Archive for September, 2009

Using kmsrecover to Restore Kerio Backups

Monday, September 28th, 2009

Using KMSrecover to restore a mailserver/user
Using this command will overwrite the existing config and modify the message store, which is why you need another machine for this, with adequate HD space.

[ ] Install KMS locally on your computer (skip wizard)
[ ] Rename your laptops volumes name to the same as where the KMS store lives
(e.g Mail Server HD or Server HD or Macintosh HD)
[ ] Copy KMS backups to external drive and plug into laptop.
[ ] Navigate to mail server path in terminal or DOS.
Mac: /usr/local/kerio/mailserver
PC: C:\Program Files\KerioMailServer
[ ] Start the recovery
Mac: ./kmsrecover |
For full recovery point to backup location.
./kmsrecover /Volumes/backup
For specific recovery, use filename
./kmsrecover /Volumes/backup/C200401z.zip
PC kmsrecover |
For full recovery point to backup location.
kmsrecover E:\backup
For specific recovery, use filename
kmsrecover E:\backup\C200401z.zip
Warning: If the parameter contains a space in a directory name, it must be closed in quotes. kmsrecover “E:\backup 2”

318 & MacWorld 2010

Thursday, September 24th, 2009

318 is proud to announce that we will have 3 speakers doing a total of 4 sessions at the upcoming MacWorld Conference & Expo in San Francisco in February. Speakers will be Beau Hunter, Zack Smith and Charles Edge.

We will also be announcing some events as the conference gets closer. If you are planning to attend then you can sign up here. We hope to see you there!

The VPN

Wednesday, September 23rd, 2009

Virtual Private Networks, abbreviated “VPN” is technology that that allows users to connect from one place to another securely.  What makes it secure is that the connection between point A and point B is encrypted.  An encrypted tunnel is built between Point A and Point B, and then data is passed through that tunnel.

VPN’s come in many different types (protocols).   Some of the most common include the following:

PPTP

Often called “dial up VPNs”, it technically extends the functionality of PPP. It was originally started by Microsoft, US Robotics, Ascend Communication, 3Com, and ECI Telematics.  Their first draft of their IETF document for the protocol extension was submitted in June, 1996.  The protocol extension is supported by Linux, Mac and Windows workstations.

Current versions of all three operating systems include the VPN Client application pre-installed in the operating system.  All three operating system server versions can also be setup to allow PPTP connections. A Microsoft Routing and Remote Access Server (RRAS) typically uses Microsoft Point to Point Encryption (MPPE) which is based on RSA RC4 and supports up to 128 bit encryption.

IPSec

IPSec is short for Internet Protocol Security.  It works on Layer 3, and is often called “Site to Site VPN”.  It is usually used to connect one LAN to another LAN, most times using two hardware VPN units at each side communicating with each other.  It can also be used to connect a workstation to the corporate LAN, typically using proprietary software from the VPN manufacturer/developer (although you can sometimes use the built in software in the operating system – as is the case with Windows). The protocol can function in two modes (Transport and Tunnel) and provides end to end security by authenticating and encrypting the packets between parties.  It can support up to 168bit encryption with 3DES.

SSL VPN

SSL VPN is a type of VPN that allows communication to happen over https via web browsers.  The main advantage of SSL VPN is that no additional client software is required besides a web browser.  Since no software needs to be installed on a computer, a user can access the corporate network via VPN from just about any computer (i.e, Public Computer, kiosk, etc.).   The disadvantage is that because it tends to make the applications you would normally use a web type of application, you often lose some of the intended user experience of those converted applications.

L2TP

L2TP is short for Layer 2 Tunneling Protocol.   It doesn’t do any encryption on it’s own, and is often used in conjunction with IPSec (L2TP/IPsec VPN). The biggest thing to remember about L2TP is that it allows more types of applications to communicate through the VPN connection that otherwise are not supported in a standard IPSec implementation.

In a nutshell, deciding which VPN protocol to implement depends on your budget, the hardware that you have, what will be connecting (workstation/user, or LAN to LAN) and the ease of use.  Please feel free to contact us, and we will be happy to help plan out your VPN infrastructure, or answer any questions that you may have.

Setup HP OfficeJet Printers Using Terminal Services

Wednesday, September 9th, 2009

Often times remote users have Officejet printers and would like them redirected in Terminal Services. Prior to the new version of remote desktop, this was difficult to do. Most times, the user had to lose functionality locally on their printer in order to get this to work. With the latest version of Remote Desktop for Windows, (version 6), this is no longer an issue. The printer will redirect as it’s supposed to. The following are the steps to successfully accomplish this.

1. Download the drivers. You must ensure the server has the drivers before redirection will take place. You can open up the printer control panel, and open up the print server properties from there and search for the driver. If the driver is not there, you must install it. If, for example, HP does not have just the driver, but the entire install suite, install only the printer portion, and choose the option to install even though the printer is not plugged in (sometimes this will require that the server be rebooted). Open up the print server menu from the printer control panel again, and confirm the printer is there.

2. Ensure the remote client is using Windows XP SP2, if they are not at SP2, they will not be able to upgrade Remote Desktop to version 6. Once you have ensured that they are running SP2, have the user go to: http://support.microsoft.com/kb/925876 and select the appropriate version for their OS. It will then ask the user to validate their version of Windows. Once this is done, install the new version of Remote Desktop and test. They should be good to go now.

Restoring Kerio Mail Server Data Without Using KMS Restore

Tuesday, September 8th, 2009

This article will cover the WHY and the HOW of restoring mail files without using the KMS recover tool 

WHY would you not want to use the KMS recover tool.
1. The KMS recover tools requires that you stop the KMS in order to restore. This is an interruption in a live mail server which can bring a company to a halt. We do not always have the opportunity to wait until off-time to restore important data.
2. The KMS tool has the ability to restore specific folder, will overwrite said folder. For example if Julia asks me to restore all the message in her in box before September second, restoring that INBOX using KMS recover for September second would erase the entire contents of that inbox and replace it with the contents of september second. This is not always what is desired.

How to do this properly.

1. isolate and decompress the archive zip file for the client. This is often the most time consuming part of the restore. Especially if there are quite a number of zip files to look through. I suggest you install some sort of client to look at the zip contents. I suggest the zip quick look plug in found at:

http://d.hatena.ne.jp/t_trace/20071125/p2

Without such a utility you will need to de compress as many zip files as it takes to isolate the user folder in question. It is important to know that if the user account is over 1 GB the backup process will split it between multiple zip files.

2. Once we have isolated the files to be restored we copy these files to the Archive directory as indicated in the Administrative Console under the Archive and Backup tab. Once these files are copied to the Archive directory KMS will index it so it will become available to the Mail Admin web interface

3. log into the mail admin web interface. Expand the Archive folder and you should see a listing for the files you copied to the archive folder.

4. Now we need to get these files into the target folder. This can be accomplished several ways;
A. the easiest way to restore these files is when you have the password for the user in question. If this is the case you can access the web interface for that user. In the Admin account create a public folder of the time required. A mail folder for mail, a contact folder if you are transferring contacts, or a calendar folder for transferring calendar items. Right click on the new public folder and change the access rights so the admin account and the user account in question both have administrative rights. Once this public folder has been created copy the files from the archive folder to the public folder. Usually by right clicking on the archive folder and choosing “Move or Copy all” and choosing the public folder for the destination. Once that copy process is done you can log into the web interface for the account in question and proceed to copy the messages out of the public folder to the folder in their account.

This will give you the option to see what messages are there so you don’t over write them.

repeat this process as necessary to restore the message to the folders required.

B. If you don’t have the password to the user account. You can still accomplish a lot but it will require the use of the terminal on the mail server. I would suggest you try your best to get the mail password for the account or change the mail password for the account to grant you access. If you cannot get the password or it would really be bad to change the password you can proceed in the following manner.

It is important that the actual message copying take place in the web interface. This is so kerio can properly name the messages and that the index files are correct.

In the Admin web interface create a new folder named temp_restore. This folder will be empty with nothing important. At this point you will need ssh access to the mail server and grant yourself root access. Navigate to the mail store directory and to the account of the person you are going to restore message for. Use the ditto command to copy the contents of the target restore folder ( in this example the inbox of Renee ) to the temp_restore.

When you refresh your web interface for the mail Admin, temp_restore will gain all of the properties of the Renee’s inbox. You can proceed to copy the files form your archive folder to this temp_restore. This will preserve message numbers and index files. Once the copy is complete you can return to the terminal and reverse the direction of the copy. This will maker Julia’s inbox the same as your temp_restore.

This method is trickier with the inbox as it is possible that message have come in during the time you would making the copies. Other folders are not quite so sensitive to this process.

This process can be time consuming but it is sometimes best to work slowly without stopping the mail server for everyone

Push Notification Server

Tuesday, September 8th, 2009

Hosting Your Mail Store on a Non Booted Volume Using Kerio Mail Server

Monday, September 7th, 2009

There is a bug in KMS when the mail store is on the root level of a non boot volume.

When the path to the mail store volume exactly matches the mount point for the hard drive. KMS cannot determine whether the volume is properly mounted or not. This leads to the creation of a folder in the /Volumes directory that causes the mount point of the intended drive to have the number 1 appended to its name.

for example if your second internal drive is named KERIO_DATA, the full path to the drive is /Volumes/KERIO_DATA

if the path to the mail store is indicated at /Volumes/KERIO_DATA in the administrative console KMS will not be able to test whether the drive is mounted or not.

It should now be considered best practices to create a folder within the drive called mailstore such that the full path to the mail store is now /Volumes/KERIO_DATA/mailstore

This will allow KMS to test whether that path is valid before the mailserver daemon starts.

How to Fix It
If you come across a scenario where this mount point problem has come about.
you will see in the /Volumes folder

/Volumes/KERIO_DATA and /Volumes/KERIO_DATA1

Since kerio works on path names it will ignore /Volumes/KERIO_DATA1 and work with /Volumes/KERIO_DATA

to fix this

1. Stop KMS
2. Move /Volumes/KERIO_DATA to another location. This is a folder and can me moved.
3. Unmount /Volumes/KERIO_DATA1 so neither KERIO_DATA nor KERIO_DATA1 are present.
4. Remount the drive so that it properly mounts as /Volumes/KERIO_DATA
5. Start KMS

What about the messages that were received during the time that KMS was working with that folder?

You can’t just move those message files into the current mail store. Each folder contains numerically listed mail messages in hexadecimal naming convention.
If you just copy the messages you can overwrite existing messages. In addition the status.fld file indicate what is the next safe file name for a mail message.

If these are out of sync it will take hours for the KMS to catch up.

The best practice is to locate the mail archive folder as indicated in the admin console. Move this erroneously created mailstore folder into the Archive folder.
This folder structure will then be available to the Admin user account web interface. This will allow the admin to access all aspects of the mailstore including contacts and calendar items.

You will then need to move the messages, contacts and calendars to the appropriate users. This precise technique for restoring these items is more fully covered in my next article. Kerio Mail server How to restore items without using the kmsrestore application

MXLogic Acquired by McAfee

Thursday, September 3rd, 2009

McAfee has announced that they will be acquiring MXLogic, outsourcer of message hygiene solutions. This strengthens the cloud offerings from McAfee and also brings one of the better known spam names into the umbrella of a larger entity. This move should allow MXLogic to strengthen offerings while allowing McAfee to bundle further services into existing MXLogic environments.

New Video on System Image Utility in Snow Leopard

Tuesday, September 1st, 2009

Now that NetRestore has been moved into Mac OS X Server (kinda), we have created a new video on creating a NetRestore image for Snow Leopard.