I've recently had a bit of an issue getting an SSL Cert into exchange server when the new cert request in exchange got lost for some reason and with it went the private key file.
Unfortunately the CSR had already gone out and the public key generated so we ended up loosing that and had to start again (and pay again...).
This time round I got the Certificate provider to generate the CSR for us and provide the private key. I know this is not as secure as generating it yourself but I could not see an easy way to export the private key from exchange so decided this was a safer way to ensure we didn't loose things.
I dropped onto a linux box, created a public key and private cert file and pasted the text from the certificate provider in then ran the following command;
openssl pkcs12 -inkey private.pem -in public.crt -export -out pkcs12.pfx
After entering a good secure password this gave me the combined public/private pair in a .pfx format file.
This was transferred over to the exchange server and imported using the fairly obvious "import exchange certificate" option within exchange management console (under server configuration, on the right)
The only slight issue was that this was imported without a friendly name which bugged me a little.
I opened mmc and added the certificate manager snap-in for the local machine. The cert is added to personal/certificates, so go there, right click the cert and go to properties. Enter something sensible in the "friendly name" box (I use the date and fqdn normally). Ok that box, close MMC, refresh EMC and you are nearly there.
Last thing is normaly to then tell exchange to start using that cert for all of your connections. From within EMC, right click the newly added cert and select "assign services to certificate", pick the ones you want (don't just do all of them as picking non-configured services will prevent it from running) and you are all sorted.
Probably best to check OWA and an auto-configure session just to be on the safe side.
Incidentally, this seems to work fine on SBS as well although I don't have loads of experience of having done so.
Tuesday, 14 June 2016
Monday, 16 February 2015
Quickly cooking the quickbooks books
Several of our customers run the intuit software quickbooks as their accounting package.
In some instances (seems to be when saving a new customer or supplier) the software crashes and leaves the database in an un-usable state. To fix the problem you have to run the quickbooks file doctor.
So, with the normal "it worked for me, YMMV, At your own risk..." this is how I fix it;
On the server (or the workstation hosting the files)
logon as an admin user (just to make sure)
run services.msc as administrator
stop
1/ qbcfMonitorService
2/ quickbooksDB23
copy quick books company file file to desktop from it's normal home;
run file doctor as administrator
pick the correct file
enter the QB Admin password
whilst it's analysing the file
select all files from the data file sub directory and cut them
(not the shortcut to backups or any of the folders)
goto your quickbooks backup folder
create a directory called "file recovery <todays date>"
Ener that directory and paste the files cut earlier
Go back to the analysis window, which will probably still be going...
When prompted tell it you are on the server
close the browser window that it opens for you
close the file doctor
cut the (now repaired) company file from the desktop and paste it back to it's correct location
check the two services stopped previously are started again (the file doctor normally does this)
browse to the company file VIA THE NETWORK (not locally)
double click the data file to open quickbooks.
logon as the qb admin user
switch to single user mode (file, switch to single user mode)
(you may need to get people to log out if anyone is on)
go to the banking menu then write cheques
click "pay to the order of" then press CTRL + L
close the name list and the cheque writing window
Click File, Utilities, Verify (this takes a few mins)
When it finishes open qbwin.log
Open in notepad and find all occurrences of "duplicate" names and id numbers
File, utilities, Rebuild
Pick the same folder you created erlier to backup the data files too
switch too multi user mode
email someone at the customers the duplicate names
In some instances (seems to be when saving a new customer or supplier) the software crashes and leaves the database in an un-usable state. To fix the problem you have to run the quickbooks file doctor.
So, with the normal "it worked for me, YMMV, At your own risk..." this is how I fix it;
On the server (or the workstation hosting the files)
logon as an admin user (just to make sure)
run services.msc as administrator
stop
1/ qbcfMonitorService
2/ quickbooksDB23
copy quick books company file file to desktop from it's normal home;
run file doctor as administrator
pick the correct file
enter the QB Admin password
whilst it's analysing the file
select all files from the data file sub directory and cut them
(not the shortcut to backups or any of the folders)
goto your quickbooks backup folder
create a directory called "file recovery <todays date>"
Ener that directory and paste the files cut earlier
Go back to the analysis window, which will probably still be going...
When prompted tell it you are on the server
close the browser window that it opens for you
close the file doctor
cut the (now repaired) company file from the desktop and paste it back to it's correct location
check the two services stopped previously are started again (the file doctor normally does this)
browse to the company file VIA THE NETWORK (not locally)
double click the data file to open quickbooks.
logon as the qb admin user
switch to single user mode (file, switch to single user mode)
(you may need to get people to log out if anyone is on)
go to the banking menu then write cheques
click "pay to the order of" then press CTRL + L
close the name list and the cheque writing window
Click File, Utilities, Verify (this takes a few mins)
When it finishes open qbwin.log
Open in notepad and find all occurrences of "duplicate" names and id numbers
File, utilities, Rebuild
Pick the same folder you created erlier to backup the data files too
switch too multi user mode
email someone at the customers the duplicate names
Thursday, 8 January 2015
Virtual Machine Host, hard drive config
This is going to be post one of probably 6 or so (If I do them all) relating to how I have gone about setting up Virtual Machines Hosts at various sites. It is mostly to act as an aid memoir for myself but if it helps anyone else then that's a good thing.
Moving virtual machines between hosts works a lot better if the 2 hosts are configured the same way. I want to try and standardize the way I setup VM Hosts to make life easier down the line. The first thing I am looking at is how I have the VM disk images stored on the host.
All the advise seems to point to using LVM to manage your disk images. This makes sense as it means it's easy to resize the virtual disk and easy to change the underlying physical disk architecture without disturbing the virtual disks.
The standard layout we will be using will have a disk (or array) for the Host Operating System and then one or more disks (or arrays) for the virtual machines to live on. By putting the host os on a separate drive I hope to keep the VM Disk IO load away from the physical host so it does not degrade performance. On hosts where there are lots of drive bays I will probably create multiple arrays to serve different functions. One example may be to have 2 x 1TB SAS disks in a mirror for the OS' and 4 x 2TB SATA disks in raid 5 for the data.
My plan is to have, as standard, two volume groups called "VM OS Disks01" and "VM Data Disks01". It should not matter which physical disk they are located on as long as the VG names are consistent across servers. In situations where there are multiple disks we may have Disks02, Disks03, Disks04 etc in addition to the 2 standard ones.
There also seems to be some discussion (*) as to the best way to create a Physical Volume if you are using the entire disk. One option is to use the raw device the other is to create a partition table and one primary partition. The raw disk approach requires less setup but could cause issues if someone looks at the disk with, say fdisk as it would appear to be empty...The SAFE method would appear to be to create a partition table and one partition that uses the whole disk and then create the PV on that partition however the most flexible (if your admins are not idiots) is to use the block device.
For this example I want to put two VGs on one disk. Each VG takes up an entire PV and each PV takes an entire device so I'm going create a partition table with 2 partitions so that I can create 2 PV's one for each VG. The "disk" I am using is actually a 6TB raid 5 array on 4 x 2TB disks being managed by a HP raid card.
So, to the setup;
Create a partition table
parted /dev/sdb mklabel gpt
Create 2 partitions
parted /dev/sdb mkpart primary 0GB 2000GB
parted /dev/sdb mkpart primary 2000GB 6000GB
Create 2 physical volumes, one on each partition
pvcreate <your device name>
pvcreate /dev/sdb1
pvcreate /dev/sdb2
Create 2 volume group. They could contain several PVs for fault tolerance but we only have the one as the hardware is worrying about sorting the disk out for us.
vgcreate <VG name> <pv device(s)>
vgcreate vm_os_disks01 /dev/sdb1
vgcreate vm_data_disks01 /dev/sdb2
Create some logical volumes (more a practice than a requirement at this stage)
lvcreate -L <size> -n <volume name> <vg it should be housed in>
lvcreate -L 128G -n Ubuntu-test-OS-01 VM_OS_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-01 VM_data_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-02 VM_data_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-02 VM_data_Disks01
lvcreate -L 160G -n Windows_7-OS-01 VM_OS_Disks01
* http://serverfault.com/questions/439022/does-lvm-need-a-partition-table
Moving virtual machines between hosts works a lot better if the 2 hosts are configured the same way. I want to try and standardize the way I setup VM Hosts to make life easier down the line. The first thing I am looking at is how I have the VM disk images stored on the host.
All the advise seems to point to using LVM to manage your disk images. This makes sense as it means it's easy to resize the virtual disk and easy to change the underlying physical disk architecture without disturbing the virtual disks.
The standard layout we will be using will have a disk (or array) for the Host Operating System and then one or more disks (or arrays) for the virtual machines to live on. By putting the host os on a separate drive I hope to keep the VM Disk IO load away from the physical host so it does not degrade performance. On hosts where there are lots of drive bays I will probably create multiple arrays to serve different functions. One example may be to have 2 x 1TB SAS disks in a mirror for the OS' and 4 x 2TB SATA disks in raid 5 for the data.
My plan is to have, as standard, two volume groups called "VM OS Disks01" and "VM Data Disks01". It should not matter which physical disk they are located on as long as the VG names are consistent across servers. In situations where there are multiple disks we may have Disks02, Disks03, Disks04 etc in addition to the 2 standard ones.
There also seems to be some discussion (*) as to the best way to create a Physical Volume if you are using the entire disk. One option is to use the raw device the other is to create a partition table and one primary partition. The raw disk approach requires less setup but could cause issues if someone looks at the disk with, say fdisk as it would appear to be empty...The SAFE method would appear to be to create a partition table and one partition that uses the whole disk and then create the PV on that partition however the most flexible (if your admins are not idiots) is to use the block device.
For this example I want to put two VGs on one disk. Each VG takes up an entire PV and each PV takes an entire device so I'm going create a partition table with 2 partitions so that I can create 2 PV's one for each VG. The "disk" I am using is actually a 6TB raid 5 array on 4 x 2TB disks being managed by a HP raid card.
So, to the setup;
Create a partition table
parted /dev/sdb mklabel gpt
Create 2 partitions
parted /dev/sdb mkpart primary 0GB 2000GB
parted /dev/sdb mkpart primary 2000GB 6000GB
Create 2 physical volumes, one on each partition
pvcreate <your device name>
pvcreate /dev/sdb1
pvcreate /dev/sdb2
Create 2 volume group. They could contain several PVs for fault tolerance but we only have the one as the hardware is worrying about sorting the disk out for us.
vgcreate <VG name> <pv device(s)>
vgcreate vm_os_disks01 /dev/sdb1
vgcreate vm_data_disks01 /dev/sdb2
Create some logical volumes (more a practice than a requirement at this stage)
lvcreate -L <size> -n <volume name> <vg it should be housed in>
lvcreate -L 128G -n Ubuntu-test-OS-01 VM_OS_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-01 VM_data_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-02 VM_data_Disks01
lvcreate -L 500G -n Ubuntu-test-Datastore-02 VM_data_Disks01
lvcreate -L 160G -n Windows_7-OS-01 VM_OS_Disks01
* http://serverfault.com/questions/439022/does-lvm-need-a-partition-table
Wednesday, 26 November 2014
picky plesk problems
I recently needed to move some domains from an older reseller account which my hosts manage to my VPS which I'm responsible for (hosted by the same firm).
As I do not have root access to the reseller account I was not able to use the plesk migration manager myself so the lovely people at my hosting company (34sp) moved the domains for me.
All seemed to go well and all the domains were up and running as they should (databases, email, web etc). It was only a couple of weeks later when I needed to change one of the domains that I realise there was a little problem.
It seems that the plesk migration manager had created a new reseller on my VPS (which makes sense) but it failed to add a "plan" for the reseller. This meant that when it tried to add the domains under that reseller it was unable to do so as there was no plan for them to be added to. So, not wanting to be defeated the migration manager added the domains with a reseller ID for a none existent reseller (id 0).
I also found that when I tried to add a plan to the reseller that I got an error in plesk (I forget what it was now but it was red and angry looking)
So, good news, they all transferred, bad news I can't do anything with them.
The solution....
(normal; it worked for me, your mileage may vary, backup first, if it goes wrong it isn't my fault rules apply).
Logon to your vps and run mysql as a user that has access to everything (root or admin probably). I'm not giving details of how to do this, if you don't know go away and work that out before even thinking about this)
Rather than using select * statements I have included the fields that I found handy to help work things out. Some or all of the fields may not be required.
Select the psa database
use psa
Check the clients table for resellers
select count(*) from clients where type='reseller';
select id, parent_id, vendor_id, type, cname, pname, account_id, status from clients where type='reseller';
Check the subscriptions table for clients
select count(*) from Subscriptions where object_type='client';
select * from Subscriptions where object_type='client';
There should be the same number of record returned by both. In my instance the new reseller was not in the subscriptions table.
Generate a new uuid for the record
select uuid();
Insert a new subscription record for the new reseller. Use the ID from the clients table and the uuid you generated
INSERT INTO Subscriptions (object_id,object_type,locked,synchronized,custom,uuid) VALUES (<CLIENT ID>,'client','false','true','false','<THE UUID')
By this point you should be able to give the reseller a plan but will still have missing domains. For me clicking on the reseller showed no plans, customers or domains in the general section but 7 domains used in the resources section.
Find one of your missing domains
select id, name, displayName, status, vendor_id, cl_id from domains where name="wffsystems.co.uk";
Take the cl_id from the above query and use it in the next one. In my instance the "missing" domains were owned by a cl_id of zero so this gave me a shorter list. Fingers crossed this will list all the ones that are missing.
Last but not least, update each domain to have the cl_id of the reseller you want them to belong to. I did this one by one but with a bit of thought I'm sure I could have done it as a one liner.
update domains set cl_id=<YOUR RESELLER ID> where id=<THE DOMAIN ID>;
I'm not totally convinced that this has totally fixed things as my new reseller still has 7 domains listed as used even though there are none actualy in that reseller account but at least I can get to all my domains now!
Hope this helps someone.
***UPDATE***
In the domains table there is a cl_id and a vendor_id. No idea what the difference is but changing vendor_id to be the same as everything else seems to have resolved the issue.
As I do not have root access to the reseller account I was not able to use the plesk migration manager myself so the lovely people at my hosting company (34sp) moved the domains for me.
All seemed to go well and all the domains were up and running as they should (databases, email, web etc). It was only a couple of weeks later when I needed to change one of the domains that I realise there was a little problem.
It seems that the plesk migration manager had created a new reseller on my VPS (which makes sense) but it failed to add a "plan" for the reseller. This meant that when it tried to add the domains under that reseller it was unable to do so as there was no plan for them to be added to. So, not wanting to be defeated the migration manager added the domains with a reseller ID for a none existent reseller (id 0).
I also found that when I tried to add a plan to the reseller that I got an error in plesk (I forget what it was now but it was red and angry looking)
So, good news, they all transferred, bad news I can't do anything with them.
The solution....
(normal; it worked for me, your mileage may vary, backup first, if it goes wrong it isn't my fault rules apply).
Logon to your vps and run mysql as a user that has access to everything (root or admin probably). I'm not giving details of how to do this, if you don't know go away and work that out before even thinking about this)
Rather than using select * statements I have included the fields that I found handy to help work things out. Some or all of the fields may not be required.
Select the psa database
use psa
Check the clients table for resellers
select count(*) from clients where type='reseller';
select id, parent_id, vendor_id, type, cname, pname, account_id, status from clients where type='reseller';
Check the subscriptions table for clients
select count(*) from Subscriptions where object_type='client';
select * from Subscriptions where object_type='client';
There should be the same number of record returned by both. In my instance the new reseller was not in the subscriptions table.
Generate a new uuid for the record
select uuid();
Insert a new subscription record for the new reseller. Use the ID from the clients table and the uuid you generated
INSERT INTO Subscriptions (object_id,object_type,locked,synchronized,custom,uuid) VALUES (<CLIENT ID>,'client','false','true','false','<THE UUID')
By this point you should be able to give the reseller a plan but will still have missing domains. For me clicking on the reseller showed no plans, customers or domains in the general section but 7 domains used in the resources section.
Find one of your missing domains
select id, name, displayName, status, vendor_id, cl_id from domains where name="wffsystems.co.uk";
Take the cl_id from the above query and use it in the next one. In my instance the "missing" domains were owned by a cl_id of zero so this gave me a shorter list. Fingers crossed this will list all the ones that are missing.
select id, name, displayName, status, vendor_id, cl_id from domains where cl_id=<YOUR CL_ID>;
Last but not least, update each domain to have the cl_id of the reseller you want them to belong to. I did this one by one but with a bit of thought I'm sure I could have done it as a one liner.
update domains set cl_id=<YOUR RESELLER ID> where id=<THE DOMAIN ID>;
I'm not totally convinced that this has totally fixed things as my new reseller still has 7 domains listed as used even though there are none actualy in that reseller account but at least I can get to all my domains now!
Hope this helps someone.
***UPDATE***
In the domains table there is a cl_id and a vendor_id. No idea what the difference is but changing vendor_id to be the same as everything else seems to have resolved the issue.
Tuesday, 25 November 2014
Installing the Ubiquity UniFi software on ubuntu
This is shamelessly stolen from the following site and I have not tested it but wanted somewhere I could go that I knew I would be able to find the info.
https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473
https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-7-is-released/ba-p/1085473
UniFi Controller APT howto
- edit /etc/apt/sources.list
## Ubuntu deb http://www.ubnt.com/downloads/unifi/distros/deb/ub
untu ubuntu ubiquiti - add GPG Key
# for Ubiquiti sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
- update, install, and upgrade
# retrieve the latest package information apt-get update apt-get install unifi
UniFi API
A shell library, unifi_sh_api is provided with the release. here's a sample script to authorize a guest for 30 minutes
#!/bin/sh ## define required variables username=admin password=admin baseurl=https://localhost:8443 site=default ## include the API library . unifi_sh_api unifi_login # authorize a client for 30 minutes, limit down/up speed to 2048/1024kbps, quota is 500MB unifi_authorize_guest "e8:17:22:10:5d:4d" 30 down=2048 up=1024 bytes=500 # generate 10 voucher(s) valid for 60 minutes, limit down/up speed to 2048/1024kbps, quota is 500MB unifi_create_voucher 60 10 down=2048 up=1024 bytes=500 # this returns you a token that you can call by using unifi_get_vouchers() unifi_logout
Notes
- AP->Performance view is experimental. Currently it shows what the radio is doing by red (packets not sent because of likely interference) / yellow (packets retried) / green (packets sent)
- voucher.css and voucher.html, at data/sites/SITE_NAME/portal/bundle/, is where you can fully customize your voucher.
- If you have existing customized guest portal, make sure to change form="/guest/login" to form="login" - let the relative path take care of per-site URL
- For API access, you pretty much need to insert /s/SITENAME into the URL. (after login with an admin in for site)
Monday, 27 January 2014
Adding Extensions to a free PBX / Asterisk server
Logon to your server
http://172.17.0.11/freepbx/admin
From the applications menu select extensions
Select generic sip device as the type and continue
Enter the user extension eg 110
enter the display name eg Gareth Westwood
from the "This device uses sip technology" section either note down or create a new secret (password) to use when you configure the phone handset
http://172.17.0.11/freepbx/admin
From the applications menu select extensions
Select generic sip device as the type and continue
Enter the user extension eg 110
enter the display name eg Gareth Westwood
from the "This device uses sip technology" section either note down or create a new secret (password) to use when you configure the phone handset
click submit from the bottom of the page
The extension should now appear with any others you have created in the top right of the screen
Configuring a Linksys SPA941 on Freepbx (Asterisk)
For this post I am going to assume you have the phone plugged into your network and that something is giving out dhcp address. I'm also assuming you have already configured your extensions on the server and have the extension password to hand.
I have seen some talk of this phone being either a 2 line or 4 line version depending on the firmware. I don't know how to do that bit and for my install I only need 1 line so am not really fussed.
First job (just to be safe) is to reset the phone to factory defaults.
Press the menu button
Use the up/down arrows to select option 14 "Facroy Reset" and press select (or key in 14)
Confirm by pressing ok
The phone will then restart and get a dhcp address from the dhcp server.
Check the current IP
Press the menu button
use the up/down arrows to select option 9 "Network" and press select (or key in 9)
The phones current IP should be listed in item 2 on the screen. For my example it is 172.17.0.152
Enter the settings for your asterisk/Freepbx server
goto the phones ip address in your browser (I used chrome)
click on the admin login link from the top of the page
select regional tab
clear all "Vertical Service Activation Codes"
change timezone to GMT
select the Phone Tab
under line key 2, 3 and 4 change extension from 1 to disabled
select the Ext 1 tab
Enter the ip address of the asterisk server in the proxy box (172.17.0.20)
Under Subscriber information put;
the users name in display name
the extension number in user ID
The secret key from the asterisk extension config in the password box
(as long as this is the same on both ends it doesn't really matter what it is)
Click the Submit all changes button and wait for the phone to restart (which sometimes takes a while)
I have seen some talk of this phone being either a 2 line or 4 line version depending on the firmware. I don't know how to do that bit and for my install I only need 1 line so am not really fussed.
First job (just to be safe) is to reset the phone to factory defaults.
Press the menu button
Use the up/down arrows to select option 14 "Facroy Reset" and press select (or key in 14)
Confirm by pressing ok
The phone will then restart and get a dhcp address from the dhcp server.
Check the current IP
Press the menu button
use the up/down arrows to select option 9 "Network" and press select (or key in 9)
The phones current IP should be listed in item 2 on the screen. For my example it is 172.17.0.152
Enter the settings for your asterisk/Freepbx server
goto the phones ip address in your browser (I used chrome)
click on the admin login link from the top of the page
select regional tab
clear all "Vertical Service Activation Codes"
change timezone to GMT
select the Phone Tab
under line key 2, 3 and 4 change extension from 1 to disabled
select the Ext 1 tab
Enter the ip address of the asterisk server in the proxy box (172.17.0.20)
Under Subscriber information put;
the users name in display name
the extension number in user ID
The secret key from the asterisk extension config in the password box
(as long as this is the same on both ends it doesn't really matter what it is)
Click the Submit all changes button and wait for the phone to restart (which sometimes takes a while)
Subscribe to:
Posts (Atom)