Active Directory user account lockout alert using SMS & email

Windows Active directory user account lockout Source information

Windows Server version: windows 2003, windows 2008, windows server 2012

By using this tool, we can gather and displays information about the specified user account including the domain admin's account from all the domain controllers in the domain. In addition, the tool displays the user's badPwdCount value on each domain controller. The domain controllers that have a badPwdCount value that reflects the bad password threshold setting for the domain are the domain controllers that are involved in the lockout. These domain controllers always include the PDC emulator operations master.

Features:

• ·         Automatic SMS notification  of lockout source to end user during lockout time
• ·         Reduce no of helpdesk call regarding account lockout issue
• ·         Web base reporting interface for IT Support team to view account lockout source.
• ·         Tips for how to unlock account will help to end user to unlock by themselves.
• ·         Account lockout event will be store in central location for analysis
• ·         Zero configuration at End  users side
• ·         Improve end user satisfaction & increase user productivity

 Please email us.

Add a entry to startup using vbscript

Set objFSO = CreateObject("Scripting.FileSystemObject")

If objFSO.FileExists("C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe") Then

  set WshShell = WScript.CreateObject("WScript.Shell" )
  strStartup = WshShell.SpecialFolders("AllUsersStartmenu" )
  set lnk = WshShell.CreateShortcut(strStartup & "\programs\startup\IPCommunicator.lnk" )
  lnk.TargetPath = "C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe"
  lnk.Arguments = ""
  lnk.Description = "IP Communicator"
  lnk.WindowStyle = "4"
  lnk.WorkingDirectory = "C:\Program Files\Cisco Systems\Cisco IP Communicator\"
  lnk.Save
  Set lnk = Nothing

ELSE

    If objFSO.FileExists("C:\Program Files (x86)\Cisco Systems\Cisco IP Communicator\communicatork9.exe") Then
set WshShell = WScript.CreateObject("WScript.Shell" )
  strStartup = WshShell.SpecialFolders("AllUsersStartmenu" )
  set lnk = WshShell.CreateShortcut(strStartup & "\programs\startup\IPCommunicator.lnk" )
  lnk.TargetPath = "C:\Program Files (x86)\Cisco Systems\Cisco IP Communicator\communicatork9.exe"
  lnk.Arguments = ""
  lnk.Description = "IP Communicator"
  lnk.WindowStyle = "4"
  lnk.WorkingDirectory = "C:\Program Files (x86)\Cisco Systems\Cisco IP Communicator\"
  lnk.Save
Set lnk = Nothing

END IF

END IF

Unable to initialize support for Cisco Emergency Responder ..

Unable to initialize support for Cisco Emergency Responder ..

Solutions:

Upon startup of the newer Cisco IP Communicator clients (especially on Windows Vista/7), sometimes you’ll get an error: Unable to initialize support for Cisco Emergency Responder service

Workaround

To prevent this message on start-up, you’ll need to do this simple workaround.

1) On your Windows Vista/7 machine, click start and type ‘regedit’

2) When regedit.exe appears at the top of the list, right-click on it and run it as an Administrator

3) Then in the registry, go to:

       Windows 7 64-bit  >

            HKEY_Local_Machine\Software\Wow6432Node\Cisco Systems, Inc.\Communicator

       Windows 8 32-bit  >

            HKEY_Local_Machine\Software\Cisco Systems, Inc.\Communicator

4) Create a new DWORD key called ‘EnableCDP’ (no spaces) and give it the value of 0 (zero)

Close and re-open your IP Communicator software and the error will go away.

Lotus Sametime Bandwidth Calculation and Requirements

Lotus Sametime Bandwidth Calculation and Requirements

Audio Codecs

Most audio codecs operate with fixed bitrate as shown in table 1 below with the exception of Sametime iSAC, which operates at transmission rates from about 10 kbps to about 32 kbps (see http://tools.ietf.org/html/draft-legrand-rtp-isac-02 for more detail)

Table 1: Sametime audio codecs, bitrates and sampling rates

Codec Name	Bitrate (kbps)	Sampling Rate (kHz)
G.722.1	16/24/32	16
G.729 (only used in SUT)	8	8
G.711	64	8
iLBC	13.33/15.2	8
iSAC	10 to 32	16

Version:1.0 StartHTML:0000000167 EndHTML:0000002203 StartFragment:0000000694 EndFragment:0000002187

Sametime uses audio channels differently in point-to-point calls vs multi-point calls. In a point-to-point call, as illustrated in Figure 1, audio data is sent directly between the 2 endpoints in the call. There is 1 sending and 1 receiving audio channel, so the transmission rate is the bitrate of the audio codec.

Figure 1: Point-to-point call, audio data is exchanged directly between 2 endpoints

Typically a 20% packet overhead is added to the data rate to calculate the required network bandwidth.

Version:1.0 StartHTML:0000000167 EndHTML:0000019538 StartFragment:0000000909 EndFragment:0000019522

(1)    Bandwidth B^a = (codec bitrate * 20%) + codec bitrate

In a multi-point call, audio data is sent from the participating endpoints to the Media Manager, which relays the audio channels (each participant is a channel) back to the participants based on the administrative setting of the configuration property Number of switched audio streams (2-16) on SSC. The default value is 5; that means, the Media Manager sends a maximum of 5 audio channels to each participant, even if more than 5 participants shouting in the call. The Sametime client mixes the audio channels locally and plays out the audio.

The Media Manager trades off network bandwidth for CPU usage: It can handle more participants without processing audio on the server and let each client mix the audio channels locally to play back. This tradeoff is considered as practical norm: In usage, especially in large meetings, most participants would be on mute except the presenter. So there would be only 1 audio channel to process.

One issue that worth mentioning is that, even when the participant is not speaking, the microphone may be noisy or bad sound card that could send audio data to the Media Manager and would consume bandwidth. Therefore it is strongly recommended to use a good headset with noise canceling circuitry or be on mute when not speaking.

As depicted in Figure 2, U1, U2, and U4 are on mute, so their endpoints are not sending audio data to the Media Manager. U3 is speaking, so U3's audio data is sent to the Media Manager, who relays to all other participants.

Figure 2: Multi-point call, Media Manager relays audio channels to participants

Therefore, the network bandwidth for an audio-only multi-point call in the worst case is

(2) MB^a = 5 * B^a * (Number of participants – 1), where B^a is defined in (1).

Note that (2) is using the worst case rather than the average to ensure abundant bandwidth for audio data sending from the server. If the administrator changes the maximum audio channels on SSC, the formula in (2) should be modified accordingly.

Video Codecs

Video codecs bandwidth is very different than audio codecs due to many factors influencing the encoding of the data. H.264 has many different profiles or capabilities; Sametime supports the Baseline Profile or Constrained Baseline Profile, which is typically used in video conferencing and mobile applications.

The video encoder operates within a range of minimum and maximum bitrate to encode the data based on the activity in front of the camera and the feedback from the far side. In Sametime, the maximum bitrate is set by the administrator as part of the user policy. Some group of users may have different video policy than others. The video policy includes the resolution, maximum framerate and maximum bitrate as shown in Figure 3.

Figure 3: Video specification in user policy on SSC

The video policy dictates the constraints that a Sametime video endpoint must operate within. For example, the specification above indicates that the user, who is assigned this policy, can use video at CIF (352x288) resolution, maximum 15 frames per second, and at maximum 384kbps.

The administrator may also create a custom video policy rather than using 1 of the predefined ones. The custom policy may be necessary to support certain network conditions and inter-operate with external endpoint devices.

There are many predefined video policies available on SSC for selection; some typical ones are shown in Table 2.

Table 2: H.264 codec resolution definitions

Description	Size (WxH)	Frame Rate	Bit Rate Min/Start/Max
QCIF 176x144@15fps 128kbps	176x144	15	32/64/128
CIF 352x288@15fps 384kbps	352x288	15	128/256/384
VGA 640x480@30fps 512kbps	640x480	30	192/384/512
HD-720p 1280x720@30fps 768kbps	1280x720	30	256/512/768

Estimating the exact network bandwidth usage for video is not possible. The best approach would be to base on the maximum bitrate set on the policy. However, if there are different group policies for users within an organization, the calculation should consider the mean distribution of maximum bitrates over the user population.

The Media Manager treats video streams quite different from audio streams. For a point-to-point call, similar to audio, the video stream is sent directly between the 2 participating endpoints. However, in multi-point calls, Media Manager uses Voice Activated Switching method to disseminate the video streams. That means at any given point, only the video stream of the most active speaking user is sent to all participants. For efficiency, the Media Manager notifies the other client endpoints not to send their video streams to the server. When the user is on mute or the user selects Pause My Video from the UI, no video will be transmitted to the server.

Therefore, network bandwidth required for point-to-point video is

(3) B^v = (video policy max bitrate * 20%) + video policy max bitrate

and multipoint video is

(4) MB^v = B^v * (Number of participants), where B^v is defined in (3)

Bandwidth Management

Due to the estimated concurrent call rate that might not stand up with reality or known limitation of bandwidth availability, audio and video data rate should be moderated to protect the network for other business critical applications and to provide enough bandwidth for acceptable voice and visual quality.

Sametime uses SIP to negotiate media session. Embedded in the SIP message is a SDP (Session Description Protocol RFC 4566) section containing the desired session bandwidth attribute, which the Bandwidth Manager uses to monitor transmission rates on the managed network.

As illustrated in Figure 3 below, Bandwidth Manager, when deployed, will be part of the signalling path, and it will perform CAC (Call Access Control) based on the available bandwidth.

Figure 3: Bandwidth Management as part of SIP signalling

Depending on user policy, locations of the call, and available bandwidth, the Bandwidth Manager may let the call through, reject the call, or modify the media or the bandwidth attribute in the SDP. The action ensures that the total transmission rate for audio and video will not exceed the available bandwidth allocated for audio and video usage in the system configuration.

Calls are recorded with detail such as call locations and bandwidth required. Organizations may use this information to measure the usage of audio and video and their utilization of the network capacity for future planning. How much impact the deployment of audio and video exerts on the network can be calculated with the data captured by the Bandwidth Manager.

Database migration Details Steps For SCCM & Forefront Endpoint Protection 2010

Database migration Details Steps For SCCM & Forefront Endpoint Protection 2010

1.       Take snapshot of SCCM1 & FFEP2k10

2.       Download http://hotfixv4.microsoft.com/ConfigMgr%202007%20R3/nosp/SCCM_2007_R3_KB2676737_ENU/4.0.6561.1102/free/445834_ENU_i386_zip.exe

3.       Install above in SCCM1 for (SSRS does not work after you upgrade SQL Server to SQL Server 2012 in System Center Configuration Manager 2007 R3) remedy kept in E drive of SCCM1

4.       Create SPN for New SQL 2012

a.       Setspn –A MSSQLSvc/<FQDN of SQL 2012 server>:1443 account name (account will be “Domin Admin with schema change permission” and “DBA proposed”)

5.       Download http://hotfixv4.microsoft.com/Microsoft%20Forefront%20Endpoint%20Protection%202010%20Server/nosp/FEP_2010_SU1_KB2683558_ENU/02.01.1116.0108/free/445827_ENU_x64_zip.exe

6.       Install above in FFEP2k10 kept in Downloads folder of Admin

7.      

8.       Back up the site database on the current site database server and restore it on the new site database server computer using the SQL Server Management Studio.

9.       Ensure the primary site server computer account has administrative privileges over the new site database server computer.

10.   Close any open Configuration Manager console connections to the site server.

11.   On the primary site server computer, use the hierarchy maintenance tool (Preinst.exe) to stop all site services with the following command: Preinst /stopsite.

12.   On the primary site server computer, click Start, click All Programs, click Microsoft System Center, click Configuration Manager 2007, and click ConfigMgr Setup, or navigate to the .\bin\i386 directory of the Configuration Manager 2007 installation media and double-click Setup.exe.

13.   Click Next on the Configuration Manager Setup Wizard Welcome page.

14.   Click Perform site maintenance or reset this site on the Configuration Manager Setup Wizard Setup Options page.

15.   Select Modify SQL Server configuration on the Configuration Manager Setup Wizard Site Maintenance page.

16.   Enter the appropriate SQL Server name and instance (if applicable) for the new site database server as well as the site database name on the Configuration Manager Setup Wizard SQL Server Configuration page.

17.   Configuration Manager Setup performs the SQL Server configuration process.

18.   Restart the primary site server computer, and verify the site is functioning normally.

Move the FEP Databases and the CM Site Database

1.       Backing up the FEP data warehouse (FEPDW_<sitecode>)

2.       Backing up the Configuration Manager Site Database (SMS_<sitecode>)

3.       Uninstalling the FEP reporting component

4.       Restoring the site database and FEP data warehouse to their new locations

5.       Relocating the site database via Configuration Manager setup

6.       And then reinstalling the FEP Reporting component

Either the Server Controller is running on the Host or is not listening on the port 2050

Lotus Domino: Change NIC Sequence Windows 2008 Server to be able to run server controller

First Solutions:

If you do have multiple network interfaces (e.g. one for user, one for cluster, one for backup etc.) in a server with Windows 2008 you need to make sure that your main network interface is the first one in the sequence. Otherwise you might not be to connect to the Domino server controller. You will get the message “Either the Server Controller is not running on host <server name> or is not listening on port 2050″ although the server and controller are running

To change the sequence of the network cards do the following:

• Click on “Network and Internet” -> “View Network Status and Tasks (Network sharing Center)” -> Change Adapter Settings
• Press “Alt-N”
• Click on “Advanced” -> “Advanced Settings” -> “Connections: Change NIC Sequence”
• Now put your the main network interface card on top of the list and save the configuration.

2nd Solutions

In one case, the issue was resolved by following the below steps:

1) Add the port 2050 in the windows firewall.
(From the windows, run type "firewall" and enter Windows Firewall with Advanced Security ->Inbound Rules)

2) Add the entry for the IP address which is mapped to server name in the local host file (e.g 10.10.10.5 INMAIL01/Acme).

3) Enable the below notes.ini parameter in the Domino server's notes.ini.

ServerController=1
TCPIP_ControllerTcpIpAddress=10.10.10.5:2050

Note: 10.10.20.5 is the IP address of the Domino server.

4) With the above settings done, restart the Operating System (OS).

You will see "Lotus Domino Server" service will be launched successfully when the OS is up and also administrator will be able to connect to Domino server using the Lotus Domino Console i.e Java Controller for Domino.

Setting up a IBM® Lotus® Domino® server as an SMTP server

SMTP Server

Setting up a IBM® Lotus® Domino® server as an SMTP server consists of enabling two separate tasks: a listener task and a routing task. Enabling the SMTP Listener allows a server to receive mail over SMTP. Enabling SMTP routing lets the Domino Router send mail to other servers using SMTP. You enable SMTP routing to destinations within the local Internet domain separately from SMTP routing to external destinations. It's also possible to enable SMTP routing on a server without enabling the Listener task, and vice-versa.
For example, to support POP3 and IMAP clients, which use SMTP to send mail, you must have at least one internal server running the SMTP Listener task. However, the server does not have to use SMTP when transferring messages it receives over SMTP to the next hop on the routing path. After the server has accepted a message over SMTP, it can use IBM® Lotus® Notes® routing to transfer the message to other servers.
By default, Domino uses Notes routing only and is not configured for SMTP routing. To have Domino use SMTP to send and receive mail, do the following:
Prepare your system for sending messages to the Internet by testing your Internet connection and verifying that DNS is set up properly.
Enable the SMTP Listener task in the Server document of each server you want to receive mail over SMTP
Enable SMTP routing within the local Internet domain so that servers can send mail over SMTP within the local Internet domain.
Enable SMTP to be used to send messages outside the local Internet domain.
Specify the relay host, if any, to be used when sending mail outside the local Internet domain. Configure a relay host for SMTP servers that do not have direct access to the Internet.
Set up inbound and outbound mail restrictions to protect against misuse of the mail infrastructure.
To allow POP3 or IMAP users who connect to Domino from an external network to send mail to external Internet domains, specify exceptions to inbound relay enforcement for authenticated users.
If you intend to allow users to access mail from POP3 or IMAP mail clients, you must install and enable these access protocols on users' mail servers. By default, Domino supports only Notes client access

Configuring Domino to send mail to a relay host or firewall  

A relay host can be a server within your organization or an Internet Service Provider (ISP) that routes messages addressed to destinations outside the local Internet domain. Often the same server acts as a firewall through which your organization funnels all messages outbound to the Internet. It can be a IBM® Lotus® Domino® server or another type of server -- for example, a UNIX® sendmail server.
To configure internal SMTP servers to send mail to a relay host, you specify the IP address or host name of the relay host in the Configuration Settings document. If connections from the internal mail server to an ISP mail server pass through a firewall, specify the internal interface of the of the firewall in this field, and configure the firewall to forward traffic received on port 25 to the ISP mail server.
Servers that do not route mail over SMTP require special configuration to transfer messages to a relay host or firewall.
Configuring multiple relay hosts
To enable greater control over outbound message routing, you can configure multiple relay hosts. Using multiple relay hosts enables Domino to route mail addressed to certain Internet domains to certain relay hosts, without first performing a DNS lookup. For example, you can split external SMTP mail routing so that Domino routes all outbound Internet mail along one path, except mail addressed to a specific domain, such as *.acmepartner.com, which it sends through a specific SMTP server.
To configure multiple relay hosts, create a Foreign SMTP Domain document for each set of destinations, and then create SMTP connection documents to match these foreign SMTP domain documents. For example, using the previous example, you would create one Foreign SMTP Domain document for *.* and another for *acmepartner.com.
Foreign SMTP Domain documents are used by servers that route mail over SMTP as well as those using NRPC. For servers that use SMTP routing, Foreign SMTP Domain document indicate the destinations that need relay hosts and the relay hosts to use in each case.
To set up a relay host
  1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
  2. From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
  3. Choose Configurations.
  4. Select the Configuration Settings document and then click Edit Configuration.
  5. Click the Router/SMTP - Basics tab.
  6. Complete this field, and then click Save & Close:
Field Enter
Relay host for messages leaving the local Internet domain The host name, domain name, or IP address of the server being used as a relay host.
A domain name is a valid entry only if the internal DNS contains an MX record for that domain and can resolve it to a host name.
When entering an IP address, enclose it within square brackets; for example, [127.0.0.1].
  7. The change takes effect after the next Router configuration update. To put the new setting into effect immediately, reload the routing configuration.
  8. After you set up a relay host, you can set up restrictions based on where the message originated or the message destination.