Microsoft Security Advisory: Vulnerability in SSL/TLS could allow information disclosure

September 30, 2011

“Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols...

Exchange 2010 SP1 ExFolders

September 29, 2011

“Exchange 2010 SP1 ExFolders” – “This new tool is really just a port of PFDAVAdmin to Exchange 2010. We changed the name to ExFolders because it no longer relies on DAV, and it's not just for public folders (even PFDAVAdmin, in its public release, was not just for public folders). The name just didn't make sense anymore, so we changed it to the easier-to-pronounce ExFolders. “. The toll can be downloaded from the following link.
no comments

How to install ADMT 3.2 on Windows 2008 R2 SP1 Domain Controller

The following post will cover the installation process of Microsoft ADMT 3.2 on Windows 2008 R2 SP1 Domain Controller. Please note: Microsoft recommended to install the ADMT 3.2  tool a non domain controller computer. Using ADMT 3.2  on Domain Controller may reduce the security level of all the Domain Controller in the organization. The installation process in divided to four sections: 1. SQL 2008 Express installation. 2. ADMT 3.2 installation. 3. ADMT 3.2 Configuration. 4. Enable Password Migration. Note: In the past ADMT tool used Access database to save the migration configurations and data. ADMT 3.2 require to use...

The advantages and disadvantages of using self-signed certificates

September 23, 2011

The following post will cover the advantages and disadvantages of using self-signed certificates. Self-signed certificates usually created automatically during installations of server side applications (e.g. Exchange 2010, SCOM 2007 R2 etc.). By using self-signed certificates, no PKI (Public Key Infrastructure) is needed to be deployed before/after deployment of server side applications. However, using self-signed certificates has it advantages and disadvantages. Advantages 1. No PKI (Public Key Infrastructure) is needed. 2. Automatic deployment (Usually Self-signed certificates created automatic during the installation process of the server side applications). Disadvantages 1. The certificates aren't trusted...
101 comments

Common methods to provides a high availability solution by using TMG 2010

September 22, 2011

The following post describes the common methods to provides a high availability solution by using TMG 2010. Note: This post doesn’t cover Internet service provider high availability solutions.   Option 1: Using TMG 2010 Enterprise and Load Balance Mechanism Pre-Prerequisites: 1. At least two TMG 2010 Enterprise Servers. Source: About the Forefront TMG Editions 2. The TMG 2010 Servers should be setup to use Windows NLB or Hardware load balancer (The load balancer should support IP affinity). Note1: Without using some load balance mechanism no automatic failover / load balance would...
12 comments

Opening Lync 2010 client may produce the following error: "Please wait while windows configures Microsoft Lync 2010"

September 21, 2011

Symptoms: 1. Opening Lync 2010 client may produce the following error: "Please wait while windows configures Microsoft Lync 2010". 2. MSI Installer errors may appear in the System Event Log:         Resolution: Workaround: Create a new folder named: “OCSetupDir” in the %SystemDrive% (Usually “C” drive). Also, its recommended to review Microsoft release notes for new updates/service pack for Lync 2010 client. Please note that changing the registry key value: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C7376A18AE70EB645A6EA7E5F5CE44F9” -> “CBF94811614C24742897713C2A8CF527” manually may not resolve this issue. ...
one comment

How to resolve Exchange 2010 error message: The Certificate Status could not be determined because the revocation check failed

September 20, 2011

The following error/s may appear in the Exchange 2010 Management Console: “Exchange 2010 Certificate Revocation Checks and Proxy Settings” or “The Certificate Status could not be determined because the revocation check failed” Cause: 1. You may use a Proxy server that block access to the CRL. 2. The CRL isn't available. How to Debug this issue: Obtain any (current) certificate from the Certificate Authority and run the following command: “certutil –verify –urlfetch C:\CertificateName.cer >Log.txt” Usually you may find out issues like errors messages on expired CRL or Offline CA. Resolutions: 1. Review Proxy settings by using “netsh winhttp show...

Useful SQL System Stored Procedure

September 16, 2011

1. Finding SQL Server Version: Select @@version; or EXEC master..sp_MSgetversion 2. Finding SQL Databases names and size: Use master; EXEC sp_helpdb; 3. Finding the physical location of the SQL databases and logs: SELECT name, physical_name AS current_file_location FROM sys.master_files 4. Finding list of tables and views in SQL database: Use master; EXEC sp_tables; 5. Finding which user/s is/are currently logging to the SQL server: EXEC sp_who; 6. Move to Advanced Configurations Mode: USE master; EXEC sp_configure 'show advanced...
tags: ,
no comments

How to troubleshot slow logon or slow startup

September 14, 2011

Mr. Ingolfur Arnar Stangeland (Microsoft) write a few excellent posts on the recommended strategy to resolve  slow logon or slow startup. Due the fact that most of the IT staff would need to handle this issue from time to time, I attached a link to the official posts: Troubleshooting the intermittent slow logon or slow startup Time travel and factors that increase client startup or login time