Office Find your Version and Licensing Information

KB ID 0000566 

Problem

Note: This is an OLD post, you might want to look at the following article instead;

Finding Out Your Microsoft Office Licence Version

I had some licencing issues a couple of weeks ago with Office 2010, and needed to check my version and licence details, thankfully Office 2010 comes with a VB script that makes this easy.

Solution

Getting your Office Version and Licence Details

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

2. You need to change to the directory that the script is in, this directory will be different if you are running x32 bit Office on an x64 bit machine. execute one of the following commands;

For x32 bit Office on x32 Bit machines, OR 64 bit Office on x64 bit machines;

[box]cd “C:Program FilesMicrosoft OfficeOffice14″[/box]

For x32 bit Office on x64 bit machines;

[box]cd “C:Program Files (x86)Microsoft OfficeOffice14″[/box]

3. Then execute the following command;

[box]cscript ospp.vbs /dstatus[/box]

Example Output

(Above) This installation of Office 2010 (Pro Plus) is UNLICENSED, (it’s waiting for a licence key to be installed). It will run for another 30 days like this, then this will happen. You can fix this by manually installing an Office MAK key, or setting up a KMS server on your network.

(Above) This installation of Office 2010 (Pro Plus) is LICENSED and has been activated with a MAK key.

(Above) This machine has RETAIL versions of both Office 2010 (Pro Plus), and Visio (Premium). Both are LICENCED, and activated with a retail (or box product) Key.

Other uses for ospp.vbs

Install a MAK Key on a remote machine;

[box]cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx {remote-machine-name}[/box]

Activate a remote machine

[box]cscript ospp.vbs /act {remote-machine-name}[/box]

 

Related Articles, References, Credits, or External Links

NA

Sync Microsoft Domain Time To A Cisco NTP Device

KB ID 0001038

Problem

I’ve been posting domain time articles for a long time, and on more than one occasion I’ve really needed to take my Windows time from a Cisco Device and failed miserably. I’ve even used third party NTP software to solve this problem on my own test network.

On a client network, my colleague deployed ACS5 this week, I secured the ASA5585-X for AAA and it failed authentication. Logging revealed a clock skew error, so we manually set the time on the domain PDC. Within half an hour it was failing. The network topology prevented me syncing to a public NTP server from the domain PDC.

We did however have all the network devices syncing from a public time source, if only we could use one of those?

Solution

Step 1 Configure NTP on your Cisco Device.

Here I’m using a 7200 Router in GNS3, the NTP IP addresses I use are UK based NTP servers, I suggest you replace them with some public NTP servers on your own continent. I’m using two for redundancy.

[box]

Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#ntp server 130.88.202.49 prefer
Petes-Router(config)#ntp server 194.35.252.7

[/box]

NOTE: You need to force the Cisco device to advertise itself with a low stratum, typically the lower the stratum, the closer to atomic time you are supposed to be, (so we are actually forcing the device to lie, but if we don’t, Windows wont trust it!)

[box]

 Petes-Router(config)#ntp master 5 

[/box]

It can take a while for NTP, (go and have a coffee), then check it’s synchronised, DO NOT proceed until the Cisco device has synchronised.

[box]

R1#show ntp status
Clock is synchronized, stratum 5, reference is 127.127.1.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19
ntp uptime is 364600 (1/100 of seconds), resolution is 4000
reference time is D898D3A0.319A96D4 (23:05:04.193 GMT Wed Feb 25 2015)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.26 msec, peer dispersion is 0.23 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.000000000 s/s
system poll interval is 16, last update was 3 sec ago.

[/box]

Step 2 Configure Windows to use Cisco NTP Time

In the past I’ve said “Windows Does not use NTP, it uses Win32 Time” This is not strictly true, it does use NTP, but by default it uses ‘Symmetric Active Mode NTP’ and your Cisco Device expects its NTP requests to be submitted via ‘Client Mode NTP‘. (See MS KB 875424 for more info).

Note: By default Windows Domains take their time from the PDC emulator, carry this procedure out on that server!

Locate your FSMO Role Servers

Open an elevated command prompt and execute the following commands (the Cisco device IP is shown in red, change accordingly);

[box]

w32tm /config /manualpeerlist:"123.123.123.148",0x8 /syncfromflags:MANUAL
net stop "windows time"
net start "windows time"
w32tm /resync

Note: If you want to specify TWO Cisco devices, use the following syntax

w32tm /config /manualpeerlist:"123.123.123.148,123.123.123.149",0x8 /syncfromflags:MANUAL

[/box]

Now in the Servers System log, you should see the following two events logged.

Event ID 37

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 25/02/2015 22:33:19
Event ID: 37
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: 2012-DC-CA.petenetlive.com
Description:
The time provider NtpClient is currently receiving valid time data from 123.123.123.148,
0x8 (ntp.m|0x8|0.0.0.0:123->123.123.123.148:123).

Event ID 35

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 25/02/2015 22:21:17
Event ID: 35
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: 2012-DC-CA.petenetlive.com
Description:
The time service is now synchronizing the system time with the time source 123.123.123.148,
0x8 (ntp.m|0x8|0.0.0.0:123->123.123.123.148:123).

 

Windows and Cisco NTP Problems and Errors

Event ID 47

Log Name: System
Source: Microsoft-Windows-Time-Service
Date: 25/02/2015 22:11:07
Event ID: 47
Task Category: None
Level: Warning
Keywords:
User: LOCAL SERVICE
Computer: 2012-DC-CA.petenetlive.com
Description:
Time Provider NtpClient: No valid response has been received from manually configured 
peer 123.123.123.148 after 8 attempts to contact it. This peer will be discarded as a 
time source and NtpClient will attempt to discover a new peer with this DNS name. The 
error was: The peer is unreachable.

On your Cisco Device you will see debug output like so, (it will repeat 8 times);

[box]

Petes-Router#debug ntp all
NTP events debugging is on
NTP core messages debugging is on
NTP clock adjustments debugging is on
NTP reference clocks debugging is on
NTP packets debugging is on
Petes-Router#
000031: Feb 25 22:07:45.831: NTP message received from 123.123.123.151 on interface 'GigabitEthernet0/0' (123.123.123.148).
000032: Feb 25 22:07:45.835: NTP Core(DEBUG): ntp_receive: message received
000033: Feb 25 22:07:45.835: NTP Core(DEBUG): ntp_receive: peer is 0x67A57898, next action is 1.
Petes-Router#
000034: Feb 25 22:07:54.967: NTP message received from 123.123.123.151 on interface 'GigabitEthernet0/0' (123.123.123.148).
000035: Feb 25 22:07:54.967: NTP Core(DEBUG): ntp_receive: message received
000036: Feb 25 22:07:54.971: NTP Core(DEBUG): ntp_receive: peer is 0x67A57898, next action is 1.
Petes-Router#

[/box]

Causes:

This is a pretty generic error, but in this case, one of the following situations can cause this;

1. UDP Port 123 is blocked between Windows and the Cisco NTP device.

2. The Cisco NTP device has not synchronised form a reliable NTP source.

3. The stratum of the Cisco NTP device is to high.

4. Windows is attempting to sync time using ‘Symmetric Active Mode NTP‘ See my comments above.

Related Articles, References, Credits, or External Links

Windows – Setting Domain Time

Cisco ASA – Configuring for NTP

VMware – Setting up ESX NTP Time Sync

Cisco ASA – Configuring for NTP

KB ID 0000608

Problem

With NTP, there will be two things you want to do, 1) Allow a device behind the ASA to take its time from a public NTP server, and 2) Set the ASA to take its system time from a public NTP sever (for accurate date stanps on the logs, and for time critical things like Kerberos authentication.)

Solution

Allow internal host(s) to get system time though the firewall.

1. Connect to the ASA, go to “enable mode”, then to “Configure terminal mode”

[box]

User Access Verification

Password:
Type help or '?' for a list of available commands.
PetesASA> enable
Password: ********
PetesASA# configure Terminal
PetesASA(config)# 

[/box]

2. To rules are being applied to traffic going OUT through the firewall, run a “show run access-group” command.

[box]

PetesASA(config)# show run access-group

        Sample Output

access-group outbound in interface inside
access-group inbound in interface outside

[/box]

Note: If it returns nothing then outbound traffic is NOT being filtered, and NTP should work anyway, but in the example above I can see the traffic that is going IN the inside interface (That’s traffic going out if you think about it!) Is being filtered by an access list called ‘outbound’ (Because I give the ACL’s sensible names, yours could be called anything!)

3. To allow ALL hosts use the word any, for a specific host use the keyword host.

[box]

Allow all hosts access to NTP

PetesASA(config)# access-list outbound permit udp any any eq 123

Allow one host (192.168.1.1)
        to NTP

PetesASA(config)# access-list outbound permit udp host 10.254.254.1 any eq 123 

[/box]

4.  Finally save the updated config.

[box]

PetesASA# write mem
Building configuration...
Cryptochecksum: 79745c0a 509726e5 b2c66028 021fdc7d

7424 bytes copied in 1.710 secs (7424 bytes/sec)
[OK]
  PetesASA#

[/box]

Set the ASA to get its System Time from an External NTP Source

1. Connect to the ASA, go to “enable mode”, then to “Configure terminal mode”

[box]

User Access Verification

Password:
Type help or '?' for a list of available commands.
PetesASA> enable
Password: ********
PetesASA# configure Terminal
PetesASA(config)# 

[/box]

2. The IP address I’m using is in the UK if you want one more local look here.

[box]

PetesASA(config)#  ntp server 130.88.212.143 source outside

[/box]

3. To check on its status, simply execute a “show ntp status” command. BUT it will take a few minutes to synchronise, until it does you will see;

[box]

PetesASA(config)#  show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6
reference time is d36a01de.60ad92ea (13:04:30.377 UTC Fri May 25 2012)
clock offset is 3414265.0854 msec, root delay is 26.09 msec
root dispersion is 3430186.81 msec, peer dispersion is 16000.00 msec
PetesASA(config)#

[/box]

When it is finally synchronised it will say;

[box]

PetesASA(config)#   show ntp status
Clock is synchronized, stratum 3, reference is 130.88.212.143
nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6
reference time is d36a0f74.a34d5dde (14:02:28.637 UTC Fri May 25 2012)
clock offset is -9.1688 msec, root delay is 25.91 msec
root dispersion is 15915.95 msec, peer dispersion is 15890.63 msec 
PetesASA(config)#

[/box]

4.  Finally save the updated config.

[box]

PetesASA# write mem
Building configuration...
Cryptochecksum: 79745c0a 509726e5 b2c66028 021fdc7d

7424 bytes copied in 1.710 secs (7424 bytes/sec)
[OK]
PetesASA#

[/box]

Related Articles, References, Credits, or External Links

Set Cisco ASA for Kerberos Authentication

iPhone / iPad – Using the Cisco AnyConnect Client

KB ID 0000474 

Problem

You have an Apple device and you would like to create a remote VPN connection to a Cisco device running AnyConnect.

Note: This is not a walkthrough on how to configure AnyConnect, for that go here.

Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile – ASA 5510” license. If not you will receive this error.

Solution

1. Firstly you need to download and install the Cisco AnyConnect client from iTunes.

2. Once installed launch the AnyConnect client software.

3. As this is the first time we have launched it we need to configure a connection, select “Add VPN Connection”.

4. Give the connection a name, and enter either public IP of your Cisco Device (Or its public name) > Save.

5. Slide the button from Off to On.

6. If you are using a “Self signed” certificate on the Cisco device you will see this warning, simply click continue.

7. Depending on how your authentication is setup, supply your username and password > Connect.

8. All being well, the client should say connected. (If you get a licensing error see here).

9. You are now connected to your corporate network, all the while you are connected you will see the VPN icon at the top of the screen.

 

Related Articles, References, Credits, or External Links

Android – Using the Cisco AnyConnect Client

Cisco AnyConnect Error (Apple)

Apple iPhone / iPad – Enable Cookies

 

 

Android – Using the Cisco AnyConnect Client

 

KB ID 0000539 

Problem

You have an Android device* and you would like to create a remote VPN connection to a Cisco device running AnyConnect.

Note: This is not a walkthrough on how to configure AnyConnect, for that go here.

Be aware that in addition to your SSL VPN licences your Cisco ASA device also needs a “AnyConnect Mobile” license. If you do not have one you will receive this error.

*Note: At time of writing the AnyConnect client is only available for Samsung, HTC, Lenovo, and Android phones that have been rooted.

Solution

1. First head over to the Android Market, locate and then install the AnyConnect Client on your device.

2. Once installed launch the AnyConnect client.

3. Add New VPN Connection.

4. Tap Description.

5. Give the connection a recognisable name.

6. Set the server address, to either the public IP of your Cisco device, or if you have a public DNS name that points to it e.g. vpn.yourdomain.com you can enter that. (Providing the device can resolve that address using DNS).

7. You should not need to enter Certificate details, unless your IT department have secured the AnyConnect profile with certificates like this. In most cases you would supply a username and password to connect, so this is not relevant. If you are unsure speak to the person/department that looks after your Cisco device.

8. To save the connection click “Done”.

8. To start the connection, simply tap it.

Note: To delete/edit a connection profile tap and hold it.

9. Type in your credentials > OK.

10. When connected you will get a “Green Tick” and the logo at the top of the screen will show a closed padlock. This padlock logo will remain all the time you are connected.

11. To disconnect, simply tap the green tick, and the client software will terminate the connection.

Related Articles, References, Credits, or External Links

Thanks to David Simpson for trusting me with his phone for half an hour.

Android AnyConnect Error

iPhone / iPad – Using the Cisco AnyConnect Client