New E12 build available

- posted by Ben Winzenz @ 11:24 AM 0 comments

 
More Windows Mobile follies
Yesterday, all of a sudden my Windows Mobile device stopped automatically syncing my e-mail. In fact, when I tried to sync, it would pop up with a box asking me to confirm my password. At first, when I saw this, I thought that my password had expired (I do have to change it every so often), as entering my current password resulted in the password prompt coming right back. I checked network access on my computer and found that my password had not expired yet, so I wondered what was going on.

Then, I found out that our certificate had expired and been renewed, but the CA that we use had for some reason used a cert from a different chained trusted CA. This chained CA was, of course, NOT in the short list of trusted CA's included with Windows Mobile. Now, how to go about getting this corrected.

Oh - BTW, this error also prevented ActiveSync (Exchange portions only) from working when directly attached to my computer as well.

Fortunately, installing a cert on Windows Mobile is fairly easy. Of note is that I do have an unlocked device, so I can pretty much do whatever I want with it. Installing a cert may not be this easy (or possible at all) on locked devices. For me, this is what I did.

1. Obtained ALL certificates in the chain. This was completed by accessing our OWA website and exporting all certificates in the chain to DER encoded binary files (.cer).
2. Copy .cer files to WM device.
3. Open File Explorer on WM device and simply click on the certificate. It will ask you if you want to install the certificate. Simply choose "yes" and you are done.

Once I had the certs installed, everything worked fine again. I won't discuss my disappointment with so few root certificates being installed by default with Windows Mobile. I'm just happy I was able to install the other certs.
- posted by Ben Winzenz @ 10:23 AM 1 comments

 
I must be important or something...
I just got some German Spam! LOL. Good thing I can understand German...

Actually, all I needed to see were a few key words for it to register that this was a variation of the original Nigerian scam where a person was notified that large sums of money were available to be transferred to them for holding...

Here's the original text of the e-mail for your pleasure. Note the bank location in Johannesburg, South Africa (why would someone from South Africa be writing in German anyways?) and the sum (23.5 Million US). Ah, and of course, the situation being "streng VERTRAULICH" (VERY Confidential). HeHeHe.

It gave me a good chuckle, anyways. The lengths that spammers and scammers will go to...hopefully no one falls for these scams any more.

Too bad the message header information identifies foreged information, though the rDNS for 216.85.122.67 does correctly resolve back to mail.einsteinsystems.com.
Received: from fsmail.net (mail.einsteinsystems.com [216.85.122.67] (may be forged))

Looks like someone on einsteinsystems.com has an open relay mail server. Bummer.

Anyways, the text:

Sehr geehrter

Zuerst muß ich um Ihre Zuversicht in dieser Angelegenheit bitten,da dies aufgrund der Situation als streng VERTRAULICH anzusehen ist.
Ich erwaehne jedoch im Vorfeld, daß eine Offerte diesen Ausmaßes selbstverstaendlich abschrecken kann.
Ich hoffe,dass dies keine Besorgnis bei ihnen erregen wird, aber ich versichere Ihnen, daß alles seine Richtigkeit hat.
Wir haben wegen der Dringlichkeit,entschieden Sie auf dem Postwege zu informieren.
Als Erstes moechte ich mich bei ihnen vorstellen. Mein Name ist Dr.Shema.P.Modeka, ein Manager bei der Standard Bank South-Africa PLC, Johannesburg. Ich kam an ihren Namen durch meine Suche nach einer entsprechenden Person,um eine sehr vertrauliche Angelegenheit abzuwickeln, die die Übertragung von einer betraechtlichen Summe Geld ,welches aus einer Erbschaft stammt,zur Folge haette.
Hier nun mein Vorschlag: Ein Ausländer,der verstorbene Ingenieur ULLMANN, ein Ölhaendler aus Suedafrika, kam 1999 bei einem Flugzeugunglueck ums Leben.Seither sind keine Erben ermittelt worden.
Er war bis vor seinem Tode als Unternehmer taetig. Herr ULLMANN war unser Kunde hier bei der Standard Bank PLC.,Johannesburg, und hatte ein Kontoguthaben von US $23.5 Mio. (Dreiundzwanzig Millionen, Fünfhundert Tausend, US Dollar).
Diese Summe liegt jetzt bei der Bank und wartet auf eine Person,die berechtigten Anspruch darauf hat.Sollte kein Anspruchsteller gefunden werden,geht die komplette Summe an die Regierung von Suedafrika.
Daher haben meine Kollegen und ich beschlossen,vor Ablauf der Frist,eine entsprechende Person zu benennen.
Da Sie den selben Namen tragen,sind Sie in unsere engere Auswahl gefallen.
Mit Ihrer Erlaubnis wuerden wir Sie als Verwandten des verstorbenen ULLMANN deklarieren ,damit Sie den Anspruch in Hoehe von USD$23.5M erhalten wuerden.
Infolge dessen koennten Sie als der Nutznießer (Verwandte der ULLMANN) dieser Summe gelten.Die Urkunden und die Beweise zu diesem Vorgang werde ich Ihnen selbstverstaendlich erbringen und zu Ihrer Verfuegung stellen. Wir versichern Ihnen eine 100% risikofreie Abwicklung.
Ihr Anteil wäre dann in einem persoenlichen Gespraech zu eroertern,da wir natuerlich auch in eigenem Interesse handeln . Falls dies fuer Sie von Interesse sein sollte,wuerde ich Sie bitten mit uns in Kontakt zu treten. Zu diesem Zwecke senden Sie mir bitte Ihre Persönliichen Daten wie Voll Namen, Adresse Telefon-,und Fax nummer und Bank verbindung ihre vertrauliche E-mail Adresse, damit ich Ihnen die relevanten Details dieser Offerte zukommen lassen kann modekas1@fsmail.net

Mit freundlichen Grüßen,
Dr.Shema.P.Modeka
Standard Bank
- posted by Ben Winzenz @ 8:53 AM 0 comments

 
I'm noticing a trend

- posted by Ben Winzenz @ 9:49 AM 5 comments

 
Added IMF functionality with hotfix for Exchange 2003
It looks like this KB article has been out for a few weeks, but I was just informed of the functionality it provides today (er - late last night as it were). For those of you that use the Intelligent Message Filter (IMF), you can now add the feature of building custom exclude lists and custom include lists. The Exclude lists will allow you to create a list of addresses that IMF should not perform scanning on, while the include lists would seem to be a sort of blacklist where messages are filtered whitelist where messages that include those specific e-mail addresses are not filtered.

UPDATE: It seems I was a little off in how this works. The Exclude list is a list of addresses that IMF will exclude from scanning, but the way it works is that ALL recipients of a message must be in the exclude list in order to bypass being filtered (I think I mentioned that in part below, but it isn't detailed enough). If even *one* of the recipients is NOT on the list, then the message will be filtered. Regarding the Inclusion list, the way this works is that if ANY of the smtp addresses are on the RecipList, it will bypass filtering. Obviously, from a control standpoint, the Exclude list is far more restrictive.

A couple of limitations I noticed. With the exclude list, it will only exclude scanning if ALL of the recipients are on the exclude list, otherwise it will be scanned as normal (and potentially filtered/marked as junk). Also, all changes must currently be made in the registry - there is no GUI tool to manage this yet. It remains to be seen if some 3rd party tool will pick up on this, or if it might be added into the next service pack for Exchange 2003. The KB article currently does not indicate any prerequisites, but I've asked for clarification if this works with both IMF v1 and v2, so I'll update this once I know for sure.

UPDATE: This is a Post-SP2 Hotfix ONLY! It will not work with IMF v1.

Remember, as with all hotfixes, you MUST call in to PSS to get the hotfix. Thankfully, calling in for hotfixes has been made MUCH easier. I've called in many times, and have never been asked for a credit card for a hotfix. The automated phone attendant at Microsoft even has an option to specify you are calling for a hotifx. When you choose that option, you won't get to a PSS engineer, instead you will be routed to a Customer Support rep who will process the hotfix request (you simply provide the article number) and send you a link to the download.
- posted by Ben Winzenz @ 9:03 AM 1 comments

 
ExBPA 2.6 released!
Paul Bowden posted on the Exchange team blog this morning indicating that ExBPA 2.6 had just been released. Indeed, you can get it by going to the direct download link http://www.microsoft.com/downloads/details.aspx?familyid=dbab201f-4bee-4943-ac22-e2ddbd258df3&displaylang=en, but you won't find it yet if you just go to www.exbpa.com. I expect that will be corrected/updated very shortly. In the meantime, use the link provided above to get directly to the download page. From what Paul has said, it looks like there will be some great improvements in 2.6, so check it out!

Update: Along with releasing a new version of ExBPA, it also appears that new versions of ExPTA and the Exchange Profile Analyzer Web Release (EPA WR) have been released as well. Check them out!
- posted by Ben Winzenz @ 8:51 AM 0 comments

 
Wireless Security revisited
Ok, I *finally* got off my duff and decided to increase my wireless security at home. Not that I was too worried, mind you. I had already implemented WEP, which is admittedly better than nothing, but it has already been shown that WEP can be cracked fairly easily. I had also thought about implementing MAC filtering, but decided against it for the time being.

Anyway, the wireless router I use (Linksys WRT-54G with DD-WRT firmware) fully supports implementing additional wireless security levels, including WPA and WPA2. I figured what the heck - let's try and see if I can get WPA2 working. I enabled it on the router (WPA2 passphrase using AES as the encryption method - I could choose between AES and TKIP, but admittedly don't know if there is an advantage to choosing one over the other) and applied the changes, then made the change on my laptop running Vista. I was happy to see that the wireless drivers Vista has provide built-in support for WPA2 out of the box using either WPA2 Personal or Enterprise (Enterprise requires RADIUS authentication), but for some reason, I couldn't connect right away. It ended up taking about 5-10 minutes before I could connect with that laptop. In fact, while I was waiting for Vista to be able to connect, I tried getting my Work laptop (running XP Pro) on. Turns out the wireless drivers I was using were quite old, and they only supported WPA. No worries, as I checked Dell's website and found new drivers. I loaded the new drivers, rebooted, and enabled WPA2 and was able to connect right away. By the time I went back in and checked my Vista laptop, it was connected.

Do I feel like my wireless network is more secure? Sure. Was it harder to set up than WEP? Absolutely NOT. HOWEVER, one big current gotcha is that not all wireless cards support WPA2. I'd suspect that virtually all new wireless hardware supports it, but if you are using an older wireless card, you may find that it doesn't support WPA2. If this is the case, you may have to revert back to WPA instead, which is better than WEP, but not as secure as WPA2.

Also remember that if you are running Windows XP (Service Pack 2 required!), in order to enable WPA2 support, you must download and install an update that enables support for WPA2 in XP. You can find that update here:
http://support.microsoft.com/kb/893357
- posted by Ben Winzenz @ 8:02 AM 0 comments

 
Microsoft to provide Virtual Server 2005 R2 for free
I suppose this is following on the footsteps of VMWare, who earlier this year announced a free version of VMWare Server (albeit currently Beta), available to anyone who registered.

Microsoft has announced, of all places, at LinuxWorld, that they will provide Virtual Server 2005 R2 (I didn't see whether it was only Standard or also Enterprise)for free. In addition, they will provide more support for running Linux as a guest by providing virtual server additions for several mainstream linux distros.

It seems as if it's a virtual battle out there between Microsoft an VMWare. I haven't tried VMWare's product yet (it's time bombed, which I don't like), but I've used Virtual Server quite a bit, and it works very well. Along with the Virtual Server Migration Toolpack, which helps migrate machines from both "phsyical-to-virtual" and "virtual-to-virtual", this announcement is great news for IT professionals.

To read the entire press release, click the link in the title, or here:
http://www.microsoft.com/presspass/features/2006/apr06/04-03virtualizationqa.mspx
- posted by Ben Winzenz @ 3:56 PM 0 comments

 
Exchange Direct Push
Vanitha Prabhakaran on the Exchange team discusses how to deploy Activesync using Direct Push. This is a great article and includes such things as FAQ's and Troubleshooting steps. I'd even go so far as to say this should be a must read for anyone that wants to deploy Activesync using Direct Push.
- posted by Ben Winzenz @ 12:43 PM 0 comments