Few days ago i need to enable Citrix access at my client to their Citrix server at Singapore.
They use ISA 2004 as their firewall.
At ISA 2004 there already a template for ICA protocol, but the
problem is this template useless, i already try to use that, but internal network still can't access
the citrix server.
So as solution I create a "Custom ICA" protocol. Just use the ICA template from ISA 2004
as your reffences to create the Custom protocol, the only different is put the Port 1604/UDP at
Primary connection, rather then at secondary connection like at the template.
Here the different between the ISA template and the Custom
ICA Template from ISA 2004
Custom ICA Protocol
After you create that "Custom ICA" protocol, then create a new firewall policy, see the bellow picture asyour refference.
Thursday, December 06, 2007
Friday, November 30, 2007
WinDbg and BSOD
- Downloads Windows debugger from Microsoft Web, after that install that Application at your Computer
- Find where your Windows store your debugging information.
- To find out where your windows hide your Debugging info Right Click the "My Computer" Icon.
- Select Property then go to Advanced Tab.
- At the Startup and recovery Section click the Settings button.
- Now you can see where your Windows store it's Dump file.
- For the start menu Start -> All Programs -> Debugging Tools for Windows -> WinDbg
- Now Open the dump file, go to File -> Open Crash Dump, then navigate to directory where the dump file stored.
- After you Open that file you will see lot of info. You can find the cause of BSOD, see at the bottom.
- As you can see the cause of the BSOD on my server is a file called mfehidk.sys, which a processes belongin to McAffe AV ( and that sucks)
- For detailed debugging info you can use command !analize -v , at the commad field
- Find where your Windows store your debugging information.
- To find out where your windows hide your Debugging info Right Click the "My Computer" Icon.
- Select Property then go to Advanced Tab.
- At the Startup and recovery Section click the Settings button.
- Now you can see where your Windows store it's Dump file.
- For the start menu Start -> All Programs -> Debugging Tools for Windows -> WinDbg
- Now Open the dump file, go to File -> Open Crash Dump, then navigate to directory where the dump file stored.
- After you Open that file you will see lot of info. You can find the cause of BSOD, see at the bottom.
- As you can see the cause of the BSOD on my server is a file called mfehidk.sys, which a processes belongin to McAffe AV ( and that sucks)
- For detailed debugging info you can use command !analize -v , at the commad field
Tuesday, November 27, 2007
How to Update to Win XP Sp3 with registry hack
Yesterday I found an article how to hack Win Xp registry so I can update to SP 3 rc1 . I found that article at this link "http://dailyapps.net/2007/11/hack-attack-get-windows-xp-sp3-through-windows-update/"
here the script
@echo off
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\XPSP3 /f 2> NUL
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\XPSP3 /v RCPreview /t REG_SZ /d 1c667073-b87f-4f52-a479-98c85711d869 /f
echo XPSP3 registry key has been set. Please check for updates in Windows Update - Kudos to dailyapps.net
pause
copy paste that script to notepad, then save as winxpsp3hack.cmd.
Double click that file, just follow the instruction.
After that update your windows via automatic update.
here the script
@echo off
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\XPSP3 /f 2> NUL
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\XPSP3 /v RCPreview /t REG_SZ /d 1c667073-b87f-4f52-a479-98c85711d869 /f
echo XPSP3 registry key has been set. Please check for updates in Windows Update - Kudos to dailyapps.net
pause
copy paste that script to notepad, then save as winxpsp3hack.cmd.
Double click that file, just follow the instruction.
After that update your windows via automatic update.
Sunday, October 28, 2007
Network Configuration File for RedHat/CentOS/Fedora
Because I work with my Linux Server directly from terminal, No fancy GUI. So I edit the network configuration
directly to ifcfg-ethx file (x = NIC Index), the file name depend to your device name, for example my Linux Server
Only have 1 network card so the configuration will had name ifcfg-eth0.
The configuration file located at /etc/sysconfig/network-scripts directory.
Here the the network file configuration when assign static IP
DEVICE=eth0
BOOTPROTO=none #If DHCP, then change to yes
HWADDR=00:00:1C:0A:AC:60 #MAC Addr
ONBOOT=yes #Set active on boot
TYPE=Ethernet
NETWORK=192.168.1.0
NETMASK=255.255.255.0
IPADDR=192.168.1.10
USERCTL=no #Set Yes if you want te ordinary user change the Network configuratin
IPV6INIT=no
PEERDNS=yes
GATEWAY=192.168.1.254
Here for DHCP
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:00:1C:0A:AC:60
ONBOOT=yes
TYPE=Ethernet
#NETWORK=192.168.1.0
#NETMASK=255.255.255.0
#IPADDR=192.168.1.10
#USERCTL=no
DHCP_HOSTNAME=komputerku.rumahku.local
#IPV6INIT=no
#PEERDNS=yes
#GATEWAY=172.17.8.254
And here for DNS servers
nameserver: 192.168.1.1
nameserver: 192.168.1.2.
For the DNS server, you can edit the file resolv.conf, you can find that at /etc directory.
When you finished, then restart the Network service, you can use command "/sbin/service network restart"
or "/etc/init.d/network restart". You must have root privilege to run both those command.
directly to ifcfg-ethx file (x = NIC Index), the file name depend to your device name, for example my Linux Server
Only have 1 network card so the configuration will had name ifcfg-eth0.
The configuration file located at /etc/sysconfig/network-scripts directory.
Here the the network file configuration when assign static IP
DEVICE=eth0
BOOTPROTO=none #If DHCP, then change to yes
HWADDR=00:00:1C:0A:AC:60 #MAC Addr
ONBOOT=yes #Set active on boot
TYPE=Ethernet
NETWORK=192.168.1.0
NETMASK=255.255.255.0
IPADDR=192.168.1.10
USERCTL=no #Set Yes if you want te ordinary user change the Network configuratin
IPV6INIT=no
PEERDNS=yes
GATEWAY=192.168.1.254
Here for DHCP
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:00:1C:0A:AC:60
ONBOOT=yes
TYPE=Ethernet
#NETWORK=192.168.1.0
#NETMASK=255.255.255.0
#IPADDR=192.168.1.10
#USERCTL=no
DHCP_HOSTNAME=komputerku.rumahku.local
#IPV6INIT=no
#PEERDNS=yes
#GATEWAY=172.17.8.254
And here for DNS servers
nameserver: 192.168.1.1
nameserver: 192.168.1.2.
For the DNS server, you can edit the file resolv.conf, you can find that at /etc directory.
When you finished, then restart the Network service, you can use command "/sbin/service network restart"
or "/etc/init.d/network restart". You must have root privilege to run both those command.
Saturday, October 27, 2007
Don't move Exchange Security Related Groups
Few day ago, I got call from the Office, they told me that one of our client exchange server got problem.
The exchange services can not start. It took hours to start the server, and sometime they must unlpug the network cable, from server NIC (Yeah good idea). After I came, I see that their try to install the Exchange SP2,but the installation procceses always end up with error.
The person who in charge, told me that there are problem with connection to Domain Controller. After I see the Event viewer I see there are lot of event with Id 9157 with source MSExchangeSA. Here the details of the event
Event Type: Warning Event
Source: MSExchangeSA
Event Category: General
Event ID: 9157
Date: 10/27/2007
Time: 11:57:32 AM
User: N/A
Computer: [Server Name]
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.
For more information, click http://www.microsoft.com/contentredirect.asp.
Apparently the Microsoft Exchange System Attendant service failed to start. This service is the most important service used by Exchange Server.
Because this service perform the important task, such as DS Lookup and other important task. If this service failed to start at least 3 other services will failed to start
Here the Description for Microsoft Exchange System Attendant service:
Provides monitoring, maintenance, and Active Directory lookup services, for example, monitoring of services and connectors,defragmenting the Exchange store, and forwarding Active Directory lookups to a Global Catalog server.
If this service is stopped, monitoring, maintenance, and lookup services are unavailable.
If this service is disabled, any services that explicitly depend on it will fail to start.
After some search from eventid.net and Google, apparently the main cause of this event because two security that related to Exchange
(Exchange Enterprise Servers and Exchange Domain Servers) moved to other OU. Looks like MS hard coded the Exchange to search both Security Group at User container. After I move back both Exchange and Start the Microsoft Exchange System Attendant, the problem
solved.
The exchange services can not start. It took hours to start the server, and sometime they must unlpug the network cable, from server NIC (Yeah good idea). After I came, I see that their try to install the Exchange SP2,but the installation procceses always end up with error.
The person who in charge, told me that there are problem with connection to Domain Controller. After I see the Event viewer I see there are lot of event with Id 9157 with source MSExchangeSA. Here the details of the event
Event Type: Warning Event
Source: MSExchangeSA
Event Category: General
Event ID: 9157
Date: 10/27/2007
Time: 11:57:32 AM
User: N/A
Computer: [Server Name]
Description: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objects in Active Directory. Wait for replication to complete and then check to make sure the computer account is a member of the "Exchange Domain Servers" security group.
For more information, click http://www.microsoft.com/contentredirect.asp.
Apparently the Microsoft Exchange System Attendant service failed to start. This service is the most important service used by Exchange Server.
Because this service perform the important task, such as DS Lookup and other important task. If this service failed to start at least 3 other services will failed to start
Here the Description for Microsoft Exchange System Attendant service:
Provides monitoring, maintenance, and Active Directory lookup services, for example, monitoring of services and connectors,defragmenting the Exchange store, and forwarding Active Directory lookups to a Global Catalog server.
If this service is stopped, monitoring, maintenance, and lookup services are unavailable.
If this service is disabled, any services that explicitly depend on it will fail to start.
After some search from eventid.net and Google, apparently the main cause of this event because two security that related to Exchange
(Exchange Enterprise Servers and Exchange Domain Servers) moved to other OU. Looks like MS hard coded the Exchange to search both Security Group at User container. After I move back both Exchange and Start the Microsoft Exchange System Attendant, the problem
solved.
Wednesday, October 24, 2007
Gutsy Gibbon and Thinkpad T61
A Week before the final release, I donwload the rc version , and installed to my T61.
The first problem that I got with Gutsy is I need to set the SATA configuration to compatibility mode, instead AHCI.This make Vista run very slow. I still use windows because my job.
Beside that the Wireless NIC unstable, some time I can not change to other network.
Other than thoese 2 problems, Gutsy run well on my T61 , I hope there are solution for the AHCI problem. I hope.
The first problem that I got with Gutsy is I need to set the SATA configuration to compatibility mode, instead AHCI.This make Vista run very slow. I still use windows because my job.
Beside that the Wireless NIC unstable, some time I can not change to other network.
Other than thoese 2 problems, Gutsy run well on my T61 , I hope there are solution for the AHCI problem. I hope.
Thursday, October 11, 2007
That's is I'm done with Vista
That's it I'm done with, that OS is the most useless OS that I ever use that is a CRAP , I'm gonna change to XP again and I'll install Linux to my notebook, I'm better use Linux to my notebook as primary OS rather than use Vista , to much use of resource, and the updates is a SHIT, at least at XP you will get notification when the OS gonna reboot your OS, and beside that the crap that called AERO use to much resource, and AERO less sophisticated than Compiz . I don't know what is on the MS Guys head when they design vista....... I'M DONE WITH VISTA.... argh...
Sunday, July 15, 2007
................................
For this past this few days, I ask to myself is the Jakarta live is fit for me... and the answer is no. For me live at Jakarta is suck traffic, the live style, everything that related to Jakarta is not fit very well with me. It's just to crowd, to hectic , and it's to money oriented. I want to move out from jakarta. I just want a simple, quite and happy live with my girl .And I think as long I still in jakarta I can't get all those dream ... hopefully i can get out from this city or maybe from this country. Who knows. :d
Tuesday, June 12, 2007
44.500 rupiah for half dozen Doughnuts !!!!!!!!!!!!! darn .........!!!
Yesterday , I bought half dozen Krispy Kreme Doughnuts for 44.500 rupiah... when I see the bill, i say to myself what the heck, how can this Doughnuts very expensive.... frack, last week I bought 1 dozen J-CO Doughnuts for 45.000 rupiah ...I can't stop asking to myself why KK is very expensive... because for my Indonesian tongue J-Co taste much...much.. better then KK... so I ask friend of mine who live at USA where KK came from, he told me that KK is doughnuts for granny, and also KK sold at the corner of the street, buat here in jakarta KK sold at very...very...luxurious mall , and also KK is a exclusive food and very expensive also .... ah. why everything that came abroad always became a very exclusive thing here ... damn ...
Past 3 Weeks
For the past 3 weeks I'm involve on a project that completely new for me, another new challenge. My primary duty if to configure Watchguard Firebox x750e, I must configure that firewall so it can filter any malicious traffic and also as VPN gateway. When I first start this project I'm completly start from scratch because this is the first time I configure A Firebox. After read user guide, lot of FAQs , hopefully i can finish this one.... hopefully
Thursday, March 22, 2007
Because I using Putty to configure the Linux server at my office,
so I choose public-private key as authenticate method.
Here some step to configure your Linux environment so the key authentication method.
- First we must generate a public-private key pair using putty key generator, just click the Generator button,
so I choose public-private key as authenticate method.
Here some step to configure your Linux environment so the key authentication method.
- First we must generate a public-private key pair using putty key generator, just click the Generator button,
and move your mouse along the blank area. Make sure the key type is SSH-2 RSA, for security reason.
- After you finish you will see the following window, after that insert your passphrase key, and key comment. And copy paste your public key to notepad, and safe that with name "authorized_keys" , and also click the "Save Public Key" button and "Save private key" button to save yours private key and yours public key. The public key and private key must in the same folder, so It can work.
- After you safe then copy the "authorized_keys" file to .ssh directory at your home folder on linux folder, if the directory not exists the create a new one, you can use pscp to copy from your local folder to the remote folder. I assumed that pscp apps already on your path.
pscp "c:Documents and Settings\ronaldo.ronaldo\keya\uthorized_keys" ronaldo@shiro.office.loc:/home/ronaldo/.ssh
- After the file copied to your home directory at your linux server, the final step is to connect to your linux server using your newly generated key here the command that I use to connect to my Linux server :
- After you finish you will see the following window, after that insert your passphrase key, and key comment. And copy paste your public key to notepad, and safe that with name "authorized_keys" , and also click the "Save Public Key" button and "Save private key" button to save yours private key and yours public key. The public key and private key must in the same folder, so It can work.
- After you safe then copy the "authorized_keys" file to .ssh directory at your home folder on linux folder, if the directory not exists the create a new one, you can use pscp to copy from your local folder to the remote folder. I assumed that pscp apps already on your path.
pscp "c:Documents and Settings\ronaldo.ronaldo\keya\uthorized_keys" ronaldo@shiro.office.loc:/home/ronaldo/.ssh
- After the file copied to your home directory at your linux server, the final step is to connect to your linux server using your newly generated key here the command that I use to connect to my Linux server :
putty -i "c:Documents and Settings\ronaldo.ronaldo\key\my-privkey.ppk" shiro.office.loc -l ronaldo
Friday, March 09, 2007
Create User At Windows AD With HTA
This is a simple HTA application that used to add new user at windows domain, for detail about the domain structure can be seen at the picture, and for the file can be download from here. I'll explain later about this application.
N.U.M.B
For this few days .. I feel so numb.. I lost all my felling, all my feeling to survive as human being.. the only thing that keep me go so far is my girl . oh gosh what's wrong with... I'm so bored... It's not me that keep on going with this kind of routine, I'm bored. I'm want another live where I can get new challenges, where I can feel alive once again.. just wanna say AAAARRGHHHHHHHH.. I'm so bored...
Tuesday, February 20, 2007
Configure DHCP at Linux
I create a dhcp server with Linux I use CentOS 4.3 , I use Linux one because the dhcp under win 2003 not work , It always fail when try to get authorize from the Active directory at Holland.
To start we must check whether dhcpd installed at your linux machine.
- after you sure the dhcpd installed on your machine
- then run "cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf" , this command will copy the example configuration file and replace the configuration file, this is ok because the original file contain nothing. just few lines of comment.
- after that edit the dhcpd.conf file, here the example of my configuration file :
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.1.254; #default-gateway
option subnet-mask 255.255.255.0; #netmask
option domain-name "tng.loc"; # domain-name
option domain-name-servers 192.168.1.1, 192.168.1.2; # DNS servers
range 192.168.1.40 192.168.1.1.239; # IP range
default-lease-time 21600;
max-lease-time 43200;
# Host with fixed address , this is actually the dhcp server address
host lnxsrv {
hardware ethernet 00:A0:C9:71:BD:45;
fixed-address 192.168.1.150;
}
}
- after that start the dhcpd service "/sbin/service dhcpd start"
This dhcp server work with windows client all the computer here use windows xp
To start we must check whether dhcpd installed at your linux machine.
- after you sure the dhcpd installed on your machine
- then run "cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf" , this command will copy the example configuration file and replace the configuration file, this is ok because the original file contain nothing. just few lines of comment.
- after that edit the dhcpd.conf file, here the example of my configuration file :
ddns-update-style interim;
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.1.254; #default-gateway
option subnet-mask 255.255.255.0; #netmask
option domain-name "tng.loc"; # domain-name
option domain-name-servers 192.168.1.1, 192.168.1.2; # DNS servers
range 192.168.1.40 192.168.1.1.239; # IP range
default-lease-time 21600;
max-lease-time 43200;
# Host with fixed address , this is actually the dhcp server address
host lnxsrv {
hardware ethernet 00:A0:C9:71:BD:45;
fixed-address 192.168.1.150;
}
}
- after that start the dhcpd service "/sbin/service dhcpd start"
This dhcp server work with windows client all the computer here use windows xp
Saturday, February 03, 2007
Nature Strike Back.......
The last 2 days jakarta is more like venezia, this is cause by the great flood that came every 5 years, this flood cause by heavy rain for this past few days, but according to the weather guy this is only the beginning, because tomorrow heavy rain still going to happen at jakarta, also the ciliwung river blew up. But the major cause of this flood because people of jakarta never put respect to nature, every green area in jakarta always converted into mall, apartment, real estate, or skyscraper. For simple example kelapa gading , it was a swamp before converted into real estate, mall, and apartment. Also the habit of jakarta citizen that always littering on everywhere especially on the river... now it's time to change our behavior. because if we keep threat nature like this , the next flood will more worse that this .... so please Respect The Nature...
Friday, February 02, 2007
Euh............
Euh..what's wrong with me ... for this couple of days a person from my past always pop-up in my mind just like a spam, even that person appear in my dream...eee.. come on, that person even not remember me... hmmm... I think I need to refresh my mind, kind a dull this days... need to go outside jakarta.. aaaa....
Friday, January 26, 2007
Not My day .....
Today is not my day .... I lost my cellphone (Again)... My body feel not well.......my head ... argh ..... oh my god what's wrong with me today..........
Tuesday, January 16, 2007
Error open madpengion.org
Today I read an news at www.linux.com with title "Mobile Linux for the Mobile Fan" apparently that news is a link from madpenguin.org, when I try to open that link IE7 inform that there is an error.. So I try to use the "
Monday, January 15, 2007
telkomnyet speed
Darn... why internet connection at this country very...very...very.. slow , because no no mater the connection type whether ADSL, Dial-up it's all the same . If I use speedy(ADSL) then the connection not reliable, if using dial-up then the connection very....very.. slow like a turtle. This image taken when I update my anti virus.. you see the speed .. it's shameful.
Saturday, January 13, 2007
Friday, January 12, 2007
Should human race still exists on this planet ???
what human race do to this planet is nothing more than destruction, every day we can see the size of our rain forest reduce very...very fast, and the number of species also decreasing very fast, event some of the species already extinct. If the human race not do something about this in the end the species that will extinct is the human it self .. quite funny because the cause of human extinction is them self.
what human race do to this planet is nothing more than destruction, every day we can see the size of our rain forest reduce very...very fast, and the number of species also decreasing very fast, event some of the species already extinct. If the human race not do something about this in the end the species that will extinct is the human it self .. quite funny because the cause of human extinction is them self.
Subscribe to:
Posts (Atom)