Tips and Tricks for System Admins

DEBUGGING: debug crypto isakmp debug crypto ipsec undebug all show IPSec information show crypto map interface pspecific int show crypto map show crypto isakmp sa show crypto ipsec sa show crypto ispec spi-lookup show crypto engine connections active  Use "show crypto isakmp map" and "show crypto map [interface] to determine the info to use for "clear" commands  You can clear IKE and IPsec with: clear crypto isakmp [connection ID] clear crypto sa map [crypto map]

When monitoring your Cisco device interfaces via SNMP keep in mind that interface index will changes after reboot and that will affect all your charts and stats. Here is how you can avoid this disaster: Connect to the router and type floowing commands enable conf t snmp-server ifindex persist end wr mem Recource on "ifindex" http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/ifindx.html

\\*\*\**\EventCache\ *.* \\*\*\**\RECYCLER\ *.* \\*\*\**\Temporary Internet Files\*.* \\*\*\**\WUTemp\ *.* \\*\*\win*\system32\wbem\ *.* \\*\*\win*\$*$\ *.* \\*\*\**\Temp\*.tmp \\*\*\win*\system32\dhcp\tmp.edb \\*\*\win*\**\Local Settings\temp\*.tmp \\*\*\Documents and Settings\**\Local Settings\Temp\*.tmp \\*\*\win*\system32\spool\ *.* \\*\*\win*\system32\LogFiles\ *.* \\*\*\win*\Security\*.log \\*\*\pagefile.sys \\*\*\**\VxPushRA\ *.* \\*\*\**\*.iso \\*\*\**\Trend Micro\**\HTTPDB\*.* \\*\*\**\Exchange Server\**\MDBTEMP\*.* \\*\*\**\Exchange Server\**\Queue\*.*

w32tm /config /manualpeerlist:time.nist.gov,0x8 /syncfromflags:MANUAL net stop w32time && net start w32time w32tm /resync

Create a file called "cleanup.cmd" Paste text below there: for /f %x in ('dir %SYSTEMROOT%\$*$ /s /b') do (rmdir /s /q %x) for /f %x in ('dir %SYSTEMROOT%\ie7updates\KB* /s /b') do (rmdir /s /q %x)

We saw these errors in the event log: 0x80070422 or 0x8007042c. What are these cryptic errors?  First thing we note, they start with 0x80070... so they are simply COM-specific error codes (HRESULTs in COM language) which denote Win32 failures. To manually transform such a HRESULT into its corresponding error code, do the following: a) Isolate the last four digits in the hex number above. In our case 0x422 or 0x42c. b) Transform this number in decimal. The "SET /A" command line comes handy here:  E:\>set /A 0x422  1058  c) Then, cut & paste the error code above into the parameters of the NET HELPMSG command:  E:\>net helpmsg 1058 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Windows programmers might recognize these errors immediately... for example 1058 is ERROR_SERVICE_DISABLED, and 0x80070422 is nothing else than HRESULT_FROM_WIN32(ERROR_SERVICE_DISABLED).

InstallBlackBerry App World (if you don’t have it already)  Open BlackBerry App World Select and click the magnifying glass icon Type in MESSENGER Select and click BlackBerry Messenger Click INSTALL (or REINSTALL) Select YES to replacing the current version Reboot the phone when prompted Go to the Applications menu   Older OS:    Options\Applications    Select Add-On from the drop down list  OS6:     Options\Device\Applicaiton Management     Press "All" dropdown list under "Application" and select "Optional" Select and click BlackBerry Messenger Press Blackberry Key and select DELETE Reboot the phone when prompted  Now your phone is a lot faster and battery will last much longer. You can still send receive PIN messages using built-in "Messages" application. Just select compose and when prompted select "PIN". Type (or select from Address Book)  the PIN of your recipient and voilà!

If you have a user who has stopped receiving email, and they are activated on a blackberry enterprise server, these are some of the common trouble shooting steps that might help.  Is the blackberry able to send email? *If it is not, open that email message and scroll to the very top and take that error message, it could say one of many things, some of the more common messages are:  "Service blocked" this will indicate that on the carriers side, the user has had something change on his data side and needs to speak to the carrier to get it resolved. Another great way to check, is have the user navigate to Options/advanced options/enterprise activation, if this is gone, it means that for some reason he was removed from the Blackberry enterprise data plan by his carrier.   http://www.blackberry.com/btsc/microsites/search.do?cmd=displayKC&docType=kc&externalId=KB02169&sliceId=1&docTypeID=DT_SUPPORTISSUE_1_1&dialogID=8422102&stateId=0%200%208420543

Symptom:     Dynamic redirect page loads and but blank and does not redirect.     Page source has the code but nothing happens   Resolution:    1. Reregister DLLs     regsvr32 /u /s urlmon.dll   regsvr32 /u /s mshtml.dll    regsvr32 /u /s shdocvw.dll    regsvr32 /u /s browseui.dll    regsvr32 /u /s jscript.dll    regsvr32 /u /s vbscript.dll    regsvr32 /u /s scrrun.dll    regsvr32 /u /s msxml.dll    regsvr32 /u /s actxprxy.dll    regsvr32 /u /s softpub.dll    regsvr32 /u /s wintrust.dll    regsvr32 /u /s dssenh.dll    regsvr32 /u /s rsaenh.dll    regsvr32 /u /s gpkcsp.dll   regsvr32 /u /s sccbase.dll    regsvr32 /u /s slbcsp.dll    regsvr32 /u /s cryptdlg.dll    regsvr32 /u /s oleaut32.dll    regsvr32 /u /s ole32.dll    regsvr32 /u /s shell32.dll    regsvr32 /u /s initpki.dll   regsvr32 /u /s msjava.dll    regsvr32 /s urlmon.dll    regsvr32 /s mshtml.dll    regsvr32 /s shdocvw.dll    regsvr32 /s browseui.dll    regsvr32 /s jscript.dll    regsvr32 /s vbscript.dll    regsvr32 /s scrr

Same files play without problem when used from USB direclty on PS3. Solution:   Login to Synology web interface and change MIME type of the .avi files       from : avi=video/x-ms-video       to      : avi=video/x-divx

1. Use ln command to create a symlink inside of the /volume1/video/ folder to point to     USB HDD /volumeUSB#/usbshare     (Note ensure what your USB number is first)      ln -s /volumeUSB#/usbshare /volume1/video/usbdrive     Ex: ln -s /volumeUSB2/usbshare /volume1/video/usbdrive     In case you ever want to remove your link use command below:      rm <linkname> 2. Re-Index media via Synology interface. Done.     Can also use mount but more hassle:      mount --bind /volumeUSB1/usbshare /volume1/video/usbdrive      unmount      mount /volume1/video/usbdrive      art up scripts *.sh located here:          sr/syno/etc/rc.d

Lately the question about setting CPU affinity is rearing its ugly head again. Will it offer performance advantages for the virtual machine? Yes it can, but only in very specific cases. Additional settings and changes to the virtual infrastructure are required to obtain a performance increase over the default scheduling techniques. Setting CPU affinity by itself will not result in any performance gain, but usually a performance decrease. What does CPU affinity do? By setting a CPU affinity on the virtual machine you are limiting the available CPUs on which the virtual machine can run. It does not dedicate that CPU to that virtual machine and therefore does not restrict the CPU scheduler from using that CPU for other virtual machines. When will CPU-affinity help? Under a controlled environment some specific workloads can benefit from using CPU affinity. When the virtual machine workload is cache bound and has a larger cache footprint than the available cache of one CPU it can prof

To globally apply Send As permissions to all user objects follow these steps:   Open Active Director Select the "View" menu and ensure "Advanced Features" is checked Right mouse click on your domain name and select Properties Select the Security tab Press the Advanced button at the bottom on the security tab Select "Add" and enter your Blackberry Service Account name (e.g. BESadmin) and select OK When the permissions screen appears change "Apply onto:" to "User Objects In the permissions box scroll down and check the Allow box beside "Send As" and press OK Press Apply and OK to exit

Symptom: User gets red X when trying to send. Resolution: - Verify if user is not a member of any Domain Admitiostrative group  (Otherwise "Send As" permissions of BESadmin account will be removed from the user every 20 minutes) - Add BESAdmin to the user's permissions with "Send As" access It may take up to two hours for Exchange Permission Cache to clear unless it is possible to restart Exchange Information Store service and reboot Blackberry Server.

Problem 1 The Internet Authentication Service (IAS) does not start, and an Error event that resembles the following is logged in the System event log The Internet Authentication Service service terminated with the following error: Only one usage of each socket address (protocol/network address/port) is normally permitted. Problem 2 Microsoft Exchange Server Always Up To Date (AUTD) notifications for ActiveSync fail, and Error events that resemble the following are logged in the Application event log: IP-based AUTD failed to initialize because the processing of notifications could not be set up. Error code [0x80004005]. Verify that no other applications are currently bound to UDP port [2883], or try specifying a different port number IP-based AUTD failed to initialize. Error code: [0x80004005]. Problem 3 The IPSEC Services service does not start, and Error events that resemble the following are logged in the The IPSec driver has entered Block mode. IPSec will discard all

Issue 1: There is a "please contact your systems administrator" error     The end user may experience the following obstacles during smartphone activation:   The BlackBerry smartphone stops responding for 10 minutes and displays an "activating" status. The smartphone attempts the "enterprise activation" process every 10 minutes and displays a "retrying" status.  After 40 minutes, the BlackBerry smartphone stops retrying and displays one of the following error messages: The server is not responding. Please contact your system administrator. An error has occurred. Please contact your system administrator.   There are several possible causes for this problem. Please find the reasons and corresponding resolutions below.     Cause 1   The user's account mailbox is full, or the messaging server cannot send or receive email messages.   Resolution   Have the user try to send and receive an email message using the email application on the comput

Open a Registry Editor Navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin Create new DWORD Value: ShowSecurityPage Set the data value to 1 Re-open Exchange System Manager

1. Create a batch file using following commands: "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\Utility\HandheldCleanup.exe" -u -p BlackBerryManager < name.txt shutdown /r /f /t 120 2. Create a file called "name.txt" and type BES server’s computer name there For example "EBBES". Make sure to press enter after that to add an extra empty line after that. 　 3. Schedule this script to run after mailboxes have been moved.

MyAdminUserName - Replace this name with the administrative username that you will be using to logon and export mailboxes MyExchangeServerName - Replace with your Exchange server name 　 On 32-bit server or workstation install Exchange 2007 System Management tools Make sure you download correct version of tools that matches service pack on your Exchange server Add MyAdminUserName user to the local "Administrators" group on the machine Install Outlook 2003 SP2 or later on the same computer Make sure MyAdminUserName as an "Exchange Server Administrator" - Open Exchange Management Console - Select "Organization Configuration" container - Under "Actions" section click "Add Exchange Administrator" - Click "Browse" to select MyAdminUserName user - Select "Exchange Server Administration Role" - Click "Add" to select your MyExchangeServerNamefrom the list - Click "Ad

Telnet to the router and apply command below Feel free to use any other NTP servers ---------- sh clock conf t clock timezone EDT -5 clock summer-time EDT recurring ntp server 192.5.41.41 ntp server 192.5.41.42 ntp server 64.73.32.134 ntp server 69.10.36.3 service timestamps log datetime localtime ----------

Send a test PIN message to verify Blackberry network connectivity and registration: 1. Go to the Messages screen and create new blank PIN message. 2. Type  PIN#  in the "To:" field and, type something in the subject and message body and sent it. If PIN message did not reach follow these steps: 1. On the Home screen, go to Options, or click Settings > Options. 2. Click Advanced Options > Host Routing Table 3. Display the menu and click Register Now. Wait for few minutes for your BlackBerry to re-connect to the wireless network. 4. Try sending me another PIN message and then notify via email.

@echo off rem Make Directory With Name Date and Time for /f "tokens=1-4 delims=/- " %%a in ('date /t') do set XDate=%%d-%%c-%%b echo %XDate% Where: %%a name of the day (Monday etc.) %%b Day %%c Month %%d Year

Work: How to Recover Microsoft Exchange server 2007 configuration from Active directory  1. On the domain controller open AdsiEdit.msc  2. Navigate to: Configuration [dcsrvname.domain.dom] CN=Configuration,DC=eaglebankmd,DC=com CN=Services CN=***ORGANIZATION NAME*** CN=*** ADMINISTRATIVE GROUP NAME *** CN=Servers 3. Right click on the server name "CN=MyExchangeServeName" and select properties 4. Enable check-box "Show only attributes that have values" 5. Make a note of the following values: msExchDataPath msExchELCAuditLogPath msExchHomeRoutingGroup msExchInstallPath name serialNumber versionNumber 6. Lookup the "serialNumber" and "versionNumber" and download corresponding Exchange Service Pack files.    You don't need to have Exchange installation and Serivce Pack. Service Pack includes everything.    7. Installed pre-requisite components on Exchange computer using the following comm