Pages

Thursday, September 19, 2013

Port Forwarding with SonicWALL Firewall TZ 200

Port Forwarding change the destination IP address to an IP address and port behind the firewall.
Manually you can open different Ports to allow (Webserver, FTP, Email, Terminal Service, VNC, etc.) from the Internet to a server behind the SonicWALL Firewall.

To open Ports to a Server you need follow the below steps:
  1. Creating a Custom Service or Services.
  2. Creating the necessary Address Objects.
  3. Defining the appropriate NAT Policies (Inbound, Outbound, and Loopback).
  4. Creating the necessary WAN, Zone Access Rules for public access.
The following example cover allowing "TightVNC" from the Internet to a Server on the LAN with private IP address.

Procedure:

Step 1: Creating a Custom Service for "TightVNC".
  • In the left panel click to expand "Firewall > Services".
  • I the right panel click to select "Custom Services".
  • On "Services" click to "Add" button.
  • On the "Add Service" open window, type the following data:
          - Name: TightVNC
          - Protocol: "click to expand" and select "TCP"
          - Port Range: 5900 - 5900
  • Then click on "Add" button.
Step 2: Creating the necessary "Address Objects".
  • In the left panel click to expand "Network > Address Objects".
  • Click on "Add" button to create "Server IP on LAN" Address Object.
  • On the "Network Security Appliance" open windows, type the following data:
          - Name: TightVNC Private
          - Zone Assignment: LAN
          - Type: Host
          - IP Address: "Here type the Server or Computer IP address" e.g: 192.168.1.34
  • Click "OK" button to create the "Server Public" Address Object.
Now
  • Click on "Add" button to create "Public IP" Address Object.
  • On the "Network Security Appliance" open windows, type the following data:
          - Name: TightVNC Public
          - Zone Assignment: WAN
          - Type: Host
          - IP Address: "Here type the Pubic IP Address" e.g: 1.1.1.1
  • Click "OK" button to create the "Public IP" Address Object.
Step 3: Defining NAT Policies.
  • In the left panel click to expand "Network > NAT Policies".
  • Click on "Add" button to create "NAT Policy" and chose the following settings from the drop-down menu:
          - Original Source: Any
          - Translated Source: Original
          - Original Destination: TightVNC Public
          - Translated Destination: TightVNC Private
          - Original Service: TightVNC
          - Translated Service: Original
          - Inbound Interface: Any
          - Outbound Interface: Any
          - Comment: TightVNC behind SonicWALL
  • Click to check "Enable NAT Policy"
  • Click to check "Create a reflexive policy". When you check this box, a mirror outbound NAT policy for the NAT policy you define Policy window is automatically created.
  • Click "Add" button.
If you wish access this server from other internal zones using the Public IP address 1.1.1.1 consider creating a Loopback NAT Policy.
  • Click on "Add" button to create "Loopback Policy" and chose the following settings from the drop-down menu:
          - Original Source: Firewalled Subnets
          - Translated Source: TightVNC Public
          - Original Destination: TightVNC Public
          - Translated Destination: TightVNC Private
          - Original Service: TightVNC
          - Translated Service: Original
          - Inbound Interface: Any
          - Outbound Interface: Any
          - Comment: Loopback Policy
  • Click to check "Enable NAT Policy"
  • Unchecked "Create a reflexive policy".
  • Click "Add" button.
Step 4: Creating Firewall Access Rules.
  • In the left panel click to expand "Firewall > Access Rules" tab.
  • In view style click to select "Matrix".
  • Click to select "From: WAN to: LAN".
  • Click "Add" button.
  • In "Add Rule" open window entry the following into the fields:
          - Action: Click to check "Allow"
          - From Zone: WAN
          - to Zone: LAN
          - Service: TightVNC
          - Source: Any
          - Destination: TightVNC Public
          - Users Allowed: All
          - Schedule: Always on
          - Comment: Server behind SonicWALL
  • Click to check "Enable Logging" and "Allow Fragmented Packets".
  • Click on "OK" buttom.
Now you need install TightVNC in you PC or Server, after that go to http://www.yougetsignal.com/tools/open-ports/ and check is you port is open.

Congratulation!!! Now you can connect remotely using TightVNC tool.

If you need additional Server or Network support visit http://www.yourtechstaff.com or call  (407) 697 3100

Monday, August 19, 2013

Some Computers do not show up in the network list...


"We have a mixed environment including Windows 2008, 2008 R2, and 2012 servers. We also have WINS setup and configured on domain controllers. I do not understand why some servers and computers do not show up in the network list. One Server and some Computers are in the list, but the others aren’t..."

For the solution of this problem follow the steps below:
Go to the Primary Domain Controller and...
 
Enable NetBIOS over TCP/IP.
  • Click “Start”, type “ncpa.cpl” into the search box for Windows Server 2008 and hit “Enter”.
  • Right click on the “Local Area Connection” and select “Properties”.
  • Click to select “Internet Protocol Version 4 (TCP/IPv4)”, and then click on “Properties” button.
  • Click on “Advance” button, and then click on “WINS” tab.       
  • Click to check “Enable NetBIOS over TCP/IP”, and then click “OK” and exit the settings.

Start “Computer Browser” service.
  • Click “Start”, type “services” into the search box for Windows Server 2008 and hit “Enter”.
  • Click on “Services (Local)”, and then click on “Standard” tab.
  • Double click on “Computer Browser” service.
  • On “Startup Type:” click to expand and select “Automatic”, and then click to “Apply” button.
  • On “Service status:” click on “Start” button
  • Now click “OK” and exit the settings.
Now you need restart the Server, after the Primary Domain Controller starting, you are available to see a list of all Servers and Computers in your network list J



 
 
 

Thursday, August 15, 2013

DC-Server 2008 R2 "Event ID: 7000 and Event ID: 7038" Errors

When a service does not start because of a logon failure, the following error messages may be displayed in Event Viewer on “Administrative Events”:

Source: Service Control Manager
Event ID: 7000
Description:
The %service% service failed to start due to the following error:
The service did not start due to a logon failure.
No Data will be available.

Source: Service Control Manager
Event ID: 7038
Description:
The AdRmsLoggingService service was unable to log on as “domain\user” with the currently configured password due to the following error:
Logon failure: unknown user name or bad password.
To ensure tha service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

When you attempt to manually start the service, the following error message may be displayed:

“Error: 1069 the service did not start due to log on failure”

For solution, follow the next steps:

  1. Click “Start”, in “Search programs and files” bar type “services.msc”, and press “Enter” key.
  2. When “Services” window is open, double click on “AD RMS Logging Service” service to open “AD RMS Logging Service Properties (Local computer)” window.
  3. In “AD RMS Logging Service Properties (Local computer)” window, click on “Log On” tab.
  4. Look at that "this account:" is selected, then type the new password, and click “OK” button.
  5. Now attempt to manually start the service again.

Congratulation!!! The “AD RMS Logging Service” is started 

Monday, June 10, 2013

"Network mapping is disable by default on domain networks..." on Windows 7 or Windows 8

When you want to open the Network Mapping in you personal computer inside of Domains and Public Networks, you receive the error:

"Network mapping is disable by default on domain networks. Your network administrator can use Group Policy to enable mapping"

For fix this error follow the next steps:
  1. On "Windows 7" click "Start", in "Search  programs and files" type "gpedit.msc", then press "Enter" key. On "Windows 8" press "Windows key + R key", type "gpedit.msc", then press "Enter" key.
  2. In "Local Group policy Editor" click to expand "Computer Configuration > Administrative Templates > Network > Link-Layer Topology Discovery".
  3. In "Link Layer Topology Discovery" in the right panel double click to edit "Turn on Mapper I/O (LLTDIO) Driver".
  4. In "Turn on Mapper I/O (LLTDIO) Driver" window, click to check "Enable", in "Options:" click to check "Allow operation while in domain". *** for security and convenience, I don't recomend check "Allow operation while in public network".
  5. Click on "Apply", and click "OK" to close "Turn on Mapper I/O (LLTDIO) Driver" window. 
  6. Repeat from step 3 to 5 on "Turn on Responder (RSPNDR) driver" policy setting.
  7. Finally click to close "Local Group Policy Editor", and restart the machine.
Now you can see all computer in your Network. :-) 

Friday, June 7, 2013

Setup VPN Client in Windows 7 or Windows 8

VPN can be used by users to connect back into their home network or company network through of Router or Firewall.

Now I show you, how you setup the windows 7 or Windows 8 VPN Client.

Follow the below steps:
  1. Right click on "Internet Access
  2. Click on "Open Network and Sharing Center".
  3. In "Network and Sharing center" window, click on "Set up a new connection or network".
  4. In "Set up a Connection or Network" window, click to select "Connect to a workplace", then click Next.
  5. In "Connect to a workplace" window, click "Next" and click on "Use my Internet connection (VPN). e.g (72.65.23.129)
  6. In "Internet address:" type the external Firewall or Router IP address, and in "Destination name:" type the name of connection. e.g (Contoso_VPN)
  7. Click to check "Remember my credentials", then click on "Create".
The new VPN connection was created. Now we need Set Up this.
  1. In "Network and Sharing Center" window, click on "Change adapter settings".
  2. In "Network Connections" windows, right click on the new VPN connection created and select "Properties".
  3. In "VPN Connection Properties" window, click on "Security" tab and expand "Type of VPN" and select the connection in my case is "PPTP".
  4. Click to check "Allow these protocols" and check "Microsoft CHAP Version 2 (MS_CHAP v2)".
  5. In "VPN Connection Properties" window, click on "Networking" tab, click to uncheck "TCP/IPv6", select "TCP/IPv4" and click on "Properties" tab.
  6. In "Internet Protocol Version 4 (TCP/IPv4) Properties" window, click on "Advance Tab" and click to uncheck "Use default gateway on remote network", then click OK to close all open windows.
Now you are setting your VPN client connection in Windows 7 or Windows 8. Congratulation you can connecting :-)

If you want to know how you can create a WatchGuard Firebox VPN with PPTP, click in the follow Links:

http://systemadministratorrecipes.blogspot.com/2013/05/configure-mobile-vpn-with-point-to.html

Monday, June 3, 2013

Mailbox Size Report for Exchange Server 2010

Exchange Management Shell, Windows PowerShell, and DOS give us the ability to generate and automating detailed reports. In this recipe, I use these cmdlets to create and automating a report on all of the mailboxes database in the organization unit and send an alert email.

Use the below steps to generate a report of each mailbox in the organization unit,  export this report to a CSV file, and send a report email.

  1. Create a folder in C:\ drive. e.g (C:\demo)
  2. Open "Notepad" an copy the script below.
  3. Save this script in "demo" folder.
  4. Name this file. e.g (mailbox_report.ps1) * Look, the file extension is .ps1
  5. Click to close O/S (C:) window.

* You need change the email address and SMTP Exchange in the script, before you save it.

Now you are ready to run this script manually :)

Process automation


Following the below steps:
  1. Open "Notepad" and type the next command line:
powershell.exe -version 1.0 -command ". 'F:\Program Files\Exchsrv\Bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\demo\mailbox_report.ps1"

     2.  Save this in C:\demo.
     3.  Name this file. e.g (mailbox_automation.bat) * Look, the file extension is .bat
     4.  Click to close O/S (C:) window.

* Maybe you need change the path "F:\Program Files\Exchsrv\Bin\RemoteExchange.ps1", this depend where you can find "RemoteExchange.ps1" script. By default Exchange Server is installed in C: \ drive, and you can find "RemoteExchange.ps1" script in this path "C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1".

     5.  Open "Task Scheduler" window.
     6.  In "Task Scheduler" window, click on "Task Scheduler Library".
     7.  In "Actions" panel click "Create Task".
     8.  In "Create Task" window, on "General" tab type a Name of the task, On "Change User or Group..." click and select an "Administrator" account.
     9.  In "Create Task" window, on "Triggers" Tab click on "New" and define the convenience schedule, then click OK.
   10.  In "Create Task" window, on "Action" tab click on "New" and click on "Browse...", and find where you created "mailbox_automation.bat", in this case (C:\demo\mailbox_automation.bat), then click OK.
   11. Click Ok to close "Task Scheduler" window, type the "User Name:" and "Password" in the Pop Up window and click OK.
   12. Right click on the new Task and click "Run".

END... :)

Thank you for visiting this blog.




Wednesday, May 15, 2013

Configure Mobile VPN with Point to Point Tunneling Protocol (PPTP) in WatchGuard XTM 25 and 26 Firebox

This article covers the steps to configure a "WatchGuard XTM 25 and 26" Mobile VPN with Point to Point Tunneling Protocol (PPTP) to move data safely between two private networks across an unprotected network.

Mobile VPN with PPTP supports as many as 50 users at the same time. To use Mobile VPN with PPTP you must configure the Firebox and the remote client computers of the remote users.

To set up VPN with PPTP in a WatchGuard XTM 25 and 26 Firebox follow the next steps:

     
     1.  Configure Mobile VPN with PPTP.
  • Log on in  WatchGuard System Manager, and go to Policy Manager to activate Mobile VPN with PPTP
  • In "Policy Manager" window, click to expand VPN < Mobile VPN < PPTP...
  • In "Mobile VPN with PPTP Configuration" window, click to check box *Activate Mobile VPN with PPTP.
  • Below in Encryption Settings be sure *Require 128-bit encryption is check.
  • In the "IP Address Pool" click to Add button to add the "Host Range". (Remember this are maximum 50 users allowed).
  • Click OK to save the configuration.
   
     2.  Add a New Policy.
  • Click in " + " sign to add new policy.
  • In "Add Policies" window, click to expand "Packet Filter".
  • Click to select "Any" and click "Add".
  • In "Name:" type the name of the new Policy. e.g "VPN with PPTP".
  • On the "Policy" tab, in the "From" section click Add.
  • In "Selected Members and Address" section, select "Any-trusted" and click Remove.
  • Click Add User.
  • In the "Add Authorized Users or Groups" windows, in the first "Type" drop-down list and select "PPTP".
  • In the "Add Authorized Users or Groups" windows, in the second "Type" drop-down list and select "Group".
  • In the "Add Address" window select "PPTP-Users" and click Select. Then click OK to close the "Add Address" window.
  • On the "Policy" tab, in the "To" section, click Add.
  • In "Selected Members and Address" section, select "Any-External" and click Remove.
  • Click Add.
  • In the "Add Address" windows, in the list select "Any-Trusted" and click Add. Then click OK to close the "Add Address" window.
  • Click OK to close the "New Policy Properties".

     3.  Add new Users.
  • In "Policy Manager" window, Click Setup < Authentication < Authentication Servers...
  • In the "Authentication Servers" window, in the "Users" section, click on Add button.
  • In the "Setup Firebox User" window, fill "Name, Passphrase, and Confirmation" lines.
  • In the "Firebox Authentication Groups" section, click to select "PPTP-Users" in the Available list and click on " << "   to move "PPTP-Users" to the Member list.
  • Click OK to close and save the change in "Setup Firebox User".
  • Click OK to close and save the change in "Authentication Servers".
  • *** To add more users repeat the above steps.
*** Don't forget save all change in the WatchGuard XTM 25 and 26 Firebox.

Thursday, May 2, 2013

Install Exchange 2010 on Windows Server 2008 R2

At this time we assume that you have installed the Windows Server Operating System.

And you need to make sure that your Active Directory (AD) environment and your Exchange Server meet the minimum requirements:
  • Active Directory forest functional level is Windows Server 2003 (or higher).
  • Active Directory Schema Master is running Windows Server 2003 w/SP1 or later.
  • Full installation of Windows Server 2008 w/SP2 or later or Windows Server 2008 R2 for the Exchange Server itself.
  • Exchange Server is joined to the domain (except for the Edge Transport Server Role).
Now, you are ready to start installing Exchange Server 2010.

Go to:

http://systemadministratorrecipes.blogspot.com/2012/11/migrating-from-exchange-server-2003-to.html


** Installation starting from step 2 to step 5 **

Now you have successfully installed Exchange Server 2010  :-)

Thursday, March 28, 2013

Disable USB Port in a Windows Operating System Computers

You can disable access to your USB ports in your Windows base PC, to prevent people from taking out data from your personal PC without permission or spreading viruses through the use of USB thunderbolt drives.

For do that follow the next steps:

  1. Go to http://technet.microsoft.com/en-us/sysinternals/bb963880.aspx and download "Regjump".
  2. Unzip "Regjump.zip" file and save "Regjump.exe" file in "System32" folder.
  3. Now open "Command Prompt" as Administrator, and type "regjump HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\USBTOR".
  4. In the "Registry Editor" window, in the Work Area double click on "Start" key.
  5. In the "Edit DWORD (32-bit) Value" window, in "Value data:" delete 3 and type 4.
  6. Click OK.
  7. Close "Registry Editor" window.
If you want re-enable access to your USB ports, fallow the above steps. In the step 5 change the value data from (4) to (3).

Enjoy it :)

NOTE: Regjump is a small utility by Microsoft that can be used to open the registry editor to a specified key.

Monday, March 25, 2013

Event ID: 4015 Source: DNS-Server-Service on Windows Server 2008 and Server 2012

If you recently installed a Windows Server 2008 or Windows Server 2012 Domain Controller; all seems to be running well but have notice you keep getting a repeating DNS Error like this:

Event ID: 4015 

Source: DNS-Server-Service

Details: 

"The DNS server has encountered a critical error from Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contain the error."

All do you need to do is:
  • Setting a Windows Server 2008 or Windows Server 2012 Domain Controller as a Global Catalog.
  • Transferring FSMO Roles in Windows Server 2008 or Windows Server 2012.
For fix that, click in the below link and do the step 4 and 5.

http://systemadministratorrecipes.blogspot.com/2012/06/migrating-active-directory-domain.html

Now you Active Directory is functioning properly, and the DNS error is fixed  :)

Friday, March 22, 2013

Event ID: 122 Source: DeviceSetupManager in Windows Server 2008 and 2012

If you noticed these Event ID: 122  Source: DeviceSetupManager error appearing on Event Viewer "Administrative Events"

"Access to drivers on Windows Update was blocked by policy"

Follow the next steps to fix it:
  1. Open "Control Panel".
In Windows Server 2008:
  • On the Keyboard press Window key.
  • In the "Search programs and files" bar, type "Control" then press Enter.
In Windows Server 2012:
  • On the Keyboard press Window key + X, then click on "Run".
  • In the "Run" window, type "Control" then press Enter.
     2.  In "Control Panel" window, in "Search Desktop" bar, type "device installation" then press Enter.

     3.  In the "device installation-Control Panel" window click "Change Device Installation Settings".

     4.  In the "Device Installation Settings" window click to check "Yes, do this automatically (recommended)", then click on Save Changes bottom.

     5.  Click to close all open windows.

Congratulation you fixed the error Event Id: 122 :)
     

Thursday, March 21, 2013

Error "The Windows Installer Service could not be accessed"

When you try to install an Application in Windows and you received the follow error:

"The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or the Windows Installer is not correctly installed. Contact your support personnel for assistance".

All do you need to do is Unregister and Re-Register the Windows Installer. You can do that
following the next steps:
  1. Log On "Administrator Account".
  2. Click Start < Run.
  3. In "Run" window  type cmd, then press Enter.
  4. In "Command Prompt" window type "msiexec /unregserver" and press Enter.
  5. In "Command Prompt" window type "msiexec /regserver" and press Enter.
  6. Click to close "Command Prompt".
Now Try your Windows Installer-based application again.

Congratulation, now you can install the application :)

Monday, March 4, 2013

The Local Policy of this system does not permit you log on interactively

If you attempting login in your personal PC, and you received the follow error message:

"The Local Policy of this system does not permit you to logon interactively"


Don't worries, follow the below instructions:
  1. Log on as Administrator in the local PC.
  2. Click "Start" > "Run".
  3. In "Run" Window type "gpedit.msc", then click OK.
  4. In "Gropu Policy" window click to expand "Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment".
  5. In the right panel, locate the entry named "Allow logon through Terminal Services" and double click on it.
  6. In "Allow logon through Terminal Services" window, click "Add User or Group".
  7. In "Select Users or Groups" window, you can find a "Specific User Account" or type "Everyone" and click in "Check Names" bottom.
  8. After the "User" is underline, click OK.
  9. Restart your PC.
 Now, you're supposed to be able to log into your PC.

If for some reason this fail again, follow the below instructions:
  1. Log on in Active Directory Server.
  2. Click "Start > Administrative Tools > Group Policy Management".
  3. In the "Group Policy Management" window, click to expand "Forest:Domain > Domains > You Domain Name".
  4. Right click on "Default Domain Policy", and click "Edit".
  5. In the "Group Policy Management Editor" window, on the "Computer Configuration" click to expand "Policies > Windows Settings > Security Settings > Local Policies".
  6. Click on "User Right Assignment".
  7. In the right panel, locate the entry name "Deny log on locally", and be sure this policy is "Not Define" or the user account name is not under this policy.
  8. Click to close all open windows.
  9. Click "Start", open "Command Prompt" and type "gpupdate /force".
  10. Go back to personal computer and attempting login again.
Now, you should be able to log in successfully on your personal PC :) 

Friday, February 8, 2013

The security log on this system is full. Only administrators can log on to fix the problem

When you trying to log on and use an account that is not a member of the Administrator in Windows Operating Systems and you receive the follow message:

"The security log on this system is full.Only administrators can log on to fix the problem".

Don't worrie, follow the below instruction:
  1. Log on "use an Administrator account".
  2. Click Start.
  3. In "Run" bar type "eventvwr" without quotation mark, and press Enter.
  4. In "Event Viewer" window, right click in Security and click Properties.
  5. In the "Security Properties" window, click to check the "Overwrite events as needed" option under "When maximum log size is reached".
  6. Click Ok, close the "Event Viewer" window.
  7. Log off or Restart.
Now a user with out administrator account can log on again :)

If you need additional Server or Network support visit http://www.yourtechstaff.com or call  (407) 697 3100

Friday, February 1, 2013

This task requires that the user account specified has Log on as batch job rights. Windows Serever 2003 and 2008

When you trying to run a bat file application from Task Schedule, you get the following notification:

"Task Schedule: This task requires that the user account specified has Log on as batch job rights".

To solve this issues follow this instructions:

  1. Click Start,
  2. In "Start Search" type secpol.msc and press Enter.
  3. In "Local Security Policy" window, click to expand "Local Policy".
  4. Click to open "User Rights Assignment".
  5. In the right panel, right click on "Log on as a Batch job" then click on "Properties".
  6. In "Log on as batch job Properties" window, click "Add User or Group" and include the user or group do you need.
  7. Click OK, and close "Local Security Policy" window.

Now you are ready to running a bat file application from Task Schedule.

Congratulation you are done ;)

Wednesday, January 23, 2013

Nagios "Return Code of 127 is out of bounds - plugin may be missing"


For this tutorial I assume you've installed Nagios. I suggest you install Nagios using the script from  

http://systemadministratorrecipes.blogspot.com/2012/06/scripts-nagios-for-install-on-ubuntu.html 

After installing Nagios. Start it and you will receive the following error:

 "Return code of 127 is out of bounds - plugin may be missing"

 To fix this error follow these instructions:

Step 1 

Checks that Nagios plugins are installed correctly in the "libexec"
  1. Open "bash-Konsole", and type "sudo su" without quotes, then press Enter key.
  2. Type the administrator password.
  3. Type "cd /usr/local/nagios/libexec" without quotes, and press Enter key.
  4. Type "dir" without quotes, then press Enter key 
 This command should show you Nagios plugins installed. If the folder is empty performs Step 2

Step 2

Let's copy the plugins installed in "/ usr / lib / nagios / plugings" to "/ usr / local / nagios / libexec"
  1. In the open "bash-Konsole", type "mv /usr/lib/nagios/plugins/* /usr/local/nagios/libexec" without quotes, then press Enter key.
  2. Type "sudo /etc/init.d/nagios restart" without quotes, then press Enter key.
Now open browser type http://localhost/nagios and log in.

After that, Nagios start working properly ;)