More to come…the catalyst manual was getting a bit cumbersome.
STILL IN PROGRESS
First off let me just say to all of my faithful and excellent subscribers, sorry for taking so long to add new content. It is a busy life as you know and we still aren’t paying all the bills with this company. (close though ) Anyway, I have moved to a new job that keeps me busy but also has taught me a ton. So, I have renewed energy to publish. Hee goes!
Ok folks, here is my attempt at documenting my efforts in the past several months on a bunch of projects. The first and biggest project was to deploy exchange services for customers as well as making it secure, easy to access, and providing native functionality with Outlook (RPC) without using VPNs or special connections. I also am in the middle of an anti-spam filter solution using open source and some long hard hours figuring out how to deploy some promising software.
In order to accomplish this task you must attend to the following pieces:
1. Good working knowledge of Windows 2003 Server…especially IIS.
2. Good working knowledge of Exchange Server….for my purpose 2003.
3. Decent understanding of SSL and how certificates work in a Windows environment.
4. End User application configuration knowledge.
I will start this article by assuming a few things other than the above mentioned items.
a. A working installation of Windows 2003 Server SP2 or later.
b. A registered domain name
c. And, either a static IP address (public) or a working dynamicDNS account.
Ok, given these things I will now go into as much depth as I can about the process I followed using as much sequential skill as possible.
First things first:
Get your windows server and exchange server installed and working correctly. This is not easy and takes a bit of work there are many great tutorials and walk throughs at Microsoft and other sites that can help you if you run into trouble. The main thing to remember is the follow the Exchange installation steps closely making sure each step is done successfully. If you do that your Exchange installation will work.
Once you have Exchange installed run the Internet Mail Wizrd from the Exchange System Manager. If your server is setup correctly and DNS is working properly you should pass the test for Internet email. Once the wizard is finished you should now be able to send and receive emails from the outside world. Very cool. This is not anywhere near being done even though you are now sending mail successfully.
NOTE: There are some compatibility issues with Exchange 2003 and Server 2003 (thanks for keeping it clean Microsoft) so sometimes the Internet Mail Wizard, even though completed does not receive email from the outside world. Not to worry! Microsoft always keeps us on our toes and then throws out a service pack to pacify the masses. Check out the Service Pack 1 and Service Pack 2. Usually I just install SP2 and am done with it. However, I have found that, on occasion, it is helpful to install them both in sequence. Having said that, unless you have to get this done today in a hurry, install them both.
This should fix the receiving mail problem. The other resolution for this problem is to remove the SMTP virtual server connector under:
Administrative Groups>First Group>Servers>your server name>Protocols>SMTP. Delete the connector and run the Internet Mail Wizard again. (of course do this after you have installed the service packs…remember sequence!)
Getting Your Certificate Free and Effective (security)
Ok, if you are like me and don’t have money for anything extra you might enjoy getting into the big boy arena a little cheaper than usual. If so here is what I did that really worked well. (don’t listen to people who say that Microsoft, Apple, and others will not function correctly without a signed certificate from a ‘Microsoft Approved’ signer.)
Go to https://startssl.com and make a free account. Follow the website’s directions carefully and don’t take shortcuts. You must register and get the authentication certificate installed onto your local machine using FireFox web browser. Don’t try to do this in a different, custom, or unique way. DO WHAT THEY SAY. Trust me I did not follow directions well and wound up paying to have some certs revoked so I could start over. Once you pay for your mistakes with real cash you tend to stop making them or you don’t finish your project.
Make sure you backup your newly installed certificate somehwere safe and secure. Personally I would put it on a cheap old 256mb pendrive and put it in the top drawer of your desk and never move it unless you need it in the future to reauthenticate to startssl.com. I lost mine and it is a real bummer fixing it TRUST ME!
Now, a couple of tips about doing this:
1. Make sure that you match the certificate’s COMMON NAME with the host name of your Windows 2003 Server. This is extremely important because the certificate will throw a signing error in Internet Explorer for all of your users if you don’t have a good clean match. To me, I would use a self signed certificate if IE wouldn’t put up such a fuss. I find it distracts users and also does not work properly all of the time. So just to be clear using an example from one of my servers:
during the signing request the system asked for Common Name. The W2k03 server name was Mailserver. So I entered Mailserver for the common name. Actually, the rest of the signing request process doesn’t matter much. It is important to make a 2048 signing request for enhanced security; and startssl wants it this way. Once you are done with the request you copy the code from the generated .csr file and past it into the text field on the startssl website. Generation of the actual certificate is automated but it takes a little while. (i usually wait an hour then check it) In the Control Panel go to Retrieve Certificates and you will see your new certificate waiting for you. Get the code by copying it and go to your windows server IIS mmc and install the code into the pending request wizard. (step by step certificate installation) Once your certificate is installed you can test it by opening up port 443 on your firewall, ensuring that the default web site in IIS is set to use port 443 and the new certificate. Use your web browser (preferably IE since it is the most susceptible to SSL errors) and manually enter: https://yourdomainname.your extension. You should get a white address bar and no certificate warnings or errors. If you do get errors don’t worry. Make sure you cn hit your web server from a browser that is strickly outside your network. If you are sure that the errors persist from an outside hit then you need to redo the certificate making sure the common name and the server name match. Also, read up on startssl website about making accurate certificates.
If all is working as expected then you are well on your way to having secure emails with full exchange features.
Testing OWA and Preparations for RPC over HTTP
Now that your certificate works you can also test OWA. If you do not have a separate web server and plan to use IIS then you can simply type into a web browser http://yourdomainname.extension/exchange This will bring up and authentication windows asking for username and password. If you see this be HAPPY!
Hi all. I just was wondering if someone could point me in the right direction for making security groups in Windows Server 2003. Haven’t got that cert yet! I know how to put in the object and all but how do you propigate the type of permissions you want to all other objects? I know you can become members of built-in groups to effect change but I want to know how to create my own custom permissions without using built-in groups to lean on. Thanks.
Hi there. I have been hosting web stuff for about 2 years and was wanting to get into Virtual Private Server but was not sure which way to go. As is the case for most people, I was hoping to find an open source solution to avoid the cost. I am a small business and want to provide good service without charging too much. So I explored OpenVZ, a great container based virtualization platform. It installs great on CentOS, which has the largest community support I found, and runs pretty quickly without having to have a tremendous amount of resources. If you can get the kernel to boot up right through the grub you are good to go. The main draw back, however, was that OpenVZ did not always funtion correctly, networking was difficult, and all the configuration was CLI. (except for a lightweight app call webvz which works ok but was extremely hard to install based on its very picky specific requirements for Ruby on Rails v. 2.1.0)
So, back to the drawing board I decided to explore other ideas. I still haven’t found a good way to virtualize Blueonyx, a server appliance that I love(check out links), but have found the best open source virtualization platform that runs great and has a much larger range of options including OpenVZ and KVM!
Proxmox VE: This has got to be, by far, the best solution I have found. I am not even running it on a 64 bit machine as of yet and it still runs container based virtualization quite well and efficiently. Getting the 64 bit option is coming soon so I can do KVM. Proxmox is the way to go. You can download it at: http://www.proxmox.com/downloads/proxmox-ve/iso-images/88-proxmox-ve-1 and start to play with it. The installation is easy self guiding and requires little technical expertise. If you are looking to virtualize, try Proxmox and have a great time!
Installing all the components of a L(linux kernel), A(Apache web server), M(mysql server), and P(php scripting) on a Ubuntu Server (almost any build infact) is pretty simple. I continue to post these simple How To;s because I know what it was like when I first started using Linux and more specifically Ubuntu which is different then say CentOS (which uses yum – yellow dog update) or Red Hat (which uses an RPM system for updates).
To install LAMP on a standard Ubuntu build do the following:
1. Open a terminal window and login as Root.
2. At the command prompt type in (or copy and paste)
root@localhost:~#apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server
3. When prompted enter your root password for the mysql server. It will ask you to confirm it so don’t get enter happy.
4. Thats It! You should be good to go.
Please comment if you have any questions or problems.
Just as aside – if you are installing something like wordpress or one of the open source e-commerce packages on your server you will probably need to install GD extension as well so at the command prompt enter this:
apt-get install php5-gd
Make sure you restart apache when you are finished.
Hope that helps!
We just added our online PayPal payment system for our clients. The system is fully functioning and works great! This should make it easier to make recurring payments without making special arrangements. Thanks everyone.
To install webmin on any Ubuntu Server follow these simple steps:
Open a terminal window and get root priviledge by typing su or using sudo. I have root access enabled on my servers so I don’t have to add the sudo at the beginning of each line.
1. wget http://code.google.com/p/kembangcybernet/downloads/detail?name=webmin-1.530.tar.gz&can=2&q=/webmin-1.530.tar.gz
2. tar xvf webmin-1.530.tar.gz
3. cd webmin-1.530
4. sh setup.sh
5. Follow terminal instructions. Going with defaults is fine except I would suggest changing the port from 10000 to something a little more unique and I would also change ‘admin’ to a more unique name as well.
5. When it is finished, and you miss the simle login instructions, go to:
http://yourhostname and/or IP address:port number(default 10000) Type in username and password.
6. You should probably update Webmin first once you are logged in. The update appears at the bottome of the initial system information screen. Enjoy!