Saw this great post over at behindthemixer.com fron anyone who is involved in mixing live sound.
I look after an SBS 2008 install and we are preparing to rationalise the email setup in the very near future by using Exchange 2007 that comes as part of SBS 2008
In preparation for that switchover I needed to create a shared mailbox for the “Admin” team. However, in SBS2008/Ex2k7 you can’t create a shared mailbox through the GUI’s, it can only be done by the Exchange Management shell (aka Powershell).
Not too much trouble I thought as I found a Powershell example, so I prepared my command:
New-Mailbox -Name:'Admin' -OrganizationalUnit:'lbc.local/Exchange resources' -Database:'Mailbox Database' -UserPrincipalName:'[email protected]' -Shared
But, this command kept failing: New-Mailbox : Active Directory operation failed on LBCSRV1.lbc.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0At line:1 char:12+ New-Mailbox
I was using the SBS / Exchange administrator account, and doing this command on the server itself. After some searching I found a few posts that were experiencing the same problem but no real solutions.
Then it hit me! I tried opening the Exchange Management Shell as Administrator (right-click – Run As Administrator) ….ran the command again and hey-presto…..one shared mailbox created!!! Woooohooo!!
“I will tame SBS…I will tame SBS” 🙂
Two previous comments I received when my site was running Drupal:
Sabelo (not verified) – Tue, 17/08/2010 – 10:55
Thanks for your post it has saved me!! I have been battling with this error for solong and it never occured to me to do such a simple yet very important task. Thanks a lot once again.
David (not verified) – Wed, 02/05/2012 – 16:07
Legend, thanks for this. First result in Google and it fixed it.
I’m no Sharepoint expert so if I get the WSS terminology slightly wrong – you’ll know why!
Basically the issues presented themselves in the following ways:
1. A Sharepoint site had some sort of webpart that enabled “live” view of Excel spreadsheets within the browser.
When you first visited the page, everything was fine and the spreadsheet loaded successfully, however upon navigating away to a different page, any subsequent requests were either met with a browser dialog box stating that an error occurred finding the file, or an HTTP 503 Gateway error.
2. Miscellaneous authentication issues (HTTP 401 Unauthorised)
From an networking perspective, this was occurring across a number of resilient pairs of ACE’s. All were set for session persistency using a named cookie that was inserted by the ACE.
Nothing unusual so far!
Where it got interesting was when doing some packet captures, and Fiddler HTTP traces.
In these I could see that the cookie the ACE was insterting was present within the browser session, and an additional cookie set by WSS for keeping the session authenticated. I also noticed that were two other entries in the cookie, that to me, looked like random characters, but I concluded that these were inserted by the WSS server.
After some investigation, I determined that the HTTP header was larger than 4096 bytes – the extra entries that WSS was added were around 3400 bytes each (there were two! ).
It transpires that there is a default number of bytes that the ACE checks for a cookie in the HTTP header is 4096 bytes. If a cookie, HTTP header, or URL exceed this 4096 value, the ACE drops the packet and sends a RST to the client.
The solution for our environment was to increase this value to overcome the large HTTP header size containing the WSS inserted data.
Changes needed on the ACE:
parameter-map type http HTTP_MAP_HEADER_LENGTH set header-maxparse-length 16384
This defines a greater value. You can also set the ACE to passthrough any oversize packets if you choose to.
Then you need to apply that parameter-map to a policy.
policy-map multi-match my-policy-name class my-class-name appl-parameter http advanced-options HTTP_MAP_HEADER_LENGTH
Hope this helps someone out. Any questions or feedback is welcome via the comments link below.
Wow – what a title!!
Hopefully this post will make things a bit clearer.
I have a Cisco 1721 router configured to be a VPN server for a few IPsec client PC’s. Currently the user authentication part is just being done with local users setup within the router config.
However we have Windows SBS 2008 internally providing Active Directory services, amongst other things.
So, my aim in this piece of work was to get the Cisco VPN using the AD accounts for client VPN user authentication.
There were two main parts to getting this working – the config on the Cisco router, and the configuration of NPS (Network Policy Service (formerly IAS) on Windows. In this post I will cover the Cisco side, and will try to put up some notes on the Windows side when I get home where I am able to grab some screenshots.
Config required for Cisco router
This is the trimmed down version of the statements I had to add/change. If you need to see full config for understanding, drop me a note.
aaa new-model aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 group radius local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local radius-server host 22.214.171.124 auth-port 1812 acct-port 1813 key 7 "removed"
Potential stumbling block
One snag I ran into was related to the VPN group authenticaion. During my config changes I applied the following line (remotely – DOH!!!) which killed the VPN completely.
aaa authorization network sdm_vpn_group_ml_1 radius local
The symptoms this presented was the VPN client would try to connect but fail almost immediately.
What I didn’t realise to start with was that this config statement was offloading the VPN group authentication part of the connection over to the Radius server, where I didn’t have any groups setup, as I was only looking to use Radius for the user authentication.
So by leaving removing the radius option with that statement, the Group authentication check is still done against the name/key within the crypto isakmp client configuration group section.
Hopefully this can be of use to someone else – feel free to add any comments/questions below.
I first started building this plane about 18 years ago (when I was very young an inexperienced). I didn’t learn to fly until October last year, and since properly getting the ‘bug’ have been trying to complete it.
It’s nearly done, and will post a photo or two shortly.
It’s kitted out with a Tuned by West Magnum 70 FS. This is a standard Magnum 70 FS but with a modified head, and a different carb. It’s reported to be approx 20% more power, and snappier throttle response etc.
I’m using Futaba S3003 servos for all functions.
Originally I was going to install fixed undercarriage, but following the 18 year break new retract technology has appeared, so I have opted to install some Servoless Retracts (http://www.hobbyking.com/hobbyking/store/uh_viewItem.asp?idProduct=14838).
They are quite inexpensive, and only time will tell how durable they are.
I have a Spektrum DX8, and so have installed an AR6200 receiver with the satellite receiver.
Hopefully will get to give it a maiden failty soon.
Well, with the sun shining, and a bit of breeze blowing it was time for the maiden yesterday, of my Dave Smith Models Saphir 40.
The Magnum 70 (Tuned by West) produced loads of power and with controls checked it was time to take to the sky.
After a bit of trimming out, Paul put the Saphir through it’s paces – it looked fantastic in the air, and flew brilliantly.
Once that flight was over, (and a quick cuppa) it was my turn.
With my buddy box connected (I’m still a learner really), I took the controls – wow, what can I say – it’s brilliant. Very easy to fly – I can tell I’m going to have a lot of fun with this model.
I bought it on eBay in April 2012.
Engine: Thunder Tiger F-54S Four Stroke
Prop: Master Airscrew
Throttle: Futaba S3003
Elevator: Futaba S3003
Rudder: Futaba S3003
Ailerons: 2 x Spektrum DS821
Receiver: Spektrum AR6200
Battery: 4.8v NiMh
The Thunder Tiger F-54S engine is brilliant. It literally sips fuel. I ran it at the field the other day when it was too windy to fly – on 3/4 tank, at a variety of throttle speeds it ran for 22 minutes !
First solo flights!! I went to our field in Egerton and I was the only one there.
So, in a fly-or-crash kinda moment I nervously took to the sky.
Due to the nerves on the first flight I forgot to start my timer – so I only flew circuits for 5-6minutes and then made my approach. First approach was a little off, so I went round for another go. This time was much better and brought the Wot 4 in for quite a reasonable landing (on the strip!).
My nerves needed a good 20mins recovery, before I went for it again, this time with timer running. Another succesfull flight.
Finished the evening off with a 3rd flight – this time landing was good, with touchdown about 10feet past me.
All in all a good session.
A friend recently introduced me to Spotify (http://www.spotify.com) and it’s superb!!! For those that don’t know, Spotify is a streaming music service. It has a huge database of songs, just search away, hit play and let your ears be filled! There are different account schemes available, starting with a Free service, that is advertisment-supported. I have to say, that is is a great way to listen to music as the frequency of adverts is so few and far between that it doesn’t distract from the music at all.
Now, the really great bit is that I have found an app that will run on Windows, Mac or Linux that allows you to stream the output of Spotify (in fact any audio from your system) to any or all of the Airport Express devices in your home. It’s called Airfoil
Check out http://rogueamoeba.com/airfoil/ – it’s about £18 but to me that seems good value for money and it works very well.
All in all a brilliant couple of apps that keep my music ears very happy
Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!