Posted by: Anthony Drewery | October 4, 2006

How to export BlackBerry Enterprise Server licence keys

When run on your BlackBerry Enterprise Server the following command line will export your installed licence keys to a text file. Replace c:\beskeys.txt with the path and filename of your choice.

bcp besmgmt..licensekeys out c:\beskeys.txt -c -T

Thanks go to Doug for this tip.

[tags]BlackBerry Enterprise Server, BES[/tags] 

Posted by: Anthony Drewery | September 12, 2006

Identity theft

I thought it was one of those things that only happened to other people but I’ve become a victim of identity theft. Despite shredding documents and being cautious when entering personal information on the Internet someone managed to get enough information about me to change the address on my credit card and go on a £12,000 (US$20,000) spending spree! The credit card company have frozen the account and are now investigating.

Whilst you can’t guarantee to protect yourself completely you can take some sensible steps towards prevention and minimising the possible impact:

  • Shred all documents using a cross-cut shredder before putting in the trash.
  • Be very aware when you are entering personal information over the Internet. Is the site asking for too much information about you?
  • Make use of online banking facilities to regularly check your bank and credit card statements for unusual activity.
  • If you don’t receive expected statements/documents by post chase it up with the sender ASAP. This is what prompted me to contact my credit card company as I also couldn’t view my account online.
  • Don’t answer security questions from cold callers even if they claim to be from your bank/credit card. Politely decline then call them back on the official customer service number. That way you know you’re speaking to someone from the company who called you.
  • Check your credit history on a regular basis to ensure no one is taking credit out in your name. Sites like www.creditexpert.co.uk can provide a service where you’re notified by email or SMS if there are any changes to your credit report.
Posted by: Anthony Drewery | September 5, 2006

How to remove a lost password from a PST file

I had a call from a user today who had forgotten her password to a couple of PST files. I was about to look at some commercial software when I came across this great process on Slipstick that will remove the password completely. The caveat is that it won’t work with Outlook 2003’s Unicode format PST.

http://www.slipstick.com/problems/lostpw.htm

Posted by: Anthony Drewery | August 29, 2006

Utilising dual monitors with Microsoft Excel 2003

I often work with dual monitors and recently needed to compare two Excel spreadsheets side by side. I found that although they showed as separate instances on the Windows Taskbar I couldn’t have them displayed on separate screens. After some investigation I found that to do what I wanted I had to force Excel to open each document as a separate instance of the application. To do this try the following:

In Explorer go to Tools > Folder Options.

filetypes.jpg

Choose the File Types tab then find XLS under Extensions. Highlight it and click the Advanced button.

advanced1.jpg

Select Open then the Edit button.

open.jpg

Now in the Application used to perform action field go to the end and add a space followed by "%1". Be sure to include the quotes. You also need to unselect Use DDE. OK all of your changes. Now when you open multiple Excel spreadsheets each will be a separate instance of the application so you can move them to separate monitors. The downside is that you’ll use more of your PC resources.

This issue has been addressed in Excel 2007 beta 2.

[Tags]Excel[/tags] 

This is fairly old news now but something I thought worth documenting as it affected our two BES installations.

Microsoft have changed the Full Mailbox Access permissions in Exchange so that it no longer implies Send As rights. Recent fixes for store.exe include this change. When applied it affects 3rd party applications like BlackBerry Enterprise Server which previously only used Full Mailbox Access rights for the application account.

You can avoid disruption by a small amount of preparation before applying the latest Exchange fixes. You’ll need to grant the BES admin account Send As rights on the Active Directory user accounts of your BB users. You could do this individually but it would be easier to do it at OU level. You’ll need to take into account the inheritance configuration on your OUs to decide the best location(s) to set the permissions. To see the Security tab on your OU properties you’ll need to enable the Advanced Features in Active Directory Users & Computers. This is done via the View menu:

 advanced.jpg

When viewing the Security tab click the Advanced button. Now click the Add button to add your BES service account. You’ll be presented with a list of permissions. Change the drop down box to User Objects then tick Allow Send As. Once you’ve Ok’d back to ADUC your permissions will be set.

permissions.jpg

Any administrative users will need to be addressed separately. Administrative users include anyone who is a member of the following groups:

Enterprise Admins
Schema Admins
Domain Admins
Administrators
Cert Publishers
Backup Operators
Replicator Server Operators
Account Operators
Print Operators

It should be noted that it is good security practice not to have admin rights on your everyday mail-enabled account. 

To handle the administrative users the appropriate permissions need to be set on the AdminSDHolder container. The easiest way to do this is with the dsacls command. To use it you’ll need the Windows Server 2003 Support Tools installed. The syntax of the command is as follows:

dsacls "cn=AdminSDHolder,cn=System,dc=domain,dc=com" /G "domain.com\BESAdmin:CA;Send As"

Once all your permissions are set and verified you can go ahead and install the Exchange patches knowing that your BlackBerry users will continue to function as before. 

[tags]BlackBerry, BES[/tags]

Our initial lab deployment of Exchange 2007 doesn’t contain an Edge Transport server yet so I wanted to be able to route inbound SMTP email directly to a Hub Transport server from our MIMEsweeper servers. I had expected this to work ‘out of the box’ but found the connection kept failing as it was an anonymous source.

The Hub Transport server has 2 Receive Connectors that are created by default:

def_rcs.jpg

The Default RC accepts inbound connections on port 25 and the Client RC accepts connections from remote clients on port 587. Whilst I understand the purpose of the Default RC I’ll need to do some more research into when and how the Client RC is used.

I looked at the properties of on the Default RC but couldn’t see anything that might help me. There are various options available for authentication but none that seemed to allow anonymous access.

auth.jpg

A little more digging led me to the Exchange Management Shell and a Cmdlet called set-ReceiveConnector.

With the following command line I managed to get my Default RC to accept email from non-authenticated sources. 

set-ReceiveConnector -identity "Default LABCRWEXHT1" -PermissionsGroups AnonymousUsers

The moral of the story? Get used to the Exchange Management Shell as there’s no avoiding it!

[tags]Exchange 2007[/tags] 

Posted by: Anthony Drewery | August 9, 2006

Wiping a BlackBerry handheld

This is just a quick tip that I came across whilst decommissioning 7200 series BlackBerry handhelds.

Version 4 of the handheld software has a ‘wipe handheld’ option which unfortunately isn’t present in version 3. To get around this you can simply enter the password incorrectly 10 times. This will wipe all data and configuration from the device.

[tags]BlackBerry[/tags] 

Posted by: Anthony Drewery | August 4, 2006

Using Qmail as a store and forward service

I have a stake in a London based fire protection company and sometimes get involved with their IT. Being a small company they run MS Small Business Server 2003 and connect to the internet using ADSL and a fixed IP address. For their email the MX reccord points to their internal server via a port mapping on their firewall. I also wanted to give them a secondary MX record with a store and forward service in case their server or Internet connection is down for a prolonged period. I looked at various commercial services but eventually decided to make use of their dedicated web server hosted by their ISP. The server runs Fedora Core and includes Qmail as part of the build.

I’m far from being skilled in Linux/Qmail but I can stumble my way through when necessary. There’s a plethora of resource material on the Internet and I use a little Unix and Sendmail at work. Dave Sill has produced the excellent Life With Qmail guide that will get you started with Qmail.

Firstly you’ll need an SSH client. I use PuTTY. Once logged in to your server navigate to /var/qmail/control.

Next vi the rcpthosts file. (I’m sure there are other editors but I learnt the basics of vi back at university on VAX/VMS systems so stick with what I know.) Add to the file the domain you want to store and forward for e.g. griffinfire.co.uk. Save your changes and exit.

Now vi the smtproutes file. Here you need to add the SMTP domain and destination host in the following format SMTPdomainname:FQDNofdestinationhost e.g. griffinfire.co.uk:mail.griffinfire.co.uk. Save and exit.

And that’s all there is to it.

You can’t adjust the delivery retry intervals in Qmail but it will keep the messages for 1 week before expiring. This is longer than the defaults for some other messaging systems (Exchange 2003 defaults to 48 hours, MIMEsweeper is 72 hours) and therefore ideal for a store and forward service.

With some slight further configuration it should also be possible to access the stored email via a web interface which would be useful in a DR scenario. This is on my to-do list and I’ll blog the process once done.

[Tags]Qmail[/tags] 

Posted by: Anthony Drewery | August 3, 2006

Resetting MIMEsweeper LDAP lists

Another problem we get from time to time with MIMEsweeper for SMTP 5.2 is corruption of the LDAP lists. This initially manifests itself with an error like this in the event log on the configuration server:

———————————
Event Type: Error
Event Source: InfrastructureService
Event Category: (539)
Event ID: 10265
Date: 27.07.2006
Time: 11:47:28
User: N/A
Computer: CRWEXMSW1
Description:The PCS LDAP node configuration processor was unable to update the consolidated digest file for the PCS LDAP address list ’78f39c28-cf8c-440c-84ac-67e4533c4f4c’.
The domain index file for the address list ‘PMM Users’ is invalid.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
———————————

If you reboot the configuration server you’ll find that the Infrastructure Service won’t start. If you run pmi.is.exe -debug you will see errors relating to PCS LDAP in the output.

To fix this try the following:

Stop all the MIMEsweeper services on the PCS.

Move the files in the following folders to a safe location.

C:\Program Files\Clearswift\MIMEsweeper for SMTP\Data\Configuration\Server\PcsLdapAddressLists 

C:\Program Files\Clearswift\MIMEsweeper for SMTP\Data\Operations\Configuration\PcsCache\PcsLdapAddressLists

Restart the MIMEsweeper services.

Now go into your policy editor and update all of your LDAP lists. Once this is complete save/apply your policy. 

[tags]MIMEsweeper[/tags] 

Posted by: Anthony Drewery | July 31, 2006

Using ExMerge to clean up mail loops

Having been recently taken over we’re now working on transitioning data and systems to the new company. As a result there are a large number of email redirections in place whilst the users and applications move across to the new organisation. The vast majority of redirections are handled in a controlled format using contacts in Active Directory and the delivery options on user objects. However, despite our best efforts we do suffer the occasional mail loop. This is usually when a user has set an OOF message on their mailboxes in both organisations and also set a rule to forward and auto-reply. (Note: We need auto-replies and OOF messages enabled between the two Exchange organisations). The detrimental effects are limited through the use of mailbox limits but that can still leave us with thousands of messages to clean up once the loop has been stopped. To help us with this task we use ExMerge.

Run the wizard and choose Extract or Import (Two Step Procedure). On the next screen choose Step 1: Extract data from an Exchange Server mailbox.

When you get to the Source Server screen enter the appropriate Exchange server name then hit the Options button:

 Source Server

 The first tab you want is Import Procedure and choose Achive data to target store. This option will extract the data from the mailbox rather than just copy it:

Import Procedure

Next go to the Folders tab and restrict your export to the Inbox (if required):

Folders

Now you need the Message Details tab so that you can restrict your export to only the looped messages. In the example below I’m removing messages with "Out of Office" in the subject:

Message Details

Now hit OK and complete the rest of the ExMerge wizard to select the mailboxes you want to extract from and the destination for the resulting PST. Double check the contents of the PST before you delete it!

[tags]ExMerge, Exchange 2003[/tags] 

« Newer Posts - Older Posts »

Categories