Blog CP SOLUTIONS

Attachments visible in OWA but not in Outlook 2007

Posted on 15/04/2013 by christophe

If you are using Exchange Server 2010:
- Stop the Exchange Transport service;
- Locate the EdgeTransport.exe.config file (located in the following path: :\Program Files\Microsoft\Exchange Server\Bin\);
- In the EdgeTransport.exe.config file, add the following entry between the /appSettings element and the /appSettings element: add key=”TreatInlineDispositionAsAttachment” value=”true” /
- Restart the Transport service.

(Please note I had to remove the < > tags because of the HTML here…)

With Exchange Server 2007, just install Service Pack 2 and run the following command:
Set-OrganizationConfig –ShowInlineAttachments $True

Posted in MS Exchange 2007, MS Exchange 2010, MS Office 2007, MS Office 2010 | Leave a comment

Vmware ESXi 5 on ASROCK B75 PRO3-M motherboard

Posted on 24/03/2013 by christophe

When I installed my new motherboard for a dedicated ESXi machine, I found out that the Intel B75 SATA3 and ASM1061 SATA 3Controller is not supported by Vmware ESXi 5.0.

To fix that, simply upgrade to Vmware ESXi 5.1. There are several methods, upgrade from the installer cd or by command line (CLI).

Connect to the host by SSH with putty

Before you get started, you will need to make sure that your ESXi host has the httpClient firewall rule enabled, else you will not be able to connect to VMware’s online depot. To enable this, run the following ESXCLI command:

esxcli network firewall ruleset set -e true -r httpClient

Also make sure that your ESXi host can reach the following URL (you can specify a proxy if needed):

https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

To view the available ESXi Image Profiles, run the following ESXCLI command (use the –proxy if you need to specify a proxy to reach VMware’s online depot):

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

This patch is the latest… ESXi-5.1.0-20130304001-standard

Let’s go ahead and upgrade our ESXi 5.0 Update 1 host to latest ESXi 5.1. To install the new Image Profile, run the following command:

esxcli software profile install -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.1.0-20130304001-standard

This can take a few minutes to complete depending on how fast you can pull down the Image Profile. Once it is done, you will see all the new VIBs that have been updated and you will be asked to reboot for the changes to go into effect and then you will be running ESXi 5.1!

After the reboot the Intel B75 SATA3 and ASM1061 SATA 3Controller are detected!

Pretty cool IMO!

Posted in Vmware | Tagged ASM1061, B75 PRO3-M, Intel B75, Vmware ESXi 5.1 | Leave a comment

Install Vmware Tools on CentOS 6

Posted on 07/02/2013 by christophe

Following is the steps I used to solve installing VMware Tools on CentOS 6.1
Don’t forget to install Perl before: yum -y install perl

1.In Sphere Client: Guest > Install/update VMware Tools
2. On the VM console in command line, being a server I do not have a GUI installed:
3. mkdir /cdrom, or anyother mount point you like
4. mount the vitural cdrom from step 1; mount /dev/cdrom /cdrom
5. cd /tmp
6. tar -xvf /cdrom/VMwareTools (tab to auto-complete)
7. cd vmware (tab to auto-complete)
8. ./vmware-install.pl; accept defaults, you might have to install peral as well
9. umount /cdrom
10. In Vsphere Client: Guest > Install/upVMware Tools > OK
11. To confirm the install; in the client > VM Summary tab and look for OK next to VMWare Tools

Posted in Linux, Networking, Vmware | Leave a comment

Emails are being moved to the FailedMails folder

Posted on 30/10/2012 by christophe

GFI MailSecurity and GFI MailEssentials scan emails for Spam, viruses, trojans and other malware. If GFI MailSecurity and GFI MailEssentails is not able to scan all the email, the email should not be delivered to the recipient, since it may contain unsecure content.

See KB from GFI:

http://kb.gfi.com/articles/Skynet_Article/Emails-are-being-moved-to-the-FailedMails-folder

To resolve it I created a powershell script.

The script will rename all TXT files to EML, move them to the Reply directory of Exchange 2010 to be processed again.

The unuseble PROP file will be removed.

Here is the powershell script:

Function Rename-FileExtension($path,$oldExtension, $newExtension)
{
Get-ChildItem -path $path -Filter $oldExtension |
Foreach-Object {
   if($_.extension.length -gt 0)
    {
      $baseName = $_.name.remove($_.name.length – $_.extension.length)
    }
ELSE
    { $baseName = $_.name }
Rename-Item -Path $_.fullname -newname ($baseName + $newExtension)
}
} #end functionRename-FileExtension -path “C:\Program Files (x86)\GFI\MailEssentials\EmailSecurity\FailedMails” -oldExtension “*.txt” -newExtension “.eml”
Move-Item “C:\Program Files (x86)\GFI\MailEssentials\EmailSecurity\FailedMails\*.eml” “C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Replay”
Get-ChildItem “C:\Program Files (x86)\GFI\MailEssentials\EmailSecurity\FailedMails\” -recurse -include *.PROP -force | remove-item

Posted in GFI Mail Essentials, MS Exchange 2007, MS Exchange 2010, MS Powershell | Leave a comment

Installing & Using the Microsoft PST Capture Tool–Part 1…

Posted on 05/09/2012 by christophe

Great article about MS PST Capture tool:

http://www.telnetport25.com/2012/02/installing-using-the-microsoft-pst-capture-toolpart-1/

Posted in MS Exchange 2010, MS Windows 2008 | Leave a comment

Sync Nagios Data to remote location

Posted on 05/09/2012 by christophe

Backup your Nagios data to remote location:

Rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.

In Ubuntu:

sudo rsync -azvv /usr/local/nagios username@hostname:/remotefolder/RsyncNagios

How to configure a cronjob:

Keeping a directory automatically backed up somewhere is always useful. Every few months this is needed on one machine or another. Here are the steps:

First set up ssh keys so passwords are no longer needed.
1. Test things by verifying a ‘ssh user@yourserver.com’ does require a password.
2. Make some ssh keys on your client and then move the public key to the server
  1. cd ~/.ssh
  2. ls
  3. ssh-keygen -t dsa (Keep the defaults by just pressing enter a few times.)
  4. cp id_dsa.pub $USER”-id_dsa.pub”
  5. scp $USER”-id_dsa.pub” user@yoursever.com:.ssh/
  6. echo $USER (and remember name X so it can be used on other machine)
3. Now set things right on the server
  1. ssh user@yourserver.com
  2. cd ~/.ssh
  3. cat X-id_dsa.pub >> authorized_keys
  4. rm X-id_dsa.pub
  5. exit
4. Test things by verifying a ‘ssh user@yourserver.com’ no longer requires a password.
Determine the directory to be backed up and where it will be backed up and test the command to be used.
1. time rsync -atvz ~/local-directory-of-your-choosing/ user@youserver.com:remote-directory-of-your-choosing/
2. log in the server and verify the files are there…
Put the command in cron. Because cron is broken in ubuntu you can’t simply do “crontab -e” anylonger. (How can something so basic be broken?!) Instead follow these instructions:
1. vi ~/some_file and put in the cron commands
2. @hourly rsync -atvz ~/local-directory-of-your-choosing/ user@youserver.com:remote-directory-of-your-choosing/
3. crontab ~/some_file
4. crontab -l

Now simply test it out…

Posted in Linux, Nagios | Leave a comment

Network traffic analyzer for Ubuntu

Posted on 08/06/2012 by christophe

Darkstat is a network statistics gatherer.Effectively, it’s a packet sniffer which runs as a background process on a cable/DSL router, gathers all sorts of useless but interesting statistics,and serves them over HTTP.

Install Darkstat in Ubuntu

sudo apt-get install darkstat

This will complete the installation.Once you finish the installation you need to edit the the file located at /etc/darkstat/init.cfg

sudo gedit /etc/darkstat/init.cfg

# Turn this to yes when you have configured the options below.

START_DARKSTAT=no

START_DARKSTAT=yes

Now you need to start the darkstat using the following command

sudo /etc/init.d/darkstat start

This will start the darkstat process

Now if you want to see your network stats go to http://youripaddress:666

Posted in Linux, Networking | Leave a comment

Rootkit Detection on Ubuntu

Posted on 08/06/2012 by christophe

Chkrootkit

Install: apt-get install chkrootkit
Checks for signs of rootkits on the local system
chkrootkit identifies whether the target computer is infected with a rootkit.
Some of the rootkits that chkrootkit identifies are:
1. lrk3, lrk4, lrk5, lrk6 (and some variants);
2. Solaris rootkit;
3. FreeBSD rootkit;
4. t0rn (including latest variant);
5. Ambient’s Rootkit for Linux (ARK);
6. Ramen Worm;
7. rh[67]-shaper;
8. RSHA;
9. Romanian rootkit;
10. RK17;
11. Lion Worm;
12. Adore Worm.
Please note that this is not a definitive test, it does not ensure that the
target has not been cracked. In addition to running chkrootkit, one should
perform more specific tests.

RkHunter

Install: apt-get install chkrootkit

Note after install update RkHunter by this command: rkhunter –update

Scanning: rkhunter –check
rootkit, backdoor, sniffer and exploit scanner
Rootkit Hunter scans systems for known and unknown rootkits,
backdoors, sniffers and exploits.

It checks for:
- MD5 hash changes;
- files commonly created by rootkits;
- executables with anomalous file permissions;
- suspicious strings in kernel modules;
- hidden files in system directories;
and can optionally scan within files.

Using rkhunter alone does not guarantee that a system is not
compromised. Running additional tests, such as chkrootkit, is
recommended.

Posted in Linux | 1 Comment

Disable wireless connection when LAN is connected

Posted on 06/06/2012 by christophe

On Error Resume Next 
 Dim strComputer 
 Dim objWMIService 
 Dim colLAN 
 Dim objWifi,objLAN 
 Dim state 
 Dim wireStatus 
 Dim wifiStatus 

 state="" 
 wireStatus="" 
 wifiStatus="" 

 Do While True 

 strComputer = "."  
 Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")  
 Set colLAN = objWMIService.ExecQuery("Select * From Win32_NetworkAdapter Where NetConnectionID like 'Local Area Connection' and PhysicalAdapter='True'" ) 
 Set colWiFi=objWMIService.ExecQuery ("Select * From Win32_NetworkAdapter Where NetConnectionID =" & "'" &GetWirlessName & "'" & "and PhysicalAdapter='True' ") 

 For Each objWifi In colWiFi 
     If objWifi.Netconnectionstatus=2 Then 
     wifiStatus=True 
     Else 
     wifiStatus=False 
     End If 
 Next 

 For Each objLAN in colLAN 

 If objLAN.Netconnectionstatus=2 Then 
     wireStatus=True 
     state=False ' this is very importnat variable to determine when to enable or disbale wireless connection    
     Else 
     wireStatus=False 
     End If 
 Next 

If True Then 
    If state <>  False Then 
         If wifiStatus = False Then 
         EnableWireless GetWirlessName 
         End If 
    Else  
        If wifiStatus = True Then 
        DisableWireless GetWirlessName 
        End If 
    End If 

 End If  

state="" 
wireStatus="" 
wifiStatus="" 

WScript.Sleep  60000 

Loop 

' Function to get wireless adapter name from the registery 
Function GetWirlessName  

Dim strKeyPath 
Dim strComputer 
Dim objReg 
Dim arrSubKeys 
Dim SubKey 
Dim strValueName 
Dim dwValue 
Dim strValue 
Const HKLM=&H80000002 

strKeyPath="SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}" 
strComputer="." 

Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") 
objReg.Enumkey HKLM ,strKeyPath,arrSubKeys 

For Each SubKey In arrSubKeys 
    strValueName="MediaSubType" 
    objReg.GetDWORDValue HKLM,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,dwValue 
    If dwValue=2 Then 
        strValueName = "Name" 
        objReg.GetStringValue HKLM,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,strValue 
        Exit For 
    End If 
Next 

GetWirlessName=strValue 

End Function 

' Subroutine to disable wireless connection  
Sub DisableWireless (strNetConn) 

Dim oConnections 
dim objShell 
Dim objConnections,objConn 
Dim strDisable 
Dim objNetwork 
Dim objDisable 
Dim objVerb 

Const NETWORK_CONNECTIONS = &H31& 

strDisable = "Disa&ble" 

Set objShell = CreateObject("Shell.Application") 
Set objConnections = objShell.Namespace(NETWORK_CONNECTIONS) 

For Each objConn In objConnections.Items 
    If objConn.Name = strNetConn Then 
        Set objNetwork = objConn 
        Exit For 
    End If 
Next 
Set objDisable = Nothing 

For Each objVerb in objNetwork.verbs 
    If objVerb.name = strDisable Then  
        Set objDisable = objVerb  
        Exit For 
    End If 

Next 
objDisable.DoIt 
WScript.Sleep 1000  
End Sub 

'Function to enable wireless connection , you can combone these two subtoutines into one 
' but I prefer to seperate them just for simplicity 
Sub EnableWireless (strNetConn) 
Dim oConnections 
dim objShell 
Dim objConnections,objConn 
Dim strEnable 
Dim objNetwork 
Dim objEnable 
Dim objVerb 

Const NETWORK_CONNECTIONS = &H31& 

strEnable = "En&able" 

Set objShell = CreateObject("Shell.Application") 
Set objConnections = objShell.Namespace(NETWORK_CONNECTIONS) 

For Each objConn In objConnections.Items 
If objConn.Name = strNetConn Then 
    Set objNetwork = objConn 
    Exit For 
End If 
Next 
Set objEnable = Nothing 

' Enable NIC  
For Each objVerb in objNetwork.verbs 
    If objVerb.name = strEnable Then  
        Set objEnable = objVerb  
        Exit For 
    End If 

Next 

objEnable.DoIt 
WScript.Sleep 1000  
End Sub

Posted in MS Windows XP, Scripting | Leave a comment

Login monitoring

Posted on 06/06/2012 by christophe

Connects to a security log and retrieves successful login events and returns time, user, and type of login

# Connects to the security eventlog of a remote computer and retrieves successful login events ( event ID 528 ) and what type of login took place 

$events =  Get-EventLog -ComputerName SERVERNAME -LogName "Security" -newest 10000 | Where {$_.eventid -eq 528 -AND $_.Source -eq "Security" }  

foreach ( $event in $events     ) { 
    if (($event.message | Select-String "Logon Type:    2")){ 
        "LogonType 2 (Interactive Login );"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    3")){ 
        "LogonType 3 (Network Login )    ;"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    4")){ 
        "LogonType 4 (Batch Login )      ;"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    5")){ 
        "LogonType 5 (Service Login )    ;"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    7")){ 
        "LogonType 7 (Computer Unlocked );"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    8")){ 
        "LogonType 8 (Network Cleartext Login );"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    9")){ 
        "LogonType 9 (NewCredentials )   ;"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
    if (($event.message | Select-String "Logon Type:    10")){ 
        "LogonType 10 (RDP Login )       ;"+ $event.TimeGenerated.DateTime + ";" +$event.UserName 
    } 
    if (($event.message | Select-String "Logon Type:    11")){ 
        "LogonType 11 (Cached Credentials Login );"+ $event.TimeGenerated.DateTime + ";" +$event.UserName         
    } 
}

Posted in MS Windows 2008, MS Windows 2008 SBS, MS Windows 7, Powershell, Scripting | Leave a comment