Setup Windows Server 2012 Core Computer for Domain

June 17, 2013, 12:30 am

≫ Next: Remote Disk Management to Server 2012 core

≪ Previous: 02A2: BMC System Error Log (SEL) Full.

You have provisioned a new Windows Server 2012 server core machine and you want to connect it to the domain. Before you do this there are 5 steps you generally want to perform:

Rename the computer
Change the IP to static
Join it to the domain
Enter Product Key and Activate (not required if KMS is in use)
Install Windows Updates

This article provides the commands and steps required to join a new Server 2012 server to the domain from command line so that it can be managed remotely using the Server 2012 GUI tools.

Rename Windows Server 2012 using NETDOM

Execute the following command to rename the server using the NetDom utility.

netdom renamecomputer Server2012 /NewName FileServer

Server2012 is the current name of the server, FileServer is the new name. After the rename is complete you will need to restart with the following command:

shutdown -r -f -t 0

Upon reboot type "hostname" to identify the computer was renamed.

Configure the Network Interface

Next your going to most likely want to configure a static IP unless your intending to use DHCP to provide network configuration to your Windows Server 2012 computer.

The first step is to identify the name of the interface by executing the following netsh command.

netsh interface ip show config

Next you can set the IP address, Subnet Mask and Gateway with the following command:

netsh interface ip set address name="Ethernet" static 10.10.10.50 255.255.255.0 10.10.254.254 1

To configure a primary DNS server and secondary DNS server for your "Ethernet" network interface use the following commands:

netsh interface ip set dns name="Local Area Connection" static 10.10.10.230
netsh interface ip add dns name="Local Area Connection" 10.10.10.250 index=2

Validate the configuration with IPCONFIG /ALL

Join the Computer to the Domain

To join the Server 2012 computer to the domain execute the following command.

netdom join FileServer /domain:corporatedomain.local /userd:domain/username /passwordd:password

After the computer is joined execute the following command to reboot the server.

shutdown -r -f -t 0

For security purposes I blurred out my domain name, username and password.

Now your ready to go, your new Server 2012 system is on the domain. As an optional task you can add domain groups to the local admins group on the system using the following command.

net localgroup administrators /add DomainName\UserName

Enter Product Key and Activate

Enter the product key and activate Windows provided you do not have a Key Management Server (KMS) on your network. To enter the product key use the following command:

start /w slmgr.vbs -ipk XXXX-XXXX-XXXX-XXXX-XXXX

To Activate Windows use the following command.

start /w slmgr.vbs -ato

Install Windows Updates

To install the Windows Updates on server core we need to use a tool called sconfig.exe. Launch sconfig.exe from command line.

Select option 6 to download and install updates.

Next select A to install All Updates.

Lastly select A to install all updates or alternatively select single updates to install from the list.

↧

Remote Disk Management to Server 2012 core

June 18, 2013, 1:23 am

≫ Next: Remote COM+ Network Access to Server 2012 Core

≪ Previous: Setup Windows Server 2012 Core Computer for Domain

I had a requirement to utilise remote disk management to a Windows Server 2012 coreinstallation. When opening Computer Management and remotely connecting to the Windows Server 2012 computer we received the following error message when attempting to access disk management.

Disk Management could not start Virtual Disk Service (VDS) on SERVERNAME. This can happen if the remote computer does not support VDS, or if the connection cannot be established because it was blocked by Windows Firewall.

For additional information about diagnosing and correcting this problem, see Troubleshooting Disk Management in Disk Management help.

To resolve this problem we logged into the Server 2012 core server and enabled the following firewall exception using the netsh command.

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes

After adding the firewall exception to our Windows Server 2012 core computer, we can now connect to it using remote disk management.

↧

Remote COM+ Network Access to Server 2012 Core

June 19, 2013, 12:30 am

≫ Next: Find out which Global Catalog server Exchange is Using

≪ Previous: Remote Disk Management to Server 2012 core

You have setup new Server 2012 core computer and you wish to perform remote management of the server through COM+ Network Access. When you open a console such as Computer Management you receive the following error message:

Computer "SERVERNAME" cannot be connected. Verify that the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer.

To enable the appropriate Windows Firewall rules on the remote computer, open the Windows Firewall with Advanced Security snap-in and enable the following inbound rules.

COM+ Network Access (DCOM-In)
All rules in the Remote Event Log management group.

You can also enable these rules by using Group Policy settings for Windows Firewall and Advanced Security. For servers that are running the Server Core installation option, run the Netsh AdvFirewall command, or the Windows PowerShell NetSecurity module.

Because COM+ Network Access is not allowed you cannot use the Windows Firewall and Advanced Security MMC Snapin to remotely connect to the server. As a result you need to login to the Server 2012 core machine and run the following command from command prompt to enable remote access.

netsh advfirewall set currentprofile settings remotemanagement enable

Now you can remotely connect to the Server 2012 core machine using MMC snapins.

This article might also be of reference - Remote Disk Management of a Server 2012 core machine:

http://clintboessen.blogspot.com.au/2013/06/remote-disk-management-to-server-2012.html

↧

Find out which Global Catalog server Exchange is Using

June 28, 2013, 12:31 am

≫ Next: Changes in Exchange 2010/2013 Global Catalog Communication

≪ Previous: Remote COM+ Network Access to Server 2012 Core

In this article I am going to show you how to find out which Global Catalog servers your Exchange server is utilising.

How do you know what Global Catalog servers Exchange has found in its Active Directory site?

This can be found in the Application Event Logs under Event ID 2080.

This lists all domain controllers in the environment and which domain controllers are in the same site as the Exchange server.

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1536). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
ANG-PTH-DC1.domain.local CDG 1 7 7 1 0 1 1 7 1
athena.domain.local CDG 1 7 7 1 0 1 1 7 1
ares.domain.local CD- 1 6 6 0 0 1 1 6 1
ANG-PTH-DC2.domain.local CDG 1 7 7 1 0 1 1 7 1
ANG-BUN-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
ANG-JOO-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
joondalupfrcsvr.domain.local CD- 1 6 6 0 0 1 1 6 1
ANG-JOO-SVR02.domain.local CDG 1 7 7 1 0 1 1 7 1
ANG-KAT-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
kununurrasvr.domain.local CDG 1 7 7 1 0 1 1 7 1
rockinghamsvr.domain.local CD- 1 6 6 0 0 1 1 6 1
ANG-MAN-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
ANG-MAN-SVR02.domain.local CDG 1 7 7 1 0 1 1 7 1
youthservsvr.domain.local CD- 1 6 6 0 0 1 1 6 1
ANG-ALB-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
ANG-AWC-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
broomesvr.domain.local CD- 1 6 6 0 0 1 1 6 1
daisyhousesvr.domain.local CDG 1 0 0 1 0 0 0 0 0
Coolbellupsvr.domain.local CD- 1 6 6 0 0 1 1 6 1
ANG-BDS-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1
ANG-GOS-SVR01.domain.local CDG 1 7 7 1 0 1 1 7 1

What are these numbers next to the server? As per Microsoft KB 316300 these numbers mean the following things:

Server name: The first column indicates the name of the domain controller that the rest of the data in the row corresponds to.

Roles: The second column shows whether or not the particular server can be used as a configuration domain controller (column value C), a domain controller (column value D), or a global catalog server (column value G) for this particular Exchange server. A letter in this column means that the server can be used for the designated function, and a hyphen (-) means that the server cannot be used for that function. In the example that is described earlier in this article, the Roles column contains the value CDG to show that the service can use the server for all three functions.

Reachability: The third column shows whether the server is reachable by a Transmission Control Protocol (TCP) connection. These bit flags are connected by an OR value. 0x1 means the server is reachable as a global catalog server (port 3268), 0x2 means the server is reachable as a domain controller (port 389), and 0x4 means the server is reachable as a configuration domain controller (port 389). In other words, if a server is reachable as a global catalog server and as a domain controller but not as a configuration domain controller, the value is 3. In the example that is described earlier in this article, the value 7 in the third column means that the server is reachable as a global catalog server, as a domain controller, and as a configuration domain controller (0x1 | 0x2 | 0x4 = 0x7).

Synchronized: The fourth column shows whether the "isSynchronized" flag on the rootDSE of the domain controller is set to TRUE. These values use the same bit flags connected by an OR value as the flags that are used in the Reachability column.

GC capable: The fifth column is a Boolean expression that states whether the domain controller is a global catalog server.

PDC: The sixth column is a Boolean expression that states whether the domain controller is a primary domain controller for its domain.

SACL right: The seventh column is a Boolean expression that states whether DSAccess has the correct permissions to read the SACL (part of nTSecurityDescriptor) against that directory service.

Critical Data: The eighth column is a Boolean expression that states whether DSAccess found this Exchange server in the configuration container of the domain controller listed in Server name column.

Netlogon Check: The ninth column (added in Exchange 2000 SP3) states whether DSAccess successfully connected to a domain controller’s Net Logon service. This requires the use of Remote Procedure Call (RPC), and this call may fail for reasons other than a server that is down. For example, firewalls may block this call. So, if there is a 7 in the ninth column, it means that the Net Logon service check was successful for each role (domain controller, configuration domain controller, and global catalog).

OS Version: The tenth column (added in Exchange 2003) states whether the operating system of the listed domain controller is running at least Microsoft Windows 2000 Service Pack 3 (SP3). Exchange 2003 only uses domain controllers or global catalog servers that are running Windows 2000 SP3 or later. A Boolean expression of 1 means the domain controller satisfied the operating system requirements of Exchange 2003 for use by DSAccess.

Which Global Catalog Server are we using?

By default without any configuration, Exchange load balances its Global Catalog requests against all Global Catalog servers in the same Active Directory site as the Exchange server. All domain controllers in the same AD Site will receive an even amount global catalog calls from the Exchange server on TCP3268 unless they have a problem which the Microsoft Exchange AD Topology service has detected. This can be verified using a tool such as Network Monitor:

Can I Manually Exclude or Specify which Domain Controllers Exchange Uses?

The answer to this question is Yes, however I recommend doing so only when troubleshooting. This can be configured with the Set-ExchangeServer powershell cmdlet.

↧

Changes in Exchange 2010/2013 Global Catalog Communication

July 7, 2013, 8:44 pm

≫ Next: Wheres Modify Extra Properties in MFCMAPI?

≪ Previous: Find out which Global Catalog server Exchange is Using

Last week I published an article "Find out which Global Catalog server Exchange is Using" which lets administrators identify which Global Catalog server their Exchange server is currently utilising. This week I wish to continue exploring Exchange Global Catalog communication by talking about changes in Global Catalog communication as of Exchange 2010 and Exchange 2013.

In earlier editions, Exchange server would direct Outlook to contact a Global Catalog server for user specific global catalog communication. In Exchange Server 2010 onwards, the Microsoft Exchange Address Book Service on the Client Access Server (CAS) hosts the NSPI endpoint. The Exchange Server 2010 CAS provides address book and related services to the Outlook client instead of referring Outlook to a global catalog server.

What does this mean? More Global Catalog communication from the Exchange server!

If you are still planning your Exchange 2003 to Exchange 2010 migration, make sure you factor this in especially if there are many users in remote sites. Users in remote sites will communicate with their local Global Catalog servers, when moving the users to Exchange 2010 these global catalog calls will no longer be distributed across the remote sites, all global catalog calls will hit servers in the same Active Directory site as the Exchange 2010 server which in large deployments can be a significant overhead especially when dealing with 10,000+ users.

As Exchange load balances its Global Catalog communication across all Global Catalog servers in the same site as the Exchange server as explained in my previous article "Find out which Global Catalog server Exchange is Using", the solution for this increase in Global Catalog communication is to simply deploy additional Global Catalog servers in the same Active Directory site as the Exchange server.

↧

Wheres Modify Extra Properties in MFCMAPI?

July 8, 2013, 2:05 am

≫ Next: Exchange 2013 Certificates and Encryption

≪ Previous: Changes in Exchange 2010/2013 Global Catalog Communication

MFCMAPI is an advanced MAPI Editing tool used for manually editing MAPI property tables. To Exchange experts it is known as the ADSIEdit for MAPI. If you are not an Exchange Developer/Expert you have no business in MFCMAPI - do use this program unless you are following strict instructions from either Microsoft or a product manual. If you do have a requirement to utilise MFCMAPI and you are following a document, first of all you can download the MFCMAPI application from codeplex on the following URL with the latest version being 15 as of this writing:

http://mfcmapi.codeplex.com/

With the new build of MFCMAPI a few things have been moved around. One common one which gets a lot of administrators is "Modify Extra Properties". If you are following a product manual and it has asked you to select an object then "On the Property pane menu, click Modify Extra Properties" you are properly scratching your head.

The "Modify Additional Properties" field has now been renamed to "Additional properties...". Simply select this instead then follow the rest of your instructions as normal.

The next screen is the same as previous versions of MFCMAPI.

Follow your documentation from here as normal.

The purpose of this article is to clarify this step in existing documentation. MFCMapi is a dangerous tool and if administrators do not know what they are doing they can cause serve damage.

↧

Exchange 2013 Certificates and Encryption

July 9, 2013, 10:16 pm

≫ Next: Changing Home Page for Internet Explorer 10 through Group Policy

≪ Previous: Wheres Modify Extra Properties in MFCMAPI?

Exchange 2013 like previous versions of Exchange requires digital certificates to encrypt traffic between Exchange clients such as Web Access, Active Sync and RPC over HTTPS. Certificates can also be used for additional services such as Unified Messaging, TLS SMTP connections and legacy POP and IMAP protocols.

In previous versions of Exchange such as 2007 and 2010, certificates were installed on the Client Access server role to provide encryption between Exchange and Clients. In Exchange 2013 certificates now reside on the Mailbox and Client Access servers.

The Client Access role is the only role in which you as an administrator are required a certificate. It is recommended the new certificate be obtained by an external certificate authority such as DigiCert to ensure the certificate is trusted by external devices not joined to the Active Directory domain such as mobile phones. The certificate can be installed using the new web based management tool Exchange Administration Console (EAC).

As the Client Access server role now only provides authentication and proxy/redirection logic and does not process any rendering of content a certificate is also required on the mailbox server to ensure communication between the Client Access and Mailbox remains secure. Exchange 2013 automatically installs a self signed certificate on the Mailbox server as part of the installation process. The Client Access server automatically trusts the self-signed certificate on the Mailbox server, so clients will not receive warnings about a self-signed certificate not being trusted, provided that the Client Access server has a non-self-signed certificate from either a Windows certification authority (CA) or a trusted third party.

It is very important you do not delete self signed certificates on the mailbox server, doing so will break your Exchange environment!

↧

Changing Home Page for Internet Explorer 10 through Group Policy

July 14, 2013, 10:58 pm

≫ Next: WdsClient: There was a problem initializing WDS Mode

≪ Previous: Exchange 2013 Certificates and Encryption

Changing Home Page for Internet Explorer in the past was simply a matter of modifying the Internet Explorer Maintenance settings under User Configuration --> Windows Settings as shown in the following screenshot.

However in Internet Explorer 10 all configuration options under the Internet Explorer Maintenance section no longer effect the new web browser. Microsoft has published an article entitled Replacements for Internet Explorer Maintenance which can be found on the following URL link provided below. This TechNet article explains the alternative policy configuration setting for each of the Internet Explorer Maintenance policies applicable for Internet Explorer 10.

http://technet.microsoft.com/en-us/library/jj890998.aspx

For changing the home page Microsoft recommends using the Internet Settings policy settings which can be found under Group Policy Preferences for User Configuration. This presents a problem however, your running Group Policy Management Console (GPMC) on Window 2008 R2, Windows 7 or any previous operating systems. The problem with these operating systems is Group Policy Management Console does not support Internet Explorer 10 group policy configuration.

The following screenshot was taken on a 2008 R2 domain controller in Group Policy Management Console.

To configure Internet Explorer 10 you must run Group Policy Management Console on either Windows 8 or Windows Server 2012. Only then will the correct configuration options be available.

Simply configure the home page for Internet Explorer 10 along with any other options you want configured.

IMPORTANT: Before clicking OK make sure you press "F6" on the Home Page dialog box to ensure it goes green in colour. If it has a read dot below it, the policy setting will not apply.

The screenshot below shows the green line after pressing F6 to confirm the data.

I hope this post has been of value to you.

Also I would like to note, it is also possible to configure the home page using the Internet Explorer Administration Kit (IEAK). This requires deploying the configuration changes to workstations in MSI format.

↧

WdsClient: There was a problem initializing WDS Mode

July 15, 2013, 7:37 am

≫ Next: Complete WSUS Installation - Fatal Error: Illegal characters in path.

≪ Previous: Changing Home Page for Internet Explorer 10 through Group Policy

Tonight I wanted to deploy a bunch of Windows Servers from a customised WIM file for my home lab environment running on VMware Workstation - need to test something for a customer tomorrow :). In minutes I had built a new WDS server with DHCP and PXE boot services, however when I went to boot my first VMware machine from my WDS server, the PXE boot went through fine however I ran into the following error.

WdsClient: There was a problem initializing WDS Mode

After a good 10 minutes trying to figure out what was going on I ran services.msc on my host physical Laptop. The darn VMware DHCP Service was running!

The virtual machine was booting of the WDS DHCP Server after booting it went to obtain a second IP address which was the VMware DHCP Service! Ahg!

↧

Complete WSUS Installation - Fatal Error: Illegal characters in path.

July 22, 2013, 12:01 am

≫ Next: Force Windows Media Player DNLA Server to Refresh Media

≪ Previous: WdsClient: There was a problem initializing WDS Mode

Setting up a new WSUS server on Windows Server 2012, when I entered the content path as E:\ and clicked Run I received the following error message:

Log file is located at C:\Users\clint.boessen\AppData\Local\Temp\tmpE3AA.tmp
Post install is starting
Fatal Error: Illegal characters in path.

Turns out you cannot specify root partitions, you need to specify a directory such as E:\WSUS. Changing the path resolved the issue.

↧

Force Windows Media Player DNLA Server to Refresh Media

July 23, 2013, 4:18 am

≫ Next: Clients not appearing in a new Windows Server 2012 WSUS Server

≪ Previous: Complete WSUS Installation - Fatal Error: Illegal characters in path.

Windows Media Player has a DLNA server built into it provided through the "Windows Media Player Network Sharing" Windows service. This allows DLNA clients such as TV's, Playstation's, xBox's, Apple TV's and more to play media from Windows over the network. To enable this under the streaming menu in Windows Media Player (version 12) in this writing simply select the Stream menu and allow devices to stream media.

Under more streaming options you can select specifically which devices can stream media from Windows Media Player.

One problem which users often experience is the Windows Media Player not refreshing media fast enough. Windows Media Player often rechecks for new movies/music on your computer hard drive however sometimes when you download something new and go to a DNLA device such as a TV to play the media, it might not appear.

It is possible to force Windows Media Player to refresh media, this can be done by selecting "Apply media information changes" from the Organize menu.

This process often takes a while depending on the amount of media on your computer.

To configure Windows Media Player where to look for new media, go to Organize, Manage libraries then select the library you wish to modify.

In here you can select which folders or drives on your computer containing media will be available to DLNA clients on the network.

I hope this post has been informative for you and I would like to thank you for reading.

↧

Clients not appearing in a new Windows Server 2012 WSUS Server

July 24, 2013, 7:15 pm

≫ Next: Troubleshooting Windows 8 Modern Application Installation Issues on a Corporate Network

≪ Previous: Force Windows Media Player DNLA Server to Refresh Media

I just implemented a new WSUS Server running on top of Windows Server 2012 called "ADM-WSUS-01" and configured clients to connect to the WSUS server using the group policy setting "Specify intranet Microsoft update service location". After a few days I checked back and noticed no clients had yet reported to the WSUS server.

After investigating I discovered in Server 2012 Microsoft changed the default WSUS port to 8530. WSUS port by default was always port 80 in Server 2003 and Server 2008.

Changing my group policy to point workstations at HTTP://ADM-WSUS-01:8530 resolved the problem.

↧

Troubleshooting Windows 8 Modern Application Installation Issues on a Corporate Network

July 24, 2013, 10:59 pm

≫ Next: Lepide Exchange Recovery Manager Product Review

≪ Previous: Clients not appearing in a new Windows Server 2012 WSUS Server

Windows 8 modern applications are great on home laptops and devices however on a corporate network there are a number of elements which can cause issues. In this blog post we will cover some of the problems with Windows 8 modern applications can experience on a corporate network.

Modern Application Installation Issue #1

Most companies utilise Microsoft System Centre Configuration Manager (SCCM) or Windows Software Update Server (WSUS) to distribute updates to workstations on an internal network. These internal update servers are configured through a corporate Group Policy Object using the "Specify intranet Microsoft update service location" policy as shown in the following screenshot.

When a workstation receives this group policy setting to use an internal update server, the workstation is automatically configured to not utilise public Windows Update servers outside of the corporate network through a registry DWORD value called DisableWindowsUpdateAccess. This DWORD is configured under the following registry key:

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Windows 8 installs Modern Applications available in the Windows App Store from online update servers. Applications available in the App Store are not available on internal WSUS or SCCM servers. This DisableWindowsUpdateAccess DWORD value prevents the Windows 8 App Store from downloading applications and triggers the following error message:

Your purchase couldn't be completed.
Something happened and your purchase can't be completed. Error code: 0x8024002e

To allow Windows 8 modern applications to be installed you must allow Windows 8 to contact the public update servers to retrieve the application.

If you set the DisableWindowsUpdateAccess registry key DWORD value to 0 and reboot the machine, you will then be able to download applications from the Windows 8 Application Store.

Modern Application Installation Issue #2

Another problem which catches out enterprise organisations and is much more difficult to solve is the use of proxy servers or transparent proxy servers. If you experience the following error it is due to a proxy server which Windows 8 Modern Applications have difficulties dealing with. These difficulties will be explained below and there is no easy resolution as you will find out.

Something happened and this app couldn't be installed. Please try again. Error code: 0x8024401c

We are now going to look into why this is occurring...

Windows 8 has two proxy APIs which communicate with network proxy servers to provide internet connectivity to applications.

The first API which is used by most desktop applications and Internet Explorer is the WinInet library. More information on this library can be found here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa383630(v=vs.85).aspx

The second API which is used by Windows 8 modern applications is the WinHTTP library which is documented on MSDN here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa382925(v=vs.85).aspx

The WinHTTP library is very limited in terms of functionality compared to the WinInet library. Significant limitations include no NTLM authentication abilities and the inability to automatically prompt users to enter proxy server credentials when attempting to authenticate against the proxy server. The WinInet proxy API automatically prompts users to enter their proxy server authentication details when trying to authenticate against a proxy server.

As Modern Applications use such the limited WinHTTP API, the only resolution is a complex work around:

"Setup another proxy server running on the local machine which allows WinHTTP to connect unauthenticated then authenticate with the corporate proxy server with the local proxy server installation. Configure the WinHTTP proxy using the netsh utility to use the local proxy server running on 127.0.0.1:3128"

Yep, not easy is it?

If you are desperate to get Modern Applications working through your corporate proxy server or transparent corporate proxy server, please refer to the following TechNet form which contains instructions on how to configure this:

http://social.technet.microsoft.com/Forums/windows/en-US/6bd674bd-b896-4d31-92a1-9195e85fb023/windows-store-and-windows-update-fail-with-error-0x8024401c-on-a-pc-under-corporate-proxy-with

↧

Lepide Exchange Recovery Manager Product Review

July 26, 2013, 1:29 am

≫ Next: How to install PST Capture Agent on Windows XP

≪ Previous: Troubleshooting Windows 8 Modern Application Installation Issues on a Corporate Network

In this post we will be having a look at Exchange Recovery Manager from Lepide software. Lepide is an extremely powerful Exchange recovery and data collaboration tool which allows companies to perform a data recovery and manipulation tasks on a variety of data formats.

Exchange Recovery Manager is one of the leading tools on the market for dealing with Exchange data recovery. It is important to note that Exchange Recovery Manager is not a backup solution and does not allow administrators to configure automated backup jobs. It is designed to work with an existing backup solution to perform enhanced data recovery capabilities.

How It Works

Exchange Recovery Manager has two main components, the source and destination. Both source and destination must be specified before proceeding any further with the product.

Exchange Recovery Manager provides support for the following source formats:

Offline EDB File
Offline OST File (Cached Exchange Mode)
Outlook PST File
Live Exchange

Exchange Recovery Manager provides support for the following destination formats:

Existing PST File
Create New PST File
Live Exchange (Single Mailbox)
Live Exchange (Multiple Mailboxes)
Live Exchange (Public Folder)
Office 365

Once you have added both a source and a destination, Exchange Recovery Manager will lay the source and destination out in an easy to use interface. The source list is added on top and the destination is added below. In the screenshot below we have added an offline Exchange database file as the source and a PST file as the destination.

Exchange Recovery Manager allows users to drag and drop individual items or entire folders from the source to the destination. You don't have to drag an drop from the source to the destination if you don't want to, the product also supports right click export functionality on almost any item such as entire mailboxes or individual items. For example if you want to export a mailbox from this offline EDB to a PST file, you can simply right click and select "Export Mailboxes". If you select multiple mailboxes using the CTRL or SHIFT keys, you can export multiple mailboxes at the same time.

From here you are able to easily select whether you want to export the mailboxes to PST, to a live Exchange server or perhaps Office 365.

You can also right click and select to export individual messages to commonly used formats. This is done by simply right clicking on a message and clicking Export Message(s).

In the Export screen you scan then select what format you want to export to including the popular MSG and EML message formats for email messages.

Due to the way the Exchange Recovery Manager is designed, you can transfer data between any of the source to destination formats. For example you can use Exchange Recovery Manager to perform any of the following tasks:

Convert an Outlook OST file (source) to a PST file (destination).
Use an OST file to restore data back into a live Exchange server in the event the users mailbox has experienced corruption and you haven't configured Exchange native data protection configured.
Upload an OST file into an Office 365 mailbox
Migrate data from one Exchange server to another Exchange server (in different forests). Whilst this is possible using native mailbox moves it is requires advanced Exchange knowledge with scripts such as PrepareMoveRequest.ps1 required for Cross Forest Mailbox moves.
Import PST files into Exchange Mailboxes
Use Exchange Recovery Manager for uploading mailboxes from on premises Exchange deployments to Office 365 deployments.

Much more... I'm not going to go through every combination of source to destination data migrations possibilities, but I'm sure you get the idea.

Database Corruption

Exchange Recovery Manager is a very powerful tool which can deal with servery corrupted Exchange EDB files and Outlook OST/PST files. Exchange Recovery Manager is able to extract data from EDB files in which the Exchange Information Store service is unable to mount, or PST/OST files which are no longer accessible by Microsoft Outlook due to corruption.

This is very useful in emergencies when dealing with corrupt databases with Microsoft Exchange. In the scenario where a company has a corrupt Exchange database which does not mount, the company would either need to begin repairing the database file using the Microsoft isinteg.exe and eseutil.exe command line tools or recovering the Exchange database from backup, a process which can take hours and result in extended periods of productivity loss.

With Exchange Recovery Manager you can have the company back online in minutes. This is done through the process of performing what's known as a Dial Tone Recovery in Exchange. This works by renaming the corrupt EDB database then mounting telling Exchange to mount the database. Exchange will automatically generate a new blank database providing users with empty mailboxes. The administrator can then open the corrupt database with Exchange Recovery Manager and begin recovering all readable information from the corrupt database back into the empty database. Data imported will automatically merge in with the new production mailboxes. This allows users to be up and running and sending and receiving emails within minutes.

As you have probability guessed, corrupt PST files can be repaired with Exchange Recovery Manager. Simply enter in the corrupt PST as the source and specify a new PST as the destination. Any content which is readable and has not been effected by corruption can be extracted to the new PST file.

Unfortunately OST corruption cannot be repaired with Exchange Recovery Manager as the application does not support the capability to add OST files as a destination. OST corruption can be repaired only if the OST is exported to a different format such as PST or to an Exchange Mailbox. This is not seen as an issue as in most cases if an OST file becomes corrupt help desk generally deletes the OST file on the users workstation and lets Outlook re-cache the users mailbox from the Exchange server.

What is Supported?

Exchange Recovery Manager supports all versions of Microsoft Exchange including Exchange 5.5, Exchange 2000, Exchange 2003, Exchange 2007, Exchange 2010 and Exchange 2013. It also supports integration with Office 365.

Exchange Recovery Manager also supports all versions of Microsoft Outlook including Outlook 2000, Outlook XP, Outlook 2003, Outlook 2007, Outlook 2010 and Outlook 2013.

Exchange Recovery Manager runs on the following versions of Windows including Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows Server 2012.

Exchange Recovery Manager runs on both 32bit and 64bit operating systems. When installing Exchange Recovery Manager, the setup installation process will automatically detects the architecture of Microsoft Outlook (if its 32bit or 64bit). In the event Outlook 32bit is installed, Exchange Recovery Manager will automatically install itself as a 32bit installation. In the event Outlook 64bit is installed, Exchange Recovery Manager will install the 64bit version of itself. In the event no Outlook is installed, Exchange Recovery Manager installs itself as 32bit. Microsoft Outlook is required on the same Windows computer as Exchange Recovery Manager because Recovery Manager uses the API's from Microsoft Outlook to work with PST files.

It is not recommended running Exchange Recovery Manager on the same machine as the Exchange Server. Performing recovery operations in Exchange Recovery Manager can be resource intensive and as a result can effect the performance of a production Exchange server.

Backup Integration

Exchange Recovery Manager has the capability to extract EDB files from backup images taken from popular backup applications including NT Backup, Symantec Backup, Veritas Backup and HP Backup. This allows companies to utilise Exchange Recovery Manager to export individual items, folders or entire mailboxes to a destination format such as PST by extracting the information directly from a backup file.

To do this simply select the Extract Backup button on the toolbar. The screenshot below shows an EDB file located inside a HP Backup Image.

The following screenshot shows where you select the backup file which contains the Exchange EDB file.

Exchange Recovery Manager needs to Extract the EDB file from the backup file to a location on your computer before Exchange Recovery Manager can work with the offline EDB file. As a result make sure you have sufficient space free.

Product Licensing

Now that we understand how Exchange Recovery Manager works and it is important to cover how the product licensed and the costs associated. There are two main flavours of Exchange Recovery Manager which are most popular, Standard Edition and Professional Edition.

Professional Edition allows you to perform all functionality documented in this article as well as the additional functionality which was not covered in today's post.

Standard Edition has some limitations. It only allows you to work with offline Exchange database recovery and does not let you connect to live Exchange servers. It also does not let you perform granular item recovery of individual email messages. You can however perform folder level recovery or entire mailbox level recovery of data.

Professional Edition will set you back $799 US Dollars where as Standard Edition will set you back $499 US Dollars. These are prices "as of the date" of this publication and are subject to change. For the latest pricing it is recommended you request a quote from Lepide Software website by visiting the following URL:

http://www.lepide.com/exchange-manager/

Both Standard Edition and Enterprise Edition come with 6 months support absolutely free. Additional support can be purchased based on 20% of the product cost which needs to be payed annually.

The prices listed above are lifetime licenses which means if you do not require ongoing support once purchased your organisation will not encore ongoing expenses.

For more information regarding Exchange Recovery Manager please visit the official website:

http://www.lepide.com/exchange-manager/

This review was an independent review of Exchange Recovery Manager created by Lepide Software Private Limited. Microsoft Exchange MVP, Clint Boessen is not affiliated with Lepide Software in anyway nor was this review a paid exercise. All opinions and statements of Exchange Recovery Manager documented above are those of Clint Boessen and not of Lepide Software Private Limited.

↧

How to install PST Capture Agent on Windows XP

July 31, 2013, 1:06 am

≫ Next: VBS - Access is Denied with .Size Option with Vista/2008 or later Operating Systems

≪ Previous: Lepide Exchange Recovery Manager Product Review

This post shows you how to get the Microsoft Exchange PST Capture Agent running on Windows XP. It is important to note that Microsoft does not officially support the PST Capture Agent v2.0 on Windows XP clients. This article shows you how to do it anyway - and it works!

Before we go any further you must have the following prerequisites installed on the Windows XP machine:

Visual C++ Redistributable
Windows Installer 4.5
.NET framework 3.5

After you install these prerequisites when you run the Agent setup you will most likely receive the following error message:

Microsoft Exchange PST Capture Agent Setup Wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup Wizard again. Click the Finish button to exit the Setup Wizard.

There is no way to get around this error message with version 2 of the PST Capture Agent. However version 1 of the PST Capture Agent works great on Windows XP and also has no issues talking to a version 2 PST Capture server - we have tested this! Unfortunately Microsoft has removed the download links for the old version of the PST Capture Agent however I have put this file back online to be used only in this scenario with legacy Windows XP machines. Please download the old version of the client from the following URL:

https://sites.google.com/site/cbblogspotfiles/PSTCaptureAgent_x86.zip

↧

VBS - Access is Denied with .Size Option with Vista/2008 or later Operating Systems

August 25, 2013, 8:56 pm

≫ Next: Batch File - Output Command to Variable

≪ Previous: How to install PST Capture Agent on Windows XP

I needed to write a VB Script to audit the maximum file size on a bunch of workstations. To do this in VBS its very simple with only a few lines of code using the .Size option with the folder object you declare under the Scripting.FileSystemObject API. I have demonstrated the code required to grab the file size below in blue.

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.GetFolder("C:\Users\boessenc!\)
Wscript.Echo objFolder.Size

Running this code on ANY folder on a Vista/2008 or higher workstation will give you a Permission denied error:

Microsoft VBScript runtime error: Permission denied

Running this on any older version of Windows such as Windows XP or 2003 works without problems. The test above I ran the script against my users profile - a folder which of course my account has access to demonstrating the issue.

I also tested running this script against the WMI database with the FileSize property of the Win32_Directory class. That doesn't work either.

As a result need to utilise another method for grabbing the directory size.

↧

Batch File - Output Command to Variable

August 26, 2013, 9:48 pm

≫ Next: Scripting with Sysinternals tools - Removing the Licensing Agreeement

≪ Previous: VBS - Access is Denied with .Size Option with Vista/2008 or later Operating Systems

I am by no means an expert in batch scripting and if you follow my posts you will have noticed I'm more of a VB scripting man. However I was doing some batch scripting for a customer of mine today in which I need to export some data from a command line executable tool to a variable.

This can be done as follows:

FOR /F "delims=" %i IN ('date /t') DO set today=%i
echo %today%

Now one thing which caught me out, if you put this code into a batch script "as is" you will notice the script will error out. This is because to declare variables in a batch script you must use two % signs instead of one.

For example, "set today=%I" needs to be "set today=%%i". To put the code in a batch script and to make it run you would use:

FOR /F "delims=" %%i IN ('date /t') DO set today=%%i
echo %today%

I hope this small post has been helpful - thankyou for reading.

↧

Scripting with Sysinternals tools - Removing the Licensing Agreeement

August 26, 2013, 10:22 pm

≫ Next: DSQuery Active Directory Attributes

≪ Previous: Batch File - Output Command to Variable

Mark Russinovich and Bryce Cogswell from the Microsoft Sysinternals team publish many great command line and GUI applications for advance system management and diagnostic tasks. When using any of their tools, as a user you must first accept a licensing agreement which can be annoying especially when you want to use some of their software in something such as a logon script. The following is an example using their Disk Usage executable which I copied to C:\Windows\System32:

Now if you do not want this license agreement to pop up for every user, you must add the registry key that accepts the license key to each users profile before the script is launched. If you are scripting in batch this can be done with:

reg.exe ADD "HKCU\Software\Sysinternals\du" /v EulaAccepted /t REG_DWORD /d 1 /f
All Sysinternals utilities are all configured the same, just replace the \du with the name of the tool such as \psexec.

I also found the a bunch of other Sysinternals applications which you can add to the registry on Peter Hahndorf's blog. This can be found on the following URL:

http://peter.hahndorf.eu/blog/post/2010/03/07/WorkAroundSysinternalsLicensePopups

↧

DSQuery Active Directory Attributes

August 26, 2013, 10:59 pm

≫ Next: Windows XP - End of Life Risk

≪ Previous: Scripting with Sysinternals tools - Removing the Licensing Agreeement

DSQuery is a great tool for querying Active Directory however the syntax is a little tricky and difficult to use especially if you do not use it on a regular basis. This is only a small post to reference the syntax to query all Active Users in the domain to display only two attributes:

The users display name
The users department

Dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -attr displayname,department

Feel free to use this article when doing basic queries for active directory attributes against user accounts.

↧

Windows XP - End of Life Risk

September 2, 2013, 9:28 pm

≫ Next: Exchange 2010/2013 - Get-MailboxStatistics TotalItemSize in Numeric Format

≪ Previous: DSQuery Active Directory Attributes

Microsoft has announced that Windows XP will become end of life April 8, 2014 which means no more critical or security updates. Despite this many organisations still do not have a clear plan in place on how to get client computers off Windows XP before this date.

As a an IT Professional I believe come April 8, 2014, companies still running Windows XP will be hit with a large spread of zero day exploit viruses - something which will go down in history. For those of you who remember all the hype in the media regarding Y2K bug with the clocks ticking over to a new century and the computers no longer working - this turned out to be one big hoax. However with the Windows XP end of life date, I believe this is a huge risk which can cause billions of dollars of productivity loss. Despite this huge risk, there has been little media coverage around it.

I have just made some very big statements such as "Chaos" and "Billions of dollars of productivity loss" - now I need to explain the facts behind my beliefs.

Today as of this writing there are over 21 million viruses according to virus definition signatures provided my lead anti-virus companies such as Symantec corporation. Most of these viruses need to be executed on a workstation for infection to take effect - a virus will do nothing if the code is not executed! There are numerous methods cyber criminals trigger unwanted code execution for viruses some including:

Fake Ads and URL Links which lead to viral code executing
Autorun files and USB keys which automatically run on the users workstation
Peer to Peer applications which spread viruses to individuals
Mass emailing worms which spread viral code through the use of email attachments
Microsoft office files which contain macro virtual code

All these methods of infection trick or silently execute viral code on user workstations to install the virus. As all means are legitimate ways of launching code on computer systems and as a result companies can put in place methods which circumvent viruses being installed including:

Removing the local admin rights which ensure viruses do not have permissions to infect beyond the users profile.
Disabling autorun from computers to stop USB viruses from spreading
Putting in place advanced spam filtering technologies to ensure viral attachments are not executed.
Pushing out enhanced security policies to workstations on the network.

Out of the 21 million viruses, only a handful have been known as malicious zero day exploits. Zero day exploits are viruses which exploit an operating system vulnerability to automatically copy themselves from computer to computer over a network providing security and anti-virus companies with zero days to prepare. Zero day exploits generally perform Buffer Overflow attacks creating vulnerabilities in core system services by overwriting adjacent memory blocks outside of an applications working set. When the system goes to call code in memory, the code has altered and as a result it executes miscellaneous code which creates a system vulnerability to infect a machine.

The only way to stop a zero day exploits is to patch the security vulnerability in the operating system to ensure the zero day exploit can no longer buffer overflow the vulnerability in the operating system/application.

Over the years there has been a number of zero day exploits which have hit including Conficker, MS Blaster and Stuxnet - a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. All these viruses were able to spread by performing buffer overflows to simply hop from computer to computer bypassing corporate security measures.

Finding a zero day exploit in an operating system is a difficult task which can take months or years of testing and reverse engineering of compiled code. Cyber criminals spend large amounts of time researching and performing trial buffer overflows until the right exploit can be identified which can trigger remote code execution. As soon as the buffer overflow is identified, it can only be used once. As soon as it is used IT security companies become aware and software companies such as Microsoft patch their software making the buffer overflow useless.

As a result these zero day exploits are worth a lot of money to the right buyer and there is no doubt there are many out there which have been identified but not yet been used. This can be shown in the following article "Microsoft Said To Give Zero Day Exploits To US Government Before It Patches Them":

http://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml

With the end of Windows XP date becoming so close, it is unlikely we will see many zero day exploits be released unless it is for a targeted purpose such as Stuxnet. After the Windows XP end of life date I believe we will see a large number of exploits appear for Windows XP and no backing support from Microsoft. Who knows, if I am correct and the world is hit by a large number of zero day exploit attacks against Windows XP after the end of life date, Microsoft may be forced to go back on this announcement and fix these patches. If this happens, as for Windows XP, we may be seeing this around for years to come yet...

In summary I believe it is a huge risk to organisations to maintain Windows XP workstations after the April 8, 2014 deadline. The best thing to protect your business is to get off Windows XP now!

It will be very interesting to see what happens...

↧