Unable to ssh into Cisco PIX or ASA

After a reboot of our Cisco PIX I was unable to login remotely using ssh. The first thing I tried doing was to remove the the pix entry from my ~/.ssh/known_hosts file. This did not work.

The only way I have found to gain access again is to regenerate the RSA key from the console:

MYPix (config)# ca zeroize rsa
MYPix (config)# ca generate rsa key 1024
MYPix (config)# ca save all

For a Cisco ASA:

MyASA (config)# crypto key generate rsa modulus 2048
MyASA (config)# write memory

Initiate Printer Creation From Command Line in Windows

To setup a network printer that is created and shared on SERVERNAME:

RUNDLL32.EXE printui.dll,PrintUIEntry /in /n\\SERVERNAME\PRINTERSHARENAME

To set that printer as the default printer:

RUNDLL32.EXE printui.dll,PrintUIEntry /y /n\\SERVERNAME\PRINTERSHARENAME

This can be useful to help somebody get a printer connected easily using a script.

More info: https://technet.microsoft.com/en-us/library/ee624057.aspx

Exchange 2010 – Trouble accessing the Exchange Control Panel (ecp)

While trying to access the Exchange Control Panel (https://exchangeserver/ecp), I kept getting the following error:

“Sorry! We’re having trouble processing your request right now. Please try again in a few minutes.”

Outlook Web Access (https://exchangeserver/owa) worked fine.

Thanks to jhoskins for the following post that provided the solution:
http://www.moderncs.net/node/98

As mentioned in the post, I was also running Exchange 2010 on Windows 2012 server.

Since OWA was working, it just a matter of getting the ECP Application Pool in IIS to use the same version of .Net Framework. When the ECP was not working, the MSExchangeECPAppPool Application Pool was set to use version 4.0.30319. I simply changed it to version 2.0.50727 like the MSExchangeOWAAppPool was set, and it started working fine.

Exchange 2010 – Receive Connectors

To configure Exchange relay mail from something that is not another Exchange server, you will need to create an additional Receive Connector. The best approach is probably to create and named them based on authentication or Permission Groups. That way, if you need to add another later, it will easy to identity where you need to be and what you need to do. For example, you might name one “Anonymous No Auth” or “Anonymous TLS”.

To create a new Receive Connector, open the EMC (Exchange Management Console) and under “Server Configuration”, select “Hub Transport.” Select the Exchange server under in “Hub Transport” window in the top of the screen. This is show you all of your current Receive Connectors. In the Actions (right side of the screen), select “New Receive Connector …”

Name: Anoymous TLS
Select the intended use for this Receive connetor: Custom
Next

Local Network settings:
Next

Remote Network settings:
Select 0.0.0.0-255.255.255.255 and hit the red X to remove it. Then, add the IP or IP Range for which you want the connector to apply.
Next

New

Then, in the bottom window pane, you will the newly created Receive Connector. Right mouse click on it and go to Properties. Click on the “Authentication” tab. TLS should be selected by default. If you want no authentication for this connector (not recommended of course), you would uncheck TLS leaving nothing checked here.

On the “Permission Groups”, check “Anonymous users”.
Ok

In Exchange 2013, Receive Connectors are under “Mail Flow” in the ECP.

Android M on a Nexus 6 – General Nexus 6 Android Installation

OS: Mac OS Mavericks

If you want to flash your Android 5 device with a new system image, you will more than likely need to unlock the bootloader. This is done by enabling the OEM unlock.

You will need the developer’s SDK for the tools needed: https://developer.android.com/sdk/index.html

After you install the SDK, it will make things easier if you add the location of the tools needed to your PATH variable. Note: you will probably need to create the .bash_profile file. One does not exist by default in Mavericks.

$ cat ~/.bash_profile
export PATH=$PATH:/Users/username/Library/Android/sdk/platform-tools

Plug your phone in using the USB cable. Note: I have had some issues with different micro USB cables. I would use the one that came with phone if possible.

You can try the OEM unlock by issuing the following command. This did not work for me with a Nexus 6. Instead, I unlocked it from the Developer options.

$ fastboot oem unlock

Enabling Developer options:

Go to “Settings” and then “About Phone”, and tap the firmware version several times. You will get a countdown for the number of taps to get you into Developer mode. Go back to “Settings” and notice that you now have a “Developers options” option. Select it and turn on OEM unlocking. You might have enter your phone unlock PIN and then confirm to enable.

Turn off the phone. Hold down volume button on the volume rocker and power button at the same time. This will put your phone into transfer mode.

Download the Android M preview system image from: https://developer.android.com/preview/download.html
Other available system images for when you want to switch back: https://developers.google.com/android/nexus/images

Uncompress the downloaded shamu-MPZ44Q-preview-c1d6506a.tgz file by double clicking it in Finder.

Using Terminal go to the location where you saved and uncompressed the download. The directory will be called shamu-MPZ44Q. In that directory, unzip image-shamu-MPZ44Q.zip.

Install Android M:

./flash-base.sh
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot flash system system.img
fastboot flash cache cache.img
fastboot flash userdata userdata.img
fastboot reboot

Here is what the output should look like:

flash_base.sh:

$ ./flash-base.sh
target reported max download size of 536870912 bytes
sending ‘bootloader’ (3807 KB)…
OKAY [ 0.187s]
writing ‘bootloader’…
(bootloader) flashing partition …
(bootloader) This may take a few seconds if a
(bootloader) different partition table is being
(bootloader) flashed since we need to backup
(bootloader) and restore a few partitions
(bootloader) Flashing primary GPT image…
(bootloader) Flashing backup GPT image…
(bootloader) flashing aboot …
(bootloader) flashing sbl1 …
(bootloader) flashing rpm …
(bootloader) flashing tz …
(bootloader) flashing sdi …
(bootloader) flashing logo …
OKAY [ 0.358s]
finished. total time: 0.545s
rebooting into bootloader…
OKAY [ 0.001s]
finished. total time: 0.001s
target reported max download size of 536870912 bytes
sending ‘radio’ (67556 KB)…
OKAY [ 2.965s]
writing ‘radio’…
(bootloader) flashing modem …
(bootloader) flashing mdm1m9kefs1 …
(bootloader) flashing mdm1m9kefs2 …
(bootloader) flashing mdm1m9kefs3 …
(bootloader) flashing versions …
OKAY [ 0.739s]
finished. total time: 3.704s
rebooting into bootloader…
OKAY [ 0.001s]
finished. total time: 0.001s

recovery.img:

$ fastboot flash recovery recovery.img
target reported max download size of 536870912 bytes
sending ‘recovery’ (8877 KB)…
OKAY [ 0.444s]
writing ‘recovery’…
OKAY [ 0.118s]
finished. total time: 0.562s

boot.img:

jimsmac:temp jgz$ fastboot flash boot boot.img
target reported max download size of 536870912 bytes
sending ‘boot’ (8161 KB)…
OKAY [ 0.406s]
writing ‘boot’…
OKAY [ 0.087s]
finished. total time: 0.493s

system.img:

$ fastboot flash system system.img
target reported max download size of 536870912 bytes
sending sparse ‘system’ (517183 KB)…
OKAY [ 31.545s]
writing ‘system’…
OKAY [ 5.282s]
sending sparse ‘system’ (523718 KB)…
OKAY [ 32.352s]
writing ‘system’…
OKAY [ 5.009s]
sending sparse ‘system’ (522246 KB)…
OKAY [ 31.508s]
writing ‘system’…
OKAY [ 4.846s]
sending sparse ‘system’ (370015 KB)…
OKAY [ 23.730s]
writing ‘system’…
OKAY [ 3.407s]
finished. total time: 137.691s

cache.img:

$ fastboot flash cache cache.img
target reported max download size of 536870912 bytes
erasing ‘cache’…
OKAY [ 0.035s]
sending ‘cache’ (6248 KB)…
OKAY [ 0.329s]
writing ‘cache’…
OKAY [ 0.083s]
finished. total time: 0.447s

userdata.img:

$ fastboot flash userdata userdata.img
target reported max download size of 536870912 bytes
erasing ‘userdata’…
OKAY [ 2.290s]
sending ‘userdata’ (138868 KB)…
OKAY [ 6.092s]
writing ‘userdata’…
OKAY [ 2.058s]
finished. total time: 10.440s

reboot:

$ fastboot reboot
rebooting…

finished. total time: 0.022s

You can use the same procedure to downgrade your phone back to Lollipop using one of the downloads at https://developers.google.com/android/nexus/images.

Mount SMB/CIFS share at boot in CentOS 7.

Mounting a Windows (CIFS) file share in CentOS 7 has changed a little when using a Windows domain to authenticate.

First, you need to have the cifs-util package installed. This will allow you to mount cifs/smb filesystems.

The syntax in the /etc/fstab has not changed, but the way the credential options are stored for domains is a little different. I use a hidden file that is read only to store the Windows credentials.

/etc/fstab:

//winserver/sharename /mntpoint cifs credentials=/usr/local/etc/.myfile,iocharset=utf8,file_mode=0774,dir_mode=0774 0 0

Here is the change. In the past, I was able to specify the domain with the username in the credential file like so:
/usr/local/etc/.myfile:

username=mydomain\myusername
password=mypassword

Now, the domain needs to be specified on its own line like so:

username=myusername
password=mypassword
domain=mydomain

Windows Remote Process Kill

Ever need to kill a process on a remote Windows computer that you can’t login to and the user is not there? Taskkill can help. I am not sure when this utility was introduced, but I would think it is on Windows 7. I did this from a Windows 8.1 machine.

You can do it by PID:

taskkill /S computernameORipaddress /u username /PID pidnumber

Or executable image name:

taskkill /S computernameORipaddress /u username /FI “IMAGENAME eq imagename”

Here is an example. This kills Outlook on a computer with an IP address of 10.10.10.10 using the Administrator account:

C:\>taskkill /S 10.10.10.10 /u Administrator /FI “IMAGENAME eq outlook.exe”
Type the password for administrator:********

SUCCESS: The process with PID 2576 has been terminated.

Exchange 2010 Mailbox Recovery

Restore the database files to a location with enough space to hold the entire database and its logs. I created a full system (bare metal) backup using Windows Server Backup. I recovered using the following options:
Select Recovery Type: Applications
Select Application: Exchange
Specify Recovery Options: Recover to another location
Under Confirmation, I presume you would be able to choose the database you want to restore. I only had one, so it was selected.

This will restore the database and logs to the location you specified. I suspect the process will be very similar for other backup solutions that support Exchange.

Check database State:

[PS] >eseutil /mh ‘E:\WSBRecovery\Mailbox Database 1234567890\Mailbox Database 1234567890.edb’

Filter output for the State:

[PS] >eseutil /mh ‘E:\WSBRecovery\Mailbox Database 1234567890\Mailbox Database 1234567890.edb’ | findstr “State”

Check status of the logs:

[PS] >eseutil /ml ‘E:\WSBRecovery\Mailbox Database 1234567890\E00’

Replay the logs and update the database. The /l option is the log location, and the /d is the database location.:

[PS] >eseutil /r E00 /i /l ‘E:\WSBRecovery\Mailbox Database 1234567890’ /d ‘E:\WSBRecovery\Mailbox Database 1234567890’

Check the State again. It should be Clean Shutdown now.:

[PS] >eseutil /mh ‘E:\WSBRecovery\Mailbox Database 1234567890\Mailbox Database 1234567890.edb’ | findstr “State”

If the State still say Dirty Shutdown, you can try to repair the database. However, this should be your last resort:

[PS] >eseutil /p ‘E:\WSBRecovery\Mailbox Database 1234567890\Mailbox Database 1234567890.edb’

Create a new recovery database using the restored clean database:

[PS] >New-MailboxDatabase RecoveryDatabase -Server MY-EXCHG01 -Recovery:$true -EdbFilePath ‘E:\WSBRecovery\Mailbox Database 1234567890\Mailbox Database 1234567890.edb’ -LogFolderPath ‘E:\WSBRecovery\Mailbox Database 1234567890’

Mount the recovery database:

[PS] >Mount-Database RecoveryDatabase

If you have an old recovery database open, you may need to dismount the old first. Not sure if that is applicable for all Exchange versions, but this was the case in Exchange Server 2010 Standard version:

[PS] >Dismount-Database ‘MY-EXCHG01 DB01 Recovery’

Check for the mailboxes in the recovered database:

[PS] >Get-Mailboxstatistics -Database RecoveryDatabase

Restore the database to a Restore folder, so the lost messages can be copied from the Restore folder. Once the lost messages are moved out of the Restore folder, the Restore folder can be deleted.

[PS] >Restore-Mailbox -Identity “JGZ Test” -RecoveryDatabase RecoveryDatabase -RecoveryMailbox “JGZ Test” -TargetFolder Restore

:

Exchange Management Shell Commands (work in progress)

This is more a reference for myself:

I covered the basics of message tracking in:
http://jim-zimmerman.com/?p=1098

Database size:

Get-MailboxDatabase -Status | Select Name,DatabaseSize

PublicFolderDatabase size:

Get-PublicFolderDatabase -Status | Select Name,DatabaseSize

To determine role assignments:

Get-ManagementRoleAssignment

Create a recovery mailbox:

New-MailboxDatabase -Recovery -Name “Recovery DB Name” -Server EXCHANGESERVERNAME

Delete a mailbox database. Once removed, you can delete the files from the file system.:

Remove-MailboxDatabase -Identity “Recovery DB Name”

The right way to create a recovery database:

New-MailboxDatabase -Recovery -Name “Recovery DB Name” -Server EXCHANGESERVERNAME -EdbFilePath Drive:\Directory\Filename.edb -LogFolderPath Drive:\Directory

Move a mailbox:
You can use the canonical name of the object with the mailbox ( DOMAIN.LOCAL/OU/OU/Name ) to move from EMS.

Note: You may need to enable inheritance. This can be dome from the ADUC. Access the Properties for the user and click on Security tab. If it is not visible, you need to enable your ADUC view for Advanced Features. Once on the Security tab, click Advanced, and then down in the bottom left click “Enable inheritance”. This is on a Windows 2012 R2 domain controller. It might a little different dialog on older versions of Windows server.

[PS] >’DOMAIN.LOCAL/TahityOU/SurfingOU/Cool Dude’ | New-MoveRequest -TargetDatabase ‘My Exchange Database’

DisplayName Status TotalMailboxSize TotalArchiveSize PercentCompl
———– —— —————- —————- ————
Cool Dude Queued 5 B (5 bytes) 0

Check the status of all move requests:

[PS] >Get-MoveRequest

Check Cool Dude’s move request:

[PS] >Get-MoveRequest -Identity ‘cooldude@tahiti.surfing’

Nice, but what do I do to get all those canonical names?
The following will give you all the canonical names for all objects in your domain. From a domain controller, fire up powershell:

PS > Get-AdUser -Properties CanonicalName -Filter ‘*’ | Select CanonicalName

I am sure there is a better way to do this, but this will give some output that will have the CanonicalName and Exchange mail server for an object. You can work with this output to come with a list that of objects that need to be moved.

PS > Get-AdUser -Properties CanonicalName,msExchHomeServerName -Filter ‘*’ | Select CanonicalName,msExchHomeServerName | Format-List

This will create a Send Connector for use in your LAN. In my case, it is a linux server. Create a Send Connector:

New-SendConnector -Name ‘Some Name’ -Usage ‘Internal’ -AddressSpaces ‘SMTP:hostORdomainname;1’ -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts ‘[aaa.bbb.ccc.ddd]’ -SmartHostAuthMechanism ‘None’ -UseExternalDNSServersEnabled $false -SourceTransportServers ‘MY-EXCHG01’

Create a new mail contact:

New-MailContact -ExternalEmailAddress ‘SMTP:mycontact@email.address’ -Name ‘mycontact’ -Alias ‘mycontact’ -FirstName ‘My’ -Initials ‘MC’ -LastName ‘Contact’ -OrganizationalUnit ‘DOMAIN.LOCAL/OU/OU’

To check and make active components:

[PS] C:\> Get-ServerComponentState

Server Component State
—— ——— —–
VMEXCHG2013.greattechhelp.local ServerWideOffline Inactive
VMEXCHG2013.greattechhelp.local HubTransport Inactive
VMEXCHG2013.greattechhelp.local FrontendTransport Inactive
VMEXCHG2013.greattechhelp.local Monitoring Inactive
VMEXCHG2013.greattechhelp.local RecoveryActionsEnabled Inactive
VMEXCHG2013.greattechhelp.local AutoDiscoverProxy Inactive
VMEXCHG2013.greattechhelp.local ActiveSyncProxy Inactive
VMEXCHG2013.greattechhelp.local EcpProxy Inactive
VMEXCHG2013.greattechhelp.local EwsProxy Inactive
VMEXCHG2013.greattechhelp.local ImapProxy Inactive
VMEXCHG2013.greattechhelp.local OabProxy Inactive
VMEXCHG2013.greattechhelp.local OwaProxy Inactive
VMEXCHG2013.greattechhelp.local PopProxy Inactive
VMEXCHG2013.greattechhelp.local PushNotificationsProxy Inactive
VMEXCHG2013.greattechhelp.local RpsProxy Inactive
VMEXCHG2013.greattechhelp.local RwsProxy Inactive
VMEXCHG2013.greattechhelp.local RpcProxy Inactive
VMEXCHG2013.greattechhelp.local UMCallRouter Inactive
VMEXCHG2013.greattechhelp.local XropProxy Inactive
VMEXCHG2013.greattechhelp.local HttpProxyAvailabilityGroup Inactive
VMEXCHG2013.greattechhelp.local ForwardSyncDaemon Inactive
VMEXCHG2013.greattechhelp.local ProvisioningRps Inactive
VMEXCHG2013.greattechhelp.local MapiProxy Inactive
VMEXCHG2013.greattechhelp.local EdgeTransport Inactive
VMEXCHG2013.greattechhelp.local HighAvailability Inactive
VMEXCHG2013.greattechhelp.local SharedCache Inactive

To make all your configured components active:

[PS] C:\>Set-serverComponentState -Identity vmexchg2013 -Component ServerWideOffline -State Active -Requester Functional

Check again:

[PS] C:\> Get-ServerComponentState
Server Component State
—— ——— —–
VMEXCHG2013.greattechhelp.local ServerWideOffline Active
VMEXCHG2013.greattechhelp.local HubTransport Active
VMEXCHG2013.greattechhelp.local FrontendTransport Active
VMEXCHG2013.greattechhelp.local Monitoring Inactive
VMEXCHG2013.greattechhelp.local RecoveryActionsEnabled Inactive
VMEXCHG2013.greattechhelp.local AutoDiscoverProxy Active
VMEXCHG2013.greattechhelp.local ActiveSyncProxy Active
VMEXCHG2013.greattechhelp.local EcpProxy Active
VMEXCHG2013.greattechhelp.local EwsProxy Active
VMEXCHG2013.greattechhelp.local ImapProxy Active
VMEXCHG2013.greattechhelp.local OabProxy Active
VMEXCHG2013.greattechhelp.local OwaProxy Active
VMEXCHG2013.greattechhelp.local PopProxy Active
VMEXCHG2013.greattechhelp.local PushNotificationsProxy Active
VMEXCHG2013.greattechhelp.local RpsProxy Active
VMEXCHG2013.greattechhelp.local RwsProxy Active
VMEXCHG2013.greattechhelp.local RpcProxy Active
VMEXCHG2013.greattechhelp.local UMCallRouter Active
VMEXCHG2013.greattechhelp.local XropProxy Active
VMEXCHG2013.greattechhelp.local HttpProxyAvailabilityGroup Active
VMEXCHG2013.greattechhelp.local ForwardSyncDaemon Active
VMEXCHG2013.greattechhelp.local ProvisioningRps Active
VMEXCHG2013.greattechhelp.local MapiProxy Inactive
VMEXCHG2013.greattechhelp.local EdgeTransport Active
VMEXCHG2013.greattechhelp.local HighAvailability Active
VMEXCHG2013.greattechhelp.local SharedCache Active

Enter Product License Key:

Set-ExchangeServer -Identity ‘MY-EXCHG01’ -ProductKey ‘AAAAA-BBBBB-CCCCC-DDDDD-EEEEE’

List Services:

[PS] C:\>Get-Service

Status Name DisplayName
—— —- ———–
Stopped AeLookupSvc Application Experience
Stopped ALG Application Layer Gateway Service
Stopped AllUserInstallA… Windows All-User Install Agent
Running AppHostSvc Application Host Helper Service
Stopped AppIDSvc Application Identity
Stopped Appinfo Application Information
Stopped AppMgmt Application Management
Stopped aspnet_state ASP.NET State Service
Stopped AudioEndpointBu… Windows Audio Endpoint Builder
Stopped Audiosrv Windows Audio
Stopped AxInstSV ActiveX Installer (AxInstSV)
Running BackupExecAgent… Backup Exec Remote Agent for Windows
Running BackupExecAgent… Backup Exec Agent Browser
Running BackupExecDevic… Backup Exec Device & Media Service
Running BackupExecJobEn… Backup Exec Job Engine
Running BackupExecManag… Backup Exec Management Service
Running BackupExecRPCSe… Backup Exec Server
Running bedbg Backup Exec Error Recording Service

Find a service:

[PS] C:\>Get-Service | findstr Inform
Stopped Appinfo Application Information
Running MSExchangeIS Microsoft Exchange Information Store

Restart and service:
[PS] C:\>Restart-Service MSExchangeIS
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…
WARNING: Waiting for service ‘Microsoft Exchange Information Store (MSExchangeIS)’ to finish stopping…

Check and Modify Role Memberships:
First, the “Organization Management” Role is the most powerful role in Exchange 2010 and Exchange 2013.

To list the members of a role:

[PS] >Get-RoleGroupMember “Organization Management”
Creating a new session for implicit remoting of “Get-RoleGroupMember” command…

Name RecipientType
—- ————-
Administrator UserMailbox

To add somebody to a role:

[PS] >Get-RoleGroupMember “Organization Management”

Name RecipientType
—- ————-
Administrator UserMailbox
Jim Zimmerman UserMailbox

Here is list of Exchange roles in Exchange 2010. I believe most of these are in Exchange 2013 too:
https://technet.microsoft.com/en-us/library/dd638077%28v=exchg.141%29.aspx

Connector commands:
List Connectors:

[PS] C:\>Get-ReceiveConnector

Identity Bindings Enabled
——– ——– ——-
MYEXSERVER\Default MYEXSERVER {:::25, 0.0.0.0:25} True
MYEXSERVER\Client MYEXSERVER {:::587, 0.0.0.0:587} True
MYEXSERVER\Non-Exchange Relay Support {0.0.0.0:25} True

[PS] C:\>Get-SendConnector

Identity AddressSpaces Enabled
——– ————- ——-
Production SMTP Connector {SMTP:*;1} True

To see all the settings for a single connector:

[PS] C:\>Get-ReceiveConnector “MYEXSERVER\Non-Exchange Relay Support” | Format-List

To change a setting for a connector:

[PS] C:\>Get-ReceiveConnector “MYEXSERVER\Non-Exchange Relay Support” -ProtocolLoggingLevel Verbose

A note on connector logging:
The connector logs are stored on the Transport Hub server in the ExchangeInstallPath\TransportRoles/Logs/ProtocolLog/SmtpReceive for the receive connectors, and ExchangeInstallPath\TransportRoles/Logs/ProtocolLog/SmtpSend for the send connectors.

Also, in a mixed version environment, the connector may have to be “upgraded” to support logging. I was not able to turn on the the logging for my old Exchange 2003 connectors. Upgrading basically consists of deleting and creating again.

How to restore Outlook views

To restore your Outlook views to the default, you just need to start Outlook with a cleanviews switch. In Windows 7 and up, it is easiest to let search do the work for you. Just type in the command:

outlook.exe /cleanviews

There are quite a few other switches available for Outlook 2010 and Outlook 2013.

I have used the /safe switch many times in the past for older versions when I have trouble with Outlook crashing.

Return top

INFORMATION