Recently I picked up some of the new Seagate FreeAgent GoFlex drives with the swappable interface dongles since we've had good luck with the previous generation of drives and we were interested in seeing if we could eek out a little bit more performance by changing interfaces for it. Running virtual machines off external hard drives is slow enough as it is so every 1MB/s you can get is a plus to me. My test platform was a Dell Latitude e6410 and a 500GB GoFlex drive with both the USB 2.0 and eSATA dongles.
First I tried out a few large file copies (500MB to 2GB) and noticed that windows was reporting a higher sustained rate for the USB2.0 but I also noticed a very long delay on the last 1-2% which I'm pretty sure was a cache delay. This delay at the end offset the perceived higher transfer rate that the USB transfer had shown. The eSATA transfers all went smoothly with no lag at the end at all. What can I say, I liked the honesty of the eSATA estimates better.
I then tried out some disk benchmarking tools like CrystalDiskMark (below) for further data and fortunately they all seemed to show the same significant advantage toward the eSATA:
Now I'm by no means an expert but I think eSATA will be the way to go for my Virtual Machines. At the very least the high sequential read/write should make the startup/shutdown for the VMs faster than they currently are under USB. So I shall sent out my little guinea pigs and wait for Murphy's law to kick in...
Wednesday, November 24, 2010
Wednesday, October 20, 2010
TMG 2010 and hyper-v guest issue with windows update 80072EE2
I was trying to set up a temporary hyper-v server for demo/training purposes this week and ran into a windows update issue with a 2008 r2 guest on it. I turned on logging at my TMG server just to make sure the packets were getting out okay and then I noticed an odd error that popped up - 0xc0040018 FWX_E_BAD_LENGTH_PACKET_DROPPED - the packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length.
So I tried looking that one up on the web and came up pretty dry other than the list of error codes from Technet. I decided to change gears and approach it from the other direction and went off in search of the windows update error code 80072EE2 which led me to this blog post:
http://msmvps.com/blogs/thenakedmvp/archive/2009/11/08/windows-update-error-80072ee2-hyper-v-guest-issues.aspx
And then it all clicked together. The offload settings weren't working right on the sub-standard hyper-v server I was using and the effect I was seeing on the firewall was incorrect packet lengths. As soon as I turned off the offload settings on the host server for that network card the windows update problems on the guest OS all went away.
So I tried looking that one up on the web and came up pretty dry other than the list of error codes from Technet. I decided to change gears and approach it from the other direction and went off in search of the windows update error code 80072EE2 which led me to this blog post:
http://msmvps.com/blogs/thenakedmvp/archive/2009/11/08/windows-update-error-80072ee2-hyper-v-guest-issues.aspx
And then it all clicked together. The offload settings weren't working right on the sub-standard hyper-v server I was using and the effect I was seeing on the firewall was incorrect packet lengths. As soon as I turned off the offload settings on the host server for that network card the windows update problems on the guest OS all went away.
Friday, October 1, 2010
My new favorite spare parts vendor for old Dell Poweredge Servers
(Yes, this post is going to be a vendor plug as you should deduce from the title.)
We all have them lurking in our data centers, those old servers that you just can't seem to kick the users off of and retire gracefully. Inevitably, that server will suffer a hardware failure and if it's a Dell and more than 3 years old the chances are that after a half hour on the phone bouncing around they'll finally just admit that they don't have the part and have no idea when it'll ever be in stock again. Oh, but if it ever did magically appear it'll cost $800.
While digging through the forums I noticed another user had recommended Velocity TechSolutions http://www.velocitytechsolutions.com/ I'm always a little skeptical of new sites but being in a pinch I wasn't going to be picky. After a quick search through the site I found the parts kit that I needed for $99. I went ahead and ordered it with overnight shipping and had a fedex tracking confirmation within a few hours and the parts were here the next morning. Overall I've got a good first impression of them.
We all have them lurking in our data centers, those old servers that you just can't seem to kick the users off of and retire gracefully. Inevitably, that server will suffer a hardware failure and if it's a Dell and more than 3 years old the chances are that after a half hour on the phone bouncing around they'll finally just admit that they don't have the part and have no idea when it'll ever be in stock again. Oh, but if it ever did magically appear it'll cost $800.
While digging through the forums I noticed another user had recommended Velocity TechSolutions http://www.velocitytechsolutions.com/ I'm always a little skeptical of new sites but being in a pinch I wasn't going to be picky. After a quick search through the site I found the parts kit that I needed for $99. I went ahead and ordered it with overnight shipping and had a fedex tracking confirmation within a few hours and the parts were here the next morning. Overall I've got a good first impression of them.
Monday, September 13, 2010
The Microsoft IT Site Delete Capture Feature 1.0 that wouldn't die
So merely a day after the marathon weekend of getting my MSSX 2008 (wss 3.0 sp2) instance up to Sharepoint 2010 Server, an old add-on came back to haunt me. The Microsoft IT Site Delete Capture Feature 1.0 (MS.IT.SiteDeleteCapture) whose installation was long ago lost in a fiery server crash and whose features had long been disabled. Additionally, the install files for it have long disappeared from the face of the earth as all the links to it are dead. http://technet.microsoft.com/en-us/library/cc706867%28office.12%29.aspx (Thanks codeplex for ditching the old junk! LOL). What really makes it great is that it never came up as an issue in the preupgradecheck report.
Anyway I had a user report that they couldn't delete a subsite. Lo and behold the user was right. I used the trusty ULS viewer to decode the wonderfully cryptic Microsoft Correlation ID and discovered the culprit.
It is experiences like these that have converted me over to the philosophy of NEVER installing any third party addons to a sharepoint/wss/mssx install that didn't come out of the DVD or from the Microsoft update site. Or at the very least, plan on leaving there long before the next major upgrade.
So I ran my old favorite utility: http://featureadmin.codeplex.com/ (awesome utility btw). But it didn't show up there. I tried a few more tools and came to the conclusion that as far as sharepoint was concerned, it wasn't installed which meant that I had some phantom Event Hook of some type lingering around. At this point my two remaining choices were A) Open up a Microsoft PSS ticket or B) Roll the dice and try something crafty and stupid.
My plan B was to just plop on the newer version of the IT site capture following the age old wisdom of the best way to cure a hangover (more alcohol btw if you missed the reference). I found it at the redirected link for the old product under the new auspicious title of Sharepoint Governance. My theory was that it was the successor to the old product, and it would probably Event hook in a similar way, that it was worth a shot. Worst case scenario it would just be one more thing for them to fix for me if I wound up with PSS.
Cue the drum roll....
And we're back in business. And yes, as a sanity check I did check and see to make sure the site was gone and I also created a new site and deleted it as well. So far so good!
Anyway I had a user report that they couldn't delete a subsite. Lo and behold the user was right. I used the trusty ULS viewer to decode the wonderfully cryptic Microsoft Correlation ID and discovered the culprit.
It is experiences like these that have converted me over to the philosophy of NEVER installing any third party addons to a sharepoint/wss/mssx install that didn't come out of the DVD or from the Microsoft update site. Or at the very least, plan on leaving there long before the next major upgrade.
So I ran my old favorite utility: http://featureadmin.codeplex.com/ (awesome utility btw). But it didn't show up there. I tried a few more tools and came to the conclusion that as far as sharepoint was concerned, it wasn't installed which meant that I had some phantom Event Hook of some type lingering around. At this point my two remaining choices were A) Open up a Microsoft PSS ticket or B) Roll the dice and try something crafty and stupid.
My plan B was to just plop on the newer version of the IT site capture following the age old wisdom of the best way to cure a hangover (more alcohol btw if you missed the reference). I found it at the redirected link for the old product under the new auspicious title of Sharepoint Governance. My theory was that it was the successor to the old product, and it would probably Event hook in a similar way, that it was worth a shot. Worst case scenario it would just be one more thing for them to fix for me if I wound up with PSS.
Cue the drum roll....
And we're back in business. And yes, as a sanity check I did check and see to make sure the site was gone and I also created a new site and deleted it as well. So far so good!
Sunday, September 5, 2010
2008 multi-homed dns server failing simple query but otherwise works fine
So my dns server was working fine, resolved queries, updated records, etc. But for some reason it kept failing the built in "Simple Query" and "Recursive Query" tests. After much messing around I discovered that it was trying to query the first interface it found. In this case it was the interface that I had manually excluded from the list because I didn't want DNS listening on it. I wound up changing the binding order for the network interfaces to fix the problem. After swapping them around I restarted DNS and voila the built in Monitoring started showing 'Pass" instead of "Fail".
List of interfaces, notice the non-listening one shows up first.
Under Network and Sharing, Advanced Properties, change the bind order.
Restart DNS and try again.
List of interfaces, notice the non-listening one shows up first.
Under Network and Sharing, Advanced Properties, change the bind order.
Restart DNS and try again.
Friday, August 27, 2010
SEP 11.0.6 disabled windows 7 firewall even though NTP was never installed
So I had to help another admin out with a fun issue this week. He had just upgraded his management server to Symantec Endpoint 11.0.6 MR1 and pushed out new clients. He created separate groups for laptops, desktops, etc and separated off the machines he didn't want to install Network Threat Protection on into their own group. The problem was that even though NTP wasn't being installed, it was still disabling the windows firewall (windows 7 in this case) and of course the new security center locked out the ability to reactivate it.
The solution in this case was to turn Inheritence OFF for that group and then withdraw the Firewall policy from that group. After the policy updates it should release the old on Windows Firewall. I didn't have time to stick around for that so we forced the policy update from the client and rebooted the machines for good measure.
1. Uncheck "Inherit policies and settings from parent Group xyz"
2. Click Tasks to the right of "Firewall policy" and Withdraw the policy.
Everything seems to work right afterward. Aside from the inconvenience of having a non-inherited policy to deal with later on when you want to make changes.
In most cases I've found that NTP works a lot better than the older versions like 10.x had so you most likely won't ever need the contents of this post but just in case, have fun.
The solution in this case was to turn Inheritence OFF for that group and then withdraw the Firewall policy from that group. After the policy updates it should release the old on Windows Firewall. I didn't have time to stick around for that so we forced the policy update from the client and rebooted the machines for good measure.
1. Uncheck "Inherit policies and settings from parent Group xyz"
2. Click Tasks to the right of "Firewall policy" and Withdraw the policy.
Everything seems to work right afterward. Aside from the inconvenience of having a non-inherited policy to deal with later on when you want to make changes.
In most cases I've found that NTP works a lot better than the older versions like 10.x had so you most likely won't ever need the contents of this post but just in case, have fun.
Tuesday, July 20, 2010
Installing Microsoft System Center Essentials 2010 without it failing
Okay, this was irritating. I started with a brand new fresh Windows 2008 x64 R2 install with all windows updates and the IIS and Application Roles installed. I popped in the DVD for SCE 2010 and rolled along and then it failed. Tried a few more times to no avail. After digging through the forums I found the answer. I had to uncheck the Microsoft Update checkbox! WTF MS? That of all things slipped through QC testing? Afterward it installed fine...
Thanks go out to:
Melissa Poole - http://social.technet.microsoft.com/Forums/en/systemcenteressentials/thread/8c21bd9d-22d5-474a-92a2-f4e51fa2dd44
and Kieranbarnes
http://bloke.org/windows/problems-installing-system-center-essentials-2010/
Thanks go out to:
Melissa Poole - http://social.technet.microsoft.com/Forums/en/systemcenteressentials/thread/8c21bd9d-22d5-474a-92a2-f4e51fa2dd44
and Kieranbarnes
http://bloke.org/windows/problems-installing-system-center-essentials-2010/
How to empty a hidden outbox in owa full of junk when outlook doesn't show anything
I have no idea why this happened and I have even less of a clue why they decided to Hide the Outbox folder in OWA 2010. Anyway I had a user whose outbox showed zero items and when we checked the server properties it said that they had 90MB of junk on there. Well, in the old days I'd go into OWA 2k7 and kill them that way. No such luck in OWA 2010.
So my workaround was to turn off the "Cached Mode" and then closed and reopened Outlook.
Now this will force it to look directly at the server and it'll show you the problem Outbox. Delete all the junk from there and wait about 1/2 hour for your server to catch up. Then empty out Deleted Items, kill the OST file, wait a few minutes and then close outlook. Turn Cached Mode back on and you should be back to normal now.
So my workaround was to turn off the "Cached Mode" and then closed and reopened Outlook.
Now this will force it to look directly at the server and it'll show you the problem Outbox. Delete all the junk from there and wait about 1/2 hour for your server to catch up. Then empty out Deleted Items, kill the OST file, wait a few minutes and then close outlook. Turn Cached Mode back on and you should be back to normal now.
Saturday, June 26, 2010
Converting VMWare server 2.0 images to hyper-V R2
After several attempts with different combination of offline/online conversions, I've finally found a fairly consistent method of converting VMWare Server 2.0 images to Hyper-V R2 images. SCVMM R2 has native support for ESX servers but not the low end free Server 2.0 edition so it requires more effort to get that working.
Software used:
Conversion requirements:
Windows 2003 - must have SP2
Windows 2008 preferably at sp1
WinXP should be at SP2/SP3
Vista preferably at SP1
Win7 RTM is fine
Windows 2008 R2 RTM is fine
Step 1:
You must uninstall vmware tools! This has to be done while running the image
on a vmware product (i.e. server, workstation, player). Just go into Add/Remove programs and remove it from there. I can't stress enough how important it is to get this uninstalled before conversion.
Note: By doing this, the machine will lose it's static IP settings if one is set.
Step 2:
Copy image to SCVMM R2 library folder
Wait a few minutes for SCVMM to refresh the library.
Step 3:
From the library view in SCVMM, right click on the VM and choose Convert Virtual.
From there follow the wizard.
Step 4:
After conversion occurs, go into the settings for the image in the Hyper-V console and confirm that a network card has been assigned. If not, add one. The first time you boot you may find that some services fail because the network card hasn't been detected yet. This should go away on the next reboot after you add the network card.
Step 5:
Boot the new image. Log into it and install the Integration components if they are missing.
Step 6:
Test to make sure your newly converted image is working properly.
Optional Step 7:
Compact the newly created VHD disks. This can free up a lot of wasted space. If you started with Static sized disks, the conversion process will have converted them to Dynamic sized disks. In Hyper-V R2 they supposedly fixed a lot of performance differences for dynamic vs static so it should be fine.
Now you should be all done.
Software used:
- VMWare Server 2.0
- Hyper-V R2
- SCVMM 2008 R2
Conversion requirements:
Windows 2003 - must have SP2
Windows 2008 preferably at sp1
WinXP should be at SP2/SP3
Vista preferably at SP1
Win7 RTM is fine
Windows 2008 R2 RTM is fine
Step 1:
You must uninstall vmware tools! This has to be done while running the image
on a vmware product (i.e. server, workstation, player). Just go into Add/Remove programs and remove it from there. I can't stress enough how important it is to get this uninstalled before conversion.
Note: By doing this, the machine will lose it's static IP settings if one is set.
Step 2:
Copy image to SCVMM R2 library folder
Wait a few minutes for SCVMM to refresh the library.
Step 3:
From the library view in SCVMM, right click on the VM and choose Convert Virtual.
From there follow the wizard.
Step 4:
After conversion occurs, go into the settings for the image in the Hyper-V console and confirm that a network card has been assigned. If not, add one. The first time you boot you may find that some services fail because the network card hasn't been detected yet. This should go away on the next reboot after you add the network card.
Step 5:
Boot the new image. Log into it and install the Integration components if they are missing.
Step 6:
Test to make sure your newly converted image is working properly.
Optional Step 7:
Compact the newly created VHD disks. This can free up a lot of wasted space. If you started with Static sized disks, the conversion process will have converted them to Dynamic sized disks. In Hyper-V R2 they supposedly fixed a lot of performance differences for dynamic vs static so it should be fine.
Now you should be all done.
Thursday, June 3, 2010
PHP - trimming off characters after the last slash in a URL
I really don't like programming. But every once in a while you've got to break down and do it for special projects. Recently I had to write some PHP code for a specific situation where I needed to be able to take the current URL the script was running at, strip out the script name, strip out the last slash and the directory name that proceeded it. Effectively, I was simulating ../ on the path because security requirements were getting in the way of a script. I played around with rtrim(), dirname(), regular expressions, etc but just wasn't quite getting the result that I wanted. My script determines the current URL, explodes it into a string array spliced at each slash character, then builds the new URL in a loop. You can tweak the iterations of the loop for however many directory levels back you want to go.
<?php
# Using SCRIPT_NAME
$path = $_SERVER['SCRIPT_NAME'];
$path2 = "/";
$domain = $_SERVER['HTTP_HOST'];
#echo "current path: " .$path . "<br>";
$parts = explode("/",$path); // splice by slash
$i=1; // skip zero cuz it's empty
$endi = count($parts) - 2; // number of parts minus 2 hierarchy
while ($i < $endi) {
$path2 = $path2 . $parts[$i] . "/";
$i++;
}
$temp = 'http://' . $domain . $path2;
echo $temp;
?>
Example:
If you run the above code and your original URL was http://www.test.com/blue/test.php
the output would be http://www.test.com/
<?php
# Using SCRIPT_NAME
$path = $_SERVER['SCRIPT_NAME'];
$path2 = "/";
$domain = $_SERVER['HTTP_HOST'];
#echo "current path: " .$path . "<br>";
$parts = explode("/",$path); // splice by slash
$i=1; // skip zero cuz it's empty
$endi = count($parts) - 2; // number of parts minus 2 hierarchy
while ($i < $endi) {
$path2 = $path2 . $parts[$i] . "/";
$i++;
}
$temp = 'http://' . $domain . $path2;
echo $temp;
?>
Example:
If you run the above code and your original URL was http://www.test.com/blue/test.php
the output would be http://www.test.com/
Monday, May 3, 2010
Exchange 2010 Powershell Script - Email owners of all email distribution groups
Updated for exchange 2010. Enumerates all distribution groups, then emails the owner of each group a list of group members per distribution list.
# Enumerates a list of all members of all Distribution Lists
# in Exchange 2010.
# Script will then proceed to email each owner a list of all
# members of each group.
#
# Use PowerShell.exe -command
# ". 'D:\Program Files\Microsoft\Exchange Server\V14
#\bin\RemoteExchange.ps1';
# Connect-ExchangeServer -auto; path_to_your_script"
#
# Updated 5/02/10
# By: Gnawgnu
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
#first get all distributionlists
$dl = get-distributiongroup
#then enumerate through them all and get all group members.
foreach ($group in $dl) {
#build group data
$groupName = "Group Name: " + $group.name
$groupAddr = "Email Address: " + $group.PrimarySMTPAddress
write-host $groupName -foregroundcolor Green
$dlgm = get-distributionGroupMember $group.name.ToString()
# grab the first owner from the multivalued property
$gOwner = get-user -Identity $group.ManagedBy[0]
#setup email - make sure to add to your whitelist for
#antispam if applicable.
$sender = "PickASMTPSenderEmailAddress"
write-host $sender
#get Email Address of group owner
$recipient = $gOwner.WindowsEmailAddress
write-host $recipient
$server = "YourSMTPServerGoesHere"
write-host $server
$subject = "Monthly Review required - Email Group: " + $group.Name.ToString()
write-host $subject
#Note: `r`n is a carriage return
$bText1 = "`r`nOwner:" + $gOwner.Name + "`r`n"
$bText2 = $groupAddr.ToString() + "`r`n"
$bText3 = "group members: `r`n"
$bText4 = $dlgm | fl Name | out-String
$bText5 = "Please use your Outlook Client to make changes if needed.`r`n"
$bText6 = "If you are no longer the manager of this group, blah.`r`n"
$body = $bText1 + $bText2 + $bText3 +$bText4 +$bText5 +$bText6
write-host $body.ToString()
$msg = new-object System.Net.Mail.MailMessage $sender, `
$recipient, $subject, $body
#send email
$client = new-object System.Net.Mail.SmtpClient $server
$client.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$client.Send($msg)
}
Old post:
http://gnawgnu.blogspot.com/2008/03/exchange-2007-powershell-script-emails.html
# Enumerates a list of all members of all Distribution Lists
# in Exchange 2010.
# Script will then proceed to email each owner a list of all
# members of each group.
#
# Use PowerShell.exe -command
# ". 'D:\Program Files\Microsoft\Exchange Server\V14
#\bin\RemoteExchange.ps1';
# Connect-ExchangeServer -auto; path_to_your_script"
#
# Updated 5/02/10
# By: Gnawgnu
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
#first get all distributionlists
$dl = get-distributiongroup
#then enumerate through them all and get all group members.
foreach ($group in $dl) {
#build group data
$groupName = "Group Name: " + $group.name
$groupAddr = "Email Address: " + $group.PrimarySMTPAddress
write-host $groupName -foregroundcolor Green
$dlgm = get-distributionGroupMember $group.name.ToString()
# grab the first owner from the multivalued property
$gOwner = get-user -Identity $group.ManagedBy[0]
#setup email - make sure to add to your whitelist for
#antispam if applicable.
$sender = "PickASMTPSenderEmailAddress"
write-host $sender
#get Email Address of group owner
$recipient = $gOwner.WindowsEmailAddress
write-host $recipient
$server = "YourSMTPServerGoesHere"
write-host $server
$subject = "Monthly Review required - Email Group: " + $group.Name.ToString()
write-host $subject
#Note: `r`n is a carriage return
$bText1 = "`r`nOwner:" + $gOwner.Name + "`r`n"
$bText2 = $groupAddr.ToString() + "`r`n"
$bText3 = "group members: `r`n"
$bText4 = $dlgm | fl Name | out-String
$bText5 = "Please use your Outlook Client to make changes if needed.`r`n"
$bText6 = "If you are no longer the manager of this group, blah.`r`n"
$body = $bText1 + $bText2 + $bText3 +$bText4 +$bText5 +$bText6
write-host $body.ToString()
$msg = new-object System.Net.Mail.MailMessage $sender, `
$recipient, $subject, $body
#send email
$client = new-object System.Net.Mail.SmtpClient $server
$client.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$client.Send($msg)
}
Old post:
http://gnawgnu.blogspot.com/2008/03/exchange-2007-powershell-script-emails.html
Exchange 2010 - email list of all distribution groups, members, and owner
I recently had to update a script that I used to use in exchange 2007 that no longer works in 2010. It's mainly due to powershell changes and a tricky issue with getting the owner field back out. Anyway, this script cycles through all your email distribution groups, then emails a list of all of them, the members of each, and the owner to the email distribution group. It's similar to an old script I had back in 3/08.
Updated Note: You can also use
# grab the first owner from the multivalued property
$gOwner = get-user -Identity $group.ManagedBy[0]
instead to get the group owner property and then just use that .Name property for string ouput.
# Enumerates all members of all Distribution Lists in Exchange 2010.
# Use PowerShell.exe -command ". 'D:\Program Files\Microsoft\Exchange
# Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer
#-auto;replacewithyourscriptfilenameandpath"
# Script will then proceed to email a list of all
# members of each group
# Updated 5/02/10
# By: Gnawgnu
# this part is new for 2010
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
#first get all distributionlists
$dl = get-distributiongroup
# initialize variables
$recipient = "PickARecipientEmailAddress"
$sender = "PickASMTPSenderEmailAddress"
$subject = "Monthly Summary of Email Groups"
$server = "YourSMTPServerGoesHere"
$gOwner = "blankstring"
#prepare and output file
$currDate = get-date
#path must exist
write-host "Email groups as of: " $currDate | out-file 'c:\temp\emailgroupmembers.txt'
#then enumerate through them all and get all group members.
foreach ($group in $dl) {
$groupName = "-------------" + "`r`n" + "Group Name: " + $group.name
write-host $groupName -foregroundcolor Green
# this part joins the results of that field into one string.
$gOwner = $group.ManagedBy | `
Select @{Name='Name';Expression={[string]::join(";", ($_.Name))}}
write-host "Owner: " $gOwner -foregroundcolor Green
$groupName | out-file -append 'c:\temp\emailgroupmembers.txt'
$group.ManagedBy.Name | out-file -append 'c:\temp\emailgroupmembers.txt'
$groupAddr = "Email Address: " + $group.PrimarySMTPAddress
$dlgm = get-distributionGroupMember $group.name.ToString()
$dlgm | fw | out-file -append 'c:\temp\emailgroupmembers.txt'
#Note: `r`n is a carriage return
$bText0 = "-------------" + "`r`n" + "Group Name: " + $group.Name
$bText1 = "`r`nOwner:" + $gOwner + "`r`n"
$bText2 = $groupAddr.ToString() + "`r`n"
$bText3 = "`r`n" + "group members: `r`n"
$bText4 = $dlgm | fl Name | out-String
$bTextFinal = $bText0 + $bText1 + $bText2 + $bText3 +$bText4
$body = $body + $bTextFinal
}
$msg = new-object System.Net.Mail.MailMessage $sender, $recipient, $subject, $body
#send email
$client = new-object System.Net.Mail.SmtpClient $server
$client.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$client.Send($msg)
To call it from a batch file: (avoid long path names, spaces, etc)
PowerShell.exe -command ". 'D:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; D:\Exch2010enum.ps1"
Updated Note: You can also use
# grab the first owner from the multivalued property
$gOwner = get-user -Identity $group.ManagedBy[0]
instead to get the group owner property and then just use that .Name property for string ouput.
# Enumerates all members of all Distribution Lists in Exchange 2010.
# Use PowerShell.exe -command ". 'D:\Program Files\Microsoft\Exchange
# Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer
#-auto;
# Script will then proceed to email a list of all
# members of each group
# Updated 5/02/10
# By: Gnawgnu
# this part is new for 2010
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
#first get all distributionlists
$dl = get-distributiongroup
# initialize variables
$recipient = "PickARecipientEmailAddress"
$sender = "PickASMTPSenderEmailAddress"
$subject = "Monthly Summary of Email Groups"
$server = "YourSMTPServerGoesHere"
$gOwner = "blankstring"
#prepare and output file
$currDate = get-date
#path must exist
write-host "Email groups as of: " $currDate | out-file 'c:\temp\emailgroupmembers.txt'
#then enumerate through them all and get all group members.
foreach ($group in $dl) {
$groupName = "-------------" + "`r`n" + "Group Name: " + $group.name
write-host $groupName -foregroundcolor Green
# this part joins the results of that field into one string.
$gOwner = $group.ManagedBy | `
Select @{Name='Name';Expression={[string]::join(";", ($_.Name))}}
write-host "Owner: " $gOwner -foregroundcolor Green
$groupName | out-file -append 'c:\temp\emailgroupmembers.txt'
$group.ManagedBy.Name | out-file -append 'c:\temp\emailgroupmembers.txt'
$groupAddr = "Email Address: " + $group.PrimarySMTPAddress
$dlgm = get-distributionGroupMember $group.name.ToString()
$dlgm | fw | out-file -append 'c:\temp\emailgroupmembers.txt'
#Note: `r`n is a carriage return
$bText0 = "-------------" + "`r`n" + "Group Name: " + $group.Name
$bText1 = "`r`nOwner:" + $gOwner + "`r`n"
$bText2 = $groupAddr.ToString() + "`r`n"
$bText3 = "`r`n" + "group members: `r`n"
$bText4 = $dlgm | fl Name | out-String
$bTextFinal = $bText0 + $bText1 + $bText2 + $bText3 +$bText4
$body = $body + $bTextFinal
}
$msg = new-object System.Net.Mail.MailMessage $sender, $recipient, $subject, $body
#send email
$client = new-object System.Net.Mail.SmtpClient $server
$client.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$client.Send($msg)
To call it from a batch file: (avoid long path names, spaces, etc)
PowerShell.exe -command ". 'D:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; D:\Exch2010enum.ps1"
Thursday, April 22, 2010
Activesync 0x85010014 after moving email mailbox from exchange 2007 to 2010
It's always fun when you run into a problem that only affects one or two users out of a hundred. You can only imagine my joy when I discovered that only my account wasn't working with Exchange Activesync after I moved my mailbox from the old Exchange 2007 server to the new Exchange 2010 one. By the way, I highly recommend using Microsoft's "Exchange Remote Connectivity Analyzer" for externally testing your setup. It's a great diagnostic aid during upgrades and such.
I tested my mailbox against an old windows mobile 6.1 PDA and got the 0x85010014 error, then I used Microsoft's analyzer above and drilled down to "Attempting FolderSync command on ActiveSync session" where it was failing. Then after much searching on the web, I found the clue at http://social.technet.microsoft.com/Forums/en/exchange2010/thread/0cb489da-c490-42ea-91fe-19b8e4de8571 which basically said that Inheritance was turned off on my AD account.
That's when i remembered that during the upgrade I had seen a warning that said some objects in AD had inheritance turned off. I had searched different OUs, etc at that time and hadn't managed to find it. So I opened up ADUC (Active Directory Users and Computers), set the view to Advanced under View so I could see the Security Tab on objects. I checked the "Include inheritable permissions from this object's parent" checkbox and then right afterward I was able to use ActiveSync again.
Updated: I've also found that an attribute flag gets set called "AdminCount" that can also cause that checkbox to reappear. To get rid of it, go under Attributes in the advanced view and clear the AdminCount attribute. You can use a powershell script to find all these affected users and groups here: http://www.shariqsheikh.com/blog/index.php/200908/use-powershell-to-look-up-admincount-from-adminsdholder-and-sdprop/
PS: If the account is a member of a priveleged group, you may find this checkbox unchecks itself after a while. http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx
I tested my mailbox against an old windows mobile 6.1 PDA and got the 0x85010014 error, then I used Microsoft's analyzer above and drilled down to "Attempting FolderSync command on ActiveSync session" where it was failing. Then after much searching on the web, I found the clue at http://social.technet.microsoft.com/Forums/en/exchange2010/thread/0cb489da-c490-42ea-91fe-19b8e4de8571 which basically said that Inheritance was turned off on my AD account.
That's when i remembered that during the upgrade I had seen a warning that said some objects in AD had inheritance turned off. I had searched different OUs, etc at that time and hadn't managed to find it. So I opened up ADUC (Active Directory Users and Computers), set the view to Advanced under View so I could see the Security Tab on objects. I checked the "Include inheritable permissions from this object's parent" checkbox and then right afterward I was able to use ActiveSync again.
Updated: I've also found that an attribute flag gets set called "AdminCount" that can also cause that checkbox to reappear. To get rid of it, go under Attributes in the advanced view and clear the AdminCount attribute. You can use a powershell script to find all these affected users and groups here: http://www.shariqsheikh.com/blog/index.php/200908/use-powershell-to-look-up-admincount-from-adminsdholder-and-sdprop/
PS: If the account is a member of a priveleged group, you may find this checkbox unchecks itself after a while. http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx
Saturday, April 17, 2010
Dell Latitude E6400 video artifact problem with the Intel GMA 4500MHD
Ran into a weird video problem with a E6400 recently. I tried updating drivers, changing settings, and all the usual stuff but it would show up again within the first 15 minutes, give or take a few. So I decided to research into the video chipset itself and found that users on multiple laptop makes and models appeared to be suffering the same problem. See example below.
I found the solution on one of the lenovo forums http://forums.lenovo.com/t5/T400-T500-and-newer-T-series/T500-with-intel-gma-4500mhd-increase-system-video-memory/m-p/132267 (See post by dragon-fly). Apparently, there's an issue when there are a unmatched pair of different size memory modules. This particular laptop had a 4GB and 2GB in it so I swapped out the 2GB for a 4GB. And entertainingly enough, the problem went away right after that. It's been a few days now and the problem hasn't reappeared once yet.
I found the solution on one of the lenovo forums http://forums.lenovo.com/t5/T400-T500-and-newer-T-series/T500-with-intel-gma-4500mhd-increase-system-video-memory/m-p/132267 (See post by dragon-fly). Apparently, there's an issue when there are a unmatched pair of different size memory modules. This particular laptop had a 4GB and 2GB in it so I swapped out the 2GB for a 4GB. And entertainingly enough, the problem went away right after that. It's been a few days now and the problem hasn't reappeared once yet.
Thursday, April 15, 2010
Getting around the Windows 2003 P2V Hyper-V Migration via SCVMM blue screen problem
Yeah I know that's one long winded title. Here's the scenario:
1. Used Microsoft System Center Virtual Machine Manager 2008 R2 to do a physical to virtual server conversion for one of my older Windows 2003 x64 servers.
2. Since it was an OEM OS, I had to buy another server license and do a Repair from a Win2k3 R2 CD1 since that's just about the only good way to get around that activation issue.
3. All attempts to boot the VM got me the dreaded Blue Screen with a 07B error code.
Solution:
1. Don't install the integration components during the migration. On the last step of the SCVMM physical to virtual wizard it has an option to View Script.
2. Add -SkipInstallVirtualizationGuestServices to the very last New-P2V command. Then run the "Windows powershell - virtual machine manager" shortcut from the start menu and paste in the script. If you started from an OEM installation, continue to step 3, otherwise jump to step 5.
3. Then after the conversion, boot the VM off a Win2k3 R2 CD1 ISO or real CD and hit Enter for the first screen, then R to repair once it finds the OS.
4. After that's done, install Service Pack 2 for windows 2003 as it's required for the integration components. Then reboot.
5. Install the Integration services but DO NOT REBOOT yet. Check the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000
The Group Value should be WdfLoadGroup and NOT "Base" or else bad things will happen.
(Thanks to the guys at this thread: http://social.technet.microsoft.com/Forums/en/winserverhyperv/thread/8c65fc96-f961-41dd-bfa2-8caa852f20c7 )
Now your virtual machine should boot up normally.
1. Used Microsoft System Center Virtual Machine Manager 2008 R2 to do a physical to virtual server conversion for one of my older Windows 2003 x64 servers.
2. Since it was an OEM OS, I had to buy another server license and do a Repair from a Win2k3 R2 CD1 since that's just about the only good way to get around that activation issue.
3. All attempts to boot the VM got me the dreaded Blue Screen with a 07B error code.
Solution:
1. Don't install the integration components during the migration. On the last step of the SCVMM physical to virtual wizard it has an option to View Script.
2. Add -SkipInstallVirtualizationGuestServices to the very last New-P2V command. Then run the "Windows powershell - virtual machine manager" shortcut from the start menu and paste in the script. If you started from an OEM installation, continue to step 3, otherwise jump to step 5.
3. Then after the conversion, boot the VM off a Win2k3 R2 CD1 ISO or real CD and hit Enter for the first screen, then R to repair once it finds the OS.
4. After that's done, install Service Pack 2 for windows 2003 as it's required for the integration components. Then reboot.
5. Install the Integration services but DO NOT REBOOT yet. Check the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000
The Group Value should be WdfLoadGroup and NOT "Base" or else bad things will happen.
(Thanks to the guys at this thread: http://social.technet.microsoft.com/Forums/en/winserverhyperv/thread/8c65fc96-f961-41dd-bfa2-8caa852f20c7 )
Now your virtual machine should boot up normally.
Wednesday, April 7, 2010
iTap RDP and group policy
A user recently complained that their iPad device wasn't able to RDP into their workstation. They were using iTap RDP (http://itap.mobi/itap-rdp) which seemed to work fine for old XP boxes and non-domain joined workstations. It would give a NLA error when it tried to connect even though this newest version does support NLA. I knew it had to be group policy related since it only affected domain joined PCs. I wound up having to unconfigure the policy "Always prompt for password upon connection" under Computer Configuration -> Policies -> Admin templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security. Then gpupdate on my domain controllers, then gpupdate on the host pc and rebooted it for good measure. Afterwards, then the iTap RDP client was able to work properly.
Sunday, March 7, 2010
Dell Powerconnect 6224 slow vlan routing problem
So I noticed that intra-vlan network performance had decreased significantly recently but the effects were sporadic. Wireshark traces showed a lot of traffic bleeding over from multiple vlans and file copy performance between vlans was a staggeringly low. I ran the a cable qualification device on all the links and tested the speed between each switch. Everything was fine as long as I didn't do an inter-vlan activity. So I knew then that the problem was in the 6224 which I use for my layer 3 switching between vlans. While trolling through forums, I noticed someone had recommended STP as a place to start in troubleshooting. I set my 'root' switches priority 8192 (lower is higher in priority) and all the issues disappeared within a few seconds.
As far as I can tell the Multiple STP operation mode was running into problems when a load was applied. Since all the other switches are by default set to 32768 by default, now I shouldn't have this problem again.
As far as I can tell the Multiple STP operation mode was running into problems when a load was applied. Since all the other switches are by default set to 32768 by default, now I shouldn't have this problem again.
Thursday, February 25, 2010
Shrew VPN replacement for Juniper/Watchguard on Windows 7 x64
So I'd been waiting to see if anyone had managed to get the Juniper netscreen vpn client to work on windows 7 x64 and then I just gave up and decided to look for an alternate solution. I really didn't want to keep an XP box around just for the purpose of connecting to this one partner's site. So after digging around I found Shrew (http://www.shrew.net/home) which supports XP/Vista/7 in both 32 and 64 bit. And as an added bonus they have tutorial/howtos for setting it up to work with over a dozen vpn endpoint devices. So I sent the info for the Juniper SSG setup to our partner site and they generated a new client file for us.
Installation of the client went smoothly and it imported the client file with no problems.
Installation of the client went smoothly and it imported the client file with no problems.
Monday, February 22, 2010
How to disable SoftAP (aka Windows 7 Wireless Hosted Networks) via Group Policy
Windows 7 comes with a nifty feature that allows it to function as a wireless hotspot. For home users and technical enthusiasts, it's a cool feature. For paranoid network admins like me that feature is a problem. You don't want users opening up wireless APs inside your building or if they're remote, functioning as conduits for outsiders to piggyback into your networks.
To disable this function via group policy, create a new group policy or modify and existing one and go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wireless Network (IEEE 802.11) Policies. right click on there and Create a new policy.
Now be careful what you select in here or else you'll wind up causing havoc for your wireless users.
Name your Wireless policy whatever you want, then go to the "Network Permissions" tab. Select the checkbox for "Don't allow hosted networks" and that will block the SoftAP feature.
Do not check the other boxes that I've marked in blue unless you want to lock down your users to only using your wireless APs (which will also block APs at airports, starbucks, etc). That "Only use group policy..." setting is bad news for your traveling employees.
Once these settings go into effect, the windows 7 clients may require a reboot or two before the changes kick in. These changes also will only work if they are using the default built in wlan client that comes with windows 7. (See checkbox setting on first tab of that policy window).
For more details on what these settings are:
http://msdn.microsoft.com/en-us/library/dd815243(VS.85).aspx
To disable this function via group policy, create a new group policy or modify and existing one and go to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wireless Network (IEEE 802.11) Policies. right click on there and Create a new policy.
Now be careful what you select in here or else you'll wind up causing havoc for your wireless users.
Name your Wireless policy whatever you want, then go to the "Network Permissions" tab. Select the checkbox for "Don't allow hosted networks" and that will block the SoftAP feature.
Do not check the other boxes that I've marked in blue unless you want to lock down your users to only using your wireless APs (which will also block APs at airports, starbucks, etc). That "Only use group policy..." setting is bad news for your traveling employees.
Once these settings go into effect, the windows 7 clients may require a reboot or two before the changes kick in. These changes also will only work if they are using the default built in wlan client that comes with windows 7. (See checkbox setting on first tab of that policy window).
For more details on what these settings are:
http://msdn.microsoft.com/en-us/library/dd815243(VS.85).aspx
Wednesday, February 3, 2010
TFSWarehouse Event 3000 Failed to load adapter with SQL 2008 data tier
So I had my nice, mostly stable TFS implementation consisting of a SQL 2005 SP3 data tier and a TFS 2008 SP1 (9.0.30729.1) Application tier. I decided to upgrade the Data Tier to SQL 2008 since I'll need it to be there when we upgrade this year to TFS 2010. I followed Bill Wang's blog post http://billwg.blogspot.com/2009/04/how-to-upgrade-tfs-data-tier-to-sql.html
Everything went fine except the warehouse stopped refreshing. In the Event Log on the Application Tier I had this error:
Event Type: Error
Event Source: TFS Warehouse
Event Category: None
Event ID: 3000
Date: 2/3/2010
Time: 1:13:47 PM
User: N/A
Computer: TFS1
Description:
TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 2/3/2010 6:13:47 PM
Machine: TFS1
Application Domain: /LM/W3SVC/3/Root/Warehouse-3-129096944229185149
Assembly: Microsoft.TeamFoundation.Warehouse, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727
Process Details:
Process Name: w3wp
Process Id: 5444
Thread Id: 5576
Account name: PS_NT\TFSSERVICE
Detailed Message: Failed to load adapter Microsoft.TeamFoundation.Warehouse.CommonStructureAdapter. Exception Info: \n System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.AnalysisServices, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91' or one of its dependencies. The system cannot find the file specified.
After much head-banging I realized that I hadn't upgraded the SQL Client Connectivity on the App Tier to 2008 to match. D'oh. After installing the SQL 2008 Connectivity and Management tools and rebooting, I went to the http://localhost:8080/Warehouse/v1.0/warehousecontroller.asmx and hit 'Run', then invoke to force the update. Then used the 'GetWarehouseStatus' to watch the Adapter running. Fixed.
Everything went fine except the warehouse stopped refreshing. In the Event Log on the Application Tier I had this error:
Event Type: Error
Event Source: TFS Warehouse
Event Category: None
Event ID: 3000
Date: 2/3/2010
Time: 1:13:47 PM
User: N/A
Computer: TFS1
Description:
TF53010: The following error has occurred in a Team Foundation component or extension:
Date (UTC): 2/3/2010 6:13:47 PM
Machine: TFS1
Application Domain: /LM/W3SVC/3/Root/Warehouse-3-129096944229185149
Assembly: Microsoft.TeamFoundation.Warehouse, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727
Process Details:
Process Name: w3wp
Process Id: 5444
Thread Id: 5576
Account name: PS_NT\TFSSERVICE
Detailed Message: Failed to load adapter Microsoft.TeamFoundation.Warehouse.CommonStructureAdapter. Exception Info: \n System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.AnalysisServices, Version=10.0.0.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91' or one of its dependencies. The system cannot find the file specified.
After much head-banging I realized that I hadn't upgraded the SQL Client Connectivity on the App Tier to 2008 to match. D'oh. After installing the SQL 2008 Connectivity and Management tools and rebooting, I went to the http://localhost:8080/Warehouse/v1.0/warehousecontroller.asmx and hit 'Run', then invoke to force the update. Then used the 'GetWarehouseStatus' to watch the Adapter running. Fixed.
Symantec Backup Exec 2010 first impressions
Now it may be too early to say, but so far I'm actually impressed with BE 2010 (Trial edition of course). Normally I'm pretty skeptical about new releases but after a colleague of mine told me that it fixed his backup issues with a 2008 x64 R2 Hyper-V machine I decided to give it a look over. He had that dreaded "Snapshot provider error (0xE000FED1): A failure occurred querying the Writer status." error. I set up a couple of test x64 servers in the lab with copies of the real VMs and loaded up BE 2010 and set it for some Disk to Disk tests. While I did get some GRT related errors even though I wasn't using GRT at the time, it still backed up the server images themselves.
As far as installation goes, the UI continues to improve with each release and it's pretty straightforward. Upgrading an existing BE 12.5 install was a breeze. The remote installation process has undergone a major makeover and now makes it easier to roll out multiple agents with different options selected. And to boot, it lists all the previously rolled out agents in the console. The management console is a bit more refined looking and they've integrated a lot of new little icons into the selection windows.
They've also added a few new agents that will be interesting to try (as soon as I get the budget). The DeDuplication agent could be useful for reducing backup sizes and the new Exchange archiving agent has potential as well.
As always, I recommend fully testing out any new software product in a test environment prior to rolling it out into production...
As far as installation goes, the UI continues to improve with each release and it's pretty straightforward. Upgrading an existing BE 12.5 install was a breeze. The remote installation process has undergone a major makeover and now makes it easier to roll out multiple agents with different options selected. And to boot, it lists all the previously rolled out agents in the console. The management console is a bit more refined looking and they've integrated a lot of new little icons into the selection windows.
They've also added a few new agents that will be interesting to try (as soon as I get the budget). The DeDuplication agent could be useful for reducing backup sizes and the new Exchange archiving agent has potential as well.
As always, I recommend fully testing out any new software product in a test environment prior to rolling it out into production...
Subscribe to:
Posts (Atom)