SBS 2008 Port Forwarding

SBS2008 Port Fowarding
The server cannot open ports on the router. Ensure that ports 80, 443, 987 are opened and pointed the IP address on the server. If you are using e-mail open port 25, and if you are using VPN, open port 1723.
SBS 2003 Port Forwarding: 80, 443 Web and SSL
4125 – Remote Web Workplace
1723 GRE – VPN


Mac OS10 VPN

Open System Preferences and Network
Click the lock if not unlocked and click the + to add new
Interface to VPN
VPN Type to PPTP
Service Name: MCGB
Enter Server Address:
Account Name: yourusername
Check “Show VPN status menu bar”
Click Authentication Settings
Enter office password
Click OK and Apply
Click VPN in status bar and “Connect MCGB VPN”
Download and install Remote Desktop Connection for MAC


Access OWA using Safari & Mac OS10

Open Safari and click “Safari > Preferences”
Choose the “Autofill” tab and CHECK “User names and passwords”
Navigate to
Install Trusted Root Certificate
a. Click “Show Certificate”
b. Check “Always trust “server.domain.local” when connecting to “mail.server.tld”
c. Expand “Trust” section and choose drop down for “Always Trust” for everything.
d. Enter system password when challenged.
Login to OWA using mcgbusername and office password.
Choose “YES” to prompt “Would you like to save this password?”
Drag and drop address bar to desktop to create shortcut.


Lifehacker Posts

You’re backing up your data the wrong way:
HotImage your hard drive with DriveImage XML:
Various Driver Backup Programs:


Ultra VNC and the remote support tool

The great thing about UltrVNC is that it lets me set up a d/l executable that is executed by the end user and therefore, bypasses any firewall port forwarding settings on the client end.  THe server end needs PORT 5900 forwarded to the machine running “Ultra VNC Viewer (Listen Mode)”.
The full Download for UVNC is here:
And the app that makes all of my remote support magic happen is Ultra VNC Single Click:


Blackberry Switch Service Account

I recently had to pay for incident support to get my BES 4.1.6 SP7 back up and running and talking to my company’s 8 or 9 blackberry handhelds. Here are the steps I took:
1. Determine service account error by checking BES Log file

  • c:Program FilesResearch in MotionLogsSERVERNAME_MAGT_01_DATE_0001.txt
  • Saw error 5302

2. Export RIM registry key

  • regedit
  • HKCUSoftwareResearch in Motion  Export key

3. Create new Blackberry Admin user account in AD “BESAdmin”
4. AD > DOMAIN.local properties > Security tab

  • Add new user account “BESAdmin”
  • set “Send As” permission
  • verify inheritance to bbery user accounts
  • force if neccessary (advanced security settings for individual user accounts > Allow inheritable permissions CHECKED)

5. Exchange System Manager set Delegate Control

  • right click top level and Delegate Control
  • Add new user account “BESAdmin” as “Exchange View Only Administrator”
  • First Administrative Group > Right Click Properties > Security Tab > Change BESAdmin to add “Administer Information Store” , “Receive As” , & “Send As”

6. Local Security Settings (of blackberry server)

  • Local Policies > User Rights Assignments
  • add BESAdmin account to “Allow Log on Locally” and “Log on as a service”

7. Set new BESAdmin account as local administrator to BES server

  • Computer Management > Users and Groups > Administrator Group
  • Add domainBESAdmin

8. Log on as new account BESAdmin
9. Services.msc > Change “Log on As” to new BESAdmin for all Blackberry services (minus BB Attachment service – that stays as “Local System”)
10. Import HKCU RIM key exported in Step 2
11. Recreate MAPI profile (may need bbery services started to do this…)

  • open “Blackberry Service Configuration”
  • Server tab > Edit Mapi
  • Enter information of Exchange Server, and new BESAdmin account
  • Apply > OK > OK
  • open “Blackberry Manager” and create MAPI profile again using same settings

12. Start BB services or restart server.  Verify handheld communication with server.