Malinda Rathnayake - multicastbits.com

Hacking WatchGuard Firebox to Run pfsense- nanoBSD

Posted on August 28, 2013November 26, 2018 by Malinda RathnayakeLeave a Comment

Hi Internetz, its been a while…

So we had an old Firebox X700 laying around in office gathering dust. I saw this forum post about running m0nowall on this device. since pfsense is based on m0nowall, I googled around to find a way to install pfsense on the device and found several threads on pfsense forums.
It took me a little while to comb through thousands of posts to find a proper way to go about this. And some more time was spent on troubleshooting the issues I faced during the installation and configuration. So I’m putting everything I found on this post, to save you the time spent googling around. This should work for all the other firebox models as well.

What you need :

Hardware

Firebox
Female to Female Serial Cable – link
4GB CF Card (We can use 1Gb, 2Gb but personally I would recommend at-least 4GB)
CF Card Reader

Software

pfsense NanoBSD
physdiskwrite – Download
TeraTerm Pro Web – Enhanced Telnet/SSH2 Client – Download

The firebox X700

This is basically a small X86 PC. we have a Intel Celeron CPU running at @1.2Ghz with 512MB Ram. The system boots using a CF card with watchguard firmware
The custom Intel motherboard used in the device does not include a VGA or a DVI port. we have to use the serial port for all the communications with the device

There are several methods to run pfsense on this device.

HDD

Install PF sense on a PC and Plug the HDD to the firebox.

This requires a bit more of a effort cause we need to change the boot order on bios. and its kinda hard to find IDE laptop HDD’s these days

CF card

This is very straight forward Method. We are basically swapping out the CF card already installed on the device and booting pfsense from it.

In this tutorial we are using the CF card method

Installing PFsense

Download the relevant pfsense image

Since we are using a CF card we need to use the PFsense version built to work on embedded devices.

NanoBSD version is built specially to be used with CFcards or any other storage media’s that have limited read write life cycle

Since we are using a 4GB CF card, we are going to use the 4G image

Flashing the nanoBSD image to the CF card

Extract the physdiskwrite program and run the PhysGUI.exe
This software is written in German i think but operating it is not that hard

Select the CF card from the list.

Note : if you are not sure about the disk device ID. use diskpart and determine the disk ID

Load the ISO file
Right click on the Disk “Image laden > offnen”

select the ISO file from the “open file” window
program will prompt you with the following dialog box

Select the remove 2GB restriction and click “OK”
It will warn you about the disk being formatted (I think), click yes to start the disk flashing process. a CMD window will open and show you the progress

Installing the CF card on the Firebox

Once the flashing process is completed, open up the Firebox and Remove the drive cage to gain access to the installed CF Card

Remove the protective glue and replace the card with the new CF card flashed with pfsense image.

Booting up and configuring PFsense

since Firebox does not have any way to connect to a display or any peripheral ports. We need to use a serial connection for communicating with the device

Install “teraTerm pro web” program we downloaded earlier.

I tried using putty and many other telnet clients didn’t work properly

Open up the terminal window

Connect the firebox to the PC using the serial cable, and power it up

Select “Serial” and select the com port the device is connected to and click OK(You can check this in device manager)

Many other tutorials says to change the baud rates. but defaults worked just fine for me

Since we already flashed the PFsense image to the CF card we do not need to install the OS

By now on the terminal window you should be having the PF sense configuration details. just as with a normal fresh install.

It will ask you to setup VLan

Assign the WAN, LAN, OPT1 interfaces.

ON X700 interface names are as follows

Please refer to pfsense Docs for more info on setting up

http://doc.pfsense.org/index.php/Tutorials#Advanced_Tutorials

After the initial config is completed. you do not need the console cable and Tera Term
you will be able to access the PFsense via the web-interface and good ol SSH via the LAN IP

Addtional configuration

Enabling the LCD panel

All firebox units have a LCD panel in front
We can use the pfsense LCDproc-dev package to enable and display various information

Install the LCDproc-dev Package via the package Manager

Go to Services > LCDProc

Set the settings as follows

Hope this article helped you guys.Dont forget to leave a comment with your thoughts

Sources –

http://forum.pfsense.org/index.php?board=5.0

Recover Exchange Mail store Using Database portability feature in Exchange 2010

Posted on May 28, 2012November 26, 2018 by Malinda RathnayakeLeave a Comment

“Mail server crashed” worst nightmare for a System admin. Followed by tight Dead lines, incident reports, load of complains you have to listen to, Its a full fledged disaster.
In this scenario its a medium size business with with just one single Server running AD and Exchange 2010(not ideal i know) which was upgraded from SBS 2003

AD and DNS failed after de-commissioning the old SBS server.

Recovering from full server backup was not an option and we had the Databases on a separate drive.

Important things to keep in mind when recovering DB’s on a different AD domain

Organization name and the Exchange Administrative Group should be the same in order for the Portability feature to work
Database must be in a clean shutdown state
After mounting the old DB’s always move the mail boxes to new database’s
Exchange 2010 Slandered only supports up to 5 Databases.

there are few method’s to recover DB’s on exchange 2010, This is the method we used.

Check List before proceeding further

Once you have

Restored the Old Databases from backup to a different location on the server
installed the AD (with the same domain name) and the Exchange with the same Administrative Group as the earlier

Preparing the Databases

Checking the statues of the database file

in order for the Database portability feature to work. we need the DB’s in clean shutdown state. To check the Database State we are gonna be using the Exchange Server Database Utility’s file dump mode

Note : if you are restoring from a windows Backup the Database should already be in a Clean shut down state as the exchange VSS backup re-plays the log files before backing up the DB

More Detail on eseutil /MH – link

Launch command prompt and type

eseutil /MH “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Check the output you get and check if the DB is in a Dirty shutdown or a clean shutdown state

If the DB file is in Dirty shutdown state

In this case we did not have any recent backups and we were not able to soft recover the DB since this is a new DC. so we had to do a hard recovery using this command.

eseutil /P “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Click ok on the prompt to continue

Note : using the Hard recovery will result in loss of information depending on the amount of log files you have for that Database

After the Hard recovery to fully rebuild indexes and defragment the database

eseutil /D “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Mounting the Database using the Portability feature.

Create a new Database

Create a new Database for example we will create one named – recoveryDB1

Go to properties of the new DB > Maintenance Tab > Select the option “This Database can be overwritten by a restore”

Apply the Changes and dismount the Database

Replace the new Database file with the Repaired Database

Firstly go to the folder where the new DB file(recoveryDB1.edb) is located and Rename or delete it

Delete the log files / Catalog files

———————————————————————————————————————–

Rename the Recovered Database

Go to the Folder where the Database we repaired before is located and Rename it to “recoveryDB1”

————————————————————————————————————————–

Replace the newly created Database

Copy the Repaired DB file and replace the new Database file recoveryDB1.edb

Remember the Log files should be deleted or moved before you mount this DB.

Mount the “recoveryDB1” Database From EMC

now the mailStore should be mounted with out an issue

Errors you might run in to
In case you do get errors when mounting the DB such as

Operation terminated with error -1216 (JET_errAttachedDatabaseMismatch, An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info) after 11.625 seconds.

you are getting this error because The DB is in dirty shutdown state, refer to the Preparing the Database Section above to fix the issue by performing a Hard Recovery

unable to mount error ‘s

The new Database Log files are still present, Delete them or move them.

Now you can go ahead and Attach the Mailboxes to the corresponding user accounts.

Word of advice

It will be wise to not to keep this recovered Mail Store in production for long. you will run in to various issues as the Mails start to flow in and out

Create new Mail stores’s and Move the mail boxes to avoid future problems.

Some mailboxes might be corrupted. in that case

Easiest way is to use the

“New-MailboxRepairRequest” cmdlet

Refer to this tech-net article for more info – link

Export it to a PST
Attach the user to a fresh mailbox
Sync back the Data you need through outlook

Create local administrator account using Group pol…

Posted on November 18, 2011November 26, 2018 by Malinda RathnayakeLeave a Comment

Domain Trust relationship failures, it may be a virus making it impossible to login using domain credentials..you are bound to run in to scenario’s like this while managing a AD environment.you will have to login to a local administrator account on the client pc and re join the domain or do what ever the necessary troubleshooting procedures. in some cases you don’t have local admin passwords on some pc’s. so this will be a life saver cause i my self had the unfortunate incident where i had to guide a user to reset the local admin password of a pc over the phone using hiren bootcd.

its very simple actually. use this VB script file, modify it accordingly and add it as a computer start up script via Group policy.

this script first queary for the user name you have specified in the script on the local pc, if it doesn’t exist it will create it as an member of the local administrator group. if the user name already exist it will change the password to the one specified.

‘—————————————————————————————————————
‘this section creates the new user called localsupport if it doesn’t existDim AdminPassword
AdminPassword = “password“

QueryForUser(“user_name“)

                Set objNetwork = CreateObject(“Wscript.Network”)
                strComputer = objNetwork.ComputerName
                Set objComputer = GetObject(“WinNT://” &strComputer)

                Set colAccounts = GetObject(“WinNT://” & strComputer & “”)
                Set objUser = colAccounts.Create(“user”, “localsupport”)
                objUser.SetPassword AdminPassword
                objUser.Put “UserFlags”, 65600 ‘
                objUser.SetInfo

‘add to administrators group
                Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)
                Set objUser = GetObject(“WinNT://” & strComputer & “/localsupport,user”)
                objGroup.Add(objUser.ADsPath)

‘msgbox “user was created”

‘this section just changes the password if the user exists

Sub QueryForUser(strlocalsupport)
    Set objlocal = GetObject(“WinNT://.”)
    objlocal.Filter = Array(“user”)
    For Each User In objlocal
        If lcase(User.Name) = lcase(strlocalsupport) Then

                strComputer = “.”
                Set objUser = GetObject(“WinNT://” & strComputer & “/localsupport, user”)
                objUser.SetPassword AdminPassword
                objUser.SetInfo

            ‘msgbox User.Name & ” already exists.” & vbCrLf & “The password was re-set.”
            WScript.Quit
        End If
    Next
End Sub

————————————————————————————————————–

to change the password modify the password within the quotes (marked in red), in the following code section. this also allows you to easily change the password in case you have to give the password to a end user.

Dim AdminPassword
AdminPassword = “password“

QueryForUser(“user_name“)

hope this helps someone, cause this saved my ass so many time. 😛

Managing calendar permissions in Exchange Server 2010

Posted on November 2, 2011 by Malinda RathnayakeLeave a Comment

Admin may get asked to set and add / Edit permissions for shared Calendars.
these Sharing options are not available in EMC, so we have to use exchange power shell on the server to manipulate them.

View existing Calendar permissions

Get-MailboxFolderPermission -identity "Networking Calendar:Calendar"

There are 4 MailboxFolderPermission cmdlets in Exchange Server 2010:

• Add-MailboxFolderPermission

• Get-MailboxFolderPermission

• Remove-MailboxFolderPermission

• Set-MailboxFolderPermission

Each cmdlet have different syntax, follow the links for more information..

In this scenario we need to set following permissions to the Calendar Resource named “Networking Calendar.

user – “Nyckie” – full permissions

all users – permissions to add events without the delete permission

To assign calendar permissions to new users “Add-MailboxFolderPermission”

Add-MailboxFolderPermission -Identity "Networking Calendar:Calendar" -User [email protected] -AccessRights Owner

To Change existing calendar permissions “set-MailboxFolderPermission”

set-MailboxFolderPermission -Identity "Networking Calendar:Calendar" -User default -AccessRights NonEditingAuthor

This assigns the owner righs to the user “nyckig” for the calendar of the “Networking Calendar” resource.and sets NonEditingAuthor permissions as the default permission for the calendar for all other users

__________________________________________

Here are the other permission levels you can assign:-

None – FolderVisible

Owner – CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingEditor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

Editor – CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingAuthor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

Author – CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems NonEditingAuthor – CreateItems, ReadItems, FolderVisible

Reviewer – ReadItems, FolderVisible

Contributor – CreateItems, FolderVisible

The following roles apply specifically to calendar folders:

AvailabilityOnly – View only availability data

LimitedDetails – View availability data with subject and location

source –

technet.microsoft.com

http://blog.powershell.no/2010/09/20/managing-calendar-permissions-in-exchange-server-2010/

Deploying User Cutomizations & Office suit setting for M$ Office via Group Policy

Posted on September 9, 2011 by Malinda RathnayakeLeave a Comment

Hello internetzzz

As an Administrator, you might run in to situations that requires you to Deploy UI customizations such as customized Ribbon, Quick toolbars, etc for Office applications on user Computers, or in my case Terminal servers.

here is a quick and dirty guide on how to do this via group policy.

For instance, lets say we have to deploy a button to initiate a 3rd party productivity program with in outlook and MS word.

First off, make the necessary changes to outlook or word on a Client pc running MS office.

To customize the Ribbon

On the File tab, click Options, and then click Customize Ribbon to open the Ribbon customization dialog.

To customize the Quick Access Toolbar

On the File tab, click Options, and then click Quick Access Toolbar to open the Quick Access Toolbar customization dialog.

You can also export your Ribbon and Quick Access Toolbar customizations into a file.

when we make changes to the default Ribbon these user customizations are saved in as .officeUI Files

%localappdata%MicrosoftOffice

The file names will differ according to the office program and the portion of the Ribbon UI you customized.

Application	Description Of .Ribbon File	.officeUI File Name
Outlook 2010	Outlook Explorer	olkexplorer.officeUI
Outlook 2010	Contact	olkaddritem.officeUI
Outlook 2010	Appointment/Meeting (organizer on compose, organizer after compose, attendee)	olkapptitem.officeUI
Outlook 2010	Contact Group (formerly known as Distribution List)	olkdlstitem.officeUI
Outlook 2010	Journal Item	olklogitem.officeUI
Outlook 2010	Mail Compose	olkmailitem.officeUI
Outlook 2010	Mail Read	olkmailread.officeUI
Outlook 2010	Multimedia Message Compose	olkmmsedit.officeUI
Outlook 2010	Multimedia Message Read	olkmmsread.officeUI
Outlook 2010	Received Meeting Request	olkmreqread.officeUI
Outlook 2010	Forward Meeting Request	olkmreqsend.officeUI
Outlook 2010	Post Item Compose	olkpostitem.officeUI
Outlook 2010	Post Item Read	olkpostread.officeUI
Outlook 2010	NDR	olkreportitem.officeUI
Outlook 2010	Send Again Item	olkresenditem.officeUI
Outlook 2010	Counter Response to a Meeting Request	olkrespcounter.officeUI
Outlook 2010	Received Meeting Response	olkresponseread.officeUI
Outlook 2010	Edit Meeting Response	olkresponsesend.officeUI
Outlook 2010	RSS Item	olkrssitem.officeUI
Outlook 2010	Sharing Item Compose	olkshareitem.officeUI
Outlook 2010	Sharing Item Read	olkshareread.officeUI
Outlook 2010	Text Message Compose	olksmsedit.officeUI
Outlook 2010	Text Message Read	olksmsread.officeUI
Outlook 2010	Task Item (Task/Task Request, etc.)	olktaskitem.officeUI
Access 2010	Access Ribbon	Access.officeUI
Excel 2010	Excel Ribbon	Excel.officeUI
InfoPath 2010	InfoPath Designer Ribbon	IPDesigner.officeUI
InfoPath 2010	InfoPath Editor Ribbon	IPEditor.officeUI
OneNote 2010	OneNote Ribbon	OneNote.officeUI
PowerPoint	PowerPoint Ribbon	PowerPoint.officeUI
Project 2010	Project Ribbon	MSProject.officeUI
Publisher 2010	Publisher Ribbon	Publisher.officeUI
*SharePoint 2010	SharePoint Workspaces Ribbon	GrooveLB.officeUI
*SharePoint 2010	SharePoint Workspaces Ribbon	GrooveWE.officeUI
SharePoint Designer 2010	SharePoint Designer Ribbon	spdesign.officeUI
Visio 2010	Visio Ribbon	Visio.officeUI
Word 2010	Word Ribbon	Word.officeUI

You can use these files and push it via Group policy using a simple start up script..

@echo off setlocal set userdir=%localappdata%MicrosoftOffice set remotedir=\MyServerLogonFilespublicOfficeUI for %%r in (Word Excel PowerPoint) do if not exist %userdir%%%r.officeUI cp %remotedir%%%r.officeUI %userdir%%%r.officeUI endlocal

A basic script to copy .officeUI files from a network share into the user’s local AppData directory, if no .officeUI file currently exists there.
Can easily be modified to use the roaming AppData directory (replace %localappdata% with %appdata%) or to include additional ribbon customizations.

Managing Office suit setting via Group Policy

Download and import the ADM templates to the Group policy object editor.
This will allow you to manage settings Security, UI related options, Trust center, etc.. on office 2010 using GPO

Download Office 2010 Administrative Template files (ADM, ADMX/ADML)

hopefully, this will be help full to someone..
until next time cháo

Crucial M4 SSD New Firmware and how to Flash using a USB thumb drive !!Update!!

Posted on August 31, 2011 by Malinda RathnayakeLeave a Comment

well i think the Title pretty much speak for it self..but any how…Crucial released a new Firmware for the M4 SSD’s and apparently its suppose to make the drive 20% faster…i updated mine no issues. and i didn’t brick it so its all good here hehee..

I looked up some Benches from reviews from the time of release and compared them with the benchmarks i did after the FW update, i do get around 20% more increase just like they SAY !!!
.
Crucial’s Official Release Notes:

“Release Date: 08/25/2011

Change Log:

   Changes made in version 0002 (m4 can be updated to revision 0009 directly from either revision 0001 or 0002)
   Improved throughput performance.
   Increase in PCMark Vantage benchmark score, resulting in improved user experience in most operating systems.
   Improved write latency for better performance under heavy write workloads.
   Faster boot up times.
   Improved compatibility with latest chipsets.
   Compensation for SATA speed negotiation issues between some SATA-II chipsets and the SATA-III device.
   Improvement for intermittent failures in cold boot up related to some specific host systems.”

Firmware Download:http://www.crucial.com/eu/support/firmware.aspx?AID=10273954&PID=4176827&SID=1iv16ri5z4e7x

to install this via a pen drive with out wasting a blank cd..I know they are like really really cheap but think!!!! how many of you have blank cds or DVDs with you now a days ???

to do this we are gonna use a niffty lil program called UNetbootin
ofcourse you can use this to boot any linux distro from a pen drive.its very easy actually, if you need help go check out the guides on the UNetbootin website

so here we go then…

* First off Download – http://unetbootin.sourceforge.net/

* Run the program
* Select DiskImage Radio button (as shown on the image)
* browse and select the iso file you downloaded from crucial
* Type – USB Drive
* select the Drive letter of your Pendrive
* Click OK!!!

reboot

*Go to bios and put your SSD in to IDE (compatibility) mode ** this is important
*Boot from your Pen drive
*Follow the instructions on screen to update

and Voila

****remember to set your SATA controller to AHCI again in Bios / EFI ****

Update***

SATA 3 Benchmark.

SATA 2 Benchmark

Well i messed around with some Benchmark programs here are the results