THE APPLICATION ENCOUNTERED AN ERROR WHILE ATTEMPTING TO CHANGE THE STATE OF “VM”

Symptoms: After you finished deploying your Hyper-V server but in this case without the Server connected to the Internet and time is configured properly.

After you have created and configured new VMs and installed them, when you connect your physical Hyper-V host server to the Internet you notice the time changed and your VMs become inaccessible for certificate issue..

here’s the error and how to fix it.

3- EXCHANGE_OI on HASIMI NODE2 –

Action

Media Clipboard View Help

Virtual Machine Connection

The application encountered an error while attempting

to change the state of •g- EXCHANGE 01

•3- EXCHANGE_OI’ could not initialize.

Could not initiallze machine remoting system. Error. •Element not

found.’ (000070490).

not find a usable cetificate. Element not found.’

(0000704″).

•3- EXCHANGE_OI’ could not initialize. (Virtual machine 10

B967FUc-20A2-43BD.83EE.99R321DCD55)

•3- EXCHANGE_OI’ could not initialize machine remoting system. Error:

‘Element not found.'(Ox8D070490). (Virtual machine ID

g967FUc.20A2-43gD.B3EE.g9A2321DCD55)

•3- EXCHANGE_OI’ could not find a usable certificate. Error: ‘Element not

Status: Off

found.’ (oxeoc70490). machine

B967FUc-20A2-a3BD-B3EE-99A2321DCD55)

@ Hide details

Close

Symptoms

If the Hyper-V Host Server doesn’t have internet and you have configured it after creating a VM then the server date will change and the self-signed certificate date will change as it won’t be verified by Hyper V manager and will cause launching the VM to fail to start.

Solution:

Delete old certificate and Create a new Self signed certificate.

To do so open MMC

Navigate to Certificates

In Certificates select Service Account

Choose local computer and click next

Then select the Hyper-V Virtual Machine Management Service account and open

Under the Personal, check the date of the certificate there ..

Delete the certificate

Open Service Console and restart all Hyper-V Services

Once the service is restarted, you’ll see a new certificate that has been automatically created

Now if you try to open the VM console again, it should work.

Exchange RPC over HTTP problem with TMG

Issue:

When you try to setup your Outlook with Exchange account, you get the below issue.

Note:

  • In this scenario I’m using windows signed certificate for exchange but I have the CA installed on Client side.
  • Client is not joined to the domain.
  • Client is not on VPN.

Symptoms:

Outlook 2010/2013 keeps prompting you for credentials even though you entered them correctly several times.

And when cancelling you receive that “The action couldn’t be completed. The connection to Exchange is unavailable”.

Investigation:

Let’s test our autodiscover and see what’s wrong.

I will first go to www.testexchangeconnectivity.com and test the autodiscover

Now testing Autodiscover have resulted positively.

There’s no need to test RPC over HTTP when using a windows/self-signed certificate as it won’t result positive anyway

Next let’s check TMG’s configuration.

Every rule that involves RPC should be checked in order to make sure that your Publishing configuration is correct.

RPC Server should be pointing internally to your Exchange server and externally to your mail.domain.com External IP Address.

Although when you use TMG’s wizard to publish Exchange TMG does everything for you but still you need to check if it’s the right configuration.

This is my autodiscover rule configuration’s paths and RPC is also included there.

Testing rule seems to result positive for all the published paths.

Let’s try testing the following link and see if it authenticate. The RPCproxy is required for outlook clients to be configured properly

Outlook client tries to connect to the below link after finding the autodiscover settings

https://autodiscover.demotesas.com/rpc/rpcproxy.dll

If you type your credentials, it most likely won’t connect and will keep prompting or will probably say that request is invalid!

Resolution:

What if we changed the RPC path from autodiscover to mail.demotesas.com? The authentication method might be the problem in this case as I am using a total different authentication methods for the mail and for autodiscover rules.

Once we publish the rule, we will have to check the result of the following link

https://mail.demotesas.com/rpc/rpcproxy.dll

The site will mostly be accessed without any issues.

Now we can test our Outlook client setup and see if it will go well without any issues!

The problem was related to the RPCproxy.dll was not being set on the right rule and on the appropriate domain.

It should be on the mail.domain.com with the same authentication delegation.

Useful Powershell script to resolve the X500 address

In migration, Powershell can be a very crucial tool to achieve success and finalize projects within deadline or even fix issues.

During the time of working with Exchange we had lots of issues with users not able to send an email to their migrated colleagues due to some issues with contacts which was caused by the Legacy Exchange DN not being migrated with the user or lost due to some wrong deletion.

Once users try to send an email to that particular user with the missing Legacy Exchange DN. The receiving Exchange server will result an error and send it to the user as NDR message explaining to them that the error is due to not finding the particular address.

image

The solution to this particular problem is very simple especially if it’s couple of users however to resolve the address you’ll need to google and understand the language that Exchange server users to match the original used address in the missing user’s attributes.

The below script would work accordingly with whatever situation that faced me and it became very handy to me.

How to use:

1- Copy the script to a notepad and save as convert.ps1 on Desktop

2- Run script and try to type in powershell convert-X500 then hit enter.

3- Copy and paste the address you got from the error message above.

image

Once you copy and paste hit enter and you’ll get the final result

image

Note: Make sure you remove the @domain.local in the end

Function Convert-X500{ # Define the Legacy Exchange DN here
Write-Host “”Enter your X500 Address here…”” -ForegroundColor Green -BackgroundColor Black
$X500Source  = read-host

# Converts the various strings to the proper syntax
$X500 = $X500Source.Replace(“_”, “/”)
$X500 = $X500.Replace(“+20″, ” “)
$X500 = $X500.Replace(“IMCEAEX-“, “”)
$X500 = $X500.Replace(“+28”, “(“)
$X500 = $X500.Replace(“+29”, “)”)
$X500 = $X500.Replace(“+2E”, “.”)
$X500 = $X500.Replace(“+5F”, “_”)
$X500 = $X500.Replace(“@YourDC.localHere“, “”)

Write-Host X500:$X500

Preparing, Migrating users and Handling contacts between two forests in Microsoft Exchange Cross Forest migration

This article presumes that you have setup all the initial steps for the Cross Forest migration to work:

– Configure DNS resolution and trust between two AD forests.

– Create and configure Send connector between Source.com and Target.com

– Create and configure Availability service between Source.com and Target.com

– Configure Source.com as accepted domain in blue.com

– Install and configure ADMT server at the target domain Target.com

– Install and configure Password Encryption Server (PES) on the source domain Source.com

– Configure MRSProxy on Source and Target CAS Servers (Enabling MRSProxy, Increase limits..etc.).

– Configured Public Certificates between both CAS Servers or installed self signed CA certs.

image

In order for two Cross forest Exchange users to send an E-mail to one another before or during Cross forest migration; Each forest have to have the other forest’s users as external contacts on their Exchange environment to ease the finding of any particular user in that other organization and avoid X500 errors after the migration.

During the migration this process is critical and very important to be up to date in order to not mess users included in distribution groups before, during and after user migration from source to target forests.

For Cross forest user migration, User has to be prepared via Microsoft’s own prepare-moverequest Powershell which is included in the $Exscript directory that prepares the target user’s attributes (Before or after ADMT copy) for the migration using the Powershell script new-moverequest.

However, before that user is migrated and before doing the prepare move request the user must have their user object mail user enabled in order to get all the proper attributes for the move request to work which means the Contact has to either be deleted or lose the SMTP which is goin to be enabled on the mail enabled user.

For this process and in a big environment a tool, 3rd party or a script must be used to hasten the migration of users otherwise it would take ages and would be a very problematic process.

User Creation:

Using ADMT then Prepare-Moverequest script

Starting with the creation of target user using ADMT or by Prepare-MoveRequest Script, If ADMT is used prior to PrepareMoveRequest. The target user will have exchange attributes migrated and mail-user enabled by default but due to some incomplete or incorrect attributes the user will most probably have a corrupted mail user object that needs to be disabled and re-enabled with the proper mail address.

Using Prepare-MoveRequest before ADMT

In the case of using Prepare-Moverequest the user will be created in the target forest properly without any issue but will not have their SIDHistory copied so after creation of the user account ADMT must be used to copy user’s SIDHistory with Exchange attributes excluded.

Note:

– This method has an advantage over using ADMT first, User don’t have to create a new outlook profile in order to use their target mailbox after migration.

– You don’t have to mailenable user.

Mail Enabling User:

The first step for the migration to work is to Mail enable user in the target forest. Assuming you have a user called Tim@source.com the user gets his AD Object copied to the target forest with ADMT and user gets his UPN changed from tim@source.com to tim@target.localautomatically, still user will get his SIDhistory and the Groups he’s in if groups are migrated prior to that however, in some rare cases that I have seen while doing this kind of project the SIDHistory might not get copied and you might not notice that unless you take a very close look at the log that ADMT is generating for you, In the script I am attaching below and prior to preparing the user for migration I added a script to bulk check user list for SIDHistory. The script below will disable mailuser that’s migrated with ADMT and show you their SIDHistory attribute in order to double check before you migrate their mailbox.

$Users = import-csv -path “C:\List\List1.csv”

foreach ($User in $Users)

{

$Identity = $User.Alias

$UIdentity = $User.Sam

$Mail = $User.Proxy

$NProxy = $User.NewProxy

#Before Migration, Show if user has SIDHistory or Not, If not don’t migrate User

$UserSID = dsquery * -filter “&(objectcategory=user)(samaccountname=$Identity)” -attr objectsid sIDHistory

Write-host User $User.Alias has $UserSID -ForegroundColor Green -BackgroundColor Black

The CSV file format for this powershell should be as following, I will explain why in detail below

Alias,Proxy,NewProxy,NewIdentity

Alias,MailAddress@domain.com,MailAddress@domain.local,NewIdentity

image

In order for the Prepare-Moverequest to work we will have to MailUser enable this user by using the following script

Enable-Mailuser –Identity SamAccountName –ExternalAddress PrimarySMTPAddress

Enable-Mailuser –Identity Tim –ExternalAddresstim@domain.com

In this case user will be ready for the prepare moverequest script to work and get his source Exchange attributes to be copied to the target one.

Prepare-MoveRequest for Single mailbox:

The Prepare-Moverequest powershell is pretty easy to use for a single user and all you need is to enter target and Remote credentials in a variable to use it with the command.

Once you use the script it’ll copy the source user and their Exchange attributes including Proxy Addresses, it’ll convert the LegacyExchangeDN into X500 address in the target user’s mailbox object so users in the source forest wont get any cache issue reaching to the migrated user and will set other attributes like Displayname, MailNickName..etc like in the screenshot below.

Script is as the following

$TargetCredentials = Get-Credential

$RemoteCredentials = Get-Credential

.\Prepare-MoveRequest.Ps1 -Identity UPN@targetdomain.com -RemoteForestDomainController “SourceDCHostname.SourceDC.local” -RemoteForestCredential $RemoteCredentials -LocalForestDomainController “TargetDCHostname.TargetDC.local” -LocalForestCredential $TargetCredentials -TargetMailUserOU “OU=DestinationOU,DC=TargetDC,DC=local” -UseLocalObject -OverwriteLocalObject –Verbose

image

Prepare-MoveRequest for Bulk mailboxes:

For bulk users the script is simpler but for it to work you’ll need to prepare a CSV file that meets the requirements of the powershell script.

Bulk Users Script:

cd $exscripts

Write-Host “Starting to Prepare-MoveRequest for users in your CSV List….” -ForegroundColor Green -BackgroundColor Black

Import-Csv C:\Identity\Identity_1.csv | .\Prepare-MoveRequest.ps1 -RemoteForestDomainController “SourceDCHost.SourceDC.local” -RemoteForestCredential $RemoteCredentials -UseLocalObject -OverwriteLocalObject –Verbose

CSV Example:

Alias,Proxy,NewProxy,NewIdentity

Alias,MailAddress@domain.com,MailAddress@domain.local,NewIdentity

image

–Moving Users

Moving Single Mailbox:

After preparing the Move request, The only thing left to do is to move users. This process is pretty easy and only one script line is used.

[PS] C:\Exchange 2010\scripts>New-MoveRequest -Identity “outlook.test@SourceSMTPDomain.com” -RemoteHostName “webmail.SourceOwaUrl.com” -Remote -RemoteCredential $RemoteCredentials -TargetDatabase DestinationDB1 –TargetDeliveryDomain SourceSMTPAcceptedDomain.com

image

Moving Multiple Mailboxes:

Import-Csv C:\Identity\Identity_15.csv | New-MoveRequest -RemoteHostName “webmail.calikenerji.com” -Remote -RemoteCredential $RemoteCredentials -TargetDatabase CEDB12 -TargetDeliveryDomain calikenerji.com

CSV Example:

Identity

Outlook.user@SourceSMTPDomain.com

Outlook.user2@SourceSMTPDomain.com

Outlook.user3@SourceSMTPDomain.com

image

Once the list is ready and you run the powershell script the target CAS server would connect to the source CAS and start migration as in the following screenshot.

image

Once users migration is finished, On the source forest user will be converted to MailUser so non-migrated users in the source forest will still be able to send emails to this user however, The Groups on target forest must be manually maintained and updated with users that are being migrated.

image

– Contacts Issue

In the target forest those two migrated users were already contacts there prior to migrating them and thus Target forest users who have sent those two users email have the LegacyExchangeDN Address of those contacts cached in their Outlook in X500 format which will create an issue if those contacts are deleted without exporting their LegacyExchangeDN and add it to the migrated users’s ProxyAddress Attributes.

Prior to deleting those contacts, From the Target forest I have exported their info to CSV with the following attributes.

Name, Alias, PrimarySMTPAddress and LegacyExchangeDN Attribute using the following powershell script

Get-MailContact -result unlimited | where {$_.PrimarySmtpAddress -like*@TargetSMTPDomain.com} | select Name,Alias,Primarysmtpaddress,legacyExchangeDN | Export-Csv c:\TargetContacts.csv -notypeinfo -encoding utf8

The PowerShell will export contacts in the following format and in order to import them you’ll need to bulk edit the file using Notepad or Notepad++

image

In notepad replace “/o= with X500:/o=

image

and Replace all “ with nothing

image

After you save the file in the target forest, Only in the condition of migrating Source users to the target forest use the following script to Import those users’ LegacyExchangeDN as X500 to their migrated Mailbox objects.

Import-CSV “C:\TargetContacts.csv” | foreach{Set-Mailbox -identity $_.Name -EmailAddresses @{add=$_.LegacyExchangeDN}}

Hope this helps and if you have any questions in mind please don’t hesitate to contact me at info@moh10ly.com or call me 320-200-9663.

Mohammed JH

Get all mailbox Exchange Servers IP address remotely

Sometimes while we do Exchange projects in big environments where there more than 10 or 15 servers we need to quickly get a particular server’s hostname or IP.

I created a simple PowerShell script that does the work for you

#Get all mailbox Exchange Servers IP address remotely

#Import Exchange Management Shell if ran from PowerShell

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

# Find Mailbox Server Roles

$Servers = Get-ExchangeServer | Where-Object {$_.Serverrole -eq “mailbox”}

# Print Servername and IP

foreach ($Server in $Servers) {Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Server | Select-Object -Property IPAddress,PsComputerName,Name}

image

Exchange 2010 CrossForest group Migration

In an Exchange Crossforest migration the distribution groups can be a very painful operation that would cause loss of time, lots of issues and continues headache if not solved within a timely manner.

The migration can be a long boring process that needs to be as accurate as possible to avoid any issue related to members in the group or/and Group’s Primary SMTP details.

While doing a Crossforest migration I came through through this headache and tried to seek a script that would satisfy my migration’s requirements but only thing I found is the exportPowershell made by Satheshwaran Manoharan.

Export Process:

The script exports all groups and their members from the source forest, but to import there’s no option and I had to write my own script.

To make use of this script first make sure you that you have migrated the Groups with ADMT in the recommended order otherwise the migration would be problematic.

  • First: Universal Groups
  • Second: Global Groups
  • Third: Domain Local Groups

Once groups are migrated to the target forest you can check how they look like through Exchange management shell and whether they have members added or SMTP address set.

image

After I checked it apparently shows that group is empty and has no Primary SMTP address associated with it.

Import Process:

In order to add members during the migration since this is a Hybrid/Coexistence migration not cutover, It took time to migrate users and therefore I have to add non-migrated users in target forest as External Contacts to the Distribution Groups and add migrated users as Mailbox users.

Then after adding the users I have to setup Primary SMTP address for the groups according to the exported CSV file from the Source Forest.

image

To Import users, I had to setup a CSV file with the following format:

In this format, the Display name, Alias, RecipientType and PrimarySMTPAddress belong to the User object that’s included in the group meanwhile, The Dgroup is the Distribution group’s Alias and DGSMTP is the Group’s Primary SMTP address.

image

The following script imports groups members to their relative groups

#########################################################################################

# If user type is Usermailbox then it’ll be in Target forest as a Contact #

#########################################################################################

$Users = Import-Csv “C:\Groups\dgs.csv”

Foreach ($User in $Users){

$GroupAlias = $User.Dgroup

$GroupSMTP = $User.DGSMTP

Write-Host “$User.Alias” has been Added to the Group $User.Dgroup -ForegroundColor Green -BackgroundColor Black

if ($User.RecipientType -Match “UserMailbox”){

Add-DistributionGroupMember -Identity $GroupAlias -Member $User.PrimarySMTP -BypassSecurityGroupManagerCheck}}

Fixing Distribution Groups Primary SMTP Address:

Since distribution groups are mostly imported without Primary SMTP address through ADMT then we’ll have to also make sure that we fix this for our groups, but what if the destination forest has similar groups or the SMTP is used already ? In order to avoid any mistake when associating the Primary SMTP address I have created a script that would check distribution groups with null value in their primary SMTP Address and copy the SMTP address to these groups avoiding any overwrite or change of the destination Distribution groups.

#########################################################################################

# Setup groups with Primary SMTP Address

#########################################################################################

$Groups = Import-Csv “C:\Groups\Group_test.csv”

Foreach ($Group in $Groups){

$GroupAlias = $Group.dgroup

$GroupSMTP = $Group.DGSMTP

if ((Get-DistributionGroup $GroupAlias | %{$_.PrimarySmtpAddress}) -match “$GroupSMTP”) {

Write-Host Group $GroupAlias already has $GroupSMTP Setup as primary SMTP address -ForegroundColor Yellow -BackgroundColor Red}else{

Set-DistributionGroup -Identity $GroupAlias -PrimarySmtpAddress $GroupSMTP -EmailAddressPolicyEnabled $False

Write-Host Group $GroupAlias has $GroupSMTP Setup as primary SMTP -ForegroundColor Green -BackgroundColor Black }}

The script will check if the groups has primary SMTP matches the one in the CSV file, if it doesn’t it’ll setup the primary SMTP address for that group with green color like in the below screenshot

image

You can use this script with the same CSV file that you will use for adding members to the groups too , If groups SMTP exists already you’ll get the following error

image

Note:

Attached below, You can find the new version of the powershell and the CSV along with it.

Setup Squid Guard (Proxy Server) on Pfsense

Setup Squid Guard (Proxy Server) on Pfsense

In order to setup Squid Guard you should have two packages installed on your Pfsense for it to work properly.

First package should be Squid 3 (In case you’re publishing Exchange web services with it) or Squid if not.

Second Package would be Squid Guard-Squid3 for Squid 3 or in case you don’t have Squid 3 you can use the normal “Stable” Squid-Guard version for Squid. 

Squid Package

In my case I am using Squid 3 because I use its reverse proxy to publish Exchange web services so I will install SquidGaurd-Squid 3 to configure its proxy server.

I already downloaded and installed it but If you didn’t do so then you will have to navigate to >System > Packages >Available Packages and there you can find it and install it.

From the Services Menu drop down you will find those 3 below (Proxy Filter, Proxy Server and Reverse Proxy) 

First I will go to Proxy Server tick which Interfaces I want to enable the proxy on (LAN, DMZ) and Enable “Transparent Http Proxy” and “Allow users on interface” in the General tab page

If you scroll down you will find “Logging Settings” and other options that you don’t need to enable. Logging is required mostly for troubleshooting times.

Next I will go to “Local Cache” tab and change the Squid Hard Disk cache Settings in order to take more than 100 mb. I will make it 5000mb which is 5 GB to make internet browser faster for users who visit the same websites often.

After that you don’t need to do anything except saving changes in the end of the page below

Go to “ACLs” page and enable the Local networks that I have, I will write them in the “Allowed subnets” section and save the page. 

I am finished with the Proxy Server settings, I will go to Proxy Filter and I will scroll down to the end of the page to Enable Blacklist option and paste the link below then click Save to save the changes

http://www.shallalist.de/Downloads/shallalist.tar.gz

Go to Blacklist tab to download the black list from there then I will copy the link below and press on Download

http://www.shallalist.de/Downloads/shallalist.tar.gz

When I finish downloading I will go to “Common ACL” tab page and configure the Rules there which we have downloaded. As you can see below I have everything already configured but in order for you to configure it you will have to press on the > Green Start button first of all

After you press on the Green button It will show you the rules that you want to configure. I have already configured (Alcohol, Deny, Gambling, Hacking, Social net)…

Then next I will configure the Redirect mode and type my own customized message that will appear to the clients behind Pfsense and use safeSearch.

When done I will save this page and go to the General tab page and will click on Apply all changes and save the page.

Note:

you should see that SafeGuard service state “Started” in order for it to work. If for any reason the service is not started try to navigate to >Status > System logs  and check your logs here if there’s anything related to SafeGaurd or Squid.

Now I will go to the Client and check if my client with “Pfsense as their default gateway” will respond to the Safe Guard rules or not.

I tried opening Facebook or Twitter but both are not working and they gave me the same message which I have customized in Pfsense.  

Over all this had been easy setup and everything works perfectly

Hope this would be useful to you all.

Publishing Exchange on Pfsense

How to Publish Exchange on Pfsense (Old Version)

This page will guide you through the steps of publishing Microsoft Exchange web services on Pfsense’s last version 2.1.5. 
If you don’t have it already installed, you can check out my guide on how to install Pfsense and prepare it on your environment. 

Note:

Before starting you must know that if you’re going to use the same Public IP (WAN) for Pfsense for Exchange Web service then you must set Pfsense to use a non-standard HTTP/HTTPS port.

First thing, we will have to install Squid3 plugin to Pfsense

Installing Package

I will click on the Plus sign + next to the Squid3 package to install it.

Now I will go to the Reverse proxy after I check if it’s installed on the Services Menu

Will have to export the Certificate from our Exchange and import it to the Certificate store in Pfsense.

I’ll click on the + on the CAs to import the Certification Authority root certificate

 I opened the CA certificate in Notepad++ and copied it all then give it a name and clicked on Save

After clicking on Save here is what I got.

Add the Exchange’s personal certificate and Key and use Digicert’s tool to export the key as in the following screenshot

Now I’ll go back to Pfsense’s portal to the Certificate section to add the Exchange’s certificate, I will go to Certificates tab and click on the + sign to add the cert.

I will paste the certificate data and the key as well and save.

I added the Cert’s code data and the cert’s Key as well, and after I clicked on Save here’s what it looks like.

Now I will go on the reverse proxy tab and configure it for Exchange. First thing I should do is Enable HTTP and HTTPS ports and choose the certificate for Exchange.

NOTE: placing the standard ports e.g. (80, 443) for http and  https might work in earlier versions of Pfsense like 1.5 and 2.0 but not 2.1 and 2.2, in order for the reverse proxy to work on the new versions you’ll have to use the port field empty if you decide to use the standard ports. 

Here I have enabled all the ports and choose the right certificate, I will also import the Intermediate certificate in case it was needed.

I will go back to the Exchange Server where I have all the certificates and export the Intermediate Certificate

In order to know the intermediate Certificate, I will go to the MMC and click on the personal certificate and check it’s path. 

I will double click on the certificate and check its certification path

Opening the Intermediate certificate store.

 I will use MMC Wizard to export the Certificate with Base 64 Encoded option.

 After I exported

Now I will enable OWA and fill the information related to it as following.

Next I will go to the firewall (NAT) part to configure the required ports and IPS. Click on Firewall tab and NAT

I will only need to configure the port 25 and 443 since I have a certificate already and want to use HTTPS instead of http.

Here ıs what my firewall looks like right now.

Note: On Exchange server the default gateway should be the LAN IP of the Pfsense or at least there should be a persistent route to the local IP of Pfsense. 

I will save this rule and check if I can browse to OWA from my browser, note that I am connecting remotely and I have Exchange server hosted on hyper V from a different place.

WHOA, It works without any issues but still I’ll sign in and make sure I can still login without any problem.

Now I will check if I can send e-mail back and forth to Gmail and Exchange. starting by sending an e-mail from Exchange. I can get an e-mail to Gmail.

Now I am replying the e-mail from Gmail to Exchange.

Everything seems to be working as expected… 

Now it’s time to make sure that ActiveSync is working properly as well. I will first of all test active sync with Remote Connectivity Analyzer www.testexchangeconnectivity.com or https://testconnectivity.microsoft.com

I will have to go to Exchange Server tab and select “Exchange ActiveSync” option for testing and click continue down right the window 

Then here I will enter my credentials as you can see below

Test will take about 15-30 seconds to finish

Then here it will show the expected result.

detailed result of the test

Note: 

I have also tested it on my iPhone and it worked without any issue as well.

Pfsense and Active Directory Integration

In this tutorial. I will integrate my Active directory with Pfsense in order to authenticate Users from Active directory instead of using Pfsense’s User manager.

The process will give you more options and will make managing users much easier. so in order to do that follow the following steps.

First open your Pfsense Web UI and click on System – > user manager

Next go to Servers Tab

Click + in the right corner

After you click on the + icon you will get the following page.

Fill these details accordingly, for help on how to fill these in check the below snapshot

Note: Make sure that your password is simple and contains only letters, no numbers or special characters e.g. Pfsense

When done click on Select and the result will be that you will be able to view the following OU/CN.

Now create a group on AD e.g. “PF” and create the same identical group name on Pfsense. On AD add any user to this group.

Then go back to pfsense – > system – > user manager -> goto Settings Tab – > from Authentication server select your AD and save

Now click on Diagnostic -> Authentication -> select your AD server

Type in your username and password for the user which you have added to the group pf in the AD and click test then you will see the result on top. “User: Pfsense authenticated successfully. this user is a member of these groups: pf

Hope this will help you find your way through Pfsense. 🙂

SquidGaurd Package installation issue

SQUIDGAURD PACKAGE INSTALLATION ISSUE

Symptoms:

After upgrading Pfsense from 2.1.5 to 2.2 I have got no SquidGaurd installed and when I tried to install it I get the following error on Pfsense

ERROR: No digital signature! If you are *SURE* you trust this PBI, re-install with –no-checksig option.

of squidguard-squid3-1.4_4-amd64 failed!

Installation of squidGuard-squid3 FAILED!

Beginning package installation for squidGuard-squid3 .

Downloading package configuration file… done.

Saving updated package information… done.

Downloading squidGuard-squid3 and its dependencies…

Checking for package installation…

 Downloading https://files.pfsense.org/packages/10/All/squidguard-squid3-1.4_4-amd64.pbi …  (extracting)

 ERROR: No digital signature! If you are *SURE* you trust this PBI, re-install with –no-checksig option.

of squidguard-squid3-1.4_4-amd64 failed!

Installation aborted.Removing package…

Starting package deletion for squidguard-squid3-1.4_4-amd64…done.

Removing squidGuard-squid3 components…

Tabs items… done.

Menu items… done.

Services… done.

Loading package instructions…

Include file squidguard.inc could not be found for inclusion.

Deinstall commands…

Not executing custom deinstall hook because an include is missing.

Removing package instructions…done.

Auxiliary files… done.

Package XML… done.

Configuration… done.

done.

Failed to install package.

Installation halted.

Reasons: as it indicates in the error above the reason why the package is not installed is due to not being digitally signed which might be something related to the new version.

Resolution:

In order to resolve this issue and successfully install SquidGaurd you will have to connect to your Pfsense from SSH (SSH Must be enabled and firewall rule must be configured) and do the following in order to install it by ignoring the Digital signature check.

Enter an option: 8

fetch https://files.pfsense.org/packages/10/All/squidguard-squid3-1.4_4-amd64.pbi

rm -rf /var/db/pbi/installed/squidguard-squid3-1.4_4-amd64.pbi

pbi_add -f –no-checksig squidguard-squid3-1.4_4-amd64.pbi

Now I will go to System > Packages and (re)install the package that failed.

And the result as below

Reference

https://doc.pfsense.org/index.php/Pbi_add:_Invalid_file_for_usercheck