Changing Ubuntu Server IP address from DHCP to Static (including DNS)

I know this is a silly one but some seem to struggle with this and there are some conflicting instructions out there.

sudo nano /etc/network/interfaces


Change this-
auto eth0
iface eth0 inet dhcp

To your static ip-
auto eth0
iface eth0 inet static
        address 192.168.0.3
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-search example.com
        dns-nameservers 8.8.8.8 4.2.2.2

(You can omit the dns-search if you don't need a domain suffix,)

Simply restart your server.  If you'd prefer not to, you can restart the networking with this command-

sudo ifdown eth0 && sudo ifup eth0

Cisco ASA Restrict VPN traffic to 1 IP on Site to Site (L2L) Tunnel

I was recently asked to restrict access on a VPN tunnel to one IP address, 192.168.240.13.  Here is how I did it-



access-list restrict extended permit ip host 192.168.240.13 any

group-policy Tunnel internal
group-policy Tunnel attributes
 vpn-filter value restrict

tunnel-group 2.2.2.2 general-attributes
 default-group-policy Tunnel

Setting up a Site to Site (L2L) VPN Tunnel on a Cisco ASA 5505 when the remote end has an overlapping (conflicting) IP Range

A scenario I commonly run into is a client who wants to set up a Site to Site IPSec VPN tunnel to a vendor but cannot use their current IP scheme because it overlaps with another one of their business partners.  This is a fairly simple setup.

Public IP- 1.1.1.1
Private LAN- 192.168.0.0/24
Remote VPN LAN- 192.168.250.0/24
Remote Host IP- 2.2.2.2
Pre-Shared-Key- Key

So we're going to make up a "Natted" LAN for use on this tunnel.  We will use- 192.168.100.0/24.
Natted LAN- 192.168.100.0

First thing, create some object groups.

ASA (config)# object network LocalSubnet

ASA(config-network-object)# subnet 192.168.0.0 255.255.255.0

ASA (config)# object network LocalSubnetNAT

ASA(config-network-object)# subnet 192.168.100.0 255.255.255.0

ASA (config)# object network RemoteSubnet

ASA(config-network-object)# subnet 192.168.250.0 255.255.255.0

Next we create a NAT rule to un-NAT to that address.

ASA (config)# nat (inside,outside) source static LocalSubnet LocalSubnetNAT destination static RemoteSubnet RemoteSubnet

Now we create an ACL for the VPN tunnel.  Since VPN tunnels are processed after NAT, it will be from the Natted subnet to the remote subnet.

ASA (config)# access-list Tunnel extended permit ip object LocalSubnetNAT object RemoteSubnet

Now we build the tunnel like we normally would-

ASA (config)# crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

ASA (config)# crypto map outside_map 10 match address Tunnel

ASA (config)# crypto map outside_map 10 set peer 2.2.2.2

ASA (config)# crypto map outside_map 10 set ikev1 transform-set ESP-3DES-SHA

ASA (config)# crypto map outside_map interface outside

ASA (config)# crypto ikev1 enable outside

ASA (config)# crypto ikev1 policy 10

ASA(config-ikev1-policy)# authentication pre-share

ASA(config-ikev1-policy)# encryption 3des

ASA(config-ikev1-policy)# hash sha

ASA(config-ikev1-policy)# group 2

ASA(config-ikev1-policy)# lifetime 86400

ASA (config)# tunnel-group 2.2.2.2 type ipsec-l2l

ASA (config)# tunnel-group 2,2,2,2 ipsec-attributes

ASA(config-tunnel-ipsec)# ikev1 pre-shared-key Key

That's it!  

Windows Time Hell

I'm kind of over windows time issues, so I found this little bad boy!  This thing is great, rock solid time sync, no headaches.

http://www.timesynctool.com/

You move a mailbox from Exchange 2010 / 2013 to a new server or Office 365 and you can't get rid of a shared mailbox that is automapped.

So you move a shared mailbox from Exchange to either a new server or to Office 365.  After, a user still sees a shared mailbox automapped to their profile due to the exchange automapping feature.  You aren't able to map the moved mailbox to their profile.

An easy solution is to simply remove it from the attributes in Active Directory.

 - Open Active Directory Users and Computers.
 - Click the View menu and select Advanced Features.
 - Open the user in question.
 - Click on the Attribute editor tab.
 - Scroll down to msExchDelegateListLink, open it.
 - Remote the mailbox that is automapped.

How to set up an Ubuntu Secondary (Slave) DNS Server as a Secondary DNS Server to your Windows Active Directory Environment

Recently I had a client ask me to configure an Ubuntu server as a secondary DNS server to their AD environment to give a remote office local DNS.  Here is how I did it-

sudo apt-get install bind9

cd /etc/bind
sudo nano named.conf.local

     zone "domain.local" IN {
             type slave;
             file "/var/cache/bind/domain.local.db";
             allow-transfer { 192.168.0.0/16; };
             allow-notify { 192.168.2.97; };
             check-names ignore;
             masters { 192.168.2.97; };
     };

     zone "2.168.192.in-addr.arpa" IN {
             type slave;

             file "/var/cache/bind/2.168.192.db";

             allow-transfer { 192.168.0.0/16; };

             allow-notify { 192.168.2.97; };

             masters { 192.168.2.97; };

     };

(Note- Replace domain.local with your AD domain, replace the 192.168.0.0/16 with your internal IP subnet, replaced 192.168.2.97 with your internal DC that you want to transfer DNS from.)

sudo nano named.conf.options

     allow-query { any; };

     allow-recursion { any; };

     forwarders {

             8.8.8.8;

             4.2.2.2;

     };

On your AD server, go into DNS, right click on the internal DNZ zone, and add the IP of your Ubuntu box to the zone transfers tab.  Do the same for the reverse zone.

Restart Bind
sudo /etc/init.d/bind9 restart

That's it!!!

How to move Public Folders from Exchange 2010 to Exchange 2013

This is my write up on moving public folders from 2010 to 2013.

From the Exchange 2010 server, run the following
     Get-PublicFolder –Recurse | ConvertTo-CSV >C:\Exchange2010-PFStructure.csv
     Get-PublicFolder -Recurse | Get-PublicFolderStatistics | ConvertTo-Csv >C:\Exchange2010-PFStatistics.csv
     Get-PublicFolder -GetChildren | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | ConvertTo-CSV >C:\Exchange2010-PFPermissions.csv

From the Exchange 2010 server, make sure PublicFoldersLockedForMigration and PublicFolderMigrationComplete is set to False
     Get-OrganizationConfig  | fl *Migration*
If this parameter is set to True , Run the below command to Change it to False
     Set-OrganizationConfig -PublicFoldersLockedforMigration:$false -PublicFolderMigrationComplete:$false

From the Exchange 2013 server, make sure there is no PublicFolderMigrationRequest and PublicFolder Mailbox
     Get-PublicFolderMigrationRequest

     Get-Mailbox -PublicFolder

Copy the following files to from the Exchange 20130 Scripts folder (C:\Program Files\Microsoft\Exchange Server\V15\Scripts) to the Exchange 2010 Scripts Folder (C:\Program Files\Microsoft\Exchange Server\V14\Scripts)
     Export-PublicFolderStatistics.strings
     Export-PublicFolderStatistics
     PublicFolderToMailboxMapGenerator.strings
     PublicFolderToMailboxMapGenerator


On the Exchange 2010 server, open the Exchange Management Shell and navigate to C:\Program Files\Microsoft\Exchange Server\V14\Scripts, create the folder C:\PFMigration and run the following scripts-
     .\PublicFolderToMailboxMapGenerator.ps1 -MailboxSize 5000000000 -ImportFile C:\PFMigration\Exchange2010-PFtoSize.csv -ExportFile C:\PFMigration\Exchange2010-PFtoMailbox.csv

Open file C:\PFMigration\Exchange2010-PFtoMailbox.csv with notepad, change the PF Mailbox name to one you wish (PFMailbox)

Copy the C:\PFMigration folder and the CSV from your Exchange 2010 Server to your Exchange 2013 Server.

On the Exchange 2013 Server, create your Public Folder Migration Request.  If required you can add the parameters -AcceptLargeDataLoss –BadItemLimit 
     New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase –Server EXCH2010) -CSVData (Get-Content C:\PFMigration\Exchange2010-PFtoMailbox.csv -Encoding Byte)

Check the status of migration request.
     Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeRepor

When it fails, use this command to find out why-
     Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeReport | FL

You might see this, it means you have mail enabled folders that have a space in the alias field or a space before or after the alias.  Go to the public folder manager, go to the peoperties of the mail enabled public folder listed and change the alias to have no spaces.
"Error: Property expression "B list" isn't valid. Valid values are: Strings formed
with characters from A to Z (uppercase or lowercase), digits from 0 to 9, !, #, $,
%, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } or ~. One or more periods may be
embedded in an alias, but each period should be preceded and followed by at least
one of the other characters. Unicode characters from U+00A1 to U+00FF are also
valid in an alias, but they will be mapped to a best-fit US-ASCII string in the
e-mail address, which is generated from such an alias."

Once you fixed this, resume the migration-
     Get-PublicFolderMigrationRequest | Resume-PubliFolderMigrat

If you forgot to set the baditemlimit or set it too small, you can change it with this command.
     Set-PublicFolderMigrationRequest -Identity \PublicFolderMigration -baditemlimit 200
     Get-PublicFolderMigrationRequest | Resume-PubliFolderMigrat

Once the PublicFolderMigrationRequest shows autosuspended, on the Exchange 2010 server set PublicFoldersLockedForMigration to True.  This may take a couple of hours.

     Set-OrganizationConfig -PublicFoldersLockedForMigration:$true

On the Exchange 2013 server, complete the migration.
     Get-PublicFolderMigrationRequest  -Identity \PublicFolderMigration | Set-PublicFolderMigrationRequest -PreventCompletion:$false

     Get-PublicFolderMigrationRequest  -Identity \PublicFolderMigration | Resume-PublicFolderMigrationRequest

Now Verify PublicFolderMigrationRequest is 100 Percent Complete

     Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics

     Get-PublicFolder –Recurse

Log on to OWA, right Click on Favorites, click Add Public Folder and verify you are able to access the migrated Data