We have upgraded our OpenFire SPARK server. The new version includes higher security, better encryption, and the ability to integrate with other XMPP compatible chat applications. You can also now use your favorite 3rd party XMPP compatible chat applications (such as Mozilla Thunderbird) to connect to our OpenFire server.
We had to create a new database of users and password, so please follow these instructions to get SPARK working again.
1. Open the SPARK login screen and change the user name, password and server name to the ones shown below:
username: usr.example Password: ************* server: chat.falconitservices.com
2. Click login to log in to SPARK.
3. Once you have logged in, select ‘Preferences’ from the SPARK menu and change your password.
4. Finally, if you want to customize SPARK, select ‘Edit My Profile’ from the SPARK menu and add your name, email address and an avatar.
Aside from antivirus email scanning, it’s important to block dangerous file attachments from reaching users in your organization. The first reaction I get from managers when I request file blocking is that they need to have access to sending and receiving certain types of files, such as ZIP, RAR, etc. Blocking these files creates an added layer of security by requiring the sender and recipient to perform a manual security ‘handshake’. This handshake add security be having the sender and recipient discuss exchanging the file, eliminating the files send by email by spammers or infected PC’s. Of course, the sender and recipient would have to send the file by another means, such as a file exchange service like SeaFile.
Open the Exchange admin panel and navigate to mail flo –> rules and click + to add a new rule.
Give your rule a name and click on more options at the bottom of the windows to display more options.
Create a rule that flags any attchments that have specific file name pattern.
Then add the file name extensions that you wish to block, excluding the dot.
Now select a response (such as email rejection) and include a rejection message
Click the save button when finished.
You may go back and click on the hyperlinked attachment types to add or remove attachments if you need to do so in the future.
Since MS office documents (DOC, XLS and PPT) can contain macros, it’s a good idea to send the user a warning message telling him/her to be careful and not allow Macros if requested, without consulting the sender or the helpdesk first. To do so, use the following setting after creating a new rule:
When someone outside the organizations sends an email to an internal mailbox, the message will be preceeded by a warning.
.EXE – An executable program file. Most of the applications running on Windows are .exe files.
.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.
.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.
.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.
.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.
.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.
.COM – The original type of program used by MS-DOS.
.SCR – A Windows screen saver. Windows screen savers can contain executable code.
.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.
.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.
.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.
.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.
.BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS.
.CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.
.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.
.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.
.WS, .WSF – A Windows Script file.
.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.
.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.
.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.
.SCF – A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.
.LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.
.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.
.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.
.DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.
I have seen several instances where Hyper-V guests stop working because the host machine runs out of disk space during a merge. Although you should never use a checkpoint on a production server, the temptation is there, and if you forget to delete it afterwards, you could find yourself in a pickle later on if you need to merge a large checkpoint and have little free space on the host server.
There is a quick an easy way around this, albeit with a caveat. The process involves moving the Hyper-V guest storage to an external USB drive that has plenty of space, merging the snapshot, then moving the data back. The risk is that USB drives are not as reliable for heavy loads, as for example, RAID arrays. The benefit is that it’s a quick solution that can get you out of a bind.
A safer way would be to do a live migration to another Hyper-V server that has available disk capacity, merge the snapshot, then move it back. However, this article is a quicker solution intended for companies that do not have an extra Hyper-V server with spare capacity lying around.
Make sure you have a backup of the Hyper-V guest before proceeding.
Connect an external USB disk to the Hyper-V server and make sure it’s accessible.
From the Hyper-V manager, right click on the Hyper-V guest and select move.
Select the option to move the Hyper-V guest machine’s storage.
In the next option, select to move only the virtual machine’s storage.
Selecty the guest machine you want to move, then click next.
Select the temporary USB drive storage drive to move the hyper-V guest disk image.
Click finish to begin the move process.
If you look at the USB drive volume, you will see that the Hyper-V copy process will begin copying the VHDx file and then, when it’s finished, it will copy the snapshot file(s) as well (aVHDx).
Depending on the size of the VM and the snapshots, this process could take several hours and up to a day. Remember USB disks don’t have the I/O performace of a RAID subsystem or direct bus SCSI/SATA connection. Luckily, you can continue working since the Hyper-V guest is still running during the move process. Sit back, relax and let it happen…
When the process finishes, you can verify that the move has completed by going to the Hyper-V manager and looking at the hard drive media location.
You should also see that the disk volume where the VM was located has extra disk space.
Now, proceed to remove the snapshot as you normally would. Right click on the Hyper-V guest and delete delete checkpoint or delete checkpoint subtree. You can also use PowerShell to remove the snapshot if the option to delete from the GUI is not present (this can happen sometimes).
Get-VMSnapshot -ComputerName “VMHostName” -VMName “VMGuestName” | Remove-VMSnapshot
The merge process will begin.
Once the Hyper-V merge is completed, use the same process described above, in reverse, to move the VM guest back to the original drive volume and away from the USB disk. DO NOT be tempted to leave the VM guest running off the USB drive unless you relish tragedy, drama or watching things crash and burn.
In addition to sending large files outside your organization, you can use SeaFile to receive large files that do not get through email systems. Here’s how:
Log in to Seafile by visiting www.falconitservices.com, click on support, then on the Seafile Transfer icon.
Log in to SeaFile using your user name and password. If you do not have one, contact the helpdesk to request one.
Click on the create library icon if you wish to create a special library for these files. Note: DO NOT encrypt the library, otherwise you will not be able to share it with others.
Clikc on the share icon next to the library.
Select upload link, then click on the generate button. You can add a password if you want anybody uploading to this library to be required to enter a password.
A hyperlink will be created that you can send to the person who is going to upload the files to your library. You can copy and paste the link to send via Email or you can click on the send button to have SeaFile send the link via Email.
The recipient will receive an email from postmaster at cloud.falconitservices.com, similar to the one shown below:
Clicking on the link will take them to an easy to use, upload page.
The default size is 500MB, which is quite large. If you need additional transfer limits, please contact the helpdesk for an increase.
After converting a Dell 310 Server with an S100 software raid to a virtual machine using Disk2VHD, the image would not boot up, even in safe mode.
In safe mode, I noticed that the BSOD appeard right after trying to load storport.sys. I had to remove these drivers in order to fix the issue.
Here is how you can fix hard disk and RAID drivers from your porevious hardware crashing your new virtual machine.
First, boot into safe mode by pressing the F8 key on startup.
Make a note of the last driver to load prior to BSOD system crash.
Next, boot into recovery mode by launching startup repair or by pressing F8 during boot then selecting the repair your computer option.
Log in as the local admin.
Open the command prompt.
The Recovery Media is drive X:. You will need to find your operating systems’s drive letter. use the command BCDEdit to locate the drive letter of your Windows OS partition. In the case below, the OS is on drive letter D:
Use the following command to get a list of 3rd party drivers:
Dism /image:D:\ /Get-Drivers (includes 3rd party drivers)
You can also add the /all switch if you suspect that a Windows driver may be causing the BSOD
Dism /image:D:\ /Get-Drivers /all (includes all drivers)
Use the get-driverInfo switch for additional information
Dism /image:D:\ /Get-DriverInfo /Driver:oem1.inf
Use the following command to remove the offending driver:
DISM /Image:D:\ /Remove-Driver /Driver:oem1.inf
Restart the Windows image.
If you continue to have problems, run Checkdisk, SFC Scan and Image Restore using the following Commands:
Chkdsk D: /r
SFC /scannow /offbootdir=D:\ /offwindir=D:\windows
Files greater than 5 Megabytes typically do not go through when sent by email. Seafile is an easy way to transmit files to others, while breaking the 5MB barrier. To use Seafile you will need a user name and password. If you do not have one, please contact our helpdesk.
To begin, navigate to www.falconitservices.com and click on the support link. From support, click on the Seafile icon.
Log in to SeaFile.
Click on New Library and give the library a name.
Click on the library link, then upload your files by clicking on the upload icon. Select the files and begin the upload process.
Once you have finished uploading all your files, go back to the main libraries.
Click on the share icon that appears when you hover your pointer over the library.
You can optionally password protect the file (you will need to give the recipient the password) and select a finite number of days that the files will be made available for download.
When finished, click the generate button.
A link will appear with the download URL. You can either copy the link and email it to the recipient(s) or simply click on the send button.
Enter the recipient’s email address, the click submit.
The recipient will receive an email similar to the one below.
When the email link is selected, it will take them to a Web page where the files are available for easy download.
Note: Although the Cisco SPA 525G supports WiFi, it’s recommended to use an Ethernet cable. WiFi is less reliable and is prone to dropping packets, which can cause the voice quality to degrade. The farther you are from the WiFi transponder, and the more devices that connect and utilize the available WiFi bandwidth, the higher the chances that the voice quality will encounter jitter. If an Ethernet cable is not available, follow these instructions to connect the SPA 525G via WiFi:
Press the setting button as indicated below.
Scroll to and select the network configuration settings.
Change the WiFi to the ON setting and press the set button to save the changes.
Select Wi-Fi configuration as shown below.
and then select wireless profile.
Press the scan button to look for SSID’s.
Once found, select the desired SSID and press the connect button.
Select the security mode and cipher type that your WiFi device uses for security, then enter the shared WiFi passphrase.
Save the settings when you have finished. Select the profile that was just created and press the connect button.
Once you have successfully connected, the status WiFi inducation will show the signal strength and the red X will disappear from the network icon.
Hyper-V Live migration is not supported in a workgroup environment, but you can move a Hyper-V guest from one server to another relatively easy. Just copy the VHD file from the source server to the target server and then create a new VM guest on the target server using the VHD file.
Make sure that you merge any snapshots before proceeding. Having a snapshot will not allow you to create a new VM using the VHD file. Following best practice, you should never have snapshots on productions servers anyways!
To begin, gracefully shut down the Hyper-V guest OS on the source server and locate the VHD file. If you are not sure where the VHD file is located, open the Hyper-V guest settings and look in the hard drive media settings.
Next, create a shared folder on the target server where the VHD file can be copied to. Note that copying large files over a network share can take a long time. You can opt to copy the file to a USB drive and then move it to the target server to expedite the process, if you have physical access to both servers.
Use copy/paste, Robocopy or Richcopy to move the VHD file to the target server.
As you can see in the image above, a relatively small VHD server file copied over a 10/100 Ethernet can take several hours
Once the VHD file can been copied, open the Hyper-V manager on the target server and create a new virtual machine.
Follow all the steps you normally would when creating a new VM, until you get to the step to create the virtual disk.
Choose ‘use an existing virtual hard disk’ as shown above the in the connect virtual hard disk option.
Click browse and select the VHD file that was copied to the target server.
Navigate to the Hyper-V manager on the target machine and start the newly created VM and Voila!
If the source server is on the same network, make sure to remove or delete the old Hyper-V guest so that someone does not start it accidentally.
Hold down the Windows key (image below) on your keyboard and press ‘R’.
When the run box appears, type msinfo32 as shown below and press OK.
The system name will appear as shown below.
Although not officially supported, Cisco CP 8961 and 9971 phones can be easily configured for use on FreePBX, Elastix and most Asterisk PBX systems. This step by step guide will provide the provisioning configuration details. The steps are:
For this post, we will be using Elastix 2.5, Windows DHCP and SolarWinds TFTP server, however you can adjust according to your own product preference. We will be using Cisco CP-9971 and CP-8961 with firmware version 9.3 however other Cisco UC phones will work as well. Note: you should have at least firmware 9.0 installed on the phones in order to use SIP protocol and work with Asterisk.
To configure Asterisk to allow the use of TCP in transport, log in to the Web UI and navigate to the Asterisk file editor. Locate the sip_general_custom.conf and add the following lines:
After you save the changes, locate sip_notify_custom.conf and add the following lines:
udpbindaddr=0.0.0.0 tcpenable=yes tcpbindaddr=0.0.0.0 callcounter=yes
When finished, click save and the reload Asterisk.
Download and install the TFTP Server of your choice or download and install a free TFTP server from SolarWinds by clicking here.
Inside the default TFTP folder (c:\TFTP-Root if using Solarwinds), create a file using Windows notepad. Name it ‘dialplan.xml’ and copy/paste the text below to the file.
<DIALTEMPLATE> <TEMPLATE MATCH="91.........." Timeout="0"/> <TEMPLATE MATCH="911" Timeout="0"/> <TEMPLATE MATCH="\*.." Timeout="0"/> <TEMPLATE MATCH="[1-8].." Timeout="1"/> <TEMPLATE MATCH="*" Timeout="5"/> < /DIALTEMPLATE>
When you have finished, save the file and make sure that the TFTP server is running.
Next, we will need to configure our DHCP server to use option 150 so that the IP phones obtain the IP address of the TFTP server from the DHCP server. The Cisco IP phones will use the TFTP server to download and install their respective provisioning configurations.
Open Windows DHCP server MMC and right click on the IPV4 server and select set predefined options.
Click add and give the option a name and a description. Select IP address as the data type and 150 as the code.
Add the TFTP server’s IP address to the value field and click OK.
1. Creating/configuring the phone extensions in the Elastic UI
From the Elastix Web UI, navigate to PBX->Configuration->Extensions. Select to add a generic SIP device.
Enter the extension number and relevant information, then save the settings. Go back and edit the extension and look for the transport option. If your version of asterisk has this transport option, you can set TCP here and skip the next step.
Submit your changes and apply the configuration.
2. Setting up the extension to utilize TCP instead of UDP
If you Asterisk version does not allow you to change the extension transport type from the extension edit GUI, you can do it in the sip_custom_post.conf file. Navigate to Tools->Asterisk File Editor and locate the sip_custom_post.conf file. Add the extension of your phone using the following syntax:
In the example shown below, there are three extensions in our lab setup that will use the CP-9971 phone, so we added them to the sip_custom_post.conf file. This will force these extensions to use TCP transport, a requirement for the CP-9971 IP phone.
Save and restart the Asterisk PBX.
On your Cisco IP phone, select phone information from the applications menu.
Note these two important pieces of information: the Host Name and the Active Load. Write them down, you will need them both.
On the server that has TFTP installed, open Windows notepad and copy/paste the XML text shown below.
<device> <deviceProtocol>SIP</deviceProtocol> <sshUserId>admin</sshUserId> <sshPassword>password</sshPassword> <devicePool> <dateTimeSetting> <dateTemplate>M/D/YA</dateTemplate> <timeZone>Eastern Standard/Daylight Time</timeZone> <ntps> <ntp> <name>pool.ntp.org</name> <ntpMode>Unicast</ntpMode> </ntp> </ntps> </dateTimeSetting> <callManagerGroup> <members> <member priority="0"> <callManager> <ports> <ethernetPhonePort>2000</ethernetPhonePort> <sipPort>5060</sipPort> <securedSipPort>5061</securedSipPort> </ports> <processNodeName>AsteriskIP</processNodeName> </callManager> </member> </members> </callManagerGroup> </devicePool> <sipProfile> <sipProxies> <backupProxy></backupProxy> <backupProxyPort>5060</backupProxyPort> <emergencyProxy></emergencyProxy> <emergencyProxyPort></emergencyProxyPort> <outboundProxy></outboundProxy> <outboundProxyPort></outboundProxyPort> <registerWithProxy>true</registerWithProxy> </sipProxies> <sipCallFeatures> <cnfJoinEnabled>true</cnfJoinEnabled> <callForwardURI>x-serviceuri-cfwdall</callForwardURI> <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI> <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI> <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI> <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI> <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI> <rfc2543Hold>false</rfc2543Hold> <callHoldRingback>2</callHoldRingback> <localCfwdEnable>true</localCfwdEnable> <semiAttendedTransfer>true</semiAttendedTransfer> <anonymousCallBlock>2</anonymousCallBlock> <callerIdBlocking>2</callerIdBlocking> <dndControl>0</dndControl> <remoteCcEnable>true</remoteCcEnable> </sipCallFeatures> <sipStack> <sipInviteRetx>6</sipInviteRetx> <sipRetx>10</sipRetx> <timerInviteExpires>180</timerInviteExpires> <timerRegisterExpires>1800</timerRegisterExpires> <timerRegisterDelta>5</timerRegisterDelta> <timerKeepAliveExpires>120</timerKeepAliveExpires> <timerSubscribeExpires>120</timerSubscribeExpires> <timerSubscribeDelta>5</timerSubscribeDelta> <timerT1>500</timerT1> <timerT2>4000</timerT2> <maxRedirects>70</maxRedirects> <remotePartyID>false</remotePartyID> <userInfo>None</userInfo> </sipStack> <autoAnswerTimer>1</autoAnswerTimer> <autoAnswerAltBehavior>false</autoAnswerAltBehavior> <autoAnswerOverride>true</autoAnswerOverride> <transferOnhookEnabled>false</transferOnhookEnabled> <enableVad>false</enableVad> <dtmfAvtPayload>101</dtmfAvtPayload> <dtmfDbLevel>3</dtmfDbLevel> <dtmfOutofBand>avt</dtmfOutofBand> <alwaysUsePrimeLine>false</alwaysUsePrimeLine> <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail> <kpml>3</kpml> <phoneLabel>Company</phoneLabel> <stutterMsgWaiting>1</stutterMsgWaiting> <callStats>false</callStats> <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts> <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig> <sipLines> <line button="1"> <featureID>9</featureID> <featureLabel>LabelName</featureLabel> <proxy>USECALLMANAGER</proxy> <port>5060</port> <name>EXT</name> <displayName>DispName</displayName> <autoAnswer> <autoAnswerEnabled>2</autoAnswerEnabled> </autoAnswer> <callWaiting>3</callWaiting> <authName>EXT</authName> <authPassword>Password</authPassword> <sharedLine>false</sharedLine> <messageWaitingLampPolicy>1</messageWaitingLampPolicy> <messagesNumber>*97</messagesNumber> <ringSettingIdle>4</ringSettingIdle> <ringSettingActive>5</ringSettingActive> <contact>EXT</contact> <forwardCallInfoDisplay> <callerName>true</callerName> <callerNumber>false</callerNumber> <redirectedNumber>false</redirectedNumber> <dialedNumber>true</dialedNumber> </forwardCallInfoDisplay> </line> </sipLines> <voipControlPort>5060</voipControlPort> <startMediaPort>16348</startMediaPort> <stopMediaPort>20134</stopMediaPort> <dscpForAudio>184</dscpForAudio> <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy> <dialTemplate>dialplan.xml</dialTemplate> <softKeyFile></softKeyFile> </sipProfile> <commonProfile> <phonePassword></phonePassword> <backgroundImageAccess>true</backgroundImageAccess> <callLogBlfEnabled>2</callLogBlfEnabled> </commonProfile> <loadInformation>ActiveLoad</loadInformation> <vendorConfig> <disableSpeaker>false</disableSpeaker> <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset> <pcPort>0</pcPort> <settingsAccess>1</settingsAccess> <garp>0</garp> <voiceVlanAccess>0</voiceVlanAccess> <videoCapability>0</videoCapability> <autoSelectLineEnable>0</autoSelectLineEnable> <webAccess>1</webAccess> <daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive> <displayOnTime>00:00</displayOnTime> <displayOnDuration>00:00</displayOnDuration> <displayIdleTimeout>00:00</displayIdleTimeout> <spanToPCPort>1</spanToPCPort> <loggingDisplay>1</loggingDisplay> <loadServer></loadServer> </vendorConfig> <userLocale> <name></name> <uid></uid> <langCode>en_US</langCode> <version>18.104.22.168-1</version> <winCharSet>iso-8859-1</winCharSet> </userLocale> <networkLocale></networkLocale> <networkLocaleInfo> <name></name> <uid></uid> <version>22.214.171.124-1</version> </networkLocaleInfo> <deviceSecurityMode>1</deviceSecurityMode> <authenticationURL></authenticationURL> <directoryURL></directoryURL> <servicesURL></servicesURL> <idleURL></idleURL> <informationURL></informationURL> <messagesURL></messagesURL> <proxyServerURL></proxyServerURL> <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig> <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices> <dscpForCm2Dvce>96</dscpForCm2Dvce> <transportLayerProtocol>4</transportLayerProtocol> <capfAuthMode>0</capfAuthMode> <capfList> <capf> <phonePort>3804</phonePort> </capf> </capfList> <certHash></certHash> <encrConfig>false</encrConfig> < /device>
Save the file as the ‘host_name.cnf.xml’ inside the TFTP folder.
For example, if the IP phone’s host name is SEPC40ACBE0C2F3 then save the file as SEPC40ACBE0C2F3.cnf.xml.
When finished, edit the file with notepad and change the fields listed below in BLUE. You can change other fields to fit your preferences; all the descriptions and options are documented in this GitHub site as well as in usecallmanaer.com.nz.
When finished, reset and power cycle your phone and it will be configured automatically.