Setup Software RAID for Windows Server 2003

Please make sure before this installation, you will need 2 identical hard disk with same space connected to the server. But the truth is, you don’t need to same hard disk with the same space amount, but as long as you partitioned the space equally then it would be good as well. But for beginner, it is better to get a hard disk that got the same space quantity, less percentage that you would get yourself confused.
Below are the steps on how to enable the Software RAID inside Windows Server 2003:
 
1) You may follow the initial windows setup here:
http://www.iprobot.net/windows-tutorial/how-to-install-windows-server-2003/
 
2) After the installation has finished, click on Start button and right-click on My Computer. Select Manage and click on it:
 

 
3) Next is to select Disk Management:
Share

Creating a Certificate Signing Request Using Certreq.exe

Create a file named CSRParameters.inf on the C:\ drive using the contents below as a template (replace the single quotes with double quotes):

[NewRequest]
Subject="CN=mailgw.mango.com.bd,OU=IIG,O=Mango Teleservices Limited,S=Not Applicable,L=Dhaka,C=BD"
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

Open a command prompt and type in:

C:\>certreq -new CSRParameters.inf CSROutput.pem

Open Windows Explorer and browse to the C drive to locate the CSROutput.pem file

Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate

Share

Replacing the default (self signed) certificate on a RD Session Host server

Many times I wanted to get rid of that annoying certificate warning message when I make a RDP connection to a RD Session Host server or a workstation. If you are using RDP inside an Active Directory network, the warning is gone, because the connection is using kerberos for security, but if you are connecting from outside to the inside, well…you will be prompted to accept the server certificate, and this is because the certificate is self signed and is not trusted. The following method works for clients OS (Win XP, Vista,7) too, not just for RD Session Host servers.

To install a trusted certificate I will use a script that I found on Microsoft technet. For this guide an Enterprise Internal CA will issue the certificates since is cheaper and much easy to work with, but if you have a lot of external clients a commercial certificate is recommended. To start we need to request and install a certificate on the local computer store on the RD Session Host server. For that open the Certificates Store console (Start > Run > mmc), select Certificates and click the Add button. On the wizard that just popped-up choose Computer Account > Local Computer. Continue reading “Replacing the default (self signed) certificate on a RD Session Host server” »

Share

Creating a Windows Server 2008 R2 Failover Cluster

I hear you…you want your SQL, DHCP, Hyper-V or other services to be highly available for your clients or your internal users. They can be if you create a Windows Failover Cluster and configure those services in the cluster. By doing that if one of the servers crashes the other(s) one will take over, and users will never even notice. There are two types of Failover Clusters: active/active and active/passive. In the first one (active/active) all the applications or services running on the cluster can access the same resources at the same time, and in the second one the applications or services running on the cluster can access resources only from one node, the other one(s) is/are in stand-by in case the active node is fails.

Continue reading “Creating a Windows Server 2008 R2 Failover Cluster” »

Share

Configuring DKIM signing in MDaemon

DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.
To configure and use DKIM: 
  1. The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server.
  2. Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message.
  3. The receiving server obtains the signature from the “DKIM-Signature” header and verifies it using the signer’s public key. Continue reading “Configuring DKIM signing in MDaemon” »
Share

MDaemon 10.x: Running WorldClient under IIS7.5 on Windows 2008

Procedure

  1. Install the Web Server Role with ISAPI Extensions and ISAPI Filters (for exact steps please consult your Operating System documentation)
  2. Open the IIS console
    1. Click Start
    2. Click All Programs
    3. Click Administrative Tools
    4. Click Internet Information Services (IIS) Manager
  3. On the Connections pane, expand the [Machine_name] node
  4. Right click on Sites
  5. Click Add Web Site Continue reading “MDaemon 10.x: Running WorldClient under IIS7.5 on Windows 2008” »
Share

Load Balanced IIS behind ldirectord loadbalancer

Cluster Nodes Configurations (IIS6/7 Real Web Server Configuration)

1. Create text file by using Notepad and name it "check.txt"
2. Fill this file with "webserverisworking" string.
3. Move file to "C:\inetpub\wwwroot" or anywhere your web files are.

If you are using Windows XP/2003 IIS web server then you should do these steps:

1. Install "Microsoft Loopback Adapter" by using "Add Hardware" icon in Control Panel.
2. Set IP to 10.10.10.53
3. Set Subnet Mask to 255.255.255.0
4. Don't Set Gateway or DNS
5. Done! Continue reading “Load Balanced IIS behind ldirectord loadbalancer” »

Share

Many-To-One Mappings IIS

Many-to-one Client certificate mapping is used by the Internet Information Services (IIS) to associate an end user to a windows account when the client certificate is used for the user authentication. The user session is executed under the context of this mapped windows account by IIS. For this to work we need to ensure that the certificate to account mapping is configured correctly in IIS.

In IIS 6.0, the user had the option to configure Many-to-One client certificate mapping through the IIS Manager User Interface. In IIS 7/7.5, we don’t have such an interface for either One-to-One or Many-to-One mappings. This post talks about the Configuration Editor IIS 7/7.5 extension that can be used to achieve the mappings either for One-to-One or Many-to-One. Here we will talk in specific about Many-to-1 mapping.

IIS 7 or IIS 7.5 Schema

This is the schema for the IIS Client Certificate Mapping authentication feature in IIS 7 or IIS 7.5.
Prerequisites

These are the prerequisites needed for this walkthrough.
1.We have installed IIS Client Certificate Mapping module on the server.
2.A Web Site is configured with an HTTPS binding which can accept SSL connections.
3.We have a client certificate installed on the client.
4.IIS 7 Administration Pack is installed on the IIS 7.0 server. NOTE: Configuration Editor is shipped by default on IIS 7.5.

Walkthrough

Step 1:

1. Launch the IIS manager and select your web site which is being configured for client certificate authentication.

2. In the features View select Configuration Editor under Management section in the Features View.
3. Go to "system.webServer/security/authentication/iisClientCertificateMappingAuthentication" in the drop down box as shown below:

You will see a window to configure Many-to-One or One-to-One certificate mappings here. This is the UI provided through Configuration editor from where we can setup all the mapping configurations.

4. We can go ahead and modify the properties through this GUI.
•Set enabled to true
•Set manyToOneCertificateMappingsEnabled to True
•Select manyToOneMappings and click on the extreme end at the Ellipsis button to launch the new window for configuring mappings.

5. Under this new window go ahead and Add a new item. You can modify the properties from within the window as shown below:

6. Click on the Ellipsis button for rules and this will give you an option to add multiple patterns for matching based on certificate properties.

So here above we have two entries for rules for mapping the certificate. In the above case we are using two different fields named Subject and the Issuer in the certificate field and based on the matchcriteria property map the certificate to the account mydomain\testuser.

Shown below is how the final mapping for a specific windows account looks like. As you can see there are two entries for rules for this account.
Similarly we can have other mappings for various accounts based on the fields “Issuer” and “Subject” in the Certificate.

Download the details with screenshot from here configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5

Relevant Sources:

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

http://blogs.iis.net/webtopics/archive/2010/04/27/configuring-many-to-one-client-certificate-mappings-for-iis-7-7-5.aspx

http://www.iis.net/learn/manage/configuring-security/configuring-one-to-one-client-certificate-mappings

Share

Windows Apache SSL

Step 1 – What You Need

A copy of Apache that includes SSL support.
A copy of OpenSSL.
An openssl.cnf file.

The copy of Apache that I had installed on my machine did not include SSL support, so I moseyed on down to the Apache download page. You’ll notice on that page that there are files named something like apache_2.2.11-win32-x86-openssl-0.9.8i.msi, as well as files named something like apache_2.2.11-win32-x86-no_ssl.msi. You need to have the openssl version installed, not the no_ssl version (duh). I couldn’t find any reliable info on manually adding SSL support to a no_ssl install, so I simply downloaded the most up-to-date version of the openssl installer and ran it. It successfully upgraded my version of Apache without overwriting any of my existing config files.

The nice thing about that installer is that it includes a copy of OpenSSL, so you don’t need to download that separately.

Finally, you need an openssl.cnf file, which doesn’t come with the package. I downloaded one that works from Neil’s site. If that link is broken you can find a copy attached to this blog post. I have Apache installed in C:\Apache\, which means that I can find OpenSSL in C:\Apache\bin\, so I copied the openssl.cnf file into that directory.
Step 2 – Create a Self-Signed Certificate

This step will create a number of files related to your certificate. Each of those files has the same name, with a different extension. In the example commands below I’ve used the name bob. Feel free to replace that with anything you like.

Share

Ozeki NG MySQL Connectivity Parameters

Databse connection

===========================

Driver={mySQL ODBC 5.1 Driver};Server=192.168.0.100;Port=3306;Option=4;Database=mydb;Uid=userdb;Pwd=putmypwd;

Sending-Polling

============

SELECT id,sender,receiver,msg,msgtype,operator FROM ozekimessageout WHERE status=’send’

Sending-sending

=============

UPDATE ozekimessageout SET status=’sending’ WHERE id=’$id’

Sending-Sent

==============

UPDATE ozekimessageout SET status=’sent’, senttime=’$senttime’ WHERE id=’$id’

Sending-Not sent

===========

UPDATE ozekimessageout SET status=’notsent’ WHERE id=’$id’

SQL for receiving

==============

INSERT INTO ozekimessagein (sender, receiver, msg, senttime, receivedtime, msgtype, operator) VALUES (‘$originator’,’$recipient’,’$messagedata’,’$senttime’,’$receivedtime’,’$messagetype’,’$operatornames’)

Share