Skip Ribbon Commands
Skip to main content

Helping Prevent Technological Defenestration.

June 13
Configuring Asterisk to use Cisco Unified CP-9971, CP-8961 IP Phones

Although not officially supported, Cisco CP 8961 and 9971 phones can be easily configured for use on FreePBX, Elastix and most Asterisk PBX systems. This step by step guide will provide the provisioning configuration details. The steps are:

  • Configuring Asterisk to allow TCP protocol for use on specific IP phones.
  • Setting up a DHCP server with TFTP option 150.
  • Setting up a TFTP server.
  • Configuring extensions in Asterisk.
  • Creating XML configuration files for the IP phones.

For this post, we will be using Elastix 2.5, Windows DHCP and SolarWinds TFTP server, however you can adjust according to your own product preference. We will be using Cisco CP-9971 and CP-8961 with firmware version 9.3 however other Cisco UC phones will work as well. Note: you should have at least firmware 9.0 installed on the phones in order to use SIP protocol and work with Asterisk.

Configuring Asterisk to use TCP

To configure Asterisk to allow the use of TCP in transport, log in to the Web UI and navigate to the Asterisk file editor. Locate the sip_general_custom.conf and add the following lines:

tcpenable=yes
tcpbindaddr=0.0.0.0

image

After you save the changes, locate sip_notify_custom.conf and add the following lines:

udpbindaddr=0.0.0.0
tcpenable=yes
tcpbindaddr=0.0.0.0
callcounter=yes

image

When finished, click save and the reload Asterisk.

Configuring the TFTP Server

Download and install the TFTP Server of your choice or download and install a free TFTP server from SolarWinds by clicking here. 

image

Inside the default TFTP folder (c:\TFTP-Root if using Solarwinds), create a file using Windows notepad. Name it ‘dialplan.xml’ and copy/paste the text below to the file.

<DIALTEMPLATE>
     <TEMPLATE MATCH="91.........." Timeout="0"/>
     <TEMPLATE MATCH="911" Timeout="0"/>
     <TEMPLATE MATCH="\*.." Timeout="0"/>
     <TEMPLATE MATCH="[1-8].." Timeout="1"/>
     <TEMPLATE MATCH="*" Timeout="5"/>
< /DIALTEMPLATE>

 

image

When you have finished, save the file and make sure that the TFTP server is running.

image

 

Configuring the DHCP Server

Next, we will need to configure our DHCP server to use option 150 so that the IP phones obtain the IP address of the TFTP server from the DHCP server. The Cisco IP phones will use the TFTP server to download and install their respective provisioning configurations.

Open Windows DHCP server MMC and right click on the IPV4 server and select set predefined options.

image

Click add and give the option a name and a description. Select IP address as the data type and 150 as the code.

image

Add the TFTP server’s IP address to the value field and click OK.

image

 

Configuring Extensions and Phones

 

 

1. Creating/configuring the phone extensions in the Elastic UI

From the Elastix Web UI, navigate to PBX->Configuration->Extensions. Select to add a generic SIP device.

image

Enter the extension number and relevant information, then save the settings. Go back and edit the extension and look for the transport option.  If your version of asterisk has this transport option, you can set TCP here and skip the next step.

 

image

Submit your changes and apply the configuration.


2. Setting up the extension to utilize TCP instead of UDP

If you Asterisk version does not allow you to change the extension transport type from the extension edit GUI, you can do it in the sip_custom_post.conf file. Navigate to Tools->Asterisk File Editor and locate the sip_custom_post.conf file.  Add the extension of your phone using the following syntax:

[EXT#](+)
transport=TCP

In the example shown below, there are three extensions in our lab setup that will use the CP-9971 phone, so we added them to the sip_custom_post.conf file. This will force these extensions to use TCP  transport, a requirement for the CP-9971 IP phone.

image

Save and restart the Asterisk PBX.

Configuring the Cisco IP Phone

On your Cisco IP phone, select phone information from the applications menu.

image

Note these two important pieces of information: the Host Name and the Active Load. Write them down, you will need them both.

image

On the server that has TFTP installed, open Windows notepad and copy/paste the XML text shown below.

 

<device>
    <deviceProtocol>SIP</deviceProtocol>
    <sshUserId>admin</sshUserId>
    <sshPassword>password</sshPassword>
    <devicePool>
       <dateTimeSetting>
          <dateTemplate>M/D/YA</dateTemplate>
          <timeZone>Eastern Standard/Daylight Time</timeZone>
          <ntps>
             <ntp>
                <name>pool.ntp.org</name>
                <ntpMode>Unicast</ntpMode>
             </ntp>        
          </ntps>
       </dateTimeSetting>
       <callManagerGroup>
          <members>
             <member priority="0">
                <callManager>
                   <ports>
                      <ethernetPhonePort>2000</ethernetPhonePort>
                      <sipPort>5060</sipPort>
                      <securedSipPort>5061</securedSipPort>
                   </ports>
                   <processNodeName>AsteriskIP</processNodeName>
                </callManager>
             </member>
          </members>
       </callManagerGroup>
    </devicePool>
    <sipProfile>
       <sipProxies>
          <backupProxy></backupProxy>
          <backupProxyPort>5060</backupProxyPort>
          <emergencyProxy></emergencyProxy>
          <emergencyProxyPort></emergencyProxyPort>
          <outboundProxy></outboundProxy>
          <outboundProxyPort></outboundProxyPort>
          <registerWithProxy>true</registerWithProxy>
       </sipProxies>
       <sipCallFeatures>
          <cnfJoinEnabled>true</cnfJoinEnabled>
          <callForwardURI>x-serviceuri-cfwdall</callForwardURI>
          <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
          <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
          <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
          <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
          <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
          <rfc2543Hold>false</rfc2543Hold>
          <callHoldRingback>2</callHoldRingback>
          <localCfwdEnable>true</localCfwdEnable>
          <semiAttendedTransfer>true</semiAttendedTransfer>
          <anonymousCallBlock>2</anonymousCallBlock>
          <callerIdBlocking>2</callerIdBlocking>
          <dndControl>0</dndControl>
          <remoteCcEnable>true</remoteCcEnable>
       </sipCallFeatures>
       <sipStack>
          <sipInviteRetx>6</sipInviteRetx>
          <sipRetx>10</sipRetx>
          <timerInviteExpires>180</timerInviteExpires>
          <timerRegisterExpires>1800</timerRegisterExpires>
          <timerRegisterDelta>5</timerRegisterDelta>
          <timerKeepAliveExpires>120</timerKeepAliveExpires>
          <timerSubscribeExpires>120</timerSubscribeExpires>
          <timerSubscribeDelta>5</timerSubscribeDelta>
          <timerT1>500</timerT1>
          <timerT2>4000</timerT2>
          <maxRedirects>70</maxRedirects>
          <remotePartyID>false</remotePartyID>
          <userInfo>None</userInfo>
       </sipStack>
       <autoAnswerTimer>1</autoAnswerTimer>
       <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
       <autoAnswerOverride>true</autoAnswerOverride>
       <transferOnhookEnabled>false</transferOnhookEnabled>
       <enableVad>false</enableVad>
       <dtmfAvtPayload>101</dtmfAvtPayload>
       <dtmfDbLevel>3</dtmfDbLevel>
       <dtmfOutofBand>avt</dtmfOutofBand>
       <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
       <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
       <kpml>3</kpml>
       <phoneLabel>Company</phoneLabel>
       <stutterMsgWaiting>1</stutterMsgWaiting>
       <callStats>false</callStats>
       <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
       <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
       <sipLines>
          <line button="1">
             <featureID>9</featureID>
             <featureLabel>LabelName</featureLabel>
             <proxy>USECALLMANAGER</proxy>
             <port>5060</port>
             <name>EXT</name>
             <displayName>DispName</displayName>
             <autoAnswer>
                <autoAnswerEnabled>2</autoAnswerEnabled>
             </autoAnswer>
             <callWaiting>3</callWaiting>
             <authName>EXT</authName>
             <authPassword>Password</authPassword>
             <sharedLine>false</sharedLine>
             <messageWaitingLampPolicy>1</messageWaitingLampPolicy>
             <messagesNumber>*97</messagesNumber>
             <ringSettingIdle>4</ringSettingIdle>
             <ringSettingActive>5</ringSettingActive>
             <contact>EXT</contact>
             <forwardCallInfoDisplay>
                <callerName>true</callerName>
                <callerNumber>false</callerNumber>
                <redirectedNumber>false</redirectedNumber>
                <dialedNumber>true</dialedNumber>
             </forwardCallInfoDisplay>
          </line>
       </sipLines>
       <voipControlPort>5060</voipControlPort>
       <startMediaPort>16348</startMediaPort>
       <stopMediaPort>20134</stopMediaPort>
       <dscpForAudio>184</dscpForAudio>
       <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
       <dialTemplate>dialplan.xml</dialTemplate>
       <softKeyFile></softKeyFile>
    </sipProfile>
    <commonProfile>
       <phonePassword></phonePassword>
       <backgroundImageAccess>true</backgroundImageAccess>
       <callLogBlfEnabled>2</callLogBlfEnabled>
    </commonProfile>
    <loadInformation>ActiveLoad</loadInformation>
    <vendorConfig>
       <disableSpeaker>false</disableSpeaker>
       <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
       <pcPort>0</pcPort>
       <settingsAccess>1</settingsAccess>
       <garp>0</garp>
       <voiceVlanAccess>0</voiceVlanAccess>
       <videoCapability>0</videoCapability>
       <autoSelectLineEnable>0</autoSelectLineEnable>
       <webAccess>1</webAccess>
       <daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
       <displayOnTime>00:00</displayOnTime>
       <displayOnDuration>00:00</displayOnDuration>
       <displayIdleTimeout>00:00</displayIdleTimeout>
       <spanToPCPort>1</spanToPCPort>
       <loggingDisplay>1</loggingDisplay>
       <loadServer></loadServer>
    </vendorConfig>
    <userLocale>
       <name></name>
       <uid></uid>
       <langCode>en_US</langCode>
       <version>1.0.0.0-1</version>
       <winCharSet>iso-8859-1</winCharSet>
    </userLocale>
    <networkLocale></networkLocale>
    <networkLocaleInfo>
       <name></name>
       <uid></uid>
       <version>1.0.0.0-1</version>
    </networkLocaleInfo>   
    <deviceSecurityMode>1</deviceSecurityMode>
    <authenticationURL></authenticationURL>
    <directoryURL></directoryURL>
    <servicesURL></servicesURL>
    <idleURL></idleURL>
    <informationURL></informationURL>
    <messagesURL></messagesURL>
    <proxyServerURL></proxyServerURL>
    <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
    <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
    <dscpForCm2Dvce>96</dscpForCm2Dvce>
    <transportLayerProtocol>4</transportLayerProtocol>
    <capfAuthMode>0</capfAuthMode>
    <capfList>
       <capf>
          <phonePort>3804</phonePort>
       </capf>
    </capfList>
    <certHash></certHash>
    <encrConfig>false</encrConfig>
< /device>

 

Save the file as the ‘host_name.cnf.xml’ inside the TFTP folder.

For example, if the IP phone’s host name is SEPC40ACBE0C2F3 then save the file as SEPC40ACBE0C2F3.cnf.xml.

image

 

When finished, edit the file with notepad and change the fields listed below in BLUE. You can change other fields to fit your preferences; all the descriptions and options are documented in this GitHub site as well as in usecallmanaer.com.nz.

 

<processNodeName>Asterisk  IP</processNodeName> Insert your Asterisk PBX IP address or FQDN here.
<featureLabel>LabelName</featureLabel> Insert the phone label name (keep it short < 10 chars)
<phoneLabel>Company</phoneLabel> Company or department name (<10 chars)
<name>EXT</name> Phone Extension
<contact>EXT</contact> Phone Extension
<displayName>DispName</displayName> Display Name (<10 chars)
<authName>EXT</authName> Phone Extension
<authPassword>Password</authPassword> Extension Password
<loadInformation>ActiveLoad</loadInformation> Your phone’s Active Load information (it must match)

 

When finished, reset and power cycle your phone and it will be configured automatically.

image 

May 23
How to Install SeaFile for Windows with SSL Certificate Step by Step

This tutorial will guide you on setting up SeaFile on a Windows 2012R2 server and installing an SSL certificate.

Requirements

  • Windows Server 2012, 2012R2 or 2016
  • Administrative account on Windows server
  • Public static IP address
  • DNS to resolve FQDN to public IP
  • Router to forward ports 8001, 8082, 12001 to SeaFile Server
  • SSL Certificate from trusted authority (www.ssls.com)

Pre-Setup

  • Configure a static private IP address on the Windows server that will host SeaFile
  • Install the latest Windows updates
  • Disable UAC (you can enable it again after the install is completed)
  • Make sure that the server has access to the Internet.
  • Disable IE enhanced security configuration
  • Download and install 7-Zip from www.7-zip.org
  • Open ports 8001 and 8082 on your  firewall and translate 9forward) to the SeaFile server.

Log in using an administrative account, download and install python 2.7.11 32bit, make sure to use the x32 version as x64 will NOT work properly. The installation will create a folder named c:\Pythod27 by default.

Go to system properties –> advanced tab –> environment variables.

Edit the path and add:  ;c:\Python27\ to the end of the environment path.

Make sure that there is no whitespace, see example below:

image

Navigate to https://www.seafile.com/en/download and download SeaFile Server for Windows version 6.07.

Create a folder c:\SeafileProgram and extract the SeaFile tar file using 7-Zip to that location.

image

Navigate to the extracted located and execute the run.bat file.

image

Once the installation process begins, choose a disk volume where the SeaFile folder will be installed and click next. A SeaFile server icon will appear in the icon tray. Right click on it and select add an admin account. Enter an email address and password and click OK.

image

Navigate to c:\Seafile-Server\conf and open seafile.conf using a text editor.

Copy and past the following text on to the editor:

 

[database]
type = sqlite

[network]
port = 12001

[fileserver]
port = 8082

[seahub]
port = 8001
fastcgi = false

[fileserver]

# Set maximum upload file size to 500M.
max_upload_size=500

# Set maximum download directory size to 500M.
max_download_dir_size=500


[quota]

# default user quota in GB, integer only
default = 5

 

 

We will use port 8001 for the Web UI and port 8082 for the file server. You can adjust the Web UI port and quota sizes  to your own specifications but do not change the file server port 8082.

Select file-> save to save the changes.

From the same directory, edit the ccnet.conf file and change the SERVICE_URL to your own FQDN.

image

When finished select file –> save.

Adding SMTP Mail Send

Navigate to SeaFileProgram-> SeaFile-Server-6.0.7\seahub\seagub and right click on the settings.py file. Select edit with IDLE.

Locate the email sending section and modify according to your SMTP server requirements. You can copy/paste the lines below to add the fields to the file as shown.

EMAIL_USE_TLS = False
EMAIL_HOST = 'smtp.example.com'        # smtp server
EMAIL_HOST_USER = 'username@example.com'    # username and domain
EMAIL_HOST_PASSWORD = 'el-password'    # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER

image

If you do not have access to an SMTP server, you can add SMTP to the SeaFile server by following these steps.

Go to the add roles and features wizard and add the SMTP server feature as shown below.

image

Open IIS 6 from the administrative tools menu, right click on the SMTP server and start the service.

image

Right click on the SMTP virtual server once again and select properties. Click on the access tab and then on relay restrictions. Add 127.0.0.1 to the list of authorized relay hosts.

image

Go back to c:\SeaFileProgram\Seafile-Server-6.0.7\seahub\seahub and edit the settings.py file. Modify the settings as shown below:

#################
# Email sending #
#################

SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True # Whether to send email when a system staff adding new member.
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True # Whether to send email when a system staff resetting user's password.

EMAIL_USE_TLS = False
EMAIL_HOST = '127.0.0.1'        # smpt server
EMAIL_HOST_USER = 'postmaster@yourdomain.com# username and domain
EMAIL_PORT = 25
SERVER_EMAIL = '127.0.0.1'
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER

 

Select file-> save when finished, then right click on the SeaFile icon located in the icon tray and Restart the SeaFile server. Also restart the SMTP

Navigate to http://yourfqdn:8001 to log in to SeaFile.

image 

How to set up SSL Certificate on SeaFile

For this post, we are going to use a Comodo SSL certificates from SSls, so please go to www.ssls.com and create an account if you don’t already have one. We will use SSL port 4043 for this example, however you can modify the relevant settings if you wish to use the standard SSL port 443 or any other port of your choice.

To begin, create a folders on the local drive volume named  c:\inetpub\https

Go to add roles and features and select the IIS role. In the role services, remove directory browsing show shown below.

image

Install Microsoft web Platform Installer 5.0 (Web PI) from here.  In the WebPi search box, look for URL rewrite and install URL Rewrite 2.0 as shown below.

image

Click on add and then on the install button to install URL Rewrite 2.0.

Open IIS7 and expand the server sites. Select the default Web site and click bindings. Change the physical path to c:\inetpub\http.

image

Click on the server and then double click on the server certificates icon.

image

Select create new certificate and fill out the DN properties.

image

Select 2048 bit Microsoft RSA cryptographic provider and the save the certificate request text file.

Navigate to SSLs.com and select a certificate such as the one shown below.

image

After you purchase and activate the certificate, copy/paste your CSR as shown below.

image

Select the first option for Windows IIS as shown below.

image

When done, submit the CSR. After you receive your confirmation email, copy and past the text code as indicated.

image

You will soon receive your certificate by email as an attachment. Copy/past or save the attachment on to the SeaFile server and extract the contents.

Open IIS7 and select complete certificate request.

image

Point the file name to the extracted certificate and give the file a friendly name such as SeaFileCert.

image

Add a new site and point the path to the HTTPS folder we previously created in inetpub. Select HTTPS binding and select the SSL certificate we created. Change the port to 4043 and then click OK.

image

Copy, paste and save the following text file in c:\inetpub\https\web.config file.

 

<configuration>

    <system.webServer>

        <rewrite>

        <rules>

        <rule name=’seafhttp’ stopProcessing=’true’>
        <match url=’seafhttp/(.*)’ />
        <action type=’Rewrite’ url=’http://localhost:8082/{R:1}’ appendQueryString=’false’ logRewrittenUrl=’true’ />
        </rule>

        <rule name=’Reverse Proxy’ patternSyntax=’ECMAScript’ stopProcessing=’true’>
        <match url=’(.*)’ /> 
        <action type=’Rewrite’ url=’http://localhost:8001/{R:1}’ logRewrittenUrl=’true’ />
        </rule>

        </rules>

        </rewrite>

    </system.webServer>

</configuration>

 

Go to your SSL site and double click on URL rewrite.

image

It should open a new window as shown below without any errors.

image

Next, go to c:\seafile-server\conf and modify the ccnet.conf file to show the correct URL.

SERVICE_URL = https://www.yoururl.com:4043
image
From the same directory, edit the seahub_settings.py file and add the line:
FILE_SERVER_ROOT = 'https://www.yoururl.com/seafhttp'
image

Go back to the Web Platform Installer and search for ARR, from the results, select and install Application Request Routing.

image

Select the IIS Server and then double click Application Request Routing.

image

Click on the server proxy settings link and enable the proxy.

image

Finally restart the server so that all the settings take effect and visit your new URL for a secure version of SeaFile!

image 

May 18
Sharing Files with SeaFile: Your Own Private Cloud Based Network Drive

 

Using SeaFile to Store and Share Files Securely over the Internet

 

The default SeaFile URL is https://seafile.falconitservices.com:4043 however you can request a custom login URL such as https://seafile.yourdomain.com.

Log in to SeaFile using your supplied credentials. If you are new to SeaFile, contact our helpdesk to obtain a user name and password.

image

You will be requested to change your password on first login.

image

 

Creating A SeaFile Library to Share

Once you have logged in to SeaFile,  go to Files –> My Libraries and select New Library.

image

Give your library a friendly name. Note: you can optionally encrypt the contents on the server’s disk, however encrypted folders cannot be shared with others. They are strictly used as secure storage or external backup. Encrypted libraries cannot be decrypted later on or accessed if you forget the password!

image

Encrypted folders will have a lock icon as shown below.

image

Uploading Documents to a Library using the SeaFile Web UI

Log in to SeaFile using a Web browser and navigate to My Libraries. Click on the Library you want to upload to and then click on the upload button. Select the file to upload using your computer browser.

image

 

Uploading Documents to a Library using the SeaFile Application

If you upload multiple applications or manage multiple libraries, I recommend you use the SeaFile application. It allows you to easily drag and drop files to and from Libraries and well as manage your libraries from an app on your desktop rather than having to log in to a Web interface. Call the helpdesk to have the SeaFile application installed on your desktop computer.

Double click on a library to open the file browser then drag and drop or copy/paste your files into the cloud browser. From there, they will be synchronized with the SeaFile server.

image

Sharing Files with External Sources

Log in to the SeaFile Web interface and select the library you want to share and click on the share button.

Download Link: This option creates a link that you can email others to allow them to view your library files. Adding password protection will require the link users to enter the password before they can preview the library. You can also add an expiration date which will remove the access after the date has been surpassed.

Note: It’s important to create an expiration time limit, especially if you do not password protect your link! Links that have no password and no expiration date can be indexed by search engines and your files may become compromised.

To create the link, click on the generate button, then copy and paste the link URL to send via Email or use the send feature and click submit.

image

 

Upload Link: The upload link works the same way as the download link except that it’s used to allow an external source to upload files into your library.

image

Share to User: This option allows you to share your library with other Falcon IT Services SeaFile users. This allows multiple users to share libraries using the SeaFile Web UI or the SeaFile application. Type a users email address to add the user to the share list.

December 31
Gracefully Shutting Down Windows Servers and Hyper-V During a Power Outage Using APC Network Management Card (NMC) and PowerChute Network Shutdown (PCNS)

Needless to say that a Server suddenly being turned off or losing power is a roll of the dice. Especially sensitive to abrupt shut downs are SQL, Exchange and Hyper-V Servers. For this reason, it’s extremely important to have an unattended graceful shutdown software for power outage events.

What is Needed:

Note: There are several types of UPS’, cables and software you can use to accomplish a graceful shutdown however in this post I will cover only the APC Smart UPS with NMC and PCNS because it’s a system I have been using successfully to gracefully shut down multiple servers from a single UPS, under specific conditions.

To begin, install your NMC on the SMART UPS and configure an IP address. Access the NMC using a Web browser (or Telnet if it’s Throwback Thursday).

image

image

Log in to the user interface and set up E-Mail or SNMP alerts. It’s generally a good idea to be alerted when the UPS is going to shut down the servers. This can be done from the administration –> notification menu.

image

Set up the type of alerts you want from the event actions, then set up either SMTP or SNMP for alert notifications.

To begin configuring shutdown, check how much runtime you have by clicking on the UPS –> Overview menu. Runtime is how much time your UPS will be able to power your systems during a power outage.

image

As you can see, the image above indicates that we have approximately 1 hour and 8 minutes after the power goes out, before our UPS batteries are completely drained. In contrast, the image below shows a different UPS with only 26 minutes of runtime. Our shutdown policies should be based on how much runtime we have, which is different for every situation. For this reason, we cannot simply use ‘default’ settings, we must study and understand how shutdown works and what variables are required, based on several important factors.

image

 

Go to the UPS Tab, this is where the important settings are entered. These settings are not as self explanatory as they seem and they are very, very important. For this reason, I urge you to read about, and fully understand these settings before proceeding. You can get detailed information about these parameters in this blog by Steve Jenkins.

UPS –> Control


The UPS control is used for a user initiated shutdown sequence. This is useful for testing or for manually initiating a shutdown sequence where the UPS signals the servers to shut themselves down gracefully.

UPS –> Configuration –> Shutdown

image

1. Low Battery Duration: The point at which the UPS sends a signal to gracefully shut down all the servers. You should set this threshold to give your servers plenty of time to gracefully shut down.

2. Shutdown Delay: This is how long the UPS will stay on after all the servers have successfully shut down.

3. Maximum Required Delay: This value is calculated by the NMC after it queries the PCNS clients. After you add/remove PCNS clients, this value will change. It’s based on how much time it thinks it will take to gracefully shut down all your operating systems.

Note: Basic Signaling Shutdown is for serial cable communication, leave it unchecked. This does not apply to what we are doing here!

4. Duration of Shutdown Sleep Time:  How long the UPS will stay off when you initiate a manual shutdown sequence manually from the control menu.

5. Minimum Battery Capacity: This is the minimum charge level the NMC will require before it turns the power back on. The capacity should be enough to sustain another shutdown sequence if the power cuts off again.

6. Return Delay: How long the UPS will stay off (and recharge) after power has been restored. This is useful because as we all know, power disruptions can be intermittent and it’s best to wait for power to be steadily restores before restating your servers.

APC Shutdown Sequence Explained via an Epic Mini Space Novella

First Officer: Captain, we’ve lost main power!
Captain: Blimey, how long will auxiliary power hold us in orbit?
First Officer: Approximately [runtime] minutes, captain.
Captain:  We have plenty of time. It takes us [maximum required delay] to evacuate the ship, so there is no need to panic! Let’s wait until we reach the [low battery duration] threshold. Maybe by then we will get our main power restored. (Pressing intercom) Engineering, this is the captain! I need power… the lives… of our crew… depend on it! 
Engineering Officer: I’m giving it all I’ve got, captain!

image

First Officer (profusely sweating): Captain, we have only [low battery duration] minutes left on auxiliary and the ship’s main power is still off-line. If we don’t evacuate now, we won’t get the entire crew out on time. Should I send the evacuation signal?
Captain: Make it so… and may God have mercy on our souls!

Hopefully that gives you a better understanding of how the shutdown process work!

PowerChute Clients Setup


PowerChute Clients – add the IP addresses of the servers you are going to gracefully shut down.

image

Now that we have configure the network monitoring card, it’s time to configure the servers.

Download and install PCNS on the physical servers you plan to gracefully shut down in the event of a power outage. Do not install PCNS on virtual servers.

image

Once the software is installed, it will open a browser and begin the configuration utility.

Select your preferred networking protocol, SCVMM support and UPS configuration. You will need the NMC user name, password and authentication phrase. Unless you have changed them, the defaults are:

User name: apc
Password: apc
Auth Phrase: admin user phrase

Add the IP address of your Network Monitoring Card (NMC) and click next…

image

The wizard will confirm the settings, then click on the apply button.

image

If you are using Hyper-V, set the duration for Hyper-V shutdown. This should be how long it takes to gracefully shut down the virtual machines. It should provide ample time for VM shutdown before the physical machine is shut down. If the example below, we set that threshold for 10 minutes (600 seconds) to give an old server plenty of time to shut down its VMs. If our low battery duration is 10 minutes, that leaves us no time to gracefully shut down our physical servers! So make sure you set this value high enough to allow graceful shutdown of your VM’s while still allowing plenty of time for your physical servers to shut down before your UPS shuts off! If you set your VMs shutdown duration for 10 minutes, then your low battery duration should be set to at least 12 minutes.

image 

After the VM shutdown duration time has been exceeded, the PowerChute software will start to shut down the physical machine.

You do not need to turn off the UPS, this action will be performed by the network monitoring card based on its settings.

image

Once the wizard connects successfully, click finish.

Please note, it’s useful to test your configuration in a lab environment before configuring these solutions in a production environment. A lab test will give you ideas of how to tweak the settings to best fit your needs.

December 09
How to Create a Windows Log Email Alerting System Using Free SNMP Tools

 

What is SNMP: Simple Network Management Protocol (SNMP) is a protocol that is used to configure and collect information about network devices such as servers, printers, routers and switches. In this article, we will use SNMP to collect important health data from Dell servers, Microsoft operating systems and Sonicwall routers. RAID degradation, Windows performance problems, low disk space, replication errors, account privilege changes and software installation notifications are just some of the events we are going to monitor using the techniques below.

Free windows event alerts

SNMP TRAP – This the Software that will collect data from all the network devices, store it in an SQL database, and send you e-mail alerts for critical events. The Software, Dell OMSE, is free to install on a Dell server.

SNMP Agent – Software that collects data from the hardware it’s installed on and passes it on to the TRAP server.

Configuring the SNMP TRAP Server

 

The TRAP server is a server that will collect and store SNMP data from agents.

You will need a server to act as the TRAP server, it must have a static IP and SNMP Ports 161 & 162 (UDP) open to the internal LAN, since a variety of devices will send SNMP data to the TRAP server.

Afte you select a TRAP server, install the Windows SNMP Service on it..

 

image

From the command prompt, type services.msc to open the services console.

image

1. Open the SNMP Service

2. Locate the TRAP tab

3. Select a community name. Use a friendly, descriptive name with no spaces or special characters. This name will be used throughout the process of configuring the SNMP agents later on.

4. Add the Trap server’s  own IP address to the trap destination field

Once finished, look for the security tab.

image

1. Click on the security tab

2. Uncheck the authentication trap

3. Add the community name as READ ONLY. Selecting read/write poses a security risk, since SNMP commands can then be sent to the server to modify its settings by anybody inside the network that knows the community name. For this reason, I recommend using READ ONLY settings for all SNMP enabled devices.

4. Add localhost to the accepted packets field.

Restart the SNMP service so that changes take effect.

Download Dell Open Manage Essentials

Prior to installation, disable UAC.

image

Extract and install Dell Open Manage Essentials. OMSE has several prerequisites (.net 3.5, silverlight, etc.) which need to be installed, but that is beyond the scope of this article. You can install them by clicking on their respective links prior to installing OMSE.

image

 

Once all of the pre-requisites have been installed, proceed with the installation.

image

Open the Dell OpenManage Essentials application. There will be a wizard that explains the process of installing SNMP agents. Click next as you read the instructions or just finish since we will discuss that here in detail.

Configure the device discovery by adding your network’s internal IP address range in the discovery scope. OMSE will use this to scan your network and inventory your devices.

image

The next step is to select the type of agents to monitor. Although OMSE can use monitoring agents such as WMI and WS-MAN, we are going to focus on SNMP.

image

Enter your community name in the GET community field.

image

OMSE will begin a network discovery process.  If you want to monitor your workstations and other DHCP enabled devices, allow the network discovery to proceed. You may however, not want to do this! DELL OMSE will ping devices based on a pre-determined schedule and if your users turn off their desktops and printers at night, you will receive system down notifications. You can opt to disable alerts during specific hours but this is not a good option. If a server’s RAID subsystem becomes degraded in the night, you will probably want to know about it right away.

I prefer to monitor network and infrastructure devices such as servers, networked printers, switches and routers, which are usually outside of the DHCP scope. There are other ways to get around the above mentioned issues, but for the sake of making things simple, I am going to exclude my DHCP scope and monitor only devices with static IP addresses.

Right click on the discovery and select STOP!

image

Create an exclusion range as shown below and enter your DHCP scope.

image

Click on discover schedule and select a date/time for discovery to be performed. In the name resolution section, use NetBIOS resolution if you don’t mind having the extra traffic. NetBIOS will find more devices on your network since it’s a broadcast protocol.

image

When finished with the discovery schedule, select date/time for the inventory schedule.

Finally select status schedule and add a pre-defined time to poll the devices.

image

I like to configure polling to every 20 minutes, this means it will take up to 20 minutes for the system to detect a node down and send you an alert. You can increase or decrease the polling time interval to compensate for network traffic vs. alert speed.

Click on the ALERTS menu and select as shown below to create a new email alert.

image

Give your alert a friendly name.

image

In the next screen, you can customize your alert message.

image

Click on the email settings tab to configure an SMTP server.

image

Select the type of notifications you want to receive.

image

Select the categories…

image

and the device types.

image

From the discovery and inventory menu, select the LAN inventory scope, right click on it and perform a discovery and inventory.

image

When completed, your monitored devices will be shown as below.

image

Now it’s time to install the agents on the client devices.

Monitoring and Alerting Event Errors in Microsoft Windows Operating System and Software

 

Installing SNMP Agents

There are two types of SNMP agents we will install to monitor our network devices. These agents will poll their devices for health and report back to the TRAP server via SNMP.


Windows SNMP Agent Event Viewer

This agent will collect data about Windows operating system and installed application. You can select which alerts will be sent to you by choosing Windows EVENT ID’s, or by category.

To begin, log in to a server that you want to monitor and install the SNMP service.

image

In the trap tab, add the community name and the IP address of the SNMP TRAP server.

image

In the security tab, disable authentication trap, add the READ ONLY community name and accept SNMP from localhost.

image

When finished, restart the SNMP service so that the changes take effect.

Once this is done, you can add alerts two ways. One way is to manually add the alerts you want. To do this, open a command prompt and run the command evntwin.exe.

In the example below, we are going to add Windows Server backup alerts. When Windows server backup does not complete successfully, the event will trigger an SNMP alert, which will be sent to the TRAP server, logged and finally e-mailed to you.

Click custom, and locate Windows backup from the applications folder. Highlight the Windows Backup events that you want to monitor and click on the add button.

image

Categorize the events by severity, highlight them and click add to add critical events and warnings in one simple step.

image

Once you have finished adding your custom events, highlight them and select settings to throttle the events. This will prevent to many events from filling your inbox in a short period of time.

image

Another way (and a better way) is to download our custom events script and run the script based on the type of server that you have. The script will import the most important events for you with the single click of a button. There are tens of thousands of events, so having a quick script will save you lots of time and trouble.

Download the zip file and extract the contents to c:\snmp folder.

image

Find the batch file for the type of server you are installing:

AutoImportExch – Exchange 2013, 2016 servers
AutoImportDC – Windows server 2008, 2012 and 2016 Domain Controllers
AutoImportServer – Windows Server 2008, 2012 and 2016
AutoImportSharePoint- SharePoint Server 2013, 2016

To install, simply double click on the server script and select run as administrator.

The script will begin installing the event alerts with periodic pauses at different categories.

image

When the script is finished, it will restart the SNMP service and log you out of Windows.

Log back in and execute the command evntwin.exe and you will see that thousands of critical events have been imported in to the event trap translator. It may take a while to load as it parses through thousands of events.

Don’t forget to highlight ALL the events, select settings, then apply a throttle.

image

I suggest no more than 2 of the same events in an 8 hour period… for sanity’s sake.

image

Now follow the above steps for all your Windows servers and you will be alerted whenever a critical alert takes place within your server environment. Sometimes, the errors can be hard to understand due to the large amount of information that is passed on.

image

If you have trouble, look for the Error Event ID  (see example above)and a quick Web search will tell you more about the problem.

Conclusion: Rather than spending boring hours sifting through monotonous Windows logs, specific Windows event errors will trigger SNMP events, OMSE then sends you email notifications which allow you can take immediate action. This will no doubt free up valuable time so that you can concentrate on more important tasks:

Image result for flappy bird

 

Monitoring Hardware Using OMSA Dell Servers

 

Dell Open Manage Administrator is a collector of Dell hardware specific events. It can monitor the status of your RAID array, temperature of the CPU as well as memory and power supply redundancy. It will take critical events and forward them to the TRAP server who will log the event and send you a notification.

Dell OMSA should be installed on bare metal systems. Do not install it on virtual machines because virtual machines do not have hardware to monitor. OMSA is for monitoring physical machines only.

To begin, download Dell Open Manage Administrator.  Extract the contents and install the software using the setup program. Log in to the UI and select alert management –> alert actions as shown below.

 

image

Click on each system event and enable the broadcast message option. Enable the system events you want to monitor.

image

If the server has a RAID controller, you will find the RAID alerts at the bottom of the page. Be sure to enable ALL the RAID events.

image

 

Enable the platform filter events.

image

Make sure that the community string and trap destinations are configured…

image

and finally decide on the verbosity level you want for the alert conditions.

image

The OMSA will now send SNMP alerts to the trap server and you will receive email alerts whenever and important event is triggered.

 

Adding Other Devices to Monitor using SNMP

With SNMP, it’s not just Windows and Dell servers you can manage! You can manage printers, routers, switches, et. al.

All you need is to enable SNMP on the device,  set the community string and tell the device where to send the SNMP events to (the TRAP server).

In the example below, see how easy it is to configure SNMP alerts on a Sonicwall router?

 

image

Voila!

image

All you need to enter is the community name and the IP address of the TRAP server! Then, go to Logs –> Categories and select the categories you want monitored.

image

Even if your devices do not support SNMP, you can still monitor whether or not they are on or off. Dell OMSE will send you an alert if a device fails to respond to a ping.

September 13
Using ECP to Change Public Folder Permissions in Exchange 2013, Exchange 2016

Navigate to public folders and click on the public folder name.

image

Select the subfolder you want to modify to highlight it and click on the 3 dots as shown below.

image

(Yes, someone actually has a public calendar for a restroom but it’s not what you think.)

Click on the root permissions link that pops up and click on the add, edit or remove icon to make permission changes.

 

image

Use the permission level drop down to set pre determined user permission levels or create custom permission levels using the check boxes.

image

The permissions are self explanatory (shown below) or click here for the expatiated version.

  • ReadItems   The user can read items within the specified public folder.

  • CreateItems   The user can create items within the specified public folder and send e-mail messages to the public folder if it's mail-enabled.

  • EditOwnedItems   The user can edit the items that the user owns in the specified public folder.

  • DeleteOwnedItems   The user can delete items that the user owns in the specified public folder.

  • EditAllItems   The user can edit all items in the specified public folder.

  • DeleteAllItems   The user can delete all items in the specified public folder.

  • CreateSubfolders   The user can create subfolders in the specified public folder.

  • FolderOwner   The user is the owner of the specified public folder. The user can view and move the public folder, create subfolders, and set permissions for the folder. The user can't read, edit, delete, or create items.

  • FolderContact   The user is the contact for the specified public folder.

  • FolderVisible   The user can view the specified public folder, but can't read or edit items within the specified public folder.

September 02
How to Block E-mails Using Keywords in Exchange 2013, 2016

In Exchange you can block emails that have specific keywords. Since many spammers use different email addresses and sending servers, it can sometimes be difficult to block. When you have a recurring email that you want to block, look for a common denominator. Usually the spammer will have a link back to their Web site or show their name or company name in order for you to identify them. With this information, you can block them using a keyword filter.

image

Open Exchange ECP and navigate to mail flow –> rules. Select + to create a new rule.

image

Give your rule a friendly name (1).  Apply the rule if the subject or body includes specific keywords (2) and finally, add the keyword.

Select message reject (1) and add a NDR message explaining why the message was rejected. Voila!

image

Exchange will reject any messages that have the specified keywords in the subject or content of the email.

In the future, you can block more keywords by editing the rule, clicking on the linked keyword list..

 

image

and then adding more keywords.

image

August 29
Sonicwall HTTPS Access Problem RC4 SSL Cipher

 

When attempting to access Sonicwall Web UI remotely, you receive one of these errors depending on the browser you are using:

  • Unsupported Protocol
  • Secure Connection Failed
  • This Site Can’t Provide a Secure Connection

Error descriptions include:

  • Domain uses an unsupported protocol.
  • The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.
  • ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  • SSL_ERROR_NO_CYPHER_OVERLAP
  • The page you are trying to view cannot be shown because the authenticity of the received data cannot be verified.

 

image

image

Many browsers no longer support the deprecated RC4 encryption cypher. This can be easily fixed by logging in to the Sonicwall’s diagnostic UI and unchecking the RC4 only option. To do this, log in to the Sonicwall’s INTERNAL HTTP URL and after you log in, change the URL to a trailing /diag.html. For example: http://192.168.1.1/diag.html. This will display the diagnostic UI. Note: You can also access the diagnostic UI from the Sonicwall’s outside address if you have HTTP access enabled on the WAN, but this is not recommended.

image

Uncheck the selection: Enable RC4-Only Cipher Suite

image

A restart will be required after which you will once again be able to log in using HTTPS.

August 05
How to Disable Outlook Junk Using Group Policy

 

If you have a gateway spam filter, it can get pretty confusing for end users having to discern whether a lost email is in the gateway’s junk store or in the Outlook junk folder. For this reason it’s usually a good idea to disable the Outlook spam filter option. You can easily accomplish this using group policy so that you don’t have to go one by one.

Open group policy editor and create a new policy. Enable the policy and add the users for whom you want to disable Outlook anti-spam.

image

Navigate to user configuration –> preferences –> windows settings –> registry and create a new registry item.

Select the following:

Action: Update
Hive: HKEY_CURRENT_USER
Key Path: Software\Policies\Microsoft\office\nn.n\outlook
Value Name: DisableAntiSpam
Value Type: REG_DWORD
Value Data: 1
Base: Decimal

Replace the nn.n with your own version of Outlook:

12.0 for Outlook 2007
14.0 for Outlook 2010
15.0 for Outlook 2013
16.0 for Outlook 2016

image 

July 17
Hyper-V Merge Disk Full- How to Merge when the Disk if Full

One of the nice feature of virtualization, being able to take a snapshot (checkpoints are also knows as snapshots), can later come back to get you. For this reason, it’s not a good idea to take checkpoints in a production environment. If you do take a checkpoint for some reason, be sure to erase it as soon as possible.

I have run across many servers with multiple snapshots spread over years. Deleting these old checkpoints can be time consuming, stressful and occasionally downright ugly if you run out of disk space.  Before deleting snapshots, make sure you have enough free disk space.

You can see the snapshot’s size by right clicking on it, selecting settings and then clicking on the inspect button or by visiting the folder where your aVHDX files are stored.

image

To be safe, you should have enough disk space free to accommodate the combined size of the main VHD file plus all the snapshots that you are going to merge. When you delete a snapshot, it merges the file into another snapshot. This happens until all snapshots have been deleted and merged. At this point, the last snapshot will merge to the main VHD file.  The following is a brief analysis based on my own experience in a lab environment so results may vary depending of the differencing capacity between your files. But you should use the worse case scenario capacity requirement shown below.

How the Checkpoint Merge Requires Disk Space

 

Example: You have a 100 GB VHD and two 25GB snapshots, here’s what will happen when you delete a snapshot:

A 25 GB avhdx file will merge into another 25 GB avhdx file creating a 50GB avhdx file. The merge file will grow to 50GB before the old 25GB file is deleted so you will need an extra 25GB space to complete this process.

When you delete the second snapshot, the 50 GB avhdx will merge with the remaining 25GB avhdx creating a 75GB avhdx.  The merge file will grow to 75 GB before the old 50 GB file is deleted, so you will need an extra 50GB space to delete the second checkpoint.

When you delete the last snapshot, the 50 final GB avhdx will merge with the original 100GB VHD file creating a 150 GB avhdx.  The merge file will grow to 150 GB before the old 50 GB file is deleted, so you will need an extra 50GB space to delete the second checkpoint.

This is the reason you need enough free space to accommodate the size of the original VHD plus all the avhdx (snapshot) files combined.

What if you don’t have enough free space to merge the checkpoints?

If you do not have enough disk space available, there are three options:

  • If you have Hyper-V 2012R2, you can export the VM to another disk. It will be exported as a merged VHD file. Later on, clear out the original VM and import the merged image.
  • You can live migrate the VM to another server that has ample disk space, complete the checkpoint merge, then move it back. This will minimize downtime since you can live migrate and merge without having to turn off the VM if you have Hyper-V server 2012 R2.
  • You can move the VM to another volume, such as a USB drive, complete the merge, them move it back again.

How to Move the VM to another Volume and Complete the Checkpoint Merge

Before proceeding, make sure that you have a backup. If you can move it to a volume mounted to the SATA or SCSI interface, it would be faster and more reliable than using an external USB drive. If you are using Hyper-V 2012R2, you can perform the following steps while your VM is on, otehrwise you must shut down the VM first.

Right click on the VM and select move. Choose to move the VM’s storage.

image

Select the option you want then the storage location.

image

image

Depending on the size of the VM and its snapshots, it may take a while.

image

image

In our lab, it took about 1 minute per GB to move to a USB 3.0 external drive.

Once the move has completed, proceed to delete the checkpoint.

image

When the merge completes, repeat the above steps to move the VM back to its original location.

1 - 10Next
Managed IT Services & Helpdesk

 ‭(Hidden)‬ Blog Tools