Thursday, December 24, 2009

Mailscape named Best Exchange Administration tool for second consecutive year!

Hello everyone,


It is my pleasure to announce that Mailscape won the Best Exchange Administration tool 2009 in’s Readers’ Choice Awards!  This is the second consecutive year we have won this award, and we’re very excited about how much attention Mailscape has received in the past year.


Click here to see the announcement on


On behalf of everyone at ENow, thank you all for helping us make 2009 a great year for Mailscape! We wish you and your families the happiest of holiday seasons and look forward to an even better year in 2010!


Kindest Regards,

New Exchange 2010 KBs

977960 You cannot create a new Exchange Server 2010 database in a multiple domain environment

977961 You cannot use Outlook Web App after you enable the "System cryptography: Use FIPS algorithms for encryption, hashing and signing" security policy on an Exchange Server 2010 server

977957 The message tracking task does not work in the Exchange Troubleshooting Assistant tool on an Exchange Server 2010 edge server

977956 Event ID 9771 is logged when you try to restore a Volume Shadow Copy Service backup by using an Exchange-aware application that supports the Volume Shadow Copy Service writer for Exchange Server 2010 Standard version

977962 You cannot a remote connection to a Microsoft Exchange Server 2010-based server when you use the remote feature in Windows PowerShell 2.0

977952 You cannot move a mailbox database to an Exchange Server 2010 cluster node that is part of a database availability group when you try to install a hotfix or an update rollup for Exchange Server 2010

977963 You cannot move an Exchange Server 2007 mailbox to an Exchange Server 2010 mailbox server when the mailbox user has many AD properties

Tuesday, December 22, 2009

Busbar speaks about Exchange 2010 and OCs 2007 R2 at Microsoft Techday in Helwan Univesity

I have been invited to speak about Exchange 2010 and OCS 2007 next thursday in Microsoft Techday in Helwan Univesity/Faculty of engineering, Iwill speak about the Unified Communication diretion of Microsoft, in day there will be a lot of other valued MVPs who will speak about other Microsoft technologies, if you wish visit us next Thursday.

Wednesday, December 16, 2009

My own Exchange 2010 Storage Calculator

I had a lot of discussions with other Exchange pros worldwide and I found that 100% of them agree with me that the Exchange calculator that has been posted by MS is not convincing specially in terms of the sizes and no. of disks required for accommodate the exchange requirements.

In my spare time I prepared the attached excel sheet for calculating the required storage, I didn’t finish the no. of hard disk required or backup sections, but I will need your feedback on the excel sheet, I managed to get 5% error factor from the actual mailbox size that will be calculated on MS storage calculator, I won’t be able to compete 100% but it will help.

The strange thing that the MSEC says for the same mailbox sizes that it needs about 100 TB, while mine around 50 TB, I checked my calculations several times so I need your feedback on my sizing.

The calculator has two categories, Yellow and green section, Yellow are your input, green are calculated based on your input, the calculator give you the option to specify the maximum database size required, no. of servers deployed, server failover tolerance (this will be benefit in case you don’t want to protect against 100% loss and want to protect your customer from single or 2 server failure), the calculator still assumes full database replication, the upcoming version will let you mix and match or specify the number of replicated database.

This is version .4 so it might be little buggy, and of course it is neither support nor competing with the MSEC so use it on your own risk, but since it is cells, numbers and pure math I trust my own calc.
Link to the storage calculator
Waiting for your valuable feedback please send to me a feedback on exsc[at]ipility[dot[com]

Tuesday, December 15, 2009

from the field: Installing OCS 2007 R2 DB update utility

I have stucked for a while trying to install the OCS 2007 db update utility from the november update collection for COS 2007 R2, the setup kept asking for SQL 2005 client tools, after so many tries here is the solution:
install the following SQL MSI, I am not familiar with SQL so what matters it fixed my problem

you will need it only if you are running Enterprise version with seperate SQL server and want to run the hotfix from the frontend server.

Sunday, December 13, 2009

you may not be able to open a protected office 2003 document protected using RMS`

Starting on 11December 2009, some customers using Office 2003 are not be able to open Office 2003 documents protected with Information Rights Management (IRM) or save Office 2003 documents protected with IRM. This is caused by an IRM certificate expiring. This includes Word 2003, Word 2003 Viewer, Excel 2003, Excel 2003 Viewer, PowerPoint 2003 and Outlook 2003. It does not affect Office 2007 or Office 2010 Beta

A resolution has been quickly developed for this issue, and is available via the following KB items:
• (Office 2003)
• (Excel Viewer)
• (Word Viewer)

Saturday, November 21, 2009

Mailscape V4.5 Delivers Customizable Reporting and Proactive Monitoring


 ENow Inc, innovative leaders in the development of software and authors of the award-winning Mailscape V4.4, announced today the formal launch of Mailscape V4.5.

Mailscape is a complete systems management tool that combines all the key elements for Exchange monitoring, reporting and administration into a single, affordable solution. The highly-anticipated launch of V4.5 delivers customizable reporting that gives administrators complete flexibility in not only how they create reports, but also how they disseminate the information. Traditional reporting products only allow you to email a report, resulting in static data, but with Mailscape V4.5‟s Personalized Dashboards, each key role in your organization can have access to only the reports they need to see via our one-look dashboard that automatically self-generates.

In addition, our proactive monitoring capabilities go beyond traditional tools that only monitor basic components, such as service availability and uptime. Mailscape V4.5 performs regular health checks of all the vital components in your messaging system, such as mail flow, OWA, and BlackBerry, to ensure they are functioning optimally.

"One of the many challenges faced by the reporting industry is developing software that is customizable enough to meet the unique needs every organization has," remarks Curtis Blake, ENow‟s Chief Technology Officer. "The beauty of our solution is that it gives you that customization, yet remains simple enough so that everyone can use it without training."

"The graphical display of data makes it easy enough that the Help Desk can quickly diagnose the cause of a problem and take a more active role in monitoring the system. Plus, the customizable reporting makes it easy to create very complex queries," states Lasse Pettersson, Exchange MVP. "Overall, Mailscape is a very impressive solution, and one that sets itself apart from the competition."

Learn more about Mailscape V4.5 at

Mailscape V4.5 is available now through ENow‟s global network of value-added resellers and distributors.

Monday, November 16, 2009

vote for mailscape at

Mailscape is one of the best Exchange management and monitoring products I have ever seen, as you all know Ingazat became a partner for ENOW consulting and we are representative in the region.
mailscape has won for the past 2 years the best messaging management award from msexchangeorg, please take a second of your time and vote for mailscape @

Tuesday, November 10, 2009

Huge announcement for Ingazat Today

I will 2 excellent news for all of you, Today Ingazat has signed the partnership agreement with ENOW, ENOW is the provider of mailscape is the award winning Exchange monitoring and reporting software, mailscape has been awarded best Exchange monitoring software for last couple of year, and has been selected by several Enterprise customers worldwide like foxnews groups.

Also Ingazat has signed the agreement with GFI software, GFI are providing several Enterprise and SMB products like award winning GFI webmonitor for ISA and languard software.

As we are doing heavily Exchange , AD, System management and UC we always wanted to deliver end to end solution for our customer and have been very careful in selecting our partner, so as ENOW and GFI and I believe that customers in the region will enjoy best software worldwide implemented and services by Ingazat consulting team.

So happy about this step for Ingazat and our partners as well, I am looking forward for bigger and better future for both of us.




Thursday, November 5, 2009

changes to forefront engines

A reminder from the Forefront Server Security blog.
As we announced on July 1, 2009, Microsoft is revising its engine mix on Dec. 1, 2009 for the Forefront and Antigen products. This change will allow customers to utilize a set of engines that help optimize detection, while also allowing us to invest in new areas for increasing overall protection for customers.

Antimalware Protection
The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009. After December 1st, customers will not receive any updates for these retired engines. In order to make sure your Antigen and Forefront products continue to scan efficiently and effectively for malware, any customers running the AhnLab, CA, or Sophos engines must DISABLE these engines before Dec. 1, 2009 and select from the new set of five engines – Authentium, Kaspersky, Microsoft, Norman, and VirusBuster.

SPECIAL NOTE: Antigen for SharePoint 8.0 and Antigen for Instant Messaging 8.0 customers – In order to gain access to the new engine set and provide optimal protection for your messaging and collaboration environments, please download the Service Pack 1 releases of these products on the MVLS or VLSC site prior to Dec. 1, 2009. The updates for the new engine set will use a new update infrastructure as of Dec. 31, 2009 – the Service Pack 1 releases will allow you to continue to receive updates correctly from their new location.

For more information about Service Pack 1 for Antigen for SharePoint and Antigen for IM, see the following KB article:

- SPECIAL NOTE: Antigen for Exchange 8.0 and Antigen for SMTP Gateways 8.0 customers –These products will end of life on Dec. 31, 2009. Customers must upgrade to Antigen 9.0 SP2 for Exchange before this date, as the product will no longer continue to receive anti-malware updates starting Jan. 1, 2010. With the retirement of the CA, Sophos, and AhnLab engines on Dec. 1, customers running Antigen for Exchange 8.0 or Antigen SMTP Gateways 8.0 will only be protected by the Norman engine. For customers who need to continue using this product between Dec. 1, 2009 and the end-of-life date of Dec. 31, 2009, please contact Forefront Contract Administration for access to the revised engine set.
For more information on upgrading your Antigen for Exchange 8.0 or Antigen for SMTP Gateways 8.0 to Antigen 9.0, see the following KB article:

Antispam Protection
One of the most important changes in our engine revision strategy is moving to the Cloudmark antispam engine*, which provides 99%+ detection rate and less than 1 in 250,000 false positives (West Coast Labs).

The Mail-Filters SpamCure antispam engine will be retired on Dec. 1, 2009. Customers using Antigen products for antispam protection must upgrade to the latest service pack releases listed below BEFORE DEC. 1, 2009 to maintain their antispam defenses. This is the only way to gain access to the new Cloudmark engine. The service packs can be accessed on the Microsoft MVLS and VLSC sites:
- Antigen for Exchange Server with Antigen Spam Manager 9.0 with SP2
- Antigen for SMTP Gateways with Antigen Spam Manager 9.0 with SP2

For more information on the engine revision strategy, see the Antimalware Engine Notifications and Developments Web page or contact Forefront Contract Administration . Again, we strongly urge all customers to update to the newest service packs before Dec. 1, 2009 to get the full protection benefits of the Forefront and Antigen server products.

*Please note: Customers using Forefront Security for Exchange Server will get access to the Cloudmark engine in the next version release – Forefront Protection 2010 for Exchange Server – scheduled to be available in Q4 CY09.

Tuesday, September 29, 2009

Error in installing DAG on Exchange 2010 server

fastly, if you get the following error when creating the DAG:
A server-side database availability group administrative operation failed. Error: The operation failed with message: Error 0x6f7 (The stub received bad data) from cli_RpccCreateCluster

make sure to add a default gateway in the MAPI NIC on each server in the DAG cluter

Friday, September 11, 2009

What's New in the Exchange Management Console for Exchange Server 2010

part 1
part 2
part 3

Server Reliability Study

"--Server Reliability Study An Information Technology Intelligence Corp. (ITIC) study based ona survey of more than 400 C-level executives at a variety of companiesworldwide examined data about server outages on various platforms.The study identified three levels of outages: Tier 1 outages canusually be resolved quickly; Tier 2 outages result in between 30minutes and four hours of downtime; Tier 3 outages last longer thanfour hours and can result in data loss. IBM AIX UNIX running on thePower series servers garnered the highest reliability rating."

Microsoft and Cisco Fix TCP Stack Vulnerability

--Microsoft and Cisco Fix TCP Stack Vulnerability

Microsoft and Cisco have issued updates to address a vulnerability
in the transmission control protocol (TCP) that could be exploited to
cause denial-of-service conditions. The flaw was discovered in 2005
and made public last year. Microsoft's fix was part of its scheduled
monthly security update for September. Cisco's update addresses the
problem in several of the company's products. Other companies whose
products are affected by the flaw are beginning to issue advisories
as well. What is particularly concerning about this vulnerability
is that it requires a relatively small amount of malicious traffic
to exploit.

Thursday, September 3, 2009

I have just got a seat at the Exchange 2010 ignite @ Microsoft Egypt

So happy about it, I have just got an invitation to attend the upcoming Exchange 2010 ignite at Microsoft Egypt, the session will be next October 3/10 for 3 days, so excited about it, here is the course content:
· Agenda

· Day 01

08:30 am Registration and Check-in
09:00 am Introduction
09:30 am Exchange 2010 Overview
10:30 am Break
10:45 am Exchange 2010 Setup, Deployment and Server Role Configuration
11:45 am Lab 1 - Exchange 2010 Setup and Configuration
12:45 pm Lunch
01:45 pm Exchange 2010 Server Planning & Sizing Issues
02:45 pm Break
03:00 pm Exchange Server 2010 Client Access Server
04:00 pm Break
04:15 pm Exchange Server 2010 End User Experience
05:15 pm End of Day

· Day 02

09:00 am Exchange Server 2010 Federation
10:00 am Break
10:15 am Exchange Server 2010 Transport and Routing
11:15 am Lab 5 - Exchange 2010 Transport Routing
12:15 pm Lunch
01:15 pm Lab 6 - Exchange 2010 Compliance: Information Leakage Protection and Control
02:15 pm Break
02:30 pm Exchange Server 2010 Compliance: Archiving and Retention
03:30 pm Break
03:45 pm Exchange Server 2010 Unified Messaging
04:45 pm End of Day

· Day 03

09:00 am Exchange Server 2010 Storage
10:00 am Break
10:15 am Exchange Server 2010 High Availability
11:15 am Break
11:30 am Lab 8 - Exchange 2010 HA and Storage Scenarios
12:30 am Lunch
01:30 pm Exchange Server 2010 Management Tools & RBAC
02:30 pm Break
02:45 pm Exchange Server 2010 Architecture & Technical Wrap-up (Includes Transition/Migration Content)
03:45 pm Ask the Experts
04:45 pm End of Day

Thanks to Omar EL sherif, I am soooooooooo happy and will keep you updated about what we got in the workshop

Monday, August 31, 2009

Using Export-mailbox import-mailbox with Exchange 2010

by default nobody is allowed to run this cmdlets Export-Mailbox and Import-Mailbox in E14 .To allow access to these cmdlets the user/group must be assigned an RBAC role named "Mailbox Import Export".To do so use:
New-ManagementRoleAssignment -Role 'Mailbox Import Export' -User 'userName'
New-ManagementRoleAssignment -Role 'Mailbox Import Export' -Group 'groupName'

Exchange 2010 doesn't work well if you have native windows 2008 GC

Exchaneg 2010 is RC for now, yesterday we were playing with it and oops we have lots of errors within our labs.

asking lots of folks and lot of guys we found that E14 doesn't work well (for the RC build) with native 2008 GC, you need to have a windwos 2003 SP2 GC around E14 to work fine.

this will be fixed in the RTM version.

nice note for those who are playing with E14

Installing OCS 2007 R2 and integrate it with Codian MCU

the document has lots of screenshot and the title is self explaining.

Sunday, August 30, 2009

Training Offer: first Time in Egypt: Configuring and Managing Exchange 2010

IPility Training Center is proud to announce this unique training event for the first time in Egypt training IT professional on the latest Microsoft Technologies on Exchange 2010, Get trained on the latest messaging, mailbox and CAS technologies and get introduced to the major changes in HW, ESE database, storage design and HW sizing in Exchange 2010.
Course ID: 10135a: configuring, managing and troubleshooting microsoft® exchange server 2010 (5 days)
Course Start date: 2/10/2009
Credited Hours: 40
Course Contents:
Module 1: Deploying Microsoft® Exchange Server 2010
Module 2: Configuring Mailbox Servers
Module 3: Managing Recipient Objects
Module 4: Managing Client Access
Module 5: Managing Message Transport
Module 6: Implementing Messaging Security
Module 7: Implementing High Availability
Module 8: Implementing Backup and Recovery
Module 9: Configuring Messaging Policy and Compliance
Module 10: Securing Microsoft Exchange Server 2010
Module 11: Maintaining Microsoft Exchange Server 2010
Module 12: Transitioning from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010
Module 13: Implementing Unified Messaging
Module 14: Advanced Topics:
• Deploying High Availability Solutions for Multiple Sites
• Implementing Federated Sharing
Course Fees: 1850 LE.

Get trained by people who implemented Exchange 2010, Get trained by TOP IT professionals is Egypt.
Meet our instructors:
To register please send us an email on info @ IPility . com or call 0166615175, also visit for our complete offering.

Friday, August 28, 2009

Register for Beta Exam 71-662: TS: Microsoft Exchange Server 2010, Configuring

You are invited to take beta exam 71-662: TS: Microsoft Exchange Server 2010, Configuring. If you pass the beta exam, the exam credit will be added to your transcript and you will not need to take the exam in its released form. The 71-xxx identifier is used for registering for beta versions of MCP exams, when the exam is released in its final form the 70-xxx identifier is used for registration.By participating in beta exams, you have the opportunity to provide the Microsoft Certification program with feedback about exam content, which is integral to development of exams in their released version. We depend on the contributions of experienced IT professionals and developers as we continually improve exam content and maintain the value of Microsoft certifications.

71-662: TS: Microsoft Exchange Server 2010, Configuring counts as credit towards the following certification(s).
· MCTS: Microsoft Exchange Server 2010, Configuration

Public Registration begins: August 24, 2009
Beta exam period runs: August 31, 2009– September 14, 2009

Receiving this invitation does not guarantee you a seat in the beta; we recommend that you register immediately. Beta exams have limited availability and are operated under a first-come-first-served basis. Once all beta slots are filled, no additional seats will be offered.
Testing is held at Prometric testing centers worldwide, although this exam may not be available in all countries (see Regional Restrictions). All testing centers will have the capability to offer this exam in its live version.

Regional Restrictions: India, Pakistan, China
Registration Information
You must register at least 24 hours prior to taking the exam.Please use the following promotional code when registering for the exam: E14JReceiving this invitation does not guarantee you a seat in the beta; we recommend that you register immediately.
To register in North America, please call:

Prometric: (800) 755-EXAM (800-755-3926)
Outside the U.S./Canada, please contact:


Test Information and Support
You are invited to take this beta exam at no charge.You will be given four hours to complete the beta exam. Please plan accordingly.Find exam preparation information:

The first OCS 2007 ignite in Egypt is running

Well it is not the first, it has been done before, but this is the first time that I see this event outside the walls of Microsoft, in Egypt and in the Middle east region in an Arabic country.

Next Sunday I will start the first OCS 2007 ignite session at IPility training center; I am so excited about the experience and the special group of IT pros who chose IPility for this special event.

I always wanted to deliver the Ignite workshops (Exchange and OCS) but I didn't have the chance now it is the time to kick it off and start delivering those very special training events.

What is special about the ignite, well the ignites are by themselves are unique in their technical level, depth and the amount of time this event is delivered, it is unique and different than any type of Microsoft official curriculum by concentrating on the Technical depth as well as the labs and implementation within the training course as well

@ the ignites we deliver level 300 to 400 technical depth in a very condensed time, I usually call this type of training "the special forces training" you might feel that delivering such a deep level in 5 days is very short, But the material is structured to server this purpose and allow the trainee to gain the maximum benefit from it.

Looking forward for next Sunday, I will let you know about how the group felt the heat after the training.


Monday, August 24, 2009

Whee is IPility training center is located

located in the newest cairo urban area "el Tagamoa El Khames" beside the American University, canadian university and German Universities in Egypt, we have opened our center to provide the cluture, open and space for our student to get rid of the jam w suffer in Cairo.

you can locate IPility on Wikimapia here:

Unified Communications workshop

This is an Advanced customized training course explaining MS unified communication architecture, Design and implementation

Course Content:
Module 1: Welcome and Overview
Module 2: Architecture (Exchange 2007, OCS 2007, Cisco Call manager)
Module 3: IM and Rich PresenceModule 4: Conferencing
Module 5: Management and Troubleshooting
Module 6: Voice Architecture (Voice concept, IP telephony architecture, call routing, Translation rules, Dial peers, voice ports)
Module 7: Voice Capabilities
Module 8: Unified Messaging
Module 9: Compliance

Credited Hours: 32 hour
Price: 3500 LE
Start Date: 17/10/2009

to register send us an email at or call 0020166615175.

MCITP Enterprise Messaging Administrator

MCITP Official Course training
Introduction to Installing and Managing Microsoft Exchange Server 2007 SP1
Recovering Messaging Servers and Databases Using Microsoft Exchange Server 2007
Managing Messaging Security Using Microsoft Exchange Server 2007
Monitoring and Troubleshooting Microsoft Exchange Server 2007
Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007
Designing a High Availability Messaging Solution Using Microsoft Exchange Server 2007
Creidted Hours: 55 Hours
Price: Special Offer 1850 LE
Start Date: 4/10/2009

MCTS – Hyper-v Certified Specialist

Certified Windows Virtualization specialist, course include:• Course: Implementing and Managing Windows Server 2008 Hyper-V• Course: Set up, Manage, and Maintain a Virtual Environment using Microsoft Windows Server with Hyper-V and System Center Virtual Machine Manager 2008
Credit Hours: 40, Duration: 8 Days, Cost: 2000 LEPrinted material are available for extra 100 LE
Please Check our upcoming training events to register for the training course you seek at, send us email on or call 0166615175

Exchange 2007 advanced storage architecture and design bootcamp

This course if for Messaging/Exchange engineers or consutlants who are welling to take a deep dive into the Exchange 2007/2003 sotrage design and architecture, below are the course content and schedule:

Course Title Description Included Courses Credited hours Fees Start Date
Advanced Exchange 2007/2003 storage architecture and design Customized Storage architecture course Course Contents

» Architectural Changes in Microsoft® Exchange Server that Affect Storage
» Microsoft® Exchange Server 2007 Storage Design
» Microsoft® Exchange Server 2007 Roles and Their Impact on Storage
» Designing Storage Considerations
» Understanding Storage Tools

15 hour for Special Offer 2000 LE
Start Date: 15/9/2009

Printed material are available for extra 350 LE

Please Check our upcoming training events to register for the training course you seek at, send us email on or call 0166615175

Saturday, August 22, 2009

IPility Training Center has been launched

back again to blogging, it has been so long time since my last blog entry, I have went through several ups and downs that led me to leave my work as Infra. manager for PHD and moving as a senior conusltant in Ingazat information systems.

within this step I had the opportunity to open my own training center, I had the chance to build it as I need and fully conduct the sessions that I want to deliver thus I had the chance to deliver the message and expand my knowledge and experience and share it with other consultants and IT pros in Egypt and in the region.

When I decided to open that training center, I thought about fellow IT pros in the region who are seeking an advanced training which is usually located in europe or the USA or suffering from the bad quality of the current training sessions conducted by others.

Quality, Expereince and level of depth was the 3 main factors and pilars of the my own training center and I believe that you will notice through the type of courses we deliver.

IPility training center can be accessed throught this URL, additional sessions will be posted later as announed hoping that I will be able to grap your attention

Mahmoud Magdy

Upcoming Advanced Workshop: Active Directory Field Engineering, Level 400

IPILITY Training Center is proud to offer to you this unique training event and workshop, this training offering is the first of its kind in the EMEA region delivered by the best experts in the field.Active Directory Field Engineering is a special level 300 to level 400 workshop designed for IT consultants, Senior System Engineers and IT professional looking to gain deep technical knowledge of Active Directory and gain Mastering level of their Active Directory Troubleshooting skills.At the end of the course, students will be able to explain how Windows Server 2003/2008 Directory Services works in an enterprise environment; this course is intended to give support engineers an in-depth look at the workings of Windows Server 2003/2008 Directory Services. The focus is on problems deliberately created in order for students to gain experience of potential customer issues. Emphasis will be placed on the use of key tools and to practice troubleshooting skills that may become necessary when performing their jobfor course dates and detailes please visit : more information and registration please send us an email at info @ Ipility . com or call 0166615175 or visit our website

Friday, May 29, 2009

Microsoft BING

Hi all,
Today Microsoft will announce the Release of BING, this is an important milestone for Microsoft as search is critical to Microsoft and Bing is a significant step forward in redefining the Search. With Bing, Microsoft's goal is to do more than just make it easier for people to find information, Bing is a decision engine that goes beyond the search. Next week, Bing will go live at try it then and give Microsoft your feedback.


Wednesday, April 15, 2009

Help stoping Confiker worm

As you might know, Confiker worm is spreading all over the world and hitting so bad, I read the architecture of the worm and it is so tricky.


the worm installs itself in the system by registering several DLLs files and service into the system, then it starts to downloads instructions from the internet on how to work, interact and change itself.


I have paid a close attention to the worm since the early days, we have been scanning our systems and network on weekly basis to isolate infected PCs and thanks god we have none, what me me write today that I read an article today indicating that baout 4.5 Million PC WW are infected with the Confiker worm.


below are some steps to help you protecting your network:

- Install Microsoft hotfix


- Confiker owns 250 domain per day, so you can use to start blocking those domains, since they work with the IBM security research center to block access to those domains.

- use nessus to scan your network, I prefer using NMAP.


- Finally pray and ask god to help you network.


Visit the Microsoft's Confiker page:


“The information contained in this communication is intended solely for the use of the individual or entity it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. If you have received this message by mistake please notify the sender immediately by e-mail, destroy it and delete it from your system. The sender is neither liable for the proper and complete transmission of the information contained in this communication nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication”

Monday, April 13, 2009

helping OCS not to drop words, applying Voice QoS for OCS on WAN traffic

Long time I haven’t blogged, I was so busy in some new projects that burned my time.


I will blog about a topic I wanted to blog about it long time ago, applying the correct QoS for OCS 2007 traffic over the WAN, this has been a hot topic (at least for me) as I believe that all of voice traffic requires over WAN links.


I will introduce some QoS terminology in this post, and later will tell you how to apply QoS for OCS traffic.


Quality of Service Models

There are 3 service models:

·         Best Effort · No QoS policies are implemented

·         Integrated Services (IntServ) · Resource Reservation Protocol (RSVP) is used to reserve bandwidth per flow across all nodes in a path, uses the Resource Reservation Protocol (RSVP) to reserve network resources in advance of the data actually traveling across the network. Once the end-to-end bandwidth reservation is in place, the data is transmitted.

·         Differentiated Services (DiffServ) · Packets are individually classified and marked; policy decisions are made independently at each node in a path, DiffServ doesn't use RSVP, but instead uses hop by hop Behavior or per hop behavior (PHB) to allow each router/hop across the network to examine the packet and decide what service level it should receive.

IP QoS Markings

We currently use 2 QoS marking methods:

·         Precedence · The first three bits of the IP TOS field are evaluated; compatible with Ethernet CoS and MPLS EXP values

·         DSCP · The first six bits of the IP TOS are evaluated to provide more granular classification; backward-compatible with IP Precedence

The following table contains the Precedence Values















Streaming Video



Call Signaling






Bulk Data


The following table lists the DSCP marking values:

Likely to be dropped

AF Class

Drop Probability

DSCP Value


AF Class 1

AF11 (low)

001 01 0

AF12 (medium)

001 10 0

AF13 (high)

001 11 0


AF Class 2

AF21 (low)

010 01 0

AF22 (medium)

010 10 0

AF23 (high)

010 11 0


AF Class 3

AF31 (low)

011 01 0

AF32 (medium)

011 10 0

AF33 (high)

011 11 0

Very High

AF Class 4

AF41 (low)

100 01 0

AF42 (medium)

100 10 0

AF43 (high)

      100 11 0


How to reserve the Bandwidth:

You can use any of the following methods:

·         Policing · Creates an artificial ceiling on the amount of bandwidth that may be consumed; traffic exceeding the cap and be remarked or dropped

·         Shaping · Similar to policing but buffers excess traffic for delayed transmission; makes more efficient use of bandwidth but introduces a delay



“The information contained in this communication is intended solely for the use of the individual or entity it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. If you have received this message by mistake please notify the sender immediately by e-mail, destroy it and delete it from your system. The sender is neither liable for the proper and complete transmission of the information contained in this communication nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication”

And MS laucnhes Microsoft Egypt Heroes

Karim Salah started several months ago the heroes imitative in Egypt, a group of the ITpros in Egypt that deliver specialized message for them, great idea from Kimo.


To join please visit



“The information contained in this communication is intended solely for the use of the individual or entity it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this e-mail message is strictly prohibited. If you have received this message by mistake please notify the sender immediately by e-mail, destroy it and delete it from your system. The sender is neither liable for the proper and complete transmission of the information contained in this communication nor for any special, incidental or consequential damages of any nature whatsoever resulting from receipt or use of this communication”

Sunday, January 25, 2009

Blog Post: "The call could not be completed because security levels do not match"


I had a weird issue with my OCS in the last 2 weeks, I will blog about the first one in a later post, the problem that I will talk about it here is that I couldn’t join a conf. or do any one to one conf. with any of my Tandberg video endpoints from OCS client.


The problem started after a security review we have done ourselves and we came up with several action to take to enhance our security internally, after the review OCS to CODIAN MCU communication got dropped.


The first problem stopped us from debugging it, last Thursday we solved the first problem so we started to edbug this one, below are the symptoms of the issue:

-          When you do a call from OCS client to Codian MCU the following error appears in the OCS client “The call could not be completed because security levels do not match".

-          In the MCU ou will find the following error: Unable to provide video channel - possible bandwidth/codec issue


The cause was that OCS 2007 server has been configured to require encryption at the A/V conference, this causes the communication to drop, configuring the module to support encryption fixes the problem.



Monday, January 5, 2009

blog Post: confirmed bug with Kaspersky WS/File server/Ent and SCCM Remote tools

I had an issue in my network and it is a confirmed issue with the KAV, we are currently running Kaspersky adminkit 7 latest build to protect our workstations and servers, we run Kaspersky for workstation latest builds, Windows XP SP3 and Vista SP1 with the latest windows updates across our network, we have about 8 remote sites and reaching about 750 client, a salve server installed in each site which reports to the Master adminkit in the HQ.

 The issue is

The issue with MS SCCM remote tool on a protected station (Either running KAV for workstation/file server/Ent), and when opening the KAV windows from the taskbar the remote tool connection drops, we run MS SCCM SP1 with SQL 2005 and Windows 2003 SP2 latest updates.


I reported it to Kaspersky and once fixed I will post an update on it.