One of the big drawbacks of Exchange management being built on PowerShell, and it talking to the PowerShell virtual director is, when IIS has a problem, you can’t manage your Exchange via the command shell, or the Exchange Management Console.
While trying to fix a problem last week I wanted to remove and recreate the PowerShell virtual directory, and I found the PowerShell command, but no working examples for the correct syntax.
Solution
1. Remember your Exchange Management Shell won’t work, so load the Windows Powershell Modules shell. (Note: You will find this one under Administrative tools, NOT the one on the taskbar).
2. To remove the PowerShell virtual directory from the default web site;
[box]
Remove-PowerShellVirtualDirectory “Powershell (Default Web Site)”
[/box]
Got in the office to find a colleague was going to be on long term sick this morning, the boss asked, “Can we turn on his out of office?”. I could have simply changed the users password and logged into OWA and done it, but executing some PowerShell would be more elegant.
Note: You must be in one of the following groups to carry out this procedure, Organizational Management, Recipient Management, or Help Desk.
Note: Remember the dates need to be in ‘American date format’ or the command will fail.
Example
[box]
Set-MailboxAutoReplyConfiguration -Identity 'PeteL' -StartTime '08/12/2013 08:00' -AutoReplyState Enabled -EndTime '12/31/2013 23:59' -InternalMessage 'Pete is currently out of the office' -ExternalMessage 'Pete is currently out of the office, please contact the helpdesk for technical assistance' -ExternalAudience 'All'
[/box]
Related Articles, References, Credits, or External Links
Note: This is for firewalls running an operating system BEFORE version 7, if you have an PIX running version 7 or above go here instead. I’ll run though he commands first and then the configuration from PDM at the end.
Solution
PIX 500: Configure a site to site VPN from command line
1. Connect to the PIX, go to “enable mode”, then to “Configure terminal mode”
[box]
User Access Verification
Password:
Type help or '?' for a list of available commands.
PetesPIX> enable
Password: ********
PetesPIX# configure Terminal
PetesPIX(config)#
[/box]
2. I’m assuming the network BEHIND the PIX 500 is 192.168.124.0/24 and the network at the far end of the tunnel is 192.168.123.0/24. So I’m going to create two ACL’s one to tell the PIX that this traffic should be encrypted, and the second to tell the PIX NOT to perform NAT on the VPN traffic.
Note: Yes I can use one ACL, but having two makes it easier to troubleshoot any VPN problems.
[box]
PetesPIX(config)# access-list VPN_CRYPTO_ACL permit ip 192.168.124.0 255.255.255.0 192.168.123.0 255.255.255.0
PetesPIX(config)# access-list VPN_NO_NAT line 1 permit ip 192.168.124.0 255.255.255.0 192.168.123.0 255.255.255.0
[/box]
3. Now I’ve got an ACL that will stop performing NAT I need to add it as a “Nat 0” (this means don’t perform NAT).
Note: Check to make sure you do not already have a nat(inside) 0 xxx command, if you do, use the SAME ACL that is already in use.
4. To set up all the VPN parameters you need to create a crypto map. In the example below I set the peer IP (the firewall at the other end of the tunnel), to 81.81.81.81. Then I tie it to the ACL I created earlier (VPN_CRYPTO_ACL). I’ve set the encryption and hashing used for the tunnel to 3DES and SHA (These will be used for IPSec (Phase 2)). Set the timeouts for the tunnel, and finally apply the cryptomap I’ve just created, to the outside interface.
7. To establish the VPN phase 1 (ISAKMP) the devices at both ends of the tunnel need a matching ISAKMP policy. I’ve already set up my shared secret, the first line lets the other end know that’s how we will be communicating. Then once again I’m using 3DES and SHA. I’m telling the system to use Diffie Hellman group 2 for the secure key exchange, and then binding this policy to the outside interface.
Note: If you are interested on how all this stuff works see here