Memorise

Autodiscover for multiple domain without changing single SSL cert

When you have multiple domains configured for your users. You must redirect your autodiscover functionality to your primary SMTP domain. You can use these different methods:

How does Outlook/Entourage check for autodiscover functionality?

  1. Autodiscover check https://<smtpdomain>/Autodiscover/Autodiscover.xml.
  2. Autodiscover check https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  3. Autodiscover check http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml.
  4. Autodiscover check for SRV lookup for _autodiscover._tcp.<smtpdomain>.

 

1. DNS SRV Record (Service record)

When you use a SRV record your clients must have update 939184 installed for office 2007 clients. ((http://support.microsoft.com/kb/939184/ ) Description of the update rollup for Outlook 2007: June 27, 2007). It’s included in Service pack 1.

In your srv record you can redirect your autodicover srv record from your subdomain to your primairy domain. To do this you don’t need difficult certificate constructions. One certificate for your primaire domain is needed.

How configure a SRV record to redirect:

If you are using Windows DNS, the steps to create an SRV Record are as follows:

  1. Open the DNS Management MMC snap-in.
  2. Expand Forward Lookup Zones.
  3. Locate and right-click the external DNS zone, and then click Other New Records.
  4. Click Service Location (SRV).
  5. Enter the parameters by using the required values.
  6. Click OK.

SRV record

1.  Service: _autodiscover

2.  Protocol: _tcp

3.  Port Number: 443

4.  Host: autodiscover.<primairy smtp domain>.

Example

Redirect smtp domain contoso.nl to contoso.com

Make a new srv record: _autodiscover._tcp.contoso.nl. with these settings:

_autodiscover._tcp.contoso.nl. 0  0 443 autodiscover.contoso.com.

Remember that it must end with the .

Check your settings with nslookup

Nslookup->

Set type=all

_autodiscover._tcp.contoso.nl

_autodiscover._tcp.contoso.nl SRV service location:

 priority       = 0

weight         = 0

port           = 443

svr hostname   = autodiscover.contoso.com  

Share your thoughts

Installing an SSL Certificate in Microsoft Exchange Server 2007

30% off your entire order at GoDaddy.com!

Before you begin, make sure you are logged in to your server as Administrator.

To run multiple services securely, such as SMTP, POP, IMAP, UM, and IIS, you must use a Multiple Domain (UCC) Certificate.

To Install Your SSL Certificate in Microsoft Exchange Server 2007

  1. From the Start menu, click Run...
  2. Type mmc and click OK. The Microsoft Management Console (Console) window opens.
  3. From the File menu, click Add/Remove Snap In.
  4. Select Certificates, and then click Add.
  5. Select Computer Account, and then click Next.
  6. Select Local Computer, and then click Finish.
  7. Click OK to close Add or Remove Snap-ins.
  8. In the Console window, expand the Certificates folder.
  9. Right-click Intermediate Certification Authorities, mouse-over All Tasks, and then click Import.
  10. In the Certificate Import Wizard, click Next.
  11. Click Browse to find the certificate file.
  12. In the bottom right corner, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b).
  13. Select your certificate file, and then click Open.
  14. Click Next.
  15. Select Place all certificates in the following store.
  16. Click Browse, select Intermediate Certification Authorities, and then click Next.
  17. Click Finish.
  18. From the Start menu, select Microsoft Exchange Server 2007, and then click Exchange Management Shell.
  19. At the prompt, type the following to import the certificate:
    Import-ExchangeCertificate -Path C:CertificateFile.crt

    NOTE: Replace CertificateFile.crt with the complete path and file name of your certificate.

  20. Copy the thumbprint of the certificate.
  21. Type the following to enable the certificate:
    Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services “SMTP, IMAP, IIS

    NOTE: Paste the thumbprint in place of paste_thumbprint_here. Specify the services this certificate covers, using quotes. Valid service identifiers are SMTP, POP, IMAP, UM, and IIS. Do not enable services that are not in use.

  22. Close the Exchange Management Shell window.

Share your thoughts

How do I know Outlook Anywhere is working?

Simple… when no one is complaining! Seriously though, it is preferable is to run diagnostics on Outlook Anywhere before subjecting it to thousands of users. The one tool that works pretty well in most cases is rpcping. Yes, it has a lot of parameters and is confusing, but it does provide pretty good diagnostic information and as long as you have the KB open, you can figure out where problems lie. Start by pinging just the RPCProxy by using the -E option. Once that works, move onto testing the mailbox server endpoints by removing the -E and adding -e 6001 instead. Similarly for 6002, 6004.

A typical command line would be something like this. Refer to http://support.microsoft.com/kb/831051 for usage details

rpcping -t ncacn_http -o RpcProxy=cas1.contoso.com -P “user,domain,password” -H 1 -F 3 -a connect -u 9 -v 3 -s mailbox.contoso.com -I ” user,domain,password ” -e 6004

Share your thoughts

Exchange Database Recovery Using eseutil commands

Exchange Database Recovery – Using eseutil commands

The real job of an exchange administrator is to maintain high availability when it comes to a messaging environment.

Below mentioned processes are not done on a day to day basis, but understanding how the process works is mandatory for every exchange administrator.

A step by step walk-through of procedure to be followed when exchange database fail to mount in Exchange System Manager:

1. Perform the Eseutil /mh “Path of the database” as indicated below and check the state of the database.

Health of the DatabaseHealth of the Database

2. If the state is in clean shutdown, move all the log files from the Transaction logs folder location and then mount the stores.

3. If the state is in Dirty shutdown as mentioned below, check if the log files that is indicated as Logs required is available or now.

Database in Dirty ShutdownDatabase in Dirty Shutdown

5. To make sure that the log files that is required is in a Clean state, you can perform Eseutil /ml “Path of the log fileslog prefix” as indicated below. This command will help you check the health of all the log files in the location.

Database in Dirty Shutdownlog file health – eseutil /ml

6.If the log files are healthy, then perform the Soft recovery with the command Eseutil /r <Log Prefix> /l “Path of the log files” /d “Path of the database”

Soft recovery - eseutil/rSoft recovery – eseutil/r

7. Once the command completes successfully, mount the stores.

You might get this error:

“Operation terminated with error -1216 (JET_errAttachedDatabaseMismatch, An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info) after n seconds.”

To resolve this, run soft recovery with the “/i ” switch at the end and it will override the EDB-STM mismatch.

How to run HARD RECOVERY:

In case the required log files are not available in a clean state or missing, either restore from a successful back up or perform Hard repair.

8. In case we have valid backup, then we can restore the files.

9. In any restoration software, once the restoration completes, it should create a location containing the restore.env file along with the logs that were backed up without being committed to the database that was backed up.

10. By default, we have the location as C:Temp as indicated below:

Log restore locationLog restore location

11. This folder contains the restore.env along with the logs as indicated below:

Restore.env LocationRestore.env Location

12.  Make sure we take a copy of the folder containing the logs and restore.env file as the content of the folder will be lost if the hard recovery completes or fails.

Copy the folder post restoreCopy the folder post restore

13. In the command prompt, perform the Hard recovery from the BIN folder with the following command:

Eseutil /cc “Path of the restore.env containing folder”

Hard Recovery - eseutil /ccHard Recovery – eseutil /cc

14. The command will complete successfully:

Hard Recovery completionHard Recovery completion

15. If you check the folder that contained the restore.env file, we would find that to be empty:

Location becomes empty post Hard RecoveryLocation becomes empty post Hard Recovery

16. If the backup was taken a few days back and there were logs created in the production location once the backup was done, then we must make sure that the production location contains the sequence of logs from the one in the restore.env location. In this case, the restore.env folder contained the last log file as E0000003.log. If the production location does not contain a sequence of this (i.e. E0000004.log), the hard recovery command will fail.

17. We can use the eseutil /cc “Path of the restore.env folder” /t in order to avoid playing the logs in the production location. (Kindly make sure to take a copy of the folder once again before performing the command as mentioned in step 12. However, in this case, there will be data loss of the mails created after the backup was taken.

18. We can mount the stores successfully.

How to run HARD REPAIR: 

19. We can Hard repair the databases, to get them back into a clean shut down state in case we do not have a valid back up. To do so type the command:

D:Program FilesExchsrvrBin>eseutil /p “D:ExchsrvrMailbox Store (SERVER).edb”

 

20.     When you are prompted to confirm this operation, choose OK.

Pop-up whilst repairPop-up whilst repair

http://support.microsoft.com/?id=317014

21. The process completes successfully.

Repair process completedRepair process completed

How to run OFFLINE DEFRAG:

22. Once Eseutil /p finishes we will need to defrag the databases, to do so type the following command: Note: You must have available hard disk space equal to 110 percent of the size of the database that you want to defragment.

23.    To defragment Priv.edb, type the following command at the command prompt, and then press ENTER:

24.   D:Program FilesExchsrvrBin>eseutil /d “D:ExchsrvrMailbox Store (SERVER).edb”

Offline DefragOffline Defrag

25. Note If the private and the public information store databases are large, this step may take some time. When you are prompted to confirm this operation, choose OK.

XADM: How to Defragment with the Eseutil Utility (Eseutil.exe) http://support.microsoft.com/?id=192185

26.  Once Eseutil /d finishes Mount the store & Dismount the store immediately then perform the below steps.

How to run ISINTEG:  

27.  Use Isinteg.exe to fix the Pub1.edb database and the Priv1.edb database. The Isinteg.exe utility runs a test on all areas of each of the databases and reports the results. Isinteg.exe also tries to fix any issues that are encountered.

28. To fix Priv1.edb, type the following command at a command prompt

29. E:Program FilesExchsrvrBin>isinteg -s (SERVER) -fix -test alltests and choose the store that we are running the command on. 

 

ISINTEGISINTEG

You are prompted to select the database to be checked.

Index                Status               Database-Name

Storage Group Name:  First Storage Group

  1                    Offline              Mailbox Store (servername)

  2                    Offline              Public Folder Store (servername)

30. Enter a number to select a database or press Return to exit.

31. You can only check databases that are marked as offline. The Information Store service must be started, but the information store must be dismounted.

32. When you select a database, you are prompted with the following message to confirm the selection:

“You have selected First Storage Group / Mailbox Store <servername>

Continue? (Y/N)”

33. Press Y and Enter to start checking the selected database.

34. You receive a summary report that indicates the number of tests that were run, the number of warnings, the number of errors found, the number of fixes attempted, and the time it took for the program to run. If there are any warnings, errors, or fixes, run the command again. Repeat this step until there are no warnings, errors, or fixes reported and the report looks similar to the following text:

Test reference table construction result:

0 error(s); 0 warning(s); 0 fix (es); 0 row(s); time: 0h: 0m: 0s

Test Folder Result:

0 error(s); 0 warning(s); 0 fix (es); 101 row(s); time: 0h: 0m: 0s

 Now in test 3 (reference count verification) of total 3 tests;

100% complete.

ISINTEG CompletionISINTEG Completion

Before you execute any command on the database, please make sure that QUICKEDITMODE is not checked in command prompt properties as it may pause the process upon left click.

Quickeditmode disabledQuickeditmode disabled
Advanced Soft Recovery Scenarios

In most cases, the best way to run soft recovery is to mount any database in a storage group. Because all databases in a storage group share a single stream of log files, soft recovery occurs at the level of the entire storage group and not at the level of the individual database.

In some special circumstances, there are advantages to running soft recovery using Eseutil.exe. The most common scenarios are:

  • You want to recover a storage group that has a missing database.
  • You want to recover an individual database “out of place” without affecting other databases or the storage group’s log files.

The complete syntax for the Eseutil.exe soft recovery function, listing all possible switches, is:

ESEUTIL /r enn /L[path to log files] /s[path to checkpoint file] /d[path to database file] /i

Example: ESEUTIL /r e01 /Lf:mdbdata /sc:exchsrvrmdbdata /dg:mdbdata /i

— Missing log file —

First process is to make a note of which log files does the database require to make itself to a clean shutdown state

To know this, run eseutil /mh which will show you the logs required:

So here we need the logs:

E06000011B1 – Ox means the prefix of the log name

Now, try to find if you have this log file intact.

Mostly it maybe the E00.log file

In my case, I had the E00.log and E00tmp.log

Which means the server crashed when a new E00.log was in the process of being created.

Now try to perform soft recovery and recover the database.

Exchange gives you an option of lossy recovery which lets you ignore missing logs as outlined here:

Exchange 2007: Operation terminated with error -939586631 The restore environment information isn’t found or cannot be opened:http://msexchangeguru.com/2010/07/27/e2k7-restore-939586631/

So try the command:

Eseutil /r E0n /l “Log file location” /d “Database Location” /a /i

  • E0n – Name of the log file sequence like E00, E01, E02 etc
  • /a – This is the key. This switch will allow a lossy recovery option
  • /i – will override database mismatch

If this doesn’t work, simply try the following before you decide to repair the DB.

NOTE: BACKUP ALL YOUR DATABASE and LOGS

Rename the CHECKPoint file which is E06.chk in my case

The checkpoint file remembers the last played log in our case won’t help.

Now create a newfolder – LOGS and copy all 300 logs to that location till the E06000011B1 log file

Now make a copy of “E06000011B1.log” and rename it to E00.log and place in the same location

You can use eseutil /mk “E06000011B1.log” to know the LGen number of the log

Make sure the checkpoint file is renamed.

Now run the soft recovery command again and “DELETE THE NEW E00.LOG” that you created while soft recovery is running

Eseutil /r E06 /l “NEW log file location” /d “DB Location” /a /i

This is tricky process. Read again – while the soft recovery is proceeding, you need to delete the E00.log file and once the recovery completes, the database will be in clean shutdown state.

Before mounting the database again, clear all logs in the database location so that we can start with a new set of log files and BACKUP right away.

Let’s say the database need two log files to make itself clean – E06000011B1 and E06000011B2 and you have E00.log and E00tmp.log in the logs location, simply look for E00.log and E00tmp.log number using the command eseutil /mk and rename E00 to E06000011B1.log and E00tmp.log to E06000011B2.log and make a copy of E06000011B2.log and make it E00.log which we can delete while soft recovery is running.

The reason I mentioned you need atleast 300 logs is because soft recovery is a lighting fast process and it wont let you delete the E00.log if it doesn’t have enough logs to replay to the database.

You can repeat the steps several times but – delete the CHECKPOINT file everytime or it will fail instantly.

Share your thoughts

Hide Network in explorer on windows terminal server 2008?

Apply this to Terminal Server 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
“{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”=dword:00000001

OR

To create GPO Templet use below.

; Use this one for hiding the network icon in your explorer.

CLASS MACHINE

CATEGORY !!Custom

CATEGORY !!ExplorerExtras

POLICY !!HideNetworkInExplorer
KEYNAME “SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum”
EXPLAIN !!HideNetworkInExplorer_Help
VALUENAME “{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

END CATEGORY

END CATEGORY

[strings]
Custom=”Custom Policies”
ExplorerExtras=”Windows Explorer Extra’s”
HideNetworkInExplorer=”Hide Network Icon in Explorer 2008/Vista”
HideNetworkInExplorer_Help=”Enable this one to hide the icon, disable or unconfigure to show it…”

Share your thoughts

OS X Lion Upgrade made Internet running slow

I installed the Mac OS X Lion from the App Store this morning and after cannot connect to internet or internet is running very very slowww. after reading the varies forum some people suggesting rebooting fixed the issue, or changing the DNS address to open DNS or disconnecting from wireless and reconnecting got them running but still not as fast as before the upgrade. I think the problem is with wireless only, as I have tested with Ethernet cable plugged in and all works fine.

I spent bit of time, I can see I can ping the external address with good speed but can’t browse the websites so it must be the DNS as it can’t be connection issue otherwise I will have slow response when pinging any external address. I changed my DNS from IPv4 to IPv6 DNS and bingo that solved my issue. So used mixed of IPv4 and IPv6 DNS i.e google DNS

2001:4860:4860::8888
8.8.8.8
2001:4860:4860::8844
8.8.4.4

Share your thoughts

BES during Exchange 2003 to 2007 coexistence upgrade

I have performed many 03 to 07 migrations and I can confirm that it is a very simple process. So all you need to do is:

1. Add BESadmin as a View-Only Admin and set the Send As, Receive As and Store Admin permissions on Exchange 2007

2. Start Migrating user to Exchange 2007

3. Once the user Migration has been completed stop all the BlackBerry Services and move the BES admin account to Exchange 2007

4. Uninstall Exchange System Manager 2003 from the BES (must be done using an account that has full Exchange permissions).

5. Install “Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1” onto the BES and reboot the server

6. After the server restart logon using BESadmin and go to “Start > Programs > BlackBerry Enterprise Server > Edit MAPI Profile” and ensure you can resolve the BESadmin account on the 07 server.

7. Now go too “Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration > BlackBerry Server Tab > Edit MAPI Profile” and ensure you can resolve the BESadmin account on the 07 server.

 

As long as your Exchange Servers are in the same Exchange domain the BES can see both server and it will be fine. For the 1 week that you are migrating the Exchange 2007 users will have issues syncing calendar appointments from the device back to Outlook. Once you remove System manager and install the “Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1” this will correct this issue (This updates BES to run the required cdo.dll for Exchange 2007).

Your only option when System Manager becomes corrupt is to try and repair/reinstall it and then try uninstalling it again. As you are aware you MUST use an account that is a Full Exchange Administrator to uninstall the software.

I added the blackberry admin the view only admin permission, but I tried to set the send as and receive as permissions using the code “get-mailboxserver MYEXCH2K7Server | add-adpermission -user besadmin -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin” and I receive the following answer:

WARNING: The apropiate ACE is already present in the object
“CN=MYEXCH2K7SERVER,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Seglo,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=seglo,DC= com,DC=mx” from the account
“Mydomain\besadmin”.

Identity User Deny Inherited Rights
——– —- —- ——— ——
MYEXCH2K7SERVER MyDomain\besadmin False False Send-As
MYEXCH2K7SERVER MyDomain\besadmin False False Receive-As
MYEXCH2K7SERVER MyDomain\besadmin False False ms-Exch-Store-Admin
MYEXCH2K7SERVER MyDomain\besadmin False False ReadProperty
MYEXCH2K7SERVER MyDomain\besadmin False False ListObject, Generi…
MYEXCH2K7SERVER MyDomain\besadmin False False Self, WriteProperty
MYEXCH2K7SERVER MyDomain\besadmin False False ReadControl

This result is correct (i.e. Deny = False).

Share your thoughts

Can’t delete file or take Ownership

First check file is not open anywhere, you can check if fileshare location in share & storage location and look for open files.

C:\Users\You\Downloads\abctest.jpeg
Type the following command, and then press ENTER to grant

administrators full access to the file:

icacls Path_And_File_Name /GRANT ADMINISTRATORS:F

For example, type:
icacls C:\Users\You\Downloads\abctest.jpeg /grant administrators:F

Then try to delete abctest.mp3.
also you can try the following from the cmd window:

C:\Program Files (x86)>takeown /F C:\Users\You\Downloads\abctest.jpeg /R /A

 

Share your thoughts

Adding vSphere

P2000-with-vSphere

Initial iSCSI setup of the ESX/ESXi servers
Networking for the software initiator
Before SAN connectivity can be established a specific network configuration must be in place. To 
correctly enable connectivity, two VMkernel ports must be created and each configured to use a 
separate vmnic port. As a best practice, the VMkernel networks for iSCSI should be separate from the 
management and virtual networks used by virtual machines. If enough vmnic ports are available, it is 
preferred to have VMotion and VMware Fault Tolerance (FT) use a separate VMkernel network.
Network port configurations
At a minimum you will need four gigabit network ports in order to provided network separation and 
redundancy for your cluster. Two of the ports will be used for teaming on your VM Network, while the 
other two ports are used for iSCSI. While more ports are desirable in order to separate out FT and 
vMotion traffic, less than 4 ports is NOT recommended for use with the HP P2000 SAN as multipathing is 
not possible while maintaining a redundant VM Network.
Four network Ports
VMware vSphere 4 servers with four Gigabit network ports can perform better if you separate 
management and virtual machine traffic from iSCSI, VMotion, and FT traffic. As illustrated in Figure 2, 
vSphere 4 servers with four Gigabit network ports should be configured with two virtual switches, each 
comprising two Gigabit ports teamed together. If possible, use one port from each of two separate 
Gigabit adapters. For example, if using two onboard Gigabit adapters and a dual-port Ethernet card, 
team together port 0 from the onboard adapter and port 0 from the Ethernet card, and then team 
together port 1 from the onboard adapter and port 1 from the Ethernet card. This process provides 
protection from some bus or card failures

 

 

 

 

 

 

 

Share your thoughts