Friday, June 7, 2013

QNAP with OwnCloud 5.0 Installation and Configuration from SCRATCH!

A client recently purchased a QNAP from us, and he complained that the features aren't as 'dropbox' like. :( 
Well, let's then make the QNAP as DropboX like as possible! :)

After searching, I found the Wiki to install OwnCloud in a NAS - Wiki Here

However, this guide is applicable only to version 4 of the OwnCloud, and there seems to be some parts of it that is no longer required. 

 Disclaimer:
I did notice some problems in the forum on Owncloud 5.0 on the QNAP. Some reverted back to 4.5.11 build for better stability. While the forum posts are dated in May-2013, if you're worried about the possibility of conflicts or problems, I'd suggest going through the new features of the 5.0 and verify that if you don't need any of them, then please use the stable-build of 4.5.11. 

 Some of the forum entries are:
I will create/generate my own set of documentation based on my own best practice, and once I see this as 'good-enough', I will post it in the QNAP Wiki to help others.

 For a start, the list of things I have are:
  1. QNAP TS-419PII
  2. Update to the latest version of firmware, 3.8.3
  3. 2x 320GB hard-disks with RAID-1
  4. OwnCloud 5.0.6
  5. OwnCloud Documentation (Here)
I followed the Wiki to do these first:
  1. Enable the QNAP services for Telnet/SSH
  2. Enable the QNAP services for Web Server
  3. Install IPKG Optware in the QPKG Centre
  4. I did not install PHP 5.3 as it's already on PHP 5.3
  5. Download and unpack the latest version of OwnCloud and place it in the /web share
  6. Set the permission using chmod command via putty into the NAS
Next, I proceed with doing my own thing:
  1. Enable MySQL Server in QNAP Applications, but i did not want to tick the 'allow TCP connection' to prevent intrusion and hacking of the DB
  2. Reset the root password
  3. Install PhpMyAdmin in the QPKG Centre
  4. Remove all other applications that I do not use like Video station, Music station, etc...
The Tweaks made are the following:
  1. I will need to access mySQL database first to change the default password because root password as default is no good! (MySQL guide here)
  2. I will need to access via phpmyadmin but i can't login via admin
  3. I don't want to enable the TCP connection, so...
  4. Open up Windows Explorer, go to the path: \\(your NAS IP)\Web\phpMyAdmin
  5. Look for config.inc.php, change the value for 
    $cfg['Servers'][$i]['host'] = 'localhost';     
  6. Leave everything else the same. Note that the value was previously 127.0.0.1
  7. Proceed with login to PhpMyADMIN web-console (https://(ip)/phpMyAdmin), with default username: root, password:admin
  8. If you still can't login, just remember to reset the password from inside the QNAP Admin console.
  9. Immediately change password for the root account to access the phpMyAdmin
  10. Go to Privileges, create a new mysql account: owncloud1, set password accordingly.
  11. Set the location to 'localhost' instead of '%'
  12. Tick on the Create database with samename and grant all privilleges
  13. Click on Check All for the privileges, then untick the SUPER under Administration
DB is now ready, let's go with the OwnCloud Config:
  1. Login to web-console for owncloud (https://(ip)/owncloud)
  2. Create an admin account, I'll use owncloudadmin, with a new password - different from mySQL pls...
  3. Click Advanced
  4. Set DB to MySQL
  5. insert MySQL Details
    • User: owncloud1
    • Password: the password you've set for the user
    • DB name: owncloud1
    • Leave the localhost alone.
  6. Completed!

Now that OwnCloud is set-up, let's proceed with administering to owncloud!
 






Posted by at No comments:

Tuesday, June 4, 2013

Manually Map Office 365 MX records in my own DNS servers

I like Office 365, the features are decent, pretty much complete, and support is 'okay', a little slow at times, but generally, people on it-like Google Apps, don't complain with email unavailability, and issues with missing mails or even too much spam.

It goes to say that my own email hosting services, as well as implementing an onsite-exchange with SBS-es, have much to improve to match up to Office 365 and Google Apps set-up and maintenance team.

Having said that, there are some things that are set in place as a standard practice for Office 365 users or subscribers, to minimize problems with connections and reduce the complication of set-up. Wizards rule the configuration and I believe that is the strategy to allow any tom-dick-harry to set-up their own Office 365 subscriptions.

While that may be a good thing for the mass majority, IT pros like me would still like the flexibility of having to ala-carte our own variety of services too. Therefore, though we might like the Office 365 mail offerings, we could possibly maintain our own web-servers, and DNS servers too!

I did a quick search on the web and couldn't find a guide to do this manual configuration. As such, here are steps below to ala-carte my hosting plan.

Scenario:
  1. Client has a web-hosting, joomla site with Hostgator with ip 90.87.10.1
  2. Client has an email-hosting, previously in Hostgator too, on the same server as the web.
  3. Client has a domain name registered with ENOM named wecando.sg
  4. Client has a DNS server subscription with NO-IP for dynamic IP mapping for as well as DNS manangement. Which means, the authoritative name servers are currently set as:
    • ns1.no-ip.com
    • ns2.no-ip.com
    • ns3.no-ip.com
    • ns4.no-ip.com
    • ns5.no-ip.com
  5. Client would like Office 365 email only subscription, with a P1 or Small Business Standard Office 365. Having said that, it'll still work for other Office 365 set-ups.
I applied and configured for the set-up in Office 365. That has to be the first thing done properly.
Create all the accounts, register for the domain within office 365... (oh well, there's a whole bunch of other guides out there on the set-up... I won't cover it here.)

Now, for the CUT-OVER.

You might be familiar with the DNS changes for the first MX or TXT/SRV record changes to the domain name in the DNS server to allow the domain ownership verification process. If not, please follow the instructions from the Microsoft guide.

 Once you are left with step-5 in the set-up process, the last step was to simply change the authoritative name server from my no-ip.com to ns1.microsoft name servers, which I really don't wish to.

 As such, we'll then have to head to:
  1. Login to Office 365 portal
  2. Scroll down or on the left Nav, to look for Domains
  3. You'll see a list of domain names
  4. Select the domain name you'd like to find out more on the details, then click View DNS Settings
  5. You'll see that the DNS configuration is in progress and 'some things' are not yet completed.
  6. Look below, click on View DNS records.
  7. You'll get to see the current MX records and what is the server to use...such as:
    wecando-sg.mail.protection.outlook.com
    autodiscover.outlook.com
  8. To ensure that you'll have autodiscover ready for use, please insert the CNAME record for the domain in your DNS server, in my case, the No-IP server.
  9. I also need to remove current MX records from my No-IP DNS Server for the domain, and place the Microsoft MX Record.
  10. Note that each domains registered with Microsoft will have their MX servers named differently! You can't use this address above as a template, always check and verify the DNS settings.

That's it. Changes to the domain and MX, thought we all like to believe that it's 48-hr, should actually take no more than 2-hrs depending on the TTL settings. I'd advise not to terminate the old mail hosting plan for 1-2 days, then once 1-2-days are over, do give the old mail server a check to ensure that there are no 'trapped' emails... Once ready, delete all old mailboxes and disable the SMTP or email services in the previous hosting plan. (VERY IMPORTANT) 

Hope this guide helps people out there!





 
Posted by at No comments:
Labels: , ,

VPN issue with a user account - error 800 - on Windows Essentials 2012 and SBS 2011

A client called and reported a VPN connection problem with an error 800. Interestingly, the issue happened only on his account and not the others. 

 I proceed with testing on the administrator account, found out that it works!
I went on to Google to search for the possible issues that might be related, I searched from this aspect:
  1. User remote access privileges
  2. User network access protocol blockage
  3. Whether there is a 'Deny' access on any of the security groups
  4. Is it related to the IP address or the network that the client is connecting from
Further on, I started to search through the web for solutions, some links in my searches: 

1) Reconfiguring the Remote Access Services - VPN - http://www.windowsecurity.com/articles-tutorials/Windows_Server_2012_Security/understanding-configuring-network-policy-access-services-server-2012-part2.html 
While it doesn't make sense to do this, I was out of solutions and I think this was a good try. I tried and to my dismay, the problem persists, and only onto this particular user account.
2) Technet article on the correct way in establishing the Essentials Server 2012 VPN services - http://technet.microsoft.com/en-us/library/jj635063.aspx

3) A VPN server issue and it's security protocols - http://social.technet.microsoft.com/Forums/en-US/winserveressentials/thread/f17ec934-821c-4fe7-bb44-679bdf0e4ad3

This link provides a check on client configuration as well as network set-up. Having the VPN connected clients to be in the same DHCP region as LAN, I don't see any issues with the network part of the connection. Moreover, I am facing problem with ESTABLISHING the VPN and not accessing the network servers.

4) Possibly a few cases of someone facing a similar problem with no resolutions
  • This is one close one: http://undepurated10.motutaro.com/browser.php?indx=6583078&item=612
  • This is one SUPER CLOSE: http://social.technet.microsoft.com/Forums/en-US/winserveressentials/thread/617af2e7-a904-44f3-a9f0-173658bfa848
  • This is one EXACT SAME ISSUE: http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/63e1855d-69eb-43f5-b3d3-52494cdb542d

5) Issues related to 3rd party applications affecting the VPN as a whole - http://forums.hak5.org/index.php?/topic/25381-server-2008-r2-vpn-error-812/

This is related to issues with VPN from Antivirus software or firewalls. I don't have this issue as the server does allow VPN connection in general, just NOT on 1 account.
There are some good troubleshooting references in the link that we all ought to follow for the troubleshooting process. Some posts here talks about NPS and the pains in getting that set-up or configured properly.  

6) Troubleshooting guide related to NPS - http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/62c382fc-ebf8-4c69-9569-5cda792a19bf/

Decent article in step-by-step troubleshooting if NPS is the issue. I went through this and found out that it's not an NPS or Network Access Policy services that's stopping the VPN.


========================================================================

 After trying for close to 3hrs, I gave up, and created a new user account specifically to allow only for VPN. I used a similar naming convention.. So if the user was Andy Tan and his log-in account is andytan, then the new account was andyt and i set the same password for the user, with similar account privileges simply for VPN access. 

 This solved the issue and client is happy. Anyway, it's not worth the amount of time to troubleshoot, but it's interesting that such a 'bug' occurs. I do am looking forward to Microsoft solving this issue though.

 I will post in some of the community forum to see if they can figure a resolution.
Posted by at 1 comment:
Labels: , , ,
Location: Singapore
Subscribe to: Posts (Atom)