IronTech Solutions Tech Blog

So are you guys as excited as we were when we found out 2010 came out.  I couldn’t wait to install it and when I did I was amazed buy what I saw.  I have a friend at microsoft who gave me a list of features and changes that were different from 2007 so I included them below.  I am currenly putting together some screenshots and videos so that you guys can see it in action.  But anyway, here is a list of the major features you get with 2010….enjoy!!!

1. Database Availability Groups - Database Availability Groups combine CCR and SCR functionality to provide a single solution for both scenarios.  What happens here is that you install a DAG member and it behind the scenes installs Failover Clustering making the High Availability deployment more intuitive for the administrator.  There was one scenario we ran into here where we had two source CCR Clusters wanting to replicate to the same target SCR Standby.  The problem here is that when you recoverCMS on the SCR Standby, the replication fails with the other source CCR that was still working becuase the target SCR server can only ever have 1 CMS.  DAGs fix that issue. . Also note that SCR has been deprecated/cut with Exchange 2010. You can also have 16 copies of the database. Up to 16 database copies.
2. Outlook Web Access Features - There are quite a few new features with OWA.  Some features I really like are:
   • Side-by-side comparison of calendars
   • Ability to attach messages to messages
   • Integration with Communicator including presence, chat, and a contact list
   • Conversation View
   • Support for multiple browsers such as Firefox and Safari
3.  Unified Messaging Features - There are quite a few new features with UM.  Some features I really like are:
   • Message Waiting Indicator
   • Voicemail Preview - This is essentially a speech to text that will display the text in your e-mail message to get a preview of what the voice mail includes
   • Personal auto attendants
   • Protected Voice Mail - Ability to track and restrict where voice mails can go
4. Store Functionality  - There are a ton of new features for UM.  Some important things to note:
   • No more Storage Groups
   • Mailboxes are no longer connected to the server object in which the schema has been flattened to allow for this
   • I/O Improvements including JBOD support and better support for SATA disks
   • Being able to run on cheap disks (SATA) and have a backupless organization by having multiple copies stored on DAG members.
5. Administration  - There are a ton of additions/enhancements to administration.  Some important things to note:
   • Role Based Access Control (RBAC) - Allows you to create granular permissions on custom groups that you create. This essentially replaces the administration model in Exchange 2007.  For example, if you want a help desk group that has access to specific pieces of functionality within Exchange, you can do so.
   • Exchange Control Panel - Ties into RBAC and shows/hides features you are not given access to.
   • Audit Logging
6. Other
   • Multi-Mailbox Search
   • Text Messaging Integration (SMS)
   • Moderation and approval of distribution group submissions
   • Mail Tips - Will notify an Outlook user of an impending error before it happens so the user doesn’t get a confusing NDR.  For example, if your message size limit is 10MB and the user tries sending a 15MB message, Outlook will notify the user before the user tries to send out the e-mail saving Exchange resources and making the failure experience more intuitive for the end user.

A feature called MailTips will be “like having X-ray vision into your e-mail before you send it,” Julia White, Microsoft’s director of Exchange product management, said in an interview. Before e-mails are sent, a bit of text near the top of the e-mail client will give senders additional information to prevent them from sending unwarranted or unnecessary e-mails, warning them about how many people are on a distribution list, that the e-mail is headed for someone outside of the sender’s organization, and whether someone has an out-of-office notification up.

Other new user features in Exchange 2010 and Outlook Web Access include easier calendar sharing, an infinite scroll instead of page-by-page views of e-mails in Outlook Web Access, and the ability to send text messages to and from Outlook, Outlook Web Access, and Outlook Mobile.

Exchange 2010 will have SMS integration to exchange server, which means SMS messages will be automatically synchronized back to your Exchange server, where they can be easily searched and archived just like your email.

A cool improvement revolving around mailbox moves in Exchange 2010 is that they by default are done in so called online mode. That is the Outlook client won’t be disconnected while a user’s mailbox is being moved. Only end-user impact is that with Outlook 2003/2007, the user is asked to restart Outlook after the mailbox moved has been completed.

The Exchange 2010 Management Console now includes two new Exchange certificate wizards, which allows you to either create a new certificate or import an existing one. This means you no longer need to switch to the Exchange Management Shell when creating or importing certificates in Exchange 2010.

One of the things I really like about Exchange 2010 is that it supports Remote PowerShell (included with PowerShell 2.0) and WinRM which makes it possible to connect to multiple Exchange 2010 based on-premise or cloud-based organizations from the same Exchange Management Console or Shell.

Clicking on the Options link in the Outlook Web Access client brings up the Web-based Exchange Control Panel. From here, users can carry out standard self-service tasks such as updating contact information and defining in-box rules. The Control Panel also offers access to more powerful features, including the option for users to create their own custom public distribution groups without the need to contact the IT staff, or to track the delivery status of their messages. Depending on the role given a user by administrators, end users can also use this feature to control public company mailing lists.

In addition, this interface can take advantage of new roles capabilities in Exchange Server 2010 to let administrators delegate capabilities to end users. Most interesting of these is the ability to quickly enable multiple mailbox searches, letting, for example, an HR or compliance officer quickly search for information across several mailboxes. Almost any capability accessed through the Exchange Control Panel can be turned on and off for specific users through the use of these roles.

The Exchange Federation Gateway feature makes it possible for organizations to share Exchange data easily across their implementations or through a hosted Exchange Online system. For example, administrators can share live calendars across two different partner companies to smooth meeting scheduling.

Moving user mailboxes has been greatly streamlined and, in tests, user mailboxes could be moved quickly with limited disruption to end-user access.

With the Database Availability groups feature, I was able to easily configure database replication services to multiple servers, including off-site servers. In basic tests after bringing down a database server, the server seamlessly automatically recovered with no loss of messages.

Using the Transport Protection Rules, it was possible within the administration interface to create customized rules to control how specific messages could be routed within an organization—for example, applying “no forwarding” rules to specific messages. This feature could also be tied to Windows Rights Management Services to provide deeper DRM-style controls over some messages.

A new feature of Exchange Server 2010 allows you to keep an eye on all the activities of administrators performed through Exchange Management Shell, Exchange Management Console, or by Exchange Web management interface and it is called Administrator Audit Logging.

Lately, IronTech clients in the SMB world are becoming more aware of DR (disaster recovery) needs and have begun asking us to implement these solutions but with the economy the way it is, no one has a million dollars to spend.  Luckily with Exchange 2007  we have a  few great options for DR planning.  Obviously we would prefer to have a cluster that fails over automatically and sends us an email saying it has done so.  But as I mentioned before a lot of companies can’t afford the cost of the servers or OSs that are needed to have these types of setups, so I will tell you guys about SCR (Standby Continuous Replication).  True it is not an automatic process, but it will work if you don’t want to spend the money for CCR (Cluster Continuous Replication). 

In case you didn’t know what types of High Availability (HA) there are in Exchange 2007,  here is a list and brief description of each:

So anyway back to our SCR talk.  Like I said before it is a manual process to bring the storage online, but we are working on a solution that can ease that pain.  So how does it work exactly?  Well basically when you enable SCR with the command:

 Enable-StorageGroupCopy -Identity <NameofStorageGroup> -StandbyMachine <NameofSCRTargetMachine> -ReplayLagTime 0.1:0:0

Exchange will now begin to ship the logs over a folder at the DR site.  But before that command we need to setup the DR site with the exact same file structure as the main site.  For instance, if you have a setup like:

C:\OS

D:\SG1\Logs

E:\SG1\MAINSITE.edb

Then the remote site needs to be setup exactly the same, no getting around that.  The good news is they can be  completely different brands of servers, as long as the file structure is the same you are good to go.  After that you can run the command above and after 50 logs have been written exchange will replay them and create a replica database on the other side.  Pretty cool right? well that part is easy it is the actual mounting or calling the DR site into action that people seem to have issues with.

For that guide you can search Microsoft Technet or any other blog out there and get some solutions but I found one at our friends over at Exchange Genie that is by far the nicest little write up that will get you going without all the fancy terms that some other guys give you.  Here is the link:

http://www.exchange-genie.com/2007/08/standby-continuous-replication-scr/

I know at IronTech we normally tell you how to do it ourselves but on this one, I figured why reinvent the wheel?    So since you guys have that writeup to help you, we can go more into how SCR works and if you should use it or not.  SCR as we discussed previously ships logs over to the standby server and replays them into a mirror image database.  Exchange 2007 can do this by bringing in SQL’s log shipping ability and using it very well.  Now that’s all fine and dandy but this type of setup should only be used when your DR is a cold standby.  You will have to manually recover these storage groups by following the link I posted above, and depending on your mailbox database sizes it can take some time to complete.  And keep in mind when it is time to failback over this is a manual process as well.  So if you are looking for a solution that will have you running instantly, this will not give you that ability.  What it does give small and medium size businesses is the ability to have an inexpensive DR plan for mail that sure beats losing everything or trying to restore from a backup that may not work. 

Anyway let us know if you have any questions or need any help with this.  We are more than happy to help out in anyway possible. 

Thanks

So lately I have seen a lot of people having trouble with Exchange 2007 services not starting after a reboot.  There are several reasons for this but I wanted to let everyone know how to troubleshoot these things without having to sit on the phone with Microsoft for 8 hours looking at logs.  Not that the PSS guys aren’t good but I mean really, who has the time when your whole company is yelling at you and your Information Store won’t mount?

So here you are sitting there trying to start the services and they keep timing out with the error, “The service didn’t respond in a timely fashion”.  Before you go off rebooting and all that good stuff, lets look at a few things.

Go to your control panel and check to see if you have any rollup packs applied.  It doesn’t matter what number rollup, just check to see if any are applied.  If one has been applied, remove it. 

I know what you are saying, “That was supposed to fix a ton of problems, why should I remove it?”  Well here are the facts.  Over half the time the packs don’t install properly and run until the server reboots.  A lot of complications then stem from this.  To verify your rollup was installed, reboot the server after the install and then run it for at least a day and reboot the server again.

I can say this with confidence because we work on many Exchange 2007 environments for some pretty big Fortune 500 clients and I have repaired 13 of the dreaded service timeouts by removing the rollup packs. Presto, the servers start running again with no problems.

Some other possible issues include network or AD problems but if you were running before and all of a sudden you have Exchange troubles and you aren’t experiencing any LAN issues or drastic server problems, I’ll bet money on the rollup being the cause of your problems.

I know this is a short article but hey, it doesn’t need to be long if it fixes the problem right?  As always, let us know if you have any questions and we will try to help you out.

The migration to Exchange 2007 should be fairly easy but sometimes the public folder moves can be painful.  The reason is the architecture differences between the two and if you are dead set on keeping those things and not going with Sharepoint you might run into an issue with the migration.  We are going to cover the specific 951 warning.  Here are some symptoms and the warning you will see:

 The users who log on to the Exchange 2007 mailboxes cannot view the Exchange 2003 public folders through a Microsoft Outlook client. 

 On the Exchange 2003-based server, the public folder replication messages are queued in the “messages together with an unreachable destination” queue. 

Exchange 2003 warning

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 951
Description: When sending mail to following address exchange2007name.domain.com.5B2DCAE3-0882-1148-8DEB-B36F641F9E2B, we have found the connector with target domain *.5B2DCAE3-0882-1148-8DEB-B36F641F9E2B matching destination address exists in DS. However, we have no way of getting there. Possibly, you need to check your topology and add appropriate connectors among Routing Groups

Here is the tool you should download…P.S.  Make sure to read the manual first:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C5A8AFBF-A4DA-45E0-ADEA-6D44EB6C257B&displaylang=en

Using this tool will reveal the problem, which will be with the routing group connector.  To fix this, first make sure you have a connector.  If not use this command  on the Exchange 2007  server in the command shell:

New-RoutingGroupConnector -Name “Interop RGC” -SourceTransportServers “Ex2007Hub1.contoso.com” -TargetTransportServers “Ex2003BH1.contoso.com” -Cost 100 -Bidirectional $true -PublicFolderReferralsEnabled $true

Use the nbtstat -c command to check if the servers are cached and if they arent you can use the nbtstat -a servername to force an update of the servers into each others cache.

You can try to resend all replicas and see if the proble is solved.  If not, all you have to is shut the servers down for 10 minutes (each server)  and then bring them back up.  The reason for this is to flush and allow the link state to rebuild between the two servers.  That should be it, you can resend your changes and all the folders should begin to migrate successfully. 

As always, please let us know if you have any questions or we can help in any way.

So by now many of you are using Exchange 2007 SP1 and you probably love it.  I know we do and we have been using it since the beta release but there are some issues that many people are having with Symantec Backup Exec 11d or 10.   Symantec themselves actually came to one of our clients and told them that they needed to upgrade to Backup Exec 12 but most companies dont have money to throw around when all they want is the software they have to work.  So lets get into the fix for the dreaded Exchange VSS writer failing.

I have seen this issue when you run Exchange SP1 where the Microsoft VSS writer fails everytime.  the specific error is: 

Backup- Server.server.com-79-57344-34110 - AOFO: Initialization failure on: “\\wedaexch01.kar.wedaskog.se\Microsoft Information Store\First Storage Group”. Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS).
Snapshot provider error (0xE000FED1): A failure occurred querying the Writer status.
Check the Windows Event Viewer for details.
Writer Name: Exchange Server, Writer ID: {76FE1AC4-15F7-4BCD-987E-8E1ACB462FB7}, Last error: The VSS Writer failed, but the operation can be retried (0×800423f3), State: Failed during prepare snapshot operation (8).
V-79-57344-34110 - AOFO: Initialization failure on: “\\server.server.com\Microsoft Information Store\First Storage Group”. Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS).
Snapshot provider error (0xE000FED1): A failure occurred querying the Writer status.
Check the Windows Event Viewer for details.
Writer Name: Exchange Server, Writer ID: {76FE1AC4-15F7-4BCD-987E-8E1ACB462FB7}, Last error: The VSS Writer failed, but the operation can be retried (0×800423f3), State: Failed during prepare snapshot operation (8).
 

If you get this error the first thing to do is open a command prompt and type “VSSADMIN List Writers”  this will give you the VSS writer that failed which should be the Microsoft Exchange VSS writer.

 Writer name: ‘Microsoft Exchange Writer’
   Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
   Writer Instance Id: {30bcaa89-69fb-451e-a60d-bf095ca75839}
   State: [8] Failed
  

 Sometimes (but not in this case) certain VSS errors may be resolved by re-registering the operating system’s lower-level VSS components. This step should only be taken after other diagnostics have been failed to correct the failure. To re-register VSS components, execute the following within a command prompt:

cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 ole32.dll
regsvr32 oleaut32.dll
regsvr32 vss_ps.dll
vssvc /register
regsvr32 /i swprv.dll
regsvr32 /i eventcls.dll
regsvr32 es.dll
regsvr32 stdprov.dll
regsvr32 vssui.dll
regsvr32 msxml.dll
regsvr32 msxml3.dll
regsvr32 msxml4.dll
net start swprv
net start vss

And sometimes you can just reboot, but again, thats not going to fix this one.

Step 1 to fix it is to go to this link:

http://support.microsoft.com/kb/940349 

and download the VSS rollup.  Remember that this must be applied to the backup server as well as the Exchange server.  Once it installs, you will be required to reboot the server.  I have heard people say that they have fixed it simply by doing this but I haven’t seen it yet.

So now on to step 2 which is to  open up the registry editor and navigate to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem and create a new DWORD

Name: Enable Remote Streaming Backup

Type: DWORD
Value: 1 (remote backup enabled)

This will enable the remote backup and allow the VSS writer and Backup Exec to funtion normally. You need to do this on all Exchange 2007 sp1 servers in your organization.  It is very important to do this and not just install the rollup for VSS.  You will need to reboot after the change!!!

 There is one other thing to check.  If you have recently installed a rollup pack, specifically Rollup 4 for exchange you might need to check the ESE.dll on the backup server and the Exchange server or servers  if they are different copy the newer one and type regsvr32 <path & filename of dll >.

That’s it, you should be up and running again and your information store will be safe and sound.  Again you can upgrade to Backup Exec 12 if you have the money but chances are you just bought Backup Exec 11 a year ago and you don’t want to buy the newest version.  I hope this helps you guys and as always, leave a comment if you have any questions on this fix or any others.

A general rule of thumb in virtual environments is to always treat virtual machines the same as you would physical servers. While this rule holds true in many cases, Admins should be aware of some exceptions to this rule. Below I will cover some key things to look for while you are maintaining your infrastructure

Patching – You should apply all the same operating system and application patches to a virtual machine as you would a physical server. However it is best to stagger your patch deployments so you do not patch and restart all of your virtual machines at the same time. If you did this concurrently you can cause excessive resource utilization on your host servers which could impact other virtual machines running on the host.

Securing – Secure the virtual machine operating system as you would physical servers, in addition you should ensure that you have proper security setup on the host server’s management console that allows access to the VM as well as on the virtual machine files located on the host server’s disk system. It does no good to have tight security inside your VM and have weak security outside.

System Monitoring – This is one area that can be very different for virtual servers. There is no need to monitor virtual machine hardware, if you have converted physical servers to virtual machines you should make sure you un-install any hardware management agents from them. In addition virtual machines boot much faster then physical servers. Because of this, many monitoring systems will not detect server re-boots because the boot process happens quicker then the monitoring interval. You may find that you need to adjust your polling interval for virtual servers so you can detect the faster re-boots.

Performance Monitoring – Another area that is very different from physical servers. Traditional operating system performance reporting tools are often inaccurate when used on virtual machines because they are unaware of the virtualization layer and the underlying physical hardware. You should always use virtual server specific reporting tools to accurately measure performance on virtual machines.

Anti-Virus – Make sure you install anti-virus software on all your virtual machines the same as physical servers. Again one thing to be careful of is to stagger any on-demand scans and definition updates as to not overwhelm the host server. Having all your VMs running a full scan at the same time can completely bog down a host server.

Backups – It’s OK to backup your virtual machines using traditional operating system backup agents. Always make sure you do not backup too many VMs on a single host at the same time. There are more efficient ways to perform backups in a virtual environment like VMware consolidated backup or V-Ranger if you are using ESX that you may look into to either complement or replace traditional backup methods. To Back up Xen check out this link http://docs.xensource.com/XenServer/4.0.1/installation/apbs04.html and of course Hyper-V can be backed up using some of the windows tools.

Disk defragging – You should periodically defrag virtual machine disks using traditional operating system tools for maximum performance. However be careful not to defrag a VM that has a snapshot running, doing this can cause the snapshots rapidly grow in size and degrade host performance. As usual do not defrag more then one VM on a host at a single time because of all the excessive disk activity that is causes.

Be careful not to do too many of the same operations concurrently. With physical servers, only a single server is effected, but in virtual environments many other servers running on a host server can be impacted. I have seen too many times some admin trying to do something on his server and it brings the rest of the VM’s down.

I hope you guys are having fun with all the virtualization out there but remember these servers need to be maintained along with the physical servers that they run on.

As always please let us know if you have any questions.

So with the Virtualization market heating up and alot of questions about trying it out I thought I would post on how to install and configure the Microsoft Hypervisor. Microsoft has made some real advances in their virtualization technology since Virtual Server, which I was not a big fan of, the technology is very comparable to VMwares ESX server or Citrix Xen Server.

So lets jump into the set up shall we, first you will need to review the hyper-v requirements

Hardware Requirements

Hyper-V requires an x64 processor, hardware-assisted virtualization, and hardware data execution protection. I have included the links to download and review the requirements for hyper-v here

http://go.microsoft.com/fwlink/?LinkId=98821.
http://go.microsoft.com/fwlink/?LinkId=102060

Step 1: Install Hyper-V

You can use Server Manager to install Hyper-V.

To install Hyper-V
1. Click Start, and then click Server Manager.

2. In the Roles Summary area of the Server Manager main window, click Add Roles.

3. On the Select Server Roles page, click Hyper-V.

4. On the Create Virtual Networks page, click one or more network adapters
if you want to make their network connection available to virtual machines.

5. On the Confirm Installation Selections page, click Install.

6. The computer must be restarted to complete the installation. Click Close to finish the wizard, and then click Yes to restart the computer.

7. After you restart the computer, log on with the same account you used to
install the role. After the Resume Configuration Wizard completes the installation, click Close to finish the wizard.

Step 2: Create and set up a virtual machine

After you have installed Hyper-V, you can create a virtual machine and set up an operating system on the virtual machine.
Before you create the virtual machine, you may find it helpful to consider the following questions. You can provide answers to the questions when you use the New Virtual Machine Wizard to create the virtual machine.
• Is the installation media available for the operating system you want to install on the virtual machine? You can use physical media, a remote image server, or an .ISO file. The method you want to use determines how you should configure the virtual machine.
• How much memory will you allocate to the virtual machine?
• Where do you want to store the virtual machine and what do you want to name it?

To create and set up a virtual machine

1. Open Hyper-V Manager. Click Start, point to Administrative Tools, and then click Hyper-V Manager.

2. From the Action pane, click New, and then click Virtual Machine.

3. From the New Virtual Machine Wizard, click Next.

4. On the Specify Name and Location page, specify what you want to name the virtual machine and where you want to store it.

5. On the Memory page, specify enough memory to run the guest operating system you want to use on the virtual machine.

6. On the Networking page, connect the network adapter to an existing virtual network if you want to establish network connectivity at this point.

Note
If you want to use a remote image server to install an operating system on your test virtual machine, select the external network.

7. On the Connect Virtual Hard Disk page, specify a name, location, and size to create a virtual hard disk so you can install an operating system on it.

8. On the Installation Options page, choose the method you want to use to install the operating system:

• Install an operating system from a boot CD/DVD-ROM. You can use either physical media or an image file (.iso file).
• Install an operating system from a boot floppy disk.
• Install an operating system from a network-based installation server. To use this option, you must configure the virtual machine with a network adapter connected to the same network as the image server.

9. Click Finish.

After you create the virtual machine, you can start the virtual machine and install the operating system.

Step 3: Install the operating system and integration services

the final step , you connect to the virtual machine to set up the operating system. As part of the setup, you install a software package that improves integration between the virtualization server and the virtual machine.

Note
The instructions in this step assume that you specified the location of the installation media when you created the virtual machine. The instructions also assume that you are installing an operating system for which integration services are available.

To install the operating system and integration services

1. From the Virtual Machines section of the results pane, right-click the name of the virtual machine you created in step 2 and click Connect. The Virtual Machine Connection tool will open.

2. From the Action menu in the Virtual Machine Connection window, click Start.

3. Proceed through the installation.
Notes
• When you are at the point where you need to provide input to complete the process, move the mouse cursor over the image of the setup window. After the mouse pointer changes to a small dot, click anywhere in the virtual machine window. This action “captures” the mouse so that keyboard and mouse input is sent to the virtual machine. To return the input to the physical computer, press Ctrl-Alt-Left arrow and then move the mouse pointer outside of the virtual machine window.
• After the operating system is set up, you are ready to install the integration services. From the Action menu of Virtual Machine Connection, click Insert Integration Services Setup Disk. If Autorun does not start the installation automatically, you can start it manually. From a command prompt, type:
%windir%\support\amd64\setup.exe.
After you have completed the setup and integration services are installed, you can proceed to test the virtual machine by customizing it to suit your testing goals. For example, you can view or modify the virtual hardware that is configured for the virtual machine. From the Virtual Machines pane, right-click the name of the virtual machine you created in step 3 and click Settings. From the Settings window, click the name of the hardware to view or change it.

I have addes some screen shots that will show how to install the Hyper-v role, If you have any questions or need any help setting up you virtual machines please email us at info@irontechsolutions.com

Go to the server manager and navigate to add roles

Next check the box to add the role and press next

The role will be added and a reboot will be required, press ok to reboot and the server will finish the install and reboot again. When you log in again the role install will complete and you will be able to use Hyper-V

Go to administrative tools and open the Hyper-V manager, from there you will be able to setup and manage your Virtual Machines. ave fun and let us know if we can help in any way.

Here is a simple script I wrote to configure a Cisco router. First the header of my script:

##CISCO SCRIPT#### This script assumes you are in enable mode and ready to configure the router

##Lets configure the interfaces

Now configure terminal by entering these commands:

configure terminal
interface gig 0/0
description Lan
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shutdown
exit

Conf T

interface gig 0/1
description Wan
ip address x.x.x.x x.x.x.x
ip nat outside
no shutdown
exit

## We need a default route (the x’s should be your default gateway)
Conf T

ip route 0.0.0.0 0.0.0.0 x.x.x.x

##now we need to setup the nat list for the internet

ip nat inside source list NAT interface gig 0/1 overload

##and of course we cant do anything without an access list to let traffic pass

ip access-list ext NATpermit ip 10.0.0.0 0.0.0.255 any

And that is a basic configuration, of course you will probably need to forward some ports so just copy and paste this line, if you need to change the port just edit the port number in the line

conf t
ip nat inside source static tcp 10.0.0.1 25 60.10.10.10 25 extendable

and thats all folks, please email us if you need any help on setting these routers up. IronTech Solutions is happy to try to solve any issue we can. My next post will cover some more advanced configurations and if there is anything you would like to know you can email us with those questions.

I have worked in the I.T. world for a while now and to this day, I see so many issues when people are trying to setup a site to site vpn. Of course there are many routers that can do this but because I think Cisco is the gold standard in networking, I would like to share a simple site-to-site setup I use with you.

This article assumes you have the Cisco routers on both ends setup and you are ready to get the tunnel up. Here is the simple list of steps to get this thing going. And remember, this is a basic configuration. You may need some more specific access lists to accomplish your goal.

!!Lets setup a site to site shall we!!
!!Apply the crypto map to the outside interface

Interface gig 0/1 crypto map tunnel-map

!!Now lets setup our policies

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2

!!We need a preshared key dont we

crypto isakmp key !yourkey! address x.x.x.x

!!Now for the transform set

crypto ipsec transform-set Here-to-There esp-3des esp-md5-hmac

!!And now its time for the tunnel map

crypto map tunnel-map 10 ipsec-isakmp
set peer x.x.x.x (Remote Wan IP)
set transform-set Here-to-There
match address VPN

!!And of course the access list

ip access-list extended VPN permit ip 10.0.0.0 0.0.0.255 x.x.x.x 0.0.0.255 log

!!Dont forget to deny it from the nat list and remember that the deny statement should come before you permit the rest of the traffic.

ip access-list extended NAT
deny ip 10.0.0.0 0.0.0.255 x.x.x.x 0.0.0.255

To test these settings use the show crypto session commands and you should get something like this.

RouterA# sh crypto session

Crypto session current status
Interface: GigabitEthernet0/1Session status: UP-ACTIVE
Peer: x.x.x.xport 500
IKE SA: local x.x.x.x/500 remote x.x.x.x/500 Active
IKE SA: local x.x.x.x/500 remote x.x.x.x/500 Active
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Active SAs: 0, origin: crypto map
IPSEC FLOW: permit ip 10.0.0.0/255.255.255.0 10.0.1.0/255.255.255.0
Active SAs: 2, origin: crypto map

Thats it, pretty simple stuff huh? You just have to change the IPs to match your needs and put this in on both sides and it should work fine for you. If you have any problems post a comment and I will try to help.

The T-mobile G1 is the first phone sporting the new Google Android operating system. Just like the first generations of Windows Mobile or iPhone, the Android has bugs. The e-mail and contact synching issues have been some of the major problems with the G1 since it was released on October 22nd.

The Android does not have any built in Exchange server functionality at this time. You will have to use IMAP. There are talks of third party clients coming soon so until then, G1 users have to cobble together their own solutions to get “Exchange like” functionality.

Setting up an IMAP email account on your G1 is quick and easy. Contacts are a different story. I spent a good 3o minutes attempting to export my Outlook 2007 contacts into my Gmail account after getting my G1 but unless you have both a FIRST and LAST name on every contact, Gmail will display the contact with just a phone number. Dennis O’Reily posted a great solution of taking advantage of the Outlook Express or Windows Mail exporting feature (which is a lot easier than using full blown Outlook’s export feature).

http://windowssecrets.com/2008/11/06/03-Sync-your-Outlook-and-mobile-phone-contacts

• Step 1: Open Outlook 2007 and export your contacts using Outlook’s Import/Export feature. Click File, Import and Export, select Export to a file, choose Comma Separated Values (Windows), click Contacts, and choose a path and file name to save the file to. Exit Outlook 2007.

• Step 4: To import the contacts into Gmail’s contact list, log into your Gmail account and click the Contacts link in the left column. After the page has loaded, click the Import link in the upper right, select the CSV file that you created in Outlook Express or Windows Mail, and click the Import button.”Presto! All of your contacts are properly imported and should be synched with your G1 phone in a few minutes.”

Make sure you go to Menu > Settings > Data Synhcronization > and uncheck the Contacts box. Otherwise your G1 will continually try to update contacts from your Gmail account and run down your battery. My contacts never really change so I synch them manually when I need to instead.

Great! So now contacts are synched up. But what about your calendar entries? How do you synch Outlook calendars with your G1? The answer is thankfully very simple, use Google Calendar Sync. It’s just a little agent that sits on your desktop and synchs your Outlook calendar with your Gmail account at an interval you specify. It can even do 1 way synchs if you prefer. Follow these instructions and you should be up and running in 5 minutes.

http://www.google.com/support/calendar/bin/answer.py?hl=en&answer=89955