Reissue a certificate on SBS2008

Every few years the self-issued certificate that allows remote access to the remote web workplace expires, and needs to be reissued.
Here is an illustrated guide of the steps which I completed successfully:

From the SBS console, there were errors reported - followed my nose till I got this;







Ignore the configure modem - you do not want to be changing this
(I should have unticked all but the certificate - but there's only one way to find out!)


Nothing went wrong.

Check the date and time to make sure they are the fresh ones.

Your next challenge is to get them to the client PCs. RDP direct to the server and copy the file if you can. Zip the folder, rename it as a .txt and attache to a gmail? Or get out your sneakers and usb thumbdrive :)

Ah - I remember know how I started the process:
(See also the useful url on the screenshot)
And if adding a third party (purchased) certificate then I suppose you would use the link above the one highlighted?

Steps to get RWW working

The first time you run a RWW site that needs the Activex you should get prompted



Then you right click the yellow area to accept the diag



Then you'll get the login, BUT NOTE THE RED CERTIFICATE ERROR in all the above screens so far!



This means you need to run the InstallCertificate app from the folder where the certificate is that you issued from your SBS2008 server and copied to the local PC:



(Note - you may have needed to reissue the certificate on the server - see this post )

Now you can finally connect to the local PC including mapping local printers and clipboard. Note the address bar is no longer red..

Job done. :D

Making "full" use of a Telecom=locked THOMPSON TG585v7

Ah, that little white box so full of promise, until you plug it in and find there's nowhere to go...

With no adsl phone line connected, you get the following unhelpful screen that seemingly can take you no further. Typing in the default ip address of 192.168.1.254 annoyingly resolves to dsldevice.lan and nothing more seems to be possible..


All is not lost, however, somehow I came across two methods to get a bit deeper (despite rumours that there is a secondary lan range and/or password kept top secret and known by only those who rub shoulders with Theresa Gattung (or whoever her current replacement happens to be ;)



Step one: use this url
http://dsldevice.lan/cgi/b/lan/?be=0&l0=3&l1=-1

This allows the more familiar setup screens of old, complete with blue text hyperlinks to everything, most importantly the
Configure link

Step 2.
Change the logon credentials for the administrator.
The current default is a blank password, and the login is Administrator (with a capital) - which is important for the telnet step below.
But don't panic reading about telnet (yes, it's there in Win7, just needs to be enabled (ticked on) under Windows Programs)
The web interface will immediatly prompt you for the credentials when you change them successfully, so you are IN.
Then mosey over to Internet settings, and put in your adsl userid and password (even if its not xtra, gasp)!
There is no Save button, but fear not, it does save, somehow.

Now comes the telnet bit. Should it not save, you apparently can save the config file using cli (command line in telnet) using this:
config save filename = myset.ini
Edit this file to reflect your login (the file is hard to find buried somewhere deep in c:\windows...???)
Then upload it to the modem using
config load filname = myeditedset.ini

You'll know you're in when you see some ascii art (which takes me back:)



For the record, here are my router's specs

System Information
This page summarizes important information on your Thomson Gateway. You may need this information when you contact your helpdesk.
Product Name: TG585v7
Serial Number:CP0922SFxxx
Software Release:7.4.2.7
Software Variant:ES
Boot Loader Version:1.0.0
Product Code:36588280
Board Name:CANT-P

Faster Broadband? ... Maybe.

There is a lot of talk about the government 'fibre to the door' initiative and the super fast broadband speeds that this will achieve. Fibre to the door will be fantastic but in reality it is at least five years before the average person is using it.

The news is not all bad however as there is a lot more speed to squeeze out of the current wires running to your house or business and in the background over the last few years Telecom and others have been adding new technologies to and between our Hawkes Bay exchanges that could give your internet the boost you desire.

Firstly a few acronyms to help you sleep at night. (source wikipedia.org)

ADSL (Asymmetric Digital Subscriber Line). This is the first generation of Broadband over our phone lines and is what most broadband users have today. This has a maximum download speed of 8 Megabits and upload speed of 800 kilobits. End user can be up to 5km from the exchange over the phone wire.

ADSL2+. This has a maximum download speed of 24 Megabits and upload speed of 1 Megabit. End user can be up to 2km from the exchange over the phone wire.

VDSL2. (Very High-Speed Digital Subscriber Line 2) This has a theoretical maximum download speed of up to 100 Megabits and upload speed of 16 Megabits. End user can be up to 500m from the exchange over the phone wire.


Unfortunately these technologies are not available to all of us. There are several factors that determine who can get what.

Whether your exchange / cabinet is upgraded. The role out of these newer technologies by Telecom and others, Airnet and Slingshot are two I have heard of in the bay, has been going for several years and will continue for several more. The project is managed by Telecom Wholesale and they have a very good resource on line to determine whether you are able to join to one of these faster technologies or when it will be available. http://www.telecomwholesale.co.nz/maps.

Whether your ISP supports it. ADSL2+ can be used by anyone that has a full speed broadband account but VDSL2 requires your ISP to support a VDSL2 plan and currently no one does nor have I heard any dates of when they will. Whats up with that?

Your hardware. ADSL2+ is supported by most broadband modems less than 3 years old and in some cases it will automatically detect the ADSL2+ network and connect but the majority of modems out there will need to be configured, updated or replaced to reap the extra speed available. VDSL2 modems are not yet available but will probably be more expensive when they do get here.

So whether you already have ADSL2+ or have to suffer the tyranny of a dial-up connection Internet in the Hawkes Bay is slowly getting better.

Not all routers are created equal

A mentor once instilled in me the following mantra:

"it shouldn't be that hard".

In other words technology should "just work".  (Unfortunately we all know this is not entirely true all the time.)

Yet I try to live by that mantra, and not get sucked in by the "complicated fix". But over the last three days, I have been doing battle with routers - or more specifically one router in particular. A Cisco WAG310G.  I installed successfully as the end point for a VOIP solution.  [That part went very well, by the way and WAS simple].

However, in trying to get a VPN to work through the new router, I'd forgotten to apply the check the simple things first...  (no, not "is the damn thing plugged in?",) but, "did you read the spec of the machine to see it can do what you are asking it to do?". The answer is "no".

In my defence, the fact that the router had the GRE47 protocol as  a service that could be chosen for pass-through, would have indicated ( I would have thought) that the router was capable of VPN.

I mean, is not a VPN a simple, basic requirement of all modern routers?

One would have thought so.

To confound matters, I was also blinded by the oft and varied reports of Win7 and the troubles of getting a VPN to work with that new beast. The old, stable XP-based VPN was still working fine - even with the new router installed. (But actually it, too had stopped and I hadn't noticed).  grrr

On the support site for this router - there is a prominent link on How to setup a VPN.

http://www.linksysbycisco.com/ANZ/en/support/WAG310G

A much more helpful article has screengrabs that show the missing VPN tab in the security settings of the router's gui:

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=4239

and if you are "encountering difficulties" try:

Encountering Difficulties Connecting to the VPN Tunnel Using a ADSL Gateway

not that this will help if you don't RTFM !

Keeping a Win7 printer share shared to XP SOLVED

Just when I though Win7 was infallible - Vista-like inconsistencies appear where you least expect them...

I needed to share a printer off Win7Pro to an XP Home machine. Despite all the best efforts going both the old-fashioned way [create identical userid and password on both machines], and the new way every says it's done: http://www.howtogeek.com/howto/windows-7/share-files-and-printers-between-windows-7-and-xp/.

No cigar. I still got prompted for the userid and password after each restart. (As reported by lots of other posters.)

However, it occurred to me that by mapping a shared folder using a simple net use batch file, the user id and password if valid for the share, would eliminate the need for it again when reconnecting to the printer share.
Voila.
It worked.
net use z: \\win7pcname\foldershare /user:win7pcname\username passwordhere

Now put THAT in your pipe and smoke it win7 !

VPN - it can't be THAT hard (- can it?)

The VPN solution sounds perfect.. "just set up a tunnel through the public network for your private use..."

However, one can do a LOT of reading around a subject without getting to the nitty gritty of what to do.

This is one of those rare occasions, however, when I found a how-to summary that succinctly described what to do, without too much technical detail, but with enough of what you need to know to get it working.

Rather than rewrite Larry's words, I will quote his post in full here

http://forums.techarena.in/small-business-server/955926.htm

Oh - and to answer the question of browsing - simply map a drive on the client machine to \\ip.address.of.server\share using the domain authentication.

Easy.

24-04-2008

Larry Struckmeyer Posts: n/a

Re: VPN Connects but unable to browse Network HELP!! Hi: In general, I recommend RWW over VPN for connecting remotely. If you have a particular issue that requires a VPN connection, I would appreciate if you would share. To use VPN with your SBS you must first run the CEICW and permit that service to be used. Then run the RRAS wizard to setup the WAN ports. These are the second and third wizards on the To Do List in Server Management. You must have a router/firewall that has port 1723 forwarded to your SBS and that allows GRE 47 to pass. Some older devices do not allow this. And theother hardware related issue is that the SBS ip ranges and the remote ip range must be different. That is, if SBS is 192.168.16.x internal, and 192.168.100.x external, the remote cannot have the same numbers in the first three octets. Are there any specific errors in your event logs, or specific messages that occur And as always, I recommend the SBS BPA. Run that and do what it recommends. http://www.sbsbpa.com/ -- Larry Please post the resolution to your issue so that all can benefit.