd computer.
    - Check to see if the info shows up on the 2nd computer.

    Problems and Fixes
    I got a message similar to "Can't use this location, another user is already using it."

    Fix:
    Try re-naming or removing the users.dat file from the palm folder.

    You may have to do this after every install on the other computers, except for the last.

    "Unable to use this directory, another user is already using it" or something like that.

    Fortunately, I found what seems to me to be an easier way.

    First, I installed Palm Desktop on the second computer (the first one already had all users up and running for a while).

    Then I strapped on my hard hat and went mining in the Registry on the second computer. There are two entries at:

    HKEY_CURRENT_USER

    SOFTWARE

    U.S. ROBOTICS

    PILOT DESKTOP

    CORE

    I changed the settings for PATH and DESKTOP PATH to refer to the networked series of files. It seems to work fine now!

    As was indicated in an earlier posting, there doesn't seem to be a problem with multiple users accessing the files, but changes aren't recognized by other Palm Desktops until the files are closed (close Palm Desktop, or switch to another User).

    IMPORTANT POINT: Each set of data is available to be opened by multiple users. BUT, if two users open the same set of data, and make changes, and then close, only the changes that were saved last will be recognized. i.e. Any time a data set is closed, it completely overwrites what was there before.



    Thanks to many and varied threads at Brighthand
    Disclaimers: Do this at your own risk!

    Ruth Miller

    Treo

    There are no articles in this category.

    How-To

    General How-To Category

    The 15 Minute Amanda Backup How-To

    This is not an original article - it has been saved from zmanda.com for reference purposes only.

    The 15-Minute Backup Solution

    Note: This setup was performed using Amanda 2.5.1p2 community edition.

    Secure Network Backups in a Heterogeneous Environment in the Time it Takes to Have Pizza Delivered (All Using Open Source Software!)

    By Lois Garcia and Pavel Pragin
    The Problem

    Today's businesses rarely run on just one operating system. Linux users and administrators often have strong preferences for one distribution over another; web designers might lean towards the Mac; legacy software and hardware can include various UNIX operating systems. Despite the complexity of modern business computing environments, a system administrator is expected to find a reliable backup solution.

    Even in the case where users are expected to keep important files on networked resources, for true intellectual data security, desktop machines and laptops will also be backed up. The price of hard disk storage is continuously falling, bringing terabytes of storage within reach, and increasing the amount of data that can potentially be lost. (The amount of data that you have will always expand to fit the storage available; as the golden rule states.) We live in a global and e-commerce economy, where businesses run around the clock and crucial business data changes commensurately.

    The Challenge

    For our 15-minute challenge, you will backup two Linux systems (each running a different Linux distribution) and one Windows system, using freely downloadable open source software.

    Our scenario is as follows:

    The user "pavel" works with sensitive information. We need to make an encrypted backup of his home directory, /home/pavel, which resides on a Fedora Core Linux system called Iron. Our webmaster needs the webserver's document home backed up, the /var/www/html directory on a SUSE Enterprise Linux system called Copper. Our manager works solely on a Windows XP system called Uranium, and keeps all of his work in the MyDocuments folder, so we will need to add //Uranium/MyDocuments to our backup configuration.

    The Solution: Amanda

    Amanda is open-source backup software that is flexible, secure and scalable to dynamic computing environments. Amanda can save you from expensive proprietary backup software and those custom backup scripts that have a propensity to break at the worst times. Dating back to 1991, Amanda has been used successfuly in environments from one standalone machine to hundreds of clients. Amanda is so thoroughly documented, from community wikis to published system administration texts, that it might be hard to discern just how easy an Amanda backup can be.

    This article will show you how, in about 15 minutes, you can:

    1. Install and configure the Amanda backup server.

    2. Prepare three different clients for backup.

    3. Set backup parameters.

    4. Verify the configuration.

    5. Verify the backup.

    [-PAGE-]

    We will install and configure Amanda backup server software on Quartz, which is running Red Hat Enterprise Linux. We will install and configure Amanda backup client software on Copper and on Iron. The Windows XP client, Uranium, will be backed up with Amanda server software running in conjunction with Samba on the backup server, Quartz.

    Client

    Filesystem

    OS

    Compression

    Encryption

    Copper

    /var/www/html

    SLES9

    Yes

    No

    Iron

    /home/pavel

    FC4

    Yes

    Yes

    Uranium

    //uranium/MyDocuments*

    WINXP

    Yes

    No

    * using Samba (i.e. without installing any software on the Windows system)

    chart - 15 minute setup

    Amanda gives you the capability to use disk storage as backup media. Configuring, initiating and verifying a backup will complete the backup cycle, all in less than the time it takes for a pizza to be delivered!

    Prerequisites

    The basic Amanda setup consists of an Amanda server, the Amanda client or clients that are to be backed up, and the backup storage media such as a tape or hard disk device. An intermediate holding area for caching data is not absolutely necessary, but will improve performance significantly and is considered part of a basic setup.

    Before we begin, please review the introduction to Amanda. Then, note the following prerequisites:

    To support the encrypted backup of /home/pavel on Iron, the following packages should be installed and available on Iron:

    Also note that this article assumes a fresh install of Amanda. If you have an existing Amanda installation, additional steps are needed to ensure the proper upgrade to the latest Amanda release, (2.5.1p2 and later).

    TIP: You can copy and paste all of the examples here, making appropriate modifications for your environment.

    Order Pizza

    Call your favorite pizza delivery place, set your stopwatch and...

    Install and Configure the Amanda Backup Server

    1.    Log in as root on Quartz, the Red Hat Enterprise Linux 4 server.

    2.    Install the Amanda 2.5.1p2 amanda-backup_server RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

    [root@quartz server]# rpm -ivh amanda-backup_server-2.5.1p2-1.rhel4.i386.rpm

    warning: amanda-backup_server-2.5.1p2-1.rhel4.i386.rpm: V3 DSA signature: NOKEY, key ID 3c5d1c92
    Preparing...                ########################################### [100%]
    Jan  5 2007 12:12:55: Preparing to install: Amanda Community Edition - version 2.5.1p2
    Jan  5 2007 12:12:55: Checking for 'amandabackup' user...
    Jan  5 2007 12:12:55:
    Jan  5 2007 12:12:55:  The Amanda backup software is configured to operate as the
    Jan  5 2007 12:12:55:  user 'amandabackup'.  This user exists on your system and has not
    Jan  5 2007 12:12:55:  been modified.  To ensure that Amanda functions properly,
    Jan  5 2007 12:12:56:  please see that the following parameters are set for that
    Jan  5 2007 12:12:56:  user.:
    Jan  5 2007 12:12:56:
    Jan  5 2007 12:12:56:  SHELL:          /bin/sh
    Jan  5 2007 12:12:56:  HOME:           /var/lib/amanda
    Jan  5 2007 12:12:56:  Default group:  disk
    Jan  5 2007 12:12:56:
    Jan  5 2007 12:12:56:  Checking ownership of '/var/lib/amanda'... correct.
    Jan  5 2007 12:12:57:
    Jan  5 2007 12:12:57: === Amanda backup server installation started. ===

       1:amanda-backup_server   ########################################### [100%]

    Jan  5 2007 12:13:05: Updating system library cache...done.
    Jan  5 2007 12:13:21: Installing '/etc/amandates'.
    Jan  5 2007 12:13:21: The file '/etc/amandates' has been created.
    Jan  5 2007 12:13:21: Ensuring correct permissions for '/etc/amandates'.
    Jan  5 2007 12:13:21: '/etc/amandates' Installation successful.
    Jan  5 2007 12:13:22: Checking '/var/lib/amanda/.amandahosts' file.
    Jan  5 2007 12:13:22: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
    Jan  5 2007 12:13:23: Setting ownership and permissions for '/var/lib/amanda/.profile'
    Jan  5 2007 12:13:23: === Amanda backup server installation complete. ===
    Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

    3.    The Amanda services are started by the extended internet daemon, xinetd, which is why you must have xinetd installed on every Amanda server and client. In any text editor, create one xinetd startup file, /etc/xinetd.d/amandaserver , with content as follows.

    For the /etc/xinetd.d/amandaserver file, on Quartz:

    # default: on
    #
    # description: Amanda services for Amanda server and client.
    #
    service amanda
    {
            disable         = no
            socket_type     = stream
            protocol        = tcp
            wait            = no
            user            = amandabackup
            group           = disk
            groups          = yes
            server          = /usr/lib/amanda/amandad
            server_args     = -auth=bsdtcp amdump amindexd amidxtaped
    }

    4.    Restart xinetd on Quartz.

    [root@quartz xinetd.d]# service xinetd reload
    Reloading configuration:                                   [  OK  ]

    5.    Note the time. Only about five minutes should have passed!

    [-PAGE-]

    Install and Configure Three Different Amanda Clients

    Installation of Amanda Client RPM on Iron (FC4)

    1.    Log in as root on Iron, your Fedora Core 4 client.

    2.    Install the Amanda 2.5.1p2 backup_client RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

    [root@iron client]# rpm -ivh amanda-backup_client-2.5.1p2-1.fc4.i386.rpm
    warning: amanda-backup_client-2.5.1p2-1.fc4.i386.rpm: Header V3 DSA signature: NOKEY, key ID 3c5d1c92
    Preparing...                ########################################### [100%]
    Jan  5 2007 10:17:16: Preparing to install: Amanda Community Edition - version 2.5.1p2
    Jan  5 2007 10:17:16: Checking for 'amandabackup' user...
    Jan  5 2007 10:17:16:
    Jan  5 2007 10:17:16:  The Amanda backup software is configured to operate as the
    Jan  5 2007 10:17:17:  user 'amandabackup'.  This user exists on your system and has not
    Jan  5 2007 10:17:17:  been modified.  To ensure that Amanda functions properly,
    Jan  5 2007 10:17:17:  please see that the following parameters are set for that
    Jan  5 2007 10:17:17:  user.:
    Jan  5 2007 10:17:17:
    Jan  5 2007 10:17:17:  SHELL:          /bin/sh
    Jan  5 2007 10:17:17:  HOME:           /var/lib/amanda
    Jan  5 2007 10:17:17:  Default group:  disk
    Jan  5 2007 10:17:17:
    Jan  5 2007 10:17:17:  Checking ownership of '/var/lib/amanda'... correct.
    Jan  5 2007 10:17:17:
    Jan  5 2007 10:17:17: === Amanda backup client installation started. ===

       1:amanda-backup_client   ########################################### [100%]

    Jan  5 2007 10:17:21: Updating system library cache...done.
    Jan  5 2007 10:17:30: Checking '/var/lib/amanda/.amandahosts' file.
    Jan  5 2007 10:17:31: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
    Jan  5 2007 10:17:31: Setting ownership and permissions for '/var/lib/amanda/.profile'
    Jan  5 2007 10:17:31: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
    Jan  5 2007 10:17:31: Setting ownership and permissions for '/var/lib/amanda/.profile'
    Jan  5 2007 10:17:31: === Amanda backup client installation complete. ===
    Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

    3.    In any text editor, create an xinetd startup file, /etc/xinetd.d/amandaclient, with content as follows.

    # default: on
    #
    # description: Amanda services for Amanda client.
    #
    service amanda
    {
            disable         = no
            socket_type     = stream
            protocol        = tcp
            wait            = no
            user            = amandabackup
            group           = disk
            groups          = yes
            server          = /usr/lib/amanda/amandad
            server_args     = -auth=bsdtcp amdump
    }

    4.    Restart xinetd on Iron.

    [root@ironxinetd.d]# service xinetd reload
    Reloading configuration:                                   [  OK  ]

    5.    Become the amandabackup user and append the line "quartz.zmanda.com amandabackup amdump" to the /var/lib/amanda/.amandahosts file on Iron. This allows Quartz, the Amanda backup server, to connect to Iron, the Amanda client.

    Note that you should use fully qualified domain names when configuring Amanda.

    -bash-3.00$ echo quartz.zmanda.com amandabackup amdump >> /var/lib/amanda/.amandahosts
    -bash-3.00$ chmod 700 /var/lib/amanda/.amandahosts

    6.    Save the passphrase as a hidden file in the home directory of the amandabackup user. Protect the file with the proper permissions.

    As the user amandabackup: 

    -sh-3.00$ chown amandabackup:disk ~amandabackup/.am_passphrase
    -sh-3.00$ chmod 700 ~amandabackup/.am_passphrase

    7.    Create a script that enables encryption on the client Iron.

    As root create a file /usr/sbin/amcryptsimple:
     

    #!/usr/bin/perl -w
    use Time::Local;
    my $AMANDA='amandabackup';
    $AMANDA_HOME = (getpwnam($AMANDA) )[7] || die "Cannot find $AMANDA home directory\n" ;
    $AM_PASS = "$AMANDA_HOME/.am_passphrase";
    $ENV{'PATH'} = '/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin';
    $ENV{'GNUPGHOME'} = "$AMANDA_HOME/.gnupg";
    sub encrypt() {

       system "gpg --batch --disable-mdc --symmetric --cipher-algo AES256 --passphrase-fd 3  3<$AM_PASS";}
    sub decrypt() {

        system "gpg --batch --quiet --no-mdc-warning --decrypt --passphrase-fd 3  3<$AM_PASS";
    }
    if ( $#ARGV > 0 ) {

        die "Usage: $0 [-d]\n";
    }
    if ( $#ARGV==0 && $ARGV[0] eq "-d" ) {

       decrypt();
    }
    else {

       encrypt();
    }

    7.    Change the owership and the permissions on the file /usr/sbin/amcryptsimple you just created:

    [root@iron sbin]# chown amandabackup:disk /usr/sbin/amcryptsimple
    [root@iron sbin]# chmod 750 /usr/sbin/amcryptsimple

    9.    This completes configuration of the Amanda client on Iron.

    [-PAGE-]

    Installation of Amanda Client RPM on Copper (SLES9)

    1.    Log in as the root user on Copper, your SUSE Linux Enterprise Server 9 client.

    2.    Install the Amanda 2.5.1p2 backup_client RPM. Installing the package also creates a user named amandabackup who belongs to the group disk.

    copper:/ # rpm -ivh amanda-backup_client-2.5.1p2-1.sles9.i586.rpm
    warning: amanda-backup_client-2.5.1p2-1.sles9.i586.rpm: V3 DSA signature: NOKEY, key ID 3c5d1c92

    Preparing...                ########################################### [100%]

    Jan  5 2007 07:20:21: Preparing to install: Amanda Community Edition - version 2.5.1p2
    Jan  5 2007 07:20:21: Checking for 'amandabackup' user...
    Jan  5 2007 07:20:21:
    Jan  5 2007 07:20:21:  The Amanda backup software is configured to operate as the
    Jan  5 2007 07:20:21:  user 'amandabackup'.  This user exists on your system and has not
    Jan  5 2007 07:20:21:  been modified.  To ensure that Amanda functions properly,
    Jan  5 2007 07:20:21:  please see that the following parameters are set for that
    Jan  5 2007 07:20:22:  user.:
    Jan  5 2007 07:20:22:
    Jan  5 2007 07:20:22:  SHELL:          /bin/sh
    Jan  5 2007 07:20:22:  HOME:           /var/lib/amanda
    Jan  5 2007 07:20:22:  Default group:  disk
    Jan  5 2007 07:20:22:
    Jan  5 2007 07:20:22:  Checking ownership of '/var/lib/amanda'... correct.
    Jan  5 2007 07:20:22:
    Jan  5 2007 07:20:22: === Amanda backup client installation started. ===

       1:amanda-backup_client   ########################################### [100%]

    Jan  5 2007 07:20:26: Updating system library cache...done.
    Jan  5 2007 07:20:26: Checking '/var/lib/amanda/.amandahosts' file.
    Jan  5 2007 07:20:27: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
    Jan  5 2007 07:20:27: Setting ownership and permissions for '/var/lib/amanda/.profile'
    Jan  5 2007 07:20:27: Checking for '/var/lib/amanda/.profile' and ensuring correct environment.
    Jan  5 2007 07:20:27: Setting ownership and permissions for '/var/lib/amanda/.profile'
    Jan  5 2007 07:20:27: === Amanda backup client installation complete. ===
    Amanda installation log can be found in '/var/log/amanda/install.log' and errors (if any) in '/var/log/amanda/install.err'.

    3.    In any text editor, create an xinetd startup file, /etc/xinetd.d/amandaclient, with content as follows.

    # default: on
    #
    # description: Amanda services for Amanda client.
    #
    service amanda
    {
            disable         = no
            socket_type     = stream
            protocol        = tcp
            wait            = no
            user            = amandabackup
            group           = disk
            groups          = yes
            server          = /usr/lib/amanda/amandad
            server_args     = -auth=bsdtcp amdump
    }

    5.  Restart xinetd on Copper.

    copper:/ # /etc/rc.d/xinetd restart
    Reload INET services (xinetd).                                       done

    6.  Become the amandabackup user and append the line "quartz.zmanda.com amandabackup amdump" to the /var/lib/amanda/.amandahosts file on Copper. This allows Quartz, the Amanda backup server, to connect to Copper, the Amanda client.
    Note that you should use fully qualified domain names when configuring Amanda.

    -bash-3.00$ echo quartz.zmanda.com amandabackup amdump >> /var/lib/amanda/.amandahosts
    -bash-3.00$ chmod 700 /var/lib/amanda/.amandahosts

    7.    This completes configuration of the Amanda client on Copper. If you check your watch, you should find that only about ten minutes have passed!


    Configurations Required to Backup Windows Client Uranium

    ·       Configuration done on backup server Quartz:

    1.    The file /etc/amandapass must be created manually, owned by the amandabackup user and have permissions of 700. The amandapass file contains share name to user name, password and workgroup mapping.

    As the root user:

    [root@quartz /]# echo //uranium/MyDocuments zmanda%amanda Workgroup >> /etc/amandapass

    2.    Change the ownership and permissions on this file:

    [root@quartz etc]# chown amandabackup:disk /etc/amandapass
    [root@quartz etc]# chmod 700 /etc/amandapass

    ·       Configuration done on Windows client Uranium:

    The directory getting backed up must be shared from Windows and must be
    accessible by the Windows user zmanda with the password amanda.

    [-PAGE-]

    Set Backup Parameters

    1.    On Quartz, as the amandabackup user, create the Amanda configuration directory.

    [root@quartz etc]# su - amandabackup
    -bash-3.00$ mkdir /etc/amanda/DailySet1

    2.    Copy the /var/lib/amanda/example/amanda.conf file to the /etc/amanda/DailySet1 directory. The amanda.conf file is the most important file for configuring your Amanda setup.

    -bash-3.00$ cp /var/lib/amanda/example/amanda.conf /etc/amanda/DailySet1

    3.    The sample amanda.conf distributed with Amanda is over 700 lines long and is extensively commented. For more information, search for amanda.conf on the Amanda wiki. We will focus on just a few lines and make minimal modifications.

    Open /etc/amanda/DailySet1/amanda.conf with any text editor and edit it to suit your environment.

    ·       The following lines control some details specific to your organization and to your tape configuration.

    org "YourCompanyName"                          # your organization name for reports
    mailto "root@localhost"                        # space separated list of operators at your site
    tpchanger "chg-disk"                           # the tape-changer glue script
    tapedev "file://space/vtapes/DailySet1/slots"  # the no-rewind tape device to be used
    tapetype HARDDISK                              # use hard disk intead of tapes (vtape config)

    ·       We add the following lines to specify the size of the virtual tapes:

    define tapetype HARDDISK {
     length 100000 mbytes
    }

    ·       We add the following lines to support the encrypted backup of /home/pavel on Iron:

    define dumptype encrypt-simple {
    root-tar
    comment "client simple symmetric encryption, dumped with tar"

    encrypt client
    compress fast
    client_encrypt "/usr/sbin/amcryptsimple"
    client_decrypt_option "-d"
    }

          . Go to the “define dumptype global” section in the amanda.conf file and add the “auth "bsdtcp"” line right before the last “}” bracket. This is done to enable “BSDTCP” authentication.

    # index yes
    # record no
    # split_diskbuffer "/raid/amanda"
    # fallback_splitsize 64m
    auth "bsdtcp"

    4.    As the root user, create a cache directory to use as a holding disk.

    [root@quartz ~]# mkdir -p /dumps/amanda
    [root@quartz ~]# chown amandabackup:disk /dumps/amanda
    [root@quartz ~]# chmod 750 /dumps/amanda

    5.    Create the virtual tapes. Dedicated directories are used as “virtual tapes” called vtapes. You work with vtapes in the same way that you work with physical tapes. Vtapes can even simulate tape changers, as you will see in our example.

    For security reasons, limit access to the vtapes directory to the amandabackup user.

    As the root user:

    [root@quartz ~]# mkdir -p /space/vtapes
    [root@quartz ~]# chown amandabackup:disk /space/vtapes
    [root@quartz ~]# chmod 750 /space/vtapes

    As the amandabackup user:

    -bash-3.00$ touch /etc/amanda/DailySet1/tapelist
    -bash-3.00$ mkdir -p /space/vtapes/DailySet1/slots
    -bash-3.00$ cd /space/vtapes/DailySet1/slots
    -bash-3.00$ for ((i=1; $i<=25; i++)); do mkdir  slot$i;done
    -bash-3.00$ ln -s slot1 data

    6.    Test the virtual tape setup.

    -bash-3.00$ ammt -f file:/space/vtapes/DailySet1/slots status
    file:/space/vtapes/DailySet1/slots
    status: ONLINE

    7.    Just as with physical tapes, the virtual tapes now need to be labeled. (Please note that the output below has been truncated.)

    bash-3.00$ for ((i=1; $i<=9;i++)); do amlabel DailySet1 DailySet1-0$i slot $i; done
    changer: got exit: 0 str: 1 file://space/vtapes/DailySet1/slots
    labeling tape in slot 1 (file://space/vtapes/DailySet1/slots):
    rewinding, reading label, not an amanda tape (Read 0 bytes)
    rewinding, writing label DailySet1-01, checking label, done.
    ...
    changer: got exit: 0 str: 9 file://space/vtapes/DailySet1/slots
    labeling tape in slot 9 (file://space/vtapes/DailySet1/slots):
    rewinding, reading label, not an amanda tape (Read 0 bytes)
    rewinding, writing label DailySet1-09, checking label, done.

    -bash-3.00$ for ((i=10; $i<=25;i++)); do amlabel DailySet1 DailySet1-$i slot $i; done
    changer: got exit: 0 str: 10 file://space/vtapes/DailySet1/slots
    labeling tape in slot 10 (file://space/vtapes/DailySet1/slots):
    rewinding, reading label, not an amanda tape (Read 0 bytes)

     rewinding, writing label DailySet1-10, checking label, done.
    ...
    changer: got exit: 0 str: 25 file://space/vtapes/DailySet1/slots
    labeling tape in slot 25 (file://space/vtapes/DailySet1/slots):
    rewinding, reading label, not an amanda tape (Read 0 bytes)
    rewinding, writing label DailySet1-25, checking label, done.

    8.    Now we need to reset the virtual tape changer back to the first slot.

    -bash-3.00$ amtape DailySet1 reset
    changer: got exit: 0 str: 1
    amtape: changer is reset, slot 1 is loaded.

    9.    Create an /etc/amanda/DailySet1/disklist file in the Amanda configuration directory. The disklist contains the fully qualified backup client names, the directory or directories to be backed up and the dumptype.

    copper.zmanda.com /var/www/html comp-user-tar
    iron.zmanda.com /home/pavel encrypt-simple
    quartz.zmanda.com //uranium/MyDocuments comp-user-tar

    10.                        As the user amandabackup, append the following lines to the /var/lib/amanda/.amandahosts file to allow the backup clients to connect back to the server when doing restores. Specify fully qualified domain names.

    iron.zmanda.com root amindexd amidxtaped
    copper.zmanda.com root amindexd amidxtaped
    quartz.zmanda.com root amindexd amidxtaped
    quartz.zmanda.com amandabackup admump

    11.                        Create a cron job that will execute amdump and initiate your backups automatically. As the amandabackup user, run crontab -e,and add the following line to run backups Monday through Friday at 1am.

    0 1 * * 1-5 /usr/sbin/amdump DailySet1


    [-PAGE-]

    Verify Your Configuration

    1.    On Quartz, as amandabackup, run the amcheck tool to verify that you can successfully perform a backup.

    -bash-3.00$ amcheck DailySet1
    Amanda Tape Server Host Check
    -----------------------------
    Holding disk /dumps/amanda: 16714488 KB disk space available, using 16612088 KB
    slot 1: read label `DailySet1-01', date `X'
    NOTE: skipping tape-writable test
    Tape DailySet1-01 label ok
    NOTE: conf info dir /etc/amanda/DailySet1/curinfo does not exist
    NOTE: it will be created on the next run.
    NOTE: index dir /etc/amanda/DailySet1/index does not exist
    NOTE: it will be created on the next run.
    Server check took 4.259 seconds
    Amanda Backup Client Hosts Check
    --------------------------------
    Client check: 3 hosts checked in 27.097 seconds, 0 problems found
    (brought to you by Amanda 2.5.1p2)


    Run a Backup

    1.    On Quartz, as amandabackup, run amdump to start the DailySet1 backup.

    -bash-3.00$ amdump DailySet1

    2.    Amanda will email a detailed status report from the amandabackup user to you, the root user on Quartz.

    From amandabackup@quartz.zmanda.com  Fri Jan  5 13:04:20 2007
    Date: Fri, 5 Jan 2007 13:04:19 -0800
    From: Amanda user <amandabackup@quartz.zmanda.com>
    To: root@quartz.zmanda.com
    Subject: YourCompanyName AMANDA MAIL REPORT FOR January 5, 2007

    These dumps were to tape DailySet1-02.
    The next tape Amanda expects to use is: a new tape.
    The next new tape already labelled is: DailySet1-02.

    STATISTICS:
                              Total       Full      Incr.
                            --------   --------   --------

    Estimate Time (hrs:min)    0:00
    Run Time (hrs:min)         0:00
    Dump Time (hrs:min)        0:00       0:00       0:00
    Output Size (meg)           3.5        3.5        0.0
    Original Size (meg)        11.8       11.8        0.0
    Avg Compressed Size (%)    29.7       29.7        --
    Filesystems Dumped            3          3          0
    Avg Dump Rate (k/s)       292.8      292.8        --
    Tape Time (hrs:min)        0:00       0:00       0:00
    Tape Size (meg)             3.7        3.7        0.0
    Tape Used (%)               0.0        0.0        0.0
    Filesystems Taped             3          3          0
    Chunks Taped                  0          0          0
    Avg Tp Write Rate (k/s)  8509.1     8509.1        --
     

    USAGE BY TAPE:

      Label              Time      Size      %    Nb    Nc
      DailySet1-02       0:00     3744K    0.0     3     0 

    NOTES:
      planner: Forcing full dump of copper.zmanda.com:/var/www/html as directed.
      planner: Forcing full dump of iron.zmanda.com:/home/pavel as directed.
      planner: Forcing full dump of quartz.zmanda.com://uranium/MyDocuments as directed.
      taper: tape DailySet1-02 kb 3744 fm 3 [OK]

    DUMP SUMMARY:
                                           DUMPER STATS               TAPER STATS
    HOSTNAME     DISK        L ORIG-KB  OUT-KB  COMP%  MMM:SS   KB/s MMM:SS   KB/s
    -------------------------- ------------------------------------- -------------
    copper.zmand -r/www/html 0    7640    2336   30.6    0:03  910.6   0:00 8680.7
    iron.zmanda. /home/pavel 0    3530    1024   29.0    0:07  149.1   0:00 12486.1
    quartz.zmand -yDocuments 0     960     384   40.0    0:03  101.0   0:00 4295.3
    (brought to you by Amanda version 2.5.1p2)

    3.    You can also run the tool amadmin with a find argument for a quick summary of what has been backed up.

    -bash-3.00$ amadmin DailySet1 find
    Scanning /dumps/amanda...

    date                host              disk                  lv tape or file file part status
    2007-01-05 13:04:03 copper.zmanda.com /var/www/html          0 DailySet1-02    2   -- OK
    2007-01-05 13:04:03 iron.zmanda.com   /home/pavel            0 DailySet1-02    3   -- OK
    2007-01-05 13:04:03 quartz.zmanda.com //uranium/MyDocuments  0 DailySet1-02    1   -- OK

  • Success!

    In just about 15 minutes, we installed and configured a secure, heterogeneous network backup, verified our configurations and ran a backup. We did it with freely downloadable open source software that you can install from binaries or compile for your unique needs. The pizza, which should be getting delivered right about now, will be that much more enjoyable with the clear conscience and peace of mind that comes with knowing that your data is secure.

  • [-PAGE-]
    Recovery
     
  • Based on feedback received on our forums we are adding a section that shows the ability to do a restore.

    1. On Copper, as root, create the "/etc/amanda" directory.

    copper:~ # mkdir /etc/amanda

    copper:~ # chown amandabackup:disk /etc/amanda


    2. As amandabackup, create a file "/etc/amanda/amanda-client.conf" and insert the lines below in to the file.

    # amanda.conf - sample Amanda client configuration file.
    #
    # This file normally goes in /etc/amanda/amanda-client.conf.
    #
    conf "DailySet1" # your config name

    index_server "quartz.zmanda.com" # your amindexd server

    tape_server "quartz.zmanda.com" # your amidxtaped server

    #tapedev "/dev/null" # your tape device
    # auth - authentication scheme to use between server and client.
    # Valid values are "bsd", "bsdudp", "bsdtcp" and "ssh".
    # Default: [auth "bsdtcp"]

    auth "bsdtcp"

    # your ssh keys file if you use ssh auth

    ssh_keys "/var/lib/amanda/.ssh/id_rsa_amrecover"


    3. As root run "amrecover" to initiate the data recovery process.

    copper:/etc/amanda # amrecover
    AMRECOVER Version 2.5.1p2. Contacting server on quartz.zmanda.com ...
    220 quartz AMANDA index server (2.5.1p2) ready.
    Setting restore date to today (2007-01-08)
    200 Working date set to 2007-01-08.
    200 Config set to DailySet1.
    501 Host copper is not in your disklist.
    Trying host copper.zmanda.com ...
    200 Dump host set to copper.zmanda.com.
    Use the setdisk command to choose dump disk to recover
    amrecover>


    4. The list of commands below will demonstrate a recovery of a set of different files and directories to the "/tmp" directory.

    amrecover> listdisk
    200- List of disk for host copper.zmanda.com
    201- /var/www/html
    200 List of disk for host copper.zmanda.com
    amrecover> setdisk /var/www/html
    200 Disk set to /var/www/html.
    amrecover> ls
    2007-01-05-13-04-03 tar-1.15/
    2007-01-05-13-04-03 .
    amrecover> cd tar-1.15
    /var/www/html/tar-1.15
    amrecover> ls
    2007-01-05-13-04-03 scripts/
    2007-01-05-13-04-03 doc/
    2007-01-05-13-04-03 configure
    2007-01-05-13-04-03 config/
    2007-01-05-13-04-03 COPYING
    2007-01-05-13-04-03 AUTHORS
    2007-01-05-13-04-03 ABOUT-NLS
    amrecover> add scripts/
    Added dir /tar-1.15/scripts/ at date 2007-01-05-13-04-03
    amrecover> add configure
    Added file /tar-1.15/configure
    amrecover> add doc/
    Added dir /tar-1.15/doc/ at date 2007-01-05-13-04-03
    amrecover> lcd /tmp
    amrecover> extract
    Extracting files using tape drive chg-disk on host quartz.zmanda.com.
    The following tapes are needed: DailySet1-02
    Restoring files into directory /tmp
    Continue [?/Y/n]? y
    Extracting files using tape drive chg-disk on host quartz.zmanda.com.
    Load tape DailySet1-02 now
    Continue [?/Y/n/s/t]? y
    ./tar-1.15/doc/
    ./tar-1.15/scripts/
    ./tar-1.15/configure
    ./tar-1.15/doc/Makefile.am
    ./tar-1.15/doc/Makefile.in
    ./tar-1.15/doc/convtexi.pl
    ./tar-1.15/doc/fdl.texi
    ./tar-1.15/doc/freemanuals.texi
    ./tar-1.15/doc/getdate.texi
    ./tar-1.15/doc/header.texi
    ./tar-1.15/doc/stamp-vti
    ./tar-1.15/doc/tar.info
    ./tar-1.15/doc/tar.info-1
    ./tar-1.15/doc/tar.info-2
    ./tar-1.15/doc/tar.texi
    ./tar-1.15/doc/version.texi
    ./tar-1.15/scripts/Makefile.am
    ./tar-1.15/scripts/Makefile.in
    ./tar-1.15/scripts/backup-specs
    ./tar-1.15/scripts/backup.in
    ./tar-1.15/scripts/backup.sh.in
    ./tar-1.15/scripts/dump-remind.in
    ./tar-1.15/scripts/restore.in
    amrecover> quit
    200 Good bye.


    5. We can now verify that the files have been recovered successfully by running run the following command.

    copper:/ # tree /tmp/tar-1.15
    /tmp/tar-1.15
    |-- configure
    |-- doc
    | |-- Makefile.am
    | |-- Makefile.in
    | |-- convtexi.pl
    | |-- fdl.texi
    | |-- freemanuals.texi
    | |-- getdate.texi
    | |-- header.texi
    | |-- stamp-vti
    | |-- tar.info
    | |-- tar.info-1
    | |-- tar.info-2
    | |-- tar.texi
    | `-- version.texi
    `-- scripts
    |-- Makefile.am
    |-- Makefile.in
    |-- backup-specs
    |-- backup.in
    |-- backup.sh.in
    |-- dump-remind.in
    `-- restore.in


    2 directories, 21 files

    For more information about Amanda, please visit http://amanda.zmanda.com.

  • Ruth Miller

    Amanda Windows client wiki


    Amanda Windows Client How-To


    Amanda windows client is a packaged version (Microsoft installer) of Amanda client for Windows. It is built from the Amanda sourceforge tree.

    [edit]

    Downloads

    the HTML link will not work in some browsers.

    [edit]

    Supported versions

    [edit]

    Installation

    The Amanda Windows client package uses the Microsoft Windows installer and includes Amanda client dependencies (Gnu tar, GnuZip, OpenSSH) as part of the package. This Windows client uses Cygwin and will install Cygwin binaries. If you have Cygwin installed, this package may not work.

    [edit]

    Pre-installation checklist

    You will need:

     The Amanda server should be accessible and should be part of
    your network's LDAP/DNS name services.
     Example: TestConfig.
     ssh provides a more secure backup but will require
    additional steps to configure.


    Windows client installation creates two Amanda users: amandabackup and amandaroot.

     The Amanda Maintenance Shell runs with amandabackup
    access rights and is used for all Amanda operations except recovery.

     amandaroot is used for all Amanda recovery operations.
    The amrecover and amoldrecover programs are run using
    Amanda Data Recovery Shell shell with amandaroot
    access rights.

    Installation on Windows Server 2003 also requires user sshd_server to be created.

    [edit]

    Client installation

    You must have Administrator privileges in order to install Amanda Backup Client.

    To install Amanda simply double-click on the downloaded package and the first screen in the installation process will appear:

    Page 1 - Copyright information


    This screen of the Amanda installation wizard gives you an opportunity to cancel or continue the installation.

    Click Next to proceed with the installation process.


    Page 2 - Network Authentication Selection


    Select the desired authentication method to be used between the Windows client and the Amanda server.

    Select BSDTCP if the network is secure enough and performance is an issue.
    Select SSH if network security is an issue.

    Click Next when the correct authorization is selected.


    Page 3 - Server Configuration


    The parameters are:

     This must be the fully qualified domain name of the tape/index server.
    The server should be available for access during the installation process.
     The installation process will use the provided name to create a working
    set of amanda client configuration files.
     If the configuration already exists it will not be overwritten or
    modified by the installer.
     This parameter is ignored for bsdtcp authentication.
    For ssh authentication this will normally this will be amandabackup.
     Another user with access to /var/lib/amanda/.ssh/authorized_keys may be used.
     Leaving this field blank will force the installer to skip the ssh key exchange.
    Instructions for setting up manually will be printed out at the end of the
    installation process.

    Click Next when finished editing the server parameters.


    Page 4 - Set User and Group Names
     This screen allows entry of standard account names for non-english installations.
    Only change these values if you are installing on an non-english version of Windows and the standard
    account names differ from those shown on the screen.

    Click Next when the account names are correct.


    Page 5 - Confirm installation


    This is the last point at which you can change your installation settings before beginning the actual installation. Please consider your choices carefully, as later changes will require manual modifications to configuration files. To modify your settings, click Back.

    Click Next if the supplied parameters are acceptable.


    Page 6 - Installation progress


    The installer will continue automatically to the next screen.

    [-PAGE-]


    Page 7 - Enter Password

    After the basic files are loaded on the client a post-installation script is run. Output from the post-installation process will be displayed in a command shell and also logged to /tmp/amanda/amanda_install.log.

    The first thing the script does is ask for a password to be used when setting up local accounts:
    Amanda requires an amandabackup user and an amandaroot user for normal operations. The installer will create any required account with the password supplied here.

    Amanda accounts will not be displayed on the login screen or in the user manager program.

     net user amandabackup <New Password>
     net user amandaroot <New Password>

    It is important to remember the password: it will be required every time an Amanda Maintainence Shell or an Amanda Data Recovery Shell is started.


    Page 8 - Server Key Exchange

    If SSH authentication is selected the ssh is used to swap keys with the server. You may be prompted for acceptance of the server's fingerprint and password at this point:
    The installation process will proceed after required information is entered.


    Page 9 - Confirm Successful Installation

    If everything has gone well then the following screen will be displayed:
    Press return or enter to proceed.


    Page 10 - Confirm With Additional Instructions

    If there were problems then instructions on how to correct the problems manually will be displayed:
    Follow the displayed instructions to manually complete the installation.

    Press return or enter to proceed.


    Page 11 - Installation Complete

    The end of the configuration process displays a confirmation screen which informs you of a successful Amanda installation.
    Click Close and you are done.


    If ssh authentication is used then you now need to exchange transfer the host fingerprints to the known_hosts files.

     Client> ssh amandabackup@server.company.com  #Note: amandabackup is not a typo.
     Server> ssh amandabackup@client.company.com 

    If the logins were successful, you are now ready to start using Amanda.

    [edit]

    Check installation logs

    [edit]

    Windows client configuration

    [edit]

    Changes to configuration files on the server

    For example:

    amandawindowsclient.company.com amandabackup amindexd amidxtaped

    For example:

    AmandaServer> ssh amandabackup@amandawindowsclient.company.com
    The authenticity of host 'amandawindowsclient.company.com (192.168.10.203)' can't be established.
    RSA key fingerprint is 38:d3:9c:a6:96:43:50:c8:29:90:3e:7e:41:86:b1:57.
    Are you sure you want to continue connecting (yes/no)? yes
    [edit]

    Check the Windows Start programs menu

    After a standard installation, under Start > Programs > Amanda, you will find:

    [edit]

    List of configuration files in the Windows client

    The Amanda client installation process creates or modifies multiple configuration files on the Windows client. The amanda configuration files modified and their locations are as follows:

    [edit]

    Changing client configuration

    To change the configuration of the Amanda Windows client, use the Amanda Maintenance Shell.
    From Start > Programs > Amanda, select Amanda Maintenance Shell.

    Modify amanda.conf to change:

    Please note that switching from bsdtcp to ssh authentication will require additional changes to the Windows client.

    [edit]

    Changing amandabackup/amandaroot Password

    Amanda Windows client creates two users : amandabackup and amandaroot
    amandabackup is the default user for Amanda Maintenance Shell and amandaroot is the user for the Amanda data recovery shell

    To change the password for these users, type the following in "Start > Run" or in your command prompt: Type

     net user <user-name> <new password> 

    For example:

     net user amandabackup <new password>


    [edit]

    Windows client configuration on Amanda server

    All Windows filesystems can be added to the disklist file on the Amanda server. Only GNU tar program can be used in the dumptype. An example disklist entry for Windows filesytem :

    winxp.company.com /cygdrive/c root-tar

    You can also use C:\ (drive letter) notation to specify filesystems.

    [edit]

    Run amcheck on the Amanda server

    Fix all configuration problems found by the amcheck command. Run amcheck as the amandabackup user on the Amanda server.

    For example:

    $ amcheck -c TestConfig

    If there are no amcheck errors, you are ready to do backup of Windows client. In case of amcheck errors, take a look at amcheck troubleshooting section.

    [edit]

    Restoring files on the Windows client

    Ruth Miller

    Installing and configuring VNC Server on Linux

    Source Article

    What is VNC? - A practical introduction

    VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

    The VNC system allows you to access the same desktop from a wide variety of platforms.

    Many of us, for example, use a VNC viewer running on a PC on our desks to display our Unix environments, which are running on a large server in the machine room downstairs.
    (What is VNC? A practical introduction - taken from http://www.uk.research.att.com/vnc/ all rights reserved)


    Obtaining VNC
    VNC is freely available from the official VNC homepage: http://www.uk.research.att.com/vnc/ the version we will cover in this tutorial is RealVNC version 3.3.6, which can be downloaded from http://www.realvnc.com/download.html

    If you prefer to use the command line as opposed to a GUI for installation, run the following command from your Linux CLI. When run, this command will download the RPM package to your current working directory. The file is 700k approx:

    Code:
    $  wget http://www.realvnc.com/dist/vnc-3.3.6-2.i386.rpm


    The Installation
    Installing from RPM is straightforward enough, simply run the following command:

    Code:
    $  rpm vnc-3.3.6-2.i386.rpm -i
    Now you have the core VNC files installed on your system. The first time you run VNC server, you be required to set a password. Remember that it is good practice to choose a password that is not in the dictionary, contains a combination of numbers, letters, and other characters.

    To start VNC server, at the command prompt type:

    Code:
    $  vncserver
    If you wish to change the VNC password at any time, enter vncpasswd at the command prompt. The VNC password is not integrated with the standard Linux passwords (any thing inside /etc/passwd), so changing the VNC password will leave all other passwords on the system intact. That also applies the other way round; changing the password on a user account will not affect the VNC password.


    You will need to edit the configuration script found in $home/.vnc/xstartup. Any standard text file editor such as vim, emacs or pico will suffice.

    For Gnome:
    Code:
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    twm &
    For KDE
    Code:
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    twm &
    startkde &
    The key line in the sample file above is the last one, which in this case is set to twm. This controls which window manager you wish VNC to use. By default, Redhat systems use gnome, but you may be using kde. The twm should only be used if you do not have a window manager setup on your system. If you are using kde, you should change twm to startkde and if you are using gnome, you should change it to gnome-session.

    You should also understand how to kill existing desktops, shutting VNC down. To do this, you should type vncserver -kill :1 at the CLI, where 1 is the desktop you wish to kill off.
    Or you might have to use "vncserver -kill full_hostname:1 " or whatever number your desktop is.

    That's it. VNC should now be successfully setup on your system. The last piece of information you need is the ports VNC uses. For the VNC viewer, 5901 is used by default, and for java based VNC access, 5801 is used. You will need to add rules to your firewall to allow traffic into either or both of these port numbers. To access, use 590# for whatever desktop you were assigned when starting vncserver. The output tells you that number.



    Check If VNC is running
    You can check at anytime to see if you have a VNC server currently running. To do so, I recommend that you use netstat a tool designed to give you information about what ports are listening for connections on your machine. The following output is an example of what you can expect to see from a netstat command. The important part of this output is highlighted in bold:
    Code:
    [root@server root]# netstat -an | more
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    Tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    Tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN
    Tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
    [root@server root]#
    The 2 lines that have 0.0.0.0:5801 & 0.0.0.0:5901 indicate we have VNC listening for incoming connections on all interfaces (0.0.0.0). If you find that you cannot connect to VNC, I would recommend that you check it is running. If you see that VNC is running from a netstat command, then I would check your firewall is not blocking your connection attempts.


    The VNC Viewer
    From within you X desktop, you will have access to a VNC viewer, which you may use to remotely control other machines. To access this, open a command terminal, and type in vncviewer. You will be prompted for an IP address to connect to. Enter this, and click ok. You should now have remote control of another PC.


    Troubleshooting VNC installations
    For troubleshooting, remember that most answers can be found lurking inside your favourite search engine. As the first port of call, I would recommend that you see the following URL:
    http://www.uk.research.att.com/vnc/faq.html you can post any VNC questions at www.linuxforums.org

    If you have Redhat your firewall in the GUI may always appear to be on, even when its not.

    Drop to a command prompt, and run: "iptables -L". If the firewall is really off, then you should see:

    Code:
    Chain INPUT (policy ACCEPT) 
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    When using Winvnc to vnc (linux) remember when connecting with the vnc client to use x.x.x.x:1, where x.x.x.x is the ipaddress. The ":1" is important, as it tells the VNC client the server is listening on tcp/5901 as opposed to 5900 (default on windows).
    Ruth Miller

    Repair/Reset Winsock Settings

    Repair/Reset Winsock settings (Links)

    Most of the Internet connectivity problems arise out of corrupt Winsock settings. Windows sockets settings may get corrupted due to the installation of a networking software, or perhaps due to Malware infestation. You will be able connect to the Internet, but the packets won't transfer back and forth. And errors such as Page cannot be displayed may occur when using Internet Explorer. This article lists the methods (with links to third-party websites) to reset/repair the Winsock configuration to defaults.

    Tools

    Microsoft Knowledgebase articles

    Windows XP Service Pack 2 - New Winsock NETSH commands

    Two new Netsh commands are available in Windows XP Service Pack 2.

    netsh winsock reset catalog

    This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

    netsh winsock show catalog

    This command displays the list of Winsock LSPs that are installed on the computer.

     To output the results to a file type this in Command Prompt (CMD.EXE)

    netsh winsock show catalog >C:\lsp.txt

    Click to view the sample file now - lsp.txt

    See: Changes to Functionality in Microsoft Windows XP Service Pack 2: Network Protection Technologies

    Lavasoft Ad-Aware SE LSP Explorer Add-on can generate more information than NETSH, and provides options to Backup, Restore the LSPs, export the details to a HTML / Plain text file. Using the report you can easily determine the third-party LSPs, the Product, Company name and the corresponding LSP provider file name.

    Download a sample LSP HTML report (6kb Zip).

    Note that resetting the Winsock using netsh winsock reset catalog command in SP2 removes all the third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs, need to be reinstalled again. Example.. Google Desktop Search.

    Ruth Miller

    Lost Connectivity/Winsock Corruption

    Lost Connectivity after Registry or Malware Cleanup
    faq779-4625
    Posted: 22 Dec 03 (Edited 31 May 05)

    It has become increasingly necessary to use utilities to remove malware:  IE Hijackers, unwanted Advertising popups, trojans, backdoor spyware, other spyware, and worms.  It is estimated that there are now 10,000 variants of the Cool Web search Internet Explorer hijacker alone.

    Problem: after cleaning your machine you may find you can no longer connect to your network and/or the internet.

    Problem #2: While earlier releases of Windows allowed one to remove The TCP/IP protocol stack and DUN services and re-add them, XP considers these core services and will not obviously allow you to do so.

    Problem #3: The published fixes by MS do not often work, including using the Netsh.exe utility to do a reset, or even a Repair re-installation of XP.

    A Tek-Tip member - CableInstaller - known generally on malware removal forums as Option^Explicit has written a tool that works wonders in situations where your Winsock service stack has become corrupted.  While the tool works under all versions of Windows from Win9x -- XP, I will describe briefly what it does under XP:

    . It disables all network adapters
    . It removes the registry keys Winsock and Winsock2
    . It replaces the keys with a virgin registry set from a clean install of XP it contains inside the program
    . It forces a rebuilding of the Winsock service, including routing tables, using the Netsh int ip reset resetlog.txt command
    . It re-enables your adapters
    . It checks that your HOSTS file has a valid localhost pointer to 127.0.0.1

    I cannot tell you how often this little utility has proved a lifesaver:  WinsockFix  Direct download: http://www.dslreports.com/r0/download/544752~62fe0e8dc00fac87e6f0f83c54d283a4/WinsockFix.zip
    -or-
    http://www.spychecker.com/program/winsockxpfix.html

    Additional Notes:

    The tool also works wonders if your network and/or connectivity fails after driver updates, adapter changes, or multiple fiddles with your network connection settings.

    Special Note For Service Pack 2 Users:

    Service Pack 2 adds a new command to repair the Winsock corruption problem that can be caused by adware, spyware, or some other causes.  You should use this instead of the utility WinsockFix:

    netsh winsock reset

    Using this command should normally not do any harm, so if you have unsolvable connection problems or spurious disconnections, try it. It does remove all nonstandard LSP (Layered Service Provider) entries from the Winsock catalog, which are usually adware or spyware entries, but if you happened to have a legitimate one installed, it would also be removed and would have to be reinstalled.

    If you're really curious, you can use the command:

    netsh winsock show catalog

    before and after resetting the catalog to find out whether any entries were in fact removed and which ones these were. Another way to get at the same information is to run

    winmsd

    and select Components, Network, Protocol. The Layered Service Providers in the list should be of the MSAFD or RSVP ... Service Provider type. All others are likely malevolent and should disappear after the reset command shown above.

    Special Note for Microsoft Antispyware users:

    If after cleaning you lose internet and or network connectivity, it is also a common Winsock LSP layer issue.  Follow the advice in this FAQ, which is identical to the Microsoft suggestion in this MS KB article: http://support.microsoft.com/kb/892350


    More information:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;817571&Product=winxp

    A recent Microsoft KB article that provides some diagnostic steps, and suggests a reasonable method of doing-it-yourself:  http://support.microsoft.com/?kbid=811259 The second half of this KB article describes how to reset the TCP/IP service stack, which is sometimes necessary as a second step to repairing your Winsock corruption problem.


    Best to all,
    Bill Castner
    Ruth Miller

    Repair Winsock in Windows 2000

    How to repair network or modem connectivity issues in Windows 2000

    Article ID : 837333
    Last Review : October 30, 2006
    Revision : 1.1
    Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    256986 (http://support.microsoft.com/kb/256986/) Description of the Microsoft Windows Registry
    On This Page
    INTRODUCTION
    MORE INFORMATION

    INTRODUCTION

    This step-by-step article describes how to repair network or modem connectivity issues in Microsoft Windows 2000.

    Back to the top

    MORE INFORMATION

    To repair network or modem connectivity issues, follow these steps:
    1. Remove TCP/IP.
    2. Delete the Bind registry value, the Tcpip subkey, the Winsock subkey, and the WinSock2 subkey.
    3. Reinstall TCP/IP.

    Back to the top

    Step 1: Remove TCP/IP

    Remove TCP/IP for the local area connection. To do this, follow these steps.

    Note Before you remove TCP/IP, make a note of the IP and the DNS settings.
    1. Click Start, point to Settings, and then click Network and Dial-up Connections.
    2. Right-click Local Area Connection, and then click Properties.
    3. In the Components checked are used by this connection list, click Internet Protocol (TCP/IP).
    4. Click Uninstall, and then in the Uninstall Internet Protocol (TCP/IP) dialog box, click Yes.
    5. When you are prompted to restart your computer, click Yes.

    Back to the top

    Step 2: Delete the Bind registry value, the Tcpip subkey, the Winsock subkey, and the WinSock2 subkey

    To delete the Bind registry value, follow these steps.Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. In the left pane, expand HKEY_LOCAL_MACHINE, and then expand SYSTEM.
    3. Expand CurrentControlSet, and then expand Services.
    4. Expand lanmanserver, and then click Linkage.
    5. In the right pane, right-click Bind, and then click Delete.
    6. In the Confirm Value Delete dialog box, click Yes.
    7. Expand lanmanworkstation, and then click Linkage.
    8. In the right pane, right-click Bind, and then click Delete.
    9. In the Confirm Value Delete dialog box, click Yes.
    To delete the Tcpip, the Winsock, and the WinSock2 registry subkeys, follow these steps:
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. In the left pane, expand HKEY_LOCAL_MACHINE, and then expand SYSTEM.
    3. Expand CurrentControlSet, and then expand Services.
    4. Right-click Tcpip, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    5. Right-click Winsock, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    6. Right-click WinSock2, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    7. Restart your computer.

    Back to the top

    Step 3: Reinstall TCP/IP

    Reinstall TCP/IP back to the local area connection that you removed it from. To do this, follow these steps:
    1. Click Start, point to Settings, and then click Network and Dial-up Connections.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Install, click Protocol in the Click the type of network component you want to install list, and then click Add.
    4. In the Network Protocol list, click Internet Protocol (TCP/IP), and then click OK.

    Note Replace the IP and the DNS settings with the values that you made note of at the beginning of the "Remove TCP/IP section."

    Back to the top


    APPLIES TO
    Microsoft Windows 2000 Professional Edition
    Microsoft Windows 2000 Server
    Microsoft Windows 2000 Advanced Server
    Microsoft Windows 2000 Datacenter Server
    Ruth Miller

    Can't Login to Active Directory Domain and Local Administrator password or account unknown

    Unable to login to domain or local computer user account

    If the machine has NTFS, use the Linux boot kernel floppy (or bootable cd) to reset the Administrator password  ( http://home.eunet.no/pnordahl/ntpasswd/ )

    If not NTFS, then simply unplug the network cable and login with the domain user and password. These are cached locally and if the authentication is failing for some other reason (time sync issue etc) then it will allow login using the cached credentials and it won't have the AD network issue since the network is unavailable.
    Ruth Miller

    Access Users/Groups on Remote Computer


    lusrmgr.msc -a /computer=remote_computer

    If you get Access Denied - probably a policy that is preventing access (yet to be determined)
    Ruth Miller

    Access MMC on remote computer

    Start -- Run --- mmc

    Add New Snap-In ---> on another computer

    Domain/Group policy may dictate access to these on client computers (yet to be determined where this is set)
    Ruth Miller

    iptables how-to

    From wiki at this link

     

    Iptable command line options:

    -A => Append this rule to the WhatEver Chain 
    -s => Source Address
    -d => Destination Address
    -p => Protocol
    --dport => Destination Port
    -j => Jump. If everything in this rule matches then 'jump' to ACCEPT
    -I => ACCEPT 1 Insert at position 1 of the ACCEPT Chain
    -P => Set Policy e.g. iptables -P INPUT DROP
    [edit]

    Rules of Iptables:

    As it is a table of rules, the first rule has precedence. If the first rule dis-allows everything then nothing else afterwards will matter.

    List iptable rules:
    iptables -n -L (-n prevents slow reverse DNS lookup)

    Reject all from an IP Address:
    iptables -A INPUT -s 136.xxx.xxx.xxx -d 136.xxx.xxx.xxx -j REJECT

    Allow in SSH:
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT

    If Logging - Insert Seperate Line *BEFORE* the ACCEPT / REJECT / DROP
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 3306 -j LOG
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
    Block All:
    iptables -A INPUT -j REJECT
    [edit]

    Control of Iptables (inactive is a blank file with no rules):

    /etc/init.d/iptables save active
    /etc/init.d/iptables load active | inactive
    [edit]

    Port Forwarding & NAT - Network Address Translation - V.Basic:

    iptables -t nat -A PREROUTING -p tcp -d 136.201.xxx.xxx --dport 443 -j DNAT --to 136.201.xxx.xxx:22
    The Above will do on its Own. The above allows someone to ssh into the box on port 443 incase port 22 is blocked by User ISP.
    **NB** Set ipForwarding in /etc/networking/options !!!!!!!!!!
    If Forwarding from another Network:
    iptables -A FORWARD -p tcp -d 136.201.xxx.xxx --dport 22 -j ACCEPT
    Web Port Forwarding: http://www.hackorama.com/network/portfwd.shtml

    NB: Must allow IN Traffic and Connections the server started/ initiated (http://rimuhosting.com/howto/firewall.jsp):

    iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED -j ACCEPT
    [edit]

    My Firewall Config:

    ################################
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT //apache
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT //apache ssl
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT //dns - udp for large queries
    iptables -A INPUT -p udp --dport 53 -j ACCEPT //dns - udp for small queries
    iptables -A INPUT -p tcp --dport 953 -j ACCEPT //dns internal
    iptables -A INPUT -p tcp --dport 1080 -j ACCEPT //dante socks server
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 22 -j ACCEPT //sshd
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 3306 -j ACCEPT //mysql
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 8000 -j ACCEPT //apache on phi
    iptables -A INPUT -s 136.201.1.250 -p tcp --dport 8080 -j ACCEPT //jboss for ejc
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 993 -j ACCEPT //imaps
    iptables -A INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT //to speed up mail via courier. Identified via logging
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 139 -j ACCEPT //samba
    iptables -A INPUT -s 127.0.0.1 -p tcp --dport 143 -j ACCEPT //squirrelmail
    iptables -A INPUT -p tcp --dport 4949 -j ACCEPT //munin stats
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT //incoming mail
    iptables -A INPUT -p tcp --dport 3128 -j ACCEPT //squid
    iptables -A INPUT -p udp --dport 161 -j ACCEPT //snmpd
    iptables -A INPUT -p icmp -j ACCEPT //Allow ICMP Ping packets.
    iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED -j ACCEPT
    iptables -A INPUT -j REJECT
    #################################

    ##########PORT FORWARDING########
    iptables -t nat -A PREROUTING -p tcp -d 136.201.1.250 --dport 8000 -j DNAT --to 136.201.146.211:80
    iptables -t nat -A POSTROUTING -d 136.201.146.211 -j MASQUERADE
    #################################
    [edit]

    Remove / Delete an individual /single Iptable Rule

    iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT
    // -D = delete appropriate rule. If you dont know the exact syntax of the rule to delete do the following:
    iptables -L
    //count down the number of lines until you reach the rule you wish to delete
    iptables -D INPUT 4
    //format = iptables -D CHAIN #Rule_No
    [edit]

    Other pieces of information to remember:

    iptables -P INPUT DROP (Setting the Default Policy)
    iptables -A INPUT * * * -j ACCEPT | REJECT (send back 'connection refused') | DROP (keep quiet)

    [edit]

    Iptables Forward with NAT

    This is already covered on this wiki here iptables_forward

    [edit]

    Saving ALL IPTABLE Rules

    It seems that the method for saving & loading iptable rules from /etc/init.d/iptables load|save active|inactive does not save NAT rules.

    The command for saving iptable rules manually is:

    root:~# iptables-save > rules-saved

    There is also command called iptables-restore. It is:

    root:~# iptables-restore rules-saved
    Ruth Miller

    Share Palm Calendar on Network for Viewing

    Needed to be able to have office secretary view the Palm Desktop calendar of the boss. Here is how we did it:

    1. In Palm Desktop on boss computer, under Tools ---> Options - change Data Directory path to a shared network drive.  IE   s:\shared\username\Palm Desktop
    2. Install Palm Desktop software on Secretary's computer - set it up with her own username - but skip the hardware sync step so it just installs the Palm Desktop
    3. Open the Palm Desktop one time on Secretary machine so it creates the data directory paths
    4. Create the following batch file - name it  with a .bat extension so it will run in DOS

    @echo off
    echo "Updating Calendar from Network for the Boss"
    s:
    cd JTJ*
    cd Palm*
    cd Boss
    cd datebook
    copy datebook.dat "C:\Documents and Settings\secretary_name\My Documents\Palm OS Desktop\secretary_name\datebook\datebook.dat"
    rem pause
    echo "Starting Palm Desktop....."
    PING -n 6 127.0.0.1 >nul
    call "C:\Program Files\Palm\Palm.exe"
    return
    exit

    Make sure your palm.exe is in the same path. You can check by looking at the properties of your Palm Desktop icon.
    Change the paths for your shared filesystem.

    A delay was inserted so that the new file is read before opening Palm Desktop. When opening too soon, it did not pick up the new file and created a blank one.
    Ruth Miller

    DHCP problems with wireless routers

    Adding a Wireless Access Point/Router to your Wired Network and Getting DHCP to work

    I have seen this problem in several situations and never really knew the solution.  Up until now, the solution was to enable DHCP on the wireless router - which doesn't always work well because most DHCP servers on wireless routers are crappy and don't allow setting the default gateway or DNS servers for the clients.  The other solution was to set a static IP on the wireless clients but then that screwed them up if they traveled outside the home.

    Here is what is going on.  Apparently *some* wireless routers are not very good at *relaying* or passing through DHCP requests to your wired DHCP server. I have seen some who recommend enabling RIP to accomplish this. I was unable to test this myself since the crappy Netgear wireless router   (wgr614v9) did not have RIP at all although earlier versions did which really blows my mind... why would they make such a crappy router that does not have RIP????

    So I shopped around and it seems the best way to support wireless clients on your wired network if you use DHCP from your server (which you should) is to use an ACCESS POINT wireless router such as a Linksys WAP54g.  This access point router does not even have its own DHCP server so one would assume (and the tech support guy assured me this is true) that the router will then relay DHCP requests properly. I have not yet tested this but will update when I receive it and add it to the net.

    If you have a need for more than one access point router in your wireless network - I have also found that you MUST set the wireless routers and access points to THE SAME SSID. There are also issues I have encountered whereas the routing between wireless routers does not work as well with particular encryption types. So if you have trouble say, accessing the Internet when you have multiple wireless devices, try playing around with the WEP or WPA encryption. It seems the "bridging" may not work between routers depending on the encryption type - could it be that even within the same BRAND the encryption standards are not .. umm.. standard?

    I don't have the specifics at this moment with what worked for me with a client using a Linksys 4 port wireless router with a WAP54g access point - but I vaguely remember that i could not use WEP encryption AT ALL so we resorted to using MAC ADDRESS FILTERING which is a PITA if you have an office with wireless clients coming and going.    This particular client was a home office so it worked for them.  Just wanted to share that experience in case anyone is out there pulling their hair out trying to get wireless routers and access points to work together.
    Ruth Miller

    Networking Palm Desktop

    [ Credit for this solution goes to a guy with a handle CactusJack on MobileRead.com forums]

    Networking Palm Desktop

    I recently had a customer who bought a TW and she wanted to have the Palm Desktop networked so her receptionist could make appts etc and then sync them to the Palm. But lo the desktop is not networkable, everyone agrees it cant be done various gurus, swamis and bagwans.

    I am not a man who like to be told I cant do it so a surfing I went and heres what I found.

    Networking Palm Desktop (Yes it works and works well)


    1) Install PDS to the first machine.
    2) Create all users you require in that Palm Desktop. Don't put the info into them yet.
    3) Close Palm Desktop
    4) Open the palm folder. Find the user folders, and delete then.
    5) Make sure the driver (or better yet, just the folder) that palm is installed to is set as shared, with create/modifiy access as well.

    6) Go to the second computer.
    7) Install Palm Desktop on the 2nd computer. (this is where it's critical that you have removed the user folders from the first palm folder)
    Create the user names, ensuring the are 100% the same as what you entered on the first
    9) Map a network drive on the 2nd computer, pointing to the palm folder on the 1st computer. Make sure you set this to connect at login
    10) In PDS on the 2nd computer, open tools, options. Change the data directory to the mapped drive from step 9


    Now hopefully at this point, the folder should be re-created back in the palm folder on the first computer. Two important notes:

    I) If you didn't remove (or rename) the user folders before starting the second installation, PDS will create a new folder with a different name, so each copy of PDS will be looking in different spots, and thus not sharing data.
    II) If the user names were not 100% identical, PDS will probably create a folder with a different user name, and therefore won't share data.


    At this point, if everything seems to be coming on well, test it out -- before going any further.
    - Open PDS on the 1st computer.
    - Enter some data into one of the apps
    - close PDS on computer 1

    - Open PDS on the 2nd computer.
    - Check to see if the info shows up on the 2nd computer.

    Problems and Fixes
    I got a message similar to "Can't use this location, another user is already using it."

    Fix:
    Try re-naming or removing the users.dat file from the palm folder.

    You may have to do this after every install on the other computers, except for the last.

    "Unable to use this directory, another user is already using it" or something like that.

    Fortunately, I found what seems to me to be an easier way.

    First, I installed Palm Desktop on the second computer (the first one already had all users up and running for a while).

    Then I strapped on my hard hat and went mining in the Registry on the second computer. There are two entries at:

    HKEY_CURRENT_USER

    SOFTWARE

    U.S. ROBOTICS

    PILOT DESKTOP

    CORE

    I changed the settings for PATH and DESKTOP PATH to refer to the networked series of files. It seems to work fine now!

    As was indicated in an earlier posting, there doesn't seem to be a problem with multiple users accessing the files, but changes aren't recognized by other Palm Desktops until the files are closed (close Palm Desktop, or switch to another User).

    IMPORTANT POINT: Each set of data is available to be opened by multiple users. BUT, if two users open the same set of data, and make changes, and then close, only the changes that were saved last will be recognized. i.e. Any time a data set is closed, it completely overwrites what was there before.



    Thanks to many and varied threads at Brighthand
    Disclaimers: Do this at your own risk!

    Ruth Miller

    Email How-to for Blackbery


    Perhaps you bought your Blackberry second hand on Ebay and when you try to setup your email, it says there is already an account for your PIN.  There is a solution to that problem - call your provider (Verizon, Cingular etc) and ask them to reset it. But there is an alternative method that may even be better - use GMAIL.

    Gmail has a Blackberry Client which you can download.  Gmail itself has many nice features to allow you to retrieve mail from many other mail servers for various accounts as long as you know the POP or IMAP mail server name and your account name and password.  Gmail will allow you to set up filters for those accounts so that you can specify that only certain emails go to the Inbox for Gmail, so that you don't get Blackberry alerts every 3 minutes telling you there is new mail when it might be new mail you don't care about.

    You can setup filters and LABELS in Gmail for each account and how they should be handled.  So when you get an alert that you have a new mail on your Gmail account and your Blackberry has received it, you can get it to the point that you will know it is an important email.

    Furthermore, you can setup message filters if you retrieve your mail normally using Thunderbird.  I have message filters that move messages from certain users out of the Inbox and to folders and I have filters that forward all mail from a particular set of users to my business email address so that I get notified via Gmail. 

    Because I have set these all up with IMAP in Gmail, when I open All Mail on my Blackberry on my Gmail client, I can see all the headers for the non-urgent accounts and reply to them from the Blackberry and it will show as coming from those email accounts - not the Blackberry.

    When I want to clean out the mail sitting on the Blackberry Gmail client, instead of fussing with highlighting multiples with the trackwheel and the Shift-Del combo, I just open Gmail on my desktop computer and clear it all out there and then it clears it out from the Blackberry as well.

    Here is a discussion regarding Gmail vs Blackberry Internet Service for email on a Blackberry...
    Ruth Miller

    Zend Optimizer 3.3/PHP 5/GoDaddy Configuration



    This solution will get your Zend Optimizer working on php 5.2 using Optimizer 3.3 hosted on a Linux server on GoDaddy.  You don't need to install any Zend Optimizer - you just need to update your root directory php5.ini as follows:

    Re: Zend Optimizer 3.3/PHP 5/GoDaddy

    Postby barrydeez on Tue Sep 14, 2010 7:44 pm

    Its very simple.
    Here is a link to a solution:
    http://help.godaddy.com/article/1232

    Simply go to your file manager in go godaddy, and at he html section, click New. This will allow you to make a file. Copy and paste this there:
    [Zend]
    zend_optimizer.optimization_level=15
    zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
    zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
    zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
    zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so

    Than save it as php.ini (for php 4) or php5.ini (for php5).

    Just contact godaddy and upgrade to php5 if needed. They will do that for you. A simple tip: use a different host. Your problems will persist with them.

    If you are like me, I was on a server using PHP 5.3 and I found out that I could downgrade in my Hosting Control Panel under Languages - to PHP 5.2 - to support code used on another server that was running with PHP 5.2
    I successfully downgraded to PHP 5.2 but I still got the Zend Optimizer gotcha page.  I found this article and finally I started having success.  Ultimately if you are on shared web server it will take a few hours to work reliably because you are in a round robin with a set of web servers and some will not have re-read the php5.ini file yet.

    You should also be able to access your server with ssh and check the above paths to see if those files really exist where you are telling the Apache server that they are.

    Of interest, to find your web root area it is on the side bar of information about your hosted Linux server - it will look like this and it is called the ABSOLUTE HOSTING PATH:  /home/content/xx/xxx/html
    This is where the php5.ini file lives on the ssh side of things.

     
    Ruth Miller

    Internet

    There are no articles in this category.

    Browsers

    There are no articles in this category.

    Internet Explorer

    How To Add Untrusted Certificates Permanently in Internet Explorer



    There are occasions when you might want to use self-signed SSL certificates in a company instead of paying for third party certificates from Thawte or Verisign.   These internal self-signed certificates using a company Root Certificate Authority work just as well as the ones you pay for.  However, in Internet Explorer, your company's Root Certificate Authority will be unknown and untrusted, so you must add it to your permanent Trusted Root Authority Store and this article describes how to do it.

    If you don't do this, your users of this site will get an error message every time they access the site warning them that the Root Authority is not trusted and do they want to proceed.

    Caution – do not use this method unless you know and trust the web site where you are permitting this trust.

    ****  You should have local Administrator access on the machine where you are performing this action for it to work properly. ****

    From the web site page where you get the warning message do the following:


    1. Choose View Certificate
    2. Choose Certification Path Tab
    3. Highlight  the Certificate Authority at the very top - it will have a red dot next to it to indicate that it is not trusted
    4. Choose View Certificate
    5. Choose Install Certificate
    6. Next
    7. Choose Radio Button for “Place all certificates in the following store
    8. Choose the Browse button and select “Trusted Root Certification Authorities"
    9. Click Next --- then Finish
    10. Click Yes at the warning popup
    11. Close all windows by clicking OK twice
    12. You will be back to the first screen where you now want to click Yes to Proceed to the web site.
    Ruth Miller

    SSL

    How To Add Untrusted Certificates Permanently in Internet Explorer



    There are occasions when you might want to use self-signed SSL certificates in a company instead of paying for third party certificates from Thawte or Verisign.   These internal self-signed certificates using a company Root Certificate Authority work just as well as the ones you pay for.  However, in Internet Explorer, your company's Root Certificate Authority will be unknown and untrusted, so you must add it to your permanent Trusted Root Authority Store and this article describes how to do it.

    If you don't do this, your users of this site will get an error message every time they access the site warning them that the Root Authority is not trusted and do they want to proceed.

    Caution – do not use this method unless you know and trust the web site where you are permitting this trust.

    ****  You should have local Administrator access on the machine where you are performing this action for it to work properly. ****

    From the web site page where you get the warning message do the following:


    1. Choose View Certificate
    2. Choose Certification Path Tab
    3. Highlight  the Certificate Authority at the very top - it will have a red dot next to it to indicate that it is not trusted
    4. Choose View Certificate
    5. Choose Install Certificate
    6. Next
    7. Choose Radio Button for “Place all certificates in the following store
    8. Choose the Browse button and select “Trusted Root Certification Authorities"
    9. Click Next --- then Finish
    10. Click Yes at the warning popup
    11. Close all windows by clicking OK twice
    12. You will be back to the first screen where you now want to click Yes to Proceed to the web site.
    Ruth Miller

    Linux

    There are no articles in this category.

    Red Hat

    Installing and configuring VNC Server on Linux

    Source Article

    What is VNC? - A practical introduction

    VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

    The VNC system allows you to access the same desktop from a wide variety of platforms.

    Many of us, for example, use a VNC viewer running on a PC on our desks to display our Unix environments, which are running on a large server in the machine room downstairs.
    (What is VNC? A practical introduction - taken from http://www.uk.research.att.com/vnc/ all rights reserved)


    Obtaining VNC
    VNC is freely available from the official VNC homepage: http://www.uk.research.att.com/vnc/ the version we will cover in this tutorial is RealVNC version 3.3.6, which can be downloaded from http://www.realvnc.com/download.html

    If you prefer to use the command line as opposed to a GUI for installation, run the following command from your Linux CLI. When run, this command will download the RPM package to your current working directory. The file is 700k approx:

    Code:
    $  wget http://www.realvnc.com/dist/vnc-3.3.6-2.i386.rpm


    The Installation
    Installing from RPM is straightforward enough, simply run the following command:

    Code:
    $  rpm vnc-3.3.6-2.i386.rpm -i
    Now you have the core VNC files installed on your system. The first time you run VNC server, you be required to set a password. Remember that it is good practice to choose a password that is not in the dictionary, contains a combination of numbers, letters, and other characters.

    To start VNC server, at the command prompt type:

    Code:
    $  vncserver
    If you wish to change the VNC password at any time, enter vncpasswd at the command prompt. The VNC password is not integrated with the standard Linux passwords (any thing inside /etc/passwd), so changing the VNC password will leave all other passwords on the system intact. That also applies the other way round; changing the password on a user account will not affect the VNC password.


    You will need to edit the configuration script found in $home/.vnc/xstartup. Any standard text file editor such as vim, emacs or pico will suffice.

    For Gnome:
    Code:
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    twm &
    For KDE
    Code:
    xrdb $HOME/.Xresources
    xsetroot -solid grey
    xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    twm &
    startkde &
    The key line in the sample file above is the last one, which in this case is set to twm. This controls which window manager you wish VNC to use. By default, Redhat systems use gnome, but you may be using kde. The twm should only be used if you do not have a window manager setup on your system. If you are using kde, you should change twm to startkde and if you are using gnome, you should change it to gnome-session.

    You should also understand how to kill existing desktops, shutting VNC down. To do this, you should type vncserver -kill :1 at the CLI, where 1 is the desktop you wish to kill off.
    Or you might have to use "vncserver -kill full_hostname:1 " or whatever number your desktop is.

    That's it. VNC should now be successfully setup on your system. The last piece of information you need is the ports VNC uses. For the VNC viewer, 5901 is used by default, and for java based VNC access, 5801 is used. You will need to add rules to your firewall to allow traffic into either or both of these port numbers. To access, use 590# for whatever desktop you were assigned when starting vncserver. The output tells you that number.



    Check If VNC is running
    You can check at anytime to see if you have a VNC server currently running. To do so, I recommend that you use netstat a tool designed to give you information about what ports are listening for connections on your machine. The following output is an example of what you can expect to see from a netstat command. The important part of this output is highlighted in bold:
    Code:
    [root@server root]# netstat -an | more
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    Tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    Tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN
    Tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
    [root@server root]#
    The 2 lines that have 0.0.0.0:5801 & 0.0.0.0:5901 indicate we have VNC listening for incoming connections on all interfaces (0.0.0.0). If you find that you cannot connect to VNC, I would recommend that you check it is running. If you see that VNC is running from a netstat command, then I would check your firewall is not blocking your connection attempts.


    The VNC Viewer
    From within you X desktop, you will have access to a VNC viewer, which you may use to remotely control other machines. To access this, open a command terminal, and type in vncviewer. You will be prompted for an IP address to connect to. Enter this, and click ok. You should now have remote control of another PC.


    Troubleshooting VNC installations
    For troubleshooting, remember that most answers can be found lurking inside your favourite search engine. As the first port of call, I would recommend that you see the following URL:
    http://www.uk.research.att.com/vnc/faq.html you can post any VNC questions at www.linuxforums.org

    If you have Redhat your firewall in the GUI may always appear to be on, even when its not.

    Drop to a command prompt, and run: "iptables -L". If the firewall is really off, then you should see:

    Code:
    Chain INPUT (policy ACCEPT) 
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    When using Winvnc to vnc (linux) remember when connecting with the vnc client to use x.x.x.x:1, where x.x.x.x is the ipaddress. The ":1" is important, as it tells the VNC client the server is listening on tcp/5901 as opposed to 5900 (default on windows).
    Ruth Miller

    How to change default VNC desktop to Gnome in RedHat Linux

    To bring up the Gnome desktop by default when connecting via VNC in Redhat Linux check the following file:


    /home/user/.vnc

    vi xstartup

    Change last line from   twm &  to gnome-session &

    Exit from vnc and stop vnc server for that user and start again and you will get the Gnome desktop instead of twm!
    Ruth Miller

    Security

    iptables how-to

    From wiki at this link

     

    Iptable command line options:

    -A => Append this rule to the WhatEver Chain 
    -s => Source Address
    -d => Destination Address
    -p => Protocol
    --dport => Destination Port
    -j => Jump. If everything in this rule matches then 'jump' to ACCEPT
    -I => ACCEPT 1 Insert at position 1 of the ACCEPT Chain
    -P => Set Policy e.g. iptables -P INPUT DROP
    [edit]

    Rules of Iptables:

    As it is a table of rules, the first rule has precedence. If the first rule dis-allows everything then nothing else afterwards will matter.

    List iptable rules:
    iptables -n -L (-n prevents slow reverse DNS lookup)

    Reject all from an IP Address:
    iptables -A INPUT -s 136.xxx.xxx.xxx -d 136.xxx.xxx.xxx -j REJECT

    Allow in SSH:
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT

    If Logging - Insert Seperate Line *BEFORE* the ACCEPT / REJECT / DROP
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 3306 -j LOG
    iptables -A INPUT -d 136.xxx.xxx.xxx -p tcp --dport 3306 -j ACCEPT
    Block All:
    iptables -A INPUT -j REJECT
    [edit]

    Control of Iptables (inactive is a blank file with no rules):

    /etc/init.d/iptables save active
    /etc/init.d/iptables load active | inactive
    [edit]

    Port Forwarding & NAT - Network Address Translation - V.Basic:

    iptables -t nat -A PREROUTING -p tcp -d 136.201.xxx.xxx --dport 443 -j DNAT --to 136.201.xxx.xxx:22
    The Above will do on its Own. The above allows someone to ssh into the box on port 443 incase port 22 is blocked by User ISP.
    **NB** Set ipForwarding in /etc/networking/options !!!!!!!!!!
    If Forwarding from another Network:
    iptables -A FORWARD -p tcp -d 136.201.xxx.xxx --dport 22 -j ACCEPT
    Web Port Forwarding: http://www.hackorama.com/network/portfwd.shtml

    NB: Must allow IN Traffic and Connections the server started/ initiated (http://rimuhosting.com/howto/firewall.jsp):

    iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED -j ACCEPT
    [edit]

    My Firewall Config:

    ################################
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT //apache
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT //apache ssl
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT //dns - udp for large queries
    iptables -A INPUT -p udp --dport 53 -j ACCEPT //dns - udp for small queries
    iptables -A INPUT -p tcp --dport 953 -j ACCEPT //dns internal
    iptables -A INPUT -p tcp --dport 1080 -j ACCEPT //dante socks server
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 22 -j ACCEPT //sshd
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 3306 -j ACCEPT //mysql
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 8000 -j ACCEPT //apache on phi
    iptables -A INPUT -s 136.201.1.250 -p tcp --dport 8080 -j ACCEPT //jboss for ejc
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 993 -j ACCEPT //imaps
    iptables -A INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT //to speed up mail via courier. Identified via logging
    iptables -A INPUT -d 136.201.1.250 -p tcp --dport 139 -j ACCEPT //samba
    iptables -A INPUT -s 127.0.0.1 -p tcp --dport 143 -j ACCEPT //squirrelmail
    iptables -A INPUT -p tcp --dport 4949 -j ACCEPT //munin stats
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT //incoming mail
    iptables -A INPUT -p tcp --dport 3128 -j ACCEPT //squid
    iptables -A INPUT -p udp --dport 161 -j ACCEPT //snmpd
    iptables -A INPUT -p icmp -j ACCEPT //Allow ICMP Ping packets.
    iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
    iptables -A INPUT -m state --state RELATED -j ACCEPT
    iptables -A INPUT -j REJECT
    #################################

    ##########PORT FORWARDING########
    iptables -t nat -A PREROUTING -p tcp -d 136.201.1.250 --dport 8000 -j DNAT --to 136.201.146.211:80
    iptables -t nat -A POSTROUTING -d 136.201.146.211 -j MASQUERADE
    #################################
    [edit]

    Remove / Delete an individual /single Iptable Rule

    iptables -D INPUT -s 127.0.0.1 -p tcp --dport 111 -j ACCEPT
    // -D = delete appropriate rule. If you dont know the exact syntax of the rule to delete do the following:
    iptables -L
    //count down the number of lines until you reach the rule you wish to delete
    iptables -D INPUT 4
    //format = iptables -D CHAIN #Rule_No
    [edit]

    Other pieces of information to remember:

    iptables -P INPUT DROP (Setting the Default Policy)
    iptables -A INPUT * * * -j ACCEPT | REJECT (send back 'connection refused') | DROP (keep quiet)

    [edit]

    Iptables Forward with NAT

    This is already covered on this wiki here iptables_forward

    [edit]

    Saving ALL IPTABLE Rules

    It seems that the method for saving & loading iptable rules from /etc/init.d/iptables load|save active|inactive does not save NAT rules.

    The command for saving iptable rules manually is:

    root:~# iptables-save > rules-saved

    There is also command called iptables-restore. It is:

    root:~# iptables-restore rules-saved
    Ruth Miller

    Networking

    Networking Category
    There are no articles in this category.

    Cisco

    Problem connecting with Remote Desktop using Cisco VPN Client - Event ID 11164 found

    Symptoms:

    Able to connect to remote network with Cisco VPN client but unable to communicate with remote network via ping or telnet to explicit ports or remote desktop.
    New router was installed recently - Cisco 1814.
    Found Event ID 11164 in Event Log regarding DnsAPI event which essentially said  "system failed to register host (A) resource records (RRs) for network adapter. It referenced the remote network's DNS server and said it sent the update to server 192.1.1.1 which apparently was in the domain of the Cisco 1814, although it was specified as 192.168.1.1 for gateway purposes on the LAN.   The Event Log entry gave this reason:   DNS server does not support dynamic update protocol.

    Solution:

    Cisco 1814 has Smart Shield firewall. Technician dropped Smart Shield firewall on router and all connectivity was restored. Technician is now sorting out correct permit rules for this communication so that the Smart Shield firewall can be re-enabled while still allowing this VPN traffic.
    Ruth Miller

    Connectivity Problems

    Error Message: Current time on this computer and the current time on the network are different


    User can't login to the Active Directory domain and receives the above message.

    1. Login to the machine locally as Administrator (or remove the network cable to login with domain credentials as long as they are in Administrator's group)
    2. Check the date/time for time zone, am/pm or actual day of week - 90% of time this is the problem
    Install Windows Time on the AD PDC so that it keeps clients in time sync on the AD in future.
    Ruth Miller

    Problem connecting with Remote Desktop using Cisco VPN Client - Event ID 11164 found

    Symptoms:

    Able to connect to remote network with Cisco VPN client but unable to communicate with remote network via ping or telnet to explicit ports or remote desktop.
    New router was installed recently - Cisco 1814.
    Found Event ID 11164 in Event Log regarding DnsAPI event which essentially said  "system failed to register host (A) resource records (RRs) for network adapter. It referenced the remote network's DNS server and said it sent the update to server 192.1.1.1 which apparently was in the domain of the Cisco 1814, although it was specified as 192.168.1.1 for gateway purposes on the LAN.   The Event Log entry gave this reason:   DNS server does not support dynamic update protocol.

    Solution:

    Cisco 1814 has Smart Shield firewall. Technician dropped Smart Shield firewall on router and all connectivity was restored. Technician is now sorting out correct permit rules for this communication so that the Smart Shield firewall can be re-enabled while still allowing this VPN traffic.
    Ruth Miller

    Mirra Web Sharing not working

    Experienced problem with Mirra Web Sharing with a client who moved to new office.  Outgoing Internet connectivity was fine although the two-way connectivity between Mirra.com and the Mirra server was not working so the web sharing part of Mirra would not work inside this office.

    Spoke with tech vendor who had installed the networking router and firewall to get them to open ports 80, 443 and 19430 for the Mirra. They did so and it made no difference. They even turned off the firewall for incoming connections briefly and this did not change the problem accessing the shares on the Mirra from the Mirra.com web site.

    Examined the layout of the networking equipment in the office and found that the new router installed had been assigned the same IP address as the old Linksys router and the Linksys router with this duplicate IP address was indeed connected to the internal network.

    Furthermore, I found that the Server for the office which was being used for DNS etc, was directly connected to this old Linksys router with the duplicate IP being used by the new equipment.

    I proceeded to disconnect the old Linksys router from everything and removed it from the network. Subsequently the Mirra web sharing began to work without any other changes.
    Ruth Miller

    DHCP problems with wireless routers

    Adding a Wireless Access Point/Router to your Wired Network and Getting DHCP to work

    I have seen this problem in several situations and never really knew the solution.  Up until now, the solution was to enable DHCP on the wireless router - which doesn't always work well because most DHCP servers on wireless routers are crappy and don't allow setting the default gateway or DNS servers for the clients.  The other solution was to set a static IP on the wireless clients but then that screwed them up if they traveled outside the home.

    Here is what is going on.  Apparently *some* wireless routers are not very good at *relaying* or passing through DHCP requests to your wired DHCP server. I have seen some who recommend enabling RIP to accomplish this. I was unable to test this myself since the crappy Netgear wireless router   (wgr614v9) did not have RIP at all although earlier versions did which really blows my mind... why would they make such a crappy router that does not have RIP????

    So I shopped around and it seems the best way to support wireless clients on your wired network if you use DHCP from your server (which you should) is to use an ACCESS POINT wireless router such as a Linksys WAP54g.  This access point router does not even have its own DHCP server so one would assume (and the tech support guy assured me this is true) that the router will then relay DHCP requests properly. I have not yet tested this but will update when I receive it and add it to the net.

    If you have a need for more than one access point router in your wireless network - I have also found that you MUST set the wireless routers and access points to THE SAME SSID. There are also issues I have encountered whereas the routing between wireless routers does not work as well with particular encryption types. So if you have trouble say, accessing the Internet when you have multiple wireless devices, try playing around with the WEP or WPA encryption. It seems the "bridging" may not work between routers depending on the encryption type - could it be that even within the same BRAND the encryption standards are not .. umm.. standard?

    I don't have the specifics at this moment with what worked for me with a client using a Linksys 4 port wireless router with a WAP54g access point - but I vaguely remember that i could not use WEP encryption AT ALL so we resorted to using MAC ADDRESS FILTERING which is a PITA if you have an office with wireless clients coming and going.    This particular client was a home office so it worked for them.  Just wanted to share that experience in case anyone is out there pulling their hair out trying to get wireless routers and access points to work together.
    Ruth Miller

    Remote Desktop Access Lost on Reboot

    Remote Desktop Access Lost to Remote Machine after Reboot

    After rebooting a machine via Remote Desktop on a Windows 2003 Server domain, you may lose the ability to connect again with Remote Desktop.

    This is probably due to the Terminal Services service being disabled or set to manual in services on the remote machine.

    Here is how you can remotely enable that service to get Remote Desktop access again. 

    On your Windows 2003 server, open command prompt and type :  mmc

    From File menu drop down choose Add/Remove Snapin

    Click the Add button at bottom left

    Scroll down to Services and click Add

    Select "Another Computer" and enter the hostname of the remote computer

    Scroll down to Terminal Services and select Automatic Startup and then Start the service.

    This should now allow you to access with Remote Desktop again.

    If you lose connectivity and need to remotely reboot your XP desktop you can also do so this way:

    From Windows 2003 Server open a command prompt and type :   shutdown /r /f /m \\remote_machine_name

    This will reboot the remote machine and force it as well so that it does not wait for answers to popups etc.


    Ruth Miller

    Networking home computers running different versions of Windows

    Networking home computers running different versions of Windows

     

    Content taken from this article

    With the introduction of the Windows Homegroup - it has become difficult to network new computers with Windows 7 and Windows 8 with older computers and networked equipment.

    Follow the steps below to connect your older devices and work around the Windows Homegroup.

    If your network contains computers running different versions of Windows, put all computers in the same workgroup

    Let's assume that you've already set up the physical network itself. If you haven’t, see What you need to set up a home network.

    After your network is set up, the next step is to fine-tune it so that all the computers can find each other—something you'll need if you want to share files and printers.

    If computers running Windows XP are part of your network, it’s important to use the same workgroup name for all of the computers on your network. This makes it possible for computers running different versions of Windows to detect and access each other. Remember that the default workgroup name is not the same in all versions of Windows.

    To find or change the workgroup name on a computer running Windows XP

    1. Click Start, right-click My Computer, and then click Properties.

    2. In System Properties, click the Computer Name tab to see the workgroup name. To change the name, click Change, type the new name in Computer name, and then click OK.

    To find the workgroup name on a computer running Windows Vista or Windows 7

    1. Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.

    2. The workgroup name is displayed under Computer name, domain, and workgroup settings.

    To change the workgroup name on a computer running Windows Vista or Windows 7

    1. Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.

    2. Under Computer name, domain, and workgroup settings, click Change settings.

    3. In System Properties, on the Computer Name tab, click Change.

    4. In Computer Name/Domain Changes, in Workgroup, type the name of the workgroup you want to use, and then click OK. You will be prompted to restart your computer.

    Picture of the System window
    The workgroup name is displayed in the System window

    Set the network location to Home or Work

    Next, check the network location on all computers running Windows Vista or Windows 7. The network location is a setting that allows Windows to automatically adjust security and other settings based on the type of network that the computer is connected to. For more information, see Choosing a network location.

    There are four network locations:

    • Home. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most home networks fall into this category. HomeGroup is available on networks with the Home network location.

    • Work. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most small business networks fall into this category.

    • Public. The computer is connected to a network that's available for public use. Examples of public network types are public Internet access networks, such as those found in airports, libraries, and coffee shops.

    • Domain. The computer is connected to a network that contains an Active Directory domain controller. An example of a domain network is a network at a workplace. This network location is not available as an option and must be set by the domain administrator.

    For your home network, make sure that the network location type is set to Home. Here's how to check:

    • Open Network and Sharing Center by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, and then click Network and Sharing Center.

    The network location type is displayed below the network name.

    Picture of Network and Sharing Center
    The network location type is displayed in Network and Sharing Center

    If your network type is public, click Public network, and then select the network location you want.

    Warning

    Warning

    • You should only change a network to Home or Work if it's a known and trusted network, such as your home or small business network. Changing a network in a public place to Home or Work can be a security risk because it allows other people on the network to see your computer.

    Make sure your firewall allows file and printer sharing

    If you're using Windows Firewall, you can skip this section, because Windows Firewall automatically opens the correct ports for file and printer sharing when you share something or turn on network discovery. (For more information about network discovery, see What is network discovery?) If you're using another firewall, you must open these ports yourself so that your computer can find other computers and devices that have files or printers that you want to share.

    To find other computers running Windows Vista or Windows 7, open these ports:

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    To find other computers running earlier versions of Windows, and to use file and printer sharing on any version of Windows, open these ports:

    • UDP 137

    • UDP 138

    • TCP 139

    • TCP 445

    • UDP 5355

    To find network devices, open these ports:

    • UDP 1900

    • TCP 2869

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    To make HomeGroup work correctly between computers running Windows 7, open these ports:

    • UDP 137

    • UDP 138

    • TCP 139

    • TCP 445

    • UDP 1900

    • TCP 2869

    • UDP 3540

    • TCP 3587

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    Turn on additional file and printer sharing options

    By changing your network location to Home or Work, network discovery is automatically turned on . You can also turn on these sharing options individually:

    • Network discovery

    • File sharing (in Windows 7, this is automatically turned on when you share a file or folder)

    • Public folder sharing

    When you turn on these options, your computer can:

    • Find other computers and devices on your home network and have other computers find your computer

    • Share its files and folders

    • Share its Public folders

    Note

    • Password-protected sharing is a special option that's discussed below.

    To turn on network discovery, file and printer sharing, and public folder sharing in Windows 7

    1. Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.

    2. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
    3. Select the options to turn on network discovery and file sharing.

    4. Under Public folder sharing, do one of the following:

      • To share your Public folders so that people on other computers on the network can open files in them but can't create or change files, click Turn on sharing so anyone with network access can open files.

      • To share your Public folders so that people on other computers on the network can open files in them and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files.

        Click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To turn on network discovery, file sharing, public folder sharing, and printer sharing in Windows Vista

    1. Open Network and Sharing Center in Control Panel.

    2. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to File sharing to expand the section, click Turn on file sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. Click the chevron Picture of the chevron next to Public folder sharing to expand the section, and then do one of the following:
      • To share the Public folder so that people on other computers on the network can open files in it but can't create or change files, click Turn on sharing so anyone with network access can open files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. This is the default setting.

      • To share the Public folder so that people on other computers on the network can open files in it and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    4. Click the chevron Picture of the chevron next to Printer sharing to expand the section, click Turn on printer sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    Consider using password-protected sharing

    Password-protected sharing is a more secure method of sharing files and folders on a network, and it is enabled by default. With password-protected sharing enabled, people on your network can't access shared folders on other computers, including the Public folders, unless they have a user name and password on the computer that has the shared folders. They will be prompted to type a user name and password when accessing the shared folders.

    For quicker access, you might want to have matching user accounts on all your computers. For example, Dana wants to use password-protected sharing to more securely share files and printers between her two computers. On Computer A, she has the user account "Dana22" and the password "Fly43$." If she sets up that same user account and password combination on Computer B, she can more quickly access shared files on Computer B. If Dana changes the password on one of these computers, she must make the same change on the other computer.

    To turn on password-protected sharing in Windows 7

    1. Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.

    2. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
    3. Under Password protected sharing, click Turn on password protected sharing, and then click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To turn on password-protected sharing in Windows Vista

    1. Open Network and Sharing Center in Control Panel.

    2. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to Password protected sharing to expand the section, click Turn on password protected sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To share a file or folder

    In any version of Windows, you can right-click a file or folder, click Share, and then select the people or groups you want to share with. You can also assign permissions so that those people can or cannot make changes to the file or folder you shared. For more information, see Share files with someone.

    Using the network map

    The network map in Network and Sharing Center is a graphical view of the computers and devices on your network, showing how they're connected and including any problem areas. This can be helpful for troubleshooting. Before a computer running Windows XP can be detected and appear on the network map, you might need to install the Link-Layer Topology Discovery (LLTD) protocol on that computer. For more information, go to Network Map Does Not Display Computers Running Windows XP on the Microsoft website.

    If the LLTD protocol is installed but computers running Windows XP still don't appear on the network map, firewall settings could be preventing Windows from detecting them. Check the firewall settings and make sure that file and printer sharing is enabled. To learn how to do this, if you're using Windows Firewall, open Help and Support and search for "Enable file and printer sharing." Open the Help topic, and then scroll to the end. If you're using another firewall, check the information that came with your firewall.

    Ruth Miller

    Linksys

    There are no articles in this category.

    Netgear

    There are no articles in this category.

    Security

    Secure Network Shares on Office Network

    Problem:  You connect to your office through a VPN and/or office laptop connected with a VPN. Your home computer shares on your network might now be visible by anyone connected to the office network!

    First of all - you need to turn on Windows Firewall to use this protection.  Also, it is a good habit to name shares with a $ at the end as in   myshare$  so it will not be "browsable" in Net Neighborhood.

    Below is from this link

    With an office complex using a shared router to give it's clients Internet access, they should also be putting each tenant into their own VLAN which will hide them from each other. If they don't have the hardware/expertise to do that you should suggest that they upgrade.

    At the very least, they should put each tenant into a separate subnet. Then the built in Windows firewall can provide protection. (If you have SP2 installed)

    Using a random name for the shares, and making them hidden is a good step.

    If your IP addresses stay the same, you can configure the Windows firewall so that your two PCs are the only ones in the scope for File and Printer Sharing.

    Start | Run > firewall.cpl
    Another option is to install NetBEUI from the XP CD, then unbind File and Printer Sharing and the Client for Microsoft Networks from the TCP/IP protocol.
    This way, your PCs won't even appear in the other tenants Network Places (unless they have NetBEUI installed of course). Won't stop someone who is actually trying to find shares to hack into, but will stop the "curious and bored" from trying to see if there is anything interesting to see on your systems.
    NetBEUI is on the CD here:X:\VALUEADD\MSFT\NET\NETBEUI
    You can change bindings from the Network Connections window:
    Advanced Menu | Advanced Settings...
    Ruth Miller

    Peachtree Accounting

    Missing Reports in Peachtree Accounting

    I am running 2007 on a server with 3 workstations. I am not sure how but we do not have the standard pt reports that you find in the ar, ap etc. I set up a new co and put my backup into it. Before I did that the reports were there and after they weren't. We re-installled the server and one of the work stations. It seems that what ever the problem is when I back up it becomes part of the back up and when I restore to the dummy co I transfer the problem. My IT guy messed with it for a couple of hrs and could not fix it. If anyone has a solution I will greatly appreciate it and would like a fix that even I can understand the procedure. Thanks! whb

    Solution 1:  Look for a Peachtree program file labeled REPORTDATAI.DAT is the shared program directory on the Server. If found rename it and run REPAIR from the Peachtree CD. This will reinstall the standard shared reports.

    Solution 2:  I just want to let everyone know that Ptree customer support was able to fix my problem. They tried all known cures over two days but finally found that my co file rptdata.dat had a problem that would not let it link to the rptdatai.dat file in ptree. They simply replaced the one in my co with the one in the sample co and I had my reports back. Until that was tried all of their efforts was to fix the ptree file which evidently is where this problem lies most of the time. My thanks to Rick for responding to my problem. whb

    Solution 3:  If only *some* of the Reports are missing such as customized reports locate the Forms folder on the server or another computer in the office which can access these particular reports and copy the *.frm files to the Program Files\Peachtree\Company\Forms folder or locate the Forms folder in your Peachtree install directory and copy the *.frm files there if the path is different (Might be Program Files\Sage Software\Peachtree)
    Ruth Miller

    Peachtree 2008 crashes while customizing checks

    Problem:  
    Customer upgraded to Peachtree Complete Accounting 2008. When attempting to customize checks in Reports and Forms --> Checks, as soon as the cursor enters a field to edit the text, Peachtree crashes

    Solution:
    Turned out that she had her screen resolution set to 800x600 for visibility and this was causing the crash. Set her resolution to 1024x768 and no crashes. Then for visibility, set her fonts in Desktop settings to large and also change the dpi to larger in Advanced display properties.  Had to specifically set the font to larger in Outlook in the View menu --- Customize Settings --Other - for the message list to have a larger font.
    Ruth Miller

    Solutions

    Solutions to Problems Category

    550 5.1.0 Invalid Sender Domain

    Scenario was on host example.com (fictitious domain used as example) the MX record for the example.com DNS was set to the following:

       MX    10   mailhost.samehost.com

    The IP address for mailhost.samehost.com and host.example.com are identical and they are the same server.

    Mail was sent out from this host using a from address of a gmail account using a pipe.  User was able to confirm that the from address was set correctly as most recipients could receive the email.

    Only COMCAST had a problem because of their more restrictive spam filtering rules that require adhering to RFC822.

    ----- Transcript of session follows -----
    ... while talking to mx2.comcast.net.:
    >>> MAIL From:< www@hostname.example.com> SIZE=1137
    <<< 550 5.1.0 Invalid sender domain
    554 5.0.0 Service unavailable

    --lAT45KS2084846.1196309120/hostname.example.com
    Content-Type: message/delivery-status

    Reporting-MTA: dns; hostname.example.com
    Received-From-MTA: DNS; localhost
    Arrival-Date: Wed, 28 Nov 2007 22:05:17 -0600 (CST)

    Final-Recipient: RFC822; recipient@comcast.net
    Action: failed
    Status: 5.1.0
    Diagnostic-Code: SMTP; 550 5.1.0 Invalid sender domain
    Last-Attempt-Date: Wed, 28 Nov 2007 22:05:20 -0600 (CST)

    --lAT45KS2084846.1196309120/hostname.example.com
    Content-Type: message/rfc822

    SOLUTION:

    Added the following additional MX record to the DNS for host.example.com that said

           MX           20      host.example.com

    This provided a proper reverse lookup when the mail was received by Comcast from host.example.com even though the desired main mail server with preference of 10 remains mailhost.samehost.com
    Ruth Miller

    Amanda Error: Socket Operatioin on non-socket

    I had been running the RH EL 4 distributed version but wanted to explore the new encryption options, and encountered the following problems when running amcheck on the 252p1 community edition.

    The system is RH EL 4, IPV6 stack is turned off via modprobe.conf:

    #Disable IPv6
    alias net-pf-10 off

    Amanda configured to use BSD auth and udp in both xinetd and amanda.conf.

    disklist is setup to run only the local host, using either localhost or the FQDN.

    With or without the IPV4 flag thrown in the xinetd.d/amanda file.

    amcheck returns:

    Amanda Backup Client Hosts Check
    --------------------------------
    WARNING: MyHost.MyDomain.com: selfcheck request failed: error sending REQ: send REQ to MyHost.MyDomain.com failed: Socket operation on non-socket
    Client check: 1 host checked in 0.007 seconds, 1 problem found

    /tmp/amanda/server/DailyActiveSet/amcheck..... returns:

    amcheck: debug 1 pid 2719 ruid 33 euid 0: start at Sat Sep 15 20:09:52 2007
    amcheck: debug 1 pid 2719 ruid 33 euid 33: rename at Sat Sep 15 20:09:52 2007
    amcheck-clients: time 0.007: security_getdriver(name=bsd) returns 0x8fe3c0
    amcheck-clients: time 0.007: security_handleinit(handle=0x86242e0, driver=0x8fe3
    c0 (BSD))
    amcheck-clients: time 0.014: dgram_bind: socket() failed: Address family not sup
    ported by protocol
    amcheck-clients: time 0.014: dgram_send_addr(addr=0x8624300, dgram=0x910544)
    amcheck-clients: time 0.014: (sockaddr_in6 *)0x8624300 = { 10, 10080, ::ffff:99.
    99.99.99 }
    amcheck-clients: time 0.014: dgram_send_addr: 0x910544->socket = 0
    amcheck-clients: time 0.014: dgram_send_addr: sendto(::ffff:99.99.99.99.10080) fa
    iled: Socket operation on non-socket
    amcheck-clients: time 0.014: security_seterror(handle=0x86242e0, driver=0x8fe3c0
    (BSD) error=send REQ to MyHost.MyDomain.com failed: Socket operation on non-s
    ocket)
    amcheck-clients: time 0.014: security_seterror(handle=0x86242e0, driver=0x8fe3c0
    (BSD) error=error sending REQ: send REQ to MyHost.MyDomain.com failed: Socket
    operation on non-socket)
    amcheck-clients: time 0.014: security_close(handle=0x86242e0, driver=0x8fe3c0 (B
    SD))
    amcheck: time 3.995: pid 2719 finish time Sat Sep 15 20:09:56 2007

    After converting to tcp/bsdtcp auth the problem goes away. So this is not critical for my environment where I can use tcp. But there appears to be a problem in the ipv4-ipv6 mapping... The check code is attempting to use an ipv4 address mapped to ipv6 on a system that is not configured to run ipv6.

    It took several hours to verify my configuration in detail, and then attempted work arounds to discover that things seem to work using tcp as opposed to udp.

    I thought I should pass it on as it may be causing others problems.

    --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Solution:


    Since you are using amanda-2.5.2p1, I suggest you use the bsdtcp auth.
    It will require no firewall rules.
    Port 10082 and 10083 are not use in 2.5.2 and above, your server need them only if you have older client (amrecover).
    To use bsdtcp auth:
    - change your dumptype to have: auth "bsdtcp"
    - change your amanda xinetd configuration:
    socket_type = stream
    protocol = tcp
    wait = no
    server_args = -auth=bsdtcp amdump amindexd amidxtaped

    Jean-Louis
    Ruth Miller

    Autoenrollment Event ID 15 in Event Log

     

    Problems occur when the Autoenrollment feature cannot reach an Active Directory domain controller

    Article ID : 310461
    Last Review : March 2, 2007
    Revision : 7.1
    This article was previously published under Q310461

    SYMPTOMS

    The following Event ID 15 error message entries are logged at 8-hour intervals in the application event log:
    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 15
    Date: date
    Time: time
    User: N/A
    Computer: computer name
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.

    Back to the top

    CAUSE

    This problem may occur if the Autoenrollment feature cannot reach an Active Directory domain controller. In a Microsoft Windows NT 4.0 domain, Active Directory is not available. Therefore, the Autoenrollment feature cannot work. In an Active Directory domain that has Microsoft Windows 2000 or later domain controllers, the problem may be caused by a DNS name resolution or by network connectivity issue.

    Back to the top

    RESOLUTION

    For a Microsoft Windows XP-based computer or a Microsoft Windows Server 2003-based computer that is joined to a Windows NT 4.0 domain, to turn off the Autoenrollment feature in the Local Group Policy, follow these steps on the local workstation:
    1. Click Start, click Run, type gpedit.msc, and then press ENTER.
    2. In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
    3. Double-click Autoenrollment Settings.
    4. Click Do not enroll certificates automatically.
    5. Click OK.
    6. Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
    7. Close the Group Policy window.
    For a computer that is a member of a Windows 2000 or later Active Directory domain, make sure that the domain member has network connectivity with at least one domain controller.

    After you have determined that you have good Internet Protocol (IP) connectivity between the member and a domain controller, correct the DNS address in the IP properties of the workstation. To do this, follow these steps:
    1. Start the Network Connections tool in Control Panel.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Internet Protocol (TCP/IP), and then click Properties.
    4. Type the correct DNS address in the Preferred DNS server box.
    5. Click OK.
    Ruth Miller

    Error Message: Current time on this computer and the current time on the network are different


    User can't login to the Active Directory domain and receives the above message.

    1. Login to the machine locally as Administrator (or remove the network cable to login with domain credentials as long as they are in Administrator's group)
    2. Check the date/time for time zone, am/pm or actual day of week - 90% of time this is the problem
    Install Windows Time on the AD PDC so that it keeps clients in time sync on the AD in future.
    Ruth Miller

    Fix Missing Profile in Palm Desktop

    How to Fix Missing Profile in Existing Palm Desktop Setup


    Problem:  

    You start up Palm Desktop with the intent of syncing your Palm and there is no profile found at all!   This could have happened if you have specified a network share drive for storing your Calendar data for the purpose of sharing the Calendar data and that shared drive is not available.

    Solution:  

    If Palm Desktop does not find your profile you simply need to find your users.dat file  on the shared drive or last known location and place it in the location where it defaults to look for this file which is your My Documents/Palm OS Desktop. Close Palm Desktop before copying the file there to the default location.

    Once you have copied the users.dat file there, open Palm Desktop and it should find your profile and your data (although it may be old local data) now.  At this point you can again point the Palm Desktop folder in Options to the shared drive if you like.  However, you must remove or rename the users.dat on the network drive location or it will tell you that the directory is in use by another user.

    This can occur if you are having problems with your network that make the shared drive unavailable when you start Palm Desktop up. If it cannot locate the users.dat file locally, it gives up and doesn't know anything about you.  Once this happens, it loses the connection to that shared drive so even if the shared drive connection is restored, Palm Desktop will not even start up to let you direct it to that shared drive location. So you must do this little trick to restore it.

    One word of caution - if you manually added your user again and then did a sync locally and THEN you do this move, it will delete the local folder when you point to the new location on the shared drive.  It is always a good idea to get a backup of your data just in case and you can do that in File - Export which creates an .mdb file with your data, which you can then restore to any other Palm Desktop software, even a different user.

    Here is another thing to consider. If you have Hotsync software loading on startup, sometimes it will try to locate your data on the network drive and if that drive is not available, you will be in the "no profiles" situation again.


    Ruth Miller

    Mirra Service Causes High CPU Load

    Problem:

    Client was experiencing high cpu load which slowed down her computer.  It was found that mirra.service.exe was spiking to 95% several times a minute, yet there were not enough changed files to cause a need for files to be backed up to the Mirra.

    After watching the Mirra client during these spikes, it was noticed that it seemed to be copying files over and over as if it was backing up new files.  A tech support note mentioned using Ctrl Shift D to add a Mirra Support option to the client where one can see the sync state of files. I saw that it seemed the same files were attempting to sync over and over.

    The Mirra client had already been uninstalled and a new version installed (full) with the .net - but this did not fix the problem.

    Solution:

    I removed the specified Mirra backup for this client and added it again - resulting in having to transfer over 500mb of files. After the initial transfer of all files to the Mirra, the mirra service no longer sucks up the cpu and seems to have gotten all files into sync properly.
    Ruth Miller

    Missing Reports in Peachtree Accounting

    I am running 2007 on a server with 3 workstations. I am not sure how but we do not have the standard pt reports that you find in the ar, ap etc. I set up a new co and put my backup into it. Before I did that the reports were there and after they weren't. We re-installled the server and one of the work stations. It seems that what ever the problem is when I back up it becomes part of the back up and when I restore to the dummy co I transfer the problem. My IT guy messed with it for a couple of hrs and could not fix it. If anyone has a solution I will greatly appreciate it and would like a fix that even I can understand the procedure. Thanks! whb

    Solution 1:  Look for a Peachtree program file labeled REPORTDATAI.DAT is the shared program directory on the Server. If found rename it and run REPAIR from the Peachtree CD. This will reinstall the standard shared reports.

    Solution 2:  I just want to let everyone know that Ptree customer support was able to fix my problem. They tried all known cures over two days but finally found that my co file rptdata.dat had a problem that would not let it link to the rptdatai.dat file in ptree. They simply replaced the one in my co with the one in the sample co and I had my reports back. Until that was tried all of their efforts was to fix the ptree file which evidently is where this problem lies most of the time. My thanks to Rick for responding to my problem. whb

    Solution 3:  If only *some* of the Reports are missing such as customized reports locate the Forms folder on the server or another computer in the office which can access these particular reports and copy the *.frm files to the Program Files\Peachtree\Company\Forms folder or locate the Forms folder in your Peachtree install directory and copy the *.frm files there if the path is different (Might be Program Files\Sage Software\Peachtree)
    Ruth Miller

    Problem burning cd's with Sonic/Roxio RecordNow

    http://kb.roxio.com/content/kb/BackUp%20MyPC/000008GN?set-locale=en

    Issue

    When burning a CD or DVD, you receive an error, burning does not complete, or your media is rejected.
    Resolution Burning errors can happen for a variety of reasons. Roxio has found that doing the following steps resolves about 80% of all burning issues. Please give all these steps a try and see if it fixes your writing problems. 

    Error Msg:  No Recorder in Sonic Record Now - cd drive shows in My Computer as only a CD-R drive

    1. Update your drive's firmware/drivers. Most companies regularly update their firmware and drivers. If you are unsure what model your burner is and its firmware, click here to find out.
    2. If you are having trouble burning a video disc, it could be video card related. Please go to your video card manufacturer's website and update the driver's for your particular model. To find out the video card make and model:
      • Windows XP: Go to My Computer and choose Properties.
      • Windows Vista: Go to Start --> Control Panel --> System and Maintenance --> Device Manager.
      • Click on the Hardware tab.
      • Select Device Manager
      • Double-click Display Adapters. You're video card make and model is displayed.
      • To find out the driver details (such as version), right click on the make and model under Display adapter, and select Properties.


    3. Enable DMA. Direct Memory Access enables better efficiency of data. For more info, check how to enable DMA.
    4. The media. Check the following:
      • The disc is clean and unused.
      • The media is recommended by your burner's manufacturer or try a different brand, preferably a name brand, if you continue to have problems.
      • Make sure that media (-R/+R, -/+RW, dual-layer compatibility) is supported by the burner by checking burner's manual or manufacturer's website. This is especially true for some Blu-Ray burners which do not support CD-R/RW media.


    5. If your burner is external, make sure it is connected directly to the computer via USB/Firewire and not a hub or other other device like a sound card.
    6. Update to the latest PX Engine. The PX Engine improves compatibility with newer burners on the market.
    7. A reinstall of the burner's drivers may also help.
      • Windows XP: Go to My Computer and choose Properties.
      • Windows Vista: Go to Start --> Control Panel --> System and Maintenance --> Device Manager.
      • Click on the Hardware tab.
      • Select Device Manager
      • Expand DVD/CD-ROM Drives, then select your burner and uninstall it by right -licking on it.
      • Reboot.
    Ruth Miller

    Repair Outlook Express mailbox

    How to repair your outlook express mailbox files


    Created: Jul 1, 2005
    Updated: Aug 16, 2005
          

     Introduction


    In some situations your mailbox file of outlook express could get corrupted in a manner that outlook itself is unable to repair it.
    If this is the case outlook express might hang on opening the file.

    It is often possible to overcome this problem by following the next steps.
     

     Locate your file(s)


    To be able to find the location where outlook express stores its files you should start the registry editor.
    Do NOT make any changes in the registry as this could have unpredictable results !

    Start the registry editor by typing regedit in the Run item in your Start menu.

    In the left pane:
    In the right pane:
    You will now see the path where outlook stores its files. Select the full path and press CTRL+C to copy the value


     Move mailbox file(s)


     Import


    This step will import the old (corrupted) data into outlook express. Outlook Express will import these file in most cases without any problems.

     Done


    Start outlook express. You should now see your mailbox folders again.

     Remarks


    THIS PROCEDURE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, USE AT YOUR OWN RISK!

    Use information from this site elsewhere? Check our legal information page!
    Legal information - [07/10/04]

    Copyright (c) 2000-2007 by Martin Borkhuis. All rights reserved.
    Ruth Miller

    Restore classic Windows Start button to Windows 8


    Download and install ClassicShell to restore the missing Windows Start button to have access again in the "old style" Windows interface if you don't like the new Windows 8 panels

    http://classicshell.net/

    I've used it several times now and it is a great solution
    Ruth Miller

    Storage

    There are no articles in this category.

    Mirra Servers

    Mirra Web Sharing not working

    Experienced problem with Mirra Web Sharing with a client who moved to new office.  Outgoing Internet connectivity was fine although the two-way connectivity between Mirra.com and the Mirra server was not working so the web sharing part of Mirra would not work inside this office.

    Spoke with tech vendor who had installed the networking router and firewall to get them to open ports 80, 443 and 19430 for the Mirra. They did so and it made no difference. They even turned off the firewall for incoming connections briefly and this did not change the problem accessing the shares on the Mirra from the Mirra.com web site.

    Examined the layout of the networking equipment in the office and found that the new router installed had been assigned the same IP address as the old Linksys router and the Linksys router with this duplicate IP address was indeed connected to the internal network.

    Furthermore, I found that the Server for the office which was being used for DNS etc, was directly connected to this old Linksys router with the duplicate IP being used by the new equipment.

    I proceeded to disconnect the old Linksys router from everything and removed it from the network. Subsequently the Mirra web sharing began to work without any other changes.
    Ruth Miller

    Mirra Service Causes High CPU Load

    Problem:

    Client was experiencing high cpu load which slowed down her computer.  It was found that mirra.service.exe was spiking to 95% several times a minute, yet there were not enough changed files to cause a need for files to be backed up to the Mirra.

    After watching the Mirra client during these spikes, it was noticed that it seemed to be copying files over and over as if it was backing up new files.  A tech support note mentioned using Ctrl Shift D to add a Mirra Support option to the client where one can see the sync state of files. I saw that it seemed the same files were attempting to sync over and over.

    The Mirra client had already been uninstalled and a new version installed (full) with the .net - but this did not fix the problem.

    Solution:

    I removed the specified Mirra backup for this client and added it again - resulting in having to transfer over 500mb of files. After the initial transfer of all files to the Mirra, the mirra service no longer sucks up the cpu and seems to have gotten all files into sync properly.
    Ruth Miller

    VNC

    How to change default VNC desktop to Gnome in RedHat Linux

    To bring up the Gnome desktop by default when connecting via VNC in Redhat Linux check the following file:


    /home/user/.vnc

    vi xstartup

    Change last line from   twm &  to gnome-session &

    Exit from vnc and stop vnc server for that user and start again and you will get the Gnome desktop instead of twm!
    Ruth Miller

    Web Servers

    There are no articles in this category.

    Apache

    Problem starting Apache - cannot open shared object file: libapr

    OS - Linux RedHat ES v4 for AMD64

    During Scalix install and configure, attempted to start httpd from /etc/rc3.d/S85httpd and received error:

    libapr-0.so.0  cannot open shared object file: No such file

    Did an ldd   (ldd /usr/sbin/httpd) and found that libapr-0.so.0 is  ==> not found

    Did rpm -q | grep apr and found package was there but older version - seemed the package had not really installed when allowing gui to do the rpm

    So I went to rhn.redhat.com and downloaded the apr package for 64 bit AMD again but instead chose to save the file to the desktop.

    Then in a command window as root I executed from the /home/rmiller/Desktop dir:

    rpm -ivh --replacefiles *.rpm

    It installed the apr package and replaced files from earlier version this way.

    Subsequent ldd shows that the library is found and httpd started up fine.
    Ruth Miller

    IIS

    There are no articles in this category.

    PHP

    Zend Optimizer 3.3/PHP 5/GoDaddy Configuration



    This solution will get your Zend Optimizer working on php 5.2 using Optimizer 3.3 hosted on a Linux server on GoDaddy.  You don't need to install any Zend Optimizer - you just need to update your root directory php5.ini as follows:

    Re: Zend Optimizer 3.3/PHP 5/GoDaddy

    Postby barrydeez on Tue Sep 14, 2010 7:44 pm

    Its very simple.
    Here is a link to a solution:
    http://help.godaddy.com/article/1232

    Simply go to your file manager in go godaddy, and at he html section, click New. This will allow you to make a file. Copy and paste this there:
    [Zend]
    zend_optimizer.optimization_level=15
    zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
    zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
    zend_extension=/usr/local/Zend/lib/Optimizer-3.3.3/ZendExtensionManager.so
    zend_extension_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3/ZendExtensionManager_TS.so

    Than save it as php.ini (for php 4) or php5.ini (for php5).

    Just contact godaddy and upgrade to php5 if needed. They will do that for you. A simple tip: use a different host. Your problems will persist with them.

    If you are like me, I was on a server using PHP 5.3 and I found out that I could downgrade in my Hosting Control Panel under Languages - to PHP 5.2 - to support code used on another server that was running with PHP 5.2
    I successfully downgraded to PHP 5.2 but I still got the Zend Optimizer gotcha page.  I found this article and finally I started having success.  Ultimately if you are on shared web server it will take a few hours to work reliably because you are in a round robin with a set of web servers and some will not have re-read the php5.ini file yet.

    You should also be able to access your server with ssh and check the above paths to see if those files really exist where you are telling the Apache server that they are.

    Of interest, to find your web root area it is on the side bar of information about your hosted Linux server - it will look like this and it is called the ABSOLUTE HOSTING PATH:  /home/content/xx/xxx/html
    This is where the php5.ini file lives on the ssh side of things.

     
    Ruth Miller

    Windows

    There are no articles in this category.

    XP

    Windows XP Documents

    Windows Desktop Search slows down XP and Windows Servers

    Client was having trouble with slow performance on his laptop.  Many things were contributing to this but among them were Windows Desktop Search, which apparently was forced upon XP users in the Fall of 2007 and is the cause of many slowdown problems when the indexer runs which is most of the time.

    Read the following article that details how to remove it and other details:

    WINDOWS SLOWDOWN: Microsoft forces install of Windows Desktop Search

    James Bannan  29 October 2007, 4:13 AM

    Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.

    Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.

    Windows XP and 2003 users and administrators were recently bewildered by the sudden appearance of the Windows Desktop Search toolbar on their systems.

    But it was the resulting machine slow-downs as WDS commenced indexing of local content that has made users see red.

    Surprise!
    Surprise!

    It turns out that Windows Desktop Search – an optional add-on for Windows XP and 2003, and an integrated function in Windows Vista – was slipped into a recent Windows update and unknowingly downloaded by Windows Update users and WSUS administrators.

    It has sparked significant complaint and criticism. For home users it’s inconvenient enough, but for administrators it’s an absolute nightmare. System indexing is a time-consuming and disk-intensive procedure, resulting in slow-downs and end-user frustration. To have such an update sneak in (totally unauthorised) on to multiple enterprise systems simultaneously, not to mention Windows 2003-based servers is an outrageous situation, resulting from a staggering oversight.

    Bobbie Harder, a program manager on the WSUS team, announced late last week that:

    "Unfortunately, in revising this update, the decision to reuse the same update package had unintended consequences to our WSUS customers. Many of you who had approved the initial update package for a limited number of machines, had Tuesdays' WDS revision automatically install on all clients because of the expanded applicability scope and because, by default, WSUS is set to automatically approve update revisions.

    "We sincerely regret the inconvenience this has caused and extend a sincere apology to all impacted customers."

    This explanation is highly suspect, however, as many WSUS administrators (myself included) have confirmed that the original package Windows Desktop Search was never approved and in many cases was specifically declined.

    We're not home to WDS

    We're not home to WDS

    Trawling through the update logs of an affected system, it seems that the package which is KB917013 (Windows Desktop Search 3.01 for Windows XP & 2003, 32- and 64-bit), was automatically approved by the Update client and downloaded and installed without notifying the user. In the case of a WSUS-connected machine, the package had been downloaded and cached to the local WSUS server, again without administrative approval.

    To remove the package, end-users can uninstall it via Add/Remove Programs, and select Windows Desktop Search.

    Get rid of what you never asked for

    Get rid of what you never asked for

    Administrators can target the following uninstall script:

    C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe

    WSUS administrators should also clear out the following file from all local WSUS servers:

    driveletter:\WSUS\WsusContent\7A\AFFE68329462028DB8BD5B6A64FCAA4CC5064A7A.exe

    This is the update package containing the WDS install files.

    Users and administrators alike will be looking for a more comprehensive explanation and apology from Microsoft. Windows Update and WSUS have excellent reputations amongst Windows users, but this is based very strongly on a sense of trust and reliability, as well as the ongoing belief that Microsoft are doing the right thing by their customers.

    While no-one is accusing Microsoft of deploying WDS knowingly and maliciously (not yet anyway), such a monumental stuff-up will do serious damage to end-user confidence.


    ================================================================================================================

    Another good link regarding Windows Desktop Search here

    The process name for WDS is "searchindexer.exe"    See how much cpu yours is burning up by checking taskmanager.

    Ruth Miller

    How-To

    How To Documents

    Clear DNS Cache

    Sometimes when you repair your local area connection from the local area connection status window, you find out that your DNS cache could not be cleared and whatever you do, the cache will not clear up. So here’s the cool way of doing it..
    Open your command prompt and type the following command:
    C:\>net stop dnscache
    If it says that the dnscache is not started then type the following command:
    C:\>net start dnscache
    It will start your local dns cache. Now try flushing your dns cache by issuing the following command:
    C:\>ipconfig /flushdns
    It will most probably clear your dns cache and display the results for you.
    If you want to see what is in your local dns cache at this time, issue this command to find out:
    C:\>ipconfig /displaydns

    This can also be done as:

    Did this article solve your problem? If not then tell us your particular case. Let’s see if we can get into the root of your problem..

    Ruth Miller

    Accessing Group Policy on Remote Computer

    Using the Group Policy Snap-in Focused on a Remote Computer

    The Group Policy object seen at the root node of the Group Policy console is said to have "focus." The console can be focused on any computer's local Group Policy object, or any Active Directory–based Group Policy object.

    note-icon

    Note

    Focusing the Group Policy snap-in, whether on a remote computer or the local computer, or on an Active Directory–based Group Policy object, must be done when the extension is added to an MMC console file, or as a command line option. The focus cannot be changed while the Group Policy console is in use.

    To add Group Policy to an MMC console focused on a specific remote computer

    1.

    Click Start , click Run , and type MMC . Or you can open an existing saved console such as Console1.mmc.

    2.

    In the MMC window, on the Console menu, click Add/Remove Snap-in.

    3.

    On the Standalone tab, click Add .

    4.

    In the Add Snap-in dialog box, click Group Policy , and then click Add . By default this is set to open on the local computer.

    5.

    Click Browse .

    6.

    You can now select a Group Policy object from Active Directory or, as in this case, select the Computer tab.

    7.

    Select Another Computer .

    8.

    Either type in the computer name or click Browse to locate it.

    9.

    Select the domains to which you have access in the Look in drop-down list.

    The supported computer name formats are:

    NetBIOS names; for example:

    ThisComputer

    DNS-style; for example:

    ThisComputer.Reskit.com

    You can start the Group Policy snap-in with the following two command line switches:

    Specific computer

    /gpcomputer:<machinename>

    Where <machinename> can be either a NetBIOS or a DNS-style name.

    For example:

    gpedit.msc /gpcomputer:"ThisComputer"

    or

    gpedit.msc /gpcomputer:"ThisComputer.Reskit.com"

    Note that there is no space following

    /gpcomputer:

    Also, the quotes are necessary, not optional.

    Specific ADSI path

    /gpobject:"<ADSI path>"

    For example:

    /gpobject:"LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Reskit,DC=com"

    in which the GUID for the Group Policy object is a made-up example.

    Ruth Miller

    Repair/Reset Winsock Settings

    Repair/Reset Winsock settings (Links)

    Most of the Internet connectivity problems arise out of corrupt Winsock settings. Windows sockets settings may get corrupted due to the installation of a networking software, or perhaps due to Malware infestation. You will be able connect to the Internet, but the packets won't transfer back and forth. And errors such as Page cannot be displayed may occur when using Internet Explorer. This article lists the methods (with links to third-party websites) to reset/repair the Winsock configuration to defaults.

    Tools

    Microsoft Knowledgebase articles

    Windows XP Service Pack 2 - New Winsock NETSH commands

    Two new Netsh commands are available in Windows XP Service Pack 2.

    netsh winsock reset catalog

    This command resets the Winsock catalog to the default configuration. This can be useful if a malformed LSP is installed that results in loss of network connectivity. While use of this command can restore network connectivity, it should be used with care because any previously-installed LSPs will need to be re-installed.

    netsh winsock show catalog

    This command displays the list of Winsock LSPs that are installed on the computer.

     To output the results to a file type this in Command Prompt (CMD.EXE)

    netsh winsock show catalog >C:\lsp.txt

    Click to view the sample file now - lsp.txt

    See: Changes to Functionality in Microsoft Windows XP Service Pack 2: Network Protection Technologies

    Lavasoft Ad-Aware SE LSP Explorer Add-on can generate more information than NETSH, and provides options to Backup, Restore the LSPs, export the details to a HTML / Plain text file. Using the report you can easily determine the third-party LSPs, the Product, Company name and the corresponding LSP provider file name.

    Download a sample LSP HTML report (6kb Zip).

    Note that resetting the Winsock using netsh winsock reset catalog command in SP2 removes all the third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs, need to be reinstalled again. Example.. Google Desktop Search.

    Ruth Miller

    Lost Connectivity/Winsock Corruption

    Lost Connectivity after Registry or Malware Cleanup
    faq779-4625
    Posted: 22 Dec 03 (Edited 31 May 05)

    It has become increasingly necessary to use utilities to remove malware:  IE Hijackers, unwanted Advertising popups, trojans, backdoor spyware, other spyware, and worms.  It is estimated that there are now 10,000 variants of the Cool Web search Internet Explorer hijacker alone.

    Problem: after cleaning your machine you may find you can no longer connect to your network and/or the internet.

    Problem #2: While earlier releases of Windows allowed one to remove The TCP/IP protocol stack and DUN services and re-add them, XP considers these core services and will not obviously allow you to do so.

    Problem #3: The published fixes by MS do not often work, including using the Netsh.exe utility to do a reset, or even a Repair re-installation of XP.

    A Tek-Tip member - CableInstaller - known generally on malware removal forums as Option^Explicit has written a tool that works wonders in situations where your Winsock service stack has become corrupted.  While the tool works under all versions of Windows from Win9x -- XP, I will describe briefly what it does under XP:

    . It disables all network adapters
    . It removes the registry keys Winsock and Winsock2
    . It replaces the keys with a virgin registry set from a clean install of XP it contains inside the program
    . It forces a rebuilding of the Winsock service, including routing tables, using the Netsh int ip reset resetlog.txt command
    . It re-enables your adapters
    . It checks that your HOSTS file has a valid localhost pointer to 127.0.0.1

    I cannot tell you how often this little utility has proved a lifesaver:  WinsockFix  Direct download: http://www.dslreports.com/r0/download/544752~62fe0e8dc00fac87e6f0f83c54d283a4/WinsockFix.zip
    -or-
    http://www.spychecker.com/program/winsockxpfix.html

    Additional Notes:

    The tool also works wonders if your network and/or connectivity fails after driver updates, adapter changes, or multiple fiddles with your network connection settings.

    Special Note For Service Pack 2 Users:

    Service Pack 2 adds a new command to repair the Winsock corruption problem that can be caused by adware, spyware, or some other causes.  You should use this instead of the utility WinsockFix:

    netsh winsock reset

    Using this command should normally not do any harm, so if you have unsolvable connection problems or spurious disconnections, try it. It does remove all nonstandard LSP (Layered Service Provider) entries from the Winsock catalog, which are usually adware or spyware entries, but if you happened to have a legitimate one installed, it would also be removed and would have to be reinstalled.

    If you're really curious, you can use the command:

    netsh winsock show catalog

    before and after resetting the catalog to find out whether any entries were in fact removed and which ones these were. Another way to get at the same information is to run

    winmsd

    and select Components, Network, Protocol. The Layered Service Providers in the list should be of the MSAFD or RSVP ... Service Provider type. All others are likely malevolent and should disappear after the reset command shown above.

    Special Note for Microsoft Antispyware users:

    If after cleaning you lose internet and or network connectivity, it is also a common Winsock LSP layer issue.  Follow the advice in this FAQ, which is identical to the Microsoft suggestion in this MS KB article: http://support.microsoft.com/kb/892350


    More information:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;817571&Product=winxp

    A recent Microsoft KB article that provides some diagnostic steps, and suggests a reasonable method of doing-it-yourself:  http://support.microsoft.com/?kbid=811259 The second half of this KB article describes how to reset the TCP/IP service stack, which is sometimes necessary as a second step to repairing your Winsock corruption problem.


    Best to all,
    Bill Castner
    Ruth Miller

    Access MMC on remote computer

    Start -- Run --- mmc

    Add New Snap-In ---> on another computer

    Domain/Group policy may dictate access to these on client computers (yet to be determined where this is set)
    Ruth Miller

    Secure Network Shares on Office Network

    Problem:  You connect to your office through a VPN and/or office laptop connected with a VPN. Your home computer shares on your network might now be visible by anyone connected to the office network!

    First of all - you need to turn on Windows Firewall to use this protection.  Also, it is a good habit to name shares with a $ at the end as in   myshare$  so it will not be "browsable" in Net Neighborhood.

    Below is from this link

    With an office complex using a shared router to give it's clients Internet access, they should also be putting each tenant into their own VLAN which will hide them from each other. If they don't have the hardware/expertise to do that you should suggest that they upgrade.

    At the very least, they should put each tenant into a separate subnet. Then the built in Windows firewall can provide protection. (If you have SP2 installed)

    Using a random name for the shares, and making them hidden is a good step.

    If your IP addresses stay the same, you can configure the Windows firewall so that your two PCs are the only ones in the scope for File and Printer Sharing.

    Start | Run > firewall.cpl
    Another option is to install NetBEUI from the XP CD, then unbind File and Printer Sharing and the Client for Microsoft Networks from the TCP/IP protocol.
    This way, your PCs won't even appear in the other tenants Network Places (unless they have NetBEUI installed of course). Won't stop someone who is actually trying to find shares to hack into, but will stop the "curious and bored" from trying to see if there is anything interesting to see on your systems.
    NetBEUI is on the CD here:X:\VALUEADD\MSFT\NET\NETBEUI
    You can change bindings from the Network Connections window:
    Advanced Menu | Advanced Settings...
    Ruth Miller

    Technical Solutions

    Technical solutions

    Problem burning cd's with Sonic/Roxio RecordNow

    http://kb.roxio.com/content/kb/BackUp%20MyPC/000008GN?set-locale=en

    Issue

    When burning a CD or DVD, you receive an error, burning does not complete, or your media is rejected.
    Resolution Burning errors can happen for a variety of reasons. Roxio has found that doing the following steps resolves about 80% of all burning issues. Please give all these steps a try and see if it fixes your writing problems. 

    Error Msg:  No Recorder in Sonic Record Now - cd drive shows in My Computer as only a CD-R drive

    1. Update your drive's firmware/drivers. Most companies regularly update their firmware and drivers. If you are unsure what model your burner is and its firmware, click here to find out.
    2. If you are having trouble burning a video disc, it could be video card related. Please go to your video card manufacturer's website and update the driver's for your particular model. To find out the video card make and model:
      • Windows XP: Go to My Computer and choose Properties.
      • Windows Vista: Go to Start --> Control Panel --> System and Maintenance --> Device Manager.
      • Click on the Hardware tab.
      • Select Device Manager
      • Double-click Display Adapters. You're video card make and model is displayed.
      • To find out the driver details (such as version), right click on the make and model under Display adapter, and select Properties.


    3. Enable DMA. Direct Memory Access enables better efficiency of data. For more info, check how to enable DMA.
    4. The media. Check the following:
      • The disc is clean and unused.
      • The media is recommended by your burner's manufacturer or try a different brand, preferably a name brand, if you continue to have problems.
      • Make sure that media (-R/+R, -/+RW, dual-layer compatibility) is supported by the burner by checking burner's manual or manufacturer's website. This is especially true for some Blu-Ray burners which do not support CD-R/RW media.


    5. If your burner is external, make sure it is connected directly to the computer via USB/Firewire and not a hub or other other device like a sound card.
    6. Update to the latest PX Engine. The PX Engine improves compatibility with newer burners on the market.
    7. A reinstall of the burner's drivers may also help.
      • Windows XP: Go to My Computer and choose Properties.
      • Windows Vista: Go to Start --> Control Panel --> System and Maintenance --> Device Manager.
      • Click on the Hardware tab.
      • Select Device Manager
      • Expand DVD/CD-ROM Drives, then select your burner and uninstall it by right -licking on it.
      • Reboot.
    Ruth Miller

    Autoenrollment Event ID 15 in Event Log

     

    Problems occur when the Autoenrollment feature cannot reach an Active Directory domain controller

    Article ID : 310461
    Last Review : March 2, 2007
    Revision : 7.1
    This article was previously published under Q310461

    SYMPTOMS

    The following Event ID 15 error message entries are logged at 8-hour intervals in the application event log:
    Event Type: Error
    Event Source: AutoEnrollment
    Event Category: None
    Event ID: 15
    Date: date
    Time: time
    User: N/A
    Computer: computer name
    Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed.

    Back to the top

    CAUSE

    This problem may occur if the Autoenrollment feature cannot reach an Active Directory domain controller. In a Microsoft Windows NT 4.0 domain, Active Directory is not available. Therefore, the Autoenrollment feature cannot work. In an Active Directory domain that has Microsoft Windows 2000 or later domain controllers, the problem may be caused by a DNS name resolution or by network connectivity issue.

    Back to the top

    RESOLUTION

    For a Microsoft Windows XP-based computer or a Microsoft Windows Server 2003-based computer that is joined to a Windows NT 4.0 domain, to turn off the Autoenrollment feature in the Local Group Policy, follow these steps on the local workstation:
    1. Click Start, click Run, type gpedit.msc, and then press ENTER.
    2. In the left pane, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
    3. Double-click Autoenrollment Settings.
    4. Click Do not enroll certificates automatically.
    5. Click OK.
    6. Repeat steps 2 through 5, but in step 2, expand User Configuration, expand Windows Settings, expand Security Settings, and then expand Public Key Policies.
    7. Close the Group Policy window.
    For a computer that is a member of a Windows 2000 or later Active Directory domain, make sure that the domain member has network connectivity with at least one domain controller.

    After you have determined that you have good Internet Protocol (IP) connectivity between the member and a domain controller, correct the DNS address in the IP properties of the workstation. To do this, follow these steps:
    1. Start the Network Connections tool in Control Panel.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Internet Protocol (TCP/IP), and then click Properties.
    4. Type the correct DNS address in the Preferred DNS server box.
    5. Click OK.
    Ruth Miller

    Peachtree 2008 crashes while customizing checks

    Problem:  
    Customer upgraded to Peachtree Complete Accounting 2008. When attempting to customize checks in Reports and Forms --> Checks, as soon as the cursor enters a field to edit the text, Peachtree crashes

    Solution:
    Turned out that she had her screen resolution set to 800x600 for visibility and this was causing the crash. Set her resolution to 1024x768 and no crashes. Then for visibility, set her fonts in Desktop settings to large and also change the dpi to larger in Advanced display properties.  Had to specifically set the font to larger in Outlook in the View menu --- Customize Settings --Other - for the message list to have a larger font.
    Ruth Miller

    Vista

    Migrate Outlook AutoComplete data from one computer to another

    Migrating Outlook Autocomplete Data (NK2 File Data) to a New Vista/Office 2007 Computer

    I'm in the process now of moving all my data over from my old computer to my new computer and remembered that autocomplete information is not stored in the Outlook profile. Autocomplete is the drop-down suggestion window that appears when you start entering in an address in the To, CC:, or BCC: bar. Like you, this data is something I can't live without.

    That data is stored in an NK2 file that for previous (non-Vista) O/S's used to be stored in C:\Documents and Settings\{username}\Application Data\Microsoft\Outlook. Note that this location is not where your Outlook profile is by default stored. That location on non-Vista O/S's is C:\Documents and Settings\{username}\Local Settings\Application Data\Microsoft\Outlook. Notice the difference in the two paths above: The second includes traversal through the "Local Settings" folder.

    Now, in Windows Vista, that folder doesn't exist. So, I had problems finding it...

    ...Turns out that the new location in Vista where your NK2 file is located has moved to fit it into the new structure. That new location where you need to copy the NK2 file is:

    C:\Users\{username}\AppData\Roaming\Microsoft\Outlook

    Nice to know!

    Ruth Miller

    Windows 7

    User Profile Service service failed the logon. User profile cannot be loaded


    You receive the error message : 

    User Profile Service service failed the logon. User profile cannot be loaded

    Used the following procedure which worked.  You need access to a local or networked Administrator account to accomplish the steps.

    At the end I also show steps for the less technically advanced to just do a System Restore to an earlier point to fix this issue.

    If you don't have access to local Administrator account follow these instructions first.

     

    Run Regedit elevated (as Administrator) and select HKEY_USERS and "load hive" from the menu. Now navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    There is one line for each profile. If a profile is bad, check:

    a) That the key name doesn't end in ".bak" (remove .bak if there)
    b) That the RefCount value is 0 (change it if different)
    c) That the State value is 0 (change if different)

    Make any necessary changes, close Regedit and try to log in as that user.

     

    In my case - I found the temp user I created that was a domain Adminstrator account - it had actually been assigned the previous SID key number of the profile which was not working. The profile that needed to be fixed had indeed been renamed with a .bak. So here is what I did:

     

    First I enabled the local Administrator account with the above instructions. Then I logged out of the temp account so that I could then modify the SID key that was a duplicate of the broken profile. I renamed it to .old first.  Then I proceeded to rename the broken profile by removing the .bak.  I also had to reset the values to 0 as above (and 0 is 0 in Decimal or Hex).

    Before I made changes to the registry I exported the HKEY_LOCAL_MACHINE registry hive just in case.

    Once I made the change I exited from regedit and did a switch user to the broken account and was able to login with no problem.

    See next page for alternative fix using System Restore

     

    [-PAGE-]

    Alternative Fix Using System Restore



    * Credit for this very clear description of using System Restore goes to eHow contributor Craig Witt

    All modern versions of the Microsoft Windows operating system provide a helpful utility known as System Restore. The utility periodically records a copy of your system configuration, including data about registry settings, drivers and installed programs. Known as restore points, these snapshots come in handy when your computer experiences problems related to viruses, hardware conflicts or improperly installed software. With just a few clicks, System Restore can load a previously saved restore point and remove the source of the problem. Once you understand the proper steps, restoring your Windows computer using the system's Safe Mode becomes a quick task.

    Difficulty:
    Easy

    Instructions

    1. Turn on your computer. If Windows is currently running, click the "Start" button at the lower-left corner of the screen, select the "Shut Down" or "Turn Off Computer" option, choose "Restart," then click "OK."
    2. Press and hold the "F8" key as soon as the boot process begins.
    3. Press the "Enter" key to select the default "Safe Mode" option when the Advanced Boot Options screen appears. Windows begins loading in Safe Mode immediately.
    4. Click the Windows "Start" button and select the "Programs" or "All Programs" option, followed by "Accessories," "System Tools," then "System Restore." Click "Continue" or provide your administrator username and password if prompted to confirm your choice.
    5. Select "Choose a different restore point" if you use Windows Vista or Windows 7 or "Restore my computer to an earlier time" if you use Windows XP or Windows ME.
    6. Click "Next."
    7. Click the name of your preferred restore point if you use Windows Vista or Windows 7. If you use Windows XP or Windows ME, first click a bolded date from the calendar on the left-hand side of the window, then click the name of your preferred restore point from the list of options on the right-hand side of the window.
    8. Click "Next." Also click "Finish" on the screen that follows if you use Windows Vista or Windows 7. Windows will shut down immediately and restore your system using the selected restore point.


    Ruth Miller

    Windows 8

    Restore classic Windows Start button to Windows 8


    Download and install ClassicShell to restore the missing Windows Start button to have access again in the "old style" Windows interface if you don't like the new Windows 8 panels

    http://classicshell.net/

    I've used it several times now and it is a great solution
    Ruth Miller

    Networking home computers running different versions of Windows

    Networking home computers running different versions of Windows

     

    Content taken from this article

    With the introduction of the Windows Homegroup - it has become difficult to network new computers with Windows 7 and Windows 8 with older computers and networked equipment.

    Follow the steps below to connect your older devices and work around the Windows Homegroup.

    If your network contains computers running different versions of Windows, put all computers in the same workgroup

    Let's assume that you've already set up the physical network itself. If you haven’t, see What you need to set up a home network.

    After your network is set up, the next step is to fine-tune it so that all the computers can find each other—something you'll need if you want to share files and printers.

    If computers running Windows XP are part of your network, it’s important to use the same workgroup name for all of the computers on your network. This makes it possible for computers running different versions of Windows to detect and access each other. Remember that the default workgroup name is not the same in all versions of Windows.

    To find or change the workgroup name on a computer running Windows XP

    1. Click Start, right-click My Computer, and then click Properties.

    2. In System Properties, click the Computer Name tab to see the workgroup name. To change the name, click Change, type the new name in Computer name, and then click OK.

    To find the workgroup name on a computer running Windows Vista or Windows 7

    1. Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.

    2. The workgroup name is displayed under Computer name, domain, and workgroup settings.

    To change the workgroup name on a computer running Windows Vista or Windows 7

    1. Open System by clicking the Start button Picture of the Start button, right-clicking Computer, and then clicking Properties.

    2. Under Computer name, domain, and workgroup settings, click Change settings.

    3. In System Properties, on the Computer Name tab, click Change.

    4. In Computer Name/Domain Changes, in Workgroup, type the name of the workgroup you want to use, and then click OK. You will be prompted to restart your computer.

    Picture of the System window
    The workgroup name is displayed in the System window

    Set the network location to Home or Work

    Next, check the network location on all computers running Windows Vista or Windows 7. The network location is a setting that allows Windows to automatically adjust security and other settings based on the type of network that the computer is connected to. For more information, see Choosing a network location.

    There are four network locations:

    • Home. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most home networks fall into this category. HomeGroup is available on networks with the Home network location.

    • Work. The computer is connected to a network that has some level of protection from the Internet (for example, a router and a firewall) and contains known or trusted computers. Most small business networks fall into this category.

    • Public. The computer is connected to a network that's available for public use. Examples of public network types are public Internet access networks, such as those found in airports, libraries, and coffee shops.

    • Domain. The computer is connected to a network that contains an Active Directory domain controller. An example of a domain network is a network at a workplace. This network location is not available as an option and must be set by the domain administrator.

    For your home network, make sure that the network location type is set to Home. Here's how to check:

    • Open Network and Sharing Center by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, and then click Network and Sharing Center.

    The network location type is displayed below the network name.

    Picture of Network and Sharing Center
    The network location type is displayed in Network and Sharing Center

    If your network type is public, click Public network, and then select the network location you want.

    Warning

    Warning

    • You should only change a network to Home or Work if it's a known and trusted network, such as your home or small business network. Changing a network in a public place to Home or Work can be a security risk because it allows other people on the network to see your computer.

    Make sure your firewall allows file and printer sharing

    If you're using Windows Firewall, you can skip this section, because Windows Firewall automatically opens the correct ports for file and printer sharing when you share something or turn on network discovery. (For more information about network discovery, see What is network discovery?) If you're using another firewall, you must open these ports yourself so that your computer can find other computers and devices that have files or printers that you want to share.

    To find other computers running Windows Vista or Windows 7, open these ports:

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    To find other computers running earlier versions of Windows, and to use file and printer sharing on any version of Windows, open these ports:

    • UDP 137

    • UDP 138

    • TCP 139

    • TCP 445

    • UDP 5355

    To find network devices, open these ports:

    • UDP 1900

    • TCP 2869

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    To make HomeGroup work correctly between computers running Windows 7, open these ports:

    • UDP 137

    • UDP 138

    • TCP 139

    • TCP 445

    • UDP 1900

    • TCP 2869

    • UDP 3540

    • TCP 3587

    • UDP 3702

    • UDP 5355

    • TCP 5357

    • TCP 5358

    Turn on additional file and printer sharing options

    By changing your network location to Home or Work, network discovery is automatically turned on . You can also turn on these sharing options individually:

    • Network discovery

    • File sharing (in Windows 7, this is automatically turned on when you share a file or folder)

    • Public folder sharing

    When you turn on these options, your computer can:

    • Find other computers and devices on your home network and have other computers find your computer

    • Share its files and folders

    • Share its Public folders

    Note

    • Password-protected sharing is a special option that's discussed below.

    To turn on network discovery, file and printer sharing, and public folder sharing in Windows 7

    1. Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.

    2. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
    3. Select the options to turn on network discovery and file sharing.

    4. Under Public folder sharing, do one of the following:

      • To share your Public folders so that people on other computers on the network can open files in them but can't create or change files, click Turn on sharing so anyone with network access can open files.

      • To share your Public folders so that people on other computers on the network can open files in them and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files.

        Click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To turn on network discovery, file sharing, public folder sharing, and printer sharing in Windows Vista

    1. Open Network and Sharing Center in Control Panel.

    2. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to File sharing to expand the section, click Turn on file sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    3. Click the chevron Picture of the chevron next to Public folder sharing to expand the section, and then do one of the following:
      • To share the Public folder so that people on other computers on the network can open files in it but can't create or change files, click Turn on sharing so anyone with network access can open files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation. This is the default setting.

      • To share the Public folder so that people on other computers on the network can open files in it and also create or change files, click Turn on sharing so anyone with network access can open, change, and create files, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    4. Click the chevron Picture of the chevron next to Printer sharing to expand the section, click Turn on printer sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    Consider using password-protected sharing

    Password-protected sharing is a more secure method of sharing files and folders on a network, and it is enabled by default. With password-protected sharing enabled, people on your network can't access shared folders on other computers, including the Public folders, unless they have a user name and password on the computer that has the shared folders. They will be prompted to type a user name and password when accessing the shared folders.

    For quicker access, you might want to have matching user accounts on all your computers. For example, Dana wants to use password-protected sharing to more securely share files and printers between her two computers. On Computer A, she has the user account "Dana22" and the password "Fly43$." If she sets up that same user account and password combination on Computer B, she can more quickly access shared files on Computer B. If Dana changes the password on one of these computers, she must make the same change on the other computer.

    To turn on password-protected sharing in Windows 7

    1. Open Advanced sharing settings by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type network, click Network and Sharing Center, and then, in the left pane, click Change advanced sharing settings.

    2. Click the chevron Picture of the chevron icon to expand the Home or Work network profile.
    3. Under Password protected sharing, click Turn on password protected sharing, and then click Save changes. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To turn on password-protected sharing in Windows Vista

    1. Open Network and Sharing Center in Control Panel.

    2. Under Sharing and Discovery, click the chevron Picture of the chevron icon next to Password protected sharing to expand the section, click Turn on password protected sharing, and then click Apply. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    To share a file or folder

    In any version of Windows, you can right-click a file or folder, click Share, and then select the people or groups you want to share with. You can also assign permissions so that those people can or cannot make changes to the file or folder you shared. For more information, see Share files with someone.

    Using the network map

    The network map in Network and Sharing Center is a graphical view of the computers and devices on your network, showing how they're connected and including any problem areas. This can be helpful for troubleshooting. Before a computer running Windows XP can be detected and appear on the network map, you might need to install the Link-Layer Topology Discovery (LLTD) protocol on that computer. For more information, go to Network Map Does Not Display Computers Running Windows XP on the Microsoft website.

    If the LLTD protocol is installed but computers running Windows XP still don't appear on the network map, firewall settings could be preventing Windows from detecting them. Check the firewall settings and make sure that file and printer sharing is enabled. To learn how to do this, if you're using Windows Firewall, open Help and Support and search for "Enable file and printer sharing." Open the Help topic, and then scroll to the end. If you're using another firewall, check the information that came with your firewall.

    Ruth Miller

    Windows 2000

    Repair Winsock in Windows 2000

    How to repair network or modem connectivity issues in Windows 2000

    Article ID : 837333
    Last Review : October 30, 2006
    Revision : 1.1
    Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    256986 (http://support.microsoft.com/kb/256986/) Description of the Microsoft Windows Registry
    On This Page
    INTRODUCTION
    MORE INFORMATION

    INTRODUCTION

    This step-by-step article describes how to repair network or modem connectivity issues in Microsoft Windows 2000.

    Back to the top

    MORE INFORMATION

    To repair network or modem connectivity issues, follow these steps:
    1. Remove TCP/IP.
    2. Delete the Bind registry value, the Tcpip subkey, the Winsock subkey, and the WinSock2 subkey.
    3. Reinstall TCP/IP.

    Back to the top

    Step 1: Remove TCP/IP

    Remove TCP/IP for the local area connection. To do this, follow these steps.

    Note Before you remove TCP/IP, make a note of the IP and the DNS settings.
    1. Click Start, point to Settings, and then click Network and Dial-up Connections.
    2. Right-click Local Area Connection, and then click Properties.
    3. In the Components checked are used by this connection list, click Internet Protocol (TCP/IP).
    4. Click Uninstall, and then in the Uninstall Internet Protocol (TCP/IP) dialog box, click Yes.
    5. When you are prompted to restart your computer, click Yes.

    Back to the top

    Step 2: Delete the Bind registry value, the Tcpip subkey, the Winsock subkey, and the WinSock2 subkey

    To delete the Bind registry value, follow these steps.Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. In the left pane, expand HKEY_LOCAL_MACHINE, and then expand SYSTEM.
    3. Expand CurrentControlSet, and then expand Services.
    4. Expand lanmanserver, and then click Linkage.
    5. In the right pane, right-click Bind, and then click Delete.
    6. In the Confirm Value Delete dialog box, click Yes.
    7. Expand lanmanworkstation, and then click Linkage.
    8. In the right pane, right-click Bind, and then click Delete.
    9. In the Confirm Value Delete dialog box, click Yes.
    To delete the Tcpip, the Winsock, and the WinSock2 registry subkeys, follow these steps:
    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. In the left pane, expand HKEY_LOCAL_MACHINE, and then expand SYSTEM.
    3. Expand CurrentControlSet, and then expand Services.
    4. Right-click Tcpip, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    5. Right-click Winsock, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    6. Right-click WinSock2, click Delete, and then in the Confirm Key Delete dialog box, click Yes.
    7. Restart your computer.

    Back to the top

    Step 3: Reinstall TCP/IP

    Reinstall TCP/IP back to the local area connection that you removed it from. To do this, follow these steps:
    1. Click Start, point to Settings, and then click Network and Dial-up Connections.
    2. Right-click Local Area Connection, and then click Properties.
    3. Click Install, click Protocol in the Click the type of network component you want to install list, and then click Add.
    4. In the Network Protocol list, click Internet Protocol (TCP/IP), and then click OK.

    Note Replace the IP and the DNS settings with the values that you made note of at the beginning of the "Remove TCP/IP section."

    Back to the top


    APPLIES TO
    Microsoft Windows 2000 Professional Edition
    Microsoft Windows 2000 Server
    Microsoft Windows 2000 Advanced Server
    Microsoft Windows 2000 Datacenter Server
    Ruth Miller

    TNS Listener Dies when accessed - but starts up normally as a service

    Windows 2000 - Oracle 9i

    Try the following tests to confirm that it is not remote connectivity problem:

    1. On Oracle Server,open a command prompt and execute a tnsping to the database and check if the TNS Listener service crashes
    2. if it does, see related article on fixing corrupt Winsock/TCP/IP in the operating system and try the test again when complete
    Ruth Miller

    Windows Server

    Windows Server
    There are no articles in this category.

    Active Directory

    Active Directory /Domains

    Accessing Group Policy on Remote Computer

    Using the Group Policy Snap-in Focused on a Remote Computer

    The Group Policy object seen at the root node of the Group Policy console is said to have "focus." The console can be focused on any computer's local Group Policy object, or any Active Directory–based Group Policy object.

    note-icon

    Note

    Focusing the Group Policy snap-in, whether on a remote computer or the local computer, or on an Active Directory–based Group Policy object, must be done when the extension is added to an MMC console file, or as a command line option. The focus cannot be changed while the Group Policy console is in use.

    To add Group Policy to an MMC console focused on a specific remote computer

    1.

    Click Start , click Run , and type MMC . Or you can open an existing saved console such as Console1.mmc.

    2.

    In the MMC window, on the Console menu, click Add/Remove Snap-in.

    3.

    On the Standalone tab, click Add .

    4.

    In the Add Snap-in dialog box, click Group Policy , and then click Add . By default this is set to open on the local computer.

    5.

    Click Browse .

    6.

    You can now select a Group Policy object from Active Directory or, as in this case, select the Computer tab.

    7.

    Select Another Computer .

    8.

    Either type in the computer name or click Browse to locate it.

    9.

    Select the domains to which you have access in the Look in drop-down list.

    The supported computer name formats are:

    NetBIOS names; for example:

    ThisComputer

    DNS-style; for example:

    ThisComputer.Reskit.com

    You can start the Group Policy snap-in with the following two command line switches:

    Specific computer

    /gpcomputer:<machinename>

    Where <machinename> can be either a NetBIOS or a DNS-style name.

    For example:

    gpedit.msc /gpcomputer:"ThisComputer"

    or

    gpedit.msc /gpcomputer:"ThisComputer.Reskit.com"

    Note that there is no space following

    /gpcomputer:

    Also, the quotes are necessary, not optional.

    Specific ADSI path

    /gpobject:"<ADSI path>"

    For example:

    /gpobject:"LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Reskit,DC=com"

    in which the GUID for the Group Policy object is a made-up example.

    Ruth Miller

    Can't Login to Active Directory Domain and Local Administrator password or account unknown

    Unable to login to domain or local computer user account

    If the machine has NTFS, use the Linux boot kernel floppy (or bootable cd) to reset the Administrator password  ( http://home.eunet.no/pnordahl/ntpasswd/ )

    If not NTFS, then simply unplug the network cable and login with the domain user and password. These are cached locally and if the authentication is failing for some other reason (time sync issue etc) then it will allow login using the cached credentials and it won't have the AD network issue since the network is unavailable.
    Ruth Miller

    Access Users/Groups on Remote Computer


    lusrmgr.msc -a /computer=remote_computer

    If you get Access Denied - probably a policy that is preventing access (yet to be determined)
    Ruth Miller

    User Profile Service service failed the logon. User profile cannot be loaded


    You receive the error message : 

    User Profile Service service failed the logon. User profile cannot be loaded

    Used the following procedure which worked.  You need access to a local or networked Administrator account to accomplish the steps.

    At the end I also show steps for the less technically advanced to just do a System Restore to an earlier point to fix this issue.

    If you don't have access to local Administrator account follow these instructions first.

     

    Run Regedit elevated (as Administrator) and select HKEY_USERS and "load hive" from the menu. Now navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    There is one line for each profile. If a profile is bad, check:

    a) That the key name doesn't end in ".bak" (remove .bak if there)
    b) That the RefCount value is 0 (change it if different)
    c) That the State value is 0 (change if different)

    Make any necessary changes, close Regedit and try to log in as that user.

     

    In my case - I found the temp user I created that was a domain Adminstrator account - it had actually been assigned the previous SID key number of the profile which was not working. The profile that needed to be fixed had indeed been renamed with a .bak. So here is what I did:

     

    First I enabled the local Administrator account with the above instructions. Then I logged out of the temp account so that I could then modify the SID key that was a duplicate of the broken profile. I renamed it to .old first.  Then I proceeded to rename the broken profile by removing the .bak.  I also had to reset the values to 0 as above (and 0 is 0 in Decimal or Hex).

    Before I made changes to the registry I exported the HKEY_LOCAL_MACHINE registry hive just in case.

    Once I made the change I exited from regedit and did a switch user to the broken account and was able to login with no problem.

    See next page for alternative fix using System Restore

     

    [-PAGE-]

    Alternative Fix Using System Restore



    * Credit for this very clear description of using System Restore goes to eHow contributor Craig Witt

    All modern versions of the Microsoft Windows operating system provide a helpful utility known as System Restore. The utility periodically records a copy of your system configuration, including data about registry settings, drivers and installed programs. Known as restore points, these snapshots come in handy when your computer experiences problems related to viruses, hardware conflicts or improperly installed software. With just a few clicks, System Restore can load a previously saved restore point and remove the source of the problem. Once you understand the proper steps, restoring your Windows computer using the system's Safe Mode becomes a quick task.

    Difficulty:
    Easy

    Instructions

    1. Turn on your computer. If Windows is currently running, click the "Start" button at the lower-left corner of the screen, select the "Shut Down" or "Turn Off Computer" option, choose "Restart," then click "OK."
    2. Press and hold the "F8" key as soon as the boot process begins.
    3. Press the "Enter" key to select the default "Safe Mode" option when the Advanced Boot Options screen appears. Windows begins loading in Safe Mode immediately.
    4. Click the Windows "Start" button and select the "Programs" or "All Programs" option, followed by "Accessories," "System Tools," then "System Restore." Click "Continue" or provide your administrator username and password if prompted to confirm your choice.
    5. Select "Choose a different restore point" if you use Windows Vista or Windows 7 or "Restore my computer to an earlier time" if you use Windows XP or Windows ME.
    6. Click "Next."
    7. Click the name of your preferred restore point if you use Windows Vista or Windows 7. If you use Windows XP or Windows ME, first click a bolded date from the calendar on the left-hand side of the window, then click the name of your preferred restore point from the list of options on the right-hand side of the window.
    8. Click "Next." Also click "Finish" on the screen that follows if you use Windows Vista or Windows 7. Windows will shut down immediately and restore your system using the selected restore point.


    Ruth Miller

    Server 2003

    Windows Server

    Microsoft Exchange Relays

    Source:   http://msexchange.org/tutorials/Mail_Relays_Enhance_Exchange_Security.html

    What Is A Mail Relay?

    The first mechanism to be used against attacks is a mail relay. A mail relay is basically just a simple mail server that accepts e-mails, filters it according to pre-defined criteria and then delivers them to another server. Your mail relay will only allow mails that are destined to user in your SMTP domain to be relayed to the internal server. A mail relay could also filter out viruses and junk e-mail if you install the right software package for it.

    You would definitely want one of those so that your Exchange server will not be directly connected to the Internet for inbound connections.  A mail relay is typically placed in a DMZ, which a dedicated network, protected by a Firewall and separated from both the internal LAN and the Internet. This allows the Firewall administrator to determine who is trying to get into the mail relay and what is passing from the mail relay to the internal LAN.

    Tips Regarding Mail Relay deployment

    1. Don't forget the mail relay! Make sure that you secure the mail relay as much possible, install new security related patches, etc. One of the perks of having a mail relay is that you can reboot it more often than you could an Exchange Mailbox server.
      Linux is no more secure than Windows and more difficult to manage, so make sure you have the knowledge to handle it if you choose Linux as your solution.
    2. Don’t over-do your junk e-mail detection or you'll be fishing out deleted e-mails from your mail relay forever. Better choose a solution that blocks some junk mail at the mail relay level, and the rest at the server level, delivering suspected mail to a folder in the users' mailbox.
    3. Using a different anti-virus at the mail relay level than the one you use internally can lessen the chances of infections.
    4. Usually backing up mail relays is not really required but when your Exchange server is unavailable due to maintenance, internal virus outbreak or a Firewall problem you should be able to backup your mail relay so that a sudden crash doesn't take all your mail away.
    5. Monitor your mail relay queue to find out if there is a problem sooner rather then later.
    6. If you have POP3/SMTP clients, use the mail relay as an outgoing mail server instead of Exchange. This allows you to uncheck the SMTP authentication checkbox of the Exchange SMTP virtual server Relay options that is used by Trojan attacks.
      Trojans hijack username and password on workstations using various methods. They use this information to authenticate to the Exchange SMTP virtual server. Then they spoof the mail so that it appears as if it is coming from a valid IP for a large Internet E-mail supplier. However if you uncheck this option regular SMTP clients that you might find in most large enterprises such (For example, UNIX and Mac clients) will not be able to use Exchange to send mail. This quite alright as your mail relay can be configured for this purpose.

    Can I Use My Front End Server as a mail relay?

    Front End Servers are the not the ideal candidate for a mail relay, security-wise, they can be configured as such like any other Exchange server. You would need to have at least on mailbox store available for some SMTP operations.

    However I think it is best to separate this functions and place them in separate DMZs so that hacking one of them doesn't expose both of them.

    Virus, Trojan and denial of service attacks are quite common these days and Exchange is a popular target for these attacks due its popularity and inherent vulnerabilities. Mail relays can be used to thwart most attacks. I'm constantly discovering that although the concept of mail relays is not new they can be used against the latest sophisticated attacks, just long as they're not the weakest link in the chain of e-mail delivery.

    Ruth Miller

    How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server

    Source: http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958

    SUMMARY

    In a Small Business Server environment, you may have to prevent your Microsoft Exchange Server-based server from being used as an open relay SMTP server for unsolicited commercial e-mail messages, or spam. You may also have to clean up the Exchange server's SMTP queues to delete the unsolicited commercial e-mail messages. If your Exchange server is being used as an open SMTP relay, you may experience one or more of the following symptoms:
    The Exchange server cannot deliver outbound SMTP mail to a growing list of e-mail domains.
    Internet browsing is slow from the server and from local area network (LAN) clients.
    Free disk space on the Exchange server in the location of the Exchange information store databases or the Exchange information store transaction logs is reduced more rapidly than you expect.
    The Microsoft Exchange information store databases spontaneously dismount. You may be able to manually mount the stores by using Exchange System Manager, but the stores may dismount on their own after they run for a short time. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    321825 (http://support.microsoft.com/kb/321825/) Databases become dismounted because of lack of disk space

    Back to the top

    Determine whether the Exchange Server is an open SMTP relay

    Note All Exchange clients (Microsoft Outlook or other clients) must log off the Exchange server before you follow the steps in this section. Additionally, you must follow these steps from a remote client.

    These steps involve establishing a Telnet session from a computer that is not located on the Small Business Server local network to the public IP address of the Small Business Server computer. If you are physically located at the Small Business Server computer, you can use a Terminal Services client to connect to a computer that is not on the local network and then use the Telnet tool from that remote station to connect to the appropriate IP address.

    Note A webcast is available that demonstrates the steps for identifying an open SMTP relay. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_1.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_1.asx)
    From the remote client, follow these steps:
    1. Click Start, click Run, type telnet, and then click OK.
    2. At the Telnet command prompt, type set local_echo, and then press ENTER.
    3. At the Telnet command prompt, type open sbs-IP-address 25, and then press ENTER (where sbs-IP-address is the external public IP address of the Small Business Server computer).

    The output is similar to the following:
    220 server.smallbusiness.local Microsoft ESMTP MAIL Service, Version: 5.0.2195.4905 ready at "date" -0500
    Note The "Version" reference may vary, depending on the version of Small Business Server.
    4. Type ehlo anydomain.com, and then press ENTER (where anydomain is not the Small Business Server computer's e-mail domain. Make sure that the last line is:
    250 OK
    5. Type mail from:youremail@anydomain.com, and then press ENTER (where youremail@anydomain is an SMTP address that is not hosted on the Small Business Server computer). Make sure that the result is:
    250 2.1.0 youremail@anydomain.com....Sender OK
    6. Type rcpt to:user@spam.com, and then press ENTER (where user@spam is not your e-mail domain). Make sure that the result is one of the following two responses:
    550 5.7.1 Unable to relay for user@spam.com

    -or-

    250 2.1.5 user@spam.com
    7. If the result is "550 5.7.1 Unable to relay for user@spam.com," the Exchange server is not an open SMTP relay. If you previously configured Exchange Server to block open SMTP relaying and you want to clean up the Exchange server, go to the "Clean Up the Exchange Server's SMTP Queues" section of this article.
    8. If the result is "250 2.1.5 user@spam.com," the Exchange server is an open SMTP relay. Go to the "Configure the Exchange Server to Block Open SMTP Relaying" section of this article.


    Back to the top

    Determine whether an authenticated user is relaying

    This section enables logging in the Windows Event Viewer such that any authentication attempts against the SMTP service (successful or failures) are logged in the application log.
    1. Start Exchange Administrator.
    2. Double-click Servers.
    3. Under Servers, right-click ServerName, and then click Properties.
    4. Click the Diagnostic Logging tab.
    5. Click MSExchangeTransport on the left.
    6. On the right, click SMTP Protocol.
    7. Under Logging Level, click Maximum.
    8. Click OK to close Server Properties.
    If a remote user is authenticating against the Small Business Server computer as part of an operation to relay SMTP e-mail, you will see an event that is similar to the following in the application log:

    Event Type: Information
    Event Source: MSExchangeTransport
    Event Category: SMTP Protocol
    Event ID: 1708
    Date: 8/13/2003
    Time: 10:13:24 AM
    User: N/A
    Computer: SERVER
    Description: SMTP Authentication was performed successfully with client remote_computername. The authentication method was LOGIN and the username was company\username.

    In this case, if the relaying appears to come from a hacked account password, go to the Active Directory Users and Computers snap-in and delete the account, disable the account, or change the password on the account.

    Microsoft recommends that you implement a strong password policy. For additional information, visit the following Microsoft Web site:
    http://www.microsoft.com/athome/security/privacy/password.mspx (http://www.microsoft.com/athome/security/privacy/password.mspx)


    If a remote user is authenticating against the Small Business Server as part of an operation to relay SMTP e-mail using the guest account, you will see an event that is similar to the following in the application log:

    Event Type: Information
    Event Source: MSExchangeTransport
    Event Category: SMTP Protocol
    Event ID: 1708
    Date: 8/13/2003
    Time: 10:27:52 AM
    User: N/A
    Computer: SERVER
    Description: SMTP Authentication was performed successfully with client remote_computername. The authentication method was LOGIN and the username was COMPANY\Guest.

    In this case, the remote user is exploiting the guest account. Use the Active Directory Users and Computers snap-in to disable the guest account. Note It is not sufficient to change the password on the guest account. You must disable the guest account.



    Back to the top

    Configure the Exchange Server to block open SMTP relaying

    Note A webcast is available that demonstrates how to configure Exchange Server to block open SMTP relaying. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_2.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_2.asx)
    There are two Exchange Server components that permit SMTP relaying to be turned on or off:
    The Default SMTP Virtual Server
    The SMTP Connector

    Additionally, if the server is running Microsoft Internet Security and Acceleration (ISA) Server 2000, the server may be an open relay if the following conditions are true:
    ISA Server is configured with a server publishing rule for the SMTP protocol.
    127.0.0.1 is in the list of IP addresses that are allowed to relay in the properties of the default SMTP Virtual Server.


    To check the properties on the Default SMTP Virtual Server, follow these steps:
    1. Click Start, click All Programs, click Microsoft Exchange, and then click System Manager.
    2. Expand Servers, expand Servername, expand Protocols, and then expand SMTP.

    If the server is an upgrade from Small Business Server 4.x, expand Administrative Groups, expand Servername, expand Servers, expand Servername, expand Protocols, expand SMTP.
    3. Right-click Default SMTP Virtual Server and then click Properties.
    4. Click the Access tab.
    5. Click the Relay button at the bottom.
    6. The default settings block open relay. The default settings are as follows:
    Select Only the list below.
    The Computers dialog box shows Access Granted to the Internal IP address of the Small Business Server network and to the external IP address (if the server has more than one network card.)
    Make sure that Allow all computers which successfully authenticate to relay, regardless of the list above is selected.
    7. Set the Default SMTP Virtual Server configuration for relaying as indicated, which restores its settings to their defaults.
    To check the properties for the SmallBusiness SMTP Connector, follow these steps:
    1. In the Exchange System Manager, expand Connectors, and then locate the SmallBusiness SMTP Connector.

    If the server is an upgrade from Small Business Server 4.x, expand Administrative Groups, expand Servername, and then expand Connectors.

    Note: The SmallBusiness SMTP Connector is created when you run the Small Business Server 2000 Internet Connection Wizard. If you have manually created an SMTP connector, it may not be named SmallBusiness SMTP connector. Also be aware that the SMTP connector is not required for external mail flow. The absence of a connector may not indicate a problem.
    2. Right-click the SmallBusiness SMTP connector (or on the connector name that you manually created), and then click Properties.
    3. Click the Address Space tab.
    4. The default settings (when this connector is created by means of the Small Business Server 2000 Internet Connection Wizard) block open relay. The default settings are:
    Address Space -Type: SMTP
    Address: *
    Cost: 1
    The Connector Scope is Entire Organization.
    Allow messages to be routed to these domains is cleared (not selected).
    5. Configure the SMTP Connector as indicated to restore its settings to their default values.


    To examine ISA Server configuration, follow these steps:
    1. Open the ISA Management Console.
    2. Expand Servers and Arrays, expand Computer name, expand Publishing, and then click Server Publishing Rules.
    3. If you see Create Server Publishing Rules on the right side together with some text, you do not have any server publishing rules defined. You may go to the end of this section. If you do not see Create Server Publishing Rules, you will see a list of rules defined. Go to step 4.
    4. View the Protocol column to see if SMTP Server is listed. SMTP Server is the name of the default protocol definition for TCP port 25 Inbound in ISA Server 2000. If this protocol definition exists, an SMTP server publishing rule has been added to ISA Server.

    Note Administrators can add a custom protocol definition by using a different name to define TCP port 25 Inbound. If you do not specifically see SMTP Server in the Protocol column, but see a protocol definition that defines TCP port 25 Inbound, it may also be an SMTP Server Publishing Rule.
    5. To resolve this, disable or delete the SMTP Server Publishing Rule in ISA Server. To disable this rule, right-click the rule, and then click Disable. To delete this rule, right-click the rule, and then click Delete.
    6. Run the Internet Connection Wizard in SBS 2000 or run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 to configure ISA Server to enable SMTP Inbound. To run the Internet Connection Wizard in Small Business Server 2000, click Start, click Run, type icw, and then click OK.

    To run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003, follow these steps:
    a. Click Start, and then click Server Management to start the Configure E-mail and Internet Connection Wizard.
    b. In the left pane, expand To Do List. In the details pane, click Connect to Internet.

    Note The Internet Connection Wizard and the Configure E-mail and Internet Connection Wizard add a packet filter to ISA Server to enable SMTP incoming from the Internet. If you want to continue to use a server publishing rule for the SMTP protocol, make sure 127.0.0.1 is not in the allowed relay list in Exchange. If you run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003 and choose the option to configure Exchange, 127.0.0.1 will be added back. You must remember to remove the address every time that you run the Configure E-mail and Internet Connection Wizard and configure Exchange. This issue does not occur in SBS 2000.
    After you follow the steps in this article to check the Default SMTP Virtual Server,the SmallBusiness SMTP Connector settings, and the ISA Server configuration, the Exchange server is configured to block open SMTP relaying. You must follow these steps again for the telnet procedure in the "Determining if the Exchange Server Is an Open SMTP Relay" section of this article to make sure that the Exchange server returns "550 5.7.1 Unable to relay for user@spam.com" when you try to send mail to a recipient who is not homed on the Exchange server. After you have verified that Small Business Server is not an open SMTP relay, go to the Clean Up the Exchange Server's SMTP Queues section of this article.

    Back to the top

    Clean up the Exchange Server's SMTP queues


    Warning During this process, ALL messages that are destined for external SMTP recipients are deleted. Internal e-mail and incoming e-mail from the Internet are not affected. The settings below are temporary and steps to undo these changes will be included later in this section.

    Note A webcast is available that demonstrates how to clean up the Exchange Server's SMTP queues. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_3.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_3.asx)
    1. In Exchange System Manager, click SmallBusiness SMTP Connector under Connectors. This phase requires an SMTP connector. If the Exchange server does not have an SMTP connector, create one. To do this, follow these steps:
    a. Right-click Connectors, click New, and then click SMTP Connector.
    b. On the General tab, type a temporary name (Temp Connector, for example) in the Name box.
    c. Click Add at the bottom, select the server name and its associated SMTP Virtual Server, and then click OK.
    d. Click Address Space.
    e. Click Add, click SMTP, and then click OK.
    f. In the Internet Address Space Properties dialog box, leave the default settings (E-mail domain * and Cost 1), and then click OK.
    g. Click the General tab, and then go to step 4.
    2. Right-click SmallBusiness SMTP Connector, and then click Properties. If you have more than one SMTP Connector, the one that you want to work with in the following steps is the one that contains the "*" (asterisk) for the SMTP address on the Address Space tab.

    3. Click the General tab. Make a note of all the settings on this tab. You have to return these settings later in this article.
    4. Click Forward all mail through this connector to the following smart hosts.
    5. In the field provided, type a false IP address and enclose it in brackets. For example, type [99.99.99.99].
    6. Click the Deliver Options tab .
    7. Click Specify when messages are sent through this connector.
    8. In the Connection Time list, click Run daily at 11:00 PM.
    9. Click OK to close the SMTP Connector Properties dialog box.
    10. Expand Servers, expand Servername, expand Protocols, expand SMTP. Right-click the Default SMTP Virtual Server, and then click Stop.
    11. It may take several minutes for the SMTP Virtual Server to stop. After the Default SMTP Virtual Server has stopped, right-click the Default SMTP Virtual Server again, and then click Start. It may take several minutes for the Default SMTP Virtual Server to start.
    12. After the Default SMTP Virtual Server has started, wait about 10 minutes.

    Now the Default SMTP Virtual Server can re-enumerate the messages and put them in a single queue for the SmallBusiness SMTP Connector or for the one that you named when you created it in step 1.b.
    13. After about 10 minutes, expand Default SMTP Virtual Server, and then click Queues.
    14. Note the total number of messages on the right next to the Small Business SMTP Connector.

    This number has to stabilize so that all the messages can be deleted at the same time.
    15. Right-click Queues, and then click Refresh approximately every 15 minutes.
    16. Repeat step 15 until the total number of messages remains constant.
    17. Locate the queue for the SmallBusiness SMTP Connector. The queue is indicated by the small red clock on the yellow folder icon.
    18. Depending on your version of Small Business Server installation, follow the appropriate section to delete the messages from the queues:
    Small Business Server 2003: Right-click SmallBusiness SMTP Connector, and then click Find Messages. In the corresponding box, click the dropdown and select an appropriate number in Number of messages to be listed in the search. Click Find Now. In the results, select all the messages (SHIFT+PAGE DOWN). Right-click the selected messages, and then click Delete All Messages (No NDR).
    Small Business Server 2000: Right-click SmallBusiness SMTP Connector, and then click Delete All Messages (No NDR).
    19. Click Yes when you are prompted with the question of whether to delete messages in the selected queue. Deleting these message may take some time, depending on the number of messages in the queue.
    20. After the messages are deleted, right-click Queues, and then click Refresh.
    21. Note the total number of messages for the SmallBusiness SMTP Connector queue. The number is zero.
    22. Wait approximately 5 minutes, and then refresh Queues again. The goal is to have the number of messages in the SmallBusiness SMTP Connector queue reach zero and stay at zero. If this number increases, the Exchange server is still processing messages for external delivery through the SmallBusiness SMTP Connector. Repeat this step until the number stabilizes again.
    23. Repeat steps 19 through 23 until the number of messages in the SmallBusiness SMTP Connector queue is consistently zero. When it is, the Exchange server's SMTP queues have been purged of the unsolicited commercial e-mail.


    After Exchange has been cleaned of the unsolicited commercial e-mail, you have to undo the changes that you made in steps 2 through 8. To undo the changes, follow these steps:
    1. In Exchange System Manager, expand Connectors, right-click the SmallBusiness SMTP Connector, and then click Properties.

    If you created a temporary SMTP connector in step 1, click Delete instead of Properties, and then go to step 7.
    2. On the General tab, change these settings to those documented in step 3 under Clean Up the Exchange Server's SMTP Queues.
    3. Click the Delivery Options tab.
    4. Verify that Specify when messages are sent through this connector is selected.
    5. In the Connection Time list, click Always Run.
    6. Click OK.
    7. Expand Servers, expand Servername, expand Protocols, and then expand SMTP. Right-click Default SMTP Virtual Server, and then click Stop.
    8. After the SMTP Virtual Server has stopped, right-click Default SMTP Virtual Server again, and then click Start.
    Now you have configured the Exchange server to block open SMTP relaying and you have removed the unsolicited commercial e-mail from Exchange Server's SMTP queues. The next step is to clean up the file system.

    Back to the top

    Clean up the Exchange Server's file system

    Note A webcast is available that demonstrates how to clean up the file system after relaying has occurred in Exchange Server. To view this webcast, click the following link:
    http://support.microsoft.com/servicedesks/ShowMeHow/101904_4.asx (http://support.microsoft.com/?scid=http%3a%2f%2fsupport.microsoft.com%2fservicedesks%2fshowmehow%2f101904_4.asx)
    Exchange Server tries to deliver e-mail based on the specific settings for the SMTP Virtual Server. After these delivery thresholds have been met, Exchange Server stops trying to deliver the e-mail and moves the messages out of the SMTP queues into a BadMail folder. This folder may take up a lot of space on the drive.

    To remove these unnecessary files, follow these steps:
    1. In Windows Explorer, locate the C:\Program Files\Exchsrvr\Mailroot\Vsi 1 folder. To do this, expand C:\Program Files in the left pane, expand Exchsrvr, expand MailRoot, and then expand Vsi 1.

    Important Do not open the Badmail folder. Depending on how much spam the Small Business Server computer processes, this folder may contain several hundred thousand files. If you open this folder, the server may appear to have stopped responding.
    2. On the File menu, point to New, and then click Folder.
    3. Type BadMail2 for the name of the new folder.
    4. Click Start, click Programs or All Programs, click Microsoft Exchange, and then click System Manager.
    5. Expand Servers, expand Server name, expand Protocols, and then expand SMTP.

    If administrative groups are displayed, expand Administrative Groups, expand Server name, expand Servers, expand Server name, expand Protocols, and then expand SMTP.
    6. Right-click Default SMTP Virtual Server, and then click Properties.
    7. Click the Messages tab.
    8. In the Badmail directory box, change the name of the BadMail folder to BadMail2, and then click OK.
    9. Permanently delete the BadMailOld folder. To do this, click the BadMailOld folder in Windows Explorer, press and hold down the SHIFT key, and then press DELETE.
    10. Click Yes when you are prompted to confirm the deletion. Deleting this folder may take a long time, depending on the number of files in this folder.

    Back to the top

    Defragment the Exchange server's drives

    Because you have moved or deleted many files, you may want run Disk Defragmenter on the affected drive or drives.

    Back to the top

    Remove the Exchange server from "black hole" lists

    You may have to take the appropriate steps to remove your Exchange Server domain name or the Exchange server's external IP address from various "black hole" lists.

    Back to the top

    REFERENCES

    For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
    313395 (http://support.microsoft.com/kb/313395/) How to examine relay restrictions for anonymous SMTP connections and filter unsolicited e-mail messages in Exchange 2000 Server
    321825 (http://support.microsoft.com/kb/321825/) Databases become dismounted because of lack of disk space
    319356 (http://support.microsoft.com/kb/319356/) How to prevent unsolicited commercial e-mail in Exchange 2000
    Ruth Miller

    Remote Desktop Access Lost on Reboot

    Remote Desktop Access Lost to Remote Machine after Reboot

    After rebooting a machine via Remote Desktop on a Windows 2003 Server domain, you may lose the ability to connect again with Remote Desktop.

    This is probably due to the Terminal Services service being disabled or set to manual in services on the remote machine.

    Here is how you can remotely enable that service to get Remote Desktop access again. 

    On your Windows 2003 server, open command prompt and type :  mmc

    From File menu drop down choose Add/Remove Snapin

    Click the Add button at bottom left

    Scroll down to Services and click Add

    Select "Another Computer" and enter the hostname of the remote computer

    Scroll down to Terminal Services and select Automatic Startup and then Start the service.

    This should now allow you to access with Remote Desktop again.

    If you lose connectivity and need to remotely reboot your XP desktop you can also do so this way:

    From Windows 2003 Server open a command prompt and type :   shutdown /r /f /m \\remote_machine_name

    This will reboot the remote machine and force it as well so that it does not wait for answers to popups etc.


    Ruth Miller

    Windows Desktop Search slows down XP and Windows Servers

    Client was having trouble with slow performance on his laptop.  Many things were contributing to this but among them were Windows Desktop Search, which apparently was forced upon XP users in the Fall of 2007 and is the cause of many slowdown problems when the indexer runs which is most of the time.

    Read the following article that details how to remove it and other details:

    WINDOWS SLOWDOWN: Microsoft forces install of Windows Desktop Search

    James Bannan  29 October 2007, 4:13 AM

    Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.

    Has your PC suddenly started running slowly for no obvious reason? You can thank Microsoft for that.

    Windows XP and 2003 users and administrators were recently bewildered by the sudden appearance of the Windows Desktop Search toolbar on their systems.

    But it was the resulting machine slow-downs as WDS commenced indexing of local content that has made users see red.

    Surprise!
    Surprise!

    It turns out that Windows Desktop Search – an optional add-on for Windows XP and 2003, and an integrated function in Windows Vista – was slipped into a recent Windows update and unknowingly downloaded by Windows Update users and WSUS administrators.

    It has sparked significant complaint and criticism. For home users it’s inconvenient enough, but for administrators it’s an absolute nightmare. System indexing is a time-consuming and disk-intensive procedure, resulting in slow-downs and end-user frustration. To have such an update sneak in (totally unauthorised) on to multiple enterprise systems simultaneously, not to mention Windows 2003-based servers is an outrageous situation, resulting from a staggering oversight.

    Bobbie Harder, a program manager on the WSUS team, announced late last week that:

    "Unfortunately, in revising this update, the decision to reuse the same update package had unintended consequences to our WSUS customers. Many of you who had approved the initial update package for a limited number of machines, had Tuesdays' WDS revision automatically install on all clients because of the expanded applicability scope and because, by default, WSUS is set to automatically approve update revisions.

    "We sincerely regret the inconvenience this has caused and extend a sincere apology to all impacted customers."

    This explanation is highly suspect, however, as many WSUS administrators (myself included) have confirmed that the original package Windows Desktop Search was never approved and in many cases was specifically declined.

    We're not home to WDS

    We're not home to WDS

    Trawling through the update logs of an affected system, it seems that the package which is KB917013 (Windows Desktop Search 3.01 for Windows XP & 2003, 32- and 64-bit), was automatically approved by the Update client and downloaded and installed without notifying the user. In the case of a WSUS-connected machine, the package had been downloaded and cached to the local WSUS server, again without administrative approval.

    To remove the package, end-users can uninstall it via Add/Remove Programs, and select Windows Desktop Search.

    Get rid of what you never asked for

    Get rid of what you never asked for

    Administrators can target the following uninstall script:

    C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe

    WSUS administrators should also clear out the following file from all local WSUS servers:

    driveletter:\WSUS\WsusContent\7A\AFFE68329462028DB8BD5B6A64FCAA4CC5064A7A.exe

    This is the update package containing the WDS install files.

    Users and administrators alike will be looking for a more comprehensive explanation and apology from Microsoft. Windows Update and WSUS have excellent reputations amongst Windows users, but this is based very strongly on a sense of trust and reliability, as well as the ongoing belief that Microsoft are doing the right thing by their customers.

    While no-one is accusing Microsoft of deploying WDS knowingly and maliciously (not yet anyway), such a monumental stuff-up will do serious damage to end-user confidence.


    ================================================================================================================

    Another good link regarding Windows Desktop Search here

    The process name for WDS is "searchindexer.exe"    See how much cpu yours is burning up by checking taskmanager.

    Ruth Miller
    Powered by KnowledgeBuilder