____________________________PLAY ANN____________________________

____________________________PLAY OPENING MUSIC____________________________

[Keith] Welcome to the Mind Of Root. I'm Keith Albright

[Rich] and I'm Rich Niemeier.

[Keith] This is Episode 71 recorded on October 15th, 2008.

Chit-Chat - What's going on with you?

[Rich]

  • Still don't have a new title...........oh well

[Keith]

  • I think it we just saw the 7th sign of the apocalypse. That chihuahua movie was number one at the box office. It has to be a sign that the universe is coming to an end.

____________________________READ IDERA AD COPY____________________________

This show is brought to you by Idera where you can get free tools – not one, but FOUR free tools for SQL Server!! Check them out at http://www.idera.com/FreeTools. You'll find cool free tools for SQL Server performance monitoring, backup, permissions and more….all designed to help you manage your SQL world. While you're there, don't forget to download a free 14-day trial of any of Idera's award winning enterprise products -- including SQL diagnostic manager. Our friends at Idera are helping you manage your Windows world! Housekeeping Items

[Rich]

[Steve]

[Keith]

  • Resume Peer Review

____________________________TECHPODCAST COPY____________________________

____________________________PLAY ACOAP PROMO____________________________

  • Open Office 3.0 Released [KEITH]
-Site overwhelmed. I think this is awesome. I'm not being anti-Microsoft. I just think it is great that there is a free version and gets this much fan-base.
-
-Link: http://www.tgdaily.com/content/view/39704/140/
-Link: http://www.openoffice.org/
-I still hate their BrightMail? appliance. I wonder when they call me to pimp this.
-
-Link: http://blogs.zdnet.com/forrester/?p=113
-Link: http://
  • Bart PE look at me now or where have all the floppies gone? [RICH]
- I remember several years ago when I first started working on my first Bart PE disk. Hmmmm!
- Now Bart PE is kind of gone dormit but others have picked up the "free" theme.
- I belive you can buy a commerical version of Bart PE that is more updated and feature rich.
- List of links everyone working with Bart PE should know about;
- Orginal Bart PE Link:http://www.nu2.nu/pebuilder/
- UBCD4Win? Link:http://www.ubcd4win.com/
- Boot-land.net Link:http://boot-land.net/
- WinPE? - easier to get now (ERD included in an upgrade for software assurance customers)
-Microsoft Diagnostics and Recovery Toolset: http://www.microsoft.com/downloads/details.aspx?familyid=5D600369-0554-4595-8AB4-C34B2860E087&displaylang=en
- Reatogo Link:http://www.reatogo.de/REATOGO.htm
- 911Cd forums Link:http://www.911cd.net/forums/
- Multi-Boot
  • US Government pushing DNSSEC [KEITH]
-However, Internet regulatory bodies are fighting over control.
-We lose.
-Link: http://www.techworld.com.au/article/263510/us_gov_t_proposes_digital_signing_dns_root_zone_file
-Link: http://
  • Patrick's VPN question [KEITH]
-Keith - Just a quick question. I have an ASA5510? and have users connecting with the cisco vpn client. There are able to connect on their desktop and work that way but some no longer have a desktop in the office. So now users want home dir access and outlook access ( not owa ) from the office using the vpn. It doesn’t work, they can’t make the connection to local resources. Can you tell me what I might be missing in my setup? I know very little about vpns, just enough to get to where I am at with remote desktop connection ability. - Thanks, great show.
-DNS, WINS, protocol filtering
-DNS - If using ISP DNS, it will not resolve your internal hosts. DNS trick. Round Robin with internal first, ISP second, etc. When only on internet, can't find it and it will roll to the next which is reachable and can resolve.
-Depending on the client, WINS may be necessary. If no WINS server defined, it cannot resolve internal hosts. You can use an LMHOSTS file for internal hosts, but I recommend against it.
-DNS will failover...WINS will not!
-Some of these can be handled with a virtual adapter. You can assign DNS and WINS servers to the virtual adapter.
-If you were using only remote desktop previously, you may have a policy in place controlling which ports/protocols can be accessed through the VPN. In this case, the remote client may only be permitted to port 3389 for terminal services/remote desktop. Check your ASA for the defined policies.
-To ensure the ports needed for SMB are allowed. 135-139 (TCP & UDP) for older clients, 445 (TCP & UDP) for newer.
-You may need to open additional ports for Exchange as well.
-You may consider establishing host-based policies rather than service-based policies. You can do both as well for very fine grain access control.
-A-B-C routing/policy scenario.
-How can you test? To do some troubleshooting/probing, you can use a port scanner against a host to see what ports you can see/access. For more directed testing, I like to set up the BabyWeb? server on a test machine on the subnet in question that listens on the port I am testing. If I can pull up that page on that port, I know the path exists.
-ICMP may be blocked by policy, but ping and trace-route are good tools for troubleshooting routes and policies.
-Lastly, as Shaun suggested in his comment on the blog, send us a sanitized version of your ASA config and we'll take a look.
-Link: http://support.microsoft.com/kb/298804/en-us
-Link: http://support.microsoft.com/kb/832017/en-us
-Link: http://support.microsoft.com/kb/278339/en-us
-Link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml
-Link: http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
-Link: http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.html
-Link: http://ezinearticles.com/?How-to-Create-and-Manage-Access-Control-Lists-on-Cisco-ASA-and-PIX-Firewalls&id=1144913

____________________________PLAY SWEEPER____________________________

Listener Feedback

From listener....Andy

Just thought i’d drop a mention of my technical implementation nightmare. I unfortunately am responsible for a 12 site Avaya IPOffice? system. It was installed about 3 years ago and still isn’t working correctly. Engineers come out on site to replace phone units (”that I’ve never had issues with before”) and are amazed when I tell them this is the third replacement box in three months at the same site. The engineers never have the control software to reset up a replaced box and have to check to see if they would have to charge us time whilst they sit there on a T1 internet connection to download a 650mb iso to their laptop! I’ve had to argue with a phone tech that plugging a serial connection cable into a network socket is not going to work - they insist it will but cannot understand why it doesn’t. I’ve loads more horror stories but I can’t rant too much more…… I’ve requested we UPGRADE the phone system to 2 empty cans and a piece of string but for some reason this hasn’t been approved.

[KEITH] These are the worst types of horror stories. The perpetual install; It never really got signed off as it really never worked the way it was planned. They seem to haunt you forever.

From Listener....Shaun

Aside from the small software pitfalls (I was also bitten by the Cisco VPN software)I have been running vista x64 for just about a year. My work around for the Cisco software issue was simple. Install virtual PC 2005 R2 and create an x32 xp instance. Since my desktop has dual displays, and 8GB of ram this works well, now I can run my outlook client and browse the web as needed on my main desktop, and connect to my client sites via VPN from VM on the monitor. I know it’s not ideal for everybody but it gets the job done for me. I have also been using Idera’s SQL safe for over a year, it does a great job in slimming down the size of the backup!

Pat I think there may be several solutions for your exchange, and file share issues. Let’s start with Exchange and outlook, what version of exchange and outlook are you using? Exchange and outlook 2003 can be used in a native mode via RPC over HTTPS. It’s a little tricky to setup but works pretty well when it’s all said and done. As far as accessing file shares over the VPN, that is a little more involved. IMO To be certain things are configured correctly we would need to see a sanitized version of the running config.

Mind of root Crew great job keep up the good work.

[KEITH] Good point. Granted, Shaun has some awesome horsepower behind his virtualization solution, but it is a trend. We've spoken about application virtualization before, but don't discount virtualizing the whole corporate image.

Website Picks

Rich - Halloween website with safety tips and factshttp://www.mysterynet.com/halloween/

Steve - http://

Keith - http://

Last Call

Anyone....Anyone....Buehler.....Buehler....

Closing

All right, well that is it for the show. For listener feedback; you can email us at Feedback [at] mindofroot.com or post a comment on the main site at mindofroot.com. If you use iTunes, you could write a review. If you just want to show us your listening, drop a pin on the Frappr map...there's a link on the show site.

Lastly, you can drop any show ideas or topic requests on the wiki. There is a link to the wiki on the main show site. If you would like to participate in the show; either through an interview, a segment contribution, or any other way, please let us know. We are also a member of the Techpodcast network. Check out some other great shows by going to Techpodcast.com.

Thanks everyone.