Sunday, December 20, 2009

Exchange 2010 Migration - Part 6

To uninstall the existing Exchange 2007 mailbox role, the public folder database of it has to be removed

Part 6 - Exchange 2007 Public Folder Removal

Environment:
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)
1 x Exchange 2010 (Mailbox)

Move all the replica from the 2007 to 2010. From the Mailbox server of 2007, run this command:

[PS] MoveAllReplicas.ps1 -server -NewServer

Then try to remove the Public Folder database from the Exchange 2007. You might get the following error:

Object is read only because it was created by a future version of Exchange ...

If you do, you need to run the following PS from the Exchange 2010:

[PS] C:\>Remove-PublicFolderDatabase -Identity "\Second Storage Group\Public Folder Database"

If the removal is done, you can start deleting the Storage Group and uninstall the Exchange 2007 Mailbox role

Thursday, December 17, 2009

Exchange 2010 Migration - Part 5

Exchange 2010 has a built in support for MWI and I am using a Cisco Phone which has MWI feature

Part 5 - Exchange 2010 MWI (Message Waiting Indicator)

Existing Environment:
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)
1 x Exchange 2010 (Mailbox)

If you do not enable the MWI of your SIP trunk between your Exchange UM and CUCM, you will get this event log warning:

The Unified Messaging server failed to deliver the MWI notification '1/7 (unread/read)' for the UM-enabled mailbox '(3037b9d1-3554-45af-8a68-077e54104120)' associated with UM extension 'xxxxx'. Additional information: Microsoft.Exchange.UM.UMCommon.MwiNoTargetsAvailableException: There are no more targets available to send an MWI message for user .

To get it working, you need to do the following:
  • Login to CUCM, go to System - Security Profile - SIP Trunk Security Profile
  • Find the SIP Trunk Security Profile that is being used by the SIP trunk between Exchange UM and CUCM
  • Edit it and make sure the option Accept Unsolicited Notification is enable and reset the trunk

Exchange 2010 Migration - Part 4

Since my mailbox been migrated to the Exchange 2010 mailbox, I wasn't been able to receive my voicemail through my Outlook

Existing Environment:
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)
1 x Exchange 2010 (Mailbox)

Part 4 - UM and Hub Transport Issue

The following error occurred on my UM/Hub Transport server:

The Unified Messaging server failed to submit a message to Hub Transport server 'Hub01' due to the following error: Unexpected SMTP server response. Expected: 220, actual: 500, whole response: 500 5.3.3 Unrecognized command

According to some forums, this occurs because the communication between the UM and Hub Transport server is using TLS and I don't have a valid SSL certificate.

To fix this, either buy a valid certificate and assign it to the UM and SMTP service or do the following:
  • Find the Receive Connector (within Server Configuration - Hub Transport) that most likely to be used by the UM to communicate with the Hub Transport. Usually it will use the more specific network addresses from the network tab of its properties
  • On the Authentication tab, untick all TLS related options. Make sure Exchange Server authentication is selected
  • On the Permission Groups tab, make sure Exchange servers is selected
  • Restart Transport and UM Exchange services

Sunday, December 13, 2009

Exchange 2010 Migration - Part 3

Since my user account has been migrated to Exchange 2010, my iPhone ActiveSync is broken.

Existing Environment:
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)
1 x Exchange 2010 (Mailbox)

Part 3 - ActiveSync Issue

The following event log will be seen on the CAS server:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=User,OU=Users,DC=domain,DC=local" container under Active Directory user "Active Directory operation failed on dc.domain.local. This error is not retriable. Additional information: Access is denied.Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0".Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

It turns out that the AD user account is a member of the protective group (e.g. Domain Admins).
To fix this, remove the user from the protective group, go to the user's properties - security - Advanced and tick "Include inheritable permissions from this object's parent"

I had to remove my exchange account from my iPhone and re-add it back to make it work.

Tuesday, December 01, 2009

Exchange 2010 Migration - Part 2

Existing Environment:
1 x Exchange 2007 SP2 (CAS,Hub and UM)
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)
1 x Exchange 2010 (Mailbox)

Part 2 - Migrate Users

From Exchange Management Console - Add a local move request to move user mailbox

I have CUCM that was setup with SIP trunk to the 2007 UM, so I need to re-point it to the 2010 UM - Change CUCM SIP Trunk to 2010 UM's IP Address

Generate SSL Cert for 2010 CAS - Go to IIS 7 of the CAS and generate CSR. Replace the self-signed SSL cert with the new one

I am using ISA 2006 to publish Outlook Web App and ActiveSync - Change owa and ecp authentication to Basic. Do this from EMC - Server Configuration - Client Access

Change ISA OWA publishing rule to point to the new 2010 CAS
Change ISA OWA publishing rule to add /ecp/* to the paths of the publishing rule

Monday, November 30, 2009

Exporting Active Directory Group Membership

Save this code as a .vbs file:

Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group

'user Input box
strDomain = Inputbox ("Enter the FQDN Domain name, e.g. domain.com", "Domain Name", "Domain Name")
strGroup = InputBox ("Enter the NetBIOS Group name, e.g. mygroup", "Group Name", "Group Name")

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile("C:\temp\" & strGroup & ".txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")

For Each objUser In objGroup.Members
objFile.WriteLine objUser.Fullname & " (" & objUser.Name & ")"
Next

objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing

Wscript.Echo "Group Membership Exported to the file: " & "C:\temp\" & strGroup & ".txt"

Saturday, November 28, 2009

Exchange 2010 Migration - Part 1

Existing Environment:
1 x Exchange 2007 SP2 (CAS,Hub and UM)
1 x Exchange 2007 SP2 (Mailbox)
1 x Exchange 2010 (CAS, Hub and UM)

Part 1 - Install Mailbox Role of Exchange 2010

OS: Windows 2008 R2 x64

Add .NET framework 3.5.1 features
Install filter 1.0 pack x64

Run As Administrator: Cmd
Go to Scripts folder of Exchange installation CD/Folder
ServerManagerCmd -ip Exchange-MBX.xml -Restart

Note: the above command is for Windows 2008 SP2, but works fine for 2008 R2

Add "Exchange Trusted Subsystem" as the local admin group in all Exchange 2007 Servers and reboot them, otherwise you will get "access denied" error when trying to view the OWA/ActiveSync configuration from 2010 console

To be continue...

Wednesday, October 28, 2009

Tuesday, October 27, 2009

VMware Workstation Network Issue

If you try to copy a large file from within the VM to another machine on the network and get the following error: Specified Network is no longer available, then add the following line to your VM's vmx file:

ethernet0.txbw.limit=100000
ethernet0.rxbw.limit=100000

Wednesday, October 14, 2009

Exchange 2007 Cmdlet - Remove a particular email domain from the org

The fastest way to remove @target.local from AD objects across the Org:

Get-Mailbox -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-Mailbox -emailaddresses $b }

Get-DistributionGroup -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-DistributionGroup -emailaddresses $b }

Get-DynamicDistributionGroup -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-DynamicDistributionGroup -emailaddresses $b }

Get-MailContact -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-MailContact -emailaddresses $b }

Get-MailPublicFolder -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-MailPublicFolder -emailaddresses $b }

Get-MailUser -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-MailUser -emailaddresses $b }

#Get-Recipient -organizationalunit 'dc=domain,dc=local' | % { $a = $_.emailaddresses; $b = $_.emailaddresses; foreach($e in $a) { if ($e.tostring() -match "target.local") { $b -= $e; } } ; $_ Set-Recipient -emailaddresses $b }

Sunday, October 11, 2009

Register 32-Bit OCX on 64-Bit Windows

A simple thing to do, but if you do not know, you will get an error when trying to register 32-bit OCX/Dll on 64-Bit Windows.

Copy the OCX/Dll file to C:\Windows\SysWow64
C:\Windows\SysWow64\regsvr32.exe C:\Windows\SysWow64\thefile.ocx

Wednesday, September 23, 2009

Microsoft Teched 2009 @ Gold Coast

I can only say:

Exchange 2010 ROCKS!
DirectAccess ROCKS!
Windows 2008 R2 ROCKS!
Group Policy Preference ROCKS!

IMG_0220

IMG_0213

IMG_0212

IMG_0215

IMG_0214

IMG_0211

IMG_0210

IMG_0208

IMG_0207

IMG_0205

IMG_0216

Friday, September 04, 2009

Simple Trick - CAG SSL Certificate Installation

It is a very painfull process to install an SSL certificate to the Citrix Access Gateway appliance.

The easiest way is to generate the CSR from any IIS server, generate/purchase the SSL certificate using that CSR and install the signed certificate/public key to the IIS where the CSR was generated from.

Next is to export that certificate (including the private key) from IIS as PFX format

Next is to convert this PFX format certificate to PEM format using the tool (Google this: pfx2pem)

Install this PEM format certificate to CAG

Sunday, August 09, 2009

CUCM + Trixbox + Linksys SPA3102 (Part 1)

This is a basic guide how to create a small VOIP network at home. I am using Cisco Unified Communication Manager, Trixbox and Linksys SPA3102 as the main infrastructure. Furthermore, Cisco IP Phone 7941G-GE, Cisco IP Phone CIPC and X-Lite are the IP Phones installed.

The configuration is basically having CUCM to handle 1XXX extensions and Trixbox to handle 2XXX extensions. Tribox is central IP PBX to handler outgoing and incoming calls.

The main goals for this Part#1 are:

  • To be able to make a phone call between IP Phones by dialling their extension numbers (e.g. 1000 -> 1001, 1000 -> 2001, 1000 -> 2000, 2000 -> 1001, etc)
  • Dial 9, followed by the numbers, to dial outside world via VOIP
  • Dial 0, followed by the numbers, to dial outside world via PSTN
  • To be able to receive incoming call from either PSTN or VOIP DID number and rings my IP Phone(s)
Trixbox is configured to have 2 NICs - one in located in front of firewall and the other one is located behind the firewall. The reason is because my firewall is not SIP friendly!!

Here is the data/voice layout:

voip

The version being used is:
CUCM: 6.0.1.2000-4
Trixbox: 2.8.0.1
SPA3102 Firmware: 5.1.10(GW)

DHCP Setting
Add the following DHCP options point to the CUCM IP address
Options 66
Options 150

Cisco Unified CM Configuration

Enable Services
Go to Cisco Unified Serviceability -> Tools -> Service Activation, enable the following services:
Cisco CallManager
Cisco Tftp
Cisco IP Voice Media Streaming App

Start Services
Go to Cisco Unified Serviceability -> Control Center -> Feature Services, start the following services:
Cisco CallManager
Cisco Tftp
Cisco IP Voice Media Streaming App

Auto Registration
Go to Cisco Unified CM Administration -> System -> Cisco Unified CM
Starting Directory Number*: 1000 (for example)
Ending Directory Number*: 1500 (for example)
Un-tick "Auto-Registration Disabled on this Cisco Unified Communication Manager" checkbox

Cisco Unified CM Group Configuration
Go to Cisco Unified CM Administration -> System -> Cisco Unified CM Group
Create a new Group
Give a name
Tick "Auto-registration Cisco Unified Communications Manager Group" checkbox
Add the CUCM Server to the group member

Phone NTP Reference
Go to Cisco Unified CM Administration -> System -> Phone NTP Reference
Add a new Reference
Assign an IP Address
Mode* = default

Date/Time Group
Go to Cisco Unified CM Administration -> System -> Date/Time Group
Create a new Group
Give a name
Select time Zone, separator, date format and time format
Select NTP References from the configuration above

Device Pool
Go to Cisco Unified CM Administration -> System -> Device Pool
Create a new Device Pool
Give a name
Cisco Unified Communications Manager Group* = #select from the one created above
Region* = default
SRST Reference* = Use Default Gateway

SIP Trunk Security Profile
Go to Cisco Unified CM Administration -> System -> Security Profile -> SIP Trunk Security Profile
Create a new Profile
Give a name
Incoming Transport Type*= TCP_OR_UDP
Outgoing Transport Type*= USER_DATAGRAM_PROTOCOL
Incoming Port*= 5060

Create SIP Trunk
Go to Cisco Unified CM Administration -> Device -> Trunk
Add a new SIP Trunk
Give a name
Device Pool* = #select from the one created above

Route Group
Go to Cisco Unified CM Administration -> Call Routing -> Route/Hunt -> Route Group
Add a new one
Give a name
Add the SIP Trunk created above to the member of the Route Group

Route List
Go to Cisco Unified CM Administration -> Call Routing -> Route/Hunt -> Route List
Add a new one
Give a name
Cisco Unified Communications Manager Group* = #select from the one created above
Route Option = Route this pattern
Tick "Provide Outside Dial Tone" checkbox

Add a new oneRoute Pattern* = 0.!
Gateway/Route List* = #select from the one created above
Route Option = Route this pattern


Trixbox Configuration

Create SIP Trunk to CUCM
Go to PBX -> PBX Settings -> Trunks
Add SIP Trunk
Trunk Name = CUCM

Peer Details:
disallow=all
type=friend
host= #cucm-address
allow=ulaw&alaw
nat=no
canreinvite=yes
qualify=yes


User Context: CUCM-IN
User Settings:
context=from-internal
host=#cucm-address
type=friend

Create SIP Trunk to VOIP Provider
Go to PBX -> PBX Settings -> Trunks
Add SIP Trunk
Outbound Caller ID: "Name"

Dial Rules:
612+NXXXXXXX
04.
0011.
61+13XXXX
61+1800XXXXXX


#Note: Dial rules are created because my VOIP Provider requires the number format to be International format

Trunk Name = voip

Peer Details:
allow=alaw&ulaw&gsm
canredirect=no
canreinvite=no
disallow=all
host=
#voip-address
insecure=very
secret=
#password
type=peer
username=
#username

User Context: User

User Details:
canreinvite=no
context=fromtrunk
fromuser= #username
qualify=no
secret=
#password
type=user
username=
#username

Registration String:
#username:#password@#void-address/#username

Create SIP Trunk to PSTN
Go to PBX -> PBX Settings -> Trunks
Add SIP Trunk
Outbound Caller ID: "DID"
Maximum Channels: 1
Trunk Name: pstn

Peer Details:
disallow=all
allow=ulaw
canreinvite=no
context=fromtrunk
dtmfmode=rfc2833
host= #spa3102-address
incominglimit=1
nat=never
port=5061
qualify=yes
secret= #password
type=friend
username=pstn


Create Outbound Routes
#There will be 3 route patterns:
Dial 9, to go to VOIP
Dial 0, to go to PSTN
Dial 1XXX to go to SIP Phones registered with CUCM

Go to PBX -> PBX Settings -> Outbound Routes
Add Route
Name: VOIP
Dial Patterns: 9.
Trunk Sequence: SIP/Pennytel

Add Route
Name: PSTN
Dial Patterns: 0.
Trunk Sequence: SIP/pstn

Add Route
Name: CUCM
Dial Patterns: 1XXX
Trunk Sequence: SIP/CUCM

Allowing Incoming SIP Calls
Go to PBX -> PBX Settings -> General Settings
Allow Anonymous Inbound SIP Calls: Yes

Create Ring Groups
# This will allow incoming call to ring both my Cisco IP Phone (ext 1000) and my analog phone which connected to my SPA3102 (ext 2000)

Go to PBX -> PBX Settings -> Ring Groups
Give description
Ring strategy: ringall
Extension List:
2000
1000#


Create Inbound Routes
Go to PBX -> PBX Settings -> Inbound Routes
#Make sure to leave the DID and Caller ID number blank - this will accept all incoming routes

Set Destination:
Ring Group: #select the one created above

Wednesday, August 05, 2009

Exchange 2007 Room Mailbox

To create a meeting room mailbox with Cmdlet:

New-Mailbox -Name 'My Meeting Room' -Alias 'MeetRoom01' -OrganizationalUnit 'domain.com/Users' -UserPrincipalName 'MeetRoom01@domain.com' -SamAccountName 'MeetRoom01' -FirstName 'Meet' -Initials '' -LastName 'Room 01' -Database 'MyExchange\SG\DB' -Room

To make the room auto answer accepting the invitation:

Set-MailboxCalendarSettings -Identity "MeetRoom01" -AutomateProcessing AutoAccept

To share the meeting room resources (e.g. calendar):

Add-MailboxPermission -Identity 'MeetRoom01' -User 'DOMAIN\Domain Users' -AccessRights 'FullAccess'

Tuesday, August 04, 2009

Windows 2008 UAC

I have SQL 2008 x64 (mixed mode) installed on Windows 2008 x64. When trying to login to SQL using my Domain Admins account, I get the following error:

Login failed for user 'DOMAIN\username'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: X.X.X.X]

answer? "Run as administrator" the SQL Server Management Studio!!

Apparently UAC does not pass your user group membership properly to the SQL Server Management Studio.

Monday, July 20, 2009

VCP VI3

is now officially VCP VI3... Harder that I thought - wondering what is next?

Tuesday, May 26, 2009

Run As MSI File

If you need to deploy an MSI file through GPO by using User startup/login script and the MSI needs to have administrator rights, use the following Run As and Sanur:

runas /user:DOMAIN\account-with-admin-rights "msiexec /i The-File.msi /quiet /log c:\the-log.log ALLUSERS=1" | sanur password-for-account-with-admin-rights

Friday, April 24, 2009

Change Windows Task Folder Permission

1. Copy the tasks folder

XCOPY C:\WINDOWS\TASKS c:\temp /s /e /k /o

2. Go to Windows Explorer and change the c:\temp permission to whatever you like
3. Display the folder permission

CACLS C:\temp /s

4. Copy the SDDL string - the one between the quotes
5. Apply the permisison to the tasks folder

CACLS C:\Windows\Tasks /s:

Sunday, April 19, 2009

Build ESX 3.5 Guide

This guide is based on installing ESX3.6 on PowerEdge 2950. The BIOS Setting must be set to:

CPU Virtualization Technology - enabled
AC Power Recovery Mode – last

1. Boot ESX 3.5 installation CD/DVD
2. Follow the installation wizard
3. Add the new ESX host to the Virtual Center
Open VI Client and connect to VC instance

1

Right click the Datacenter object and choose Add Host…

2

Type the FQDN name of the new host
Enter the root account login details and click Next

3

Accept default setting for new ESX host and click Finish

4. Install ESX Patches Using Update Manager
Open VI Client and connect to VC instance
Navigate to the new host in the left pane, and then choose the Update Manager tab
Click on Attach Baseline...

4

Select the checkbox of the baseline to be used and click OK
Note: If there is no baseline, click Create New Baseline… to create one
You should see the baseline attached to the Host now

5

Right click the Host in the left pane and select Scan for Updates

6

Select Yes to confirm scan

7

Once the scan has finished, right click the Host in the left pane and select Remediate...
On the Remediate Dialog Box, select the baseline checkbox that you want the Host to be remediated against and click Next
Leave the remediation time to: "Immediately" and the failure options to the default values and click Next
Click Finish to start the remediation

5. Change ESX Firewall Settings
SSH and login using: root

Open the port 2500-2510 TCP inbound
$> esxcfg-firewall -o 2500:2510,tcp,in,VeeamSCP

Restart the service:
$>service mgmt-vmware restart

6. Install Dell Server Administrator
Use Veeam or another SCP client to put the Dell OMSA Installer (get the latest Dell OMSA from www.dell.com)
Transfer the downloaded file from Dell website to the /tmp

Extract Dell installer
$> cd /tmp
$> tar -zxvf OM_5.4.0_ManNode_A01.tar.gz


Change directory and then install Open Manage Server Administrator using script
$> cd linux/supportscripts

If the Host has a DRAC card use the following command
$> ./srvadmin-install.sh –b –w –r -s

If the Host does not have a DRAC use this command
$> ./srvadmin-install.sh –b –w -s

Add additional ESX Firewall rule to allow OMSA communications
$> esxcfg-firewall -o 1311,tcp,in,OpenManageRequest


7. Configure SNMP

Use Veeam or another SCP client to put the new SNMP Config File

Create the SNMP config file, and save it as snmpd.conf:
# Sample snmpd.conf containing VMware MIB module entries.

# This is a simple snmpd.conf that may help you test SNMP.
# It is not recommended for production use. Consult the
# snmpd.conf(5) man pages to set up a secure installation.

#syscontact root@localhost (edit snmpd.conf)
#syslocation room1 (edit snmpd.conf)
rocommunity public
trapcommunity public
trapsink 10.0.0.1

# VMware MIB modules. To enable/disable VMware MIB items
# add/remove the following entries.
dlmod SNMPESX /usr/lib/vmware/snmp/libSNMPESX.so

# Allow Systems Management Data Engine SNMP to connect to snmpd using SMUX
smuxpeer .1.3.6.1.4.1.674.10892.1

Transfer this new snmpd.conf file to /etc/snmp

Open VI Client and connect to VC instance
Navigate to the new host in the left pane, and then choose the Configuration tab
Choose Security Profile from the Software box
Click Properties
Check the SNMP Server checkbox and click OK

8. Install Navisphere Agent (If EMC SAN used)
Download current applicable linux NaviAgent package from Powerlink

Use Veeam or another SCP client to put the NaviAgent ZIP file to the /tmp
SSH and login using: root

Extract the ZIP file
$> cd /tmp
$> unzip -d navi LINUX_AGNT_CLI_6.24.3.2.0.zip


Assign the permission to execute
$>chmod 755 navi -R

Rename the files
$> cd navi
$> mv ESX_install.sh.txt ESX_install.sh
$> mv ESX_uninstall.sh.txt ESX_uninstall.sh
$> mv naviagentcli-6.24.3.2.0-1.noarch.rpm naviagentcli.noarch.rpm


Install Naviagent CLI
$> ./ESX_install.sh naviagentcli

Confirm opening ESX Firewall ports for NaviAgent

Create or edit an existing txt file called: agentID.txt
Add/edit the only two lines to read as below: (name and IP relevant to Host)

hostname.domain.com
10.0.0.23

Use Veeam or another SCP client to put the agentID.txt file into the /root

Reboot the Host
$> shutdown -r now

From this point we assume that SAN Fabric Zoning has been completed and the host can now be assigned to the SAN Storage Group applicable to the VI Cluster. This will allow it to access all necessary shared VMFS storage locations.

9. Configure Storage
Open VI Client and connect to VC instance

8

Navigate to the new host in the left pane, and then choose the Configuration tab
Choose Storage Adapters from the Hardware box
Right click the first HBA and click Rescan
Once completed, right click the second HBA and click Rescan
You should now see the assigned LUN (where available)

10. Configure Networking
Open VI Client and connect to VC instance
Navigate to the new host in the left pane, and then choose the Configuration tab
Choose Networking from the Hardware box
Select Properties of the default Virtual Switch: vSwitch0

9

Select the VM Network and click Remove
Click Yes to confirm

10

Select Add, choose VMkernel and click Next

11

Leave the name as defaults and check the box Use this port group for VMotion
Assign the necessary IP address and subnet mask to the switch, this must be different to the host address, and should be the next numerical above the host address.
Click Next

12

Click Finish
A prompt will appear notifying you that there is no Default Gateway set.
Choose Yes to set the default gateway for VMotion

13

Enter the correct Default Gateway value (usually the same as the servers Default Gateway)

14

Choose the Network Adapters Tab of the vSwitch0 Properties
Click Add

15

Select the second nominated adapter to add to the switch and click Next (this will give the service console and VMotion network redundancy)

16

Select Next to leave the network adapters in Active/Active mode
Click Finish and then choose Close to close the vSwitch0 properties
Select Add Networking...

17

Leave the default selection of Virtual Machine and choose Next

18

Ensure the default Create a virtual switch radio button is selected
Check the network adapters to be associated with the VM Switch (Should be a minimum of two) and click Next

19

Confirm the settings and choose Finish

11. Configure License
Open VI Client and connect to VC instance
Navigate to the new host in the left pane, and then choose the Configuration tab
Choose Licensed Features from the Software box
Click Edit on License Source

20

Select the Use License Server radio button and specify the address of the ESX License Server and Click OK
Click Edit on ESX Server Edition
Select ESX Server Standard radio button and Click OK

Saturday, March 28, 2009

Trinity Rescue CD

Have you ever have to restore your local administrator password because you forget the password of it?

The best boot CD so far:
http://trinityhome.org

Saturday, February 28, 2009

Friday, February 27, 2009

IIS Anonymous User Account Reset Password

If you get this:

HTTP 401.1: DENIED BY INVALID USER CREDENTIALS:

This error code will have you focus on the credentials of the IUSR account. If you are receiving a 401.1, from a IIS perspective it means we have to go and look at IIS to make sure the IUSR username and password is correct for Anonymous access on all the IIS vDir's.

Occasionally the IIS guest account (IUSR_ account) has it's password out of sync between the IIS Metabase, Active Directory OR SAM (depending if the IUSR account is a local or domain account) and the credentials entered as the Anonymous user and password for the WSUS Virtual Directories in IIS. We need to make sure that the correct user account and credentials are used at 2 places:
In Active Directory or Local Account.
In the IIS Metabase.

Ensure that the IUSR account is not locked. Sometimes a 401.1 error could be caused by a locked IUSR account.

Then query the IIS Metabase to establish what the existing IUSR password is:
Edit c:\Inetpub\AdminScripts\ADSutil.vbs

Search for the line that reads "IsSecureProperty = True" and change it to "IsSecureProperty = False". Save and close the file.

From command line run:
Cscript adsutil.vbs get w3svc\anonymoususerpass

This will return an output like this:
anonymoususerpass : (STRING) "ThisIsTheIUSRaccountPassword"
Take note of the password, INSIDE of the quotes. The quotes are not part of the password. For safety, copy it into notepad.

Go to either Active Directory (if a domain account is used for the IUSR account) or find the LOCAL ACCOUNT for IUSR. In most cases IUSR will be a local account. Reset the password for your IUSR account with the password we just pulled from the IIS Metabase.

Saturday, February 07, 2009

Gmail and Hotmail Fetcher

I use fetchmail to fetch emails from any POP3 account. Since Gmail support POP3 (you need to enable it), I can fetch it use the following command:

poll pop.gmail.com proto pop3 and options no dns
user
'myemail@gmail.com' there with password 'mypassword' is myforwardemail@localemail.com options ssl

Hotmail is a little bit trickier, because it is a HTTP based email.
To Fetch Hotmail, I use GetLive:

Before you set GetLive, make sure you set your 'reading pane' to off in your Hotmail setting
Get GetLive from the Internet (just Google it)
Create a config file (getlive.conf):

UserName=myusername
Password=mypassword
Domain=hotmail.com
Downloaded=/var/log/getlive.log
processor=sendmail -i
myforwardemail@localemail.com
Delete=Yes
Folder=Inbox
mode=200810


and create a cron job to execute:

GetLive.pl --config-file getlive.conf

Wednesday, January 28, 2009

WSUS Tricky

Sometime it is very hard to register a computer account to the WSUS. Use the following script to make sure a computer is registered to WSUS:

net stop wuauserv

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f

REG DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientIdValidation /f

net start wuauserv

wuauclt /resetauthorization /detectnow

Note: you can also use this script to your ESX VI customization template to make sure your new VMs deployed from that template has a unique SusClientId

Tuesday, January 13, 2009

NTVDM.EXE

For the last 2 weeks, I was stuck with trying to run old MS-DOS application on Windows 2003. It was previously ran on Windows 2000 fine, no problem at all. Suddenly when we migrated this app to Windows 2003, users start complaining that the application randomly freezes on them...

We tried everything we could think of, like setting up the compatibility layer on the batch file before running the app, e.g.

set __COMPAT_LAYER=Win2000 DisableThemes

it did not work...

Finally, we found the solution, it appears that the ntvdm.exe process is running on multiprocessors - which does not work for this particular MS-DOS app. So we need to tell the ntvdm.exe process to run only on uni-processor. To do that:

- backup your original ntvdm.exe file (c:\windows\system32)
- find and download imagecfg.exe (google it)
- copy the ntvdm.exe from the location above to a temp folder
- run: imagecfg.exe -u ntvdm.exe in the temp folder
- copy this new ntvdm.exe to system32, dllcache, servicepack\i386 folders, otherwise the Windows File Protection will replace your modified ntvdm.exe file with the original one
- test it, you will see only a single processor will be used to run ntvdm.exe