Booches.nl

New Theme

As I already announced on Twitter, I have updated my blog theme. I am very curious about your comments…… should this theme stay or should I revert back to the old one? What would you change at the current theme?

Updated on December 1ste 2009

Yesterday I have been playing with my new theme and eventually I ended up deleting all previous comments…. I also noticed that the WordPress Blog Stats didn’t work anymore, but luckily I found the solution for this. My new theme didn’t contain the wp_footer() function. The function is often used by plugins to insert PHP codes after everything else on your page. According to WordPress.org theme development documentation, you should place the wp_footer() function in the footer, which would be in the footer.php file.

eSafe license expires

I just received the following interesting question:

What happens if our eSafe license expires?……Because it expires this weekend!!!!!!!!

Interesting question, because I never encountered such a situation. Normally the license is renewed in a timely fashion or a trial is stopped before the license expires. I searched the Knowledge Base from eSafe and found an article. This article tells the following:

Evaluation license: when an evaluation license expires, eSafe allows all traffic to pass through without any scanning at all.

Registered license: when a registered license expires, eSafe scans and blocks traffic, but stops receiving updates. Important note: if there are any licensed add-on’s installed (URL filter, Advanced Anti-Spam), they will stop functioning after the registered license expires.

Citrix Terminal Server License Server problem

One of our customers is using a Citrix NetScaler appliance for SSL VPN capabilities for remote users. I tried to start an application (RDP Client) through this SSL VPN solution, but I couldn’t succeed. I was able to login and I would see all the published applications, but when executing one, I received the following error message:

The remote session was disconnected because there are no Terminal Server License Servers available to provide a license. Please contact the server administrator.

So I did contact customers system engineers, because I thought the problem was related to the customers Terminal Server License Server environment. I thought this, because I was still able to use SSL VPN solutions from other customers. They couldn’t find any solution for my problem and that’s correct.

The solution for the problem is found on my own laptop. I stumbled upon this TechNet article. I opened my registry and deleted the following folder and subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing\Store\LICENSE000

This did the trick. I was able to execute the published applications again without any problem after rebooting my laptop.

Cisco Aironet: multiple SSID’s

I have been playing with some Cisco Aironet’s today. Configuration is quite simple and straightforward, but maybe not for everyone:

• Broadcast two SSID’s, unsecure and secure
• Authentication via WPA version 2 pre-shared key
• Management IP adres in management VLAN

You are maybe thinking: “stand-alone access points, why no WLAN controller?” I agree, but be honest. Would you use a WLAN controller for less then 5 access points?

The snippet below shows the most important configuration for such a scenario.

dot11 mbssid
dot11 vlan-name secure vlan 11
dot11 vlan-name default vlan 1
dot11 vlan-name unsecure vlan 13
dot11 vlan-name management vlan 10
!
dot11 ssid unsecure
vlan 13
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii <wpa pre-shared key>
!
dot11 ssid secure
vlan 11
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii <wpa pre-shared key>
!
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 13 mode ciphers aes-ccm tkip
!
encryption mode ciphers aes-ccm tkip
!
encryption vlan 11 mode ciphers aes-ccm tkip
!
ssid unsecure
!
ssid secure
!
speed  basic-1.0 basic-11.0 basic-54.0
channel 2412
station-role root
!
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
bridge-group 11
bridge-group 11 block-unknown-source
no bridge-group 11 source-learning
no bridge-group 11 unicast-flooding
bridge-group 11 spanning-disabled
!
interface Dot11Radio0.13
encapsulation dot1Q 13
ip access-group internet-only in
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
bridge-group 13
bridge-group 13 subscriber-loop-control
bridge-group 13 block-unknown-source
no bridge-group 13 source-learning
no bridge-group 13 unicast-flooding
bridge-group 13 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.10
encapsulation dot1Q 10 native
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 10
no bridge-group 10 source-learning
bridge-group 10 spanning-disabled
!
interface FastEthernet0.11
encapsulation dot1Q 11
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 11
no bridge-group 11 source-learning
bridge-group 11 spanning-disabled
!
interface FastEthernet0.13
encapsulation dot1Q 13
no ip unreachables
no ip route-cache
no cdp enable
bridge-group 13
no bridge-group 13 source-learning
bridge-group 13 spanning-disabled
!
interface BVI10
ip address 10.1.1.200 255.255.255.0
no ip route-cache
!
ip default-gateway 10.1.1.1
!
bridge 1 route ip

I hope this helps when you are configuring a Cisco Aironet with multiple SSID support.

ISA 2006 Link Translation

Web pages returned from a Web server published by a Microsoft® Internet Security and Acceleration (ISA) Server 2006 Web publishing rule may include links containing internal names of computers or Web sites and internal paths to Web content. Because external clients cannot resolve these internal names, these links will be broken unless the internal names are replaced by the public names of published Web sites. ISA Server includes a built-in Web filter named Link Translation Filter, which uses mappings to translate internal names in links on Web pages to publicly resolvable names. Each mapping translates an internal URL (or part of a URL) to a public equivalent. For example, a mapping can translate the internal URL http://team to the public URL https://www.team.contoso.com. Link translation mappings are stored in tables called link translation dictionaries.

Today I had a problem where the remote user wanted to request the following URL https://www.booches.nl/configuration/service.jsp. This URL isn’t allowed and needed to be redirected. ISA’s Link Translation was the solution for me. I configured the following Link Translation.

The following Link Translation rule translates the URL above in https://www.booches.nl/configuration/denied.html.

It works for me!!!