Archive

Archive for December, 2015

Return the X-Frame-Options HTTP header in IIS 7 for Exchange OWA

December 18th, 2015 No comments

To prevent click-jacking, add the HTTP response header “X-Frame-Options” into IIS for websites and or Exchange OWA:

– Open IIS Manager and click on the server name in the left column.  Drill down if you only want to apply to one website.
– In Features View, double-click HTTP Response Headers.
– On the HTTP Response Headers page, in the Actions pane, click Add.
– In the Add Custom HTTP Response Header dialog box, add a header called “X-FRAME-OPTIONS”, and assign it’s value to “SAMEORIGIN”.
– Click OK

 

You can validate correct function by visiting one of these websites:

https://securityheaders.io
http://web-sniffer.net/

Categories: Uncategorized Tags:

Server Connection: Not Connected to SRM server

December 17th, 2015 6 comments

I was unable to find this problem documented anywhere, though there was a reference to it on another blog here:   http://www.virtualmachinery.co.uk/2015/03/upgrading-site-recovery-manager-55-to.html

 

The problem presents itself this way, looking at SRM in the web client in version 5.5 of VMWare, 5.8.1 of SRM:

Capture

As you can see, client connection shows as connected, however server connection shows as “Not Connected to SRM server”.  It wasn’t obvious to me, but what this means is the sites are not connecting to each other, even though they are paired and everything else looks green.

Additionally you will notice that the option to replicate changes to the secondary site before failover will be grayed out.

I spent several days troubleshooting this before I found an indicator in the logs that pointed to certificate errors.  I believe that if I was able to un-pair and then re-pair the sites, this would have been resolved.  However in order to un pair sites, you must first delete the recovery plans and protection groups.  When attempting to delete, the status would say deleting and never complete.

Ultimately to resolve I uninstalled SRM at both sites, deleting all data from database.  I then reinstalled and reconfigured SRM, protection groups, and recovery plans.

Edit: According to Jim in the comments, there is a better way – confirmed by multiple people.

Categories: Uncategorized Tags:

Recommended extensions to block @ spam filter

December 10th, 2015 No comments

*.ade
*.adp
*.arj
*.asx
*.bas
*.bat
*.cab
*.chm
*.cmd
*.com
*.cpl
*.crt
*.exe
*.hlp
*.hta
*.inf
*.ins
*.jar
*.js
*.jse
*.jsp
*.lib
*.lnk
*.mdb
*.mde
*.msi
*.msp
*.nsc
*.pcd
*.pif
*.pptm
*.ps1
*.reg
*.rwa
*.scr
*.sct
*.shs
*.vb
*.vbe
*.vbs
*.wmd
*.wsc
*.wsf
*.wsh

Additionally you may consider scanning these closer, quarantining, or blocking:
*.rar (block any that are encrypted/can not be scanned)
*.zip (block any that are encrypted/can not be scanned)
*.pdf (block any that are encrypted/can not be scanned)
*.xlsm (macro enabled xls)
*.docm (macro enabled docs)
*.doc (block any that are macro enabled if possible)

Categories: Uncategorized Tags: