Categories
Admin Tips Work

802.1X authentication woes with NPS & EAP

Had a frustrating issue with some UniFi APs where clients were not able to authenticate to the Pro models, but OK to the standard UniFis.

Running a packet capture on the NPS server I could see many Access-Requests arriving at the server with an Access-Challenge immediately being sent back, but the AP would just keep sending the same request and the server was neither Rejecting or Allowing the connection.

If you’re having similar sounding issues, try adding a ‘Framed-MTU’ attribute to the Network Policy settings.

The MS article recommends to use a Framed-MTU of 1344, but ended up settling on 1400. We did had Jumbo frames enabled on the server running NPS role which I think may have been contributing to the problem. Hope this can help someone out!

Framed-MTU Setting

 

 

Categories
Tech Work

Dynamics CRM TextaHQ SMS Integration

Over the past six months I’ve been developing a Student Management System based on Dynamics CRM 2011 for one of the new Trades Academies. I’ll talk about why we chose Dynamics CRM in a later post, but this post is about the integration I built with the TextaHQ SMS Messaging service.

TextaHQ was attractive for no monthly fees, low per message cost and a two way API allowing SMS replies. When replies come back the gateway sends the reply to a Callback URL allowing us to save the message straight into CRM. Not so great if your server goes down for a few hours, but it does mean we don’t have to be running a service to poll for new messages like some APIs.

I would love to have published this up into a nice how to guide but probably not going to have time to do that for a while, so I thought I’d code dump for now instead.

My solution consists of three parts, the SMS Message entity, the plug-in assemblies for sending the messages and a ASP.NET form to save the messages back into CRM.

SMSMessagingTest

SMS Message Entity

A new ‘activity’ entity named SMS Message

  • Add a field named characters remaining (see the Magnetism blog for how to implement the Javascript to count your characters remaining)
  • Add a field named sendernumber – this is where the sender number of mobile replies will be put
  • These are the status codes I am using:
    • Open
      • Draft (1) – Default Value
      • Failed (352,400,004)
    • Completed
      • Pending Send (352,400,002) – Default Value
      • Sent (352,400,000)
      • Delivered (352,400,006)
      • Received (352,400,001)
    • Cancelled
      • Cancelled (3) – Default Value
  • Setup the form – this is what mine looks like
    SMS Message Form

Plug-in Assemblies

Create a  Web Resource called ‘smsconfig’ – an XML file. Format it like below with the URL and API key from your TextaHQ account

<configuration>
<url>http://app.nz.textahq.com/api/sendSMS.php</url>
<key>123456789012345678901234567890</key>
</configuration>

 

Download the source code for the Dynamics CRM plug-in assemblies SMS Messaging source code

There are four files in the source code –

Utilities.cs

Contains a (rather bad) phone number cleaning method; a method to read the url & key from the configuration XML file; code for querying the ‘smsconfig’ web resource and the code to post the message to the gateway

StatusCodes.cs

Contains the definitions of the statuscodes I defined above

SendSMS.cs

The code that should be triggered when the statuscode of the smsmessage entity is updated

It basically:

  • Checks if the status code is in ‘Completed_Pending’ send state (user clicks ‘Save and Complete’ on the SMS Message activity’)
  • Retrieve the needed data from fields, check the message isn’t blank
  • If the regarding entity is a contact, sends the message to the contact
  • If the regarding entity is a course (you can delete this functionality if you like), it sends the message to all of the contacts enrolled in the course with a mobile phone
  • Updates the SMS Message record to the Completed – Sent status (or Open Failed if it doesn’t manage to send any messages)

We send the Guid of the contact the message is being sent to as well as the Guid of the creator of the message to allow as user data to the TextaHQ API – this data is stored with the message and if a reply comes back the data is fed back to us. That allows us to assign the reply back to the original sender and set it regarding the correct contact.

SendSMSActivity.cs

This cool bit of code lets you send SMS messages from workflows! It takes the following parameters

  • Recipient number
  • Message
  • Regarding contact
  • User to assign replies to (system user/owner)

Then returns a MessageSent boolean to let you know if it sent or not.

In fact, if you wanted you could actually just register this workflow activity and forget about the SendSMS.cs – but I needed SendSMS.cs to allow me to send a SMS message to a whole course full of students.

(You would just setup a workflow to trigger when statuscode of sms message is set to completed – pending, then send SMS with the appropriate variables, then if it manages to send update the status code to completed – sent or open – failed)

Registering Plug-in assembly

Build the plug-in assemblies and register – this is what the step looks like for me for SendSMS.cs

PluginRegistration

 

 

Conclusion

You should now in theory be able to send SMS messages. I’ve added a ‘Save and Complete’ button to the toolbar for SMS Message activities, and renamed it ‘Send SMS’.

Sorry I don’t have time to tidy this up and write a proper instruction, but there are some other good posts online which I used to help me get this far.

I would have liked to implement party lists to allow sending to multiple contacts, but don’t really need it at this stage.

Hopefully you might find some useful code snippets that you can adapt for use in your project.
One day I might release it all packaged up as a solution!

I’ll post my SMS reply processing ASP.NET form soon to complete the puzzle.

Categories
Admin Tips Work

Security Tip: Automatic application updates with Ninite

NiniteThis isn’t a free tip, but works well for the networks I manage. One of the challenges for any Systems Administrator is keeping software up to date. I’m not so concerned about actually having the latest version of software so much as making sure if there are any security updates these are taken care of in a low effort way.

In your network documentation you should consider every application you have installed on your workstations and determine a software update strategy for each. Our Microsoft products are taken care of by Server Update Services, our Antivirus looks after itself and now we have Ninite for the rest.

If you haven’t come across Ninite before, it is a neat wee tool to install your favourite applications with a couple of clicks.

Ninite Pro adds some awesome features which allow this, such as a command line/silent mode, one touch software updates and caching software downloads. I subscribed to the $20/month plan for up to 100 computers.

There are lots of cool things you can do with the command line reference etc, but all I need is the update mode (which updates any of the Ninite supported software which you have installed on your computer), and to set it up to run on a regular basis. In my case, every time a computer is turned on.

Here is my standard configuration for Ninite

  1. Setup a service account with a secure password for Ninite in Active Directory and document the password in LastPass. It will require permissions to install software on your workstations.
  2. Setup a network share for Ninite and add permissions for the Ninite service account.
  3. Put your copy of NiniteOne.exe in the share and create a Logs folder
  4. Setup a Scheduled Task in Group Policy > Control Panel Settings > Scheduled Tasks
    1. Run whether the user is logged on or not, run tasks as your service account. Configure for Windows 7.
      Currently investigating a better option for this. That would require storing the user credentials for Ninite service account in Group Policy which is actually easily accessible by malicious users.
    2. Triggers – At system startup. You may wish to delay task for 10 minutes, I have it running immediately.
    3. Actions – Start a program
      \fileserverNinite$NiniteOne.exe /silent \fileserverNinite$Logs%ComputerName%.txt /updateonly /disableshortcuts
    4. Conditions – Start only if the computer is on AC power
  5. Test it out, when you restart your test workstation a log file should be created for the workstation in the Logs folder, and any software supported by Ninite should be updated and cached in the network folder for a quick install on other machines.