I ran into an issue the other day after upgrading some hardware components of our Exchange 2007 server. I was running through the usual connectivity tests after restarting the server and found that Outlook was prompting for authentication before syncing my mail with the server.
Searching through the logs pointed me in the direction of the Exchange services and sure enough one of the services had not started automatically as it should have. The service in question was the Microsoft Exchange System Attendant. Starting this service resolved the issue straight away. I have since restarted the server and the service continues to not start automatically. One to watch…
- Start -> Administrative Tools -> Services
- Right-Click Microsoft Exchange System Attendant service
- Select Start from displayed context menu
I was working on a project that required the use of a mapped drive to a SAMBA share. This all went off without a hitch on my test PC running Windows 7 and I was about to tick the job off my list. But… when I attempted to replicate this on the staff members PC running Windows XP I ran into an issues with authenticating to the SAMBA share. I have read numerous pages and forums that provided many different ways around the issue. Below is what worked for me and allowed me to have the mapped drive reconnect at login without continuing to prompt the user for authentication:
- Edit the requiresignorseal registry setting:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- requiresignorseal - Change hex value from 1 to 0
- RESTART PC
- Map a drive to the SAMBA share and select “Reconnect at login“. Usually at this stage you would use the “Connect using a different user name” option. However, do not use this option as it will not allow you to save your credentials.
- Click Finish and you will be prompted for your credentials. Input your user name and password (SAMBA sever credentials) and select “Remember my details“.
As I mentioned there are numerous solutions out there to resolve this issue. This is just what worked for me…
There are a number excellent computer control iPhone/iPod Touch apps out there that come in various forms and have a multitude of amazing features. But… these apps all come at a price. For the user who simply wants to control their mouse and keyboard from there iPhone/iPod Touch for FREE, there is TouchMouse.
TouchMouse from Logitech allows you to control your computers mouse and keyboard in three easy steps:
1. Download and install the Logitech TouchMouse Server computer application (www.logitech.com/touchmouse)
- The server app is available for Windows XP/Vista/7 and OS X
2. Download the TouchMouse iPhone/iPod Touch app from the App Store.
3. Open TouchMouse on your iPhone or iPod Touch. The app will find any available computers on the same network that have the TouchMouse Server application installed.
Connect and enjoy!
The app has many options including; two finger scrolling, tracking and scrolling speeds and a nice settings for prohibiting your device to go into sleep mode.
At the school that I work for we have been using the Group Policy enabled version of Mozilla Forefox from FrontMotion for some time now. We have discussed the idea on several occasions whether or not to allow staff to install extensions. I have decided to set an allowed location (locally hosted) in group policy where staff can find approved extensions to install.
However, we still required the ability to control some of the settings within these extensions. I was able to achieve this by creating Group Policy ADM templates for these extensions. The ADM templates are written to control the about:config settings of the extension which can be found by browsing to about:config in Firefox and filtering for the desired extension. The preferences are set at as a MACHINE CLASS (Computer Policy) and are locked preferences. Below is an example and explanation of a couple of settings of an ADM template for the IEView extension (comments in red): [Complete ADM example attached at the end of this post]
- Define the CLASS type
CLASS MACHINE
- Set the main category name (folder under Administrative Templates in Group Policy)
CATEGORY “Mozilla Advanced Options for Extensions”
- Set the preferences to be locked preferences
KEYNAME “Software\Policies\Mozilla\lockPref”
- Set the category/extension name (level under main category)
CATEGORY “IEView”
Boolean type preference for the Close Page on Reload setting (On or OFF)
- POLICY = Setting name
POLICY “Close Page on Reload”
- EXPLAIN = Explanation of what the setting does
EXPLAIN “Enables or disables the close page after reload option”
- VALUENAME = about:config Preference Name for the setting
VALUENAME “ieview.closeReloadPage”
- VALUEON = The value for the setting when enabled in Group Policy
VALUEON 1
- VALUEOFF = The value for the setting when disabled in Group Policy
VALUEOFF 0
- END POLICY = Ends the options for the current setting
END POLICY
String type preference for the Filter List setting (string of values)
- POLICY = Setting name
POLICY “Filter List”
- EXPLAIN = Explaination of what the setting does
EXPLAIN “Sets list of sites to always open in IE. Sites are separated by spaces. Use * for wildcard.”
- PART = “list” EDITTEXT, sets the values for the “list” part of the setting and edits the current vales
PART “List” EDITTEXT
- DEFAULT = When the setting is enabled in Group Policy, the DEFAULT string values will automatically be filled in
DEFAULT “file:///* http://*update.microsoft.com/ http://www.windowsupdate.com/”
- VALUENAME = about:config Preference Name for the setting
VALUENAME “ieview.forceielist”
- END PART = Ends the options for the current PART of the setting
END PART
- END POLICY = Ends the options for the current setting
END POLICY
- END CATEGORY = Ends the extension name category
END CATEGORY
- END CATEGORY = Ends the main category
END CATEGORY
I hope that made at least a little bit of sense.
Considering that this is a WordPress blog, I thought that I would do my first iPhone app review on the WordPress app (recently released WordPress 2). I am writing this post from the application on my iPhone and I intend to keep them short as the title suggests. (Inline images added through WordPress Admin)
The app is quite simple and well set out for ease of navigation. The setup is as simple as inputting your blogs web address, username and password. The app contains three sections; Comments, Posts and Pages.
The comments section allows you to approve, unapprove or edit user comments. The posts and pages sections allow you to review, add or delete posts or pages and their content.
Overall the app works well and is extremely easy to use. I can see this app being quite handy for posting on the run or when you just don’t want to sit in front of your computer. A couple of things that I can think of to improve the app would be; the ability to add a hyperlink to a post or page and the ability to add inline images into posts or pages.
The app did crash on me once while I was adding a category but reopening the app recovered my unsaved post as per the pic below…
I have a Windows Server 2008 Virtual Machine setup on my VMware Server install for testing purposes. I had just about finished installing and configuring the OS when I attempted to install VMware Tools and receieved the follwing error:
VMware Tools is not supported on this guest OS.
Check the virtual machine’s configuration to make sure the settings match the installed operating system. Consult the documentation for more details about supported guest operating systems.
The Fix:
- Create a new VMware Datastore pointing to the VMware Server install directory %HOMEDRIVE%\Program Files\VMware\VMware Server
- Select the unsupported OS Virtual Machine and Edit the CD/DVD drive settings found under Hardware
- Select ISO Image and browse for the appropriate Operating Systems VMware Tools ISO file (in this case windows.iso)
- Click OK and restart the Virtual Machine
The ISO will now be mounted as the CD/DVD drive for the Virtual Machine - Browse the contents of the guest OS CD/DVD drive and run the VMware Tools setup (in this case setup.exe)
You will now have a fully functional install of VMware Tools on your unsupported OS.
I recently installed Windows 7 on my desktop PC at work. I use VMware server quite heavily to assist in testing various aspects of both client and server Operating Systems. So I downloaded and installed the latest version of VMware Server only to be confronted with the following error when attempting to access the VMware Servers web interface:
The VMware Infrastructure Web Service at “http://localhost:8222/sdk” is not responding (Connection Refused)
So I head towards the first port of call and make sure the required services are all started. Sure enough, the VMware Host Agent service has not started and can also not be started manually.
The Fix:
- Make sure that you are logged onto the PC as an administrator
- Browse to %HOMEDRIVE%\ProgramData\VMware\VMware Server\hostd
- Delete the datastores.xml file from this directory
- Restart the VMware Host Agent service
The datastores.xml file will now be regenerated automatically and the VMware Host Agent service will start. You will now be able to log into the VMware Server web interface as normal.
As promised the configuration of the Moodle-Google Integration plugin:
- Download Google-Moodle Integration plugin
- Unzip the files and upload them to your Moodle installation
- Login to your Moodle site and click Notifications to update the newly installed blocks
- From the Users menu, select Authentication then Google Authentication
- Enter your Google domain name
- On your Moodle server create the private and public keys:
Private Key (stored in Moodle only)
Command: openssl genrsa -out rsaprivkey.pem 1024(Visit Google Documentation for Key Generation Help)
Public Key (stored in Moodle and Google)
Command: openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem(Visit Google Documentation for Key Generation Help)
- Upload the created RSA Key File (rsaprivkey.pem) to Moodle (Users -> Authentication -> Google Authentication)
Upload the created SSL Signing Certificate (rsacert.pem) to Moodle (Users -> Authentication -> Google Authentication) - Login to your Google Apps Admin Control Panel (http://google.com/a/yourdomain) in a new window
- Browse to Advanced Tools – > Authentication -> Setup Single Sign-on (SSO)
- Check the Enable Single Sign-on box
- Copy and paste the Sign-in, Sign-out and Change Password page URL’s from the Setup Instructions box located on the Google Authentication setup page in Moodle
- Upload the Verification Certificate (rsacert.pem created in step 6) and Save the changes in Google Apps
- In your Google Apps Control Panel, browse to Users and Groups -> Settings and check the Enable Provisioning API box
Save the Changes
(This allows users to be updated) - Browse to Advanced Tools -> Manage OAuth Domain Key
- Upload the created certificate (rpacert.pem from step 6)
- Copy the OAuth Consumer Secret
- In Moodle, enable all Google Blocks and add them to the Front Page of your Moodle
(I had issues with a couple of the blocks and therefore only enabled the GMail Block. See how you go but if you have issues disabling the other plugins would be the first port of call) - Browse to Modules -> Blocks -> GMail Blocks and paste the Google OAuth Consumer Secret into the supplied field
Save the Changes - Select the Google User Sync block from Modules -> Blocks and fill in your Google Admin info.
Save the Changes - Test the config…
Our current configuration allows our staff and students to login to Moodle using their Active Directory credentials (via the Moodle LDAP authentication plugin) and link straight to their GMail account. This has allowed us to continue to provide a complete Single Sign-on (SSO) environment for our users.
The school I work at currently uses Moodle as our chosen LMS for students. Moodle is linked with our School Management system to sync courses, assignments and course enrollments among other things. This greatly assists in minimising administration work, but more on this at another time…
Our school also uses Google Apps Education Edition to provide our students with Email accounts and usage of the other Google Apps services. Google provides a great LDAP sync tool that can easily sync users and groups memberships but lacks a way to sync users passwords (not secure). For this to be possible a Single Sign On (SSO) system must come into the equation. These systems can cost thousands of dollars (depending on user numbers) from 3rd party developers or require a large amount of IT admin time and server resources to perfect a solid solution. I searched long and hard for a suitable tool for this job and tried a number of solutions but none worked well enough for my liking.
At the same time that I was searching for solutions for this issue I was also browsing around for some useful Moodle plugins. This is where I came across the Moodle-Google Intergration plugin that would solve all my issues. The plugin provides a SAML based authentication method to allow users to use their LDAP credentials (LDAP must be configured in Moodle) to log into their Google Apps account. This plugin talks with the SSO feature built into Google Apps via SAML 2.0 post and the use of the generated keys and certificates for security. Users then login to Moodle and from there can access their Google Apps account.
More to come on the configuration of this plugin. Stay tuned…
The school which I currently work at has recently manufactured an initiative to allow students to bring their own wireless enabled devices to school to assist them in their educational endeavors. Students would be granted access to the school internet connection and internal student online services via the schools wireless network. The task given to me and the rest of the schools ICT department was to allow the students to have access to the mentioned resources throughout the school whilst maintaining the schools current level of security.
We currently have a very basic and limited wireless network that was primarily put in place for staff notebooks. It was easy to see that the current wireless network would not be able to handle the amount of devices that we would potentially be throwing at it. We researched a number of wireless solutions including Netgear, Cisco, Ruckus and XIRRUS. We decided to request a trial of the XIRRUS arrays as we loved the concept and were very intrigued by its design and methods of providing a wireless network solution.
A member of the XIRRUS team came to the school along with an array for us to test. We were pleasantly surprised with the initial tests in terms of coverage against our already in place wireless network. However, coverage was only one of the boxes that needed to be ticked so the array was left with us for further testing. I proceeded mapped out how I intended the configuration of the array to fit in with our current network infrastructure.
This included:
- Multiple SSIDs – We required multiple SSIDs for various reasons (eg: Staff or Student devices & Visitors).
- VLANS - The array needed to be able to provide access to different VLANs on our network by different SSIDs.
- Captive Portal w/ RADIUS Authentication – I chose to have the array authenticate using Captive Portal against a RADIUS server as this would allow us to control which users (via our Active Directory authentication directory) could access the network and keep the network safe from outside (neighbours, etc.) sources
- IP/VLAN Address Filtering – Although our switching infrastructure could handle this via ACLs the added level of security on the array itself would assist in maintaining our current level of security.
- Centralized Management – We required centralized management of the arrays that would allow us to configure/make changes to multiple or all arrays at the same time.
- Access from Any Device – The final configuration would need to be simple but secure to allow the ability for a vast range of devices to connect.
Using the XIRRUS array I was able to implement the above configuration. The XIRRUS support team assisted me through certain aspects of this process via their excellent technical support team.
The Result:
- The XIRRUS array was setup to support numerous SSIDs with different access and security configurations.
- I was able to configure the array to handle our VLAN configuration and specify the VLAN required per SSID.
- The array has a built-in customisable Captive Portal (WPR) feature. We were able create a Captive Portal page to suit the schools style and host this on the array. For this implementation I built a new RADIUS server using Windows Server 2008 and its built-in Network Policy Server (NPS). The captive portal (WPR) on the array was then set to authenticate against this server.
- I created a new VLAN for the student wireless network to segregate the network from the rest of the schools devices. This was done for security reasons as students devices could potential be crawling with harmful material. ACLs were then applied at a switching level todeny access to or from this VLAN apart from the required servers and services (ie: Internet and internal online services). The XIRRUS array is also a Layer 3 switch which allowed me to apply further IP/VLAN filtering to the wireless network on the array itself. I was able to limit the access to specific ports only on the required servers.
- XIRRUS provides software to centrally manage and monitor the arrays. I have only just started exploring this software but from what I have seen so far it is an excellent utility to have.
- The connection was setup as an 802.11 agn OPEN connection allowing any device with a, g or n wireless capabilities to connect. The Captive Portal is simply a web page built using PERL and CSS meaning any device with a modern web browser should be able to connect.
We decided that XIRRUS was for us and proceeded with the project. A site survey was completed and the stock was ordered. Two XIRRUS representatives assisted with initial installation and configuration of the arrays and we are currently in the process of deploying the XIRRUS arrays as cabling work is completed. We hope to have the network up and running throughout the school for the commencement of Term I 2010. More to come as we proceed further…
I would also like to take this opportunity to publicly thank the XIRRUS sales and support team for their excellent assitance throughout this process. I would have no problem recommended XIRRUS to any school or organizational looking to implement a complete wireless network infrastructure. We have not been able to fault the XIRRUS product (we tried hard!) or their support.
Follow Me!