Ahh yes, I’m really starting to love Linux.  My Ubuntu server is shaping up nicely and with the addition of an FTP service it’s doing just about everything my Windows server did, but for free.  I chose proftpd over vsftpd because I read Webmin supports proftpd out of the box.  I haven’t installed Webmin yet, but it’s on the list!  Maybe I’ll even have time to get to it today, since installing proftpd was so easy.

Installing & Configuring PROFTPD FTP Service on Ubuntu 10.04 Lucid Lynx

# Install proftpd
sudo apt-get install proftpd

# During installation you can choose to install as an inetd service,
# or a standalone server.  I read and followed the advice of installing
# as an inetd service since I won't have many users.

# Backup the configuration file incase you mess something up!
sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.original

# Open the config for edit
sudo nano /etc/proftpd/proftpd.conf

# Change your server name to whatever you like
ServerName "whatever.mydomain.com"

# Uncomment the line to restrict users to their home directory
DefaultRoot ~

# Uncomment the large block of commented code at the end of the
# config to enable anonymous user access
<Anonymous ~ftp>
  ...
</Anonymous>

# Save your changes and then restart the service
sudo service proftpd restart

# You can modify your welcome message at
sudo nano /home/ftp/welcome.msg

# And you can put a custom message in any folder to have it
# displayed when accessed
sudo nano /home/johndoe/.message

# That's it!  Connect from any FTP client.  Be careful of your file permissions
# if you decide to create custom FTP users and change there home directories
# to a fileshare or something.

Installation and configuration is straight-forward, but permissions took me a while to figure out.  This tutorial will configure Samba file-shares for access from any Windows, Mac, or Linux client.

Note:  If you’re attempting to share files from a USB, Firewire, eSata, or RAID device, you need to be sure that device will be mounted on startup.

Installing & Configuring Samba Shares on Ubuntu 10.04 Lucid Lynx

1. Install Samba:

sudo apt-get install samba

2. Add “Samba User” & password for initial user (the user you setup during Ubuntu installation), I’ve been using identical names & passwords for Ubuntu and Samba users:

sudo smbpasswd -a matt

3. Create any other local users who will have file share access:
    
   
    
4. Create “Samba Users” and passwords for those users as well:

sudo smbpassword -a joe

5. Add all of these users to the SambaShare user group:
    
   
    
6. Backup the original Samba config incase you mess something up:

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original

7. Open your Samba config for edit:

sudo gedit /etc/samba/smb.conf

1. Enable User Authentication in your Samba config:

security = user

2. Define your Workgroup in Samba config (although I’m leaving mine as the default WORKGROUP):

workgroup = WORKGROUP

3. Define your file-shares at the bottom of the file:

[Public]
comment = Public Files
path = /media/Data/Public
browseable = yes
guest ok = yes
read only = no
force user = matt

[Share]
comment = Shared Files
path = /media/Data/Share
browseable = yes
guest ok = yes
read only = yes
force user = matt

[Personal]
comment = Personal Files
path = /media/Data/Personal
browseable = yes
guest ok = no
read only = no
valid users = matt alex

[Matt]
comment = Matt's Files
path = /media/Data/Private/Matt
browseable = yes
guest ok = no
read only = no
valid users = matt

[Alex]
comment = Alex's Files
path = /media/Data/Private/Alex
browseable = yes
guest ok = no
read only = no
valid users = alex

4. Save changes.
8. Restart the Samba service after any changes to the config:

sudo service smbd restart

9. Configure file-permissions:
1. If any parent folder of any share is lacking rights to access that folder, the connection will fail.
    
2. Since I’m starting out I’m keeping things simple.  All of the users I’ll use for share access are a member of the SambaShare group so I’ve assigned every share folder + all of it’s parent folders to the group SambaShare with “Create and delete files” folder access (read/write/execute… rwx).  For example, I have a share called Matt located at /media/Data/Private/Matt.  My smb.conf only allows the user matt access, but the file-permissions for the Data, Private, and Matt folders are defined as:
    
   
    
3. Keep in mind the consequences of these settings, if any user in the SambaShare group sits down at the server and logs in, they will have full rights to all of these folders (even though you’ve defined different rights in your smb.conf above).
10. Connect to your shares from any client.

If you’re connecting USB, Firewire, eSATA or even internal RAID array devices to your Ubuntu machine you should note that they aren’t actually mounted on boot.  This can be confusing…

• If you connect a device while the computer is running, the device will appear on the desktop and it has been mounted.
• If devices are connected before the computer is running, they will not appear on the desktop once the computer has started and they have not been mounted.  However, if you open “My Computer” you’ll see your devices and as soon as you double click one to access it, it will be mounted.
• If a device’s mount status is in question, right-click the device and you’ll see a Mount or an Un-Mount option.

This is all well and good until you start setting up services that use these devices and always expect them to be mounted, whether the computer is rebooted or not.  This would include file-sharing services (Samba), FTP, etc.  The FSTAB file allows you to define which devices mount on startup, and where.

Things to Note

• Note that these instructions require running and modifying system files and services.  This requires root permission, which is why commands must be proceeded by sudo.
• Note the fstab file is located at /etc/fstab.
• Remember linux is case-sensitive, watch your paths!

Un-Mount Device

1. Reboot the computer and do not access the device, or…
    
2. Determine the location of your device:

   sudo fdisk -l

3. Un-mount one of two ways…
   
   
   • … by device location (modify as needed):

     sudo umount /dev/sdb1

   • … by mount point location (modify as needed):

     sudo umount /media/Data

Mount Device on Startup by Modifying the FSTAB File

1. Create a directory to use as your device’s mount point:

   sudo mkdir /media/Data

2. Make a copy of the original fstab file incase you mess something up:

   sudo cp /etc/fstab /etc/fstab.original

3. Determine the UUID of the device you’d like to mount:

   sudo blkid

4. Open fstab for edit one of two ways…
   
   
   • … in GUI with Gedit:

     sudo gedit /etc/fstab

   • … in terminal with Nano:

     sudo nano /etc/fstab

5. Add the following lines to the end of your fstab file (modify as needed):

# Adding my RAID array so that it's mounted on startup.
UUID=78d85398-d179-4640-bb1b-f770ba90abb1 /media/Data ext4 defaults 0 0

# Alternatively, you could add the device using the location
# like you may see with your existing fstab entries,
# but UUID is the safest way to go.
# You would just replace the UUID with the location, like so:
# /dev/sdb1 /media/Data ext4 relatime,noexec 0 2

6. Save changes and reboot.  You’ll now see the Data device mounted and sitting on your desktop when you login!

There are two tips I just learned about Gmail:

1. You can pepper your email address with dots and you will receive the mail as usual (us.e..r.n.a.m.e@gmail.com goes right to username@gmail.com).  Tested this and it doesn't work... just can't believe everything you read!
    
   
2. You can append +anything to your address and you will receive that email as well (username+whatever@gmail.com gets sent to username@gmail.com).
    
   

Using the Gmail Plus Addressing trick, I can sync "notes" between my inbox and my mobile using ActiveSync:

1. Create a new label in Gmail called 'Notes'.  Labels will appear as folders from a mobile device connected via ActiveSync.
    
2. Create a new filter.  For any email address to username+notes@gmail.com, skip the inbox and apply the 'Notes' label.
    
3. Setup a contact called 'Notes' (username+notes@gmail.com), and any email sent there will appear in your 'Notes' folder in Gmail or on your phone.
   

Hoboken NJ, pickup only. Please contact me here or call me at (347) 687-6277.  I’m going to hold off on selling individual items for a couple of weeks because I’d prefer to sell the whole lot in one shot. 

1. HP ProLiant DL585 G2 Rack-Mounted Server - $1200 
   (2x) Dual-Core AMD Opteron 8216 64-bit 2.4GHz Processors
   19GB ECC DDR2 Memory
   (6x) Gigabit Ethernet Ports
   Smart Array P400 RAID Controller
   (2x) HP 160GB 7200RPM SAS Hot-swappable Harddrives
   (4x) HP 320GB 7200RPM SAS Hot-swappable Harddrives
   Internal USB port, great for VMWare ESX/ESXi thumb drive
   Slim DVD Drive
   View detailed hardware report
    
2. HP ProLiant DL585 G1 Rack-Mounted Server - $600
   (2x) AMD Opteron 850 64-bit 2.4GHz Processors
   16GB ECC DDR2 Memory
   (8x) Gigabit Ethernet Ports
   Smart Array 5i RAID Controller
   (4x) Compaq 36.4GB 15,000RPM SCSI Hot-swappable Harddrives
   Slim CD Drive
   View detailed hardware report
    
3. HP StorageWorks MSA20 Rack-Mounted Modular Smart Array - $500
   (12x) 3.5” SATA Drive Bays
   (12x) 3.5” Filler Trays
   Additional backup power supplies/controller card
    
4. Compaq 42U Black Server Rack - $300
   68”H x 23.5”W x 32”D
   All metal, solid construction, great condition
   Mesh doors for air-flow
   Lockable doors, keys included
   3 shelves
   Roller wheels on bottom
    
5. Miscellaneous Accessories - $200
   15” NEC LCD Flat-Panel VGA Monitor
   Keyboard/Mouse
   Compaq 8-Port VGA KVM Switch + Cables
   (2x) 11-Plug Rack-Mounted Power Strips
   Several Hotswappable Harddrives and Enclosures
    

Everything all-together for $2500.

I just realized that while I’m behind my Threat Management Gateway (TMG 2010 formerly ISA) I can’t upload/write/save/delete files on an external FTP site!  I can connect using FileZilla without any problem, but as soon as I tried to upload something I’d receive the following errors in the log:

Status:	Resolving address of xxxxxxx
Status:	Connecting to xxxxxxxxx...
Status:	Connection established, waiting for welcome message...
Response:	220-Microsoft FTP Service
Response:	220 Winhost.com FTP
Command:	USER xxxxx.
Response:	331 Password required for xxxxxx.
Command:	PASS **********
Response:	230-Welcome
Response:	230 User logged in.
Command:	OPTS UTF8 ON
Response:	550 Access is denied.
Status:	Connected
Status:	Starting upload of C:\Users\matt\Desktop\TESTFILE.txt
Command:	CWD /xxxxxxxxx
Response:	250 CWD command successful.
Command:	PWD
Response:	257 "/xxxxxxx" is current directory.
Command:	TYPE A
Response:	200 Type set to A.
Command:	PASV
Response:	227 Entering Passive Mode (xxxxxxx,223).
Command:	STOR TESTFILE.txt
Response:	550 Access is denied.
Error:	Critical file transfer error

Naturally I checked my TMG firewall log before contacting my host’s support team, but no error of any kind shows in the TMG logs.  I was convinced it was my host so I actually changed hosting providers only to encounter the same thing.  AHHH!

I finally found the solution.  If, and only if, you add a firewall rule that involves the FTP protocol, then a magical new menu item appears in the right-click context menu called Configure FTP.  By default, the value is set to Read-Only, uncheck that and you’ll be good to go.

Poorly done if you ask me.  There should be a warning in the logs or some kind of alert telling you there are new configuration menus if you create certain types of rules (why wouldn’t this be on the Action Pane?).

Server Installation

1. Take a look at the online readme file for supported operating systems and hardware requirements.  I’m running a Windows Server 2008 R2 virtual machine with 1GB of RAM.
    
2. Install Microsoft SQL Server 2008 R2.  Alternatively, you can skip this step and have the TFS Configuration Tool install SQL Server Express or use an existing remote server.
    
3. Choose the appropriate architecture folder (TFS-x64 or TFS-x86) from the installation disc and run setup.exe.
    
4. I’m choosing to install everything on a single box, but larger deployments can install the Team Foundation Server, Server Proxy, and Build Service features on separate machines.
    
   
    
5. Reboot.
    
6. Run Team Foundation Server 2010 Configuration Tool.  Configuration will launch automatically at the end of installation if the checkbox is selected, or, you can launch the Team Foundation Server Administrative Console and choose Configure Installed Features.
    
   
   

Server Configuration

1. I’m choosing the Standard Single Server configuration since SQL Server is installed on the same machine.  If I wanted the configuration wizard to install SQL Express I could choose Basic, or Advanced to connect to a remote SQL server.
    
   
    
2. Create and assign a new user account for TFS to use for accessing SharePoint and Reporting Services.
    
   
    
3. Complete installation and view the results.
    
       
    

Team Project Configuration & Administration

1. Launch Visual Studio using the administrator account you used during installation and select Project Management as the default environment settings.
    
   
    
2. Connect to the newly created TFS server.
    
   
    
3. Create a new Team Project.  I left all the defaults and I used a project name without spaces so that the SharePoint site that’s created doesn’t end up having a funky URL.
    
    
    
4. Give users permission to the project.
    
   
    
    
    

Client Configuration

1. I have Microsoft Visual Studio 2010 Ultimate installed on a Windows 7 Ultimate workstation.
    
2. Connect to the TFS server.
    
    
    
3. Once connected, your non-admin users will probably encounter a red X on the Documents and Reports items as shown below.  To resolve this problem read this post on how to give users permission to the SharePoint and SQL Report Services.
    
   

After installing and configuring Team Foundation Server 2010 and a new Team Project, you’ll probably find that your non-administrator users will see red X’s on the Documents and Reports items when connected:

Fix Documents Red X – Give Users Permission to SharePoint Services

1. As an administrator, browse to http://tfs:8080/tfs/web/ –> Project Portal –> Site Actions –> Site Settings –> People and Groups –> New –> Add Users. 
    
   
    

Fix Reports Red X – Give Users Permission to SQL Reports Services

1. As an administrator, browse to http://tfs/Reports –> Folder Settings –> Security –> New Role Assignment.
    
   
    

Refresh the user’s TFS connection and those pesky red Xs should be gone.

I’m re-organizing projects within a solution and I’m just cutting and pasting code files all over the place like some sort of mad man.  Not surprisingly, I had to change the Inherits attribute of any markup I had cut/copied from another project to resolve all the build errors.  Now, being a C# guy I thought I’d be done at this point, but not with Visual Basic!  The compiler was complaining that:

Thanks to Karl Everest King’s post, I found out that at some point the project file causing the problem (projectName.vbproj) had it’s <MyType> property automatically changed to an error throwing value:

From a text-editor other than Visual Studio, change that value Custom to Windows (very odd considering its a web app) and save.  If your solution was still open, VS will detect the modified file, you’ll reload it, and then you’ll compile successfully.

Setup Server Manager Remote Management on Servers

1. On each Windows Server 2008 R2 computer you’d like to manage remotely, Server Manager –> Configure Server Manager Remote Management:
    
   

Setup Remote Server Administration on Clients

1. Download and install Remote Server Administration Tools for Windows 7 or Windows Vista.
    
2. After installation, enable the tools in Control Panel –> Programs –> Turn Windows Features On or Off:
    
   
    
3. Run Administrative Tools –> Server Manager and connect to your server.  If you receive the following error then the user account doesn’t have administrative permission on the server you’ve specified:
    
   
    
   You can easily run Server Manager as a different user (one that is an administrator on the destination box) by Shift + Right Click –> Run As Different User…
    
    

Note to self:  I couldn’t connect to any of my perimeter (DMZ) servers.  I’m not sure if it’s because they’re not on the domain or because they’re on a different subnet.  I’m leaning towards the former since I logged all the traffic from the LAN to the DMZ while trying to establish a remote Server Manager connection and nothing showed up.  Maybe by default Group Policy forbids remote server management for non-domain machines?

Last night I uninstalled Microsoft Office 2007 and just now I installed Office 2010.  After rebooting, I opened Outlook and everything seemed fine.  Then I tried to reply to an email and I received the following error:

“The operation failed.  The messaging interfaces have returned an unknown error.  If the problem persists, restart Outlook.  Cannot resolve recipient.”

I’m not sure what caused the problem, but I resolved it by:

1. Removing my local mail profile.  Control Panel –> Mail –> Show Profiles… –> Remove.
    
    
    
2. Rebooting all Exchange Servers.  An MBX, CAS, and Edge server in my case.
    
3. Restarting my client machine.
    
4. Setting up Outlook.  Outlook will first ask for a profile name, which I called “Outlook”.  During the Exchange Setup Wizard it asked me to restart Outlook, which I did, and it then connected without an issue.  It downloaded all of my email etc, and I then replied to a message without any error.

1. Install the Web Server role with the IIS Management Console and FTP Server role services:
    
   
    
2. Create a new FTP Site:
    
   
    
3. Setup the site with the default bindings and choose Allow SSL if you don’t plan on deploying a certificate:
    
   
    
4. Configure user permissions and basic or anonymous permission.  If your server is connected to your domain you can specify domain users, otherwise they must be local user accounts:
    
   
    
5. Finally you’ll have to configure your server’s firewall rules to allow access.  Personally, I think Microsoft’s done a great job up until this point… it’s a shame it couldn’t last.  Disregard any existing FTP firewall rules; although they should be enabled, they don’t actually allow access!  Run Allow a Program Through Windows Firewall and grant access to C:\Windows\System32\svchost.exe
    
    
    

I downloaded the .NET 3 and 3.5 Frameworks and then attempted to install them on my Windows Server 2008 R2 web server, but I was told I must install them through the Server Manager –> Features menu.  So I did:

After rebooting, I launched Internet Information Services to create a new .NET 3.5 AppPool but… where is it?

During some research I was reminded that the 3.0 and 3.5 frameworks were actually additions to .NET 2.0, and not entirely new frameworks themselves.  Oh how easily I forget. So if you’ve installed .NET 3.5.1, you should choose the .NET Framework v2.0.50727 to run any 2.0, 3.0, 3.5, or 3.5.1 applications.

If you install the .NET 4.0 Framework, that appears separately as shown.

Microsoft’s Threat Management Gateway 2010 allows administrators to configure secure virtual private network connections from external clients in a variety of ways.  Using the Remote Access Policy (VPN) settings, clients can connect via PPTP, L2TP/IPsec, and the new & impressive SSTP protocol.  Unfortunately I only have a single external IP address and the HTTPS protocol is already bound to my RemoteApp server so I won’t be able to enable SSTP.  This tutorial will show how to enable PPTP remote access.

1. Configure Address Assignment Method
    
    
     
   
    
   All of my existing TMG Networks (Internal, Perimeter, ext) are using 172.16.0.xxx – 172.16.3.xxx, so I’ve given VPN clients the 172.16.4.xxx subnet.
    
2. Enable VPN Client Access
    
   
    
   
    
3. Specify Windows Users
    
   
    
   
    
4. Verify VPN Properties
    
    
     
   
    
5. Verify Remote Access Configuration
    
      
       
    
    
6. View Firewall Policy for the VPN Clients Network
    
   
    
    
    
   As you can see I’ve selected All Outbound Traffic just to get this thing up and running but I’ll tighten it up later.  The significance of these rules is threefold:
    
   A – Allow VPN clients to the localhost so they can resolve DNS names correctly.
   B – Allow VPN Clients to the LAN so they can access internal resources (the whole point of VPN).
   C – Allow VPN Clients to the External network so they can access the internet, otherwise you won’t be able to browse while connected.
    
7. View Network Rules
    
   
    
   
    
8. Configure Quarantine (Optional)
    
    
     
   
    
   When I tried to enable Quarantine, TMG issued the following warning.  Sounds like clients may need the Forefront TMG client installed or they’ll be quarantined indefinitely.  I’ll just leave it disabled for now.  
      
   
    

That’s it!  Now you should be able to securely connect to your network from anywhere!

This post may seem silly, but without a picture of what these two trays and four posts should look like it could be an awfully long time before it’s put back together; it took me longer than I care to admit.  It's also a lot easier with some help, four hands are better than two.