movement3

New-ReceiveConnector -Name “MIS Servers” -Usage Custom -Bindings ’0.0.0.0:25′ -FQDN ‘devexch1.domain.com’ -RemoteIPRanges ’192.168.179.201-192.168.179.235′ -Server ‘DEVEXCH1′-Permissiongroups AnonymousUsers

Get-ReceiveConnector “MIS Servers” | Add-ADPermission -User “NT Authority\Anonymous Logon” -ExtendedRights “ms-exch-smtp-accept-any-recipient”

http://www.zerohoursleep.com/2010/02/allow-relaying-on-exchange-2007-exchange-2010-in-4-easy-steps/

http://www.howexchangeworks.com/2009/06/allowing-application-servers-to-send.html

Cluster network name resource ‘Cluster Name’ failed registration of one or more associated DNS name event ID 1196 and Event ID 1119.

There were these messages in our event log for our cluster. The below link details the fix. Basically the DNS record for the cluster hostname did not have the allow any authenticated user to update DNS records with the same owner. Right click the DNS record and go to properties:

Write: rights and Special permissions

Advanced > locate authenticated users > edit

Verify Write all properties, Read permissions, All Validated Writes selected

http://smtp25.blogspot.com/2008/10/cluster-network-name-resource-name_23.html

EqualLogic error message during a DPM backup attempt:

failed for the following reason: Initiator tried to bypass the security phase but we cannot.

The DPM job was trying to backup several VMs on a HyperV host. The DPM job would run for about 2-3 mins before failing.

I fixed the error by logging into the EqualLogic web gui, clicked on the Access tab, verify volume and snapshots were both selected, then enter the iSCSI initiator name. Looks like the EqualLogic VSS hardware provider created the snapshot, but the HyperV host was unable to login the snapshot volume due to the missing setting on the access rules. The rule only had volume checked off.

Using the VSS hardware provider, DPM was able to transfer a 125GB VHD file in 26 mins. Using the software provider, a 17GB VHD file in 41 mins.

The VSS service is a bit of black magic for me. How can they backup a huge amount of data in just a few seconds? After reading some Technet articles, here are my notes:

The Volume Shadow Copy Service (VSS) is the service that allows shadow copies.

Requestors: i.e the Backup software, Backup Exec, or DPM

Writers: applications like SQL, Exchange

Providers: SANs

You could create a shadow copy and transport to another server for quick backups, data mining (you could run queries on real data without degrading the performance), and for testing.

Steps:

1. Backup software (requestor) contacts the VSS service to request a copy

2. VSS coordinates with the writers to tell them to prepare to freeze the data to create the copy. If the application has any data still in memory or buffer, it is written, so a clean state can be used for a copy.

3. The application stops for a few seconds and a point in time snapshot is done

4. VSS tells the application the copy is done and you now continue to write data again

With this method, the responsibility for data is shifted from the backup application to the application owner. This makes sense the developers should know best what to backup and how to back it up.

VSS uses the order to select the provider:

1. Hardware provider

2. Software provider

3. System software provider

There is still a bit of voodoo magic, like: Can the change journal really create a copy that fast? But after reading the articles, I do have a better understanding of VSS.

The below link gave the meat of the information:

http://www.eggheadcafe.com/software/aspnet/30377478/how-to-do-tape-encryption.aspx

I created the self signed cert and created a backup to tape job. Then I deleted the cert in DPMBackupStore. This is the error I got:

I had to go back and mark the private key as exportable in the makecert.exe command.

Makecert.exe -r -n “CN=NameofCert” -ss DPMBackupStore -sr localmachine -sky exchange -sp “Microsoft RSA Schannel Cryptographic Provider” -sy 12 -e 06/01/2011 –pe

I ran another backup to tape job. Went to the Cert MMC tool and exported cert along with the private key as a PFX file (a PFX file requires you to enter in a password when exporting/importing the file).

Then I deleted the certificate. I tried restoring the files from tape and it failed with the above error (as expected). I went back into the Cert MMC tool and imported the PFX file. After importing, I was able to restore the files from tape.

If you had to rebuild a brand new DPM box, and have the PFX file from the older DPM box, you can import the cert into the DPMRestoreStore.

I don’t normally do the day to day Exchange administration, but today I got a request from Legal to view an employee’s email.

Of course if you get this request from a regular manager, I would check your manager and possibility the legal department first.

Open up ADUC > User account > Properties > Exchange Advanced > Mailbox Rights

Add the requester and grant Read permissions and Full mailbox access. If you’re in the domain admin group, you still have to specially add your own user account, since by default domain admins and enterprise admins are deny this access.

http://searchexchange.techtarget.com/news/article/0,,sid43_gci1119803,00.html

I am setting up a test Exchange 2010 environment. I test sending email and all the emails either get stuck in the Draft folder or go into the Sent folder, but do not go anywhere. I did the MailFlow test and get this error: The SMTP host was not specified. I follow this TechNet article (which is very good):

http://technet.microsoft.com/en-us/library/bb738138(EXCHG.80).aspx

Although I verify the send connectors are setup, mail still isn’t going. In the event log, I saw these messages:

EventID: 1009

The Microsoft Exchange Mail Submission service is currently unable to contact any Hub Transport servers in the local Active Directory site. The servers may be too busy to accept new connections at this time.

Here is the smoking gun:

EventID: 15006

Microsoft Exchange Transport is rejecting message submissions because the available disk space has dropping below the configure threshold.

Since this is a test environment, all the servers are VMs and I kept the VHD files purposely tight. There was only 1.5GB space left, I increase the VHD file 3GB and the Transport service started working.

http://kmwoley.com/blog/?p=345#idc-cover

Step 1: Format the Drive
The steps here are to use the command line to format the disk properly using the diskpart utility. [Be warned: this will erase everything on your drive. Be careful.]

1. Plug in your USB Flash Drive
2. Open a command prompt as administrator (Right click on Start > All Programs > Accessories > Command Prompt and select “Run as administrator”
3. Find the drive number of your USB Drive by typing the following into the Command Prompt window:
   diskpart
   list disk
   The number of your USB drive will listed. You’ll need this for the next step. I’ll assume that the USB flash drive is disk 1.
4. Format the drive by typing the next instructions into the same window. Replace the number “1” with the number of your disk below.
   select disk 1
   clean
   create partition primary
   select partition 1
   active
   format fs=NTFS
   assign
   exit
   When that is done you’ll have a formatted USB flash drive ready to be made bootable.

Step 2: Make the Drive Bootable
Next we’ll use the bootsect utility that comes on the Vista or Windows 7 disk to make the flash drive bootable. In the same command window that you were using in Step 1:

1. Insert your Windows Vista / 7 DVD into your drive.
2. Change directory to the DVD’s boot directory where bootsect lives:
   d:
   cd d:\boot
3. Use bootsect to set the USB as a bootable NTFS drive prepared for a Vista/7 image. I’m assuming that your USB flash drive has been labeled disk G:\ by the computer:
   bootsect /nt60 g:
4. You can now close the command prompt window, we’re done here.

Step 3: Copy the installation DVD to the USB drive
The easiest way is to use Windows explorer to copy all of the files on your DVD on to the formatted flash drive. After you’ve copied all of the files the disk you are ready to go.

Step 4: Set your BIOS to boot from USB
This is where you’re on your own since every computer is different. Most BIOS’s allow you to hit a key at boot and select a boot option.

I used these instructions to get my new Dell Mini 9 laptop loaded with Windows 7 (the PDC bits). HTH.

Adding the Network Policy Server role
You need to only select the Network Policy Server service
I did not have to reboot the server.

Open the NPS under Administrative tools
Right click NPS (Local) and click Register Server in Active Directory
This will grant the server read access to view the groups in AD.

Create a Radius client entry

Create a Connection Request Policy

In the wizard, when you reach the Specify a Realm Name, select the Attribute option on the left, then select User-Name.

Create a Network Policy

Note: checkmark Unencrypted authentication (PAP, SPAP)

Edit the log file settings, that is under Accounting.
Restart the NAP service.

Under the Cisco Concentrator

Configuration > System > Servers > Authentication
Add the new radius server and then test.

http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/#comment-18

Yesterday I installed Windows Server Core, then added the HyperV role.  Installing Server core went pretty quickly since I have done it a few times before. When I went to the HyperV manager to create a virtual network, my network connection when flaky. I know when you create the virtual network, it creates a virtual NIC and all, but my pings were very random. They would be solid for a few seconds, then a couple of packets would be dropped and so on. Since I was in Server Core, I didn’t know how to remove the virtual switch. After some googling, I discovered nvspcrub. Whew! It worked  very well!

I spend a good 4 or 5 hours, researching, setting my NIC to DHCP, creating exceptions on the firewall, etc with no luck. Troubleshooting took longer as it was a Server Core install, so I decided to wipe the box and install with a GUI. After reinstalling, I got to the same problem. Slow network connection after creating the virtual switch.  More research led to the fix. If you disable the Large Send Offload (LSO) feature for your network cards (including the virtual NIC) in the device manager, it will solve the network problem.

If you search your registry for LsoV1IPv4 you will find the key to turn it off.

HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}0<Index>

http://www.petri.co.il/network-issues-with-windows-server-2008-rdp-on-dell-servers.htm

http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/c613e3ad-c9b3-4add-8a71-3d5266ce2518

http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/bdc40358-45c8-4c4b-883b-a695f382e01a

http://social.technet.microsoft.com/forums/en-US/winservercore/thread/d0c55df9-a27c-4876-bc5a-8ac7f1b46462/