I realize it's been quite a while since my last post. First off I had a week off work for vacation, which I happily spent sitting in the woods at a nearby public section of land trying in vain to shoot a whitetail.
Then I had another week off at home for the last week of Server 2010 training.
So for being so in-active I give you humor of the nerdiest variety.
The source is here: http://www.ex-parrot.com/pete/upside-down-ternet.html
Basically the guy caught someone stealing his wireless, so he had fun with it. Setup a Squid box, ran some custom perl scripts that screwed with the thief browsing. Much fun was had.
Wednesday, December 10, 2014
Tuesday, October 21, 2014
SMTP Delivery failure, Source: AGENT
So I ran into an issue the other day involving emails not being delivered.. Upon further inspection I noted that the Barracuda passed the messages through because the sending domain was whitelisted. Funny though because I was one of the recipients and the message did not come through.
We have two Exchange 2010 servers so I began inspecting the Transport logs on teh gateway server. Turns out those messages had a status of "FAIL" due to a 'SOURCE: AGENT'.
Agents meaning Transport Agents. Now yes, we do have a Barracuda 410 Spam Filter, but also had the Anti-Spam agents in Exch enabled.
We have two Exchange 2010 servers so I began inspecting the Transport logs on teh gateway server. Turns out those messages had a status of "FAIL" due to a 'SOURCE: AGENT'.
Agents meaning Transport Agents. Now yes, we do have a Barracuda 410 Spam Filter, but also had the Anti-Spam agents in Exch enabled.
Not knowing which one is causing this failure I started with what I would logically think was causing my issue.. Sender ID.
Then re-pushed the messages from the 'Cuda. Checking the Transport logs again I found out they still Failed. So making a long story short I went down the list disabling each Agent was disabled and wound up my Transport Rule Agent was the cause except none of my actual Transport Rules were affecting this particular sender, message body or content.
IDK it's weird. But at least I got mail flowing which is the important part.
Monday, October 20, 2014
Modify DistributionGroup field en masse
Ok so we are in the process of migrating to Office365.. a push started by our parent company. After the move there will be one giant GAL for all the operating companies. To help combat the complexity of such a beast I have to pre-pend ALL of my existing DG's with 'UB_"
I found a quick way to accomplish such a task, Enter POWERSHELL! lol.
Ok so first export your DG view from the EMC to a .csv. You will end up with a spreadsheet with a few columns, delete all but the Name column and Save.
Then from the EMS type:
I had around 154 groups to rename, and caught errors on 4 of them. MUCH better than a manual process obviously.
Now just to help keep things as simple as possible I wanted both the Name, DisplayName and Aliases to match. By changing $_.Name after the Set-DistributionGroup to $_.DisplayName, then to $_.Alias I was able to accomplish that.
I found a quick way to accomplish such a task, Enter POWERSHELL! lol.
Ok so first export your DG view from the EMC to a .csv. You will end up with a spreadsheet with a few columns, delete all but the Name column and Save.
Then from the EMS type:
I had around 154 groups to rename, and caught errors on 4 of them. MUCH better than a manual process obviously.
Now just to help keep things as simple as possible I wanted both the Name, DisplayName and Aliases to match. By changing $_.Name after the Set-DistributionGroup to $_.DisplayName, then to $_.Alias I was able to accomplish that.
Wednesday, October 15, 2014
Relocating a DC from Site A to Site B
I recently learned that my company is shuttering one of our remote locations, which I can't say at this time.
It seems that just yesterday I spent a week out there setting up that as a new site.. *shakes head*
Anyway during that acquisition we gained an office in *major US city* and a manufacturing facility in *tiny friggin remote location*. "TFRL" only has like 8 actual user's and a file server, I did set them up as an AD Site but they had no domain controller. We looks like the best plan I can come up with is moving the DC in the city to TFRL, lol.
So in order to move a Domain Controller to a new AD Site it seems as though the best way is to demote and re-promote in the new site on the new subnet. I do have to change the hostname to match the new Site code so yeah here's what I'm going to do:
Demote DC in old site.
Change hostname
Physically move to new site
Static IP on that subnet
Promote
And Done.
Now from what I can tell via Microsoft's method if my hostname was staying the same then I could just alter the IP config and AD would see that the DC was not using IP info associated with a different Site and change the service records and DNS accordingly. However I would still need to move the object manually to the new site in AD.
This DC is not a bridgehead so being as such that removes some additional config. It does however have the DNS and GC roles so I will need to make sure there are no static records to the old IP.
It'll be next summer before this happens so I won't be travelling again during the middle of winter.
It seems that just yesterday I spent a week out there setting up that as a new site.. *shakes head*
Anyway during that acquisition we gained an office in *major US city* and a manufacturing facility in *tiny friggin remote location*. "TFRL" only has like 8 actual user's and a file server, I did set them up as an AD Site but they had no domain controller. We looks like the best plan I can come up with is moving the DC in the city to TFRL, lol.
So in order to move a Domain Controller to a new AD Site it seems as though the best way is to demote and re-promote in the new site on the new subnet. I do have to change the hostname to match the new Site code so yeah here's what I'm going to do:
Demote DC in old site.
Change hostname
Physically move to new site
Static IP on that subnet
Promote
And Done.
Now from what I can tell via Microsoft's method if my hostname was staying the same then I could just alter the IP config and AD would see that the DC was not using IP info associated with a different Site and change the service records and DNS accordingly. However I would still need to move the object manually to the new site in AD.
This DC is not a bridgehead so being as such that removes some additional config. It does however have the DNS and GC roles so I will need to make sure there are no static records to the old IP.
It'll be next summer before this happens so I won't be travelling again during the middle of winter.
Tuesday, October 14, 2014
Changing certificate on Exchange 2010 SP3
Today I ran into an issue with Exch2010 and adding a new certificate.
See we have two primary sites at the company I work for.. MS and MI. MS is and has always been the SMTP gateway as our spam filter is there. Which is fine and dandy. However we are in the beginning stages of an Office 365 migration and in preparation for that I decided to allow external access to my Exch server here in the MI site.. so as not to traverse slow MPLS to MS then to the cloud when uploading mailbox data.
So since our external URL for OWA is https:\\internetmail.unifiedbrands.net, I chose 'internetmail2' for the common name.
So I buy the cert for Network Solutions, add it to the server, assign IIS and SMTP services to it then edit the Internalurl for OWA, ECP, Active-Sync, OAB, EWS and CAS.
Which worked pretty much except for this nagging Security Alert when opening Outlook complaining at how there was a name mis-match, it was looking for the FQDN of the server.
Oh what now! I hate problems.
I went through and double and triple checked every Virtual Directory there is. I'll be damned their all correct! I reset IIS, I rebooted the server.. the cert mis-match was still here.
Here's the Cliff-Notes version on checking the VD's:
YAY.
See we have two primary sites at the company I work for.. MS and MI. MS is and has always been the SMTP gateway as our spam filter is there. Which is fine and dandy. However we are in the beginning stages of an Office 365 migration and in preparation for that I decided to allow external access to my Exch server here in the MI site.. so as not to traverse slow MPLS to MS then to the cloud when uploading mailbox data.
So since our external URL for OWA is https:\\internetmail.unifiedbrands.net, I chose 'internetmail2' for the common name.
So I buy the cert for Network Solutions, add it to the server, assign IIS and SMTP services to it then edit the Internalurl for OWA, ECP, Active-Sync, OAB, EWS and CAS.
Which worked pretty much except for this nagging Security Alert when opening Outlook complaining at how there was a name mis-match, it was looking for the FQDN of the server.
Oh what now! I hate problems.
I went through and double and triple checked every Virtual Directory there is. I'll be damned their all correct! I reset IIS, I rebooted the server.. the cert mis-match was still here.
Here's the Cliff-Notes version on checking the VD's:
Get-ClientAccessServer | fl identity,autodiscoverserviceinternaluriSo as much as I hate recreating VD's.. I wound up recreating the EWS virtual directory. Then re-set the InternalURL value.. verifying all Authentication settings were correct, flushing my local DNS cache, resetting IIS again and after about 15 minutes Outlook opened without complaint. MailTips were back and I could see Free/Busy info for both users on my CAS and users on the MS server's CAS.
Get-Webservicesvirtualdirectory | fl identity,internalurl,externalurl
Get-OABvirtualdirectory | fl identity,internalurl,externalurl
Get-OWAvirtualdirectory | fl identity,internalurl,externalurl
Get-ECPvirtualdirectory | fl identity,internalurl,externalurl
Get-ActiveSyncVirtualDirectory | fl identity,internalurl,externalurl
*Get-OutlookAnywhere | fl identity,externalhostname (if used)
YAY.
Thursday, October 9, 2014
AIR-CAP2602E join issues to WLC controller
So I bought a Cisco AIR-CAP2602E wireless access point about a month ago. Currently we have an older 2506 controller and a newer 5500 controller sitting there un-used.
Since I did not have the time I had our telecom guy setup the base config on the 5500 and he spent a good 2-3 days trying to get this 2602 to see and join that controller to no avail.
I'll make a long story short.. I took this afternoon to play with it and checking out the console messages it was stuck in a loop:
So it kept renewing is IP via DHCP but could not find the controller. Now as far as I can tell, and what I found Googling the LAP's have to use DHCP.. which is fine. And they can find the WLC in two ways:
DNS resolution by way of the CISCO-CAPWAP-CONTROLLER.domina.com or
DHCP Option 43
Option 43 takes a specific syntax all in Hex but here's the short of it:
It always begins with F1 then in my case I had two controller IP's so because of that the next piece is 08, the followed up with the ip's of my two controllers in hex. So my string was:
F1080a0204120a020404
Now, admittedly while searching for help on the error "invalid event 38 & state 2 combination" I also came across a blog where the guy mentioned enabling the WLC to accept self-signed certs from the AP's. So I did that as well... did not feel like testing the joining without that enabled so it *might* not be needed.
After setting the option 43 I bounced teh AP and it found and subsequently joined the controller. WOOT.
Since I did not have the time I had our telecom guy setup the base config on the 5500 and he spent a good 2-3 days trying to get this 2602 to see and join that controller to no avail.
I'll make a long story short.. I took this afternoon to play with it and checking out the console messages it was stuck in a loop:
*Mar 1 00:21:57.082: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar 1 00:22:00.105: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar 1 00:22:00.208: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.1.250, mask 255.255.255.0, hostname AP7081.0500.0000
Translating "CISCO-CAPWAP-CONTROLLER.example.com"...domain server (172.16.50.100)
*Mar 1 00:22:08.083: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.50.25 obtained through DHCP
*Mar 1 00:22:08.083: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:22:08.173: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.example.com
Not in Bound state.So it kept renewing is IP via DHCP but could not find the controller. Now as far as I can tell, and what I found Googling the LAP's have to use DHCP.. which is fine. And they can find the WLC in two ways:
DNS resolution by way of the CISCO-CAPWAP-CONTROLLER.domina.com or
DHCP Option 43
Option 43 takes a specific syntax all in Hex but here's the short of it:
It always begins with F1 then in my case I had two controller IP's so because of that the next piece is 08, the followed up with the ip's of my two controllers in hex. So my string was:
F1080a0204120a020404
Now, admittedly while searching for help on the error "invalid event 38 & state 2 combination" I also came across a blog where the guy mentioned enabling the WLC to accept self-signed certs from the AP's. So I did that as well... did not feel like testing the joining without that enabled so it *might* not be needed.
After setting the option 43 I bounced teh AP and it found and subsequently joined the controller. WOOT.
Monday, October 6, 2014
powershell.. change directory to a UNC path
I realize this may be old stuff for a lot of people.. but I literally just discovered this. In testing a logon script I opened Powershell and cd'd to a unc path..
How friggin awesome is that? lol
70-411, Administering Windows Server 2012 - Directions Training
So last week I was off at home.. back in my basement sitting through the 70-411 Administering Windows Server 2012 course via WebEx with Directions Training. maybe it's just me but I'm not a fan of the compressed lecturing styles.
I realize that there's limited time to go through the official material, but if I were paying real money for these courses I'd expect a higher level of professionalism, and "complete-ness". Don't skimp on the examples, don;t skim over the lessor topics. I want the instructor to touch every part of the curriculum. You know.. if the material required 9 days... or 12 days I'd go through it in order to cover 100% of the material, as I'm sure most others who are paying good money for these courses would.
Granted many of the topics are not new to 2012, but it's a great refresher for those of us who don't use every part of a Microsoft server OS on a daily basis.
I had wanted this post to be a review of the material but I come back to the training provider on every thought. For the price of the course you do get a virtual copy of the official Microsoft training book, with the labs for each section, which is a good thing.
You can also re-take the course for up to 6-months.. But I don;t think anything new would be gleaned from such an undertaking.
I only hope that the third and final course, 70-412.. the Instructor might keep on track and keep the detail level set to high.
That's my 0.2 anyway.
I realize that there's limited time to go through the official material, but if I were paying real money for these courses I'd expect a higher level of professionalism, and "complete-ness". Don't skimp on the examples, don;t skim over the lessor topics. I want the instructor to touch every part of the curriculum. You know.. if the material required 9 days... or 12 days I'd go through it in order to cover 100% of the material, as I'm sure most others who are paying good money for these courses would.
Granted many of the topics are not new to 2012, but it's a great refresher for those of us who don't use every part of a Microsoft server OS on a daily basis.
I had wanted this post to be a review of the material but I come back to the training provider on every thought. For the price of the course you do get a virtual copy of the official Microsoft training book, with the labs for each section, which is a good thing.
You can also re-take the course for up to 6-months.. But I don;t think anything new would be gleaned from such an undertaking.
I only hope that the third and final course, 70-412.. the Instructor might keep on track and keep the detail level set to high.
That's my 0.2 anyway.
Friday, September 26, 2014
Quick easy way to determine if your *nix system is vulnerable to Shellshock
Run this command from your terminal:
Systems that are vulnerable will return:
Systems that have been patched will return:
For an in depth analysis and explanation go here: http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b
This guy does a much better job than I could ever hope to.
x='() { :;}; echo VULNERABLE' bash -c :Systems that are vulnerable will return:
$ x='() { :;}; echo VULNERABLE' bash -c :
VULNERABLESystems that have been patched will return:
$ x='() { :;}; echo VULNERABLE' bash -c :
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'For an in depth analysis and explanation go here: http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b
This guy does a much better job than I could ever hope to.
Wednesday, September 24, 2014
AutoDesk Network License Manager report log generation
Ran into this issue today.. we are in the midst of moving to an big Autodesk license pool controlled by our parent company. A small pre-requisuite of that is generating usage or report logs, a default install of LMTOOLS does not have that enabled.
To do so you create a file named 'autodesk.opt', open with Notepad and type teh following:
REPORTLOG +c:path\to\working\dir\name.rl
Save the file, and re-read the license file to start the logging.
To do so you create a file named 'autodesk.opt', open with Notepad and type teh following:
REPORTLOG +c:path\to\working\dir\name.rl
Save the file, and re-read the license file to start the logging.
Friday, August 29, 2014
GPP - Mapping User or Home folders
Today I decided to attack our login script.. start using GPO more so first order of business is to create the user folder and map it.
Following this guy, I was able to get the folder creation part working on the first try, however because my file server is still Server 2003, the %LOGONUSER% variable won;t work on the mapping. So I changed it to %USERNAME%.. which still did not work. I was getting event 4098:
Following this guy, I was able to get the folder creation part working on the first try, however because my file server is still Server 2003, the %LOGONUSER% variable won;t work on the mapping. So I changed it to %USERNAME%.. which still did not work. I was getting event 4098:
I resolved that by disabling the 'Reconnect' option in the drive mapping GPP. Weird I know but these mapping is reconnected already because the Action is Replace. So every 90+ minutes the mapping is renewed. No need to programatically set the /persistent:yes switch.
So once done and gp refreshed I had a Home drive mapped, and the folder created on my file server using %logonuser% as the folder name, and that same user had Full Control perms.
Once I get all the user data migrated to the Netapp, I might run into a syntax issue with the mapping part.. IDK for sure yet.
Thursday, August 28, 2014
Systeminfo
This might be old for some but I just today learned of this command. Co-worker asks me if I know of a way to remotely pull a bios date from a host on the network. Interesting.. first thought was WMI i.e. Get-WMIObject win32_bios will show you the version, maker and stuff like that but no date.
Perform some Google-Fu and stumbled on this article that talks about the command 'systeminfo'.
I've fallen in love already! Exactly what we needed, will pull info from remote host and given a nice helping of information without inundating you with a giant wall of text.
Perform some Google-Fu and stumbled on this article that talks about the command 'systeminfo'.
I've fallen in love already! Exactly what we needed, will pull info from remote host and given a nice helping of information without inundating you with a giant wall of text.
Thursday, August 21, 2014
HP Z230 Workstation
Meh.
That usually the opinion I have over new HP offerings. The Z series replaced the XW line of Workstations and while most of our 'power-users' are using a Z400 right now. I have no real complaints about it except it's age, which is no fault of HP. It's powered by a Xeon W6550 which is a work horse. Problem is though there's little to no upgrade path hardware wise on this machine.
So enter the Z230.. now right off the bat I don't agree with the model numbers going down...usually that meant you are getting a lower class unit. So BOO to HP for going that route on these new units. Also I big BOO to HP for the psu maxing out at 400 watts. It's a workstation powered by a nice Xeon E3-1270V3.. it came with 8gigs of pc3-12800... why gimp the power supply? What if I wanted to toss in a big R9 290 along with a pair of 4TB Western Digitals?
Alas, nothing to be done about it now, except to set it up for a user whose known for breaking things and who works in a fairly dirty environment.
Tuesday, August 19, 2014
Modifying the Manager field in AD in bulk..
A quick PowerShell script that will allow you to modify the Manager field in user properties in AD.
get-aduser -filter * -searchbase "ou=test,dc=domain,dc=com" | set-aduser -manager "JBlow"
Or for the entire domain if you are running a small shop:
get-aduser -filter * | set-aduser -manager "JBlow"
The Manage value must be either a SamAccountName or Distinguished Name.
get-aduser -filter * -searchbase "ou=test,dc=domain,dc=com" | set-aduser -manager "JBlow"
Or for the entire domain if you are running a small shop:
get-aduser -filter * | set-aduser -manager "JBlow"
The Manage value must be either a SamAccountName or Distinguished Name.
Monday, August 18, 2014
Microsoft Certified Solutions Associate: 70-410 exam SCHEDULED!
That's right.. exam is scheduled at the testing center at Davenport University in Grand Rapids, MI for this Friday.
WOOT.
WOOT.
Friday, August 15, 2014
WOOT!
Today I was given 10 Microsoft training vouchers for the remaining two MCSA: Windows Server 2012 courses at Directions Training! And as a bonus their giving me three exam vouchers! DBL-WOOT!
September 29 - October 3 for 70-411
December 1 - 5 for 70-412
Now to schedule the 70-410 exam.
YAY!
September 29 - October 3 for 70-411
December 1 - 5 for 70-412
Now to schedule the 70-410 exam.
YAY!
Searching Exchange 2010 mailboxes from Powershell
Customer Service reported an email they never received.. and the sender says they did not get an NDR. I found a VERY nice explanation Here.
We have a Barracuda Spam Filter 300 in place, however it's dreadfully slow lately. So searching it's logs takes FOREVER.
So I went to the Exchange side of things..
So I specified subject:'Woodbury Hospital' and a -targetmailbox as my own. I had questioned whether or not the targetfolder needed to exist or not. I created a folder, specified it as the target but the cmdlet created it's own subfolder with the specified name.
You can also delete emails using this method as well, as seen here:
Now if you wanted to search all mailboxes, copy the results then delete the content you;d do this:
We have a Barracuda Spam Filter 300 in place, however it's dreadfully slow lately. So searching it's logs takes FOREVER.
So I went to the Exchange side of things..
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery attachment:<filename> -TargetMailbox <name of mailbox> -TargetFolder <name of folder> -LogOnly -LogLevel Full
So I specified subject:'Woodbury Hospital' and a -targetmailbox as my own. I had questioned whether or not the targetfolder needed to exist or not. I created a folder, specified it as the target but the cmdlet created it's own subfolder with the specified name.
You can also delete emails using this method as well, as seen here:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery subject:<verbatim subject line> -DeleteContent
Now if you wanted to search all mailboxes, copy the results then delete the content you;d do this:
Get-Mailbox -ResultSize unlimited | Search-Mailbox -SearchQuery subject:<verbatim subject line> -TargetMailbox <name of mailbox> -TargetFolder <name of folder> -DeleteContent
Thursday, August 14, 2014
Powershell - Adding new email address alias to Exchange 2010 mailboxes
$users = get-mailbox
foreach ($a in $user) {$a.emailaddresses.Add("smtp:$($a.alias)@new_domain.com")}
$users | %{Set-Mailbox $_.Identity -EmailAddresses $_.Emailaddresses}
I ran this with a -WhatIf inside the last } and it worked on my setup perfectly. Exchange 2010 SP3.
foreach ($a in $user) {$a.emailaddresses.Add("smtp:$($a.alias)@new_domain.com")}
$users | %{Set-Mailbox $_.Identity -EmailAddresses $_.Emailaddresses}
I ran this with a -WhatIf inside the last } and it worked on my setup perfectly. Exchange 2010 SP3.
Wednesday, August 13, 2014
Listing users with session to specific share names
Helped a guy with a problem earlier..
He was migrating users to new shares, then in trying to remove the original share was being told that users were still connected, are you sure? I'm sure you have seen that before.
The answer is so simple it took me a while to think of it.. you are wanting to view users that are connected to specific share names right?
net use [sharename]
DUH. See I told you.. so simple that it's easy to over look!
Now granted this would only be time effective really if you had a few shares to check.. a few hundred would require scripting and piping the results to text files.
He was migrating users to new shares, then in trying to remove the original share was being told that users were still connected, are you sure? I'm sure you have seen that before.
The answer is so simple it took me a while to think of it.. you are wanting to view users that are connected to specific share names right?
net use [sharename]
DUH. See I told you.. so simple that it's easy to over look!
Now granted this would only be time effective really if you had a few shares to check.. a few hundred would require scripting and piping the results to text files.
Installing and Configuring Microsoft Windows Server 2012 - UPDATE
So the situation I'm in is this: the Enterprise Agreement (EA) administrator actually works for my parent company, Dover Corp. One of Dover's like 4-6 actual SA's who, among other things, is also leading a dozen other projects while handling their normal duties.
I actually asked one of them last year.. I was astonished by that guys workload!
Anyway.. getting a reply from this guy has been problematic to say the least.. usually it takes my boss emailing his boss. It sucks. Anyway I've heard through the grapevine that their EA is up for renewal in September, so I'm trying to get 10 more training vouchers before then.
But here's the kicker, and another reason I have come to love Directions Training, they have free exam vouchers to give away. I was told this morning that if I commit to the second MCSA: 2012 course that they will give me two training vouchers.. and since Microsoft exams are $150 a pop now that's $300 in savings WOOT.
Directions Training {ThumbsUp}
I actually asked one of them last year.. I was astonished by that guys workload!
Anyway.. getting a reply from this guy has been problematic to say the least.. usually it takes my boss emailing his boss. It sucks. Anyway I've heard through the grapevine that their EA is up for renewal in September, so I'm trying to get 10 more training vouchers before then.
But here's the kicker, and another reason I have come to love Directions Training, they have free exam vouchers to give away. I was told this morning that if I commit to the second MCSA: 2012 course that they will give me two training vouchers.. and since Microsoft exams are $150 a pop now that's $300 in savings WOOT.
Directions Training {ThumbsUp}
Exchange 2010 - Managing shared permissions
I created a new mailbox per Marketings request late week before last. I was apparently in a rush so today one of the users reports that she cannot Send As this new account.
Get-MailboxPermissions shows that she has FullAccess, however Full Access does not mean you can Send on Behalf Of.
DOH.
So, Set-Mailbox 'name' -GrantSendOnBehalfTo 'user'
Get-MailboxPermissions shows that she has FullAccess, however Full Access does not mean you can Send on Behalf Of.
DOH.
So, Set-Mailbox 'name' -GrantSendOnBehalfTo 'user'
Monday, August 11, 2014
Installing and Configuring Microsoft Windows Server 2012
Hi all!
I was out all last week for an online, instructor-led training course provided by Directions Training on the 70-410 material which is.. Installing and Configuring Server 2012. Some might ask, "Why would you waste the $$$ on the easiest course on almost any MSFT OS?"
Well for a couple reasons honestly..
My last certification was MCSA: Windows Server 2003. I completed it back in 2004 and while I have supported 2008 and 2012 since then, I figured there'd be some new things.
Secondly, I did not pay for it.. I was able to use 5 training vouchers from my parent companies EA.
I was right too, there have been a few, albeit small changes officially and I did actually learn a couple new things about 2012. The provider I found was Directions Training which was listed at a Microsoft Partner under the online training offerings. I was pleased overall, the instructor Coach Culbertson was entertaining, humorous and very knowledgeable. He spoke very well and offered many real-world examples of situations relating to the tasks covered in the book. I'd recommend Directions and Coach to anyone looking for additional training as Directions covers ALOT of subjects/publishers.
I was out all last week for an online, instructor-led training course provided by Directions Training on the 70-410 material which is.. Installing and Configuring Server 2012. Some might ask, "Why would you waste the $$$ on the easiest course on almost any MSFT OS?"
Well for a couple reasons honestly..
My last certification was MCSA: Windows Server 2003. I completed it back in 2004 and while I have supported 2008 and 2012 since then, I figured there'd be some new things.
Secondly, I did not pay for it.. I was able to use 5 training vouchers from my parent companies EA.
I was right too, there have been a few, albeit small changes officially and I did actually learn a couple new things about 2012. The provider I found was Directions Training which was listed at a Microsoft Partner under the online training offerings. I was pleased overall, the instructor Coach Culbertson was entertaining, humorous and very knowledgeable. He spoke very well and offered many real-world examples of situations relating to the tasks covered in the book. I'd recommend Directions and Coach to anyone looking for additional training as Directions covers ALOT of subjects/publishers.
Friday, August 1, 2014
FreeNAS on XW4600
I decided to try FreeNas at home, Especially after reading this forum post I think I have the answer to my dilemma of trying to remember to download the latest episodes of [insert new show here].
I have Charter 60mb internet at home, protected by a pfSense firewall, and a separate IBM sff Lenovo desktop hosting my Plex Media server. Performance is good.. very good, however waiting the ~10 minutes to download and copy over a new episode of some show is horrible. Well that's a lie sort of.. it's not horrible, in truth its actually quite nice but so is automation ;)
So I've got access to an old HP XW4600 workstation, powered by a Core2Duo E6850 3ghz,4gb ram, and I tossed in 4 x 2TB Western Digital green drives. Since this box has a USB 2 port inside the case I installed the latest freeNas image onto a 4gb Cruzer thumbdrive and set the boot device to USB.
*FreeNAS loads itself into a ram drive
I know what you are thinking, "Why would you use WD Greens?!?" Well normally I wouldn't until I read this explanation of the differences between Red and Green WD drives. Using a Win98 boot disk image, and WDIDLE3 I set mine to 300 seconds, whereas default head parking timeout is 8 seconds.
Everyone says increasing that time will allow for much quicker responsiveness and longer lifespan on teh parking mechanism. We shall see.
I'd much rather be using Reds but I don't have any to test with currently. But Im taking this box home to setup over the weekend with FreeNAS, Plex Media Server, Couch Potato, Transmission and Slick beard.. couple that with some vodka and a litte BF4 in between I think it'll be a good weekend, rain or shine.
I have Charter 60mb internet at home, protected by a pfSense firewall, and a separate IBM sff Lenovo desktop hosting my Plex Media server. Performance is good.. very good, however waiting the ~10 minutes to download and copy over a new episode of some show is horrible. Well that's a lie sort of.. it's not horrible, in truth its actually quite nice but so is automation ;)
So I've got access to an old HP XW4600 workstation, powered by a Core2Duo E6850 3ghz,4gb ram, and I tossed in 4 x 2TB Western Digital green drives. Since this box has a USB 2 port inside the case I installed the latest freeNas image onto a 4gb Cruzer thumbdrive and set the boot device to USB.
*FreeNAS loads itself into a ram drive
I know what you are thinking, "Why would you use WD Greens?!?" Well normally I wouldn't until I read this explanation of the differences between Red and Green WD drives. Using a Win98 boot disk image, and WDIDLE3 I set mine to 300 seconds, whereas default head parking timeout is 8 seconds.
Everyone says increasing that time will allow for much quicker responsiveness and longer lifespan on teh parking mechanism. We shall see.
I'd much rather be using Reds but I don't have any to test with currently. But Im taking this box home to setup over the weekend with FreeNAS, Plex Media Server, Couch Potato, Transmission and Slick beard.. couple that with some vodka and a litte BF4 in between I think it'll be a good weekend, rain or shine.
Wednesday, July 30, 2014
PNY SSD firmware Update tools
Ran into an issue today with a PNY Elite SSD 120gb, it's been giving a user a lot of random BSOD's lately and in performing mass amounts of Google-Fu it seems others have ran into this issue in the past and it was usually resolved by updating the firmware.
Now the user reports that he contacted PNY support and was told there are no utilities, nor firmware updates to be had publicly. This cannot be correct and they were hosted on PNY.com up until about 6 months ago.. no clue why they were pulled.
But apparently it must be an American thing.. maybe PNY hate's 'Merica? So without further adieu, here they are:
http://www.pny.eu/s/d/Downloads/PNY/
Oh and while I'm on the subject, DO NOT BUY FROM PNY!
This user was told firstly that he needed a receipt before he could RMA this drive.. well after being told there are NO downloads available lol. Anyway he'd need to provide them a receipt before any RMA could be done. They cannot look up their drives via serial number. then when he got a receipt they won't accept it unless purchased from an 'Authorised Reseller'.
[rant]
ATTENTION PNY: Learn from Western Digital and Seagate. I'm sure they'd be willing to share their customer service methods with you.
[/rant]
Now the user reports that he contacted PNY support and was told there are no utilities, nor firmware updates to be had publicly. This cannot be correct and they were hosted on PNY.com up until about 6 months ago.. no clue why they were pulled.
But apparently it must be an American thing.. maybe PNY hate's 'Merica? So without further adieu, here they are:
http://www.pny.eu/s/d/Downloads/PNY/
Oh and while I'm on the subject, DO NOT BUY FROM PNY!
This user was told firstly that he needed a receipt before he could RMA this drive.. well after being told there are NO downloads available lol. Anyway he'd need to provide them a receipt before any RMA could be done. They cannot look up their drives via serial number. then when he got a receipt they won't accept it unless purchased from an 'Authorised Reseller'.
[rant]
ATTENTION PNY: Learn from Western Digital and Seagate. I'm sure they'd be willing to share their customer service methods with you.
[/rant]
Monday, July 28, 2014
Telnet towel.blinkenlights.nl
Here's something that I found many years ago and surprisingly it's still around. If you've ever wondered what Star Wars would look like in ASCII then give it a shot. It's the entire first Star Wars movie in text... they say that using IPv6 gives some color and extra scenes but I have not tried it myself.
At any rate give it a shot.. if you're a nerd it WILL be time well spent.
At any rate give it a shot.. if you're a nerd it WILL be time well spent.
Friday, July 25, 2014
Enterprise Virtualization Upgrade
So we finally.. and I do mean FINALLY got approval for one of our major projects this year.
Dum, dum DUUUMM, creating a real, live, full-reaching virtualization structure.
Up til now in our main site we've cobbled together a vast array of VM provider setups.. XenServer (Before Citrix bought them out), Hyper-V (2008 flavor) and a few free ESXi hypervisors. Since we have the dough dedicated for it now.. my plan is:
Replace all existing Hypervisors
'Upgrade' to a pay-for ESXi setup with support options
Introduce an actual SAN to the environment
The hypervisor hardware I'm looking at is HP Proliant DL360p gen8's.. a trio for the main site and a pair for my site. The reasons will come shortly..
Anyway the Proliants will have:
2 x Xeon E5-2643V2 cpus
64gb PC3-14900E
Intel 4-port gigabit nic
Sandisk Extreme Class10/UHS Class 1 SDHC 32gb
2 x 300gb SAS (Storing VM templates and ISOs)
Now for mass-storage.. we've decided on a Netapp FAS2552 with 24 x 1.2TB internal drives and a shelf with 12 x 600gb drives for roughly 14TB of usable storage. It'll come with all the licenses netapp has to offer.. Snap Mirror being the primary focus. Not only will this filer replace our aging file servers, but it'll store the VM data as well as (later on) replicated data from the other site.. my site :)
More to come..
Dum, dum DUUUMM, creating a real, live, full-reaching virtualization structure.
Up til now in our main site we've cobbled together a vast array of VM provider setups.. XenServer (Before Citrix bought them out), Hyper-V (2008 flavor) and a few free ESXi hypervisors. Since we have the dough dedicated for it now.. my plan is:
Replace all existing Hypervisors
'Upgrade' to a pay-for ESXi setup with support options
Introduce an actual SAN to the environment
The hypervisor hardware I'm looking at is HP Proliant DL360p gen8's.. a trio for the main site and a pair for my site. The reasons will come shortly..
Anyway the Proliants will have:
2 x Xeon E5-2643V2 cpus
64gb PC3-14900E
Intel 4-port gigabit nic
Sandisk Extreme Class10/UHS Class 1 SDHC 32gb
2 x 300gb SAS (Storing VM templates and ISOs)
Now for mass-storage.. we've decided on a Netapp FAS2552 with 24 x 1.2TB internal drives and a shelf with 12 x 600gb drives for roughly 14TB of usable storage. It'll come with all the licenses netapp has to offer.. Snap Mirror being the primary focus. Not only will this filer replace our aging file servers, but it'll store the VM data as well as (later on) replicated data from the other site.. my site :)
More to come..
Accessing the Active Directory Schema Manager in Server 2008
To access the MMC snap-in for Schema management in server 2008 run regsvr32 schmmgmt.dll from an elevated command prompt.
Friday, July 18, 2014
PfSense nic compatibility issue
So lately I've had a weird issue with my Pf box at home, the WAN throughput chart scales from 0 to 55+Mb/s constantly when the kids are up, Rokus in use.. Ipad, etc. However Ookla tests always hit a hard limit of 21mb on the download.
Nothing I do exceeds this limit, aside from bypassing Pf. I questioned my hardware at first.. a Dell Optiplex 320, 1.6ghz P 2140, 2gb DDR2 ram, 80gb hdd, and a Broadcom 5709 dual gigabit PCIe nic.
Cpu utilization, and ram usage never spike.. hell it's hard to get them above 50%. I was running avahi, pfblocker and a couple reporting packages which I have since removed.
My desktop is Windows 8.1 Enterprise, 8gb DDR3 2100, Core i7 3770 and a wireless N card. Home network consists of a Netgear gigabit switch, and a Netgear 802.11N WAP.
Now obviously I know.. testing broadband throughput requires no other traffic on the lan segment. Last thursday night was when I tried swapping my hardware out for a Lenovo SFF, Core2Duo 2.8ghz, 6gb DDR3 box with the same nics but guess what.. Pf would not recognize any card plugged into the PCIe slot. My guess, damned things BIOS was locked to only being able to use a video card in that slow.. nothing else. And my nic, the dual broadcom, was a PCIe x4...pc only had the x16 and a pair of x1's.
As a test, I grabbed a x1 broadcom nic from work.. didn't recognize it either. I've read where Pf can sometimes have issues with Broadcom and Realtek nics, but this fresh 2.1.4 install would see and use the onboard Realtek.. but not the Broadcom.
Ok it's been a few days and I've gotten my PF config all working and working quite well. I never was able to get the Lenovo box to work correctly because of those broadcom nics. And I have not been able to determine why.. even the PF community couldn't answer it. However my overall throughput issue was caused by a bad patch cable. Yeah.. I know.
The last thing most of us think about is cabling... I have supported networks from the routing to the physical layer for over 14 years and I can count the number of bad cables (ones that had no physical damage) on one and half hands, seriously.
So now I'm able to push my 60mb download to the max and I have been doing so regularly ;)
Nothing I do exceeds this limit, aside from bypassing Pf. I questioned my hardware at first.. a Dell Optiplex 320, 1.6ghz P 2140, 2gb DDR2 ram, 80gb hdd, and a Broadcom 5709 dual gigabit PCIe nic.
Cpu utilization, and ram usage never spike.. hell it's hard to get them above 50%. I was running avahi, pfblocker and a couple reporting packages which I have since removed.
My desktop is Windows 8.1 Enterprise, 8gb DDR3 2100, Core i7 3770 and a wireless N card. Home network consists of a Netgear gigabit switch, and a Netgear 802.11N WAP.
Now obviously I know.. testing broadband throughput requires no other traffic on the lan segment. Last thursday night was when I tried swapping my hardware out for a Lenovo SFF, Core2Duo 2.8ghz, 6gb DDR3 box with the same nics but guess what.. Pf would not recognize any card plugged into the PCIe slot. My guess, damned things BIOS was locked to only being able to use a video card in that slow.. nothing else. And my nic, the dual broadcom, was a PCIe x4...pc only had the x16 and a pair of x1's.
As a test, I grabbed a x1 broadcom nic from work.. didn't recognize it either. I've read where Pf can sometimes have issues with Broadcom and Realtek nics, but this fresh 2.1.4 install would see and use the onboard Realtek.. but not the Broadcom.
Ok it's been a few days and I've gotten my PF config all working and working quite well. I never was able to get the Lenovo box to work correctly because of those broadcom nics. And I have not been able to determine why.. even the PF community couldn't answer it. However my overall throughput issue was caused by a bad patch cable. Yeah.. I know.
The last thing most of us think about is cabling... I have supported networks from the routing to the physical layer for over 14 years and I can count the number of bad cables (ones that had no physical damage) on one and half hands, seriously.
So now I'm able to push my 60mb download to the max and I have been doing so regularly ;)
BotHunter...
So I stumbled across http://www.bothunter.net/ last week.. it made me very curious. A linux based application that will watch for, and log suspected malicious activity? Sign me up!
Yesterday I downloaded the latest CentOS dvd iso.. took like nearly all day thanks to our saturated 6/6 wireless connection. (Thanks you Facebook, and Fox Sports browsers!) Anyway finally got the image downloaded and installed and trying to install the centOs app provided by Metaflows and I continuously get an error:
I've tried searching for it.. to no avail. I then went through the process of verifying I had all the libs that this install routine would install.. installed. Libpcap, F77, gcc, etc. And everyone I searched for was installed and apparently up to date.
Pilfering through the setup.log the only negatives I see are:
Yesterday I downloaded the latest CentOS dvd iso.. took like nearly all day thanks to our saturated 6/6 wireless connection. (Thanks you Facebook, and Fox Sports browsers!) Anyway finally got the image downloaded and installed and trying to install the centOs app provided by Metaflows and I continuously get an error:
I've tried searching for it.. to no avail. I then went through the process of verifying I had all the libs that this install routine would install.. installed. Libpcap, F77, gcc, etc. And everyone I searched for was installed and apparently up to date.
Pilfering through the setup.log the only negatives I see are:
So PF_RING is my issue.. specifically being able to cp some .ko files. I browsed and could not find them myself, so in usual fashion here I go to manually install PF_RING and see if that helps.
Found instructions Here, But ran into issues installing DKMS, which according to this page is needed. *sigh*
It was about this time when my download of the Bothunter virtual machine completed downloading. So with my 'OOO Shiney' attitude I stopped jacking with the first vm instance and opted instead to try this one. It booted successfully, a no gui having CentOS 6.5 os with all the requirements already installed save for the rules files. I chose option 4 for standalone sensor, community license and fille dout the remainder of the network specific info.
Initially I had trouble with the virtual nic (since I am running this in VirtualBox 4.3.12), I had chosen Bridged mode, the Broadcom nic my desktop uses and enabled Promiscuous mode. Something did not play well because my VM was not capturing any packets. I enabled a secondary Netgear nic I already had in the box and specified it under Bridged and now I'm collecting packets quite well.
It obviously needs to run for a while to collect enough info but at least lighttp is running and it says it's seeing traffic.
So we shall see.
Here's the BotHunter web interface
Thursday, July 10, 2014
Outlook 2013, display issues resulting in Outlook's main pane being and staying blank.
Max, one of our Admins down in the main site ran into an issue today with a Lenovo T500 series laptop and Outlook 2013. The laptop is running Win7Ent 64-bit, fully updated.. OS patches and drivers.
Today he attempted to install Office 2013, which went without a hitch except the part where Outlook is supposed to show you your messages lol.
Long story short, he first tried upgrading 2010 to 2013, went well except Outlook would not open. re uninstalled all Office related components, reinstalled 2013.. same result. re-removed 2013, installed 2010. Outlook worked..uninstall 2010 then reinstall 2013.. same thing. It no worky.
Stumbled across a hint the likes of: http://support.microsoft.com/kb/2768648
Now we're not wanting to correct thing for one user with a GPO.. so he hits the registry and fixes teh users issue with the following:
Browse to HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common
Create a New Key and name it "Graphics"
Select Graphics, right-click on the right panel and create a New DWORD (32-bit) Value and name it DisableHardwareAcceleration.
Enter Value data as 1
Today he attempted to install Office 2013, which went without a hitch except the part where Outlook is supposed to show you your messages lol.
Long story short, he first tried upgrading 2010 to 2013, went well except Outlook would not open. re uninstalled all Office related components, reinstalled 2013.. same result. re-removed 2013, installed 2010. Outlook worked..uninstall 2010 then reinstall 2013.. same thing. It no worky.
Stumbled across a hint the likes of: http://support.microsoft.com/kb/2768648
Now we're not wanting to correct thing for one user with a GPO.. so he hits the registry and fixes teh users issue with the following:
Browse to HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common
Create a New Key and name it "Graphics"
Select Graphics, right-click on the right panel and create a New DWORD (32-bit) Value and name it DisableHardwareAcceleration.
Enter Value data as 1
Wednesday, July 9, 2014
Utilizing Amazon Glacier to store archived data Part 4
So this is update 4 to the whole idea of utilizing Amazon Glacier for long term storage of archived data. Tip #1, which is the most important tip I can give anyone.. internets, internets, internets. I cannot place enough importance on upload throughput. I started this massive (relatively) upload job back around 6/17 and here it is.. first week of July and the job still has 165gb and @7 days remaining.
I am planning to totally saturate their connection tonight after COB.. hopefully that will help knock a chunk out of the remaining data.
If asked about Glacier itself... I have no complaints. it's doing exactly what it's supposed to so far.
I am planning to totally saturate their connection tonight after COB.. hopefully that will help knock a chunk out of the remaining data.
If asked about Glacier itself... I have no complaints. it's doing exactly what it's supposed to so far.
Monday, July 7, 2014
Netapp - Editing CIFs shares via SSH command-line
Editing/Checking CIFs permissions via cmd line..
Establish your SSH session with the host, command to display current CIFs shares and their perms is 'cifs shares'
'cifs access' is what adds or deletes perm entries. For example in my case I was to give rights 'Full Control' to an NT security group.
'cifs access IT \\domain\group rwx'
So cifs access sharename \\domain\group permissions
And re-running 'cifs shares' to verify the change:
Establish your SSH session with the host, command to display current CIFs shares and their perms is 'cifs shares'
'cifs access' is what adds or deletes perm entries. For example in my case I was to give rights 'Full Control' to an NT security group.
'cifs access IT \\domain\group rwx'
So cifs access sharename \\domain\group permissions
And re-running 'cifs shares' to verify the change:
Wednesday, July 2, 2014
Castle Rock, St. Ignace, MI
Castle Rock is a look out, atop a large hill, then again up a large boulder. The view was impressive to say the least and very well worth the buck to climb the 200-ish steps to reach it.
Trip to Mackinaw City and St. Ignace
Last weekend I took the wife and kids and we drove up to the bridge.. for those who don't know 'the bridge' in Michigan is the Mackinaw Bridge connecting the lower peninsula to the Upper. It is the 16th longest single span suspension bridge in the world, and is a hair over 5 miles long. It is a toll bridge too so for normal two axles vehicles it's $4.00 to cross. The water was nice, clear and cold.. birds were ferocious at wanting food!
EventID 4319: A duplicate name has been detected on the TCP network.
Just noticed today that one of our terminal servers has been getting this error now for a few days at least.. every couple of hours.
Scenario: Three Windows Server 2003 boxes running Terminal Services, each with two nics and NLB setup.
After Googling I tried disabling File and Printer sharing on the 'backend' nic, no recurrence of the error yet and it's been 6 hours.
WOOT.
I will be disabling that on the other two hosts as well.
Scenario: Three Windows Server 2003 boxes running Terminal Services, each with two nics and NLB setup.
After Googling I tried disabling File and Printer sharing on the 'backend' nic, no recurrence of the error yet and it's been 6 hours.
WOOT.
I will be disabling that on the other two hosts as well.
Thursday, June 26, 2014
Rifle River Recreation Area
So the wife and I stayed at the Scaup Lake cabin, at RRR Area and I must say the trip was horrible. Ok I need to explain that.. the weather was awful. The entire three days and two nights it was overcast and drizzly. Plus it seemed as though the deep south had shipped a large crate of humidity up there. then there were the mosquitoes... BIG ones and they were everywhere.
The lakes and the wood themselves are VERY pretty, very scenic and the Scaup cabin area was extremely quiet. If the weather had been better it would have been awesome.
The cabin was very clean, and very cool (like temp-wise inside) plus cool in just.. cool. It's not a CCC-era cabin, much newer but still nice. Double-paned Anderson windows, an extremely heavy butcher-block style dinner table and nice wooden chairs. The bunk beds however, were lacking in solid construction.. or maybe at one point in time they were structurally sound. Anyone but a child sleeping up top would be dangerous to the lower occupant.
The lakes and the wood themselves are VERY pretty, very scenic and the Scaup cabin area was extremely quiet. If the weather had been better it would have been awesome.
The cabin was very clean, and very cool (like temp-wise inside) plus cool in just.. cool. It's not a CCC-era cabin, much newer but still nice. Double-paned Anderson windows, an extremely heavy butcher-block style dinner table and nice wooden chairs. The bunk beds however, were lacking in solid construction.. or maybe at one point in time they were structurally sound. Anyone but a child sleeping up top would be dangerous to the lower occupant.
Subscribe to:
Posts (Atom)