Server side
1.要求憑證 (exchange command line)
New-ExchangeCertificate -GenerateRequest -subjectname "dc=tw,dc=com,dc=mmik,o=Mmik Solutions,cn=mail.mmik.com.tw" -domainname "mail.mmik.com.tw" -PrivateKeyExportable $true -path c:\a.txt
2.取得cert檔案
把c:\a.txt的內容貼到CA server的網頁去要求憑證 http://127.0.0.1/certsrv
3.import cert
Import-ExchangeCertificate -Path c:\certificates\filename.cer -friendlyname "Contoso CAS01"
4.check 是否成功
get-exchangecertificate | fl
*UPDATE: Still not why the steps below work on some boxes but not others. However, the SBS team just blogged about the implications of the Loopback Check registry key as well as the ability to register your public URL on your SBS box so that it bypasses the loopback check without having to completely disable the loopback check. I still recommend reconfiguring SharePoint Search as noted below in addition to registering your public URL to bypass the Loopback Check.
*UPDATE: We have confirmed that the steps below work on some SBS 2008 boxes, but not all installs. If these steps do not work, see Dan's entry in the Comment section about disabling the LoopBackCheck in the registry. Despite what you may see in other forums, SharePoint search will work just fine with https://remote.company.com being the Default security zone for your companyweb - you do not need to edit your alternate access mappings. Additionally, the SPContent account only needs to be a member of the domain users security group, and the SPSearch account only needs to be a member of the domain users and WSS_WPG security groups. SharePoint Central Administration will add the SPSearch user account to the WSS_WPG security group when search is configured per the steps below.
*Updated on 2009-03-29 at 9:45am CDT (GMT -5). Original post missed the steps of stopping the Search service before reconfiguring.
With Small Business Server 2008, SBS customers finally get Windows SharePoint Services 3.0 built-in to replace the SharePoint 2.0 companyweb included with SBS 2003. However, when you get your SBS 2008 box all set up and running, you may notice a few quirks when it comes to SharePoint search. Specifically,you are seeing 2436 errors in your Application event log:
Log Name: Application
Source: Windows SharePoint Services 3 Search
Date: 3/29/2009 4:20:05 PM
Event ID: 2436
Task Category: Gatherer
Level: Warning
Keywords: Classic
User: N/A
Computer: server.company.local
Description:
The start address <sts3s://remote.company.com:987/contentdbid={d4078aab-
ce82-4581-8d4f-973e1e6eac23}> cannot be crawled.
Context: Application 'Search index file on the search server', Catalog
'Search'
Details:
Access is denied. Check that the Default Content Access Account
has access to this content, or add a crawl rule to crawl this content.
(0x80041205)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Windows SharePoint Services 3 Search" />
<EventID Qualifiers="32768">2436</EventID>
<Level>3</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<Channel>Application</Channel>
<Computer>server.company.local</Computer>
<Security />
</System>
<EventData>
<Data>
Context: Application 'Search index file on the search server', Catalog
'Search'
Details:
Access is denied. Check that the Default Content Access Account
has access to this content, or add a crawl rule to crawl this content.
(0x80041205)</Data>
<Data>sts3s://remote.company.com:987/contentdbid={d4078aab-ce82-4581-
8d4f-973e1e6eac23}</Data>
</EventData>
</Event>
The issue here is that Windows SharePoint Services Search uses two separate accounts – one user account runs the search service, and the other user account is used to actually access the SharePoint content in order to index it. When configuring SharePoint Search, SharePoint Central Administration explicitly states that these accounts cannot be built-in accounts (such as LOCAL SYSTEM or NETWORK SERVICE). By default, SBS 2008 is using built-in windows accounts, which is resulting in this error being generated.
Luckily, this is easy to fix. The first thing we need to do is to create two new user accounts for SharePoint search to use. Personally, I do not create these accounts using the SBS add user wizard, because they will effectively be service accounts, so they do not need mailboxes, and we don’t need to see these accounts included in the User account list on the SBS console.
1. On your SBS, open Active Directory Users & Computers (Start –> Administrative Tools –> Active Directory Users & Computers.
2. Within ADU&C, navigate to the Organizational Unit where you want to create the new user accounts. (Personally, I create a new “Service Accounts” OU under <domain> –> My Business –> Users)
3. Right-click on the OU and select New –> User
4. On the first page of the new user window, enter the following info:
o First Name: SPSearch
o Last Name: <leave blank>
o Username: spsearch
5. Click Next.
6. Enter a strong password for the new account.
7. Uncheck the option “User must change password at next login”
8. Check the option “User cannot change password”
9. Check the option “Password never expires”
10. Click Next
11. Click Finish.
12. Repeat steps 3-11, using “SPContent” instead of “SPSearch” in step 4
We do not have to worry about granting any access or permissions to the two new accounts we created. After the accounts have been created, close Active Directory Users & Computers, then open SharePoint Central Administration (Start –> Administrative Tools –> SharePoint 3.0 Central Administration).
1. When SharePoint 3.0 Central Administration opens, go to the Operations tab.
2. Click on the “Services on Server” link
3. In the Action column, click the link to Stop the “Windows SharePoint Services Search” service.
o You will receive a warning that stopping the search service will remove existing indices. Click OK to acknowledge the warning.
4. When you return to the SharePoint Central Administration Operations tab, the Windows SharePoint Search Service will show as stopped. Click the link to Start the Windows SharePoint Services Search service. This will open the Search service configuration page.
5. In the Service Account section, select the “Configurable” option
1. For a username, enter <DOMAIN>\SPSearch (where <DOMAIN> is your AD domain).
2. For a password, enter the strong password you assigned to the SPSearch account.
1. In the Content Access Account section, select the “Configurable” option
1. For a username, enter <DOMAIN>\SPContent (where <DOMAIN> is your AD domain)
2. For a password, enter the strong password you assigned to the SPContent account.
2. In the Search Database section, change the database name by appending and underscore 1 (“_1”) to the database name.
o By default, the database name should be WSS_Search_[SERVERNAME], so we’re changing it to WSS_Search_[SERVERNAME]_1.
o Changing the name is necessary because the default database name already exists with search data. If we attempted to use the default database name, SharePoint would throw an error that the database contains user-defined schema and cannot be used. By changing the search database name on this configuration page, SharePoint Central Administration will create a new database using this name and configure search to use this new database. Since the new database is empty, we won’t encounter any errors.
1. Accept the remaining defaults and click the OK button.
After clicking OK, the settings should be applied and you should return to the “Services on Server” page in SharePoint Central Administration, and the Windows SharePoint Services Search” service should be listed as started.
Close SharePoint Central Administration and open the Services MMC (Start –> Administrative Tools –> Services). Restart the Windows SharePoint Services Search service. Verify that the Windows SharePoint Services Search service is configured to login with the SPSearch account you created.
Voila! Moving forward, you should not experience the 2436 error event in your Application Log.
1.terminal configuration\connections\rdp-tcp check service start
2.check regedit
hkey_local_machine\system\currentcontrolset\control\terminal server\wds\rdpwd\tds\tcp\portnumber=3389
hkey_local_machine\system\currentcontrolset\control\terminal server\winstation\rdp-tcp\portnumber=3389
hkey_local_machine\system\currentcontrolset\control\terminal server\fdenytsconnection=0
hkey_local_machine\software\policies\microsoft\windowsnt\terminal services\fdenyconnextion=0
3.terminal 自己
4.如果都不行,就要找微軟了
mts report
netstat -ano
error message screen shot
There was a question on http://forums.iis.net about having Apache and IIS7 on the same box. here are the instructions I tested on Vista RTM and Windows Server 2008 B3. This assumes you have two ip addresses on the box, 192.168.0.90 and 192.168.0.91. It can be any ip's.
1) Added or make sure your machine has two ip's
2) Open a command prompt
3) Type netsh
4) Type http
5) Type sho iplisten. It should be blank
6) Type add iplisten ipaddress=192.168.0.90
You should get IP address successfully added
7) Type sho iplisten again
It should sho 192.168.0.90 in the list
8) Type exit to get out of netsh
9) Type type netstat -an. See if you notice 192.168.0.90:80 in the list. If you see 0.0.0.0:80, do an iisreset
10) Download and install Apache ( I did it with 2.2.4)
http://mirror.nyi.net/apache/httpd/binaries/win32/apache_2.2.4-win32-x86-no_ssl.msi
11) Do a default install,
12) Open httpd.conf and adjust the ip listen to 192.168.0.91:80
目前準備開始使用RoboCopy指令,可是發現它的參數說明是全英文的
某些參數說明我是翻譯出來了,但不知道是否有錯誤?
還有些翻譯不出來的(便不了解它的功能),可否請您幫個忙?
來源參數
/S : 複製每個目錄及其包含的子目錄,不複製空目錄 copy Subfolders
/E : 複製每個目錄及其包含的子目錄,也複製空目錄 copy Subfolders, including Empty Subfolders.
/SEC : 複製安全性 copy SECurity info (both source and dest must be NTFS).##
/A : 只複製設定成保存屬性的檔案,不要改變屬性的設定 copy only files with the Archive attribute set.
/M : 只複製設定成保存屬性的檔案,並清除保存屬性 like /A, but remove Archive attribute from source files.
/LEV:n : only copy the top n LEVels of the source tree.##
/MAXAGE:n : 排除比指定日期要舊的檔案 MAXimum file AGE - exclude files older than n days/date.##
/MINAGE:n : 排除比指定日期要新的檔案 MINimum file AGE - exclude files newer than n days/date.##
(If n < 1900 then n = n days, else n = YYYYMMDD date).
複製參數
/L : 顯示要複製的檔案 List only - don't copy, timestamp or delete any files.
/MOV : 移動檔案 MOVe files (delete from source after copying).##
/MOVE : 移動檔案與資料夾 Move files and dirs (delete from source after copying).
/Z : 在可重新開始的模式中複製網路檔案 copy files in restartable mode (survive network glitch).##
/R:n : number of Retries on failed copies - default is 1 million.
/W:n : Wait time between retries - default is 30 seconds.
/REG : Save /R:n and /W:n in the Registry as default settings.
/TBD : wait for sharenames To Be Defined (retry error 67).##
目的地參數
/A+:[R][A][S][H] : set file Attributes on destination files - add.
/A-:[R][A][S][H] : set file Attributes on destination files - remove.
/FAT : 將目的檔案設定成FAT8.3名稱(不太了解意思) create destination files using 8.3 FAT file names only.##
/SECFIX : FIX SECurity info on existing files and dirs.##
/TimFix : FIX Timestamp on all existing destination files,
including skipped files. ##
(prior to version 1.95 this was /T it's not backwards compatible
so scripts that use /T may fail)
/CREATE : CREATE directory tree structure + zero-length files only.
/PURGE : 刪除目的檔案,當來源檔案已不存在時 delete dest files/folders that no longer exist in source.
/MIR : MIRror a directory tree - equivalent to /PURGE plus all subfolders (/E) ##
記錄參數
/L : 顯示要複製的檔案(前面也有個/L,但不知差異在哪) List only - don't copy, timestamp or delete any files.
/NP : 不要顯示拷貝的百分比 No Progress - don't display % copied.
/LOG:file : 將記錄複寫到記錄檔 output status to LOG file (overwrite existing log). ##
/LOG+:file : 將記錄附加到記錄檔 output status to LOG file (append to existing log). ##
進階參數
/XO : 排除目的檔案的日期跟來源檔案一樣或更新 eXclude Older - if destination file exists and is the same date
or newer than the source - don't bother to overwrite it.
/XC | /XN : 排除變更過的檔案 eXclude Changed | 排除新增的檔案 Newer files
/XX | /XL : eXclude eXtra | Lonely files and dirs.
An "extra" file is present in destination but not source,
excluding extras will delete from destination.
A "lonely" file is present in source but not destination
excluding lonely will prevent any new files being added to the destination.
/IS : 複寫檔案,既使他們是一樣的(不太了解意思) Overwrite files even if they are already the same.
/XF file [file]... : 排除指定的檔案,可包含路徑與萬用字元 eXclude Files matching given names/paths/wildcards.##
/XD dirs [dirs]... : 排除指定的資料夾 eXclude Directories matching given names/paths. ##
XF and XD can be used in combination e.g.
ROBOCOPY c:\source d:\dest /XF *.doc *.xls /XD c:\unwanted /S
/MAX:n : 排除比指定bytes要大的檔案 MAXimum file size - exclude files bigger than n bytes. ##
/MIN:n : 排除比指定bytes要小的檔案 MINimum file size - exclude files smaller than n bytes.##
/XA:[R][A][S][H] : eXclude files with any of the given Attributes
/IA:[R][A][S][H] : Include files with any of the given Attributes ##
/X : report all eXtra files, not just those selected & copied.
/V : produce Verbose output log, showing skipped files.
/ETA : 顯示預估完成的時間 show Estimated Time of Arrival of copied files.
http://technet.microsoft.com/en-us/library/cc303280.aspx#_Activate_MAK_Clients
Activate MAK Clients
After a client is converted to MAK activation, it attempts to activate over the Internet at the next scheduled interval. You can force an immediate activation through the System application, over the Internet, using a telephone, or using the Volume Activation Management Tool (VAMT).
To confirm that your computer is activated, check the bottom right corner of the desktop for Windows is activated. You can also run Slmgr.vbs /dli from a command prompt to view the activation status of a computer.
Activate MAK Clients over the Internet
To complete the following procedures, you must have administrative rights on the MAK client computer and the MAK client computer must have access to the Internet. Windows reports whether the activation was successful or a failure. If you are unable to activate, the wizard presents additional options.
To activate MAK manually using System properties
1. Log on to the MAK client.
2. Open the System application in Control Panel. To do this, click Start, click Control Panel, and then double-click System.
3. Click the option Click here to activate Windows now.
To activate a MAK client manually over the Internet
1. Log on to the MAK client.
2. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
3. At the command prompt, type Regedit.exe and then press Enter.
4. Type the following at the command prompt, and then press Enter:
cscript \windows\system32\slmgr.vbs /ato
5. The script reports whether activation was a success or failure and includes a result code.
真神奇…居然預設沒有安裝bash....
1. 安裝 bash
# cd /usr/ports/shells/bash
# make install clean
2. 將 shell 改成 bash
# chsh <== 這個指令就是 change shell 的意思
#Changing user database information for root.
Login: root
Password:
Uid [#]: 0
Gid [# or name]: 0
Change [month day year]:
Expire [month day year]: Class: Home directory: /root
Shell: /bin/tcsh <== 把 /bin/tcsh 改成 /usr/local/bin/bash
Full Name: Charlie &
Office Location: Office Phone: Home Phone: Other information:
3. 存檔離開
4. 編輯 bash 設定檔
# vi /etc/profile 加入 export LANG=zh_TW.Big5 #設定繁體中文 export LC_ALL=zh_TW.Big5 #設定繁體中文
alias ls='ls -fGa' # 讓 ls 能顯現出顏色
alias rm='rm -i' # 刪除確認 alias cp='cp -i' # 拷貝確認
alias mv='mv -i' # 搬移確認
5. 自訂命令提示字元 PS1="[\u@\h \W]\\$ " 說明: \u --> 顯示使用者帳號
\h --> 顯示系統的 hostname
\w --> 完整路徑
\$ --> 以 # 表示 root,以 $ 表示一般使用者
6. 存檔離開,重新登入即可生效...
(2) 如果 mirror 中某一個硬碟壞掉了,怎麼辦?
# gmirror remove gm0 ad0 # 移除 mirror 壞掉的 ad0
# gmirror forget gm0 # 忽略 mirror 中之前存在,而現在不存在的裝置
# shutdown -h now # 關機拔掉壞掉那棵 HD 假設壞掉的是 ad0 更換新的 HD 接著重開 gm0 就會使用 ad1 進入 OS 可看看是否正常運作
# shutdown -h now # 再次關機接上新的硬碟
# gmirror insert gm0 /dev/ad0 # 重開後再 insert 新的硬碟
http://freebsd.ntut.idv.tw/document/freebsd_software_raid_geom.html
ProFTPd是bsd下ports裡面就有的一個ftpd
所以想安裝的請到/usr/ports/ftp/proftpd
打make install clean
就可以安裝了
然後請
cd /usr/local/etc
vi proftpd.conf
修改ServerName
使""內和你hostname顯示的相同
ServerType可選standalone或是inetd
然後請在檔案內加一行
ScoreboardFile /var/run/proftpd.scoreboard
加完之後
離開vi
打touch /var/run/proftpd.scoreboard
然後應該就可以執行
/usr/local/etc/rc.d/proftpd.sh start
來啟動proftpd了
然後就可以/usr/local/etc/rc.d/proftpd.sh status
來看proftpd有沒有執行
不過這樣設定的情況下 是不能匿名登入的
就剛開始的設定 使用者也不會被限制在他的家目錄
如果要開放匿名目錄
把
<Anonymous ~ftp>
到
</Anonymous>
前面的#去掉即可
看看要不要改什麼設定
根據上面的說明
#DefaultRoot ~
把這行前面的#去掉
就可以限制使用者只能在他的家目錄活動
官方網站
http://www.proftpd.org/
#!/bin/sh
#
# ftp script to send/get file automatically
#
# define the variables
filename1="/path1/filename1"
filename2="/path1/filename2"
hostname="ftp.domain_name.com"
username="username"
password="password"
# main
ftp -n $hostname <<EOF
quote USER $username
quote PASS $password
binary
put $filename1
get $filename2
quit
EOF
http://support.microsoft.com/kb/283037
To enable PAE, use the /PAE switch in the Boot.ini file
The following is an example of a Boot.ini file where the PAE switch has been added:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003, Enterprise" /fastdetect /PAE
FreeBSD use the Network Time Protocol (NTP) for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123. If you have one computer or single server then you can easily synchronization time with other NTP servers. All you need is ntp client called ntpdate. It is use to set the date and time via NTP servers.
Use any one of the following command to install NTP:
# pkg_add -rv ntp OR
# cd /usr/ports/net/ntp# make; make install Visit public ntp timeserver list to pick up your NTP server.
If you are running FreeBSD ipfilter firewall, you need to open the UDP port 123. Just add following rule to your firewall script:
pass out quick on lnc0 proto udp from YOUR-SERVER to any port = 123keep state OR
pass out quick on lnc0 proto udp from YOUR-SERVER toTIME-SERVER-IP port = 123 keep state For example, my FreeBSD workstation IP is 192.168.1.16 and 61.246.176.131 is IP of NTP server then my rule is in ipf.conf file as follows:
pass out quick on lnc0 proto udp from 192.168.1.16to 61.246.176.131 port = 123 keep state Just run ntpdate command as follows to see you can set date and clock via NTP:
Set wrong date (Mon Dec 13 4:27 pm):
# date 0412131627 Now set correct date with ntp client:
# ntpdate -v -b in.pool.ntp.org 13 Dec 16:27:50 ntpdate[997]: ntpdate 4.2.0-a Thu Nov 3 07:34:22 UTC 2005 (1)
25 Jan 12:35:47 ntpdate[997]: step time server 61.246.176.131 offset 35237275.965726 sec
You can verify that correct data is setup:
# date Output:
Wed Jan 25 12:36:21 IST 2006 You need to set ntpdate via /etc/rc.local file.
# vi /etc/rc.conf Append following line to it:
ntpdate_enable="YES"
ntpdate_hosts="asia.pool.ntp.org"
Save and close the file. Make sure you have correct ntpdate_hosts server entry.
IASParse.exe
http://blogs.msdn.com/jananiv/archive/2006/02/16/533164.aspx
有安裝support tool的話可以在C槽的program file/support tool可以找到
啟動時可能發生的錯誤
若你是使用apache13的版本,在啟動時可能會注意到,明明設定都正確
但為什麼就是都動不起來!
請開啟 /usr/locale/etc/apache/httpd.conf 這個檔
將有關"mod_unique_id"的行句都註解起來(有兩行)
但確定如此一來,apache 就能啟動了!
如因特殊情況需更改 Windows XP 的序號可按下程序執行
1. 在〔開始〕→〔執行〕→〔Regedit〕→〔HKEY_LOCAL_MACHINE〕→〔SOFTWARE〕 →〔Microsoft〕→〔Windows NT〕→〔CurrentVersion〕在〔WPAEvents〕內將〔OOBETimer〕的頭兩個數值〔CA〕刪除
2. 在〔開始〕→〔執行〕→〔oobe/msoobe /a〕進入〔啟動畫面〕→選擇第二項〔電話啟動〕在進入下一個視窗,選擇〔change product key〕來修改序列號及輸入新的序列號,完成後點擊〔update〕進行更新及選〔remind me later〕
3. 重新啟動電腦後 在〔開始〕→〔執行〕→〔oobe/msoobe /a〕進入〔啟動畫面〕時應該顯示已經啟動
w32tm /configure /manualpeerlist:clock.stdtime.gov.tw /syncfromflags:manual /update
net stop w32time && net start w32time
w32tm /resync /rediscover 從新sync time
然後用schedule做排程就可以一天sync 一次
把server上面區域網路裡面的wins設定改為NetBIOS預設值,從DHCP伺服器取得wins的設定,如果使用靜態IP則啟用NetBIOS over RCP/IP
Wins server的狀態就會改為有回應了