tag:blogger.com,1999:blog-32645705287864837532023-11-16T15:09:08.864+00:00Technical NuggetsBlogging about HMC 4.5, Exchange 2007, Windows 2008 and any other technical nuggets I come across each day in work.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.comBlogger29125tag:blogger.com,1999:blog-3264570528786483753.post-75811765409955163552009-03-11T09:00:00.002+00:002009-03-11T09:05:08.693+00:00OT: Microsoft Certified MasterMy blog posts have been very lacking recently as every single moment I have spare has been spent preparing for the Exchange Microsoft Certified Master (MCM) next week. I fly out on Friday, with classes due to start on Monday.<br />With the amout of information I have read about this course and the relatively low pass rate considering the acceptence criteria, I am incredibly nervous and feel very unprepared. I have completed about 85% of the pre-course reading material (there was a <strong>lot</strong> on it. With the 11 hour flight and the rest of this weekend, I hope to get close to 100%. How much I remember is a different question. <br />As well as being nervous, I am incredibly excited. This will probably be one of the best technical learning experiences of my career and expect to come out a changed man, regardless of the exam results :o)<br /><br />I will definately not be posting over the next 3 weeks whilst I am there, so will post back on the other side.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com2tag:blogger.com,1999:blog-3264570528786483753.post-88579537384904034832009-01-29T20:57:00.002+00:002009-01-30T15:17:52.092+00:00Exchange 2007 message size limitsSetting message size limits on your Exchange platform is a fairly obvious, although sometimes controversial best practice. The primary reasons for doing this include managing mailbox growth rates, network utilisation and also preventing potential Denial of Service attacks. <br /><br />Once you have sorted out the politics of setting message size limits and how big this limit should be, how do you actually implement on Exchange 2007? Of course the first place I would set it is in the Organization Configuration > Hub Transport > Global Settings > Transport Settings > Transport Limits or I would use the Set-TransportConfig cmdlet. <br /><br />Easy, eh? Well no, that is only a small part of the whole story. There is a whole bunch of other stuff you need to consider. <br /><br /><strong>What:</strong> Do you want to limit the size of the Message, the Message Header, attachments?<br /><strong>Scope:</strong> You have just set a message size limit at the Organization level. But you can set it all these levels; <br />1. Organization / Global <br />2. Connectors ( including Send, Receive, Site Link and Routing Group connectors)<br />3. Servers<br />4. User objects (including mailbox, contact, Distribution Group and contact level).<br /><strong>Precedence or Effective limits:</strong> What if you set different attachment size limits on different scopes. Which one applies? The smallest size? The largest size? The one set last?<br /><br /><strong>What</strong><br /><br />I think for most Exchange Organizations they would not need the granularity of exactly what part of a message they want to apply to size limits to. For the main reasons I listed at the top, accepting the Exchange 2007 SP1 defaults and then only considering what to change the maximum message size to (including attachments and headers) would be sufficient.<br /><br /><strong>Scope</strong><br /><br />First thing to clarify is what is the difference between Organization level and Global level? In a nutshell, the Organization size limits apply to all Hub Transport servers in the Exchange Organization. The Global size limits applies to all Exchange 2007 Hub Transport servers and all Exchange 2003 servers in an Exchange Organization. In Exchange 2007 SP1 these limits cannot conflict as the Organization limits will be copied to the matching Global limits. (This was not the case with Exchange 2007 RTM, but there is no point going into that as no one in their right mind would still be running Exchange 2007 RTM - IMHO. For the rest of this post I am not going to include Exchange 2007 RTM info). To set message size limits on the Edge Transport server you will need to use the server scope in the EMC or the Set-TransportServer cmdlet.<br />The other scope levels are fairly self explanatory. With Exchange 2007 SP1, anywhere Microsoft set a default maximum message size it is 10MB. It would take me too long to list all the places this limit has been set here. <br /><br /><strong>Precedence</strong><br /><br />Now this is important. If I want to set Organization message size limits, can I create exceptions to the rule? If I set different size limits what is the Effective message size limit for a particular mailbox?<br />Unfortunately figuring out exactly what take precedence or what effective message size limits are, is not entirely obvious on the main Technet article describing setting message size limits in Exchange 2007. Even the one example seems to be missing words. <br /><br />A good rule of thumb is if the user object (any one of the list above) message size limit is higher than the Organization message size Transport limits, then an email to the higher size limit can be sent internally. Unfortunately this precedence does not occur for any email being sent or received from outside the Exchange Organization.<br /><br /><strong>Gotcha....</strong><br />A major “gotcha” to watch out for is that the initial size of a message may get bloated by content conversion by a decent percentage. An email that begins as 10MB, could end being 13MB after content conversion and therefore violate message size limits. If you are troubleshooting message delivery failures, a good place to look is the Message Tracking logs. (Enabled by default in Exchange 2007)Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-3326864848840558982009-01-27T15:18:00.003+00:002009-01-29T21:00:46.969+00:00OT: Humour - Vista progressI had to remove the "Compress this drive to save disk" space property on a computer hard drive. Obviously it is not good practice to compress a system volume in the first place, but have a look at how long it is going to take to decompress this volume!<br /><br /><br /><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQPzZZXSnYwwbvKOPutXevwjdZnrIKTsprgEs2ZxaeUqXgE5TFba9yck2DxAJ6BDq3NwerTTRkFBEwqsVRmioJiAulEAea5b8Q8VtV2w_z-QomDq9-vnZuLKayv2RactoMxUu2K-I53pI/s1600-h/How+Long.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 153px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQPzZZXSnYwwbvKOPutXevwjdZnrIKTsprgEs2ZxaeUqXgE5TFba9yck2DxAJ6BDq3NwerTTRkFBEwqsVRmioJiAulEAea5b8Q8VtV2w_z-QomDq9-vnZuLKayv2RactoMxUu2K-I53pI/s320/How+Long.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5295994698981369314" /></a>Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-39930991937404854682009-01-26T20:19:00.010+00:002009-01-29T21:01:07.280+00:00Set-CASMailboxI think this is one of the most annoying cmdlets in Exchange 2007. I recently attempted to use this cmdlet to disable the Change Password window in Outlook Web Access for a lot of mailboxes that were going to have their password set via a 3rd party synchronisation tool. It has been some months since I had last run Set-CASMailbox and had forgotten about it's sledgehammer approach. Basically if you set just about any of the segmentation attributes to $false, it sets them all (beginning OWA....) to $false also. (Thank goodness that was on my test rig...)<br /><br />Here is a list of all OWA Segmentation attributes that will get set to $false by running the command <em><strong>Set-CasMailbox BGibson OWAChangePasswordEnabled $false </strong></em>;<br /><br /><em>OWACalendarEnabled : False<br />OWAContactsEnabled : False<br />OWATasksEnabled : False<br />OWAJournalEnabled : False<br />OWANotesEnabled : False<br />OWARemindersAndNotificationsEnabled : False<br />OWAPremiumClientEnabled : False<br />OWASpellCheckerEnabled : False<br />OWASearchFoldersEnabled : False<br />OWASignaturesEnabled : False<br />OWAThemeSelectionEnabled : False<br />OWAJunkEmailEnabled : False<br />OWAUMIntegrationEnabled : False<br />OWAWSSAccessOnPublicComputersEnabled : False<br />OWAWSSAccessOnPrivateComputersEnabled : False<br />OWAUNCAccessOnPublicComputersEnabled : False<br />OWAUNCAccessOnPrivateComputersEnabled : False<br />OWAActiveSyncIntegrationEnabled : False<br />OWAAllAddressListsEnabled : False<br />OWAChangePasswordEnabled : False<br />OWARulesEnabled : False<br />OWAPublicFoldersEnabled : False<br />OWASMimeEnabled : False<br />OWARecoverDeletedItemsEnabled : False</em><br /><br />That's right, if you set one to $false you set them all to $false unless you explicitly remember to list every other attribute and set them all to $true in the command. <br /><br />Thankfully there is a quick fix to reverse this action. Open ADSIEdit.msc and browse to the affected AD user account(s). Select the user properties and find the msExchMailboxFolderSet attribute. Clear any value in this attribute (i.e. <strong><not set></strong>) and the OWA Segmentation properties will all be set back to default. <br /><br />So how do you set one OWA Segmentation attribute then? <br />You can either list all the attributes above as $true, except the one you want to set as false. Or you can use ADSIEdit to set all attributes to $True by setting the msExchMailboxFolderSet value to 2147483647 and then change the one attribute you want to disable using the Set-CASMailbox cmdlet again.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com1tag:blogger.com,1999:blog-3264570528786483753.post-14281518844146453212009-01-22T20:40:00.012+00:002009-01-23T20:13:16.487+00:00Windows 2008 initial settingsThis blog post is mostly for myself to easily cut and paste from here, but it may be useful to some others. I find myself continually installing and reinstalling Windows 2008 servers for Exchange 2008 dev environments these days. So I have began to write a batch file I cut and paste each time, edit a few parameters, save as SVRCFG.cmd and then double click. This saves me a few minutes of manually typing everything out each time. Multiply this by an average 8 servers per environment and it soon adds up. Nothing here is rocket science, just nice simple command line administration in a batch file.<br /><br /><em><strong>powercfg /hibernate off<br />netsh firewall set opmode DISABLE<br />netdom renamecomputer %computername% /newname:ET01 /force<br />netsh int ipv4 set address name=10 source=static address=192.168.0.15 mask=255.255.255.0 gateway=192.168.0.254<br />netsh int ipv4 add dnsserver name=10 address=192.168.0.1<br />reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d "3" /f<br />servermanagercmd -install Powershell<br />Shutdown -r -t 2</strong></em><br /><br />Things to check:<br />Change the server name<br />Change the IP address<br />Check the Network cards Idx number or "name"Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-78489750199375552182009-01-12T17:17:00.002+00:002009-01-12T17:27:23.166+00:00OT: Microsoft Certified Master: Exchange<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW7Djlo-uAC2g7rr-_rsrsQ0JA4yUt9j9hbfpXYDvYR-gtEn_NkBDmFU7LbsVdzoQWpfg3FZcisWA1yH-UIZI72UeejAeFYVLPWNFg_M1Db-JBNBB94EOn7F9GXjon5PvuUmvsVUD-m9E/s1600-h/MCM+Logo.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 400px; height: 128px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW7Djlo-uAC2g7rr-_rsrsQ0JA4yUt9j9hbfpXYDvYR-gtEn_NkBDmFU7LbsVdzoQWpfg3FZcisWA1yH-UIZI72UeejAeFYVLPWNFg_M1Db-JBNBB94EOn7F9GXjon5PvuUmvsVUD-m9E/s400/MCM+Logo.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5290458185571765234" /></a><br /><br />Thought I would give a quick update on here to say I have been accepted onto the Microsoft Certified Master for Exchange(MCM:Exchange). So in March I will be off to Redmond for three weeks intensive training, 3 written exams and a lab. I am incredibly excited at the prospect of learning so much and attaining that next level in my career, certification and technical abilities. It does mean the next few months will be spent completing that enormous reading material list and studying my weaker areas a lot more indepth. <br /><br /><em><strong>What is the MCM?</strong></em><br /><br /><em>The new Microsoft Certified Master series offers advanced technical training and certifications on Microsoft technologies that go beyond any product training offered outside of Microsoft today. IT professionals who successfully complete the training program and certification testing validate their skills as product experts who successfully design and implement solutions that meet the most complex business requirements. </em><br /><br /><em>Candidates who successfully complete the program can expect to have a greatly improved understanding of the Microsoft Exchange Server 2007 platform. Microsoft Certified Masters can design and build customer-specified messaging solutions, and they understand how design decisions affect the final solution. They can troubleshoot and diagnose configuration and performance issues, and they have the detailed knowledge and skills that are required to successfully operate and manage an enterprise-class Exchange Server 2007 infrastructure.</em><br /><br /><a href="http://www.microsoft.com/learning/mcp/master/default.mspx">http://www.microsoft.com/learning/mcp/master/default.mspx</a><br /><a href="http://www.microsoft.com/learning/mcp/master/exchange/default.mspx">http://www.microsoft.com/learning/mcp/master/exchange/default.mspx</a><br /><br />All being well, with a lot of blood, sweat and tears (or maybe just a hell of a lot of studying) I will become a MCM:Exchange in a few months time!Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-72419921099655922302009-01-08T10:15:00.003+00:002009-01-08T10:39:31.223+00:00Exchange 2007 LoadGen installation issuesI have had a few hours frustration and an eventual work around to installing the Exchange 2007 Load Generator in one of my test environments.<br /><br />I have been trying to install the Exchange 2007 Load Generator (LoadGen.msi) on a range of servers with the same installation error occurring each time. The errors occured when installing both the 64-bit package on some Windows 2008, 64-bit servers and also the 32-bit package on some Windows 2003 R2 SP2, 32-bit servers. Here are the range of errors and diagnosis:<br /><br />The Microsoft Exchange Load Generator installer gives the following error message:<br /><br /><em>There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact you support personnel or package vendor.</em><br /><br />The server's application event log gives the following error message:<br /><br />Event ID: 11722 Source: MsiInstaller<br /><em>Product: Microsoft Exchange Load Generator -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action START_REMOTE_SERVICE.B08E90EE_3FC7_4509_A7F3_DE16BC275F17, location: net.exe, command: START LoadGenRemote </em><br /><br />If I run the MSI with verbose logging (msiexec /i LoadGen.msi /l*v C:\LoadGen.txt) I get the following error in the verbose log file.<br /><br /><em>Generator\LoadGenRemoteSvc.exe", ServiceType=16,StartType=2,ErrorControl=0,,,,StartName=LocalSystem,Password=**********, Description=Enables distributed load generation for the Microsoft Exchange Load Generator tool.)<br />Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action START_REMOTE_SERVICE.B08E90EE_3FC7_4509_A7F3_DE16BC275F17, location: net.exe, command: START LoadGenRemote </em><br /><br /><br />When you click <strong>OK</strong> to the installer error message it of course rolls back all actions in the MSI. The last error message pointed me in the direction of it being a service problem. If you do not click <strong>OK </strong>and look in the Services.msc you will see there is a service called <strong>Microsoft Exchange Load Generator Remote Agent</strong>. This service is configured as Automatic, but is unable to startup using the Local System account credentials. If you give it another account (I used an admin account in my test lab) it does start. Of course this is useless as the installer has already failed and the only option is to click <strong>OK</strong> and roll back the install.<br /><br />As an absolute pot luck guess, before beginning to think about attempting to edit the MSI the following action allowed the installation to complete. The answer is.....<br /><br />Disable the network card during the MSI installation!<br /><br />Yep - for some completely unknown (to me) reason, this allows the installation to complete and the service to run as the Local System account.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com7tag:blogger.com,1999:blog-3264570528786483753.post-28360736528053424712008-12-17T18:51:00.003+00:002008-12-17T19:06:35.505+00:00HMC4.5, Deployment HaltedI have started deploying HMC4.5 all over again for performance and scalability testing. I hit a new error message fairly early on in the deployment this time from the Provisioning Deployment Tool. The error appearer at the point I had completed all the settings for the <strong>Deploy Core MPS Components </strong>section and clicked <strong>Start Deployment</strong>. After a few seconds the following error message appeared -<br /><br /><strong>Deployment Halted</strong><br /><br /><strong><em>Deployment interrupted for Mpf Audit And Recovery/MPS01 because SQL Server MPSSQL is either offline or non-existent</em></strong><br /><br />I attempted all the normal troubleshooting of ensuring IP connectivity, browsing, DNS records were all okay. Rebooted both servers, checked Event Logs and searched for *.log files, all to not result. After changing the following, it seemed to resolve the situation. I do not know enough about SQL to know if this is the fix, or if it was just some sort of coincidental timing...<br />On the SQL Database server, open the SQL Server Configuration Manager. Expand <strong>SQL Server 2005 Network Configuration > Protocols for MSSQLSERVER</strong>. Right click TCP\IP and select Enable. Restart the relevant SQL services. After completing this the Deployment finally continued without the above error.<br /><br />(NB. I have changed the server names in the errors and post above)Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-71114687451077015102008-12-04T23:05:00.004+00:002008-12-04T23:10:57.115+00:00Are you capacity bound or performance bound?<strong>Calculating Hosted Exchange database disks</strong><br /><br />I have read a fair few articles about calculating your disk storage requirements for the Exchange Mailbox role. The first time I ever read the question, <em>“Are you performance bound or capacity bound?”</em>, I translated the question rather badly in my head and answered, well I want both capacity and performance. Having worked through the calculations of how many disks are required for capacity and how many disks are required for storage, I realised what the question meant. <em>Satisfying which causes you to use more disks?</em> <br /><br /><strong>Resources</strong><br /><br /><a href="http://technet.microsoft.com/en-us/library/bb738147.aspx">http://technet.microsoft.com/en-us/library/bb738147.aspx</a><br /><a href="http://technet.microsoft.com/en-us/library/cc671168.aspx">http://technet.microsoft.com/en-us/library/cc671168.aspx</a><br /><a href="http://en.wikipedia.org/wiki/Gigabyte">http://en.wikipedia.org/wiki/Gigabyte</a><br /><br /><strong>Summary</strong><br />I recently had to calculate how many disks are required to meet both performance and capacity criteria for the Exchange databases on a Hosted Exchange solution. These calculations show which RAID type should be used to achieve both criterion with the least amount of disks. These calculations are irrelevant of the Storage Architecture and are applicable for both SAN and DAS technology and only shows Exchange database calculations (not Transaction Logs). All calculations are of course baseline predictions, with many assumptions and therefore cannot be 100% guaranteed. To protect my companies internal design I have changed all numbers with regards to number of mailboxes, quotas, Send\Receive profile, etc to produce different numbers. The theory is still the same though.<br /> <br /><strong>Assumptions</strong><br /><br />In this environment it has been calculated that there is 15,000 mailboxes per MBX server. All users are classified as “Light Users” and send\receive 25 emails a day. Mailbox servers have been calculated with the maximum 8 cores and 32GB memory.<br /><br /><strong>Performance Calculations</strong><br /><br /><strong>Database Cache</strong><br />Database cache = (MBX Server memory - 2GB) / Total users per MBX server<br />Database cache= (32GB – 2GB) / 15,000<br />Database cache=2.048MB per user<br /><br /><strong>Database Reads per user</strong><br />Multiply the 25 messages per day by 0.0048, which results in 0.12. Next, take the amount of database cache per mailbox (2.048 MB) to the -0.65th power (2.048 ^ -0.65), which results in 0.6275. Finally, multiply the two figures, which results in database reads per user (0.12 × 0.6275 = 0.0753).<br /><br /><strong>Database Writes per user</strong><br />Multiply the number of messages per user (25) by 0.00152, which results in 0.038 database writes per user.<br /><br /><strong>Database I/O (Front End)</strong><br />Total database IOPS per user = ((0.0048 × M) × (D ^ -0.65)) + (0.00152 × M)<br />Total database IOPS per user= 0.0753 + 0.038 = 0.1133<br />Total read IOPS per MBX server = 0.0753 x 15,000 = 1129.5<br />Total write IOPS per MBX server = 0.1133 x 15,000 = 1699.5<br /><br /><strong>Database I/O (Back End)</strong><br />RAID 10 = Write x 2 + Read<br />RAID 10 = (1699.5 x 2) + 1129 = 4528 sustained IOPS<br />RAID5 = Write x 4 + Read<br />RAID5 = (1699.5 x 4) + 1129 = 7927 sustained IOPS<br /><br /><strong>Disks required</strong><br />Assuming an average 15,000rpm disk can sustain an average of 180 IOPS and a 10,000rpm disk can sustain an average of 140 IOPS, the following calculation shows the amount of disks required to cope with the Exchange database performance.<br /><strong><em>RAID 10, 15K Disks = 26 disks<br />RAID 10, 10K Disks = 33 disks<br />RAID5, 15K Disks = 45 disks<br />RAID5, 10K Disks = 57 disks </em></strong><br /><br /><strong>Capacity Calculations</strong><br />Database capacity = Mailbox Capacity + Database whitespace + Dumpster<br />Mailbox Capacity = Total Users x Mailbox quota x OverSubscription ratio (see previous post about Oversubscription)<br />Quota = 1GB<br />OverSubscription ratio = 20%<br />Total Users = 15,000<br />Mailbox Capacity = (15000 x 1 x 20%) = 3000GB<br /><br />Database Whitespace = Total amount of users x Average amount of mail sent per day x Average message size<br />Database Whitespace = 15,000 x25 x50KB = 17.9GB<br /><br />Database Dumpster = Email retention period (days) x Average amount of mail sent per day x Average message size<br />Dumpster = 14 x 15,000 x 25 x50KB = 251GB<br /><br /><strong>Database capacity = 3000GB + 17.0GB + 251GB = 3268GB</strong> <em>(/200 = minimum 17 Storage Groups required)</em><br /><br /><strong>Database Capacity disks required </strong><br />RAID10 Capacity = (Amount of disks x Capacity of disk) \2<br />RAID5 Capacity = Capacity of disk x (Amount of disks -1) <br />400GB disk is actually 372GB, 300GB disk is actually 278GB<br /><em><strong>RAID10, 300GB Disks = 24 Disks<br />RAID10, 400GB Disks = 18 Disks<br />RAID5, 300GB Disks = 13 Disks<br />RAID5, 400GB Disks = 10 Disks</strong></em><br /><br /><strong>Conclusion</strong><br />These calculations show that this Hosted Exchange solution is more performance bound than it is capacity bound. It shows that the RAID type should be RAID10 with 15,000rpm disks. To meet performance it is advisable to design the solution with 26, 300GB, 15K disks. Interestingly, the actual calculations I used in my performance showed that the RAID5 would have been the preferable solution.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-16820659396174382452008-11-18T14:06:00.005+00:002008-11-18T14:37:18.459+00:00Want to really remotely manage Windows 2008, Server Core?Following my last post - I wanted to track down when the Administrator password for my domain was changed. Realising that Windows 2008, Server Core would not have a GUI for the Event Log, I assumed the easiest way to access the Security event logs of my Domain Controller would be to use another Windows 2008 server (Standard), open Event Viewer and remotely connect to my Windows 2008, Server Core Domain Controller. However, I was presented with the error message;<br /><br /><strong><em>"Event Viewer cannot connect to computer DC01. The error reported is: The RPC server is unavailable"</em></strong><br /><br />My first thoughts were whether this was related to another Server Core feature or whether my POC network had issues due to being neglected for so long after being moved to a different ESX host. It turns out that the Windows Firewall in Windows 2008 Server Core is not configured to allow remote management. The following commands needed to be run on all my Windows 2008, Server Core Domain Controllers;<br /><br /><em><strong>Netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable =yes <br /><br />Netsh advfirewall firewall set rule group=”remote administration” new enable=yes</strong></em><br /><br />Some Links<br /><a href="http://technet.microsoft.com/en-us/library/cc770887.aspx">Using the Netsh Advfirewall Command-Line Tool</a><br /><br /><a href="http://technet.microsoft.com/en-us/library/cc771920.aspx">Netsh Commands for Windows Firewall with Advanced Security</a><br /><br />There are other Firewall Rule Groups available (taken from Technet)<br /><br />Event Viewer = "Remote Event Log Management" <br />Services = "Remote Services Management"<br />Shared Folders = "File and Printer Sharing"<br />Task Scheduler = "Remote Scheduled Tasks Management"<br />Reliability and Performance = "Performance Logs and Alerts" and "File and Printer Sharing" <br />Disk Management = "Remote Volume Management"<br />Windows Firewall with Advanced Security = "Windows Firewall Remote Management"<br /><br />To allow only specific MMC snap-ins to connect, at a command prompt, type:<br /><br /><em><strong>Netsh advfirewall firewall set rule group=“%Rule Group%” new enable=yes</strong></em>Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com2tag:blogger.com,1999:blog-3264570528786483753.post-81964165558603844082008-11-18T11:57:00.002+00:002008-11-18T12:13:56.029+00:00Q: How secure is your Windows 2008 Active Directory?A: Only as secure as the physical access to any one of your Domain Controllers. If I have physical access to any of your Domain Controllers I will have administrative access to your domain within 10 minutes.<br /><br />After several weeks of being away from my Hosted Exchange project (it got extended again!) I was back to work on it this week. Whilst I was away I was asked if the Development team could move my Proof of Concept environment to a different ESX host. Of course I had no issue with this as it was not being used whilst I was away. When I attempted to log on today I found that the administrative password I had set was no longer working. I always set the same password for all my development passwords (there is no real requirement for them to be secure) so I know I had not just forgotten it. The team that moved my VMs had no knowledge of the change of password. With it being a POC environment, I had no reason to create other administrative users in the Domain either. <br /><br />I now have a scenario where I have a dozen servers configured with HMC4.5 and Exchange 2007 that I cannot access. It would take a week or so to reproduce this environment again, so I set about trying to hack the Domain Administrator password. <strong>ERD Commander </strong>and <strong>LockSmith</strong> allows you to reset the password on most new Windows Operating Systems. I have in the past tried this on a Windows 2003 Domain Controller to see what would happen and it did allow me to change the Domain's Administrator Active Directory password! As my first port of call I tried this boot disk and tool to see if it would work with a Windows 2008, Server Core Domain Controller. And guess what? It does! This has saved me a lot of work.<br /><br />I guess this is not really new news, but it is relevant that it also works with Windows 2008 Domain Controllers. So - better make sure that Server Room door is always locked - eh?Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-68760463327858770092008-11-12T08:31:00.006+00:002008-11-12T10:58:09.200+00:00Orphaned Exchange Store recovery<strong>Guest blog entry by Rick Eveleigh</strong> (rick_eveleigh at hotmail dot com)<br /><br /><em>Got an intact Exchange Store but the Active Directory has gone? Save yourself thousands by following this procedure. No need for EDB recovery tools, Quest, OnTrack PowerControls, etc</em><br /><br /><strong><em>Note: this is not a mail migration method: there are better textbook ways of doing that.<br />Note: this process is not warranted but comments are welcome.</em></strong><br /><br /><em>This is Exchange 2003 but may well work on 2000 or 2007. The instructions cover all steps but are not fully detailed as they assume you know the basics of Exchange administration.</em><br /><br />Install Exchange 2003 into any domain but with:<br />1. same server name as the orphaned store<br />2. same Org name as the orphaned store<br />3. same Admin Group name as the orphaned store<br />(You might only find out what the last two should be if installed wrong: the correct ones are in the Application Event Log when the stores fail to mount. In this case you will have to uninstall Exchange and reinstall with the correct Org & Admin Group names)<br /><br />Make empty Stores in the Exchange System Manager (ESM)<br />Move to desired location<br />Mark as 'can be overwritten by a restore'<br />Dismount<br /><br />In Windows Explorer, rename the new store names as .bak<br />Copy the recovered stores into the newly created file location<br />Rename the recovered stores to match newly created stores<br />Cross fingers and mount in ESM.<br /><br />If it doesn’t mount you might have the wrong names as above.<br /><br />Once mounted:<br />Expand the store<br />Right click Mailboxes<br />Choose Run Cleanup Agent. All will be marked as disconnected.<br /><br />In Tools, choose Mailbox Recovery Center<br />Right click Mailbox Recovery Center and click Add Store<br />Type the first word of the relevant Store (e.g. Staff) and click Check Names<br />Store should be resolved, click OK<br />If there are a lot of mailboxes the 'resolve with AD' will take a minute or two<br />All the mailboxes will be listed<br />Click Mailbox to sort by Mailbox name (very important!)<br />Hit CTRL+A to select all Mailboxes<br />Right click (might be a delay if there are a lot of mailboxes) and choose Export<br />In the wizard, click Next, Next<br />Click Browse and find an OU for the users to be made in e.g. 'Recovered Staff Mailbox accounts' (you might need to make this first in AD Users and Computers)<br />Click Next<br />Type a name for the exported file (e.g. d:\temp\staff.ldf), choose Replace existing content and click Next<br />When the export has been completed click Finish<br /><br />Run a command prompt<br />Type <strong>ldifde -i -f</strong> <filename> and hit enter<br /><br />It is very likely there will be an error: all you get is a line number e.g. 'Add error on line 1481: Already exists', if this happens:<br />Open Active Directory Users and Computers<br />Browse to the new OU<br />Open your file (e.g. staff.ldf) in Notepad: for convenience arrange the notepad window alongside the ADUC window<br />See which account was the last to be created (this is why the list was alpha sorted before export).<br />Very likely the next account in the ldf file is the problem (might already exist e.g. Administrator, might be a duplicate to the last imported account, might just exist elsewhere in AD, or might be an 'invalid' account e.g. SMTP).<br />Delete all records from the ldf file up to and including the 'problem' account<br />Save (don’t close!) the ldf file.<br />Leave AD Users and Computers and Notepad open and run the ldifde command again.<br />Repeat until the result of the ldifde command is "The command has completed successfully"<br /><br />In ESM, Mailbox Recovery Center, ensure all the mailboxes are still selected, right click and choose Find Match.<br />In the wizard, click Next. The Task will progress and the User Name column in the Mailbox list will populate.<br />Click Finish when the wizard completes.<br />Click the User Name heading to bring unmatched mailboxes to the top of the list<br />Press CTRL+A to select all mailboxes, then holding CTRL, click the <no match> mailboxes to deselect them.<br />Right click on the selected mailboxes and choose Reconnect<br />In the Reconnect Wizard click Next, Next.<br />The mailboxes will be reconnected to the newly created AD accounts<br />When the wizard completes, click Finish<br /><br />Right click Mailbox Recovery Center and choose Remove Store<br />Type the first word of the relevant Store (e.g. Staff) and click Check Names<br />Store should be resolved, click OK.<br /><br />If you are doing this on a temporary or test server you can now run exmerge to extract the mail. Or your Exchange Stores are now recovered.<br /><br />Repeat for any other stores.<br /><br />You can contact Rick via rick_eveleigh at hotmail dot comBrian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-17347171532322588222008-10-12T11:55:00.002+01:002008-10-12T12:02:07.849+01:00OT: Recent lack of bloggingI thought I would drop in this quick <em>Off Topic</em> post after receiving a few emails recently asking about my lack of blogging recently. My Hosted Exchange project was put on temporary hold after I was asked to help out in another area of business for a few weeks. This few weeks away was immediately followed by an incredible few weeks holiday in northern Vietnam. <br /><br />Hopefully I will be getting back into the detailed design phase of designing a hosted Exchange platform over the next few weeks and the blogs should start rolling in again.<br /><br />Many thanks to those that take time to comment on the blog or to drop me an email. For me, that is what makes blogging worthwhile. (As well as reminding myself what I learned a few weeks ago :o))Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-69160826885001615952008-09-12T08:41:00.005+01:002008-09-12T09:13:53.342+01:00Oversubscription...or is it contention or Thin Provisioning?I have not blogged in a wee while as I have been working on financials and cost planning for implementing the hosted Exchange solution I am working on, rather than technical architecture.... a bit of "Excel hell". <br /><br />Normally I blog with unusual or interesting findings, normally with solutions to problems. This post is a bit different as it is a bit more conceptual. <br /><br />As part of my design for hosted Exchange I obviously need to design the mailbox storage, and as part of that design the capacity planning. It seems the whole world and it's dog are giving away huge mailboxes by default. Exchange Labs has 10GB, GMail has some sort of increasing figure coming up 10GB, Hotmail has 5GB and Yahoo has unlimited storage!<br /><br />So the problem for a SaaS provider is, how do you cost for this? You can guarantee that none of the big vendors actually have 10GB of disk space for every one of their millions of users sitting in their data centre, just in case. The fact is that if every user has a 10GB quota on their mailbox a very minute percentage will every get anywhere close to this. <br /><br />What you need to do is calculate a ratio of how much space is actually required vs the total quota limit. There seem to be a few different names for this. A few of my ISP colleague continually refer to this as the <em><strong>contention ratio</strong></em>. However after many hours Google'ing the science (or lack of) contention ratios I found that this is a bandwidth term, not a storage capacity term. It seems the correct term is an <strong><em>Over Subscription ratio</em></strong>. The other term that kept cropping up was <em><strong>Thin Provisioning</strong></em>, which is the practice of assigning less capacity that the total quota limit, but has some software fooling the hosted application into thinking it has the full available quota. <a href="http://en.wikipedia.org/wiki/Thin_provisioning">Thin Provisioning @ Wikipedia</a><br /><br />The next issue comes from the reason you want to allocate less storage capacity. In an internal deployment it is simple. The cost of the initial deployment is cheaper as you simply add storage as it is required. As a hosting provider, it is a little more complicated. You want to reduce the total storage required in order to reduce the cost of the solution altogether. Therefore you need to take a "bet" on how much storage is going to be needed based on your Over Subscription ratio, cost the cost of the solution per mailbox and therefore allocate a price. The main risk is if the Over Subscription ratio is overestimated, it is difficult to recoup the cost of extra storage costs once the price has been set.<br /><br />One of the methods of determining an Over Subscription ratio is obviously to obtain statistics from our current dedicated Exchange deployments. The specific information I wanted to extract was the Total Mailbox Size and Last Logon Date (to determine mailboxes never or rarely used). The Exchange 2007 Powershell command I have used is as follows;<br /><br /><em><strong>Get-MailboxStatistics -Database "Staff Database" | Select-Object Displayname,LastLogonTime, @{expression={$_.TotalItemsize.value.ToMB()};name="Mailbox Size"}| Export-Csv D:\StaffStats.csv</strong></em><br /><br />The most frustrating thing with the statistics I have obtained so far is that there is a very wide range. The first Exchange deployment I looked at has an average mailbox size of 30MB, the next had an average mailbox size of 200MB and the next about 1GB. Obviously the statistics should eventually show a <a href="http://en.wikipedia.org/wiki/Normal_distribution">Bell Curve</a>.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com2tag:blogger.com,1999:blog-3264570528786483753.post-60429589283398767432008-08-21T12:32:00.004+01:002008-08-21T12:50:52.268+01:00Powershell v2, Vista and ProxyI have recently downloaded Powershell v2 (CTP) and WinRM 2.0 (CTP) to attempt some Windows PowerShell (Exchange server) remote management. Having installed both components on my Windows Vista machine I attempted to create a runspace and connect to the remote host in powershell using the following synatax;<br /><br /><em>$rs = New-Runspace -Shell Microsoft.Exchange -ConnectionUri https://remoteserver.com/powershell/ -Credential $MyCred -Authentication Basic</em><br /><br />When attempting the connection it would fail with this error message;<br /><br /><em>New-Runspace : [remoteserver.com] The client cannot connect to the remote host specified in the request. Verify that the service on the remote host is running and is accepting requests. You may use the following command to analyze the state of the WinRM service and to configure the service, if necessary: "winrm quickconfig".</em><br /><br />I spent some (ok, quite a lot of) time trying to troubleshoot this. After confirming I could resolve remoteserver.com via DNS, I attempted to PING remoteserve.com. This failed,but of course this could be expected if ICMP is being blocked (I do not own the remote server or firewalls). I then downloaded and used Portqry.exe to see if I could connect to port 443 on myserver.com which failed also. <br /><br />Now this got me thinking. My Windows Vista workstation uses a proxy server here in my company to access the internet. I wonder if this Powershell runspace is attempting to connect to the internet directly. Remembering the heartache caused by Exchange 2007 services attempting to do this, I attempted to find Proxycfg on my Vista machine. Of course I could not find Proxycfg as it has been dropped in Vista. It has been replaced by extended Netsh functionality. After some Google'ing I have found the correct syntax for Netsh, as follows from a command line;<br /><br /><strong>>netsh<br />>winhttp<br />>show proxy</strong><br /><br />I can now see that there are no winHTTP proxy settings<br /><br /><strong>>set proxy myproxyserver.internal:8080<br />>show proxy</strong><br /><br />I have now set the winHTTP proxy server, achieving the same as running Proxycfg -u on previous versions of windows.<br /><br />My Powershell remote runspace now works. (Interestingly Portyqry still shows the remote server on 443 as FILTERED, but hey - it set me on the right track!)Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-12566075638427224522008-08-11T09:14:00.008+01:002008-08-11T09:29:55.609+01:00HMC 4.5, DomainCacheTask Scheduled TaskI have found several more small configuration issues with the deployment instructions for HMC 4.5. Again, after finding no relevant resources on the Internet about this small issue I thought I would blog it here to hopefully help someone else. <br /><br />When attempting to create the SMTP Domain Cache scheduled task the instructions give you the following syntax to run against the Schtasks command in Windows Server 2008. <br /><br /><strong><em>schtasks /create /S localhost /U %USER% /P %PASSWORD% /SC MINUTE /MO %MINUTES% /TN SmtpDomainCacheTask /TR "\"C:\Program Files\Microsoft Hosting\Provisioning\SmtpDomainCacheTask\SmtpDomainCacheTask.exe\""</em></strong><br /><br />When I run this command (replacing %USER%, %PASSWORD% and %MINUTES%, I received the following error message; <strong><em>ERROR: User credentials are not allowed on the local machine.</em></strong>. Of course Google is my first stop for all unknown error messages, and again I found no documentation referring to this error. <br /><br />To be entirely honest, as Windows Server 2008 is still new to me I had to go and research the Schtasks syntax and switch options. From what I understand the <strong>/U</strong> and <strong>/P</strong> switches are more appropriate for when you are scheduling a task on a remote machine and are therefore passing credentials to allow you to create the scheduled task. If I understand the Note: <em>The user account must have write permission to the directory of CategorizerOverrideAgent.dll, and have read permission to MPS PlanManager database.</em> I believe what is actually required is the user context in which you want to run the task. Therefore the switches required are <strong>/RU</strong> and <strong>/RP</strong>. <br /><br /><strong><em>schtasks /create /S localhost /RU %USER% /RP %PASSWORD% /SC MINUTE /MO %MINUTES% /TN SmtpDomainCacheTask /TR "\"C:\Program Files\Microsoft Hosting\Provisioning\SmtpDomainCacheTask\SmtpDomainCacheTask.exe\""</em></strong><br /><br />This command now schedules correctly for me.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com6tag:blogger.com,1999:blog-3264570528786483753.post-51915982990027476942008-08-08T11:49:00.006+01:002008-08-08T15:48:01.913+01:00HMC 4.5, Install and Configure the OOF AgentWhilst installing HMC 4.5 I have now reached the <em>Install and Configure the OOF Agent </em>section. There are some minor details that upset my installation. After some searching of the internet I have realised there is literally no resource or documentation on the web about these components, so I have decided to blog todays findings. (Try entering CategorizerOverrideAgent into Google - I only got one website returned; Technet)<br /><br />In the section when you install the CategorizerOverrideAgent.msi from the Service Provisioning\MPS\Install folder the instructions state that this should be installed in the C:\Program Files\Microsoft\Exchange Server\TransportRoles\Agents\CategorizerOverrideAgent directory. By default my installation always reverted back to Program Files (x86) not the Program Files folder. I tried to change this several times with no success. It turns out this is not an issue though.<br /><br />During the steps of installing the categorizer agent via the Exchange Management Shell the steps are not quite in the correct order and some syntax is missing. Rather than just running the switch <em>-AssemblyPath CategorizerOverrideAgent.dll</em> you need to pass it the full path to the dll as the Exchange Management Shell does not know the location of CategorizerOverrideAgent.dll. <br /><br />In my environment I was not able to run the <em>Enable-TransportAgent CategorizerOverrideAgent</em> cmdlet whilst the MSExchangeTransport service was stopped (as the instructions suggested). I had to start the MSExchangeTransport service, enable the CategorizerOverrideAgent and then restart the service.<br /><br />Running <em>Get-TransportAgent</em> at the end showed that despite all these annoyances the Categorizer Agent is now installed and enabled on my Hub Transport server.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com1tag:blogger.com,1999:blog-3264570528786483753.post-70736089924896074752008-08-07T14:15:00.003+01:002008-08-07T14:25:37.062+01:00HMC 4.5, Exchange Resource ManagerI am working may way through deploying Hosted Messaging and Collaboration 4.5 (HMC 4.5). I have reached the point (with a lot of frustration and time consuming tweaks) of configuring Exchange 2007 SP1 Resource Management on the Microsoft Provisioning Engine server. Now if you follow the link here <a href="http://technet.microsoft.com/en-us/library/cc501402.aspx">http://technet.microsoft.com/en-us/library/cc501402.aspx</a> you would think this was a fairly straight forward task? Wrong...<br />So I changed the required values and entered my mailbox, my public folder mailbox and my Domain Controllers FQDN. When I ran the <em>provtest</em> command I received the following error;<br /><br /><em><strong>errorContext description="Mail server not found"</strong></em><br /><br />After trying to troubleshoot this for quite some time it turns out that I made that mistake of using a FQDN. It seems that unless these values are NETBIOS names, the script will fail. Seems ridiculous to me. Hopefully this post might save someone else the time and frustation I spent on this daft issue.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-63070861961267127332008-08-05T11:23:00.006+01:002009-01-14T08:39:14.964+00:00VMWare Infrastructure Client, mounting ISOsI am working quite a bit with VMWare Infrastructure Client 2.5 to connect through to my ESX enviornment. I thought I would make a quick post about the frustation of mounting (some) Iso images. I have the following error message when attempting to some mount ISOs across the network for their virtual guests; <em>"Please specify a valid image"</em> <br /><br />Now that is a very descriptive error message, with not a lot of help, eh? I know the image is fine as I am able to access it via WinIso and I am able to burn DVDs from it. The answer is one or both of the following problems;<br /><br />1. The file extension was .ISO rather than .iso. Apparently VMWare Infrastructure Client does not like the ISO file extension to be in upper case, so it needed to be renamed to .iso<br /><br />2. The file name of the ISO was too long. By default the ISO images you download from Microsoft Technet are in a very long format (6001.18000.080118-1840_amd64fre_Server_en-us-KRMSXFRE_EN_DVD.iso) and the VMWare Infrastructure Client does not like this length, rename it something smaller.<br /><br />After performing one or both of the adjustments above, the ISO image mounts with no issues.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com1tag:blogger.com,1999:blog-3264570528786483753.post-50294304159843337622008-08-05T09:30:00.006+01:002008-08-05T09:45:19.831+01:00Proxycfg.exeI originally came across Proxycfg.exe after installing one of the Exchange 2007 Update Rollup packs. Some of the Exchange 2007 services would not start up, in particular the <em>Microsoft Exchange Service Host</em> service.<br /><br />I have now came across the exact same issue with Microsoft SQL Server 2005 and the <em>SQL Server Integration Services</em> service also.<br /><br />This problem occurs because the server cannot reach the following Microsoft Web site: <a href="http://crl.microsoft.com/pki/crl/products/CSPCA.crl">http://crl.microsoft.com/pki/crl/products/CSPCA.crl</a> .For some reason these services do not know how to access the Internet if the server is configured to use a Proxy server. <br />There are various solutions for each individual service that cannot start that involve installing (many) updates to stop these services attempting to reach this site. Alternatively the easiest way to solve this is configure the server services to use the logged on users proxy configuration. To do this open a CMD prompt and change the directory to C:\Windows\System32 and run the command <em><strong>proxycfg.exe -u</strong></em>. In my case the services affected by this problem then all started immediately.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-77675257614570686232008-08-05T09:07:00.006+01:002008-08-05T09:23:04.981+01:00Windows 2008 Active Directory, missing toolI have just discovered that my favourite Active Directory troubleshooting tool Replmon.exe has not made it to Windows 2008! <a href="http://technet2.microsoft.com/windowsserver/en/library/691910f2-a6a7-4ced-984e-972aec2cbdd21033.mspx?mfr=true">(replmon technet link)</a> <br />Here is a quote from a Technet blog;<br /><br /><em>"Unfortunately, replmon did not survive the transition to Win2008. It was actually developed by MS support, not the product group (along with many other support tools/resource kit tools), and without an actual owner to service the tool years later, it was a casualty."</em><br /><br />The Windows 2003 version of Replmon appears to work okay though. You will need to install the Windows 2003 Support Tools (Suptools.msi)ignoring the Program Compatibility Assistant warning <em>This program has known compatibility issues.</em><br /><br />Let's just hope those compatibility issues do not cause instability issues on my server then!....Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-76129544229715460902008-07-31T15:59:00.005+01:002008-07-31T16:02:24.217+01:00Windows 2008 Active Directory, deleting OUsToday I found some new default permissions on Windows 2008 Active Directory Organizational Units (OU). I had created an OU in my nice new Windows 2008 Active Directory to provision servers into. Now that I have created my OU structure I tried to delete my redundant OU and received the error message – <br /><br /><em><strong>You do not have sufficient privileges to delete MyOUName, or this object is protected from accidental deletion. </strong></em><br /><br />So I immediately switched on Advanced Features in Active Directory Users and Computers so that I can access the Security tab of the OU. When I clicked Advanced there was one explicit Deny permission set for Everyone with Special permissions. These Special permissions were Deny Delete and Deny Delete Subtree. Of course by un-checking these options I could delete the OU.<br /><br />I think this is an awesome subtle improvement. I have actually worked for a company were a user with Administrative permissions accidently deleted an enormous OU with thousands of users, computers, printers and customisations. By denying delete permissions to Everyone by default is means that you can no longer accidently delete an OU. You need to be fully aware of what you are doing to have to go and remove this permission each time. Kudos MS.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-9178690247552274942008-07-30T14:21:00.006+01:002008-08-07T14:14:50.552+01:00Microsoft Provisioning Services, LocalesI am currently setting up the Microsoft Provisioning Services(MPS)components as part of the HMC4.5 installation for my Hosted Exchange POC. When attempting to assign some of the core MPS components to a server I received the following error message - <em>The server xxxxx either does not exist, is offline or fails one or more prerequisite checks. Do you want to assign the server anyway?</em> Now is that a cover-all error message or what!? When I click on details I found a much more explanatory reason, but a very frustrating one too<br /><br /><em>Exception: Microsoft.Provisioning.DeploymentTool.Engine.ServerPrerequisiteException<br />Message: Default server locale is 2057, should be one of: 1033</em><br /><br />It turns out that Microsoft have only tested the MPS on the English (United States) locale only and therefore that is the only locale that I can install MPS onto! So after ensuring I had installed every locale configuration as English (United Kingdom) for my MPS servers, I now have to change them all back. Joy.<br /><br />Side note - when you have changed all the locales on your servers to English (United States) you will need to close the Provisioning Deployment Tool and open it again. For some reason it still seemed to think the servers had the wrong default until the application was restarted.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com5tag:blogger.com,1999:blog-3264570528786483753.post-36281056230773534792008-07-30T12:21:00.002+01:002008-07-30T12:23:56.437+01:00Active Directory “List Object Mode”Active Directory normally has three visible READ permissions; <em>List Contents, Read All Properties </em>and <em>Read Permissions</em>. These permissions cover the majority of Active Directories READing related permissions. There is however a fourth READ permission not enabled by default; <em>List Object</em>. <br /><br />The <em>List Contents</em> permission would normally list all immediate child objects. With the <em>List Object </em>permission enabled Active Directory has the ability to hide objects returned by the <em>List Contents</em> function. <br /><br /><strong>Why is the useful? </strong><br /><br />In the shared Active Directory configuration of a multi-tenancy hosting solution, different organizations share the same domain. In this shared hosting environment, it is important to ensure that only authorized users can access the information and configuration settings for a given organization.<br /><br />To set Active Directory to List Object mode open ADSIEdit.msc. Expand the Configuration container, CN=Services , CN=Windows NT. Right-click Directory Service, and click Properties. Change the dsHeuristics attribute to 001.Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0tag:blogger.com,1999:blog-3264570528786483753.post-13108887741146995872008-07-29T11:51:00.002+01:002008-07-30T12:24:06.346+01:00Windows 2008 HibernationWhy on earth would anyone want the ability to hibernate their server? It seems that Windows 2008 server (Standard, Enterprise and Core) all have hibernation enabled by default. I found this strange setting out when trying to figure out where all my system volume disk space was being utilised and came across Hiberfil.sys in the root of the system volume.<br /><br />Of course this file is a hidden system file, so the easiest way to see it is to open a CMD prompt and enter <em><strong>Dir C:\ /A:SH</strong></em><br /><br />Now when I say Hibernation is enabled – it is not enabled in any of my Power Options in the control panel. If I select the currently selected power plan and navigate to the options to change the advanced settings the Hibernate After setting is disabled (as is Sleep after). It seems the only way to safely get rid of this large file (assuming you do not want to hibernate your servers?!) is to run the following command<br /><br /><em><strong>Powercfg /Hibernate off</strong></em>Brian Gibsonhttp://www.blogger.com/profile/14014290967619743416noreply@blogger.com0