Không còn PST nữa...haha....còn lâu...huhu

Mất hơn 2 tuần migrate Exchange 2003 sang 2010 xong và háo hức setup các hot features của Exchange 2010 để giới thiệu với bà con gần xa. Một trong số đó là Online Archive. Không còn pst file nữa, quá đã...haha.
Cho dù phải bấm bụng order thêm Enterprise CAL thì feature này cũng đáng đồng tiền bát gạo. Tạo riêng một mailbox db, enable online archive, vô OWA test thử, NOKIA..:-)...uống 1 ly cafe cho tỉnh táo cái đã để chuẩn bị document và email cho các users thì..... phát hiện nó chưa hề xuất hiện trong Outlook 2010 của mình, bộ Office 2010 Std mới implemented vài tháng trước....hmm
Đào bới các website về licensing thì té ngửa ra rằng feature này chỉ xuất hiện khi sử dụng Office 2010 phiên bản Pro Plus mà chỉ có em Volume Licensing mới có thoi nhehoặc phải sử dụng Outlook OEM or retail...:-(.
Má ơi đúng là lừa đảo kiểu Bill Gates cho dù ....Bill đã nghỉ hưu lâu rồi.
Nếu bạn là dân hay sử dụng đồ chùa thì không nói làm gì nhưng đã là dân sành điệu đã bỏ tiền ra mua chịu hàng hiệu :-) mà còn bị lừa thì đúng là đau còn hơn bò đá :-(. Đúng là không thể trách được tại sao người ta hay dùng crack...
Chính sách licence của Bill đã đủ phức tạp lắm lắm rồi mà còn cố ý cheat các khách hàng của mình nữa...bó tay thật...

Exchange 2010 mailboxes can not send to 2003 mailboxes

PROBLEM
Now we installed a new Exchange 2010 server in the same domain as the exchange 2003 server and installed the CAS, Mailbox and Hub roles. Next we about to move 70 mailboxes to the new Exchange 2010 server. Everything looks fine, users with mailboxed on the Exchange 2003 server can send mail to users on Exchange 2010 server. But the users with mailboxes on Exchange 2010 server can't send mail to mailboxes on exchange 2003. These messages stay in the 'SmtpRelayToTiRg' queue with error : 451 4.4.0 Primary Target IP address responded with: "451 5.7.3 Cannot Achieve Exchange Server authentication" 
~~~~~

SOLUTION 1
I installed a Windows 2007 Exchange server in to my 2003 environment this week. All went well apart from that the mail sending from the 2007 test mailboxes ended up in a queue called smtprelaytotirg. The error message given being 451 4.4.0 Primary Target IP Address Responded with (501 5.5.4 Auth Command Cancelled).
This queue is basically where 2007 is failing to deliver because it can’t route correctly.
The resolution in this case for me was easy. All the connectors were in place as they should be, but the transport for SMTP on the original master 2003 Exchange server had limited access to certain IP addresses.
I added the IP address for the new Exchange 2007 server and bang, 20 mins later the queue is empty.
Just a minor hurdle :) Oh, the other one to watch out for is making sure it can resolve either by IP or FQDN for the SMTP server, it’ll fail on netbios or just a single name. Anyone still relying on WINS needs shot in the face with a screw driver.

~~~~~
SOLUTION 2
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1087732&SiteID=17

Integrated Windows Authentication was not turned on, on my Default SMTP Virtual Server.....WORKED FOR ME

 ~~~~

Unable to assign "Send As" rights to Organization Units in Microsoft Exchange Server 2010

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB21225

Configuring the Microsoft Exchange Server 2010 permissions for the administrator account fails with insufficient permissions for the Users container, or any Organization Unit, even when logged in as a domain administrator. Assigning Send As rights to specific users, or groups, works successfully.

PowerShell Command: Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "CN=Users,DC=example,DC=com"
Active Directory operation failed on example.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : DA172DD1,Microsoft.Exchange.Management.RecipientTa sks.AddADPermission

~~~~~~~

http://www.blackberryforums.com.au/forums/microsoft-exchange/8554-exchange-2010-bes-5-0-x-install-guide.html

 ~~~~~~~

http://www.chicagotech.net/netforums/viewtopic.php?f=7&t=14344

Blackberry offers an alternative for running that powershell command
1. Open Active Directory Users and Computers.
2. Select the View menu and ensure Advanced Features is checked.
3. Right-click the Domain Name or Organizational Unit where Send As permissions are needed and select Properties.
4. Click the Security tab.
5. Click Advanced at the bottom on the Security tab.
6. Select Add and enter your Blackberry Service Account name (for example, BESadmin) and select OK.
7. When the permissions screen appears, change Apply onto: to User Objects (or Descendant User Objects on Microsoft Windows Server 2008).
8. In the permissions box, scroll down and check the Allow box beside Send As and press OK.
9. Press Apply and OK to exit.
it worked for me...

~~~~~~~~

http://www.commodore.ca/windows/exchange/blackberry/how-to-install-bes-express-exchange-2010-single-server.html

Adjusting Exchange 2003 mail flow settings for Exchange 2010

---

When bringing Exchange 2010 server into an existing Exchange 2003 environment, you can't initially send and receive Internet mail via the hub transport server. This is because Microsoft recommends that you place an edge transport server between the Internet and your back-end Exchange server.
An edge transport server is actually a hardened Exchange server that sits on the network perimeter. It maintains message hygiene as SMTP mail flows in and out of an Exchange organization. The edge transport server also shields back-end Exchange servers from direct Internet exposure.
Using an edge transport server is a good idea, but it's not a requirement. Given the current economic climate, I expect that a lot of organizations implementing Exchange 2010 will initially forgo the edge transport server to save money. If you decide to do this, you'll have to configure your hub transport server to send and receive Internet mail.
Note: If you decide not to use an edge transport server, I recommend that you place your mailbox server role on a different Exchange Server, if possible.
To prepare your hub transport server to send and receive Internet mail, create a send connector. The send connector allows the hub transport server to send mail directly to the Internet.
To create a send connector, follow these four steps:

1. Open the Exchange Management Console and navigate to Organization Configuration -> Hub Transport.
2. 
   
3. Go to the Actions pane and click on the New Send Connector link.
4. 
   
5. When the New Send Connector Wizard opens, set the connector's use to Internet.
6. 
   
7. Click Next and set the address to *.

The wizard's other options vary depending on your network configurations, but you do want to ensure that the source server option is set to use the Exchange 2010 hub transport server.
Exchange Server 2010 also uses a default receive connector to receive Internet mail. The hub transport server expects to receive mail from an edge transport server, not directly from the Internet. Because of this, the receive connector is configured to block all unauthenticated inbound SMTP traffic.
Since most Internet mail is not authenticated, you must configure the receive connector to allow anonymous SMTP connections. To do so:

1. Open the Exchange Management Console and navigate to Server Configuration -> Hub Transport Server.
2. 
   
3. Right-click on the receive connector and select Properties. Windows will display the receive connector's properties sheet.
4. 
   
5. Go to the Permission Groups tab and select the Anonymous Users check box.
6. 
   
7. Click OK.

Whether you use an edge transport server or a hub transport server, there is one final step to get mail flowing. You must redirect the inbound messages from one of your Exchange 2003 servers to either an edge transport server or a hub transport server.
Typically, the MX record for your domain will point to a firewall, which will reroute inbound SMTP traffic to an internal server. Therefore, you must reconfigure the firewall port forwarding to send SMTP traffic to the edge transport server or to the newly configured hub transport server.
Converting recipient policies to Exchange 2010 email address policies

Most Exchange organizations' internal domain names are different than the external domain names. For example, my primary external domain name is brienposey.com, but my Exchange servers reside on an internal domain named production.com. In this case, you must use recipient policies to define the appropriate external email addresses for your users.
Microsoft has replaced recipient policies with email address policies in Exchange Server 2007 and Exchange 2010. This means that when migrating from Exchange 2003, you'll need to convert your recipient policies into email address policies.
Doing so is quite simple. Open the Exchange Management Shell and enter the following command:
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq "Legacy"} | Set-EmailAddressPolicy –IncludeRecipients AllRecipients
This EMS command compiles a list of all mailboxes that use a legacy recipient policy. The command then converts the recipient policy into an email address policy.
http://searchexchange.techtarget.com/Adjusting-Exchange-2003-mail-flow-settings-for-Exchange-2010

Pork

RoutingGroup cmd

New-RoutingGroupConnector -Name "RGC 2003-2010" -SourceTransportServers "exchange2010FQDN" -TargetTransportServers "Exchange2003FQDN" -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

Configuring Pass-through Disks in Hyper-V

Jeff Hughes 
http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx


A question the CORE Team gets asked frequently deals with configuring Hyper-V Guest with Pass-through disks. In this blog I will cover this topic.
Pass -through Disk Configuration
Hyper-V allows virtual machines to access storage mapped directly to the Hyper-V server without requiring the volume be configured. The storage can either be a physical disk internal to the Hyper-V server or it can be a Storage Area Network (SAN) Logical Unit (LUN) mapped to the Hyper-V server. To ensure the Guest has exclusive access to the storage, it must be placed in an Offline state from the Hyper-V server perspective. Additionally, this raw piece of storage is not limited in size so, hypothetically, it can be a multi-terabyte LUN.
After storage is mapped to the Hyper-V server, it will appear as a raw volume and will be in an Offline state (depending on the SAN Policy (Figure 1-1)) as seen in Figure 1.

Figure 1: Raw disk is Offline

Figure 1-1 SAN Mode determination using diskpart.exe
I stated earlier that a disk must be Offline from the Hyper-V servers' perspective in order for the Guest to have exclusive access. However, a raw volume must first be initialized before it can be used. To accomplish this in the Disk Management interface, the disk must first be brought Online. Once Online, the disk will show as being Not Initialized (Figure 2).

Figure 2: Disk is Online but Not Initialized
Right-click on the disk and select Initialize Disk (Figure 3).

Figure 3: Initialize the disk
Select either an MBR or GPT partition type (Figure 4).

Figure 4: Selecting a partition type
Once a disk is initialized, it can once again be placed in an Offline state. If the disk is not in an Offline state, it will not be available for selection when configuring the Guest's storage.
In order to configure a Pass-through disk in a Guest, you must select Attach a virtual disk later in the New Virtual Machine Wizard (Figure 5).

Figure 5: Choosing to attach a virtual disk later
If the Pass-through disk will be used to boot the operating system, it must be attached to an IDE Controller. Data disks can take advantage of SCSI controllers. In Figure 6, a Pass-through disk is attached to IDE Controller 0.

Figure 6: Attaching a pass-through disk to an IDE Controller
Note: If the disk does not appear in the drop down list, ensure the disk is Offline in the Disk Management interface (In Server CORE, use the diskpart.exe CLI).
Once the Pass-through disk is configured, the Guest can be started and data can placed on the drive. If an operating system will be installed, the installation process will properly prepare the disk. If the disk will be used for data storage, it must be prepared in the Guest operating system before data can be placed on it.
If a Pass-through disk, being used to support an operating system installation, is brought Online before the Guest is started, the Guest will fail to start. When using Pass-through disks to support an operating system installation, provisions must be made for storing the Guest configuration file in an alternate location. This is because the entire Pass-through disk is consumed by the operating system installation. An example would be to locate the configuration file on another internal drive in the Hyper-V server itself. Or, if it is a cluster, the configuration file can be hosted on a separate cluster providing highly available file services. Be aware that Pass-through disks cannot be dynamically expanded. Additionally, when using Pass-through disks, you lose the capability to take snapshots, and finally, you cannot use differencing disks with Pass-through disks.
Note: When using Pass-through disks in a Windows Server 2008 Failover Cluster, you must have the update documented in KB951308: Increased functionality and virtual machine control in the Windows Server 2008 Failover Cluster Management console for the Hyper-V role installed on all nodes in the cluster.
This completes our discussion. I hope you will find this information useful and share it with your colleagues.

Chuck Timon
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

XP Screen saver has no settings option

 
1) Open the Registration Editor by Start menu > Run > enter "regedit"
2) Go here: "HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\CONTROL PANEL\DESKTOP" (or use Ctrl + F)
3) Double click the binary data files and change their "value data"
ScreenSaveActive --> whether you're applying a screensaver
ScreenSaveTimeOut --> seconds after screensaver is activated

Problems with "File Association" in Windows 7 64-bit

Symptom: + Associate program with file extension does not work. Program selected does not appear in the Open With window.
+ Default Program also does not work or it ignores all changes.

Problem: The program that you're pointing to isn't registered correctly.

Solution:

In regedit: Navigate to Computer\HKEY_CLASSES_ROOT\Applications and find your .exe name. 

Navigate under its name to shell>open>command. In the Default change its location to the actual location of the executable, hit okay and then try and reassociate the file type as you normally would.

~~~~~~~~~~~~~~


http://answers.microsoft.com/en-us/windows/forum/windows_7-files/problems-with-file-association-in-windows-7-64-bit/8a84fcec-22df-4942-8e35-d98dbe96e327

SSL Enabling OWA 2003 using your own Certificate Authority

1. Configuring the CA 2. Creating Certificate Request 3. Getting the Pending Request accepted by our CA 4. Appending the Certificate to the Default Website 5. Enable SSL on the Default Website 6. Testing our SSL enabled Default Website

1. Configuring the Certificate Authority

The first thing to do is to decide which server should hold the Certicate Authority (CA) role, it could be any server as long as it’s at least a member server. If you have a single box setup, such as a Small Business Server (SBS), the decision shouldn’t be very hard.

Note:
In order to add the Certificate Service Web Enrollment component (subcomponent to CA), which we’re going to use in this article, the server needs to be running IIS, so if you haven’t already done so,  install IIS before continuing with this article. If you plan on installing the CA  component on the Exchange server itself, then there’s nothing to worry about, because as you know, Exchange 2003 relies heavily on IIS, which means It’s already installed.

To install the CA component, do the following:

• Click Start > Control Panel > Add or Remove Programs
• Select Add/Remove Windows Components
• Put a checkmark in Certificate Services

Below screen will popup as a warning, just click Yes > then Next

We now have to select what type of CA to use, choose Enterprise root CA and click Next

In the following screen we have to fill out the Common name for our CA, which in this article is mail.testdomain.com.
Leave the other fields untouched and click Next >

We now have the option of specifying an alternate location for the certificate database, database log, and configuration information. In this article we will use the defaults, which in most cases should be just fine.
Now click Next >

The Certificate Service component will be installed, when it’s completed, click Finish

2. Creating the Certificate Request

Now that we have installed the Certificate Services component, it’s time to create the Certificate Request for our Default Website. We should therefore do the following:

• Click Start > Administrative Tools > Internet Information Services (IIS) Manager
• Expand Websites > Right-click Default Website then select Properties
• Now hit the Directory Security tab
• Under Secure Communications click Server Certificate…

As we’re going to create a new certificate, leave the first option selected and click Next >

Because we’re using our own CA, select Prepare the request now, but send it later, then click Next >

Type a descriptive name for the Certificate and click Next >

We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory),  then click Next >

In the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA from the Internet.
Note: As many (especially small to midsized) companies don’t publish their Exchange servers directly to the Internet, but instead runs the Exchange server on a private IP address, they let their ISP’s handle their external DNS settings. In most cases the ISP creates a so called A record named mail.domain.com pointing to the  company’s public IP address, which then forwards the appropriate port (443) to the Exchange servers internal IP address.

When your have entered a Common Name click Next >

Now it’s time to specify the Country/Region, State/Province and City/locality, this shouldn’t need any further explanation, when you have filled out each field, click Next >

In the below screen we have to enter the name of the certificate request we’re creating, the default is just fine, click Next >

In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should have made a mistake, this is your last chance to correct it. If everything looks fine click Next >

And finally we can click Finish.

3. Getting the Pending Request accepted by our Certificate Authority

Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way:

• On the server open Internet Explorer
• Type http://server/certsrv

Note: In order to access the Certsvr virtual folder, you may be prompted to enter a  valid username/password, if this is the case use the Administrator account. When you have been validated the Windows 2003 Server will most probably block the content of the CertSrv virtual folder, which means you wil  have  to add it to your trusted sites in order to continue.

Now that you’re welcomed by the Certificate Services, select Request a Certificate

Click advanced certificate request

Under Advanced Certificate Request click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file

Now we need to insert the content of the certreq.txt file we created earlier, you can do this by clicking the Browse for a file to insert or by opening the certreq.txt file in notepad, then copy/paste the content as shown in the screen below, then click Submit >

Now select Base 64 encoded then click Download certificate

Click Save

Choose to save the certnew.cer on the C: drive > then click Save

Close the Microsoft Certificate Services IE window.

4. Appending the Certificate to the Default Website

Okay it’s time to append the approved Certificate to our Default Website, to accomplish this we need to do the following:

• Click Start > Administrative Tools > Internet Information Services (IIS) Manager
• Expand Websites > Right-click Default Website then select Properties
• Now select the Directory Security tab
• Under Secure Communications click Server Certificate… > then Next

Select Process the pending request and install the certificate > click Next >

Unless you have any specific requirements to what port SSL should run at, leave the default (443) untouched, then click Next >

You will now see a summary of the Certificate, again if you should have made any mistakes during the previous wizard screens, this is the final chance to correct them, otherwise just click Next >

The Certificate has now been successfully installed and you can click Finish

5. Enabling SSL on the Default Website

We have now appended the Certificate to our Default Website, but before the data transmitted between the clients and the server is encrypted, we need to click the Edit… button under Secure Communications.

Here we should put a checkmark in Require Secure Channel (SSL) and Require 128-bit encryption just like below:

Now click OK.

6. Testing our SSL enabled Default Website

Now that we have gone through all the configuration steps necessary to enable SSL on our Default Website, it’s time to test if our configuration actually works.
From the server (or a client) open Internet Explorer, then type:
http://exchange_server/exchange
You should get a screen similar to the one shown below:

This is absolutely fine, as we shouldn’t be allowed to access the Default Website (and any virtual folders below) through an unsecure connection. Instead we should make a secure connetion which is done by typing https, therefore type below URL instead:
https://exchange_server/exchange
The following box should appear:

Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or does not match the name of the site. Don’t worry there’s nothing wrong with this, the reason why it appears is because we aren’t accessing OWA through the common name, which we specified when the certificate was created. When you access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear.
Click Yes
You will now be prompted for a valid username/password in order to enter your mailbox, for testing purposes just use the administrator account, like shown below:

Now click OK
We should now see the Administrator mailbox.

Notice the yellow padlock in the lower right corner, a locked padlock indicates a secure connection, which means OWA now uses SSL.

Final words

Even though it’s possible to run your OWA environments without securing it with a SSL certificate, I strongly advise against doing so, as this would mean any traffic send between the external OWA clients, and the Exchange server would be sent in cleartext (this includes the authentication process). As you now know SSL provides us with 128-bit encryption, but be aware enabling SSL in your OWA  environment isn’t an optimal security solution, in addition to enabling SSL, you should at least have some kind of firewall (such as an ISA server) placed in front of your Exchange server(s). You might also consider enabling the new Exchange 2003 functionality Forms Based Authentication, which provides a few additional benefits such as a new logon screen, which, among other things, uses session cookies to make the OWA sessions more secure, unfortunately the Forms Based Authentication functionality is out of the scope of this article, but I will at some point of time in the near future write another article covering this funtionality.
That was it for this time, I hope you enjoyed the article.
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

How to use 256 bit SSL in IIS 6.0

1.       Install the fix http://support.microsoft.com/kb/948963 which will install the cipher sutes AES 128 and AES 256.

2.       The order of cipher suites on Windows 2003 is hard-coded. AES 128 is the highest priority. AES 256 is the next. We only need to disable AES 128 then AES 256 will have the highest priority.

a.       Open regedit.exe on IIS 6.0 machine.

b.      Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers. You should be able to find there are many subkeys, e.g.  AES 128/128.

c.       In subkey AES 128/128, create a DWORD value “Enabled”. Set it as the value 0. It means we would disable AES 128.

3.       Reboot the IIS 6.0 machine.

On Vista/Windows7 which support AES 256 machine, you can use IE to browse that IIS 6.0 web site through HTTPS. The SSL uses 256 bit encryption.

Cá nục cuốn bánh tráng

Bài này copy của Tran Ai 10/12/2006

Nguyên liệu:- Rau muống hạt 1/2kg - Bánh tráng gạo 300g - Cá nục thuôn mình các tròn và tươi xanh 1kg - Ớt, tỏi, chanh, muối, đường, nước mắm nhĩ Chuẩn bị - Cá nục rửa sạch để ráo nước - Ướp cá chừng 10 phút với 1 muỗng cà phê muối - Rau muống bỏ 1/3 lá, rửa sạch, để ráo - Ớt, tỏi giã nhuyễn. - Rửa sạch xửng, nồi hấp  Thực hiện - Xếp cá vào xửng hấp (có lót 1 cái đĩa có lòng sâu để hứng nước cá hấp). - Đun nước sôi, đặt xửng hấp vào, chưng cách thủy chừng 10 - 15 phút là cá chín. - Bánh tráng nhúng nước sơ, để ráo. - Pha nước chấm Ớt, tỏi giã nhuyễn pha với 2 muỗng canh nước mắm nhĩ, thêm 1 muỗng cà phê đường, 1 muỗng cà phê nước cốt chanh, hoà với nước cá hấp (quan trọng là ở đây ;-) ) Trình bày - Cá hấp gắp ra đĩa, trang trí thêm 1 vài cọng hành hương, ngò. - Rau muống, bánh tráng, nước chấm.

Soup nấm

Lần đầu tiên tôi được ăn soup nấm là vào năm 2010. Ngon tuyệt!!! Nhất là được ăn trong cái gió lạnh và không khí trong lành của đêm Carlisle...mmmm. Peter sư phụ của tôi ở Carlisle người mà tôi gọi là Master chef đã thực hiện món này rất nhanh với một phong thái rất ư là ...thảnh thơi và thư giản. Đối với Pete nấu ăn là một nghệ thuật trộn các mùi lại với nhau để các thành phần nguyên liệu vẫn giữ được hương vị đăc trưng và thể hiện khi nó được vào đưa vào miệng.

Cách nấu soup nấm thật ra rất đơn giản và nguyên liệu để nấu nếu bạn đang ở các nước Tây Âu thì rất dễ. Tất cả đều được bán ở mall


Nếu bạn ở Việt nam thì cũng có thể tìm mua tại Big C

Nguyên liệu:
Món này dành cho 6 người ăn, mỗi người một tô...haha

• Nấm rơm: 400g
• Cần tây (celery stick): 8 cọng
• Củ hành trắng hoặc đỏ: 1 củ lớn bằng trái banh tennis
• Hành ba rô (leak): 1 cọng
• Hạt nêm Knorr hương nấm rơm và rong biển (nếu ở UK bạn mua vegetable stock pot)
• Cream
• Bơ
• Tiêu sọ xay

Cách nấu

Nấm rơm, cần tây, củ hảnh, leak thái nhỏ

Cho bơ vào nồi rồi cho củ hành vào (4 phút), cần tây + leak(4 phút), sau đó nấm rơm. Nấu cho tới khi nào có nước xâm xấp thì cho nửa lít nước sôi và bột nêm vào nêm vừa ăn (hoặc cho stock pot với nửa lit nước sôi vào tô quậy đều rồi cho vào nồi). Nấu cho chín rục rồi dùng máy khuấy khuấy nhuyễn. Thêm tiêu vào khi ăn.

Món này khi trời lạnh mà được 1 chén thì quá đã...:-)

Nếu tây hơn nữa thì dùng cream cho vào nồi rồi mới khuấy nhuyễn.