Skip Ribbon Commands
Skip to main content

Helping Prevent Technological Defenestration.

Dec 06
Blocking Dangerous File Attachments in Exchange / Office 365

Aside from antivirus email scanning, it’s important to block dangerous file attachments from reaching users in your organization. The first reaction I get from managers when I request file blocking is that they need to have access to sending and receiving certain types of files, such as ZIP, RAR, etc. Blocking these files creates an added layer of security by requiring the sender and recipient to perform a manual security ‘handshake’. This handshake add security be having the sender and recipient discuss exchanging the file, eliminating the files send by email by spammers or infected PC’s. Of course, the sender and recipient would have to send the file by another means, such as a file exchange service like SeaFile.

How to Block Dangerous File Type in Office 365/ Exchange

Open the Exchange admin panel and navigate to mail flo –> rules and click + to add a new rule.

image

Give your rule a name and click on more options at the bottom of the windows to display more options.

image

Create a rule that flags any attchments that have specific file name pattern.

image

Then add the file name extensions that you wish to block, excluding the dot.
image

Now select a response (such as email rejection) and include a rejection message

image

Click the save button when finished.

You may go back and click on the hyperlinked attachment types to add or remove attachments if you need to do so in the future.

image

Creating a Warning Message Rule for Office Documents

Since MS office documents (DOC, XLS and PPT) can contain macros, it’s a good idea to send the user a warning message telling him/her to be careful and not allow Macros if requested, without consulting the sender or the helpdesk first. To do so, use the following setting after creating a new rule:

image

When someone outside the organizations sends an email to an internal mailbox, the message will be preceeded by a warning.

Here is a list of dangerous attachment types and their extensions for you to block:

.EXE – An executable program file. Most of the applications running on Windows are .exe files.

.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.

.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.

.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.

.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.

.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.

.COM – The original type of program used by MS-DOS.

.SCR – A Windows screen saver. Windows screen savers can contain executable code.

.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.

.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.

.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.

.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.

.BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS.

.CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.

.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.

.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.

.JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.

.JSE – An encrypted JavaScript file.

.WS, .WSF – A Windows Script file.

.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.

.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.

.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.

.SCF – A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.

.LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.

.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.

.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.

.DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.

Dec 04
Hyper-V Server Out of Disk Space; Ran out of Disk Space During CheckPoint/Snapshot Merge

I have seen several instances where Hyper-V guests stop working because the host machine runs out of disk space during a merge. Although you should never use a checkpoint on a production server, the temptation is there, and if you forget to delete it afterwards, you could find yourself in a pickle later on if you need to merge a large checkpoint and have little free space on the host server.

There is a quick an easy way around this, albeit with a caveat. The process involves moving the Hyper-V guest storage to an external USB drive that has plenty of space, merging the snapshot, then moving the data back. The risk is that USB drives are not as reliable for heavy loads, as for example, RAID arrays. The benefit is that it’s a quick solution that can get you out of a bind.

A safer way would be to do a live migration to another Hyper-V server that has available disk capacity, merge the snapshot, then move it back. However, this article is a quicker solution intended for companies that do not have an extra Hyper-V server with spare capacity lying around.

Make sure you have a backup of the Hyper-V guest before proceeding.

Connect an external USB disk to the Hyper-V server and make sure it’s accessible.

image

From the Hyper-V manager, right click on the Hyper-V guest and select move.

image

Select the option to move the Hyper-V guest machine’s storage.

image

In the next option, select to move only the virtual machine’s storage.

image

Selecty the guest machine you want to move, then click next.

image

Select the temporary USB drive storage drive to move the hyper-V guest disk image.

image

Click finish to begin the move process.

image

If you look at the USB drive volume, you will see that the Hyper-V copy process will begin copying the VHDx file and then, when it’s finished, it will copy the snapshot file(s) as well (aVHDx).

image

Depending on the size of the VM and the snapshots, this process could take several hours and up to a day. Remember USB disks don’t have the  I/O performace of a RAID subsystem or direct bus SCSI/SATA connection. Luckily, you can continue working since the Hyper-V guest is still running during the move process. Sit back, relax and let it happen…

image

When the process finishes, you can verify that the move has completed by going to the Hyper-V manager and looking at the hard drive media location.

image

You should also see that the disk volume where the VM was located has extra disk space.

image

Now, proceed to remove the snapshot as you normally would. Right click on the Hyper-V guest and delete delete checkpoint or delete checkpoint subtree. You can also use PowerShell to remove the snapshot if the option to delete from the GUI is not present (this can happen sometimes).

Get-VMSnapshot -ComputerName “VMHostName” -VMName “VMGuestName” | Remove-VMSnapshot

The merge process will begin.

image

Once the Hyper-V merge is completed, use the same process described above, in reverse, to move the VM guest back to the original drive volume and away from the USB disk. DO NOT be tempted to leave the VM guest running off the USB drive unless you relish tragedy, drama or watching things crash and burn.

image

Nov 01
How to Request a Large File using Seafile

In addition to sending large files outside your organization, you can use SeaFile to receive large files that do not get through email systems. Here’s how:

Log in to Seafile by visiting www.falconitservices.com, click on support, then on the Seafile Transfer icon.

image

Log in to SeaFile using your user name and password. If you do not have one, contact the helpdesk to request one.

image

Click on the create library icon if you wish to create a special library for these files. Note: DO NOT encrypt the library, otherwise you will not be able to share it with others.

image

Clikc on the share icon next to the library.

image

Select upload link, then click on the generate button. You can add a password if you want anybody uploading to this library to be required to enter a password.

image

A hyperlink will be created that you can send to the person who is going to upload the files to your library. You can copy and paste the link to send via Email or you can click on the send button to have SeaFile send the link via Email.

image

The recipient will receive an email from postmaster at cloud.falconitservices.com, similar to the one shown below:

image

Clicking on the link will take them to an easy to use, upload page.

image

The default size is 500MB, which is quite large. If you need additional transfer limits, please contact the helpdesk for an increase.

Oct 31
BSOD after P2V or Disk2VHD Conversion caused by Storport RAID or other Hardware Drivers

After converting a Dell 310 Server with an S100 software raid to a virtual machine using Disk2VHD, the image would not boot up, even in safe mode.

In safe mode, I noticed that the BSOD appeard right after trying to load storport.sys. I had to remove these drivers in order to fix the issue.

Here is how you can fix hard disk and RAID drivers from your porevious hardware crashing your new virtual machine.

First, boot into safe mode by pressing the F8 key on startup.

Make a note of the last driver to load prior to BSOD system crash.

image

Next, boot into recovery mode by launching startup repair or by pressing F8 during boot then selecting the repair your computer option.

image

Log in as the local admin.

image

Open the command prompt.

image

The Recovery Media is drive X:. You will need to find your operating systems’s drive letter. use the command BCDEdit to locate the drive letter of your Windows OS partition. In the case below, the OS is on drive letter D:

image

Use the following command to get a list of 3rd party drivers:

Dism /image:D:\ /Get-Drivers (includes 3rd party drivers)
You can also add the /all switch if you suspect that a Windows driver may be causing the BSOD
Dism /image:D:\ /Get-Drivers /all (includes all drivers)

image

Use the get-driverInfo switch for additional information

Dism /image:D:\ /Get-DriverInfo /Driver:oem1.inf

image

Use the following command to remove the offending driver:

DISM /Image:D:\ /Remove-Driver /Driver:oem1.inf

image 

Restart the Windows image.

If you continue to have problems, run Checkdisk, SFC Scan and Image Restore using the following Commands:

Chkdsk D: /r

SFC /scannow /offbootdir=D:\ /offwindir=D:\windows

Oct 11
How to use Seafile to Send Large Files

Files greater than 5 Megabytes typically do not go through when sent by email. Seafile is an easy way to transmit files to others, while breaking the 5MB barrier. To use Seafile you will need a user name and password. If you do not have one, please contact our helpdesk.

To begin, navigate to www.falconitservices.com and click on the support link. From support, click on the Seafile icon.

image

Log in to SeaFile.

image

Click on New Library and give the library a name.

image

Click on the library link, then upload your files by clicking on the upload icon. Select the files and begin the upload process.

image

Once you have finished uploading all your files, go back to the main libraries.

image

Click on the share icon that appears when you hover your pointer over the library.

image

You can optionally password protect the file (you will need to give the recipient the password) and  select a finite number of days that the files will be made available for download.

image

When finished, click the generate button.

image

A link will appear with the download URL. You can either copy the link and email it to the recipient(s) or simply click on the send button.

image

Enter the recipient’s email address, the click submit.

image

The recipient will receive an email similar to the one below.

image

When the email link is selected, it will take them to a Web page where the files are available for easy download.

image

Feb 28
How to Connect a Cisco SPA 525G VoIP Phone Using WiFi

Note: Although the  Cisco SPA 525G supports WiFi, it’s recommended to use an Ethernet cable. WiFi is less reliable and is prone to dropping packets, which can cause the voice quality to degrade.  The farther you are from the WiFi transponder, and the more devices that connect and utilize the available WiFi bandwidth, the higher the chances that the voice quality will encounter jitter.

If an Ethernet cable is not available, follow these instructions to connect the SPA 525G via WiFi:

Press the setting button as indicated below.

image

Scroll to and select the network configuration settings.

image

Change the WiFi to the ON setting and press the set button to save the changes.

image

image

Select Wi-Fi configuration as shown below.

image

and then select wireless profile.

image

Press the scan button to look for SSID’s.

image

image

Once found, select the desired SSID and press the connect button.

image

Select the security mode and cipher type that your WiFi device uses for security, then enter the shared WiFi passphrase.

image

Save the settings when you have finished. Select the profile that was just created and press the connect button.

image

Once you have successfully connected, the status WiFi inducation will show the signal strength and the red X will disappear from the network icon.

image

Jan 28
Hyper-V Migration | Move Hyper-V Guest on Workgroup (Non Domain) Hyper V Server

Hyper-V Live migration is not supported in a workgroup environment, but you can move a Hyper-V guest from one server to another relatively easy. Just copy the VHD file from the source server to the target server and then create a new VM guest on the target server using the VHD file.

Make sure that you merge any snapshots before proceeding. Having a snapshot will not allow you to create a new VM using the VHD file. Following best practice, you should never have snapshots on productions servers anyways!

To begin, gracefully shut down the Hyper-V guest OS on the source server and locate the VHD file. If you are not sure where the VHD file is located, open the Hyper-V guest settings and look in the hard drive media settings.

image

Next, create a shared folder on the target server where the VHD file can be copied to. Note that copying large files over a network share can take a long time. You can opt to copy the file to a USB drive and then move it to the target server to expedite the process, if you have physical access to both servers.

Use copy/paste, Robocopy or Richcopy to move the VHD file to the target server.

image

As you can see in the image above, a relatively small  VHD server file copied over a 10/100 Ethernet can take several hours

Once the VHD file can been copied, open the Hyper-V manager on the target server and create a new virtual machine.

image

Follow all the steps you normally would when creating a new VM, until you get to the step to create the virtual disk.

image,

Choose ‘use an existing virtual hard disk’ as shown above the in the connect virtual hard disk option.

Click browse and select the VHD file that was copied to the target server.

image

Navigate to the Hyper-V manager on the target machine and start the newly created VM and Voila!

image

If the source server is on the same network, make sure to remove or delete the old Hyper-V guest so that someone does not start it accidentally.

Dec 28
How to View the Name of Your Windows Computer

Hold down the Windows key (image below) on your keyboard and press ‘R’.

image

When the run box appears, type msinfo32 as shown below and press OK.

image

The system name will appear as shown below.

image

Jun 13
Configuring Asterisk to use Cisco Unified CP-9971, CP-8961 IP Phones

Although not officially supported, Cisco CP 8961 and 9971 phones can be easily configured for use on FreePBX, Elastix and most Asterisk PBX systems. This step by step guide will provide the provisioning configuration details. The steps are:

  • Configuring Asterisk to allow TCP protocol for use on specific IP phones.
  • Setting up a DHCP server with TFTP option 150.
  • Setting up a TFTP server.
  • Configuring extensions in Asterisk.
  • Creating XML configuration files for the IP phones.

For this post, we will be using Elastix 2.5, Windows DHCP and SolarWinds TFTP server, however you can adjust according to your own product preference. We will be using Cisco CP-9971 and CP-8961 with firmware version 9.3 however other Cisco UC phones will work as well. Note: you should have at least firmware 9.0 installed on the phones in order to use SIP protocol and work with Asterisk.

Configuring Asterisk to use TCP

To configure Asterisk to allow the use of TCP in transport, log in to the Web UI and navigate to the Asterisk file editor. Locate the sip_general_custom.conf and add the following lines:

tcpenable=yes
tcpbindaddr=0.0.0.0

image

After you save the changes, locate sip_notify_custom.conf and add the following lines:

udpbindaddr=0.0.0.0
tcpenable=yes
tcpbindaddr=0.0.0.0
callcounter=yes

image

When finished, click save and the reload Asterisk.

Configuring the TFTP Server

Download and install the TFTP Server of your choice or download and install a free TFTP server from SolarWinds by clicking here. 

image

Inside the default TFTP folder (c:\TFTP-Root if using Solarwinds), create a file using Windows notepad. Name it ‘dialplan.xml’ and copy/paste the text below to the file.

<DIALTEMPLATE>
     <TEMPLATE MATCH="91.........." Timeout="0"/>
     <TEMPLATE MATCH="911" Timeout="0"/>
     <TEMPLATE MATCH="\*.." Timeout="0"/>
     <TEMPLATE MATCH="[1-8].." Timeout="1"/>
     <TEMPLATE MATCH="*" Timeout="5"/>
< /DIALTEMPLATE>

 

image

When you have finished, save the file and make sure that the TFTP server is running.

image

 

Configuring the DHCP Server

Next, we will need to configure our DHCP server to use option 150 so that the IP phones obtain the IP address of the TFTP server from the DHCP server. The Cisco IP phones will use the TFTP server to download and install their respective provisioning configurations.

Open Windows DHCP server MMC and right click on the IPV4 server and select set predefined options.

image

Click add and give the option a name and a description. Select IP address as the data type and 150 as the code.

image

Add the TFTP server’s IP address to the value field and click OK.

image

 

Configuring Extensions and Phones

 

 

1. Creating/configuring the phone extensions in the Elastic UI

From the Elastix Web UI, navigate to PBX->Configuration->Extensions. Select to add a generic SIP device.

image

Enter the extension number and relevant information, then save the settings. Go back and edit the extension and look for the transport option.  If your version of asterisk has this transport option, you can set TCP here and skip the next step.

 

image

Submit your changes and apply the configuration.


2. Setting up the extension to utilize TCP instead of UDP

If you Asterisk version does not allow you to change the extension transport type from the extension edit GUI, you can do it in the sip_custom_post.conf file. Navigate to Tools->Asterisk File Editor and locate the sip_custom_post.conf file.  Add the extension of your phone using the following syntax:

[EXT#](+)
transport=TCP

In the example shown below, there are three extensions in our lab setup that will use the CP-9971 phone, so we added them to the sip_custom_post.conf file. This will force these extensions to use TCP  transport, a requirement for the CP-9971 IP phone.

image

Save and restart the Asterisk PBX.

Configuring the Cisco IP Phone

On your Cisco IP phone, select phone information from the applications menu.

image

Note these two important pieces of information: the Host Name and the Active Load. Write them down, you will need them both.

image

On the server that has TFTP installed, open Windows notepad and copy/paste the XML text shown below.

 

<device>
    <deviceProtocol>SIP</deviceProtocol>
    <sshUserId>admin</sshUserId>
    <sshPassword>password</sshPassword>
    <devicePool>
       <dateTimeSetting>
          <dateTemplate>M/D/YA</dateTemplate>
          <timeZone>Eastern Standard/Daylight Time</timeZone>
          <ntps>
             <ntp>
                <name>pool.ntp.org</name>
                <ntpMode>Unicast</ntpMode>
             </ntp>        
          </ntps>
       </dateTimeSetting>
       <callManagerGroup>
          <members>
             <member priority="0">
                <callManager>
                   <ports>
                      <ethernetPhonePort>2000</ethernetPhonePort>
                      <sipPort>5060</sipPort>
                      <securedSipPort>5061</securedSipPort>
                   </ports>
                   <processNodeName>AsteriskIP</processNodeName>
                </callManager>
             </member>
          </members>
       </callManagerGroup>
    </devicePool>
    <sipProfile>
       <sipProxies>
          <backupProxy></backupProxy>
          <backupProxyPort>5060</backupProxyPort>
          <emergencyProxy></emergencyProxy>
          <emergencyProxyPort></emergencyProxyPort>
          <outboundProxy></outboundProxy>
          <outboundProxyPort></outboundProxyPort>
          <registerWithProxy>true</registerWithProxy>
       </sipProxies>
       <sipCallFeatures>
          <cnfJoinEnabled>true</cnfJoinEnabled>
          <callForwardURI>x-serviceuri-cfwdall</callForwardURI>
          <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
          <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
          <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
          <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
          <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
          <rfc2543Hold>false</rfc2543Hold>
          <callHoldRingback>2</callHoldRingback>
          <localCfwdEnable>true</localCfwdEnable>
          <semiAttendedTransfer>true</semiAttendedTransfer>
          <anonymousCallBlock>2</anonymousCallBlock>
          <callerIdBlocking>2</callerIdBlocking>
          <dndControl>0</dndControl>
          <remoteCcEnable>true</remoteCcEnable>
       </sipCallFeatures>
       <sipStack>
          <sipInviteRetx>6</sipInviteRetx>
          <sipRetx>10</sipRetx>
          <timerInviteExpires>180</timerInviteExpires>
          <timerRegisterExpires>1800</timerRegisterExpires>
          <timerRegisterDelta>5</timerRegisterDelta>
          <timerKeepAliveExpires>120</timerKeepAliveExpires>
          <timerSubscribeExpires>120</timerSubscribeExpires>
          <timerSubscribeDelta>5</timerSubscribeDelta>
          <timerT1>500</timerT1>
          <timerT2>4000</timerT2>
          <maxRedirects>70</maxRedirects>
          <remotePartyID>false</remotePartyID>
          <userInfo>None</userInfo>
       </sipStack>
       <autoAnswerTimer>1</autoAnswerTimer>
       <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
       <autoAnswerOverride>true</autoAnswerOverride>
       <transferOnhookEnabled>false</transferOnhookEnabled>
       <enableVad>false</enableVad>
       <dtmfAvtPayload>101</dtmfAvtPayload>
       <dtmfDbLevel>3</dtmfDbLevel>
       <dtmfOutofBand>avt</dtmfOutofBand>
       <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
       <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
       <kpml>3</kpml>
       <phoneLabel>Company</phoneLabel>
       <stutterMsgWaiting>1</stutterMsgWaiting>
       <callStats>false</callStats>
       <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
       <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
       <sipLines>
          <line button="1">
             <featureID>9</featureID>
             <featureLabel>LabelName</featureLabel>
             <proxy>USECALLMANAGER</proxy>
             <port>5060</port>
             <name>EXT</name>
             <displayName>DispName</displayName>
             <autoAnswer>
                <autoAnswerEnabled>2</autoAnswerEnabled>
             </autoAnswer>
             <callWaiting>3</callWaiting>
             <authName>EXT</authName>
             <authPassword>Password</authPassword>
             <sharedLine>false</sharedLine>
             <messageWaitingLampPolicy>1</messageWaitingLampPolicy>
             <messagesNumber>*97</messagesNumber>
             <ringSettingIdle>4</ringSettingIdle>
             <ringSettingActive>5</ringSettingActive>
             <contact>EXT</contact>
             <forwardCallInfoDisplay>
                <callerName>true</callerName>
                <callerNumber>false</callerNumber>
                <redirectedNumber>false</redirectedNumber>
                <dialedNumber>true</dialedNumber>
             </forwardCallInfoDisplay>
          </line>
       </sipLines>
       <voipControlPort>5060</voipControlPort>
       <startMediaPort>16348</startMediaPort>
       <stopMediaPort>20134</stopMediaPort>
       <dscpForAudio>184</dscpForAudio>
       <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
       <dialTemplate>dialplan.xml</dialTemplate>
       <softKeyFile></softKeyFile>
    </sipProfile>
    <commonProfile>
       <phonePassword></phonePassword>
       <backgroundImageAccess>true</backgroundImageAccess>
       <callLogBlfEnabled>2</callLogBlfEnabled>
    </commonProfile>
    <loadInformation>ActiveLoad</loadInformation>
    <vendorConfig>
       <disableSpeaker>false</disableSpeaker>
       <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
       <pcPort>0</pcPort>
       <settingsAccess>1</settingsAccess>
       <garp>0</garp>
       <voiceVlanAccess>0</voiceVlanAccess>
       <videoCapability>0</videoCapability>
       <autoSelectLineEnable>0</autoSelectLineEnable>
       <webAccess>1</webAccess>
       <daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
       <displayOnTime>00:00</displayOnTime>
       <displayOnDuration>00:00</displayOnDuration>
       <displayIdleTimeout>00:00</displayIdleTimeout>
       <spanToPCPort>1</spanToPCPort>
       <loggingDisplay>1</loggingDisplay>
       <loadServer></loadServer>
    </vendorConfig>
    <userLocale>
       <name></name>
       <uid></uid>
       <langCode>en_US</langCode>
       <version>1.0.0.0-1</version>
       <winCharSet>iso-8859-1</winCharSet>
    </userLocale>
    <networkLocale></networkLocale>
    <networkLocaleInfo>
       <name></name>
       <uid></uid>
       <version>1.0.0.0-1</version>
    </networkLocaleInfo>   
    <deviceSecurityMode>1</deviceSecurityMode>
    <authenticationURL></authenticationURL>
    <directoryURL></directoryURL>
    <servicesURL></servicesURL>
    <idleURL></idleURL>
    <informationURL></informationURL>
    <messagesURL></messagesURL>
    <proxyServerURL></proxyServerURL>
    <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
    <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
    <dscpForCm2Dvce>96</dscpForCm2Dvce>
    <transportLayerProtocol>4</transportLayerProtocol>
    <capfAuthMode>0</capfAuthMode>
    <capfList>
       <capf>
          <phonePort>3804</phonePort>
       </capf>
    </capfList>
    <certHash></certHash>
    <encrConfig>false</encrConfig>
< /device>

 

Save the file as the ‘host_name.cnf.xml’ inside the TFTP folder.

For example, if the IP phone’s host name is SEPC40ACBE0C2F3 then save the file as SEPC40ACBE0C2F3.cnf.xml.

image

 

When finished, edit the file with notepad and change the fields listed below in BLUE. You can change other fields to fit your preferences; all the descriptions and options are documented in this GitHub site as well as in usecallmanaer.com.nz.

 

<processNodeName>Asterisk  IP</processNodeName> Insert your Asterisk PBX IP address or FQDN here.
<featureLabel>LabelName</featureLabel> Insert the phone label name (keep it short < 10 chars)
<phoneLabel>Company</phoneLabel> Company or department name (<10 chars)
<name>EXT</name> Phone Extension
<contact>EXT</contact> Phone Extension
<displayName>DispName</displayName> Display Name (<10 chars)
<authName>EXT</authName> Phone Extension
<authPassword>Password</authPassword> Extension Password
<loadInformation>ActiveLoad</loadInformation> Your phone’s Active Load information (it must match)

 

When finished, reset and power cycle your phone and it will be configured automatically.

image 

May 23
How to Install SeaFile for Windows with SSL Certificate Step by Step

This tutorial will guide you on setting up SeaFile on a Windows 2012R2 server and installing an SSL certificate.

Requirements

  • Windows Server 2012, 2012R2 or 2016
  • Administrative account on Windows server
  • Public static IP address
  • DNS to resolve FQDN to public IP
  • Router to forward ports 8001, 8082, 12001 to SeaFile Server
  • SSL Certificate from trusted authority (www.ssls.com)

Pre-Setup

  • Configure a static private IP address on the Windows server that will host SeaFile
  • Install the latest Windows updates
  • Disable UAC (you can enable it again after the install is completed)
  • Make sure that the server has access to the Internet.
  • Disable IE enhanced security configuration
  • Download and install 7-Zip from www.7-zip.org
  • Open ports 8001 and 8082 on your  firewall and translate 9forward) to the SeaFile server.

Log in using an administrative account, download and install python 2.7.11 32bit, make sure to use the x32 version as x64 will NOT work properly. The installation will create a folder named c:\Pythod27 by default.

Go to system properties –> advanced tab –> environment variables.

Edit the path and add:  ;c:\Python27\ to the end of the environment path.

Make sure that there is no whitespace, see example below:

image

Navigate to https://www.seafile.com/en/download and download SeaFile Server for Windows version 6.07.

Create a folder c:\SeafileProgram and extract the SeaFile tar file using 7-Zip to that location.

image

Navigate to the extracted located and execute the run.bat file.

image

Once the installation process begins, choose a disk volume where the SeaFile folder will be installed and click next. A SeaFile server icon will appear in the icon tray. Right click on it and select add an admin account. Enter an email address and password and click OK.

image

Navigate to c:\Seafile-Server\conf and open seafile.conf using a text editor.

Copy and past the following text on to the editor:

 

[database]
type = sqlite

[network]
port = 12001

[fileserver]
port = 8082

[seahub]
port = 8001
fastcgi = false

[fileserver]

# Set maximum upload file size to 500M.
max_upload_size=500

# Set maximum download directory size to 500M.
max_download_dir_size=500


[quota]

# default user quota in GB, integer only
default = 5

 

 

We will use port 8001 for the Web UI and port 8082 for the file server. You can adjust the Web UI port and quota sizes  to your own specifications but do not change the file server port 8082.

Select file-> save to save the changes.

From the same directory, edit the ccnet.conf file and change the SERVICE_URL to your own FQDN.

image

When finished select file –> save.

Adding SMTP Mail Send

Navigate to SeaFileProgram-> SeaFile-Server-6.0.7\seahub\seagub and right click on the settings.py file. Select edit with IDLE.

Locate the email sending section and modify according to your SMTP server requirements. You can copy/paste the lines below to add the fields to the file as shown.

EMAIL_USE_TLS = False
EMAIL_HOST = 'smtp.example.com'        # smtp server
EMAIL_HOST_USER = 'username@example.com'    # username and domain
EMAIL_HOST_PASSWORD = 'el-password'    # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER

image

If you do not have access to an SMTP server, you can add SMTP to the SeaFile server by following these steps.

Go to the add roles and features wizard and add the SMTP server feature as shown below.

image

Open IIS 6 from the administrative tools menu, right click on the SMTP server and start the service.

image

Right click on the SMTP virtual server once again and select properties. Click on the access tab and then on relay restrictions. Add 127.0.0.1 to the list of authorized relay hosts.

image

Go back to c:\SeaFileProgram\Seafile-Server-6.0.7\seahub\seahub and edit the settings.py file. Modify the settings as shown below:

#################
# Email sending #
#################

SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True # Whether to send email when a system staff adding new member.
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True # Whether to send email when a system staff resetting user's password.

EMAIL_USE_TLS = False
EMAIL_HOST = '127.0.0.1'        # smpt server
EMAIL_HOST_USER = 'postmaster@yourdomain.com# username and domain
EMAIL_PORT = 25
SERVER_EMAIL = '127.0.0.1'
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER

 

Select file-> save when finished, then right click on the SeaFile icon located in the icon tray and Restart the SeaFile server. Also restart the SMTP

Navigate to http://yourfqdn:8001 to log in to SeaFile.

image 

How to set up SSL Certificate on SeaFile

For this post, we are going to use a Comodo SSL certificates from SSls, so please go to www.ssls.com and create an account if you don’t already have one. We will use SSL port 4043 for this example, however you can modify the relevant settings if you wish to use the standard SSL port 443 or any other port of your choice.

To begin, create a folders on the local drive volume named  c:\inetpub\https

Go to add roles and features and select the IIS role. In the role services, remove directory browsing show shown below.

image

Install Microsoft web Platform Installer 5.0 (Web PI) from here.  In the WebPi search box, look for URL rewrite and install URL Rewrite 2.0 as shown below.

image

Click on add and then on the install button to install URL Rewrite 2.0.

Open IIS7 and expand the server sites. Select the default Web site and click bindings. Change the physical path to c:\inetpub\http.

image

Click on the server and then double click on the server certificates icon.

image

Select create new certificate and fill out the DN properties.

image

Select 2048 bit Microsoft RSA cryptographic provider and the save the certificate request text file.

Navigate to SSLs.com and select a certificate such as the one shown below.

image

After you purchase and activate the certificate, copy/paste your CSR as shown below.

image

Select the first option for Windows IIS as shown below.

image

When done, submit the CSR. After you receive your confirmation email, copy and past the text code as indicated.

image

You will soon receive your certificate by email as an attachment. Copy/past or save the attachment on to the SeaFile server and extract the contents.

Open IIS7 and select complete certificate request.

image

Point the file name to the extracted certificate and give the file a friendly name such as SeaFileCert.

image

Add a new site and point the path to the HTTPS folder we previously created in inetpub. Select HTTPS binding and select the SSL certificate we created. Change the port to 4043 and then click OK.

image

Copy, paste and save the following text file in c:\inetpub\https\web.config file.

 

<configuration>

    <system.webServer>

        <rewrite>

        <rules>

        <rule name=’seafhttp’ stopProcessing=’true’>
        <match url=’seafhttp/(.*)’ />
        <action type=’Rewrite’ url=’http://localhost:8082/{R:1}’ appendQueryString=’false’ logRewrittenUrl=’true’ />
        </rule>

        <rule name=’Reverse Proxy’ patternSyntax=’ECMAScript’ stopProcessing=’true’>
        <match url=’(.*)’ /> 
        <action type=’Rewrite’ url=’http://localhost:8001/{R:1}’ logRewrittenUrl=’true’ />
        </rule>

        </rules>

        </rewrite>

    </system.webServer>

</configuration>

 

Go to your SSL site and double click on URL rewrite.

image

It should open a new window as shown below without any errors.

image

Next, go to c:\seafile-server\conf and modify the ccnet.conf file to show the correct URL.

SERVICE_URL = https://www.yoururl.com:4043
image
From the same directory, edit the seahub_settings.py file and add the line:
FILE_SERVER_ROOT = 'https://www.yoururl.com/seafhttp'
image

Go back to the Web Platform Installer and search for ARR, from the results, select and install Application Request Routing.

image

Select the IIS Server and then double click Application Request Routing.

image

Click on the server proxy settings link and enable the proxy.

image

Finally restart the server so that all the settings take effect and visit your new URL for a secure version of SeaFile!

image 

1 - 10Next
Managed IT Services & Helpdesk

 ‭(Hidden)‬ Blog Tools