Configure Postfix to Send Mail Using an External SMTP Server

There are many reasons why you would want to configure Postfix to send email using an external SMTP provider such as Google Apps (Gmail), Mandrill, SendGrid, Amazon SES, or any other SMTP server. One reason is to avoid getting your mail flagged as spam if your current server’s IP has been added to a spam list.
In this tutorial, you will learn how to install and configure a Postfix server to send email through Google Apps, Mandrill, or SendGrid.

Prerequisites

Before starting this tutorial, you should have:

• Debian 7 installed on your Linode
• Your fully qualified domain name (FQDN)
• All updates installed :
  

  1	sudo apt-get update

• A valid username and password for the SMTP mail provider, such as Google Apps, Mandrill, or SendGrid
• Make sure the libsasl2-modules package is installed and up to date:
  

  1	sudo apt-get install libsasl2-modules

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Installing Postfix

In this section, you will install Postfix and set the domain and hostname.

1. Install Postfix with the following command:
   

   1	sudo apt-get install postfix

2. During the installation, a prompt will appear asking for your General type of mail configuration.
   
   Select Internet Site.
   
3. Enter the fully qualified name of your domain, fqdn.example.com.
   
   
4. Once the installation is finished, open the /etc/postfix/main.cf file with your favorite text editor:
   

   1	sudo nano /etc/postfix/main.cf

5. Make sure that the myhostname parameter is configured with your server’s FQDN:
   

   /etc/postfix/main.cf

   1	myhostname = fqdn.example.com

Configuring SMTP Usernames and Passwords

Usernames and passwords are generally stored in a file called sasl_passwd in the /etc/postfix/ directory. In this section, you’ll add your external mail provider credentials to this file and to Postfix.
If you want to use Google Apps, Mandrill, or SendGrid as your SMTP provider, you may want to reference the appropriate example while working on this section.

1. Open or create the /etc/postfix/sasl_passwd file, using your favorite text editor:
   

   1	sudo nano /etc/postfix/sasl_passwd

2. Add your destination (SMTP Host), username, and password in the following format:
   

   /etc/postfix/sasl_passwd

   1	[mail.isp.example] username:password

   If you want to specify a non-default TCP Port (such as 587), then use the following format:
   

   /etc/postfix/sasl_passwd

   1	[mail.isp.example]:587 username:password

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

If all went well, you should have a new file named sasl_passwd.db in the /etc/postfix/ directory.

Securing Your Password and Hash Database Files

The /etc/postfix/sasl_passwd and the /etc/postfix/sasl_passwd.db files created in the previous steps contain your SMTP credentials in plain text.
For security reasons, you should change their permissions so that only the root user can read or write to the file. Run the following commands to change the ownership to root and update the permissions for the two files:

1 2	sudo chown root:root /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db sudo chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db

Configuring the Relay Server

In this section, you will configure the /etc/postfix/main.cf file to use the external SMTP server.

1. Open the /etc/postfix/main.cf file with your favorite text editor:
   

   1	sudo nano /etc/postfix/main.cf

2. Update the relayhost parameter to show your external SMTP relay host. Important: If you specified a non-default TCP port in the sasl_passwd file, then you must use the same port when configuring the relayhost parameter.
   

   /etc/postfix/main.cf

   1 2	# specify SMTP relay host relayhost = [mail.isp.example]:587

   Check the appropriate Google Apps, Mandrill, or SendGrid section for the details to enter here.
   

3. At the end of the file, add the following parameters to enable authentication:
   

   /etc/postfix/main.cf

   1 2 3 4 5 6 7 8 9 10

   # enable SASL authentication smtp_sasl_auth_enable = yes # disallow methods that allow anonymous authentication. smtp_sasl_security_options = noanonymous # where to find sasl_passwd smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # Enable STARTTLS encryption smtp_use_tls = yes # where to find CA certificates smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

4. Save your changes.
5. Restart Postfix:
   

   1	sudo service postfix restart

Testing Postfix

The fastest way to test your configuration is to send an email to any unrelated email address, using the mail command:

1	echo "body of your email" | mail -s "This is a Subject" -a "From: you@example.com" recipient@elsewhere.com

Alternatively, you can use Postfix’s own sendmail implementation, by entering lines similar to those shown below:

1 2 3 4 5

sendmail recipient@elsewhere.com From: you@example.com Subject: Test mail This is a test email .

Examples of Postfix Configurations with Different Providers

This section shows you settings for some popular mail services you can use as external SMTP servers. You may have to do some fine-tuning on your own to avoid Postfix logins being flagged as suspicious.

Settings for Google Apps

Use these settings for Google Apps.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.gmail.com]:587 <USERNAME@gmail.com>:PASSWORD

   If you are using Google Apps with your own domain, configure /etc/postfix/sasl_passwd with:
   

   /etc/postfix/sasl_passwd

   1	[smtp.gmail.com]:587 <USERNAME@yourdomain.com>:PASSWORD

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.gmail.com]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Settings for Mandrill

Use these settings for Mandrill.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.mandrillapp.com]:587 USERNAME:API_KEY

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.mandrillapp.com]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Settings for SendGrid

Use these settings for SendGrid.

1. For /etc/postfix/sasl_passwd, use the following configuration with your own credentials:
   

   /etc/postfix/sasl_passwd

   1	[smtp.sendgrid.net]:587 USERNAME:PASSWORD

2. For /etc/postfix/main.cf, use the following relayhost:
   

   /etc/postfix/main.cf

   1	relayhost = [smtp.sendgrid.net]:587

3. Create the hash db file for Postfix by running the postmap command:
   

   1	sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix:
   

   1	sudo service postfix restart

Read more »

Posted in: Postfix

Use Telnet to test SMTP communication on Exchange servers(Copy: https://technet.microsoft.com/en-us/library/bb123686(v=exchg.160).aspx)

Exchange 2016

Other Versions

  Applies to: Exchange Server 2016
Topic Last Modified: 2016-08-09
Learn how to use Telnet to test SMTP connectivity and mail flow on Exchange servers.
You can use Telnet to test Simple Mail Transfer Protocol (SMTP) communication between messaging servers. SMTP is the protocol that's used to send email messages from one messaging server to another. Using Telnet can be helpful if you're having trouble sending or receiving messages because you can manually send SMTP commands to a messaging server. In return, the server will reply with responses that would be returned in a typical connection. These results can sometimes help you to figure out why you can't send or receive messages.
You can use Telnet to test SMTP communication to:

• Test mail flow from the Internet into your Exchange organization.
  
• Test mail flow from your Exchange to another messaging server on the Internet.
  

Tip:

Did you know that, instead of using Telnet to test SMTP connectivity, you can use the Microsoft Remote Connectivity Analyzer at https://testconnectivity.microsoft.com/? With the Remote Connectivity Analyzer, you can choose the connectivity test you want to do, in this case Inbound SMTP Email, and follow the instructions shown. It'll step you through the information you need to enter, run the test for you, and then give you the results. Give it a try!

What do you need to know before you begin?

• Estimated time to complete: 15 minutes
  
• Exchange permissions don't apply to the procedures in this topic. These procedures are performed in the operating system of the Exchange server or a client computer.
  
• This topic shows you how to use Telnet Client, which is included with Windows. Third-party Telnet clients might require syntax that's different from what's shown in this topic.
  
• The steps in this topic show you how to connect to an Internet-facing server that allows anonymous connections using TCP port 25. If you're trying to connect to this server from the Internet, you need to make sure your Exchange server is reachable from the Internet on TCP port 25. Similarly, if you're trying to reach a server on the Internet from your Exchange server, you need to make sure your Exchange server can open a connect to the Internet on TCP port 25.
  
• You might notice some Receive connectors that use TCP port 2525. These are internal Receive connectors and aren't used to accept anonymous SMTP connections.
  
• If you're testing a connection on a remote messaging server, you should run the steps in this topic on your Exchange server. Remote messaging servers are often set up to make sure the IP address where the SMTP connection is coming from matches the domain in the sender's email address.
  
• For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
  

Tip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

How do you do this?

Step 1: Install the Telnet Client on your computer

On most versions of Windows, you'll need to install the Telnet client before you can use it. To install it, see Install Telnet Client.

Step 2: Find the FQDN or IP address of the destination SMTP server

To connect to an SMTP server by using Telnet on port 25, you need to use the fully-qualified domain name (FQDN) (for example, mail.contoso.com) or the IP address of the SMTP server. If you don't know the FQDN or IP address, you can use the Nslookup command-line tool to find the MX record for the destination domain.

Note:
Network policies might prevent you from using the Nslookup tool to query public DNS servers on the Internet. As an alternative, you can use one of the freely-available DNS lookup or MX record lookup web sites on the Internet.

1. At a command prompt, type nslookup, and then press Enter. This command opens the Nslookup session.
   
2. Type set type=mx, and then press Enter.
   
3. Type the name of the domain for which you want to find the MX record. For example, to find the MX record for the fabrikam.com domain, type fabrikam.com., and then press Enter.
   

   Note:
   When you use a trailing period ( . ), you prevent any default DNS suffixes from being unintentionally added to the domain name.

   The output of the command looks like this:
   
   fabrikam.com mx preference=10, mail exchanger = mail1.fabrikam.com
   fabrikam.com mx preference=20, mail exchanger = mail2.fabrikam.com
   mail1.fabrikam.com internet address = 192.168.1.10
   mail2 fabrikam.com internet address = 192.168.1.20
   

   You can use any of the host names or IP addresses that are associated with the MX records as the destination SMTP server. A lower value for preference (preference = 10 vs. 20) indicates a preferred SMTP server. Multiple MX records and different values of preference are used for load balancing and fault tolerance.
   
4. When you're ready to end the Nslookup session, type exit, and then press Enter.
   

Step 3: Use Telnet on Port 25 to test SMTP communication

In this example, we're going to use the following values. When you run the commands on your server, replace these values with ones for your organization's SMTP server, domain, etc.

• Destination SMTP server   mail1.fabrikam.com
  
• Source domain   contoso.com
  
• Sender's e-mail address   chris@contoso.com
  
• Recipient's e-mail address   kate@fabrikam.com
  
• Message subject   Test from Contoso
  
• Message body   This is a test message
  

Tip:

The commands in the Telnet Client aren't case-sensitive. The SMTP command verbs in this example are capitalized for clarity. You can't use the backspace key in the Telnet session after you connect to the destination SMTP server. If you make a mistake as you type an SMTP command, you need to press Enter, and then type the command again. Unrecognized SMTP commands or syntax errors result in an error message that looks like this: 500 5.3.3 Unrecognized command

1. Open a Command Prompt window, type telnet, and then press Enter.
   This command opens the Telnet session.
   
2. Type set localecho, and then press Enter.
   This optional command lets you view the characters as you type them, and it might be required for some SMTP servers.
   
3. Type set logfile <filename>, and then press Enter.
   This optional command enables logging and specifies the log file for the Telnet session. If you only specify a file name, the log file is located in the current folder. If you specify a path and file name, the path needs to be on the local computer, and you might need to enter the path and file name in the Windows DOS 8.3 format (short name with no spaces). The path needs to exist, but the log file is created automatically.
   
4. Type OPEN mail1.fabrikam.com 25, and then press Enter.
   
5. Type EHLO contoso.com, and then press Enter.
   
6. Type MAIL FROM:chris@contoso.com, and then press Enter.
   
7. Type RCPT TO:kate@fabrikam.com NOTIFY=success,failure, and then press Enter.
   The optional NOTIFY command specifies the particular delivery status notification (DSN) messages (also known as bounce messages, nondelivery reports, or NDRs) that the SMTP is required to provide. In this example, you're requesting a DSN message for successful or failed message delivery.
   
8. Type DATA, and then press Enter.
   
9. Type Subject: Test from Contoso, and then press Enter.
   
10. Press Enter again.
    A blank line is needed between the Subject: field and the message body.
    
11. Type This is a test message, and then press Enter.
    
12. Type a period ( . ), and then press Enter.
    
13. To disconnect from the SMTP server, type QUIT, and then press Enter.
    
14. To close the Telnet session, type quit, and then press Enter.
    

Here's what a successful session using the steps above looks like:

C:\Windows\System32> telnet

Microsoft Telnet> set localecho
Microsoft Telnet> set logfile c:\TelnetTest.txt
Microsoft Telnet> OPEN mail1.fabrikam.com 25

220 mail1.fabrikam.com Microsoft ESMTP MAIL Service ready at Fri, 5 Aug 2016 16:24:41 -0700
EHLO contoso.com
250-mail1.fabrikam.com Hello [172.16.0.5]
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
MAIL FROM: chris@contoso.com
250 2.1.0 Sender OK
RCPT TO: kate@fabrikam.com NOTIFY=success,failure
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: test
   
This is a test message.
.
250 2.6.0 <c89b4fcc-3ad1-4758-a1ab-1e820065d622@mail1.fabrikam.com> [InternalId=5111011082268, Hostname=mail1.fabrikam.com] Queued mail for delivery
QUIT
221 2.0.0 Service closing transmission channel

Step 4: Success and error messages in the Telnet Session

This section provides information about the success and failure responses to the commands that were used in the previous example.

Note:
The three-digit SMTP response codes that are defined in RFC 5321 are the same for all SMTP messaging servers, but the text descriptions in the responses might be slightly different.

SMTP reply codes

SMTP servers respond to commands with a variety of numerical reply codes in the format of x.y.z where:

• X indicates whether the command was good, bad, or incomplete.
• Y indicates the kind of response that was sent.
• Z provides additional information about the command

When a response is received by the server that opened the connection, it can tell whether the remote server accepted the command and is ready for the next one, or if an error occurred.
The first digit (X) is particularly important to understand because it indicates the success or failure of the command that was sent. Here are its possible values, and their meanings.

 

Reply code	Meaning
2.y.z	The command that was sent was successfully completed on the remote server. The remote server is ready for the next command.
3.y.z	The command was accepted but the remote server needs more information before the operation can be completed. The sending server needs to send a new command with the needed information.
4.y.z	The command wasn't accepted by the remote server for a reason that might be temporary. The sending server should try to connect again later to see if the remote server can successfully accept the command. The sending server will continue to retry the connection until either a successful connection is completed (indicated by a 2.y.z code) or fails permanently (indicated by a 5.y.z code). An example of a temporary error is low storage space on the remote server. Once more space is made available, the remote server should be able to successfully accept the command.
5.y.z	The command wasn't accepted by the remote server for a reason that is isn't recoverable. The sending server won't retry the connection and will send a non-delivery report back to the user who sent the message. An example of an unrecoverable error is a message that's sent to an email address that doesn't exist.

The table above is based on information provided by RFC 5321 (Simple Mail Transfer Protocol), section 4.2.1. Additional information, including descriptions of the second (Y) and third (Z) digits of SMTP reply codes is included in this section, and in sections 4.2.2 and 4.2.3.

OPEN command

Successful response   220 mail1.fabrikam.com Microsoft ESMTP MAIL Service ready at <day-date-time>
Failure response   Connecting to mail1.fabrikam.com...Could not open connection to the host, on port 25: Connect failed
Possible reasons for failure

• The destination SMTP service is unavailable.
  
• Restrictions on the destination firewall.
  
• Restrictions on the source firewall.
  
• Incorrect FQDN or IP address for the destination SMTP server.
  
• Incorrect port number.
  

EHLO command

Successful response   250 mail1.fabrikam.com Hello [<sourceIPaddress>]
Failure response   501 5.5.4 Invalid domain name
Possible reasons for failure

• Invalid characters in the domain name.
  
• Connection restrictions on the destination SMTP server.
  

Note:

EHLO is the Extended Simple Message Transfer Protocol (ESMTP) verb that's defined in RFC 5321. ESMTP servers can advertise their capabilities during the initial connection. These capabilities include the maximum accepted message size and supported authentication methods. HELO is the older SMTP verb that is defined in RFC 821. Most SMTP messaging servers support ESMTP and EHLO. If the non-Exchange server that you're trying to connect to doesn't support EHLO, you can use HELO instead.

MAIL FROM command

Successful response   250 2.1.0 Sender OK
Failure response   550 5.1.7 Invalid address
Possible reasons for failure   A syntax error in the sender's e-mail address.
Failure response   530 5.7.1 Client was not authenticated
Possible reasons for failure   The destination server doesn't accept anonymous message submissions. You receive this error if you try to use Telnet to submit a message directly to a Mailbox server that doesn't have a Receive connector that's configured to accept anonymous connections.

RCPT TO command

Successful response   250 2.1.5 Recipient OK
Failure response   550 5.1.1 User unknown
Possible reasons for failure   The specified recipient doesn't exist.

Read more »

Posted in: Chec Mail,Exchange,Lotus Dominino,Lotus Notes

Reset Domain Administrator Password

The following method has been tested to work on both Server 2003 and Server 2008 Domain Controllers

• Download SRVANY and INSTSRV, which are part of the Windows 2003 Resource Kit
• Ensure you have the Directory Service Restore Mode Administrator password, restart the server in Directory Service Restore Mode, and log in as administrator
  • If you do not have have the Administrator Password, you can attempt to get it through one of these methods
• Create the folder: C:\reset\
  • Copy srvany.exe, instsrv, and cmd.exe(Located in C:\system32) to the C:\reset\
• Open a command prompt and enter the following commands
  • CD “C:\reset”
  • instsrv PassRecovery “C:\reset\srvany.exe”
• Run regedit.exe and navigate to HKLM\System\CurrentControlSet\Services\PassRecovery
• Create a subkey called: Parameters
  • Create a new string value (REG_SZ)
    1. Name: Application
    2. Value: C:\reset\cmd.exe
  • Create a new string value (REG_SZ) where <password> is the desired password (Must Meet Password Policy Requirements)
    1. Name: AppParameters
    2. Value: /k net user administrator <password> /domain
• Open Services and Open the Properties for the PassRecovery Service
  • On the General tab, ensure the startup type is Automatic
  • On the Log On tab, ensure the option is checked to: Allow service to interact with desktop
• Restart the server normally, and log in with the password you specified
• Uninstall SRVANY by entering the following commands at a command prompt:
  • net stop PassRecovery
  • sc delete PassRecovery
• Delete C:\reset\

Read more »

Posted in: Account Admin/Access Control,Active Directory

Lotus Notes 8.5: How to reset forgotten user id password

Lotus Notes 8.5: How to reset forgotten user id password

I am by no stretch of the imagination a Lotus Notes expert but I do have to support it on occasion as part of my system admin duties.  The other day one my users said he couldn’t log on to his Lotus Notes client.  Usually my first inclination is to assume the person forgot his password and to reset the user id password.  No big deal.  The thing is we had recently upgraded to Lotus Notes/Domino 8.5.1 from 8.0 and when I went to look for the familiar options in Lotus Domino something had changed.
I started reading the documentation and from what I gathered Lotus Notes 8.5 gives you two main methods to manage your user passwords.  The new method introduced in version 8.5 is the Notes ID Vault which is supposed to make managing user IDs much easier.  Since I didn’t have this option configured I had to do it ‘old school’.  But like I said earlier - something changed in Domino 8.5 (I hate it when IBM does that).  Again the documentation does explain how to do it but it was not as step-by-step as I would have liked.  Anyway, the following worked for me.

First, the Lotus Administrator has to:

• Run Lotus Domino Administrator
• Click Configuration tab, Extract Recovery Password

 

• Enter your admin password

• Select the user’s ID file

•   Lotus will generate a recovery password. Make note of password.

 

Second, the user has to:

• Run Lotus Notes
• Click Exit (Not very intuitive is it?).  (Author’s note: from what I read in the documentation if you enter the wrong password then click the ‘Log In’ button it is supposed to give you the ‘forgot password’ option but that does not work for the majority of my users)

• Select ‘Try to recover your password’ then click OK

• Enter the recovery password generated earlier in Lotus Admin

• Select the user’s ID file

• The user will be prompted to enter a new password

That’s it… if successful the user will be able to log in to Lotus Notes.

Read more »

Posted in: Lotus Dominino,Lotus Notes

User: Merge the new certificate

Once the administrator recertifies the safe.ID and returns the ID to the user, the user must perform the following steps:

1. Select File -> Security -> User Security -> Your Identity -> Your Certificates -> Get certificates button -> Import (Merge) Notes Certificate.
   
   
2. Enter password.
   
   
3. The dialog box then prompts the user to choose the safe.ID that has been recertified and it is then merged into the original user ID.

Read more »

Posted in: Lotus Dominino

Administrator: Recertify user's ID

A user has a Notes ID that has an expired certificate. These steps are performed by the server administrator to correct the user's expired ID.

1. After obtaining the user ID, you (as the administrator) launch the Lotus® Domino® Administration client.
   
   
2. Open the Configuration tab, expand Certification (located on the right hand pane) and select Certify.
   
   
3. Select the Certifier ID file.
   
   
4. From the Choose Certifier ID dialog box, select the O or OU certifier that was originally used to certify the user ID.
   
   
5. Enter the password for the certifier ID.
   
   
6. From the Choose ID to Certify dialog box, select the user ID to be recertified.
   
   
7. Enter the password for user ID to be recertified.
   
   
8. [Optional] In the Certify ID dialog box, you may set or change the following:
   Registration server, expiration date of the certifier and password length.
   
   
9. Click Certify.
   The Status window displays:
   Updating address book entry for username/org
   Successfully updated address book entry for username/org
   Username/org successfully certified
   
   
10. Choose "No" when you receive the following dialog box:
    Would you like to certify another?
    
    
11. Provide the newly-recertified ID file to the user.

Read more »

Posted in: Lotus Dominino

Office & Windown Using KMS Manually to Activate Software

This page is intended for technical support providers and network administrators. If you're not one of those, you should talk to your TSP or net admin before proceeding. The concept behind the procedure on this page is explained on our main KMS page.
This page describes how to manually activate products. With this method, you'll need to run commands on each machine - and for each software package - during the 30 day grace period after installation. If you are using virtual machines for testing and cross-compatibility on Macintosh computers, you'll need to use the manual method in those circumstances.
KMS activation can be blocked by a firewall. Please be sure that any firewalls between the client machine and the KMS server are open to incoming and outgoing traffic on TCP port 1688.

To use this method, first install the software (Windows or Microsoft Office). As part of that process you'll be informed that you have 30 days to activate the product. Complete the steps below during that 30-day period.
This method assumes that Windows or Office has never been activated on this machine before. If your machine had previously been activated with the earlier MAK activation method, please instead follow the instructions to switch from MAK to KMS activation.

Activate a Windows Operating System: Windows 7, Windows 8, Server 2008, Server 2008 R2, or Server 2012:

1. Open up an Elevated Command Prompt window. For instructions, please see our guide:
   
2. In the elevated Command Prompt window, verify that the current directory is C:\Windows\System32. If it is not, type
   CD \Windows\System32
   and press Enter.
3. Type the following command:
   cscript slmgr.vbs /skms kms01.cit.cornell.edu
   and press Enter.
   (Note: The url in the command above begins with kay-emm-ess-zero-one.or url:active.orientsoftware.asia)
   
4. Type the following command:
   cscript slmgr.vbs /ato
   and press Enter.
5. Close the Command Prompt window.

And you're done for that installation of Windows on that computer.

Activate Microsoft Office (2016, 2013, or 2010)

1. Open an Elevated Command Prompt window. For instructions, please see our guide
   
2. Type the following command, depending on your version of Office:
3. • Office 2016:
   • CD \Program Files\Microsoft Office\Office16
   • Press Enter. This assumes you installed Office in the default location.

   • Note: If you installed the 32-bit version of Office on a 64-bit system, use this command instead:
   • CD \Program Files (x86)\Microsoft Office\Office16
   • Office 2013:
   • CD \Program Files\Microsoft Office\Office15
   • Press Enter. This assumes you installed Office in the default location.

   • Note: If you installed the 32-bit version of Office on a 64-bit system, use this command instead:
   • CD \Program Files (x86)\Microsoft Office\Office15

• Office 2010:
• • CD \Program Files\Microsoft Office\Office14
  • Press Enter. This assumes you installed Office in the default location.
  • • Note: If you installed the 32-bit version of Office on a 64-bit system, use this command instead:
    • CD \Program Files (x86)\Microsoft Office\Office14

3. Type the following command:
   
4. • cscript ospp.vbs /sethst:kms01.cit.cornell.edu
   • and press Enter.  (Note: The url in the command above begins with kay-emm-ess-zero-one or url:active.orientsoftware.asia)
4. Type the following command:
5. • cscript ospp.vbs /act
   • and press Enter.
5. Close the command prompt window.

And you're done for that installation of Office on that computer.

Read more »

Posted in: Active Office,Active Windown With KMS server

Domino Administrators ID file certificate has expired ... No Problem

Came across this at a new client site today, the client knows the Domino Administrators password, but cannot use the Administration client (or any Notes client) with the Administrators ID file, because the Administrators ID file certificates have expired.

It's a pretty simple thing to fix.

EITHER:

• Use your server's Notes client to recertify the Administrator.

OR

• Get hold of an ID file for a user who hasn't expired,
• Add that user to the 'LocalDomainAdmins' group,
• Access the Domino Directory on the server and recertify the Admin ID,
• Remove the user from the 'LocalDomainAdmins' group,
• Done.

The details:

Using a server.

• Go to the physical domino server,
• Browse to the Domino program folder,
• Locate nlnotes.exe,
• Run it.

Yes I KNOW this is not a 'supported configuration' but hey, it Domino - #ThisS***JustWorks.
 

• You now have a notes client, which you can use to access the names.nsf locally (the Domino Directory),
• Go to 'People',
• Choose (highlight) the Administrator,
• Choose (from the menu) ACTIONS -> Recertify Selected People,
• Choose the Administrators organization certifier,
• Enter the certifier password.
• Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
• Done.

The Long way - elevate another user.

If you know the Administrators password, there is a fair chance you can still access the Domino Web Administrator using that password:

• Log-in to the Webadmin using: http://yourserver.com/webadmin.nsf and the Administrators Username and Password,
• Go to 'People and Groups',
• Edit the 'LocalDomainAdmins' group to include the users name who's ID file has not expired,
• On the Domino Console, 'load updall -r names.nsf', then 'dbcache flush',
• Start the users Notes client,
• Open the Domino Directory (names.nsf) on the server,
• Choose People from the navigator,
• Highlight the Administrator,
• Choose (from the menu) ACTIONS -> Recertify Selected People,
• Choose the Administrators organization certifier,
• Enter the certifier password.
• Choose a date a long time from now (you WANT your Admin ID file to expire every two years???),
• Using any method you want (you've got a recertified Admin now), remove the user from the 'LocalDomainAdmins' group,
• Done.

Hope this helps someone, this has happened a few times in the last couple of months when we pick up a new (old) Notes customer who hasn't needed to use the Admin ID in a while.

Domino Administrators ID file certificates have expired? No Problem.

Read more »

Posted in: Domino Serv,Lotus Dominino

Q, Administrator ID has expired; no one can administer the Domino server

Question

The administrator's ID file has been allowed to expire, and there are no other ID files which can be used to access the server. Attempts to access the server using an expired administrator ID results in the following error:

"Server error - your certificate has expired"

There are no other administrative IDs that can be used to access the server. What are your options?

Answer

Perform the following workaround to certify the expired ID:

1. Open the Domino Administrator client. (The server should be set to "local".)

2. Select the Configuration tab.

3. Select Tools -> Certification -> Certify.

4. Select the certifier ID and enter the password. Set the server to Local.

Note: The following error may appear: "The public key that is being used does not match the one that was certified." This occurs because the client cannot connect to the Notes certifier document in the address book on the server. To continue past this error, select "Yes" when prompted with the following: "Do you wish to continue without updating the Certifier ID?"

5. Select the Notes/Admin ID to certify. Note: You will see an error: "Entry not found in index, Do you want to certify anyway?" Click Yes.

6. Ensure that the server is still set to "local" (at the top of the dialog), set the expiration date, and then click Certify.

7. At this point you should have access to the server, as long as public key checking is not enabled on the server. If public key checking is enabled on the server, you must complete step 8 before you can access the server.

8. Copy the public key from the ID into the Person document (Certificates tab -> Notes certified public key field.)

1. File -> Security -> User Security (this opens the user ID)
2. Select Your Identity -> Your Certificates
3. Click the "Other actions" button and choose Mail, Copy Certificate (Public Key)...
4. Select Copy Certificate (this will place the public key on the system clipboard)
5. Close the open windows to exit User Security.
6. Select the People view in the server's Domino Directory, open the user's Person document in Edit mode, and click the Certificates tab
7. Select the entire contents of the Notes certified public key field and paste the key from the clipboard; save and close
8. Rebuild the view by pressing the key combination Shift + F9.

Read more »

Posted in: Domino Serv,Lotus Dominino

Q, How to manually recertify an expired ID

Question

You have a Lotus Notes user ID that has expired and you would like to manually recertify it.

The ID can open Notes, because the password is valid, but the user cannot do anything else, as the end date has expired. If the user selects File -> Tools -> User ID -> Certificate -> Request Certificate, the following message displays:

Server Error: Your certificate has expired.

 

Answer

Administrator: Recertify user's ID

A user has a Notes ID that has an expired certificate. These steps are performed by the server administrator to correct the user's expired ID.

1. After obtaining the user ID, you (as the administrator) launch the Lotus® Domino® Administration client.
   
   
2. Open the Configuration tab, expand Certification (located on the right hand pane) and select Certify.
   
   
3. Select the Certifier ID file.
   
   
4. From the Choose Certifier ID dialog box, select the O or OU certifier that was originally used to certify the user ID.
   
   
5. Enter the password for the certifier ID.
   
   
6. From the Choose ID to Certify dialog box, select the user ID to be recertified.
   
   
7. Enter the password for user ID to be recertified.
   
   
8. [Optional] In the Certify ID dialog box, you may set or change the following:
   Registration server, expiration date of the certifier and password length.
   
   
9. Click Certify.
   The Status window displays:
   Updating address book entry for username/org
   Successfully updated address book entry for username/org
   Username/org successfully certified
   
   
10. Choose "No" when you receive the following dialog box:
    Would you like to certify another?
    
    
11. Provide the newly-recertified ID file to the user.

User: Merge the new certificate

Once the administrator recertifies the safe.ID and returns the ID to the user, the user must perform the following steps:

1. Select File -> Security -> User Security -> Your Identity -> Your Certificates -> Get certificates button -> Import (Merge) Notes Certificate.
   
   
2. Enter password.
   
   
3. The dialog box then prompts the user to choose the safe.ID that has been recertified and it is then merged into the original user ID.

Administrator: Recertify an expired Server ID

If an administrator needs to recertify an expired Server ID, the following steps should be followed:

1. Certify the server id file by following the "Administrator: Certifying an expired server ID file" steps included below.
   
   
2. Verify that the expiration date has been changed in the server.id file.
   
   
3. From the administration client select Configuration -> Tools -> ID Properties, then select the Server ID file.
   
   
4. Place the new server.id back on the server (c:\lotus\domino\data), and restart the server.

Administrator: Certifying an expired server ID file

How to certify an expired server id file.

1. After obtaining the server ID (c:\lotus\domino\data is the default location ), you (as the administrator) launch the Domino Administrator client.
   
   
2. Open the Configuration tab, expand Certification (located on the right hand pane) and select Certify.
   
   
3. Select the Certifier ID file.
   
   
4. From the Choose Certifier ID dialog box, select the O or OU certifier that was originally used to certify the user ID.
   
   
5. Enter the password for the certifier ID.
   
   
6. From the Choose ID to Certify dialog box, select the server ID to be recertified.
   
   
7. Enter the password for server ID to be recertified, if necessary (not all server ID files require a password).
   
   
8. [Optional] In the Certify ID dialog box, you may set or change the following:
   Registration server, expiration date of the certifier and password length.
   The server.id file should have an expiration date 99 years in the future (default ).
   
   
9. Click Certify.
   The Status window displays:
   Updating address book entry for username/org
   Successfully updated address book entry for username/org
   Username/org successfully certified
   
   
10. Choose "No" when you receive the following dialog box:
    Would you like to certify another?
    
    
11. Copy the newly-recertified ID file to the server (c:\lotus\domino\data, by default).

 

Read more »

Posted in: Domino Serv,Lotus Dominino