Import&Export PST Files Exchange Server 2010 sp3
Mikrotik Howto give PiNG / iCMP high Priority
Mikrotik Queuing is heuristic , means every packet leaving mikrotik destined to your IP is capped, even ICMP too.
So when you do browsing or downloading any data , there will be less or no bandwidth available for PING/ ICMP packets and ping form client to mikrotik OR to internet will face frequent timeout and high latency in case of full usage of allowed bandwidth.
As showed in the image below …
NOTE:
It is recommended to block the ICMP/PING protocol on every network to avoid flooding and un wanted queries from the client end. (You can exempt your admin pc or other from this restriction via source address list)
Or if you still want to allow icmp , then simply mark icmp packets and and create a queue that allows more bandwidth to icmp marked packets.
1- EXAMPLE OF PING/ICMP QUEUE USING SIMPLE QUEUE [overall capping]
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
############################################ PING/ICMP Priority Script for Mikrotik# Syed Jahanzaib / aacable @ hotmail . com############################################ Connection PACKET marking for ICMP, valid for both 5.x and 6.x ROS versions/ip firewall mangleadd chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment="" disabled=no# PACKET marking for ICMP, valid for both 5.x and 6.x ROS versionsadd chain=prerouting protocol=icmp connection-mark=icmp-con action=mark-packet new-packet-mark=icmp-pkt passthrough=no comment="" disabled=no# QUEUE TREE For Mikrotik 5.x Version to allow 128k Bandwidth for ICMP/PING Packets/queue treeadd burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=128k max-limit=128k name=Hi-Prio-to-icmp-aacable packet-mark=icmp-pkt parent=global-out priority=1 queue=default# For 5.x All Done. Now check your PING results. t.c#################################################################### IF you are using Mikrotik 6.x then above queue wont work,instead use SIMPLE queue # SIMPLE QUEUE approach is valid For both 5.x and 6.x Versions.# DO Make sure to move it on TOP [order wise 0]/queue simpleadd max-limit=128k/128k name=ICMP_Priority packet-marks=icmp-pkt target="" |
Result after implementing above code.
2- SECOND EXAMPLE OF PING/ICMP QUEUE USING PCQ TREE | (FOR PER USER DISTRIBUTION)
The following script will mark icmp packets and will allow 32k per user for icmp traffic via PCQ / QUEUE TREE
|
1
2
3
4
5
6
7
8
9
10
11
12
|
/ip firewall mangleadd action=mark-packet chain=prerouting comment="Mark ICMP I / zaib" new-packet-mark=ping_pkts_i protocol=icmpadd action=mark-packet chain=postrouting comment="Mark ICMP O / zaib" new-packet-mark=ping_pkts_o protocol=icmp/queue typeadd kind=pcq name="ping_pkts_i_32K" pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64add kind=pcq name="ping_pkts_o_32K" pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=32k pcq-src-address6-mask=64/queue treeadd name=ping_pkts_i packet-mark=ping_pkts_i parent=global-out queue="ping_pkts_i_32K / zaib"add name=ping_pkts_o packet-mark=ping_pkts_o parent=global-out queue="ping_pkts_o_32K / zaib" |
Installing VMware tools on RHEL OEL Centos 6 via yum
Installing VMware tools on RHEL OEL Centos 6 via yum
|
1
|
# vi /etc/yum.repos.d/vmware-tools.repo
|
|
1
2
3
4
5
|
[vmware–tools]
name=VMware Tools for Red Hat Enterprise Linux $releasever . $basearch
baseurl=http://packages.vmware.com/tools/esx/latest/rhel6/$basearch
enabled=1
gpgcheck=1
|
Description Packages
|
1
2
3
|
VMware Tools with graphics components
vmware–tools–esx–kmods–kernel_type
vmware–tools–esx
|
|
1
2
3
|
VMware Tools without graphics components
vmware–tools–esx–kmods–kernel_type
vmware–tools–esx–nox
|
|
1
|
yum install vmware–tools–esx–kmods vmware–tools–esx–nox
|
From http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
How to remove hidden network adapters from virtual machines
When using virtualization on a Microsoft environment such as Hyper-V you can easily have network problems when restoring a Virtual hard drive or changing a network card. With some operating systems on Hyper-V you may notice that the network adapter “MS Virtual Machine Bus Network Adapter” name changes and a number is associated with it, example “MS Virtual Machine Bus Network Adapter #3”.
This happens when you load an image from your backup. This will sometime cause network connectivity issues, due to the fact that other network adapters will still be configured (hidden) in the device manager which still lock your IP address. This will also cause the issue whereby although you configure the current network adapter (as seen in the Device Manager), no network activity can be achieved. Unfortunately these devices will not show directly in your device manager, so the following steps must be taken.
This can easily be removed by opening the command prompt with administrative access and typing the following command:
set devmgr_show_nonpresent_devices=1
start devmgmt.msc
This will start the Device Manager. It is important to start the Device Manager from the same command prompt, since it will lose the setting to show the non present devices. If you open the Device Manager from the Control panel, the hidden devices will not show.
When the Device Manager loads, from the File menu, expand the View and select the Show Hidden Devices option. This will enable and show any old un-used devices in the window. From here, expand the Network Adapters node and you can right click on the devices which are extra and delete them accordingly.
Another method which can be used to identify the hidden devices is a free tool from Microsoft called ‘devcon’ which is a command line alternative to the Device Manager, but it will not work since it only removes present devices. Maybe Microsoft will be adding this feature in the future releases of the tool, but for now, although it will show hidden devices, it is not capable of removing them. It will give an error saying ‘Remove failed. No devices removed.’
After this is done, your network adapter will be free and you can set up the correct network settings. This method of hidden device removal can be used for any type of device. Since this option may come in handy in your daily job, it would be best to configure the setting to show non-present devices in the Environment Variables from the system properties so that every time the server is loaded, the setting will be automatically configured and you will be able to see the hidden devices without running through the above commands. This can be set by clicking the New button in the System Variables frame and in the variable name enter ‘devmgr_show_nonpresent_devices’and in the variable value enter ‘1’.
Exchange 2010: How to redirect non-SSL Outlook Web App traffic to SSL
With Outlook Web App being an outwardly facing service that relies on the use of your organization’s internal credentials, it’s important to make sure that miscreants don’t get access to your security jewels — individual usernames and passwords. Using SSL for this traffic protects your organization and your users.
In this Exchange 2010 tutorial, I focus on how to make sure that users who visithttp://webmail.yourorg.com are automatically redirected tohttps://webmail.yourorg.com/owa. I will not be covering the SSL certificate provisioning and installation process.
Step-by-step instructions
1. Log into your Exchange 2010 server with a user account that has administrative rights on the server.
2. Go to Start | Administrative Tools | Internet Information Services (IIS) Manager. This opens the IIS7 manager, which is used by Exchange’s Client Access Server role.
3. Once you’re in the IIS Manager tool, expand your computer link, choose Sites, and then select the Default Web Site option.
4. From the Features View, choose the HTTP Redirect option (Figure A).Figure A
Choose the HTTP Redirect option
5. When you get to the HTTP Redirect page, do the following:
- Select the checkbox next to Redirect Requests To This Destination heading.
- In the box below, type in the full address – including HTTPS – for the site to which you’d like to redirect traffic. This would be the format:https://webmail.yourorg.com/owa.
- Make sure you also select the checkbox next to Only Redirect Requests To content In This Directory (Not Subdirectories). If you fail to do this, you’ll break some other functionality.
- In the Actions pane, click the Apply link to save your changes.
Your HTTP Redirect window should look like the screen in Figure B. Figure B
The HTTP Redirect options page
This step alone, however, isn’t enough. In fact, let’s try it. Browse tohttp://webmail.yourorg.com. You’ll get a message indicating that access is denied. The reason: SSL is currently required for the top level directory (Figure C). Figure C
The SSL redirect isn’t working.
In order for the redirect to work, the top level directory needs to be accessible without using SSL. In other words, it needs to be accessible via HTTP. To make that happen, you need to disable the SSL requirement on that directory. Once you do, the top-level directory is fully accessible via HTTP and then IIS can properly intercept your HTTP request and redirect you to the page that you specified earlier.
Now, follow these steps:
1. Select the top level directory – probably called Default Web Site – and browse to SSL Settings (Figure D). Figure D
Choose the SSL Settings option
2. Double-click SSL Settings.
3. Deselect the checkbox next to Require SSL (Figure E).
4. In the Actions pane, click the Apply link to save your changes.
Figure E
Disable SSL on the top level directory
For the remaining important subdirectories, make sure that the settings are as follows.
|
SSL |
Redirect |
|
| aspnet_client |
Enable SSL |
Uncheck redirect |
| Autodiscover |
Enable SSL |
Uncheck redirect |
| ecp |
Enable SSL |
Uncheck redirect |
| EWS |
Enable SSL |
Uncheck redirect |
| Microsoft-Server-ActiveSync |
Enable SSL |
Uncheck redirect |
| OAB |
Enable SSL |
Uncheck redirect |
| PowerShell |
DISABLE SSL |
Uncheck redirect |
| Rpc |
Enable SSL |
Uncheck redirect |
You need to make sure that you run through each of the directory settings since some of the changes you made earlier will have propagated down through the folder structure. Figure F gives you a look at one of the settings you’ll need to change. Figure F
Set SSL and Redirect settings on each of the folders listed above
Once you’re finished, test your new settings. As you can see in Figure G, success! Figure G
The HTTPS redirect is working now.
Now, users can just remember webmail.yourorg.com, and you can do the heavy lifting behind the scenes to both protect them (SSL) and make their lives easier (automatic redirection).
Firewall Spam Filtering
Firewall Spam Filtering
|
Adds connections to regular servers to a VALID_SMTP list (you can add your own “always valid” servers to this)
If a user is seen making multiple simultaneous connections (in excess of 10) they’re added to a blacklist and SMTP traffic from them is dropped.
/ip firewall filteradd action=add-dst-to-address-list address-list=VALID_SMTP address-list-timeout=2d chain=forward comment="Checking POP3" disabled=no dst-port=110 protocol=tcpadd action=add-dst-to-address-list address-list=VALID_SMTP address-list-timeout=2d chain=forward comment="Checking Secure POP3" disabled=no dst-port=995 protocol=tcpadd action=add-dst-to-address-list address-list=VALID_SMTP address-list-timeout=2d chain=forward comment="Checking IMAP" disabled=no dst-port=143 protocol=tcpadd action=accept chain=forward comment="Allow SMTP going to known servers" disabled=no dst-address-list=VALID_SMTP dst-port=25 protocol=tcpadd action=drop chain=forward comment="Drop traffic from those on the suspect list" disabled=no dst-port=25 protocol=tcp src-address-list=spambotadd action=add-src-to-address-list address-list=spambot address-list-timeout=2d chain=forward comment="10+ connects = spammy" connection-limit=10,32 disabled=no dst-port=25 protocol=tcp src-address-list=QOSCustomerIPs/ip firewall address-listadd address=202.171.191.9 comment=smtp.bigair.net.au disabled=no list=VALID_SMTP |
Monitoring multiple WAN links in PCC using BLACK-HOLE route approach !
Scenario:
Dual pppoe-client wan links are configured in mikrotik with PCC load balancing.
Task:
To monitor both (ow more) wan links via some fixed routes and email in case any goes down or take other action as required.
Solution:
You must be aware that to achieve any task, there are multiple ways to do so, Select whatever is best and whatever works for you (offcourse without affecting any other functionality). I tried various solutions to monitor pppoe-wan clients, but most of them didn’t worked as I wanted. So I used blackhole route approach and it worked 100%.
Example:
[This example is just for demonstration purpose only. In the real production environment you MUST use multiple host monitoring , because it is very possible that if you monitor single host, and for some reason ISP blocks it, or the owner of the host close it for maintenance…
View original post 265 more words
How To Disable ESXi Password Restrictions
How To Disable ESXi Password Restrictions
The following instructions will allow you to change the “root” user’s password to something simple like “password“.
ESXI 5.0, ESXI 5.1 AND ESXI 5.5
1. Edit /etc/pam.d/passwd and add “enforce=none” to the end of the “password requisite” line:
esx# vi /etc/pam.d/passwd
password requisite /lib/security/$ISA/pam_passwdqc.so \
retry=3 min=8,8,8,7,6 enforce=none
2. Change password:
esx# passwd
ESXI 4.1
1. Edit /etc/pam.d/system-auth and add “enforce=none” to the end of the “password requisite” line:
esx# vi /etc/pam.d/system-auth
password requisite /lib/security/$ISA/pam_passwdqc.so \
retry=3 min=8,8,8,7,6 enforce=none
Note: You will need to force the write with an exclamation “:wq!”.
2. Change password:
esx# passwd
Note: The enforce setting will be lost on the next reboot, so change your password now.
ESXI 4.0
1. Edit /etc/pam.d/common-password and add “enforce=none” to the end of the “password requisite” line:
esx# vi /etc/pam.d/common-password
password requisite /lib/security/$ISA/pam_passwdqc.so \
retry=3 min=8,8,8,7,6 enforce=none
2. Change password:
esx# passwd
ESX 4.1
1. Edit /etc/pam.d/system-auth and add “enforce=none” to the end of the “password required” line:
esx# vi /etc/pam.d/system-auth
password required /lib/security/$ISA/pam_passwdqc.so \
min=8,8,8,7,6 similar=deny match=0 enforce=none
2. Change password:
esx# passwd
ESX 4.0
1. Edit /etc/pam.d/system-auth-generic and add “enforce=none” to the end of the “password required” line:
esx# vi /etc/pam.d/system-auth-generic
password required /lib/security/$ISA/pam_passwdqc.so \
min=8,8,8,7,6 similar=deny match=0 enforce=none
2. Change password:
esx# passwd
Expanding Possibilities / Howto add 3rd party packages in Mikrotik KVM/Metarouter!
As asked by few friends, i thoughts its a good idea to share it with all.
Last Update: 5th March, 2015, 08:43 am
1- Whatis Metarouter
2- Howto install Metarouter in Mikrotik Routerboard
3- Howto install APACHE web server in METAROUTER to host your web files.
4- Howto install ASTERISK 1.8 with GUI [Feb 2015]
5- Howto setup NTP to solve DATE Time synch issue [5th March, 2015 8:43am]
6- Howto disable firewall [17th Mrach, 2015 13:00 hrs]
1- What is METAROUTER?
as defined by Greg
“Metarouter is a way to have logical routers running on your existing routerboard. In essence, you create a virtual router on your RB, then you assign some interfaces to it. You then can hand this virtual router off to a customer hand allow them to administer it without effecting any of the core functions necessary on the device. .”
Also on
View original post 624 more words
Sumonchai 