Had some Palm Pre phones come into work today, and had to set them up to the Exchange 2003 server. As with other Palm devices and such that use OWA (Outlook Web Access) and EAS (Exchange Active Sync) we need to export our CA Root Certificate to the phone and install it to the Cert Store. This seems to be a huge problem for some people, so maybe this guide will help you out.

First, you need to make sure the IIS Web Server that you connect to using the phone or web browser has a SSL certificate that has the correct CN (Common Name) of the server. This is very important. If you are connecting to say; https://mail.server.com on the phone the CN of the web server certificate must be mail.server.com

The server at work did not have this for some reason, so in the IIS System Manager open SERVER (local computer) and Websites, right click on Default Web Site and click on Properties. Make sure you have 443 in the SSL port on this page, and then click on Advanced. Make sure under ‘Multiple SSL identities for this web site’ you have a Default with SSL port 443. Click OK if you added it, if you have it cancel out of it.

Click on the Directory Security tab.

Now click on View Certificate if you have the ability to (the server already has a certificate installed). Click on the Certification Path tab at the top and you should have a certificate at the top with the CA name, and one under it, this should be the CN of this web server.

If you cannot click on the View Certificate button you need to have this server request one from the available CA server on your network. When you are asked for the CN make sure it is the external FQDN of this server, not just the hostname.

Now once that’s done, you should have an Edit button under the View Certificate button, click Edit and at the top make sure you have ‘Require secure channel (SSL)’ unchecked. You will use SSL yes, but if you have only one Exchange server on your network you cannot have a Front-end and Back-end server setup and need this unchecked for Exchange to communicate with IIS and such on the server itself. We will be using our self-signed certificate for SSL communications from the Palm Pre to the IIS Server over the Internet.

Click OK at the bottom and your done here. Open the Exchange System Manager. Open up Global Settings and then right click on Mobile Services and choose Properties. On this first page, I have (by default it seems) everything at the top checked. At the bottom I checked Enable Outlook Mobile Access and Enable unsupported devices, and clicked OK. This is up to you, not sure if you need the unsupported devices checked, but it seems to work fine.

Some people talk about it not working with Forms Based Authentication. I do not use this at home, but we do at work, and it does not make a difference in either case.

We should be done on the server end. On your workstation, you should be able to connect to https://exchange-server-fqdn/exchange and get your login page, or popup for login, or if you use Internet Explorer you might get a transparent login to the Outlook Web Access. In Internet Explorer at the right of the address bar you should have a SSL Lock icon, either in green or red depending if you installed your self-signed certificate on the local machine. Left click on this and choose View Certificates.

At the top click on the Certification Path and here you should have two lines of certificates. At the top, the root certificate under that, the CN of this web server running Outlook Web Access. Click on the top Root Server CA certificate and click on View Certificate near the bottom of this dialog. At the top of the new dialog, click on Details, then at the bottom click on Copy to File.

In the wizard click on Next, then Next again. Browse to a location you can remember, the desktop is fine, and type in a file name and click Save. Click Next in the wizard then Finish. It will say the export was successful. Click OK to close all the dialogs and you can close Internet Explorer.

Connect your Pre via USB and set it to USB File Mode. Copy the certificate to your phone and use the Certificate Manager to install the certificate. You should be able to setup your Exchange account on the phone now.

Once everything is up and running, you can get the Microsoft Exchange Server ActiveSync Web Administration Tool and install it on your server to get a few administrative functions for Mobile Devices.

I will continue to post a few links that may help others out as I find them.
- Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003

So playing around with some registry and networking settings I was able to lower my latency by about one hundred and fifty by applying this registry tweak.

Go to Start -> Run, type in `regedit` and click OK.

On the left open HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> Tcpip -> Parameters -> Interfaces -> (Choose your card here, it will be the only folder that contains the most data in it, that appears on the right). In here right click on the right and make a new `DWORD Value` when you can name it, type in (case is important) `TcpAckFrequency` and press enter, double click it to modify the value and change it to `1` and click OK.

You will need to restart your computer for this change to take effect. If you find that this did not help at all, or messes something else up, just delete the `TcpAckFrequency` DWORD item you added.

Along with this, you can also do another tweak which seemed to help a lot on my Windows machine for in-game latency.

Open Control Panel and then Network Connections. Right click on Local Area Connection (or your network adapter) and choose Properties. Near the top you should have a Configure button to the right of the name of your network adapter. Click Configure at the top you should have some tabs, click Advanced and on the left choose the option that is related to Checksum Offloading (you may not have this option, or it may be called something else like TCP/IP Offloading IPv4) and turn this Off. Save your settings and restart the machine.

Let me know if it helps you as well.

I suppose we can start out the new month with a informative post today. At work some friends were setting up some Windows XP machines and wanted to image the disk so that the process for setting up all eight machines went faster. Having no access to disk imaging software at the moment I suggested that they just use `dd` in Linux to do the image. None of them had really heard of this program, so I explained to them how to use it.

A easy way for anyone to do this is to grab a boot-able Linux CD, we used TRK, and grab a external USB hard disk.

Boot from the CD, and choose the first boot option. Mount your USB disk somewhere easily accessible. We did ours as such: `mount /dev/sdb1 /mnt0`then we created an image of the first computer (the one we are currently on, and has Windows XP installed on it already and configured): `dd bs=16384 if=/dev/sda of=/mnt0/image.img`.

Once the process is complete power off the machine and take the USB hard drive and CD to the next, boot from the CD and mount the hard disk. Issue the command: `dd bs=16384 if=/mnt0/image.img of=/dev/sda`.

As you can see, `if=` is the Input File for dd, and `of=` is the Output File. `bs=` is the block size to copy between the disks, you can increase this if you wish to see better performance in faster machines.

Had some problems with the time change here at work, seems that most websites left out a very important detail as to what gets upgraded, what order, and how so when using mobile services with Microsoft Exchange.

The devices that I am dealing with are the:

Palm Treo with GoodLink
Blackberry Devices with Enterprise Management

Running on these servers, you should also have the Microsoft Exchange Management Tools. I could find no place that mentioned these tools, after they have been installed, they are virtually untouched. You have to upgrade the installed tools to the same version as the Exchange server itself, then Install the CDO patch against the TOOLS. All of the sites that I have found, talk about applying the CDO patch to the Exchange server itself.

Links: Exchange 2003 Service Pack 1
Links: Exchange 2003 Service Pack 2

Here is the problem I was having…

If you create an appointment from 1:00PM to 2:00PM (or other times, this is just an example) using Outlook from your client, the appointment times are correct, even on the device it says 1:00 to 2:00. But, if you create an appointment using the mobile device, say at 2:00 to 3:00, and then look inside outlook, the appointment will say 3:00 to 4:00, which as you just created the appointment, already know this is incorrect.

All of our mobile devices experienced this problem. GoodLink Palms, and Blackberry Devices. After installing the Exchange SP2 upgrade on the server not even running Exchange, and then the CDO patch on top of that, these problems went away.

After you’ve acquired the smartcard readers and installed them on each computer, you need to prepare the smartcards. Each smartcard requires a certificate. To get that certificate on each smartcard, you need a certification authority (CA). To issue smartcard certificates, you need an Enterprise CA server. Most of the particulars for the installation of the CA aren’t significant when it comes to simply issuing the smartcard logon certificates. However, they may be important if you have other things planned for your CA.

If you don’t already have a CA and you have no real preference on how to install it, you can follow these steps:

1. Log on as a member of the Enterprise Admins group.
2. Open the Windows Control Panel, open Add/Remove Programs, and click Add/Remove Windows Components.
3. The Certificate Services option is in the list of Windows components. Select that option and follow the wizard to install. The first thing you’ll see is a warning message telling you that you cannot change your machine name or domain membership. Keep that in mind, click OK, and then click Next.
4. When the CA Type selection box appears, make sure that you’re installing an Enterprise CA and then click Next.
5. In the CA Identifying Information box, enter a name for your CA and then click Next.
6. In the Certificate Database Settings dialog box, leave the default settings (unless you know that you want to change them) and click Next. You’ll need the CD-ROM or installation files in a couple of seconds.
7. If you don’t have Internet Information Services (IIS) installed, you’ll be prompted to install IIS to get web enrollment working. If you don’t plan to do any web enrollment, you can just click OK and don’t worry about it. Click Finish when it’s all over.

Next, you need a smartcard logon certificate template.

Creating the Template

After you have the CA installed, you need to manage it a bit. Create an MMC with the following snap-ins:

• Active Directory Users and Computers
• Certification Authority
• Certificate Templates

Now that you have the console configured, click Certificate Templates and look for the Smartcard Logon certificate in the right-hand pane. Right-click the Smartcard Logon template and select Duplicate Template.

At this point, you get a Properties of New Template dialog box, as shown in Figure 2. (Name your template whatever you want.) Be sure to select Publish Certificate in Active Directory if the box isn’t already checked.

Click the Request Handling tab and then select Signature and Smartcard Logon in the Purpose drop-down list. You want the user to be prompted to insert a smart card during logon, so select the option Prompt the User During Enrollment (see Figure 3).

Before you leave this dialog box, click the CSPs button near the bottom to open the CSP Selection dialog box, where you can select the appropriate cryptographic service provider (CSP). For example, I use a smartcard produced by Schlumberger, so I chose the Schlumberger CSP, as shown in Figure 4.

Caution

So you want to download files from sites that are using Bittorrent? But have no idea how to start? No problem, I am going to walk you through downloading files using a Bittorrent client.

First, you are going to need a piece of software called a Bittorrent client. There are quite a few programs that will do this task, but I like using uTorrent, and thats what I’m going to walk you through.

Get uTorrent by clicking here [Link: http://www.utorrent.com/download.php ]. I recommend that you download the Installation Program version, as you can easily remove it later on, if you don’t have a use for it.

When the file is done downloading, double click to open it. Choose your language from the list and click OK.

Click Next on the Welcome Screen. The default Destination Folder is best in most cases, click Next at the bottom. The installer will now ask you what to call the start menu folder, click Install at the bottom, as the default is fine.

When it is done, click Finish at the bottom. Lets configure the client now.

You can delete the file that you downloaded if you wish, then go to Start -> Programs -> uTorrent and run uTorrent.

The welcome message will display, you can click on No, because we already have a shortcut on the start menu. uTorrent will now ask if you wish for it to be the default application for .torrent files. Go ahead and click Yes, this will make your life much easier.

The next screen is where things get a little confusing. For uTorrent to download files more efficiently you have to forward a port in your router, it can be any number you choose at the bottom. Default is 32459. I will have to let you refer to your routers manual if you have a router.

Click Run speed test at button and choose the best speed for what the site returns to you. Then, click Use Selected Settings at the bottom of the dialog.

Now you have completed the install of uTorrent.

Now the easiest way to download files, is to find a tracker website, and follow their way to download the .torrent files, when your browser goes to download the file, uTorrent will open the file and begin.

So you have your Asterisk / Asterisk@Home server setup and running, and now you wish to receive calls from the outside world (PSTN or Public Service Telephone Network).

I will try to make this page as easy to use as possible, walking through each of the steps. My setup includes Asterisk@Home 2.8 with freePBX web interface version 2.0.1, and Asterisk version 1.2.7.1.

First you need to signup with TelaSIP. I recommend the Plus or Premium Plans.

In the web interface click on FreePBX Administration.

Enter the username and password, the username is maint, and you should already know your password here. On the next page, click on Setup at the top.

Then on the left, click on Trunks.

In the content pane, click on SIP because we want to add a SIP trunk.

Now we have to fill out some information, this information works for me, and hopefully, will work for you too. Please note that the information in italics needs to be replaced with the information you got from TelaSIP. Information in bold and italics is your choice.

Outbound Caller ID: “yourname” <your phone number>
Maximum Channels: 2
Dial Rules: 1|NXXNXXXXXX
Trunk Name: telasip-gw

PEER Details:

allow=g726
context=from-pstn
disallow=all
host=gw4.telasip.com
insecure=very
qualify=yes
secret=password
type=peer
username=username

Incoming Settings: All Blank

Registration String: username:password@gw4.telasip.com

Once you are done, click on Submit Changes at the bottom of the page. Once you are done, click on Outbound Routes on the left.

Fill out the following information,

Route Name: Outgoing
Emergency Dialing: Checked

Dial Patterns

911
1NXXNXXXXXX
NXXNXXXXXX
NXXXXXX

Trunk Sequence: SIP/telasip-gw for the first.

Then click on Submit Changes. You can now make calls on your Asterisk server, lets continue so you can receive calls.

On your left click, Inbound Routes.

Then fill out some information:

DID Number: your phone number from telasip
Destination: Wherever you want your call placed, from TelaSIP.

Click on Submit, and at the top of the page, click the red bar to reload Asterisk with your new settings. You may need to wait a few hours if you just created your TelaSIP account, so the phone number becomes active.

I found some information on this topic by searching around the internet, I have tried this information and it works great for me. Please note that I have not created any of this content, I am just mirroring it.

First things first:

Download:

  SP2KPAP2.zip (671.0 KiB, 105 Downloads)

  PAP2SP2K.zip (653.7 KiB, 106 Downloads)

DO NOT CONNECT THE PAP2 TO ANY NETWORK WITH INTERNET ACCESS until directed. The unit will attempt to connect to a Vonage TFTP server on power-up and update firmware without your intervention. If this happens the unit could become a brick. Keep the unit isolated until these parameters are changed and you are directed to connect the unit to the net and/or public internet.

New Unit -
A new “out of the box” pap2 will not have ANY network parameters setup (IP Address, IP mask, gateway, etc). First, configure the pap2 via a touch-tone phone with minimal IP information that will permit later access via your web browser.

Review Chapter 4 of the Linksys pap2 Installation and Troubleshooting Guide.

Connect a standard touch-tone phone to port #1 and make the following changes:
a) Disable DHCP – ‘****’, ‘101#’, ‘0#’, ‘1’ hang-up
b) Set Static IP Address – ‘****’, ‘111#’, ‘192*168*2*10#’, ‘1’ hang-up
c) Set Network Mask – ‘****’, ‘121#’, ‘255*255*255*0#’, ‘1’ hang-up
d) Set Gateway Address – ‘****’, ‘131#’, ‘192*168*2*20#’, ‘1’ hang-up

The following steps have set the pap2 IP address to 192.168.2.10, mask 255.255.255.0 & gateway of 192.168.2.20. This document will utilize these addresses later. If your network uses different address/mask/gateway adjust accordingly.

Reboot the pap2 and use the phone to confirm the changes were saved. You can also check around to determine current firmware version, MAC address, etc. You don’t need them for later steps, but feel free to check them out. NOTE: you will be unable to enter the ADMIN account at this time (unit is locked).

Change your DNS addresses –
Modify the DNS (Primary & Secondary) to match your ISP’s DNS values. It may be necessary to change these at a later date to ones associated with the VoIP provider.

Isolate your network from internet –
For this next sequence disconnect your LAN from access to the public internet. Also, DO NOT ATTEMPT to update firmware via a wireless connection – bad results. Hardwired connects only!

Install tftp server utility –
Included on the CD-ROM is a free tftp server utility – tftp-desktop-free ver 2.5. Suggest you use this utility because you can monitor the firmware download/update process. This can be downloaded from www.download.com, search for tftp. While this utility is free, it’s possible it can only be used for 30 days. You may need to get a “fresh” download.

NOTE: The tftp utility installs nicely under WinXP and creates a directory in /Program Files/TFTP Desktop . You will need to know this in order to copy the firmware images to that area and rename the files.
ALSO: The utility does NOT start/run automatically when your system is booted. It is necessary to click on the ICON to start the utility.

Uncompress/Copy Firmware Image Files –
Two Firmware image files need to be unzipped, renamed and placed in the tftp default directory, which is /Program Files/TFTP Desktop. Uncompress the following files:
pap2SP2K.zip and SP2Kpap2.zip. After the files are uncompress into the tftp default directory it is CRITICAL to RENAME the file to correct a naming error. The files must be renamed to add a ‘-‘ as follows: pap2SP2K.bin to pap2-SP2K.bin and SP2Kpap2.bin to SP2K-pap2.bin

Next, if your PC/Laptop does not have a static IP address you should assign one at this time. While not absolutely necessary to have a static IP address, your IP address must be known (and does not change) in order for the pap2 to find the tftp server and thus the firmware to be downloaded. For purposes of this example the tftp server PC has an IP address of 192.168.2.110, mask 255.255.255.0

Connect the pap2 ethernet port to your isolated network. Remember, you don’t want the pap2 to get to the internet – not yet!

Next, ping the pap2 device to make sure your network connection is working.
PING 192.168.2.10

START OF FIRMWARE UPDATE -

Open a browser and enter the IP address of the pap2:
»192.168.2.10

You should have opened a Linksys pap2 configuration page on the INFO tab. Select the SYSTEM tab. Enter an USER password of 1234 and at the bottom of the page select SAVE SETTINGS.

Now refresh your link and you should be prompted with a login screen.
Enter a User Name of USER , password = 1234
Keep this browser page open, but shift it down to the lower right section of your display.

Next, start the tftp server utility and position the window in the upper left section of your screen. This is to permit monitoring the firmware download process.

Next, return to the open browser page and position the open window such that you can continue to monitor the tftp desktop window – keep at least 1/3 of that window visible.

Update the browser address line and enter the following: »192.168.2.10/upgrade?tftp://192.···SP2K.bin
Monitor the tftp window and you should see a progress bar indicate the download status.
At this time the Power LED should turn RED.
Wait at least 1 or 2 minutes after the status shows complete – do not interrupt it.

Once RED, update the browser address to your pap2. (our IP in this example is 192.168.2.10) login using user account USER , password = 1234

At this point you should now see a Sipura Phone Adapter Configuration screen.

Click the “admin login” link near the top-right.
Click the “advanced” link near the top-right.
Click the PROVISIONING tab and set PROVISION ENABLE=NO.
Click SUBMIT ALL CHANGES.

At this point you might get an “unable to display” page on your open browser page – don’t worry about it – leave it as is.

Next, update the browser address line and enter the following: »192.168.2.10/upgrade?tftp://192.168.2.110/ SP2K-pap2.bin [ver 3.1.3]
Alternate version
»192.168.2.10/upgrade?tftp://192.168.2.110/ pap2-BIN-03-01-06-ls.bin [ver 3.1.6]
* * * * *
Again, monitor the tftp window and you should see a progress bar indicate the download status. Wait at least 1 or 2 minutes after the status shows complete – do not interrupt it.

The Cisco/Linksys pap2 will eventually reboot (2 solid blue LEDs) (BE PATIENT)

DONE – The firmware update/unlock is now complete.

When you login to the pap2 unit you will again have a Linksys pap2 configuration screen and you should be able to access the ADMIN LOGIN link without a password.

The unit is now unlocked and can be configured for various VoIP services. You can now safely connect the pap2 unit to a network exposed to the internet. HOWEVER – never attempt to do a FACTORY RESET – or your unit may be locked again to Vonage and might not be unlockable a second time. Still working on it.