Browsing Posts published by Huw

When installing vCenter 5.1 you may get the error message:

“Error 32010. Failed to create database users. There can be several reasons for this failure. For more information, see the vmMSSWLCmd.log file in the system temporary folder”

You can find the location of vmMSSQLCmd.log in

The reason for the error should be in this file. In my instance it was because the passwords chosen for the RSA_DBA and RSA_USER accounts did not meet windows complexity requirements. I changed the passwords to something more complex and the install completed successfully.

THE END

If you found this article useful please click on my referral link before buying your godaddy certificatewww.godaddy.com

When trying to purchase a SSL SAN certificate you may run into problems if your Active Directory domain uses a non-standard domain name e.g. if it ends with .local

For example godaddy with fail giving you the error message

One or more SANs is not a fully qualified domain name. You must drop the invalid SANs

Please note:After November 1, 2015, Go Daddy will no longer provide SSL certificates without a fully-qualified domain name or IP address, such as ‘mail’, ‘intranet’, or 10.0.0.1

This is due to a change in legislation for certificate authorities designed to improve security.

In the example below I have tried to register 5 FQDNs:-

  • Mail.yourdomain.net
  • Autodiscover.yourdomain.net
  • Autodiscover.yourdomain.local (this is a non-standard FQDN)
  • Servername (this is a non-standard FQDN)
  • Servername.yourdomain.local (this is a non-standard FQDN)

As you cannot register the non-standard domains you will not be able to register

  • Autodiscover.yourdomain.local (this is a non-standard FQDN)
  • Servername (this is a non-standard FQDN)
  • Servername.yourdomain.local (this is a non-standard FQDN)

You can only register

  • Mail.yourdomain.net
  • Autodiscover.yourdomain.net

This means that you will need to reconfigure your exchange server to use your public domain name (e.g. mail.yourdomain.net) on your internal network. Otherwise you may get Outlook certificate error messages stating “The name on the security certificate is invalid or does not match the name of the site”.

Create DNS Zone for your public internet domain

By creating an Active Directory zone for your public DNS name you can change what IP address is resolved. E.g. mail.yourdomain.net should resolve to an internal IP. This is known as split brain DNS.

dns

 

 

 

 

 

 

As you are creating a DNS zone for your public domain name you will need to enter any host records you use e.g. www for your website. All exchange DNS records should point to the exchange server’s internal IP.

This allows you to use your public FQDN internally. This reduces the number of DNS names you need to register, e.g. just two.

  • Mail.yourdomain.net
  • Autodiscover.yourdomain.net

Note I have created host records for “mail” and “autodiscover”. Therefore please order the SSL certificate with just the 2 FQDNs e.g. mail.yourdomain.net, autodiscover.yourdomain.net

Set Exchange to Use the Public FQDN

You can view what URLs exchange is using by running the “test e-mail autoconfiguration” program in Outlook.

You will need to set exchange to listen on the public FQDN for a number of key services. To do this need to open the Exchange Management Shell and enter the below commands changing the FQDN (mail.contoso.com) and change the servername (CAS_Server_Name)

Exchange 2007

  1. Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:Â

    Set-ClientAccessServer -IdentityCAS_Server_Name-AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

  2. Change theInternalUrlattribute of the EWS. To do this, type the following command, and then press Enter:

    Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx

  3. Change theInternalUrlattribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:

    Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab

  4. Change theInternalUrlattribute of the UM Web service. To do this, type the following command, and then press Enter:

    Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx

  5. Open IIS Manager.
  6. Expand the local computer, and then expandApplication Pools.
  7. Right-clickMSExchangeAutodiscoverAppPool, and then clickRecycle.

exchange2007

 

 

 

 

 

Note you can check the current settings using the get-clientaccessserver command.

Exchange 2010

  1. Start the Exchange Management Shell.
  2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command and then press ENTER: Set-ClientAccessServer -Identity CAS_Server_Name AutodiscoverServiceInternal Uri https://mail.contoso.com/autodiscover/autodiscover.xml
  3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER: Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.contoso.com/ews/exchange.asmx
  4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER: Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.contoso.com/oab
  5. Open IIS Manager.
  6. Expand the local computer, and then expand Application Pools.
  7. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Confirm Working

By running test email autoconfiguration in Outlook the URLs used for exchange should have changed to the public addresses.

THE END

In this article I am setting a 3 network card aggregate link between an ESXi host and a Cisco 2960. Note that LACP is only supported on distributed vSwitches on ESXi 5.1 and not on ESXi 5.0 and below. You will need to know to which port on the switch your nics connect.

 

DvSwitch Configuration

To create a distributed vSwitch (DvSwitch) go to the below section in the vi client

Create a new DvSwitch

Select the host and network adaptors

Continue through the wizard and select exit.

Set the below options to enable the aggregate link for the ESXi server.

Â

Cisco Switch Configuration

Below are the commands to create a 3 port aggregate connection. The NIC on my ESXi server I want to aggregate connects to switch ports g0/2, g0/3 and g0/4. Note that I am using the default vlan (vlan 1) for my network connections. Also note the the channel-group mode must be set to “on” and not “active”.

 

interface Port-channel1

description aggregate for ESXi

flowcontrol receive desired

!

interface GigabitEthernet0/2

flowcontrol receive desired

channel-group 1 mode on

spanning-tree portfast

!

interface GigabitEthernet0/3

flowcontrol receive desired

channel-group 1 mode on

spanning-tree portfast

!

interface GigabitEthernet0/4

flowcontrol receive desired

channel-group 1 mode on

spanning-tree portfast

 

Verify

Use the “show etherchannel summary” command to verify the aggregate link. The important section below is “Po1(SU) “ the U stand for “Up”.

TRI-COLO-SW1#sh etherchannel summary

Flags: D – down P – bundled in port-channel

I – stand-alone s – suspended

H – Hot-standby (LACP only)

R – Layer3 S – Layer2

U – in use f – failed to allocate aggregator

M – not in use, minimum links not met

u – unsuitable for bundling

w – waiting to be aggregated

d – default port

Number of channel-groups in use: 2

Number of aggregators: 2

Group Port-channel Protocol Ports

——+————-+———–+—————————————-

1 Po1(SU) – Gi0/2(P) Gi0/3(P) Gi0/4(P)

Explanation

Command

Grant full access to all mailboxes

get-mailbox -server <exchange server Name> | Add-MailboxPermission -User “domain\userid” -AccessRights FullAccess

Move mailbox to another server

New-MoveRequest identity username TargetDatabase “database name”

Update Default Global Address List

Update-GlobalAddressList -Identity “default Global Address List”

Grant relay permission to send connector

Get-ReceiveConnector “Anonymous Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

Remove Move Request

Remove-MoveRequest -identity boardroom

If a move fails you need to remove the move request before generating another one

Get information on size and number of items in mailbox store

get-mailboxstatistics -database “name-of-mail-database”

Get information on an individual mailbox

get-mailboxstatistics -identity administrator

Check autodiscover

Test-OutlookWebServices

Create hub site

Set-AdSite “Site A” -HubSiteEnabled $true

Approve in-policy requests from all users for the room mailbox “board room”.

Set-CalendarProcessing -Identity “boardroom” -AutomateProcessing AutoAccept -AllBookInPolicy $true

Prevent a user from deleting any items

Set-mailbox <username> LitigationHoldEnabled $true

Create a retention tag to delete emails older than 90 days from the “deleted items” folder

New-RetentionPolicyTag “AllUsers-DeletedItems” Type DeletedItems Comment “Items older than 90 days are deleted” RetentionEnabled $true AgeLimitForRetention 90 RetentionAction PermanentlyDelete

Exports list of all user email addresses to a text file

get-recipient | select name -expand emailaddresses | where {$_.smtpAddress} | Select-Object Name,smtpAddress | export-csv c:\AllEmailAddresses.txt -noType

Upgrade Recipient Policy from older version of Exchange

Set-EMailAddressPolicy “Default Policy” -IncludedRecipients “AllRecipients”

In this article I am restoring from windows system image backup to a VMWare virtual machine. This is being done to test the validity of the backups for a customer. The backups were performed to a USB disk connected to the original server running Windows 2008 (not R2).

Pre-Requisites

You will need the windows 2008 DVD or ISO.

Step 1- Build Recovery VM

  • Connect the USB disk containing the backup to the ESXi server.
  • Create a VM on your VMWare server note that it must have hard disks at least as big as those of the original server.
  • Add a USB controller and then add the USB device (i.e. the USB drive that contains the backup)

Step 2 Boot into Windows Repair mode

Start the VM and boot of the Windows DVD (or ISO).

Select Windows Complete PC restore

Click finish and the restore will kick off. This may take some time.

When using RDS with a connection broker you will sometimes notice that you get prompted twice for credentials.

To resolve this, you need to get the client to handle the authentication. For XP clients, you will need to enable Network Level Authentication and you will need SP3 installed with Remote Desktop Client at least v6.1 to do that.

To check if Network Level Authentication is enabled, open the remote desktop client, right-click in the title bar and choose About. If it says Network Level Authentication Not Supported, you will need to enable it as follows:

  • Browse to HKLM\SYSTEM\CurrentControlSet\Control\Lsa
  • Locate Security Packages and add tspkg to the bottom of the list
  • Browse to HKLM\System\CurrentControlSet\Control\SecurityProv iders
  • Locate Security Providers and add , credssp.dll at the end
  • Restart the computer

Now check that Network Level Authentication is enabled as above

Open up the RDP shortcut file in notepad make sure you’ve got the following settings:

  • authentication level:i:0
  • prompt for credentials:i:0
  • promptcredentialonce:i:1
  • enablecredsspsupport:i:1

Once you have enabled Network Level Authentication on the client machines you can select the following option within RDP-tcp Properties on the session host servers

 

 

This will improve security on the TS Boxes, it will force authentication before launching any remote sessions.

The below config is for a pair of Powerconnect 6224s stacked together and connected to a Equallogic SAN used with VMWare hosts. On each switch ports 1-4 are for management (i.e. default vlan), 21-24 are set for vMotion, the rest of the ports are for iSCSI. Jumbo frames are also enabled.

Please also note my other article on 6224s which covers setting up LAGS which are not setup here.

————————————————————-

BJ-FP-SANSW#show run

!Current Configuration:

!System Description “PowerConnect 6224, 3.3.4.1, VxWorks 6.5″

!System Software Version 3.3.4.1

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 200,300

exit

hostname “BJ-FP-SANSW”

stack

member 1 1

member 2 1

exit

ip address 172.30.1.221 255.255.255.0

ip default-gateway 172.30.1.253

ip routing

interface vlan 200

name “iSCSI”

exit

interface vlan 300

name “vMotion”

exit

username “admin” password 5f4dcc3b5aaXXXXXXXdeb882cf99 level 15 encrypted

!

interface ethernet 1/g1

description ‘Management’

exit

!

interface ethernet 1/g2

description ‘Management’

exit

!

interface ethernet 1/g3

description ‘Management’

exit

!

interface ethernet 1/g4

description ‘Management’

exit

!

interface ethernet 1/g5

description ‘EqualLogic’

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g6

description ‘EqualLogic’

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g7

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g8

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g9

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g10

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g11

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g12

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g13

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g14

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g15

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g16

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g17

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g18

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g19

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g20

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 1/g21

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 1/g22

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 1/g23

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 1/g24

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 2/g1

description ‘Management’

exit

!

interface ethernet 2/g2

description ‘Management’

exit

!

interface ethernet 2/g3

description ‘Management’

exit

!

interface ethernet 2/g4

description ‘Management’

exit

!

interface ethernet 2/g5

description ‘EqualLogic’

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g6

description ‘EqualLogic’

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g7

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g8

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g9

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g10

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g11

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g12

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g13

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g14

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g15

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g16

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g15

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g16

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g17

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g18

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g19

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g20

spanning-tree portfast

mtu 9216

switchport access vlan 200

exit

!

interface ethernet 2/g21

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 2/g22

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 2/g23

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

!

interface ethernet 2/g24

description ‘vMotion’

spanning-tree portfast

switchport access vlan 300

exit

exit

—————————————————————————

Due to frankly enormous demand for migration services, my company has setup a dedicated team for Office365 migrations. You can view their website here:-www.migrateoffice365.co.uk.If you are looking for help please get in touch!

 

Description
Command
 

Connect to Exchange online

 

$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session

 

Setup service account to impersonate all users



New-ManagementRoleAssignment Name "Impersonation-MyApp" Role "ApplicationImpersonation" User serviceaccount@contoso.com
 

set-ExecutionPolicy unrestricted

 

If you are unable to run scripts and are getting the error message “cannot be loaded because the execution of scripts is disabled on this system”

 

Check on the status of a migration

 

Get-MigrationStatusGet-Migrationbatch

 

Initiate a migration

 

$MigrationSettings = Test-MigrationServerAvailability -Exchange -Credentials (Get-Credential) -ExchangeServer <your-server-name.your-domain> -RPCProxyServer <your-servers-FQDN>

New-MigrationBatch -Exchange -Name <any-name> -ExchangeConnectionSettings $MigrationSettings.ConnectionSettings -MaxConcurrentMigrations 3 -TimeZone “GMT Standard Time”

 

Grant access to another mailbox

 

Add-MailboxPermission mailboxtoaccess@yourdomain.co.uk -User mailboxtoaccessfrom@yourdomain.co.uk -AccessRights FullAccess

 

List mailbox info including email addresses (output to .txt)

 

List distribution groups (output to .txt)

 

get-mailbox| fl Name,displayname,RecipientType,EmailAddresses >aliases.txt

 

 

 

Get-distributiongroup | fl >distgroup.txt

This article explains how to update the dell iDRAC firmware via the iDRAC web interface. This is particularly useful if you running a non-windows OS on the Dell server e.g. VMWare ESXi.

Download the firmware update file

You can download the firmware from here

http://en.community.dell.com/techcenter/systems-management/w/wiki/3204.dell-remote-access-controller-drac-idrac.aspx

You want to download the hard drive version

Extract Downloaded File

Extract the downloaded file. The key file is highlighted below

Upload Firmware Update to idrac

Logon to the idrac and go to “remote access” and “update.

Upload the firmware update file (in this example firmimg.d6)

Select next to install the update.

Wait until complete.

If you now close your browser and reconnect to the idrac you will see it looks very different!

This article explains how to update the ADSL firmware on a Cisco 877.

Download File and Put on TFTP server

  • You will need to download the latest firmware you can do this from the Cisco website (if you have a smartnet contract) or you can download from http://www.alcatron.net/cisco877/firmware/. The version I have downloaded is ADSL_ALC_20190.4-0-018.bin
  • You will need to rename the file to ADSL_ALC_20190.bin
  • You will need to have a TFTP server installed on your PC (such as solarwinds TFTP). Copy the renamed file into your TFTP directory

Upload to Cisco Router

Connect to the router via a console cable. Enter the below commands to upload to the router.

yourname#copy tftp flash

Address or name of remote host [10.10.10.2]?

Source filename [adsl_alc_20190]? adsl_alc_20190.bin

Destination filename [adsl_alc_20190.bin]?

Accessing tftp://10.10.10.2/adsl_alc_20190.bin…

Loading adsl_alc_20190.bin from 10.10.10.2 (via Vlan1): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 993760 bytes]

993760 bytes copied in 8.484 secs (117133 bytes/sec)

Reload and Verify

Reload the router. You can then verify the adsl version by entering

show dsl interface

If there is a problem for some reason you can roll back to the original firmware by entering

delete adsl_alc_20190.bin