This was one of the most exasperating things that I have worked on in some time. The client got a bonded ADSL PPPoE connection from CenturyLink with 40Mbps Up by 2Mbps Down. The PPPoE was to authenticate the connection to CenturyLink.
Reconfigure the Technicolor C2000T modem into Bridged Mode
Login to the modem and click on the “Wireless” button
Disable the wireless completely and click on the “Apply” button
Click on the “Advanced” button then click on the “DHCP Settings” along the left hand menu
Disable DHCP completely and click the “Apply” button
Click on the “WAN Settings” and change the ISP Protocol to “Transparent Bridging” then click on the “Apply” button
Reboot the modem and move on to configuring the Juniper router
Configure the Juniper SRX 210 for the Bonded ADSL PPPoE connection
Enter the following commands on the router CLI:
Set the underlaying interface encapsulation to be PPP-Over-Ethernet:
set interfaces ge-0/0/0 unit 0 encapsulation ppp-over-ether
Set PPP Options with Authentication method CHAP:
set interfaces pp0 unit 0 ppp-options chap default-chap-secret YOUR-PASSWORD
set interfaces pp0 unit 0 ppp-options chap local-name YOUR-USERNAME
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
Set the PPPoE Options to the underlaying interface along with connection options:
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/0.0
Set the the pp0 interface to automatically negotiate the IP address:
set interfaces pp0 unit 0 family inet negotiate-address
Set the security zone pp0.0 interface WAN (untrust):
set security zones security-zone WAN interfaces pp0.0
If you are experiencing any fragmentation issue, you may want to adjust the tcp-mss setting as below, this was the part that I left out and had random websites not connecting:
set security flow tcp-mss all-tcp mss 1300
If your company is using a Juniper JunOS router or CenturyLink Bonded ADSL PPPoE connection to the internet, then contact us for assistance.
A huge thanks to Joseph Moody from DeployHappiness for these wonderful guides on how to deploy DFS Folder Redirection in an organization using Distributed File Services as a methodology for file sync between sites. I made some modifications to the DFS Replication to use site link costing and fail back for the remote sites to avoid the multiple data target issues seen in his notes.
Since Microsoft is no longer making Small Business Server (SBS) as the complete package for the SMB client, it is time to migrate email to Office365 and put in a Windows Standard Server in its place. This will explain the details of how to demote Windows Small Business Server from the domain after email has been migrated, the new server should already be in place and it should be running the appropriate server service and Flexible Single Master Operation (FSMO) roles would already be migrated.
One Last Check
Open a Command Prompt
Type in – netdom query fsmo
Make sure that all roles are pointing to the new Domain Controller
Open Control Panel
Double Click on “Programs and Features” icon
Search the list and find the entry named something like “Microsoft Exchange Server…” right click on it and choose “Uninstall”
Click “Next >” button then uncheck all possible boxes then click “Next >” button
Once the prerequisites have cleared successfully, click “Uninstall” button
Finally click “Finish” button
Remove AD Certificate Services
Click Start button, click Administrative Tools, and then click Server Manager.
Click on Roles, then in the Roles Summary section, click Remove Roles.
In the Remove Roles Wizard, click “Next >” button
Clear the “Active Directory Certificate Services” check box, and then click “Next >” button
On the Confirm Removal Options page, review the information, and then click “Remove >” button
Demote Windows Small Business Server and Remove from Active Directory
On the Source Server, click Start button, click Run, type dcpromo, and then click “OK” button
Click “Next >” button twice. (WARNING: Do not select “Delete the domain because this server is the last domain controller in the domain.”)
In the Summary dialog box, you are told that Active Directory Domain Services (AD DS) will be removed from the computer and that the server will become a member of the domain. Click “Next >” button
Click “Finish” button and the Server will restart
After the Server restarts, it can then be removed from the domain into a workgroup and disconnected from the network.
To remove the Source Server from Active Directory Domain Services
On the new Domain Controller Server click Start button, click Administrative Tools, and then select Active Directory Users and Computers.
In the Active Directory Users and Computers navigation pane, expand the domain name, expand MyBusiness, expand Computers, and then expand SBSComputers.
Right-click the old Server name if it still exists in the list of servers, click Delete, and then click Yes.
Verify that the Source Server is not listed, and then close Active Directory Users and Computers.
To update the Software Updates Group Policy Object
On the Management Server, click Start, click Administrative Tools, and then click Group Policy Management.
On the User Account Control dialog box, click Continue.
In the Group Policy Management console, in the navigation pane, expand Forest:DomainName, expand Domains, expand DomainName, and then expand Group Policy Objects (GPO).
Click Update Services Server Computers Policy.
In the results pane, click the Scope tab.
In the Security Filtering section, click the object that begins with “S-1-5…” This is the old Server Security Identifier (SID).
Click Remove, and then click “OK” button
If your company is migrating to Office 365 and needs help to demote Windows Small Business Server, then contact us for assistance.
This has happened to me countless times in the field and it is time to write up the process on my own. Either the client has an older version of the DirSync tool installed or there is some sort of errors that require reinstalling Office 365 DirSync. Special thanks go to Joseph Turley for the original write up on which this is based.
Uninstall Old AADSync Tool
If the server is running an older version of AADSync then below is a list of applications that are to be removed:
Microsoft Azure AD Sync
Microsoft Online Services Sign-in Assistant [Restart is required]
Forefront Identity Manager Windows Azure Active Directory Connector
There should then be a reboot of the server to finish these uninstallations. Additionally, the Azure AD Sync Scheduler scheduled task needs to be removed from the Task Scheduler to complete the removal of AADSync. There are also several user accounts in Active Directory Users and Computers that will need to be removed either titled something like “AAD…” or “ADSync…” for the reinstall to work properly. Also need to remove the folders named something like “C: > Program Files > Microsoft Azure AD…” before attempting to start the new installer. There might also be some leftovers in the registry that need to be removed as follows:
If the server is running a more current version of DirSync then below is a list of applications that are to be removed:
Windows Azure Active Directory Sync Tool
Microsoft Online Services Sign-in Assistant [Restart is required]
Forefront Identity Manager Synchronization Service
There should then be a reboot of the server to finish these uninstallations. There are several user accounts in Active Directory Users and Computers that will need to be removed either titled something like “AAD…” or “ADSync…” or “FIMSync…” for the reinstall to work properly. Also need to remove the folders named something like “C: > Program Files > Windows Azure…” and the database files located in a folder named something like “C: > Program Files > Microsoft SQL Server > MSSQL**.MSONLINE > MSSQL > DATA > FIMSync…” before attempting to start the installer.
Reinstalling Office 365 DirSync Tool
Log into the customer’s Office365 portal as a global administrator.
Click on the Admin tile
Click on the Users item in the left pane to expand it then click on Active Users
At the top of the main pane next to “Active Directory synchronization:” click on Manage
Make sure the at Active Directory synchronization is activated
Download the Directory Sync tool by clicking on Download button
Double click the installer
Type in your Office365 global administrator credentials then click “Next >” button
Type in your domain administrator credentials then click “Next >” button
Ignore the page on Hybrid and click “Next >” button
Make sure the box next to Active Directory Password Sync is checked and then click “Next >” button
Click on Install then on Finish to complete the install
Another handy thing to do after the installation is complete is to make a shortcut on the desktop for the miisclient software that monitors the sync process. It is located at “c: > Program Files > Windows Azure Active Directory Sync > SYNCBUS > Synchronization Service > UIShell > miisclient.exe” (this also allows for manual syncs when needed).
If your company needs help reinstalling Office 365 DirSync or help setting up Active Directory Password Sync for single sign-on, then contact us for assistance.
There are often times that shortcuts are needed on all users or a specific subset of user’s desktops, which is where Group Policy Preferences Desktop Shortcuts come in. Here is how to create a simple internet shortcut for a particular website:
Create a Group Policy Preferences Desktop Internet Shortcut
Login as an administrator.
Go the the start screen and type “Server Manager”.
In the Tools menu select “Group Policy Management”
Find / Create the Organizational Unit (OU) in the domain containing the target computers
Right click on the OU and select “Create a GPO in this domain, and Link it here…” to create a policy and link in to that OU.
If Control Panel is in Category view, click the Switch to Classic View link on the left and then double-click the Mail control panel. If Control Panel is in Classic view, double-click the Mail control panel.
Click on the “E-mail Accounts…” button.
Select Microsoft Exchange (or whatever is was named). Click on the “Change…” button.
Click on the “More Settings…” button. Click the Connection tab.
In the Outlook Anywhere section, check the “Connect to Microsoft Exchange using HTTP” box.
Click on the “Exchange Proxy Settings…” button.
In the “Use this URL to connect to my proxy server for Exchange” box, type the external URL of the proxy server.
Make sure the “Connect using SSL only” box is checked.
Check the “Only connect to proxy servers that have this principal name in their certificate” box.
In the Principle name for proxy server box, type msstd:[external URL] where [external URL] is the external URL of the proxy server. Note: Be certain that entries from Step 9 and 12 are correct. Do not have a space before or after the entries. In Step 12, after msstd there is a colon ( : ). It is not a semicolon. The text should be in all lower-case as well.
Un-check the “On fast networks, connect using HTTP first, then connect using TCP/IP” box.
Check the “On slow networks, connect using HTTP first, then connect using TCP/IP” box.
At the bottom of the dialog box, in the Use this authentication when connecting to my proxy server for Exchange list, change the setting from NTLM Authentication to Basic Authentication instead.
Click OK. Click Apply. Click OK. Click Next. Click Finish. Note: If you get “stuck” at the above step and can’t go forward, you need to double-check the settings in the settings in the Exchange Proxy Settings dialog box.
Open Outlook. You will be prompted for a User name and password.
In the User name box, type: [domainname]\ where [domainname] is the internal domain name of the network and then username. (i.E. FHN\Administrator)
Enter the password for the account. Click OK. In some cases, you may be prompted for the password a second time, please enter it.
Outlook should open normally. You’re done.
If your company is using internal Microsoft Exchange servers and need help configuring Outlook Anywhere via RPC over HTTP, then contact us for assistance.
Click on Manage and choose “Add roles and Features”.
Click “Next >” (Check the box to skip this in the future)
Make sure “Role-based or feature-based installation” is selected then click “Next >”
Choose the appropriate server then click “Next >”
Make no changes to the “Roles” page then click “Next >”
On the “Features” page scroll down and check the box by “SMTP Server”
Click “Add Features” (required for SMTP Server) then click “Next >”
Click “Install” then wait for the install to finish then click “Close”.
Configure Windows Server 2012 SMTP Relay
Go the the start screen and type “Server Manager”.
In the Tools menu select “Internet Information Services (IIS) 6.0 Manager”
Expand the tree until [SMTP Virtual Server #1] is shown then right click and choose “Rename” (as appropriate)
Right click again and choose “Properties”.
Click on the “Access” tab then click the “Connection…” button
Select “All except the list below” then click “OK”
Click on the “Relay…” then select “All except the list below” then click “OK”
Click on the “Delivery” tab then click the “Outbound Security” button
Select “Basic Authentication” and type in the username and password of Office365 user – this can be different than what is used on the device as long as the alternate address on the device is an alias of this user.
Check “TLS encryption” then click “OK”
Click the “Outbound connections” button then change “TCP port” to 587 then click “OK”
Click the “Advanced” button then fill in the FQDN of the internal server (add custom DNS for future changes)
Fill in “Smart host” with SMTP.office365.com – the name of the Office365 SMTP server then click “OK” twice
Warning! You have an open relay now. Use this setup to check the email notification system. When you see it’s fully functional go back to the “Access” tab and narrow down the “Connection” settings to the necessary systems. When no other system needs to relay, just check “Only the list below” and grant “127.0.0.1” access.
Configure External DNS for SPF protection
Go to the domain registrar’s website to update DNS records. Edit / create a sender policy framework (SPF) record. In the entry, include the external IP address. The finished string looks similar to this, where 10.0.0.2 is your public IP address:
Skipping this step might cause email to be sent to recipients’ junk mail folders.
If your company is using Office 365 and needs an Office 365 SMTP relay setup for use by a network device like a multi-function printer, then contact us for assistance.
With the recent changes in the economic landscape, the majority of companies will need to take a look at their bottom line including the current technology investments and the future technology needs of each company. The following are several guidelines as to making the most out of current investments by properly maintaining and safeguarding the equipment already in place as well as when to consider upgrading or replacing equipment in order to achieve a greater return on investment (ROI).
Maintenance of Technology Investments
There are many schools of thought as to how often a computer should be maintained and to what extent. A general rule of thumb is those who use the computer more heavily will need to perform these steps more often to reap the benefits. This routine should include tasks such as temporary file cleaning, full system virus and spyware scans, checking for operating system and major program updates or patches, and physically cleaning the computers outside and dusting out the inside with compressed air. These steps will help the computer to run at its peak performance.
Safeguarding Technology Investments
Various steps can be taken to protect computers from unforeseen environmental problems and malicious attacks. Each computer should be protected by some sort of high quality surge protection or battery backup to help shield them from potential catastrophic damage from an electrical surge. If the computers are connected to a broadband internet connection then a quality firewall router is needed to help protect against hacker intrusion. Also with any internet connection a quality antivirus / antispyware will help keep such malicious software at bay. Finally and most importantly is to backup critical files and documents in case of an accidental deletion or worse a hardware failure. These steps are vital to insuring that what you have is safe and if something goes wrong you are not left wanting.
Upgrading / Replacing Technology Investments
There is an unpleasant reality that all mechanical devices, including computers, will one day start to break down and need repairs or replacements. The standard lifespan of a current computer is around three to five years based on use, at which time parts will need to be upgraded and replaced or new hardware should be acquired to avoid the possibility of unforeseen failure. This is also a good rule of thumb for software as most companies have taken the stance of no longer supporting versions that are within that same age bracket. These upgrades and replacements will insure that
you have the software features to keep your business streamlined and the hardware to make it run efficiently.
These are just the basics of how to make the most out of current technology investments with the specifics needing to be tailored to the individual companies needs. The hope is that with proper maintenance, technology will be more of a benefit then a burden and make business success an obtainable goal.
If your company is in need of network consulting or considering some Technology Investments, then contact us for assistance.
In order to better serve you as a client, and possibly save us both time and money, here are a few things that you can do before calling the help desk:
Basic things to try before calling help desk
1. Unplug Power from Everything – This one may be much to ask for those with complicated setups, however you will find that it is worth the time and effort. Unplug the power cords from all devices and keep things unplugged for a matter of five minutes before plugging them back in the same way as before (labels are highly recommended to alleviate the confusion). This process resets all electrical systems and network connections. Once plugged back in make sure that all attached equipment is functional, check if the internet is working properly and if the problem has fixed itself. This is the first and often the last step in the process.
2. Make Sure Everything is Plugged In – This may seem like an exercise in futility but cords are easy enough to knock loose and simply going behind the computer tower for a couple seconds to testing each one can fix several issue related to internet connection and hardware malfunctions.
3. Backup Everything – You should already have this happening on a regular basis, but if you haven’t been then now is the best time to start. If nothing else get an external drive from a local retailer and copy/paste your important files, because if the hard drive is the problem then data loss is a serious threat. All computer repairs performed by a professional tech should be non-destructive, but assurance is better than the alternative.
4. Run a Basic Disk Cleanup – There are tools built into Windows that are there to help keep things up and running properly. The three most important and used of these tools are “Disk Cleanup,” “Disk Defragmenter,” and “chkdsk” – all of which are fairly simple to use. Both the cleanup and defragmenter are available under the “Accessories” folder of the start menu and “chkdsk” can be used by typing CHKDSK into the “Run…” option of the start menu. These will tune up your computer and keep it running at its best.
5. Delete Temporary Internet Files – Doing this will cure several internet related issues, especially if the problem is with a particular website. Click Start, then click Control Panel, and then double-click Internet Options. On the General tab click Delete Files under Temporary Internet Files. In the Delete Files dialog box, click to select the Delete all offline content check box, and then click OK. Click OK. Some websites might load slowly the first time after this and passwords will need to be re-entered on some websites login pages.
6. Record All Errors – This is vital if you want the support call to go quickly and smoothly. Make sure to carefully catalog all of the messages and codes that appear, each piece works together to become the trail of crumbs that leads to the solution. Also try to find a pattern that leads to the error’s appearance – if it is repeatable then it is fixable.
7. Gather Information – The most comprehensive way to get detailed information about your system is built into Windows. Click on the Start button then click on Run. Type in DXDIAG and click the OK button. This gives valuable information like operating system, system manufacturer / model, processor type / speed and memory. One other needed
piece of information comes from the My Computer icon on the desktop or start menu. Right click on the main hard drive and choose properties. This will show you how much used / free space there is left on the computer.
Armed with this information the computer tech may be able to diagnose the issues over the phone, via remote connection or at least give them a basis to work from. Also by taking care of these basics it should also help make the bill for services much smaller.