Tuesday, 25 October 2016

Multi Tenant Email Server Configuration

Multi Tenant Email Server Configuration


In this tutorial I am going to explain how to host multiple email domains on one Domain controller and Exchange server. 

Say for example , A company have two Branches and they are namely Dandenong and Mulgrave. The company doesn't want to have common email address. They want to have emails specifically branches 

So the users in Dandenong will have their mail address as user@dande.mks.com.au and the user in Mulgrave will have user@mul.mks.com.au. We can do the same to even different domains , Lets see how we can do this...

First of all to do this we need to have UPN ( user principle names ) and OU ( organizational units ) to create emails and user account. Lets see how we can do this 

Create OUs

1.    . Navigated to ‘Active Directory Users and Computers’ and created OUs for Dandenong and Mulgrave:

2.    Created two users in each OU, Mulgrave One and Two for the Mulgrave OU, and Dandenong One and Two for the Dandenong OU:


       Create UPNs: 

       Navigated to ‘Active Directory Domains and Trusts’:

           Right-clicked ‘Active Directory Domains and Trusts’ and selected ‘Properties’. Added ‘mulgrave.mks.com’ and ‘dandenong.mks.com’ as alternate UPN suffixes and clicked ‘Apply’ and ‘OK’:



       On the Exchange server : 

   Navigated to ‘Accepted Domains’ and added the        ‘dandenong.mks.com’ and 'Mulgrave.mks.com' UPN as an accepted        domain on the Exchange server:


Create Email Policy     

Navigated to the Exchange Administration Centre, and went to ‘Mail Flow > Email Address Policies’:

     Under ‘Email Address Format’, changed the address format to      ‘dandenong.mks.com’


Under ‘Apply to’, added a new rule and selected ‘Recipient Container’. Selected the previously created ‘Dandenong’ OU and clicked ‘Save’


Created a new email policy named ‘Mulgrave’ and repeated Steps for the ‘Mulgrave’ OU:



Created Users Email


     Navigated to ‘Recipients’ on the Exchange Admin Centre and added the Dandenong One, Dandenong Two, Mulgrave One and Mulgrave Two users from the OUs previous created:



   Noted that each user had the proper sub-domain applied as their email address, so the Email Policies had been applied successfully:



** Thanks Tim Rees  **

Tuesday, 11 October 2016

Configuring VoIP Basic level Packet Tracer

Configuring VoIP  Basic level Packet Tracer


Cisco Unified Call Manager Express to configure a basic VoIP. 

So the first thing to be done is to configure the IP address of the router:

Router>enable
Router#configure terminal
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.100.1 255.255.255.0
Router(config-if)#no shutdown


A DHCP server is used to assign IP addresses to the IP Phones.

A TFTP server is used to allow the phones to get the firmware and certain configurations files from the router, this is done by the option 150 of the DHCP.

Router(config)#ip dhcp pool VOICE
Router(dhcp-config)#network 192.168.100.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.100.1
Router(dhcp-config)#option 150 ip 192.168.100.1


Next step to do is to configure the Call Manager Express itself on the router

Router(config)#telephony-service
Router(config-telephony)#max-dn 5
Router(config-telephony)#max-ephones 5
Router(config-telephony)#ip source-address 192.168.100.1 port 2000
Router(config-telephony)#auto assign 1 to 5

1. Enters to the telephony services, if you don't have the telephony-service you have to enable by      typing the following in 2911 serious router. 

Note: license boot module c2900 technology-package uck9 

2. max number of phone lines

3. max number of telephones

4. The IP of the router, this is where the telephones will be registered and the source address where is running the DHCP and TFTP services, which will be the router itself. And the port used for the phones, the default one is 2000

5. This is to automatically register the phones, on this case is from phone 1 to 5 

Router(config)#ephone-dn 1
Router(config-ephone-dn)#number 100

Router(config)#ephone-dn 2
Router(config-ephone-dn)#number 200

Router(config)#ephone-dn 3
Router(config-ephone-dn)#number 300

Router(config)#ephone-dn 4
Router(config-ephone-dn)#number 400

Router(config)#ephone-dn 5
Router(config-ephone-dn)#number 500


We have configured 5 max IP Phones, so we will configure 5 max numbers for the line, 

Now thats all on the router, we have to configure the switch to access Voice VLAN. 

Switch(config)#int range fastEthernet 0/2-3
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport voice vlan 1

Interface 1 I have configured as Trunk interface 

Switch ( config) #int fastEthernet 0 /1
Switch(config-if)#switchport mode trunk 

If the encapsulation is Dot1q then just leave it as it is

That is all , now we must have our Phones configured with the numbers we have configured above 

 




Monday, 29 August 2016

Configure SSH access on a CISCO Router

Configure SSH access on a CISCO Router


There is only a way to access a cisco device physically is Console access ( of course we have USB now). But what if we have the Router or Switch in a remote location? 

We have to use Telnet to access the Router but Telnet is not a secure way of communication as the Username and Password transmit plane text format, Which is easy to capture the credentials. So we have to have a secure way of accessing the remote devices. This is where SSH comes in. SSH is a secure way of remote access with RSA encryption. Lets see how we can do configure SSH on a CISCO device

Login to the Router using console or Telnet and configure the following 

first we need to Configure the Basic configurations. 

1.Set hostname and domain-name
   Router>Enable
   Router#configure Terminal
   Router(Config)#hostname lab5
   Lab5(config)#ip domain-name lab5.com
   Lab5(config)#enable secret cisco123
   Lab5(config)#username XXXX privilege 15 secret XXXX

Now we have to configure RSA , if we use version 2 then we have to use 512 or above bits of encryption.

2.Generate the RSA Keys
   Router(config)#crypto key generate rsa
The name for the keys will be: lab5.com
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

3.Next setup VTY line 

Lab5(config)#line vty 0 4
Lab5(config-line)#login local
Lab5(config-line)#transport input ssh

4. Setup IP

Lab5(Config)# int g0/1
Lab5(Config-if)#ip add 192.168.100.1 255.255.255.0
Lab5(Config-if)#no shutdown


Thats all , Use the Putty or CMD to connect your Router

In CMD use SSH  -l Username IPaddress

Friday, 26 August 2016

How to configure and install self signed digital certificate on Exchange server 2013( No Certificate Authority )

How to configure and install self signed digital certificate on Exchange server 2013( No Certificate Authority ) 

After successfully installed exchange server every time when we go to OWA or ECP we could notice that it  says certificate error .

Here is how we can fix it..

First login to Exchange ECP and go to server and click Certificate

Click on the + and create new certificate

Make sure you have to select option two ( Create a self-signed certificate) and enter the friendly name.

Then on the next screen specify the server where you want to apply this certificate , In my case i will install on my mail server WIN2k12MAIL

Now click next and Specify the Domains you want to include, Click on Pencil and add the names...

Here i am adding for both intranet and Internet



Click Ok and move on to confirmation page

Click Finish, that is all we have created a new certificate

Click on the newly created certificate and assign the services, here i have assigned to IMAP and POP

Now we need to tell our IIS server to use this certificate to email server web request to do that, Go to IIS server

Go to Sites and then click default web sites
 
Click Add

Select HTTPS as Type and give your host name and then select the newly created certificate on the drop down menu. Then click ok and also restart the web service..
Now go to Exchange web access and you will still see the certificate error, Click on the certificate and install to Trust root..

Click install certificate

Select Local computer and select Trusted root


That is all close the web browser and reopen you should see the following screen now


Click on the Lock icon on the web browser and open the certificate , Subject alternative names

You can see the given domain names are there...

Thanks








Monday, 22 August 2016

Configure Audit Logon Events Policy in a GPO

Configure Audit Logon Events Policy in a GPO


Step by Step Guide

1)   Log on to Domain Controller with an account that has Administrator rights.    Ensure that the Group Policy snap-in is installed.

2)   Press “Win + R”, type gpedit.msc and press the Enter button to open Windows Group Policy Editor.

3)  Once you are in the Group Policy Editor, navigate to “Computer Configuration Windows Settings -> Security Settings -> Local Policies” and then select “Audit Policy” in the left pane.

     

4) Once the Window is opened, select both the check boxes “Success” and “Failure.” Now click on the “Apply” and “Ok” buttons to save the changes.


5) Once its Done go to event viewer and Check under Security....

Sunday, 21 August 2016

How to configure Windows Event Log Forwarding

How to configure Windows Event Log Forwarding


In a small and medium level business your budged will not allow you to buy and run a dedicated event reader. Since these days business depend on multiple servers and services its not easy for a system administrator to read all the events separately  on the servers. 

For this kind of situations Microsoft introduced Event Forwarding. Event Forwarding allows administrators to get events from remote computers, also called source computers or forwarding computers and store them on a central server; the collector computer.

Events can be transferred from the forwarding computers to the collector computer in one of two ways:

Collector initiated – Using this method, the collector will contact the source computers (clients) and ask them for any events they might have. The minimum operating system level required on the source computers is Windows XP SP2 with minimum Windows Remote Management 1.1 installed.

Source initiated – By using this method the clients or forwarders transfer events to the collector as required. Systems like Windows Vista, Windows 7, Windows Server 2008/R2 and Windows Server 2012/R2 can be Event Collectors, but this feature is not supported for down-level operating systems. Even tough there are no limitations when a client operating system is used as an Event Collector, a server platform is recommended since will scale much better in high volume scenarios.
(http://www.vkernel.ro/blog/how-to-configure-windows-event-log-forwarding)

Configuring event forwarding collector initiated subscriptions ( Step by Steps ) 
Let’s start by enabling WinRM on the Event Forwarders machines (the clients); and we have two choices here: we either use Group Policy to enable WinRM or we do it manually by issuing the bellow command on a client by client basis:

In my Example i have used WIN2K12MAIL as client.

winrm qc
If your clients are running Windows server 2012 and above, WinRM it’s enabled by default on them, but just to be sure, you can check the configuration using the bellow command line:


winrm get winrm/config
Now that WinRM it’s enabled on all our Event Forwarder computers
Now we have to configure Collector computer rights to read the logs from this computers
We can use the Event Collector computer account itself for authentication, or we can create a user account in Active Directory and use that
I have created an account called eventforwarder and added this to the default Event Log Readers Group.
Creating new user eventforwarder 
 
Adding eventforwarder to default Event Log Readers Group

The next step is to enable and start the event collector service on the collector machine, so i have logged in to WIN2k12DC server and issue the bellow command:
wecutil qc

Continue and if its Success let’s move forward and create a subscription on the collector computer which “tells” this one for what type of event logs to look for and collect from the forwarder computers
GO to Event Viewer and Right click on Subscription, Create new Subscription
Now click the Collector initiated radio button then hit Select Computers to add the source computers/forwarders from which the collector will pull the events
Now we have to select what events we wants to receive, so click on  Select Events button
The last step to make this work is to configure the account used by the collector machine to connect to clients. We already added this account to the local Event Log Readers group on every forwarder, so we should not have access problems.
Click the Specific User button, provide the account and credentials and click OK, then move down to the Event Delivery Optimization section where we have three options:
Normal This option ensures reliable delivery of events and does not attempt to conserve bandwidth.It gets the events every 15 minutes by using a pull delivery mode.
Minimize Bandwidth – This option ensures that the use of network bandwidth for event delivery is strictly controlled.
It uses push delivery mode and it uses a heartbeat interval of 6 hours.
Minimize Latency – This option ensures that events are delivered with minimal delay. It is an appropriate choice if you are collecting alerts or critical events. It uses push delivery mode every of 30 seconds.
I have done this way but it didn't work, Access Denied , So i have changed the User access to 
Administrator and it worked ..
Didn't work 
The one worked 
Now i can see the Forwarder is been added 
After ~10 minutes or less, depending on how you configured the Event Delivery Optimization options, logs should start coming in
That is all. Its working ...


Http vs Https