Author Archives: Geneva Sibanda

SRP is showing as disconnected on your BlackBerry Enterprise Server Express (BESX).

Resolution: This problem is caused by incorrect SRP ID: Request a new SRP ID and License Key (SRP Authentication Key) from RIM.

Important: If you have ordered the BlackBerry Enterprise Server Express software please make note of the following information while picking up your software:

• Serial Number (SRP ID)
• License Key (SRP Authentication Key)
• Client Access Licenses

Till next time…(for smooth BESX project rollout please drop us an email: sales at esgnet.co.za)

Error 800: can’t establish a vpn connection

Resolution:

Open – ISA Server Management – Click Firewall Policy – Double Click Your Access Policy – go to Protocols Tab – Click on ADD – Expand All Protocols – Add PPTP.

Then you should be able to establish VPN connection perfect.

You receive a “The RPC server is unavailable” error message when you RDP’ng to your server?

This problem might be linked to incorrect NIC drivers.

Resolution : Reinstall Your Server NIC drivers.

Till next time…”if not broken don’t fix”

Confirm forms-based authentication not selected on the Exchange front-end server Forms-based authentication can be configured on the Exchange front-end server when not using ISA Server to publish Exchange Web client access. When ISA Server is being used to publish Exchange Web client access, forms-based authentication should only be configured on the ISA Server computer. Perform the following procedure to confirm that forms-based authentication is not selected on the Exchange front-end server.

To confirm forms-based authentication is not selected on an Exchange front-end server Start Exchange System Manager. If administrative groups are enabled, expand Administrative Groups.

Expand Servers, and then expand your front-end server.
Expand Protocols, expand HTTP, right-click Exchange Virtual Server, and then click Properties. Click the Settings tab, and clear the check box Enable Forms Based Authentication.

Click OK. If you receive a message that states that Internet Information Services (IIS) must be restarted, click OK.

To restart IIS, type the following command at a command prompt: iisreset.

sesecurityprivilege access is denied

http://support.microsoft.com/kb/314294

Z:\MSExchange2003Enterprise\SUPPORT\EXDEPLOY>POLICYTEST.EXE

This tool will check every domain controller in the local domain to see if the “Manage auditing and security logs” privilege granted to the Exchange Enterprise Servers” group by DomainPrep has replicated to that DC. If the policy change has not yet replicated to all DCs, then you should avoid making policy changes on any DC that has not received those changes yet.

You must have Domain Admin rights to run this tool successfully. If you see an error that says: !! LsaEnumerateAccountRights returned error 5 !! then you don’t have permission to open the LSA on the given DC.
===============================================
Local domain is “ESGNET.lan” (ESGNET)
Account is “ESGNET\Exchange Enterprise Servers”
========================
DC = “ESG_CEN14”
In site = “Default-First-Site-Name”
!!! Right NOT found !!!
========================
DC = “ESG_CEN16”
In site = “Default-First-Site-Name”
!!! Right NOT found !!!
========================
DC = “ESG_CEN18”
In site = “Default-First-Site-Name”
!!! Right NOT found !!!
========================
DC = “ESG_DC01”
In site = “Default-First-Site-Name”
!!! Right NOT found !!!
========================
DC = “ESG_DC02”
In site = “Default-First-Site-Name”
!!! Right NOT found !!!

To resolve this I followed the step-by-step below:

Start the Active Directory Users and Computers snap-in.
Right-click the Domain Controllers container, and then click Properties.
Click the Group Policy tab, click Default Domain Controllers Policy in the Group Policy Object Links box, and then click Edit.
Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment. In the right pane, double-click Manage auditing and security log, click Add, click Browse, and then add the Exchange Enterprise Servers group. In the Add user or group dialog box, click OK. Then, click OK.
Quit the Group Policy snap-in, and then click OK in the Domain Controllers Properties dialog box.

NB: Interestingly,

Z:\MSExchange2003Enterprise\SUPPORT\EXDEPLOY>POLICYTEST.EXE

This tool will check every domain controller in the local domain to see if the “Manage auditing and security logs” privilege granted to the Exchange Enterprise Servers” group by DomainPrep has replicated to that DC. If the policy change has not yet replicated to all DCs, then you should avoid making policy changes on any DC that has not received those changes yet.

You must have Domain Admin rights to run this tool successfully. If you see an error that says: !! LsaEnumerateAccountRights returned error 5 !! then you don’t have permission to open the LSA on the given DC.
===============================================
Local domain is “ESGNET.lan” (ESGNET)
Account is “ESGNET\Exchange Enterprise Servers”
========================
DC = “ESG_CEN14”
In site = “Default-First-Site-Name”
Right found: “SeSecurityPrivilege”
========================
DC = “ESG_CEN16”
In site = “Default-First-Site-Name”
Right found: “SeSecurityPrivilege”
========================
DC = “ESG_CEN18”
In site = “Default-First-Site-Name”
Right found: “SeSecurityPrivilege”
========================
DC = “ESG_DC01”
In site = “Default-First-Site-Name”
Right found: “SeSecurityPrivilege”
========================
DC = “ESG_DC02”
In site = “Default-First-Site-Name”
Right found: “SeSecurityPrivilege”

The Google Public DNS IP addresses are as follows:

8.8.8.8
8.8.4.4

You can use either number as your primary or secondary DNS server. You can specify both numbers, but do not specify one number as both primary and secondary.

Depending on what your requirements are and what you wanting to spend there are two options available to use:

1) BIS (Blackberry Internet Service) – Local application built into the Blackberry (No costs involved)
2) BES (Blackberry Enterprise Service) – Special software for Blackberry (Costs involved)

Note: While setup instructions are provided below, Google Apps IMAP1 access is not officially supported for BlackBerry devices at this time.

First you need to ensure IMAP is enabled on your Google Apps account by performing the following steps:

To enable IMAP in Google Apps
1. Sign in to Gmail.
2. Click Settings at the top of any Gmail page.
3. Click Forwarding and POP/IMAP.
4. Select Enable IMAP.
5. Click Save Changes

To set up the BlackBerry’s email client with Google Apps email (IMAP), just follow these steps:

1. On your BlackBerry device, navigate to your home screen
2. Select the icon that lets you set up email (this can be called Setup, Setup Wizard, Email Setup, BlackBerry Set-up, E-mail settings, or Personal Email Set-up)
3. Follow the setup instructions provided on your device to create a new e-mail account
4. Be sure to enter the following:
o Mail Server: imap.gmail.com
o Username: [your full Google Apps email address]
o Password: [your Google Apps password]
o IMAP Port: 993
5. Allow the system to add your account, but do not enter your Google Apps password into the utility boxes (this causes the system to default to POP3 instead of IMAP)
6. Select Next
7. Select Next again (bypassing the ‘Additional Information Required’ section)
8. Select your account type, then select Next

You may encounter a ‘We were unable to configure…’ error. Select I will provide the settings to continue

9. Select the option that mentions ‘IMAP/POP’
10. Select I will provide the settings…, then select Next
11. Select Set up existing email account…
12. Enter your Google Apps account information here, with ‘imap.gmail.com’ as your mail server
13. Select Next
14. Select Save

If setup is successful, you should receive a confirmation message and a new mailbox icon should appear on your device’s home screen, labelled with your Google Apps email address.

If you encounter a problem during setup, please make sure you have enabled IMAP in your main Google Apps Mail settings.

Let us know if this helps and if we can assist you further.

Hyper-V requirements

To install and use the Hyper-V role, you must have the following:

1. An x64 processor. Hyper-V is available in x64-based versions of Windows Server 2008—specifically, the x64-based versions of Windows Server 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter.
2. Hardware-assisted virtualization. This feature is available in processors that include a virtualization option, specifically, Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V).
3. Hardware Data Execution Protection (DEP). Hardware DEP must be available and enabled. Specifically, you must enable Intel XD bit (execute disable bit) or AMD NX bit (no execute bit)

To install the Windows Server 2008 R2 Hyper-V server role, complete the following steps:

1. Click Add Roles. If this is the first role being added to the server, you may see a page describing the process for adding roles. Click Next.

2. Check the box for Hyper-V and click Next. Review the Windows Server 2008 R2 Hyper-V overview and then click Next.

3. Choose the NICs to configure as virtual networks for use by guest OSs. Click Next.

4. Review the summary installation. Make a note of which NICs require configuration as virtual networks.

5. When prompted, choose to reboot the server to complete the installation. After the server reboots, log in as Administrator to finish the installation process.

After adding the Windows Server 2008 R2 Hyper-V role, you can create and configure virtual machines.

Here is a list of the most common Outgoing servers:.

For Telkom ADSL, outgoing server is smtp.dsl.telkomsa.net or smtp.saix.net
For Telkom Analogue Dial Up, use smtp.saix.net or smtp.dsl.telkomsa.net
For 8TA (Eita), the outgoing server is smtp.saix.net
For MWEB ADSL, outgoing server is smtp.mweb.co.za or smtp.mweb.net

For Vodacom 3G, outgoing server is smtp.vodacom.co.za
For MTN 3G, the outgoing server is mail.mtn.co.za
For Cell C the outgoing server is mail.cmobile.co.za

For Iburst, outgoing server is smtp.iburst.co.za
For I.S. ADSL the outgoing server is smtp.isdsl.net
For I.S. 3G the outgoing server is smtp.isgsm.netor smtp.dial-up.net
For goggaconnect outgoing server is smtp.vodacom.co.za

For Neotel, outgoing server is smtp.neomail.co.za
For ABSA, outgoing server is smtp.absamail.co.za or mail.absa.co.za
For @lantic (ADSL,Dialup, ISDN) : smtp.lantic.net

For NetActive (ADSL,Dialup, ISDN) : smtp.netactive.co.za
For Polka (ADSL,Dialup, ISDN) : smtp.polka.co.za
For Web Africa (ADSL,Dialup, ISDN) : smtp.wa.co.za

For Cybersmart : smtpauth2.cybersmart.co.za or smtp.cybersmart.co.za

Problem:
========

Only one PPTP session is allowed only by TMG…if the second user tries to initiates its outbound VPN connection…it would fail.

Cause and Analysis:

========
– From the Network package captured on TMG, the Client caller ID was changed by external router device and thus the connection was discontinued. – Research and found this issue might be related to the below article: http://blogs.technet.com/b/isablog/archive/2009/01/07/a-pptp-client-might-fail-to-connect-to-a-vpn-server-on-the-internet-through-an-isa-server-2006.aspx – Changing the External Gateway device to Cisco 857w to have a try, and we find everything works fine now.

Solution:

========
To solve the issue, we need to contact the router vendor to check if a firmware update exists that fixes the issue or even change the router vender to another one like Cisco 857w.

=========

Client Response:
=========

Please close this case because prior to deploying the Cisco 857W router, only one user is allowed to VPN to Southern Africa VPN server. After the Cisco 857w was deployed, TMG was able to service two simultaneous VPN sessions from the LAN to External.

Thanks again eSG NETWORKS Support!