Categories
blog exchange howto server

Exchange 2010 Outlook Anywhere proxy security certificate wildcard *.domain.com

When you use a wildcard certificate on your Exchange 2007 or 2010 environment you can receive an error on outlook:
There is a problem with the proxy servers's security certificate.
The name on the security certificate is invalid or does not match the name of the target site mail.domain.com
Outlook is unable to connect to the proxy server (Error code 0)

Error1
When using internally your outlook may connect just fine using the normal RPC-TCP method.
This happens because outlook is checking the name on the certificate for mutual authentication to ensure your are connecting to the right server. Outlook gets this information from the autodiscover service.
error2
If you manually change the value to msstd:*.domain.com it works, but the autodiscover will put the other value back in a matter of minutes. Autodiscover assumes a value equal to the external name set on your CAS server (in my case mail.domain.com) and uses this.

To override this behavior use the following exchange shell command:
Set-OutlookProvider EXPR -CertPrincipalName msstd:*.domain.com
After you adjust this, you need to restart the “world wide web publishing” service, because of caching.

You could also disable this “Mutual authentication”, but it’s a good security feature, so I wouldn’t.
Set-OutlookProvider EXPR -CertPrincipalName none
Remember to restart the W3P service.

Be aware that when you set $null instead of none Exchange will go back to default behavior and use the external name from the CAS server.

reference: http://blogs.technet.com/b/umutg/archive/2011/01/31/all-about-set-outlookprovider.aspx

Categories
blog howto network server windows

RDWeb shows no icons with Internet Explorer 10 TSWeb (server side fix)

RDWeb or TSWeb is the Microsoft Remote Desktop service web access page from Windows 2008 or Windows 2008 R2.

When using Internet Explorer 10 to browse to an RDWeb (>=2008 R2) or TSWeb (=2008) the icons for the published apps are missing or blank and WKSPRT.EXE (provides SSO) does not load. You have to click the compatibility icon in the browser and then it does work.

If you want to make sure that users don’t have to click compatibility mode, you can send the header to emulate IE9 from server side, so Internet Explorer automatically uses the right mode.

You can choose between 2 options (I prefer option2, easier and less work):

1) Edit all the *.aspx pages (except logoff.aspx) under the %windir%\Web\RDWeb\Pages\en-US\ folder.
Add <META HTTP-EQUIV="X-UA-COMPATIBLE" CONTENT="IE=9"> right below the lines <html><head id=”Head1″ runat=”server”>
screenshot source code

2) Add the header in IIS for the RDweb so that it is automatically added to all pages served from RDweb.
Open IIS Management under Administrative tools in the start menu.
Expand the Default Web Site using the plus sign next to it. Click on RDWeb and then in the middle pane double click on HTTP Response Headers (under the IIS category). In the list with headers right click on the empty space and click Add. Under name fill in: X-UA-Compatible and under value fill in: IE=9
IIS-add-header-compatibility-IE9

Categories
blog exchange howto server windows

Exchange missing public folder database after adsiedit changes

I had to use Adsiedit.msc to manually remove the Public folder database on an Exchange 2007 i was trying to uninstall. I already had a new public folder database with all replica’s present on my Exchange 2010 server, so i was confident in removing the older Exchange 2007 PF database through Adsiedit. In the meantime I also removed the “First Administrative group” since this was left from Exchange 2003.

I then proceeded to uninstall Exchange 2007 without further issues.
I was surprised and horrified to find the Exchange 2010 Public Folder database missing in the “Database management tab” on “Organization – Mailbox” in the Exchange 2010 Management console. I tried various things, such as:
1) Restart information store
2) Recreate PF DB with exact same name, but this error saying it already had a DB with that name.

I ran the Best Practices Analyzer and it told me “Site folder server deleted”. I clicked on the help and it showed me how to fix this.

Open an Active Directory editor, such as ADSI Edit.
Locate the public folder information store that you want to designate as the Site Folder Server. For Exchange Server 2000 through Exchange Server 2007, expand the following nodes in the Configuration container:
CN=Configuration,DC=,DC=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN= CN=Servers, CN=, CN=InformationStore, CN=
For Exchange Server 2010, expand the following nodes in the Configuration container:
CN=Configuration,DC=,DC=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=Exchange Administrative Group (FYDIBOHF23SPDLT), CN=Databases
In the right pane, right-click CN=, and then click Properties.
In the Attributes field, scroll down and select the distinguishedName attribute.
Click Edit, and then copy the entire attribute to the Clipboard.
Expand the Configuration container, and then expand CN=Configuration,CN=,CN=com, CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups
Right-click the administrative group you want to modify, and then click Properties.
In the Attributes field, scroll down and select the siteFolderServer attribute.
Click Edit, and then paste the value for the distinguishedName attribute into the Value field.
Double-check the contents of the Value field to ensure the paste was performed correctly, and then click OK to save the change.
Click OK to close the Administrative Group properties.
Exit the Active Directory editor and restart the Microsoft Exchange Server Information Store service on all Exchange Server computers in the site for the change to take effect.

I reran the BPA and the error was gone, but my PF database was still missing.
After some research on the internet I came by the solution thanks to “BFTech Impressions”.
Specifically in my case the “msExchOwningPFTree” attribute was empty on my PF database container and needed to be filled with the value from the “distinguishedName” attribute from the Public Folder container uner “Folder Hierarchies”, the first 2 steps in my case were not needed, these were still present.

Here is the link to the article:
http://blog.bruteforcetech.com/archives/766
Please click on the links for detailed instructions and screenshots.

These are his instructions I quote here so that in the case the original disappears the information is not lost.

Here are the instructions to fix it:
Open ADSI Edit, connect to a Domain Controller, change the context to Configuration.

Create the Folder Hierarchies under the Exchange Administrative Group
Navigate to Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒Administrative Groups ⇒ [your administrative group]
Right click on your administrative group and select New Object
Select msExchContainer as class and click Next
Enter the following as value: Folder Hierarchies, click Next, Finish

Create the Public Folders Tree Object
Right click Folder Hierarchies and select New Object
Select msExchPFTree as class, click Next
Enter the following as value: Public Folders, click Next
Click on More Attributes button, drop down the “select a property to view” list, select msExchPFTreeType and set the attribute to 1 (it should populate into the value field).
Click OK, Finish

Populate the msExchOwningPFTreeBL attribute object of the PF Store
(Tell the Public Folder database where to find the new folder hierarchy you just created)
Double click the newly created “Public Folders” object
Double click distinguishedName, copy the value to the clipboard, click Cancel
Exchange 2007: open properties of Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒ Administrative Groups ⇒ [your administrative group]⇒ Servers ⇒ [your server] ⇒ Information Store
Exchange 2010: open properties of Configuration ⇒ Services ⇒ Microsoft Exchange ⇒ [your organization] ⇒ Administrative Groups ⇒ [your administrative group] ⇒ Databases ⇒ [your Public Folder database]
Double click the msExchOwningPFTree attribute, paste the value that was copied to the clipboard in step 2
Click OK twice

Categories
blog howto windows

Blackberry Enterprise Express 5.0.4 setup error after splash screen

After extracting you launch setup.exe from the bundle directory, you view the splash screen and immediately after the setup crashes. See screenshot below.
bb-error1

Change your language settings for “date, time and number formats” to english (US).
Rerun setup.Exe

Categories
blog howto network server windows

Exchange 2010: moved mailbox to new database Blackberry Enterprise won’t sync

When you create a new Database in Exchange 2010 you also need to add special rights to this database for the Blackberry Enterprise service account (standard: BESAdmin) to this database.

Source: http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB02276&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell
Execute the following command:
Get-MailboxDatabase | Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

Categories
blog howto server windows

EXCHANGE 2010: SAN Certifcate with mutiple DNS names (private windows CA)


New-ExchangeCertificate -FriendlyName "Exchange 2010 multiple DNS" -IncludeServerFQDN -DomainName mail.*****.***,autodiscover.******.***,computername.*****.local,computername -GenerateRequest -PrivateKeyExportable $true

Copy the full code you receive including the —BEGIN… and —END… lines.
Open the sertificate services web interface.
http://serverdc/certsrv
-Request a certificate -> Advanced certificate request -> Submit a Certificate request by using …
Paste the code you received in the textbox, on the template dropdown select Web Server.
Click Submit.
On the next page click on Download Certificate.
Save the file on disk somewhere.
Go to Exchange console (GUI) – server Configuration – Hub transport – Exchange certificates.
Right click on the pending request and choose “Complete pending request”.
Select the file you saved to disk and finish the wizard.
When finished right click on the now completed certificate and choose “Assign services”.
Assign all services (except Unified messaing), choose YES to All for overwrite.
Delete all other certificates no longer needed.

Test your OWA and see what certificate is now being used.

Reference: http://exchangeserverpro.com/how-to-issue-a-san-certificate-to-exchange-server-2010-from-a-private-certificate-authority

Categories
blog

VMWARE DR backup destination not mounted on reboot

Concerns VDR 1.2
Solution:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1029746

To resolve this issue:
Open an SSH session to the VDR appliance.
Open the /etc/fstab file using a text editor.
Add this line at the end of the file:

/dev/sdX# /SCSI-0:1 ext3 defaults 0 0

where
/dev/sdX# is the device name and partition number i.e /dev/sda1
/SCSI-0:1 is the mount point
ext3 is the file system type
defaults is the mount option
0 is the dump option
0 is the file system check option

Run these commands to unmount and remount the volume:

umount /SCSI-0:1
mount /SCSI-0:1

The operating system in the VDR appliance should now be able to read the fstab file and remount the volume.

A little help, mount the disk using the GUI then issue command “mount” on SSH with root. This will tell you /dev/sdX# and the /SCSI-#:#

Categories
blog howto server windows

EXCHANGE 2007: Certifcate with mutiple DNS names

http://www.exchangeinbox.com/article.aspx?i=127

New-ExchangeCertificate -GenerateRequest -Path c:\install\mail_cert_request.csr -SubjectName "c=BE, o=******, ou=IT, cn=mail.*****.com" -DomainName: mail.******.com, autodiscover.*****.com, MAILSRV2, MAILSRV.*****.**, mail.****.**-KeySize 1024 -PrivateKeyExportable: $true
certreq.exe -submit -attrib "CertificateTemplate:WebServer" c:\install\MAIL_cert_request.csr

Choose the right CA, choose output folder. Open inside Issued certificates in Cert. MMC. Go to details. Click Copy to -> Complete chain, save as p7b file.

Import-ExchangeCertificate -Path C:\install\mail2.*****.com.p7b
Enable-ExchangeCertificate -Thumbprint 5B485A86***********60A04 -services IIS, POP, IMAP, SMTP
Remove-ExchangeCertificate -Thumbprint oldcertificatesthumbprint

Categories
blog howto linux server

DUF show disk usage (human readable) for each folder/file sorted by size

alias duf='du -sk * | sort -n | perl -ne '\''($s,$f)=split(m{\t});for (qw(K M G)) {if($s<1024) {printf("%.1f",$s);print "$_\t$f"; last};$s=$s/1024}'\'
Usage: duf
Tested on: Linux (Redhat, Centos, Debian), Unix (Solaris, SunOS)
Author: http://www.earthinfo.org/linux-disk-usage-sorted-by-size-and-human-readable/

Categories
blog server virtualization

Install HP offline bundle on VMWARE ESXi v5

EDIT: You can always just download HP’s ready made install ISO for Vpshere 5.

When using the VMWARE iso image on HP Proliant you should install the HP offline bundle for hardware status and event log viewing in the Vsphere client.
Download the files. Check if there are newer versions.
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=4091412&swItem=MTX-dd492ace50c6427389678df8be&prodNameId=4091432&swEnvOID=4115&swLang=8&taskId=135&mode=4&idx=1
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=4091412&prodNameId=4091432&swEnvOID=4115&swLang=8&mode=2&taskId=135&swItem=MTX-48fa6d3608514c60979531d921

Place host in maintenance mode via the Vsphere Client.
Upload the files to the root folder of the datastore.
My datastore is called DAS600GBRAID10, look up your name and change the path in the commands accordingly.

Run these commands from the Vsphere CLI v5.
esxcli.exe -s 192.168.101.60 -u root software vib install -d /vmfs/volumes/DAS600GBRAID10/hp-esxi5.0uX-bundle-1.0-20.zip
esxcli.exe -s 192.168.101.60 -u root software vib install -d /vmfs/volumes/DAS600GBRAID10/hp-nmi-esxi5.0-bundle-2.0-11.zip

Change the IP, path and username according to your situation. Password will be prompted for.

If you want to run the command without vCLI then run them on the host in Local Shell or SSH like this:
esxcli software vib install -d /vmfs/volumes/DAS600GBRAID10/hp-esxi5.0uX-bundle-1.0-20.zip
esxcli software vib install -d /vmfs/volumes/DAS600GBRAID10/hp-nmi-esxi5.0-bundle-2.0-11.zip

Change path according to your situation.