We are working on an Exchange migration.
By we, I mean I. :(
The scenario is everything on one server, with replication to our remote DR site. The users are 95% remote-via-internet users using RPC over HTTP. We are consolidating from a hegemony of SBS servers, Postfix, and outsourced providers.
Lessons learned in training.
Prerequisites are Powershell and IIS.
There are no send connectors by default.
Run setup /prepareAD
Requires x64 architecture.
Lessons learned by doing.
"Actual" Prerequisites...
Roles .. IIS Defaults PLUS
- IIS Metabase compatibility
- IIs 6 Management Console
- IIS 7 Dynamic Content Compression
- IIS 7 Basic Authentication
- IIS 7 Windows Authentication
- IIS 7 Digest Authentication
Features..
PowerShell
Active Directory Management Tools
RPC/HTTP Proxy
Setup /preparead doesn't actually work. Just run setup.
Right-click on setup and select Run as Administrator
"Things that would have been relevant to me yesterday."
A wildcard certificate (*.foo.com) will NOT work for Outlook Anywhere.
A multi-host "UCC" certificate is $200-$300.
The MS Exchange System Attendant is not set to Auto-start.
...RPC/HTTP requires the system attendant.
RPC/HTTP only listens on the IPV6 interface by default.
...Comment out the [:::] localhost line in the hosts file to fix it.
... ... Unchecking the IPV6 protocol box does NOT fix it.
Autodiscover is good!
... Autodiscover.foo.com should be one of the names on your UCC certificate
Exmerge is no more!
... and export-mailbox only works on the 32 bit version of the exchange tools, ergo it must be installed on a different box.
http://www.testexchangeconnectivity.com
... Web-based tests for exchange connectivity. Beta by Microsoft
... ... Use the back button and you get an ugly exception error.
... ... ... Dark green on blue captcha is a bitch for color-blind people.
I now have one mailbox up. Happy happy. :D
Only 650 to go. :(
-ellie
Wednesday, December 31, 2008
Thursday, November 20, 2008
Removing drives from a dead Windows Cluster
For reasons too painful to explain, one of my Windows SQL clusters failed. Badly. I was able to remove the system from the cluster and take over the drives in the SCSI enclosure with this command.
"cluster node /forcecleanup"
I spool the backups to a local disk before shipping them to another server, and that command got the backups where I could copy them off before rebuilding the cluster. Woot....
-ellie
"cluster node
I spool the backups to a local disk before shipping them to another server, and that command got the backups where I could copy them off before rebuilding the cluster. Woot....
-ellie
Wednesday, November 19, 2008
ActivePerl - The specified CGI application misbehaved by not returning a complete set of HTTP headers.
Today a friend called with a problem. He move this ASP/Perl website to a new server and now it didn't work.
Yes, that's right.. Perl AND Asp. Any theories about the emotional stability of the designer should be thought quietly to oneself. lol..
Loading the process.pl page gave this friendly error message.
Premature end of script headers:
Internal Server Error: 500 internal server error
The specified CGI application misbehaved by not returning a complete set of HTTP headers.
My first thought was the app was throwing some error message back, causing IIS to choke. The problem was that it didn't give us a useful (actionable) error message.
Looking at the program's code, it was writing out to a text file and didn't have permissions to write. We fixed that, but it still failed with the same error.
I looked in the (9,000 line) include.pl file trying to see which modules it was loading. That probably would have worked except the code caused me to briefly lose consciousness. I hate it when that happens.
Google saved me. One of the modules in CGI:: has the ability to return fatal errors to the browser. Here is the magic return-a-useful error incantation.
As it turns out, the application wanted the Mail::Sendmail module. We installed it and viola, the site worked. Time for a diet coke. Life is good.
Loading the process.pl page gave this friendly error message.
Premature end of script headers:
Internal Server Error: 500 internal server error
The specified CGI application misbehaved by not returning a complete set of HTTP headers.
My first thought was the app was throwing some error message back, causing IIS to choke. The problem was that it didn't give us a useful (actionable) error message.
Looking at the program's code, it was writing out to a text file and didn't have permissions to write. We fixed that, but it still failed with the same error.
I looked in the (9,000 line) include.pl file trying to see which modules it was loading. That probably would have worked except the code caused me to briefly lose consciousness. I hate it when that happens.
Google saved me. One of the modules in CGI:: has the ability to return fatal errors to the browser. Here is the magic return-a-useful error incantation.
use CGI::Carp qw(fatalsToBrowser);
As it turns out, the application wanted the Mail::Sendmail module. We installed it and viola, the site worked. Time for a diet coke. Life is good.
Friday, October 3, 2008
Great Plains Integration Manager SP4 Bug
It looks like a bug creeped into the SQL optimized SOP Integration with Integration Manager service pack 4. After the service pack is applied all the line items on our SOP invoices have a 0 (zero) fulfilled quantity.
Argh, Another ticket.
-ellie
Argh, Another ticket.
-ellie
Monday, September 22, 2008
SQL Injection? No, I don't like needles, thanks.
Okay, so I like to read a lot. Like.. a lot. So I was reading Advanced SQL Injection In SQL Server Applications about a week after I read Google Hacks. The little lightbulb went off. Could it really be that easy? Could it?
In less time than it took to write this post, google (inurl:select inurl:where inurl:from) gave me 460 pages of results. About 20% or so look vulnerable to injection attack. A slightly modified query gives 496 matches for unprotected, non-passworded, wide open hey-look-it-is-Christmas phpMyAdmin sites.
O
M
G
I had to get that out of my system. I'm better now.
-Ellie
In less time than it took to write this post, google (inurl:select inurl:where inurl:from) gave me 460 pages of results. About 20% or so look vulnerable to injection attack. A slightly modified query gives 496 matches for unprotected, non-passworded, wide open hey-look-it-is-Christmas phpMyAdmin sites.
O
M
G
I had to get that out of my system. I'm better now.
-Ellie
Wednesday, August 20, 2008
Funambol
A little more than a year ago, I wrote about ScheduleWorld, a free and open source place to sync Contacts and Calendars with a wireless device. The technology worked, but the setup was painful.
Fast forward to today. Another open source company, Funambol, has stepped up to the plate, pointed to center field, and driven the ball out of the park. I was able to setup a FREE account on my.funambol.com and sync my Sprint PocketPC in under 10 minutes. If all you wanted to do was backup your contacts and calendar, you'd be done. ...And it will push-sync your email too! That's right.. all the parts of a blackberry enterprise server that you use, compatible with a multitude of handsets, for free. And it you don't trust Funambol with your data, they'll give you the server software. For free.
But wait, there is more.
A "normal" user would pop in the Outlook plugin, enter the funambol username and password and be done.
As a "not-normal" linux person, I used SyncEvolution (free, open source, not made by funambol). It wasn't terribly difficult, but the config files would likely scare off any novice users. It let me push my contacts/calendar from Evolution. These instructions were really helpful, with one correction and one addendum. The "stable" and "main" in the apt repository line are lowercase and case sensitive. Also, step 6 didn't apply to me as I used the default calendar, note, and address book names.
But wait, there is more.
I flipped the phone's funambol client to scheduleworld, pulled those contacts down, flipped it back to funambol, and uploaded them.
The moment of truth..
It worked.
I now have all my contacts from my original blackberry, the treo, evolution, Outlook on my old Pc, all on my phone!
Thank you Funambol. the portal site is awesome... It is fast, responsive, pretty, and feature rich. The outlook, windows mobile, and blackberry plugin clients work great.
Thank you Funambol, and thank you open source.
-ellie
Fast forward to today. Another open source company, Funambol, has stepped up to the plate, pointed to center field, and driven the ball out of the park. I was able to setup a FREE account on my.funambol.com and sync my Sprint PocketPC in under 10 minutes. If all you wanted to do was backup your contacts and calendar, you'd be done. ...And it will push-sync your email too! That's right.. all the parts of a blackberry enterprise server that you use, compatible with a multitude of handsets, for free. And it you don't trust Funambol with your data, they'll give you the server software. For free.
But wait, there is more.
A "normal" user would pop in the Outlook plugin, enter the funambol username and password and be done.
As a "not-normal" linux person, I used SyncEvolution (free, open source, not made by funambol). It wasn't terribly difficult, but the config files would likely scare off any novice users. It let me push my contacts/calendar from Evolution. These instructions were really helpful, with one correction and one addendum. The "stable" and "main" in the apt repository line are lowercase and case sensitive. Also, step 6 didn't apply to me as I used the default calendar, note, and address book names.
But wait, there is more.
I flipped the phone's funambol client to scheduleworld, pulled those contacts down, flipped it back to funambol, and uploaded them.
The moment of truth..
It worked.
I now have all my contacts from my original blackberry, the treo, evolution, Outlook on my old Pc, all on my phone!
Thank you Funambol. the portal site is awesome... It is fast, responsive, pretty, and feature rich. The outlook, windows mobile, and blackberry plugin clients work great.
Thank you Funambol, and thank you open source.
-ellie
Wednesday, July 16, 2008
Exposing the Dealer Text box on Pokerstars.
There are several threads floating around various forums from people trying to build poker bots with varying degrees of success. Inevitably they get stuck trying to get input from the poker software. The dealer boxes have all of the information in an easily regular-expression-ed pattern, but the control won't give up the text. Some have turned to OCR, and that works ok, but there has to be a better way.
Pokerstars is my particular favorite, so they get to be the guinea pig. I wrote the Support department, and they said they didn't have any APIs. They also pointed me quite firmly to the the Terms of Service which specifically permits data collection and specifically forbids the use of auto-playing bots.
So now, on to the puzzle.
First, the easy approach. Fire up WinSpy++ or Winspector and browse around the Pokerstars window. The Textbox of interest has a funny class name, AFX:4200:something. That's about it. When we watch the messages in and out of the window there are just a bunch of WM_PAINT messages. The application doesn't leak a lot of information on this approach.
Interesting. All that window does is WM_PAINT, redrawing the window. That means it has to be a graphical window, a bitmap of text, that just _looks_ like a control. Very Very sneaky Mr. Stars, very sneaky.
Time for another Tool, PEView. PeView decodes the PE format of the binary, and reveals the libraries and Functions the application is importing. Scanning the list, it looks like pretty standard stuff. GDI32.dll, the kernel, User32... some others. Looking through the list, we only care about functions with "text" in the name. These are in the DLLs GDI32 and User32.
Now if only there was a way to override and trap every call to those libraries and dig around for our text. Following the aforementioned example, we'd want that to be a free tool, and available within the first page of Google results. ;) Enter WinAPIOverride Running the inspector we attach to Pokerstars and monitor the calls for GDI, the graphics library. In there we can see the application creating Display components, bitmaps, and generating those paint messages, but no Dealer Text. Reloading and monitoring the User functions is much more interesting. Ah-ha! There they are big as day. The Pokerstars dealer messages are all created using the DrawText function. Minimized, maximized, they are all there.
So that is how Pokerstars does it, they create a bitmap of what the textbox looks like off screen, and then show the bitmap. To get it out, all you have to do is write an API hook for the USER32 dll and IPC those messages over to your application. For a simple hook, Take a look at this CodeProject article on dead simple API hooking. Looking at the source, you would only have to change about 7 lines (6 for the functions and 1 to make it hook Pokerstars.exe) in it to expose all of the Pokerstars text where any application can reach it. Magic. ;)
I need a copy of Visual Studio to I finish this, but the hard part is done. :(
Thanks for a fun Puzzle.
Elizabeth Greene
Pokerstars is my particular favorite, so they get to be the guinea pig. I wrote the Support department, and they said they didn't have any APIs. They also pointed me quite firmly to the the Terms of Service which specifically permits data collection and specifically forbids the use of auto-playing bots.
So now, on to the puzzle.
First, the easy approach. Fire up WinSpy++ or Winspector and browse around the Pokerstars window. The Textbox of interest has a funny class name, AFX:4200:something. That's about it. When we watch the messages in and out of the window there are just a bunch of WM_PAINT messages. The application doesn't leak a lot of information on this approach.
Interesting. All that window does is WM_PAINT, redrawing the window. That means it has to be a graphical window, a bitmap of text, that just _looks_ like a control. Very Very sneaky Mr. Stars, very sneaky.
Time for another Tool, PEView. PeView decodes the PE format of the binary, and reveals the libraries and Functions the application is importing. Scanning the list, it looks like pretty standard stuff. GDI32.dll, the kernel, User32... some others. Looking through the list, we only care about functions with "text" in the name. These are in the DLLs GDI32 and User32.
Now if only there was a way to override and trap every call to those libraries and dig around for our text. Following the aforementioned example, we'd want that to be a free tool, and available within the first page of Google results. ;) Enter WinAPIOverride Running the inspector we attach to Pokerstars and monitor the calls for GDI, the graphics library. In there we can see the application creating Display components, bitmaps, and generating those paint messages, but no Dealer Text. Reloading and monitoring the User functions is much more interesting. Ah-ha! There they are big as day. The Pokerstars dealer messages are all created using the DrawText function. Minimized, maximized, they are all there.
So that is how Pokerstars does it, they create a bitmap of what the textbox looks like off screen, and then show the bitmap. To get it out, all you have to do is write an API hook for the USER32 dll and IPC those messages over to your application. For a simple hook, Take a look at this CodeProject article on dead simple API hooking. Looking at the source, you would only have to change about 7 lines (6 for the functions and 1 to make it hook Pokerstars.exe) in it to expose all of the Pokerstars text where any application can reach it. Magic. ;)
I need a copy of Visual Studio to I finish this, but the hard part is done. :(
Thanks for a fun Puzzle.
Elizabeth Greene
Tuesday, July 15, 2008
Installing DPPI EZ-GP Smartlist Accelerator on a Terminal Server
Data Presentation Products (DPPI) makes this great product called EZ-GP Smartlist Accelerator for Microsoft Dynamics Great Plains. It makes exporting Smartlists from GP an order of magnitude faster, and it intelligently formats them for printing too. Unfortunately, it doesn't work out of the box on a terminal server. Here is how to make it work.
Note: The software requires GP to load a chunk file, so everyone does have to close the GP application briefly.
Good Luck, and please comment if this article helped you.
-Elizabeth Greene
Note: The software requires GP to load a chunk file, so everyone does have to close the GP application briefly.
- Login to the terminal server as a server admin
- Run change user /install
- Run the installer
- Open GP
- Answer "Yes" to the "Would you like to include new Code?" prompt.
- Run a Smartlist
- Export the Smartlist to verify Ez-GP is working.
- Register EZ-GP. * (Skip this if you are using the Free Trial, Obviously. )
- Close Excel and GP.
- Move the x:\documents and settings\yourname\DPPI folder to x:\Program Files\DPPI
- Give the users permissions to the x:\Program Files\DPPI folder.
- Open Regedit
- Navigate to Hkey_Local_Machine\Software\DPPI\TabFileParse
- Update the InstallFolder to x:\Program Files\DPPI\Xcelerator
- Update the WorkDirectory to F:\Program Files\DPPI\Xcelerator\Work
- Run change user /execute
- All done, test it as an unpriviledged user.
Good Luck, and please comment if this article helped you.
-Elizabeth Greene
Subscribe to:
Posts (Atom)