Missing Sysvol and Netlogon share migrating AD

If you are migrating your Domain Controller, check if the new server shares SYSVOL and NETLOGON folders.

If not here there are few steps to force the new domain controller to create the shares.

Good Luck!

On OLD Server

1) From Administrative command prompt stop the ntfrs service (net stop ntfrs)
2) open regedit at key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
3) In the right pane, double click BurFlags, Edit DWORD Value to D4 and click OK
4) Quit Registry Editor
5) start the ntfrs service (net start ntfrs)

On NEW Server

1) From Administrative command prompt stop the ntfrs service (net stop ntfrs)
2) open regedit at key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
3) In the right pane, double click BurFlags, Edit DWORD Value to D2 and click OK
4) Quit Registry Editor
5) start the ntfrs service (net start ntfrs)

Sistema operativo ROK su VM ESXi

Avete necessità di installare un sistema operativo ROK (Reseller option kit) su una macchina virtuale ESXi?

La soluzione è molto semplice, è necessario aggiungere la riga:

SMBIOS.reflectHost = “true”

all’interno del file .vmx e l’hypervisor presenterà alla VM direttamente il BIOS della macchina fisica, così il check del produttore dell’hardware avrà esito positivo.

Eliminare devices non più presenti nel sistema

Se avete appena effettuato un P2V (physical to virtual), può essere necessario rimuovere dal sistema l’hardware della macchina fisica, per la quale driver e impostazioni ormai non servono più. In particolare la procedura è utile per le schede di rete, poichè le vecchie impostazioni, anche se non più visibili, sono presenti nel registro; il sistema operativo, quindi, interpreta la nuova configurazione IP come un duplicato e visualizza un messaggio di errore.

Per rimuovere la vecchia scheda di rete è necessario aprire un prompt dei comandi e settare una variabile, e dallo stesso prompt richiamare il device manager. In particolare i comandi sono:

set devmgr_show_nonpresent_devices=1

devmgmt.msc

Dal device manager poi sarà necessario cliccare su Visualizza -> Mostra periferiche nascoste (Mostra dispositivi nascosti)

ed espandendo la voce “Schede di rete” sarà visibile anche la vecchia scheda. Potete riconoscerla perchè indicata con una riga meno marcata.

A questo punto sarà possibile disinstallare il device: Tasto destro sul device -> disinstalla periferica e confermare

Ora il vecchio IP è di nuovo utilizzabile senza antipatici messaggi di errore.

Postfix relayhost

If you want to use postfix to send email from your CentOS server, using an external smtp relay with authentication, these are few steps to do to your postfix base config.

1: INSTALL SASL MODULES AUTH

#yum install cyrus-sasl-sql cyrus-sasl-plain cyrus-sasl-lib

2: MODIFY /etc/postfix/main.cf FILE adding these lines (tested with aruba smtp server):

relayhost=smtp.server.com:25
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_security_options =

3: CREATE /etc/postfix/sasl_passwd FILE WITH YOUR AUTH DATA:

smtp.server.com username:password

4: CREATE LOOKUP TABLE

postmap /etc/postfix/sasl_passwd

5: RESTART SERVICES

#service postfix restart

6: SEND YOUR EMAIL AND CHECK /var/log/maillog

Best regards 🙂

Visualizzare dimensione cassette postali Exchange 2010

Posto qui un comando molto utile per visualizzare la dimensione corrente delle cassette postali degli utenti su un server Exchange 2010. Il comando da eseguire dalla shell di Exchange (sostituendo ad XXXXXXXXXXXXX  il nome del server) è:

Get-MailboxStatistics -Server XXXXXXXXXXXXX | sort-object totalitemsize -descending | format-table totalitemsize,displayname

Buona giornata a tutti 😉

USB Disk read only

If you unplug an USB disk while it’s in use, or I can image in thousands of other situations, it’s possible that the system recognizes that unit as read-only disk, and replug the disk or reboot the machine doesn’t solve the problem.

So here they are some commands to regain full access to the disk:

Open a DOS prompt and use diskpart command:

x:\>diskpart

DISKPART> list disk

Disk ### Status Size Free Dyn Gpt
——– ————- ——- ——- — —
Disk 0 Online 1862 GB 0 B
Disk 1 Online 465 GB 1024 KB

DISKPART> select disk n (where n is the readonly disk)

 Disk n is now the selected disk.

DISKPART> ATTRIBUTES DISK CLEAR READONLY

A message will confirm the success of the operation.

Zyxel 600 SIP problems

If you are using Zyxel 600 series Routers and you have a VOIP PBX you are surely experiencing errors on registrating VOIP accounts, ie Eutelia, voipstunt, voipcheap, etc.

In your VOIP box you can see that there is no answer to the registration requests.

In asterisk, for example, in the CLI you can see:

sip show registry

asterisk*CLI> sip show registry
Host Username Refresh State Reg.Time
voip.eutelia.it:5060 080xxxxxx 120 Request sent

The solution is pretty simple, you need to disable SIP ALG in nat settings section of the router 😉

Patton SN4114 4FXO

At the end of one of the longest day of my life, the phone is ringing! I finally have a working config for my Patton SN4114 with 4FXO ports!

I tried an unbelievable number of things to get it working.. so I’m very satisfied now 😉

That is the point:
My need was to let the Patton register on the trixbox PBX (I can assume that it’s the same on an asterisk box), but these lines was hiding an error:

authentication-service AS_ALL_LINES
realm 1 trixbox
username 10001 password 10001
username 10002 password 10002
username 10003 password 10003
username 10004 password 10004

the authentication service name definition, in some way, didn’t permit to registerto the PBX. So, removing the “realm” line, the sip show peers command showed:

Name/username Host Dyn Nat ACL Port Status
10004/10004 192.168.9.69 D 5066 OK (19 ms)
10003/10003 192.168.9.69 D 5064 OK (20 ms)
10002/10002 192.168.9.69 D 5062 OK (19 ms)
10001/10001 192.168.9.69 D 5060 OK (21 ms)

and the 4 sip gateways started to work…

That row was generated with the 3CX config generator, and I read about thousands of people that had my same problem, and they posted on some forums their configuration, that contained that line!
So I paste my config file for 5.x firmware (it doesn’t work with 4.x), and good luck…

#########################################################
#
# For SN-4114 4-port FXO
# Supported firmware versions R5.x
#
#Patton IP is 192.168.9.69
#PBX IP is 192.168.9.5
#########################################################

cli version 3.20
clock local default-offset +01:00
dns-client server 192.168.9.4
webserver port 80 language en
sntp-client
sntp-client server primary time.ien.it port 123 version 4

system

ic voice 0
low-bitrate-codec g729

profile ppp default

rofile call-progress-tone IT_Dialtone
play 1 200 425 -12
pause 2 200
play 3 600 425 -12
pause 4 1000

profile call-progress-tone IT_Alertingtone
play 1 1000 425 -12
pause 2 4000

profile call-progress-tone IT_Congestion
play 1 200 425 -12
pause 2 200

profile call-progress-tone IT_Busytone
play 1 500 425 -12
pause 2 500

profile tone-set default
profile tone-set IT
map call-progress-tone dial-tone IT_Dialtone
map call-progress-tone ringback-tone IT_Alertingtone
map call-progress-tone busy-tone IT_Busytone
map call-progress-tone release-tone IT_Busytone
map call-progress-tone congestion-tone IT_Congestion

profile voip default
codec 1 g711alaw64k rx-length 20 tx-length 20
codec 2 g711ulaw64k rx-length 20 tx-length 20
codec 3 g729 rx-length 20 tx-length 20
fax transmission 1 relay t38-udp

profile pstn default

profile sip default

profile aaa default
method 1 local
method 2 none

context ip router

interface IF_IP_LAN
ipaddress 192.168.9.69 255.255.255.0
tcp adjust-mss rx mtu
tcp adjust-mss tx mtu

context cs switch
digit-collection timeout 4
no digit-collection terminating-char
address-completion timeout 20
national-prefix 0
international-prefix 00

interface sip IF_SIP_0
bind context sip-gateway GW_SIP_0

early-connect

early-disconnect
route call dest-interface IF_FXO_0
remote 192.168.9.5 5060
address-translation outgoing-call request-uri user-part fix 10001 host-part to-header target-param none
address-translation incoming-call called-e164 request-uri

interface sip IF_SIP_1
bind context sip-gateway GW_SIP_1

early-connect

early-disconnect
route call dest-interface IF_FXO_1
remote 192.168.9.5 5060
address-translation outgoing-call request-uri user-part fix 10002 host-part to-header target-param none
address-translation incoming-call called-e164 request-uri

interface sip IF_SIP_2
bind context sip-gateway GW_SIP_2

early-connect

early-disconnect
route call dest-interface IF_FXO_2
remote 192.168.9.5 5060
address-translation outgoing-call request-uri user-part fix 10003 host-part to-header target-param none
address-translation incoming-call called-e164 request-uri

interface sip IF_SIP_3
bind context sip-gateway GW_SIP_3

early-connect

early-disconnect
route call dest-interface IF_FXO_3
remote 192.168.9.5 5060
address-translation outgoing-call request-uri user-part fix 10004 host-part to-header target-param none
address-translation incoming-call called-e164 request-uri

interface fxo IF_FXO_0
route call dest-interface IF_SIP_0
disconnect-signal battery-reversal
disconnect-signal loop-break
disconnect-signal busy-tone
ring-number on-caller-id
dial-after timeout 2
use profile tone-set IT

interface fxo IF_FXO_1
route call dest-interface IF_SIP_1
disconnect-signal battery-reversal
disconnect-signal loop-break
disconnect-signal busy-tone
ring-number on-caller-id
dial-after timeout 2
use profile tone-set IT

interface fxo IF_FXO_2
route call dest-interface IF_SIP_2
disconnect-signal battery-reversal
disconnect-signal loop-break
disconnect-signal busy-tone
ring-number on-caller-id
dial-after timeout 2
use profile tone-set IT

interface fxo IF_FXO_3
disconnect-signal battery-reversal
disconnect-signal loop-break
disconnect-signal busy-tone
ring-number on-caller-id
dial-after timeout 2
use profile tone-set IT

context cs switch
no shutdown

authentication-service AS_ALL_LINES
username 10001 password 10001
username 10002 password 10002
username 10003 password 10003
username 10004 password 10004

location-service LS_10001
domain 1 192.168.9.5

identity-group default
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES username 10001

identity 10001
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES

registration outbound
registrar 192.168.9.5 5060
lifetime 300
register auto

location-service LS_10002
domain 1 192.168.9.5

identity-group default
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES username 10002

identity 10002
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES

registration outbound
registrar 192.168.9.5 5060
lifetime 300
register auto

location-service LS_10003
domain 1 192.168.9.5

identity-group default
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES username 10003

identity 10003
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES

registration outbound
registrar 192.168.9.5 5060
lifetime 300
register auto

location-service LS_10004
domain 1 192.168.9.5

identity-group default
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES username 10004

identity 10004
authentication outbound
authenticate 1 authentication-service AS_ALL_LINES

registration outbound
registrar 192.168.9.5 5060
lifetime 300
register auto

context sip-gateway GW_SIP_0

interface LAN
bind interface IF_IP_LAN context router port 5060

context sip-gateway GW_SIP_0
bind location-service LS_10001
no shutdown

context sip-gateway GW_SIP_1

interface LAN
bind interface IF_IP_LAN context router port 5062

context sip-gateway GW_SIP_1
bind location-service LS_10002
no shutdown

context sip-gateway GW_SIP_2

interface LAN
bind interface IF_IP_LAN context router port 5064

context sip-gateway GW_SIP_2
bind location-service LS_10003
no shutdown

context sip-gateway GW_SIP_3

interface LAN
bind interface IF_IP_LAN context router port 5066

context sip-gateway GW_SIP_3
bind location-service LS_10004
no shutdown

port ethernet 0 0
medium auto
encapsulation ip
bind interface IF_IP_LAN router
no shutdown

port fxo 0 0
encapsulation cc-fxo
bind interface IF_FXO_0 switch
no shutdown

port fxo 0 1
encapsulation cc-fxo
bind interface IF_FXO_1 switch
no shutdown

port fxo 0 2
encapsulation cc-fxo
bind interface IF_FXO_2 switch
no shutdown

port fxo 0 3
encapsulation cc-fxo
bind interface IF_FXO_3 switch
no shutdown

 

Remember that tha Patton has to register to the PBX and not the opposite!

So here is the first trunk configuration, the others are similar 😉

Trunk name: 10001 (IMPORTANT – it’s the username defined in the Patton)

Peer details:

canreinvite=no
context=from-pstn
dtmfmode=rfc2833
host=dynamic           <—- important
qualify=yes
secret=10001
type=friend
insecure=very
allow=ulaw

I hope to look at someone smiling after that 😛

Stunnel

Today I want to suggest a very interesting uility to tunnel your smtps connections. The software works as “gateway” binding a smtp connection and connecting to an smtps server.

It’s very useful to give smtps connections to devices that normally can’t connect with SSL/TLS, such as Exchange SMTP relayhost, some printer’s fax2mail or other embedded systems.

The software supports POP3s too at the same way.

You can download stunnel from here: https://www.stunnel.org/downloads.html

Here it’s a configuration file for gmail smtps server:

; SMTP/POP3 Configuration for Gmail
output = gmail.log
cert = stunnel.pem
client = yes 

[ssmtp] 
accept = 4650
connect = smtp.gmail.com:465 
[spop3] 
accept = 9950
connect = pop.gmail.com:995

So you have to configure your client to connect to stunnel machine, on the configured port.

For example if you have the mail client and stunnel on the same pc, with that conf file, you can use this parameters to connect:

smtp – localhost:4560
pop3 – localhost:9950

Thanks to everyone works to solve that kind of issues 🙂

Gmail e POP3

Forse non tutti sanno che… 🙂

Gmail salva in qualche modo le informazioni sulle email scaricate tramite il protocollo POP3, in modo da non ripresentarle ad eventuali client che le richiedano più volte senza cancellarle dal server.

Questo però sembra una vera e propria maniera di rendere complicate le cose semplici: non basterà infatti flaggare sul client di posta “Lascia una copia dei messaggi sul server” per ritrovare le stesse email su più client, e sarà necessario ricorrere ad un piccolo espediente…

Ovviamente è possibile (e consigliato) utilizzare IMAP, ma in alcuni casi puo’ essere utile  comunque raggiungere la posta tramite pop3 per i più svariati motivi…

Per impedire al server di identificare le email come “già controllate” è necessario aggiungere “recent: ” all’username al momento della connessione.

Le impostazioni del pop3 di gmail.com diventeranno quindi:

Server: pop.gmail.com (SSL, porta 995)
Username: recent: [email protected]
Password: –accountpassword– 

In questo modo la posta sarà scaricabile da più client contemporaneamente. In ogni caso il client deve essere impostato per non cancellare le email dal server 🙂