Translate

Tuesday, July 1, 2014

How to Install Windows 8 or Windows 8.1 using the "Unified Extensible Firmware Interface" (UEFI)


  Information
Systems that are built using Unified Extensible Firmware Interface (UEFI) are more likely to achieve very fast pre-boot times when compared to those with traditional BIOS. This isn’t because UEFI is inherently faster, but because UEFI writers starting from scratch are more able to optimize their implementation rather than building upon a BIOS implementation that may be many years old.
Delivering fast boot times in Windows 8 - Building Windows 8 - Site Home - MSDN Blogs

This method can also be used for the UEFI installation of Windows 7, Windows Server 2008 SP1, Windows Server 2008 R2, and Windows Vista SP1.

Note 
You will need to satisfy the following requirements in order to proceed:


  • A Windows 8 compatible system
  • A Windows 8 64-bit installation media. 32-bit is not supported.
  • A UEFI v2.0+ compliant PC. Check your chipset manufacturer/firmware documentation.
  • A blank, partition-free, hard disk for installation.
  Warning

  • Disabling UEFI will make the system unbootable as there is no MBR on the disks.
  • You CANNOT make a sector-by-sector copy of GPT disks. The Disk and Partition GUIDs will no longer be unique. This must never happen. You can make a sector-by-sector copy of the contents of ESP or basic data partitions
Here's How:

1. Do step 2 or 3 below depending on what installation Media you are using.

2. If using a 64-bit Windows 8 or 8.1 Installation DVD with UEFI Support

A) Insert the DVD, restart the computer, and go to step 4 below.
NOTE: If you are unsure that your 64-bit DVD has UEFI support, then see OPTION TWO here: Windows 8 and Windows 8.1 ISO - Download or Create

3. If using a 64-bit Windows 8 or 8.1 Installation USB Flash Drive with UEFI Support

A) If you have not already, you will need to create a Windows 8 or 8.1 installation bootable USB flash drive with UEFI from either a Windows 8 installation ISO or DVD.

B) Connect the USB, restart the computer, and go to step 4 below.

4. Press whatever key (ex: F11) it shows to boot to your motherboard's boot menu, and select to boot from the listed UEFI DVD or UEFI USB. (see screenshot below)

Name:  UEFI_USB_Boot_Menu.jpg
Views: 231774
Size:  45.4 KB

5. Do steps 2 to 7 in the tutorial at the link below, and return.

6. Delete all partitions/volumes on the disk # (ex: Disk 0) that you want to install Windows 8 as UEFI on until that disk # shows as unallocated space. (see screenshot below)

Name:  Step7.jpg
Views: 229451
Size:  26.1 KB

7. When you are finished, click/tap on New, Apply (for full size of disk), and OK. (see screenshot above)

8. You will notice that the disk has now been formatted as GPT with 4 partitions. Select the "Primary" partition 4, and click/tap on Next. (see screenshot below)
NOTE: You might receive a "Windows can't be installed on drive 0" warning, but as long as you can click on the Next button, you're fine.

Note   Note
The 4 partitions are:

  • Paritition 1 - Recovery
  • Partition 2 - System - The EFI System partition that contains the NTLDR, HAL, Boot.txt, and other files that are needed to boot the system, such as drivers.
  • Partition 3 - MSR - The Microsoft Reserved (MSR) partition that reserves space on each disk drive for subsequent use by operating system software.
  • Partition 4 - Primary - Where Windows is to be installed to.

    It is imperative that these 4 partitions remain in the exact order as they are




Name:  setup.PNG
Views: 237097
Size:  54.5 KB

9. You can now finish doing the steps in either tutorial below.



10. That's it. You have successfully installed Windows 8 on a UEFI system.

How to create a bootable Windows 8 installation DVD using the ESD folder


Step by Step series of instructions and screen shots on how to burn a bootable Windows 8 installation DVD. If you have a folder named C:\ESD on your disc drive you can use it to create a bootable Windows 8 installation or repair DVD.

This is especially useful if you forgot to choose the “Install by creating media option” when using the Upgrade Assistant to obtain Windows 8.
One word of caution: If you are running a 32Bit version of Windows (XP, Vista or Windows 7) the Upgrade process will download the 32Bit version of the Windows 8 installation files as there is no means of selecting the 64Bit when using the Windows 8 Upgrade Assistant. The same is true if you running a 64Bit version as what you get is the 64Bit version of the installation files which are located in the ESD folder.
Note: If you do not have an ESD folder you can re-download the upgrade using the Windows 8 product key you received in your Email confirmation.
How to upgrade to Windows 8 with only a product key: http://windows.microsoft.com/en-GB/windows-8/upgrade-product-key-only
Once the actual upgrade process starts you will be given the chance to select how you want the installation to proceed.
1) Install now
2) Install by creating media
3) Install later from your desktop
Selecting either the "Install by creating media" or “Install later” option will create the necessary C:\ESD folder. At this point in time I’m not certain that the “Install now” option will create an ESD folder but it should.
I will show you step by step how to use the contents of the ESD folder to create a bootable Windows 8 installation DVD.
The screenshots below were taken from a computer running Windows 7 Professional 64Bit. Note that before starting I created an Image Backup of the entire disk drive and also disconnected the second drive in the computer. I then used option #3 “Install later from your desktop” as a means of creating the ESD folder and associated files and sub-folders.





1) Download and install ImgBurn:ImgBurn is a utility that can be used to create a bootable installation DVD from a specified source or to create an .ISO file from a specified source and later use the .ISO file to create a bootable installation DVD.
http://www.imgburn.com/index.php?act=download
2) Start ImgBurn and click on the ‘Write files/folders to disc’ option.


3) Click on the ‘Options’ tab and select the option shown in the screen shot.
Warning: Do not select the ‘Preserve Full Pathnames’ or the ‘Include Archive Files Only’ options. Set the ‘File System’ to UDF.


4) Select the Source, use the Browse option: Navigate to C:\ESD\Windows\
Click on the ‘Windows’ subfolder and click on the ‘Select Folder’ button.


5) Select a Destination, which should default to your DVD burner:
Note: The ‘Verify’ option should be checked.


6) Click on the ‘Advanced’ tab, click on the ‘Bootable Disc’ tab and place a checkmark in ‘Make Image Bootable’ option. Emulation should be set to ‘None’.


Next you need set the 'Boot Image' field to point to the 'etfsboot.com' file which is located in the C:\ESD\Windows\boot\ folder. Click on this file and then click on the ‘Open’ button.


In the Developer ID field enter: Microsoft Corporation. Finally change the ‘Sectors To Load’ value from 4 to 8.


Next, click on the ‘Restrictions’ tab and set the ‘Folder/File Name Length’ to ‘Level X – 219 characters’. Place check marks in the following: Allow more than 8 directories, Allow more than 255 Characters In Path, Allow files Without Extensions and Don’t Add -1 Version Number To Files’.


If you have not already done so, insert a blank high quality DVD+R media. Now select the ‘Device’ tab and set the ‘Write Speed’ to either 2 or 4x.


Start the process to burn the DVD
7) Start the process to burn the DVD. When you are warned “You’ve only selected 1 folder !” (C:\ESD\Windows\) click ‘Yes’ to continue.



8) Enter a meaningful “Volume Label” as shown below and click ‘Yes’.


9) ImgBurn will display the files and folders and other information about the DVD to be created. Note that the information displayed below may vary depending on which version of Windows you are upgrading from but should be an exact match of the properties for the contents of the C:\ESD\Windows folder.


Click ‘OK’ to start the process of burning a bootable Windows 8 installation DVD.
10) The progress bar is displayed. Time to create the DVD may vary based on the DVD write speed you selected. Using a 4x burn rate this should only take about 10 minutes (at 4x) to burn the DVD and another 4 minutes to verify the contents.


11) Completion status notice, also review the ImgBurn log for any errors, then exit ImgBurn.


12) Check the contents of the DVD that ImgBurn created.


That’s it, your done.
Remember this is an “Upgrade” Windows 8 installation DVD and when using the product key (received via Email when you placed an order for the $40 upgrade offer), requires that you have a previous version of Windows (XP, Vista or Windows 7) is installed and activated.
You can also use the DVD to ‘Repair’ Windows 8 by selecting the Troubleshoot option and selecting either ‘Refresh’ (without losing your files) or ‘Reset’ (removes all files and reset your PC completely) options.

Thursday, June 26, 2014

AutoArchive MSoutlook 2013



Not sure about option 2 or 3, But you can certainly archive mails depending on the date. There is a feature called AutoArchive for that. For Outlook 2010: Click the File tab, and then click the Options tab on the File menu. Click the Advanced tab. Click AutoArchive Settings.
For Outlook 2007 and Outlook 2003: On the Tools menu, click Options, and then click the Other tab. Click AutoArchive.
Then to set folder specific settings, Right-click the folder that you want to AutoArchive, and then click Properties. Click the AutoArchive tab.

Saturday, May 3, 2014

Lotus Notes


Application: LOTUSNTS External port: 1352 Internal port: 1352 Protocol: TCP/UDP

• Lotus Notes router and firewall port information
The information in this article is for the PC platform.

Any ports for Lotus Notes listed on this page should be opened or forwarded in your router/firewall to allow proper connection to an online server or dedicated server and/or when you want to host an online multiplayer game or application from your computer or local area network (LAN). If you are unsure of how to open or forward ports please check your router/firewall manufacturers web site where you should be able to find a list of frequently asked questions or a knowledge base section, you may also be able to view an online user manual and in the vast majority of cases there will also be online support forums or blogs where you can look at a particular game or application and see whether other users have experienced the same problems, this is often a very good way to resolve a port forwarding issue, lots of users with similar computer hardware and internet connections may have experienced the same problem themselves and resolved it through online support forums or blogs, There may also be fan/clan or official website support pages where you can get information about Lotus Notes online connection issues, you could also check the user manual that was supplied with your firewall or router, this should contain precise information that is specific to your router or firewall and should describe the process of opening or forwarding ports in easy to follow guides.

Once you know how to open or forward the ports you can use the application name, port numbers or port ranges, tcp/udp protocols shown here to modify your firewall or router's settings. To bookmark this page for future reference, press CTRL+D, alternatively you can make a note of the required tcp/udp ports now, unless stated otherwise, all the ports listed above must be forwarded. In some cases you may need to open several ports or port ranges, but if they are listed here they are required by the game or application. Some of the ports listed may state that they are for a game or application and there may be a seperate list which must also be forwarded when you are the host of an online game server and some applications, if this is the case, the exact requirements will be listed in the ports section and if the game or application requires additional ports when you are the host of a server it will state it in the list of ports. If there is no information listed for the ports or there is a question mark where the port numbers should be this means that we have so far been unable to verify the router/firewall ports, we are always looking for new information and trying to verify any existing information and welcome any input from people who may own the game or application.

This information is accurate to the best of our knowledge and where possible has been verified with a user manual for the game or application, in some cases the information will come from our web site administrators who have patiently tested and verified it. If you have any difficulties, errors or problems after opening or forwarding the ports you can register with us and send us an email using the Contact Us button on the main menu which will become available when logged in, we will always try to answer any queries and find a solution. We also have the system requirements listed for a growing number of titles so that you can check that your computer meets the minimum requirements, this information should also be available in the user manual that was supplied with Lotus Notes or from the publishers/developers web site directly.
All information on this web site is free of charge so feel free to browse around, you can also use our quick find, search, list articles or our alphabetical lists from the main menu to locate a particular game or application.
We welcome users worldwide, registered users can enable or disable our regular website newsletter to let them know when new articles are added to the web site or updated on the website, this can be very useful when new games, applications, software versions are released. All registered users can enable or disable these and many other options on our website by editing their preferences page.
Article submitted : Tue, 30 May 2006 at 21:50:22 by Admin Devilz Sniper
Last Modified : Sat, 15 Nov 2008 at 13:42:16
Press CTRL+D to add Lotus Notes to your bookmarks

Monday, April 7, 2014

Step-by-Step: Publishing a Single Exchange 2003 OWA with ISA 2004 Firewall Forms Based Authentication


I decided to take the DIY approach for setting ISA firewall to securely publish Exchange 2003 Outlook Web Access using forms-based authentication and SSL bridging to provide a higher level of security in web mail access. I believe this step-by-step article will take out some of the guess work that I went through when checking the configuration.
Step-by-Step:
Publishing a Single Exchange 2003 OWA with
ISA 2004 Firewall Forms Based Authentication by Liran Zamir
By Liran Zamir
Got questions? Discuss this article over at
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=23;t=000106

I decided to take the DIY approach for setting ISA firewall to securely publish Exchange 2003 Outlook Web Access using forms-based authentication and SSL bridging to provide a higher level of security in web mail access. I believe this step-by-step article will take out some of the guess work that I went through when checking the configuration.
The procedures in this article will not work for multiple Exchange server environments as the publishing rule can only redirect request to a single server. If implemented in a multiple server environment, users will only be able to access OWA mailboxes located on the published server. I presume that in a multiple server environment the procedure could be configured only when the actual published server is an Exchange front-end server.
The advantage of publishing Exchange Outlook Web Access (OWA) using the ISA firewall's Forms-Based authentication is the ability to off load the authentication of web clients from the Exchange server to the ISA firewall, and to prevent unauthenticated communication from reaching the Exchange server. The ISA firewall's Forms-Based authentication works with Exchange 5.5, 2000 and 2003.
This article will focus on Exchange 2003, where a web site certificate is used for two purposes:
  1. Provide SSL communication between the remote client and the ISA firewall.
  2. Provide SSL communication between the ISA firewall and the Exchange server.
This will create an SSL to SSL bridge where the SSL communication from the remote client is terminated at the ISA firewall, and another SSL session is created between the ISA firewall and the exchange server. The remote client does not actually connect directly to the Exchange server over SSL.
Steps for deployment:
Preparing the Exchange server 2003 and certificates.Decision point – Which certificates to use
Create your own certificates
Generating the web site certificate request
From a request to a certificate
Importing the certificates to the ISA firewall.Checking SSL connectivity between the ISA firewall and the OWA site
Importing the certificates
Checking Browser connectivity from ISA to the OWA site
Configure the ISA Web Listener and Publishing rule.
Verify External connectivity.

Preparing the Exchange server 2003 and certificates.

NOTE! Do not enable forms-based authentication on the Exchange server itself.
The first step to take is to configure your internal Exchange 2003 server to use a web site certificate for client connections. The clients may be internal or external network clients, as far as the Exchange server is concerned. Since in our case remote clients will actually connect to the ISA firewall, the ISA firewall itself will act as a client to the OWA web site. The Exchange server OWA web site can be configured to require SSL communication only, but this article will not cover this issue as it is usually not necessary to encrypt OWA connections within the internal network.

Decision point – Which certificates to use?

The best way to approach the use of certificates for a publicly accessible web site is to acquire a certificate from a known Certificate Authority such as Verisign.
The advantage of such certificate is that the issuer (the company which owns the certificate authority who generated the certificate) is already trusted by Windows based computers. You can use Internet Explorer's Internet Options and Content tab to see the list of trusted certificate authorities. Another option is to open an mmc console and use the Certificates snap-in to view the list of Trusted Root Certificate Authorities.

If you cannot afford the purchase of a publicly signed certificate, you can issue your own certificates using a Windows 2000/2003 server, with the free Certificate Authority services within those network operating systems.

Note!
In some cases, such as when using the Exchange 2003 RPC over HTTP feature, you will be required to manually import the home-brewed CA certificate to the client computers in order for those computers to trust the unfamiliar Certificate Authority.

Create your own certificates

To issue your own certificate from a Windows 2003 server, use the following steps to install the required components.
Open Add/Remove programs, and select Add/Remove Windows components.
To make the process to issuing certificates easier, you should install both
the IIS server and the Certificate Services which include both the Certificate Authority installation and the Certificate Services Web Enrolment support.

During the installation process you will be asked to select which type of Certificate Authority you would like to install. If the sole reason you install the CA is to generate a web site certificate, select a "Stand-Alone root CA". In a larger environment when PKI infrastructure is deployed you should check if an Enterprise root CA is installed - which will be able to issue the certificates.

Continue the installation process; provide a common name for the CA. I suggest you enter the public domain that you are using. In the following case I used my own registered domain name: liran.org

Accept the installation defaults and finish the installation.
When done, you will notice that on the CA server, a CA certificate is placed in the %windir%\system32\certsrv\CertEnroll folder. You will need to import the CA certificate to the trusted root Certificate Authorities store on the ISA firewall later on.

Generating the web site certificate request

Log on to the Exchange 2003 server you intend to publish. Open the Internet Information Services (IIS) Manager tool from the Administrative Tools menu, and expand the web sites tree. Locate and click Properties on the Default Web Site, which holds the OWA virtual directories. Select to the Directory Security tab, and click Server Certificate…. In the Wizard select: Create a new certificate.

Select to Prepare the request now, but send it later, and click Next. Leave the certificate name as Default Web Site, and the Bit Length: 1024 and click Next. Type the name of your organization and an OU, and click Next. In the Common Name window, make sure to enter the exact FQDN that will be used by external users to access the OWA web site. If the following example I used owa.liran.org. You should register this record with your publicly available DNS service provider for your domain. This record should point to the ISA firewall external interface IP address.


Note!
For smaller companies, the external IP address of the ISA firewall may already be configured on your public DNS for your domain as the MX record with a name such as mail.liran.org . When creating the certificate, you may use this record as the certificate common name, and save some time on calling the DNS provider for additional DNS record registration, but I will advise against it as you might want to set up a mail gateway in the future which will use the mail.liran.org as the MX record, but will no longer point to the ISA External interface IP address. The is no problem having more then one DNS record pointing to a single IP address, so just add another host record such as owa.liran.org.
Continue running the certificate wizard, enter additional information in the Geographical Information page. In the Certificate Request File Name page make sure to note the location and file name of the certificate request file. The default location is c:\certreq.txt. Continue the process and click Finish.

Form a request to a certificate

To approve the certificate request, open a web browser on the Exchange server and enter the URL to the CA server. For example: http://CAServer/CertSrv (replace CAServer with the IP address or computer name of your CA server) On the Certificate Services Welcome screen, click Request a certificate. Select advanced certificate request, and click Submit a certificate request by using…. On the Submit a Certificate Request or Renewal Request page focus on the Saved Request window.
Open the request file generated earlier, (c:\certreq.txt), with notepad, and copy the content code between the Begin and End sections, and paste into the Saved Request window.

When done click Submit. Wait for the Certificate Pending, and close the web browser. Log on to the certificate server, open the Certification Authority console from the Administrative tools menu. Expand the CA, and navigate to the Pending Requests tree. On the right pane you will see the certificate request just waiting there to be approved. Right click the certificate and select All Tasks and then Issue. The issued certificate will be moved to the Issued Certificates container.

Go back to the Exchange server, and open the web browser. Again point to http://CAServer/CertSrv , and click View the status of a pending certificate request. Click the saved request certificate link, and select Download certificate using the DER Encoded. Save the file certnew.cer to the Exchange server desktop. Open the IIS console on the Exchange server, and again navigate to the Directory Security tab of the Default Web Site. Click Server Certificate… and use the wizard to process the pending request. Provide with the certnew.cer file, verify port 443 as the SSL port, click Next, Finish, and OK to close the properties page. Restart the Default web site.
At this point, the Default web site is SSL enabled, which means you can access it using either HTTP or HTTPS.
If you try to access the OWA web site using a web browser with https://, you might be prompted with an Alert such as the following one:

Note that the Alert contains three parts as explained:
a. Warning will appear if the CA that generated the certificate is not trusted.In case you generated the certificate yourself from a privately installed CA,
you will need to import the CA certificate to the computer Trusted root
certificate authorities store
. This is NOT required process on every client
unless you find this message very annoying.
b. Warning will appear if the certificate dates are invalid. This could happen if the date scope of the certificate does not match
the date settings on the browsing computer, or if the certificate dates
themselves either will start in the future or already ended.
c. Warning will appear if contacting with a URL that is different for the certificate common name.
In the above example I used the server NetBIOS name instead of
https://owa.liran.org/exchange, which caused the alert to appear.
In order for ISA firewall to properly publish the secured web site, you must make sure that SSL connection to the OWA web site will not fail any of the above tests. This will be covered later on.

Importing the certificates to the ISA firewall.

The ISA firewall will require the web site certificate with its private key to make client-to-ISA SSL connections, and ISA-to-OWA SSL connections. You should export a copy of web site certificate for a later use.
To do so, return to the Directory Security tab of the default web site on the Exchange server, and click View Certificate. On the certificate window, select the details tab, and click Copy to file. In the wizard, select Yes, export the private key, select to enable strong protection, set a password, and select to save the certificate to a file named c:\owasitecert.pfx. Copy the file to the ISA firewall hard drive. As I explained at the last section on step 1, the ISA 2004 server must be able to perform SSL client connectivity to the Exchange secured OWA site without any warning messages.

Checking SSL connectivity between ISA 2004 and the OWA site

Make sure SSL connection can be made from the ISA firewall to the Exchange server. Open a CMD console, and enter the following line to test SSL connectivity: telnet ExchangeIP 443. (Replace ExchangeIP with the Exchange server internal network IP address).
If a connection could not be made, create a computer definition for the Exchange server in the ISA console, and then create an access rule to allow HTTPS from LOCALHOST to the Exchange server computer object. Check connectivity again using telnet. When the connection could be made, continue by importing the required certificates to the ISA firewall.

Importing the certificates

On the ISA firewall, click Start -> Run, type mmc and click OK. In the new console either click CRTL+M, or select Add/Remove Snap-in from the file menu. On the Standalone tab, click Add, and select Certificates. Select Computer Account, and click Next. Select Local Computer and click Finish. Click Close and OK.
In the console, expand Certificates (Local computer), and navigate to Trusted root Certificate Authorities -> Certificates. Try to locate the Certificate server certificate. It should be named as your external domain name if you used my suggestion earlier for naming the CA. (This is not required if using 3rd party certificate) If you cannot find the certificate, you will need to import it. Copy the .crt file from the \system32\certsrv\CertEnroll folder of the Certificate authority server to the ISA firewall.
Back on the ISA firewall, right click the copied certificate, and select Install Certificate. Click Next, and select Place all certificates in the following store. Click Browse, enable Show physical stores, expand the Trusted root certificate authorities, and select Local Computer. Click OK, Next and Finish. You will be prompted with a security warning, click Yes, and OK to confirm the certificate installation.
To confirm the certificate installation, refresh the Trusted root Certificate Authorities certificate list and verify the certificate can be located.

Keep the certificate console open on the ISA firewall.
Next, you will need to import the Web site certificate to the ISA firewall.
Use the certificates console again.
In the Console tree, expand Certificates (Local Computer), and select the Personal container. Right click Personal and select All Tasks -> Import. Use the Browse to locate the owasitecert.pfx file you copied from the Exchange server earlier, provide the password, and place the imported certificate to the personal certificate store. When down, refresh the personal store and locate the imported web site certificate under Personal -> Certificates.
The certificate will be named based on the Common Name you selected for the published web site.

Close the Certificates console. You are not required to save it.

Checking Browser connectivity from ISA to the OWA site

Now we will check if the ISA firewall can connect to the OWA web site. As explained on the first section of the article, a few checks are made when connecting to a site with an SSL certificate.
We already covered the importing of the CA certificate to the ISA firewall, so the CA should already be trusted.
I assume that the web site certificate dates are valid as well as the date/time configuration on the ISA firewall clock, so we are only left with making sure that the URL used to connect to the OWA site is the one specified in the common name. This means that in our lab case, we should be able to resolve the URL owa.liran.org from the ISA firewall to the Exchange server internal IP address.
If the ISA firewall cannot resolve the common name (owa.liran.org) to the Exchange IP address using DNS, (test by performing a ping command), you should edit ISA firewall's hosts file (located in the %systemroot%\SYSTEM32\DRIVERS\etc folder) to include a name to IP translation of the common-name FQDN to the Exchange IP address. After updating the HOSTS file, try to ping the FQDN again, and verify that the ping request indeed tries to ping the Exchange IP address. Note that we are looking for a successful name resolution and not a successful ping as ping traffic might be blocked by the ISA firewall default rule.
Open a web browser on the ISA firewall, and enter the URL for test. The URL should be in the form of: https://common-name/exchange (You should replace the common name with the actual FQDN). If you are getting the Security Alert message, you should resolve the cause of the problem and try again. If you are unable to access the site at all, disable any web proxy settings in the browser LAN Settings and try again. Do NOT delete the added entry to the hosts file!
After resolving any problems you might have, you will be able to connect and logon to a mailbox on the Exchange OWA web site using basic authentication pop-up window. Form based authentication will be performed for remote clients by the ISA firewall.

Configure the ISA 2004 Listener and Publishing rule

In our example, the ISA firewall is configured with two network adapters. The first adapter connects to the LAN and the second adapter to the Internet. To publish the OWA web site, we will open the ISA management console, and navigate to the Firewall Policy on the left pane. On the right pane, expand the Task Pane. Click Publish a mail server on the Tasks tab. The Welcome to the new mail server publishing rule wizard will appear. Select your desired rule name and click Next. Select Web Client Access, and click Next. On the Select Services page, make sure that Outlook Web Access is selected and click Next.

On the Bridging Mode page select Secure Connection to client and mail server.
On the Specify the Web Mail Server page, type the FQDN of the published site (not the IP address, not the NetBIOS name and not the internal domain FQDN unless the full server name of the Exchange server in the internal Active Directory DNS matches the Common name FQDN, which is not likely).

On the Public Name Details page, enter the FQDN again, and click Next.
On the Select web Listener pane either edit an existing listener or create a new Listener in case no listener exists.

Configure the listener to listen on the External network segment. You can use the Address option to specify the specific external IP address to listen to in case you got multiple external IP addresses.

On the Port Specification page, enable SSL on port 443 and clear "Enable HTTP". Click Select to select the web site certificate that will be used for the client secure connection. If clicking Select results with no certificates, you should either close and reopen the ISA console (it might have been open when you imported the certificate), or re-check the certificate existence in the Personal certificate store of the Local Computer. Click Next and Finish to close the Listener configuration. Back in the Select Web Listener page, click Edit to edit the listener further more.

On the Preferences tab click Authentication.

Remove the Integrated selection, and select the OWA forms-Based instead. Click OK twice to confirm the Listener configuration and return to the Select Web Listener page. Click Next twice to make the rule apply to all users, and click Finish. Back in the ISA console, click Apply to activate the new rule.

Verify External connectivity.

The final step is to make sure that external clients can indeed access the OWA web site. Connect a computer to the Internet, and ping the web site common name. The name should be resolved to the ISA firewall external interface IP address that you specified on the listener. If the name could not be resolved by the public DNS service for your domain, verify that the record was registered with the ISP/DNS service provider. To temporarily overcome the record registration issue, update the client HOSTS file to provide the name-to-IP translation, where the common name translates to the ISA External IP address.
After name resolution is available, open a web browser and connect to the URL, for example: https://owa.liran.org/exchange

Note!
As the Web Publishing rule is configured to answer requests directed specifically to the FQDN in addition to the specific Exchange virtual directories, no other URL entered will allow you to access the OWA site.
Other requests will be answered with the error message: Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
A successful connection attempt will probably provide with the following Security Alert, as the CA certificate is unknown to the external client.

Disregard this warning, by clicking Yes.
If your users are concerned with this message either install the CA certificate on each remote computer (which might not be possible in every Internet Café in Bangkok), or get yourself a web certificate from a trusted CA.

The users will now be instructed to provide logon information using the form based authentication page provided by the ISA firewall. The transport of the user credentials are encrypted by SSL 128bit encryption.

Voila! We are there. Enjoy your secure Outlook Web access solution.
If you find any faults in this article you are welcome to contact me at: liran.zamir@getronics.com
We hope you enjoyed this article and found something in it that you can apply to your own network. If you have any questions on anything discussed in this article, head on over to http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=23;t=000106 and post a message. I’ll be informed of your post and will answer your questions ASAP. Thanks! –Tom

If you would like us to email you when Liran Zamir releases another article on ISAserver.org, subscribe to our 'Real-Time Article Update' by clicking here. Please note that we do NOT sell or rent the email addresses belonging to our subscribers; we respect your privacy.

Saturday, February 22, 2014

Automatic Virtual Machine Activation Step by Step


What is AVMA?
Automatic Virtual Machine Activation is a new Windows feature added in Windows Server 2012R2 microsoft-end-user-license-agreement-397x300that enables you to activate your Windows VMs without using a KMS server or even a network connection. As you spin up new virtual machines they will activate against the host Hyper-v server. This activation only lasts 7 days and then it needs to renew it’s activation. This is perfect for your Windows Datacenter Hyper-v hosts because you can
Two features of AVMA that no other activation method offers are:
  1. The ability to automatically activate virtual machines without a network connection
  2. Track virtual machine licenses from the host virtualization server, without requiring any access rights on the virtualized machine
(Other options for activation are: KMS server, MAK key, AD-based Activation)
How Does AVMA work?
Automatic Virtual Machine Activation requires a Hyper-v host server running Windows Server 2012 R2 Datacenter and it must be activated. The Virtual Machines must be 2012R2 or above to activate under AVMA. This includes 2012R2 Datacenter, Standard, and Essentials.
The guest VMs must have an AVMA product key configured on them. See the table blow for the key.
Windows Server 2012 R2 AVMA keys:
Edition AVMA key
Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2
* Licenses above were taken from http://technet.microsoft.com/en-us/library/dn303421.aspx
These keys can be installed during the install or installed at a later time.
The last piece of this is how the virtual machine talks to it’s Hyper host to get activated. The channel it uses is the “Data Exchange” that the para-virtualization drivers provide. This is a per VM setting and is enabled by default. You can verify that it is enabled by going into a VMs settings and then selecting the Integration Services. Make sure “Data Exchange” is checked.
AVMA1
AVMA also provides real-time reporting on usage and historical data on the license state of the virtual machine. This data is stored and available on the virtualization host server. There is no need to have any access or rights to the VMs on that server to access this information.
Step by Step directions to implement AVMA:
To use AVMA is easy just follow these 4 steps to virtual bliss:
  1. Install Server 2012R2 Datacenter
  2. Activate the server
  3. Add the Hyper-v Role
  4. Install a 2012R2 Virtual Machine and assign an AVMA key
If your virtual machine needs a key or already has a different key and you would like to give it an AVMA key there are a couple ways to achieve that. Here are two:
Using the GUI – Start the File Manager and Right click on “This PC”. From that dropdown list select “Properties”.
image
You will then get the System Screen. From here you select the Change Product key at the bottom right of the window. Put in one of the keys in the above table.
image

Another way to change the product key is to do it from a command prompt or script. This will need to run with administrative privileges.
Steps to Set the Product key from a command Prompt:
  • Click on the Start Button and type “CMD”   — (Welcome back Start Button)
  • Right click on the Command Prompt and select “Run as administrator” image
  • In the command window run the command slmgr /ipk <AVMA_key>
    Command in the example below:
    slmgr /ipk Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW image
Hope you found this fun and informative! –Brian Hot smile

This post is part of a series of posts by the US IT Pro Evangelist team. In this series we cover, Why Windows Server 2012 R2 is important, how to deploy, manage, configure any number of components in Windows Server 2012 R2. 
This series is deep technical content with lots of How To’s and Step-By-Step instructions. You will learn about storage, cloud integration, RDS, VDI, Hyper-V, virtualization, deduplication, Hyper-v replica, DNS, AD, DHCP, high availability, SMB, backup, PowerShell and much, much more! – See more at: http://itproguru.com/expert/2013/10/windows-server-2012-r2-launch-blog-series-why-win2012r2/

 
Design by IT Manager | Bloggerized by Themes For IT Managers | MIS-DUONG