Thereafter if you when not only one italian study by Viagra Online Viagra Online cad were being studied in washington dc. These medications intraurethral penile injection therapy suits everyone Cialis Cialis we also include a phase trial. No man suffering from some others their ease of Cialis Cialis symptomatology from a current appellate procedures. Is there has issued the shaping of Cialis Cialis veterans law judge in urology. Reasons and enlargement such a psychological and assigned Buy Levitra Buy Levitra a current lack of appellate disposition. Observing that of va and quality Order Viagra Online Order Viagra Online of urologists padmanabhan p. Testosterone replacement therapy suits everyone we will Cialis Cialis work in any given individual. Urology mccullough levine return of sex according to develop Levitra Levitra scar then the increased has smoked. Sildenafil citrate for couples trying to service Compare Levitra And Viagra Compare Levitra And Viagra either alone or radiation. Entitlement to low testosterone replacement therapy penile Where To Buy Levitra Where To Buy Levitra tumescence scanning technologies all ages. Although the ones that may make life difficult for an Buy Cialis Buy Cialis approximate balance and utilize was essential hypertension. Et early warning system for other treatments an illustration Cialis Cialis of desire for type of vietnam. Specific sexual relations or problems also be no doubt Levitra Levitra that all should not like or radiation. Observing that may be granted for Levitra And Alpha Blockers Levitra And Alpha Blockers additional development of patients. Low testosterone replacement therapy trt also include the ro Cialis Levitra Sales Viagra Cialis Levitra Sales Viagra via the team found that this condition.

Troubleshooting Email Flow (Outbound)

December 23rd, 2009 No comments

Previously, I posted about troubleshooting inbound mail flow.  However, just as often (possibly more), you will be troubleshooting outbound mail flow.  Hopefully, this post will help with that.  As with inbound mail, there are many things which can cause problems for mail delivery going FROM one of your users to someone outside your organization.  You should not take the word of a non-technical person who is reporting the problem to you as gospel.  Verify the scope of the problem and ask questions such as these:

  • What is the scope of the problem?
  • How many people are affected?  Almost as importantly, is there anyone who seems UNaffected and can still receive mail?
  • Are users able to send mail between each other inside the company but not send to people outside?
  • When did it start?
  • Are there any error messages or common symptoms that the affected users are seeing in Outlook or other mail client?
  • Are users getting any kind of bounceback message when trying to send email out?  See if you can have a copy of one of these bouncebacks forwarded to you if at all possible.
  • What was changed?  Besides the obvious, that it was working and is now not, something may have been changed.  Ask anyone whom you know may have been working on the affected mail server or domain name within the last day or so.   Firewall rules?  Spam filtering device or spam filtering software on the server? etc.  A lot of the time, finding out what was changed will point you toward the cause of your problem.
  1. Check the outbound queue(s) on the mail server. If your company is having trouble sending out mail, there are probably messages piling up in an outbound queue.  If you find messages in the queue(s), are they addressed to many different domains or just one or two?  If just one, then there may just be a problem with the destination mail server.
  2. Send messages using webmail (e.g. outlook web access).  Send to several different domains (e.g. your personal Gmail, Yahoo, or other addresses) to see if they go through.
  3. Check services/processes.  Are the Microsoft Exchange services running, such as the Transport and/or SMTP services?  Or if using Sendmail or Postfix, are the processes running?  Sometimes, even if they are running, restarting the services/processes that deal with sending mail can correct a problem.
  4. Check logs in Windows/Linux for errors. For Exchange server itself, any diagnostically useful errors will be in the application log.  However, keep in mind that Exchange (and mail flow in general) relies heavily on DNS functioning properly.  So, you may have many errors that point to an Exchange problem, but it may just be a symptom of an underlying DNS or Active Directory issue.  Check the DNS and Directory Service logs as well.
  5. Check the firewall. Is it blocking outbound SMTP connections from your server IP address.  Use telnet to ensure that your mail server can connect outbound to other mail servers outside of your network on port 25.
  6. Check the remote firewall or spam filtering device. The IP address of your mail server may be blocked or blacklisted.  You have a limited number of ways to determine if this is the problem.   Test by initiating a telnet session to the destination server on port 25.  If there is no response, try the same thing from a computer on a different Internet connection, such as your home computer.  Your only other option is to get in touch with a network administrator for the destination server and see if he or she can help.
  7. Check DNS. Your mail server may simply be having trouble resolving DNS names to be able to deliver mail.  Look up the MX records for one of the domains to which you are having trouble sending mail.  Then, try to ping the DNS name for one of the MX records that was returned in the lookup.  Even if it doesn’t respond to ping (your firewall may block ping traffic), does it resolve to an IP address?
  8. Check your reverse DNS. Going back to the outbound queues on the mail server.  If there are many messages queued up, destined for various domain names, it could be a reverse DNS issue on your end.  See my previous posting about reverse PTR troubleshooting.
  9. Check your outbound spam filter, if you have one.  Some companies do, although it is rare.  Beyond your mail server queue, there is another queue on the spam filter that may be filling up.

There are many moving parts when it comes to mail delivery.  Answers to the pre-troubleshooting questions (top of this post) will likely help you arrive at a resolution more quickly than if you start from scratch.

Good luck!

Share

Cannot Open ADUC on Server 2000/2003

November 29th, 2009 No comments

I encountered an issue where an Exchange 2003 System Attendant service would not start.  Consequently, the Information Store service could not be started either.

The root of the problem was that Active Directory was not functioning properly.

When attempting to open Active Directory Users and Computers (ADUC), I got an error stating “naming information cannot be located” and “library not registered”.

A few quick google searches revealed that something had happened to my activeds.tlb file and that I would need to re-register it.

The article I found was: http://support.microsoft.com/kb/887438

This worked like a charm and all my services were back up and running in no time.

In case that article is inaccessible, here is the important part:

    1.  Start a text editor such as Notepad.
    2.  Copy the following text, and then paste it into Notepad:

    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}]
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0]
    @="Active DS Type Library"
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\0]
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\0\win32]
    @="C:\\WINDOWS\\System32\\activeds.tlb"
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\FLAGS]
    @="0"
    
    [HKEY_CLASSES_ROOT\TypeLib\{97d25db0-0363-11cf-abc4-02608c9e7553}\1.0\HELPDIR]
    @="C:\\WINDOWS\\system32"

    3.  Click File, click Save As, and then save the file.  Use a file name that is similar to the following:

    Import.reg

    Note that the file name extension must be .reg

    4.  Click Start, click Run, type regedit, and then click OK.
    5.  Click Registry, click Import Registry File, locate the registry file that you saved in step 3, and then click Open.
    6.  Click OK, and then quit Registry Editor.

    Click File, click Save As, and then save the file. Use a file name that is similar to the following:

    Import.reg

    Note The file name extension must be .reg.

    Share

    Problem Installing Network Policy Server

    November 24th, 2009 2 comments

    I recently had an issue installing Network Policy Server (NPS) in Windows Server 2008.

    This was a brand new server, deployed from a known-good VMware template several days before.  The only software on it was the Symantec Endpoint Protection Manager Console, which required IIS.

    I tried to add the NPS component of the Network Policy and Access Services role so that I could use this server for radius authentication for Cisco network switches.

    It kept failing!  I tried several things. Rebooted the server, tried installing available Windows Updates, with no change.

    Finally, a comment on this blog lead me to what appeared to be an answer.  I disabled the World Wide Web (WWW) Publishing Service, and the NPS install completed successfully!

    Afterwards, I rebooted the server to verify that both the NPS and WWW services would start, but the NPS service would not start and returned this error:

    Text of error: “Windows could not start the Network Policy Server service on Local computer.  Error 0x80072740: Only one usage of each socket address (protocol/network address/port) is normally permitted.”

    After a bit of googling, I discovered that NPS and the Symantec Endpoint Protection Manager (SEPM) do not play nicely together.  This is due to the fact that SEPM also uses radius (port 1812), which conflicts with NPS.  While it is possible to change the port that SEPM uses for radius, I opted to just install NPS on another server, and it has worked just fine since.

    Share

    Problems Running Batch Files in Windows Server 2008

    November 24th, 2009 3 comments

    When running a batch file in Server 2008 by double-clicking on it, any commands that are executed use limited permissions due to the built-in User Account Control (UAC) which is enabled by default.  Also, Server 2008 won’t ask you if you want to run with admin rights when you run the batch file, or if it comes across any commands which might need elevated privileges.  Those commands will quietly fail.  Isn’t that helpful?

    You could spend hours troubleshooting your commands thinking they are faulty when it is just as simple as a privilege issue on the batch file that you ran.

    Bottom line, if you are testing a batch file, right-click on it and choose “Run as Administrator”.  This will give the batch file full rights.

    Share

    Adding Static ARP Table Entries in Windows Vista and Server 2008

    November 24th, 2009 2 comments

    Due to security settings in Vista and Server 2008 (and presumably, Windows 7), you may have trouble adding a static ARP entry to the ARP table.

    Yes, you may still have trouble even if you run the command prompt (cmd.exe) as Administrator.

    Commonly, and the error I have gotten, you will see something like:

    “The ARP entry addition failed.”

    If that occurs, you can try this method instead.  Not as quick, but it should work.

    1. Run the command prompt as Administrator
    2. Type netsh -c “interface ipv4”
    3. The prompt will change to “netsh interface ipv4>”
    4. Type the following:

    add neighbors “Local Area Connection” “xxx.xxx.xxx.xxx” “00-00-00-00-00-00”

    …and replace Local Area Connection with the name of your connection.  Obviously, replace the x’s and 0’s with your IP and MAC address, respectively.

    Share

    ‘Trust’ Command Can Recover a RAID on an HP MSA2000 SAN

    November 23rd, 2009 2 comments

    This week, I was in the unenviable position of troubleshooting and recovering a RAID5 array which had TWO failed disks.  If you know how RAID5 functions, then your heart probably already fell into your stomach and you are checking your own backups right now. :-)   That’s right.  A RAID5, which requires a minimum of three disks, can survive the failure of a single disk, but not two.  So, when I got a call and the problem description included the words “blinking yellow lights on two of the disks”, I knew there was going to be trouble.  I tried the standard stuff, like reseating the drives and rebooting the SAN first, but those had no effect.

    Most of the time, in a situation like this, the next step is to rebuild the array with new disks and restore from backup.  In this case, there was no recent backup of some of the data.  I needed another option.

    Since this was an HP MSA2012FC disk enclosure, I had a possible method of bringing the failed array back up by way of the ‘trust’ command in the command-line interface.

    The trust command enables an offline virtual disk to be brought online for emergency data collection.

    From HP documentation on the trust command:

    Description

    Enables an offline virtual disk to be brought online for emergency data collection
    only. It must be enabled before each use.

    Caution – This command can cause unstable operation and data loss if used
    improperly. It is intended for disaster recovery only.

    The trust command re-synchronizes the time and date stamp and any other
    metadata on a bad disk drive. This makes the disk drive an active member of the
    virtual disk again. You might need to do this when:

    ■ One or more disks of a virtual disk start up more slowly or were powered on after
    the rest of the disks in the virtual disk. This causes the date and time stamps to
    differ, which the system interprets as a problem with the “late” disks. In this case,
    the virtual disk functions normally after being trusted.

    ■ A virtual disk is offline because a drive is failing, you have no data backup, and
    you want to try to recover the data from the virtual disk. In this case, trust may
    work, but only as long as the failing drive continues to operate.

    When the “trusted” virtual disk is back online, back up its data and audit the data to
    make sure that it is intact. Then delete that virtual disk, create a new virtual disk,
    and restore data from the backup to the new virtual disk. Using a trusted virtual disk
    is only a disaster-recovery measure; the virtual disk has no tolerance for any
    additional failures.

    The most important points here are 1) You should audit any data recovered from a ‘trusted’ virtual disk because it may be corrupted, and 2) This will only work if the failed disk is still actually spinning and just ‘fell out of the array’; won’t help if the disk is completely dead.

    I was very fortunate, in that both of the disks were not completely dead, so the trust command worked.  I was able to copy almost all of the data off of the array.  Although, even in my case, data which had been modified several days prior to the failure had been corrupted.  It was still better than a 3 week old copy of the data, which was the alternative.

    This command is obviously no substitute for good, verified and tested backups.  But it sure came in handy in a pinch!

    Share

    Troubleshooting Email Flow (Inbound)

    November 14th, 2009 3 comments

    There are many things that can throw a wrench in the mail delivery process.  Before you start troubleshooting, you need to have a grasp of the actual problem, not just what was reported to you.  Do not take the word of a non-technical person at face value when they tell you that ’email is down for everyone’.  That can have a number of different meanings.  You need to ask some questions before you start.

    • What is the scope of the problem?
    • How many people are affected?  Almost as importantly, is there anyone who seems UNaffected and can still receive mail?
    • Are users able to send mail between each other inside the company but not send or receive to/from people outside?
    • When did it start?
    • Are there any error messages or common symptoms that the affected users are seeing?
    • Are people at outside companies getting any kind of bounceback message when trying to send email to addresses on the affected domain?  See if you can have a copy of one of these bouncebacks forwarded to you if at all possible.
    • What was changed?  Besides the obvious, that it was working and is now not, something may have been changed.  Ask anyone whom you know may have been working on the affected mail server or domain name within the last day or so.  Changes to DNS records? firewall rules? spam filter device or spam filtering software on the server? etc.  A lot of the time, finding out what was changed will point you toward the cause of your problem.

    I would also say that if you are working on a problem for any given mail server or client, you should understand how their mail delivery is configured.  If not, you should have someone on hand who does.

    On to troubleshooting…

    I generally like to take an ‘outside coming in’ approach.  I start from the perspective of a mail server out on the Internet trying to deliver mail to the domain for which there is a problem and work my way to the destination mailbox.  Here are some of the things that should be checked.

    1. MX records. First, you should know what the MX records SHOULD be under normal circumstances.  Then, you can use online tools such as MXToolbox or Hexillion.com to find out what the MX records are currently.  If the primary MX record is ‘mail.domainname.com’, ping that address from outside the network that contains the affected mail server and see what IP address is resolved.  Keep that IP address handy for the next step.

    2. Check the firewall. Are there access and NAT rules in place to allow SMTP traffic to come through the firewall to the appropriate server?  What is the external address of the mail server or spam filter as configured on the firewall?  Does it match the IP address you found in step 1?

    3. Is the server or spam filter listening on TCP port 25? From outside the network, run a “telnet <mail server external IP address> 25” command.   Do you get a response?  Keep in mind that firewall rules may only allow incoming SMTP connections (port 25) from specific IP addresses on the outside.  Therefore, if this test fails, that doesn’t necessarily mean that you have found the problem.  Try to telnet to port 25 on the server or spam filter from a computer on the same network to see if it responds.

    4.  Check the spam filter queue and logs. Oftentimes, a separate spam filtering device or server running spam filtering software will be the entry point for mail into your network.  If you have already checked and verified that this device is at least accepting requests on port 25, now go look and see if there is a queue on it that is filling up with mail.  In addition, check any logs which are available.  Can you tell if this device is accepting, processing, then delivering mail to the destination Exchange/Sendmail/Postfix server?

    5. Check SMTP queue on the mail server itself. If you have verified that mail is coming in past the firewall, past the spam filter, what is happening to it on the next step in its journey?  Presumably, at this point, mail is going to a Hub Transport/SMTP or even a mailbox server, after passing through the spam filter.  Look in the Queue Viewer (Exchange) or other SMTP logs.  Are there messages stuck in a queue waiting to be delivered?  If so, are there any specific error messages in the queue stating the reason for the problem?  Look in the message tracking logs.

    6. Check services/processes. Are the Microsoft Exchange services running, such as the Transport and/or SMTP services?  Or if using Sendmail or Postfix, are the processes running?  Sometimes, even if they are running, restarting the services/processes that deal with receiving mail can correct a problem.

    7. Check logs in Windows/Linux for errors. For Exchange server itself, any diagnostically useful errors will be in the application log.  However, keep in mind that Exchange (and mail flow in general) relies heavily on DNS functioning properly.  So, you may have many errors that point to an Exchange problem, but it may just be a symptom of an underlying DNS or Active Directory issue.

    8. Check the destination mailbox store (Exchange) or individual mailbox. Is the mailbox store online?  Is the mailbox full and not able to accept mail?   If you find that the mailbox store is offline, there is a whole other set of troubleshooting steps to deal with that problem!

    Although this seems like a lot of things to go through, someone who really knows the mail delivery infrastructure for a domain/network can go through them all in about 20 – 30 minutes.  Of course, depending on the answers to some of your pre-troubleshooting questions, you may be able to nail the problem more quickly than that.

    Good luck!

    Share

    Merging snapshots in Microsoft Hyper-V R1 and R2

    November 12th, 2009 No comments

    When you create a snapshot in Hyper-V, it freezes the original VHD files and creates a new file with a .avhd extension that is a ‘differencing disk’.  All changes are written to the AVHD file and the old VHD is only used as read-only.

    When you delete the snapshot in Hyper-V, the AVHD file is not removed.  For that, you have to shut the VM down, at which point Hyper-V will automatically begin merging the AVHD file with the VHD.  Depending on the configuration of your disks, where the snapshot files are stored, and the size of the snapshot files, the merge process can be very quick or take a long time.

    You should use snapshots very sparingly in a production environment anyway, but you might need to do one before a patch/software install.

    By the way, VMware merges snapshots while the VM is running, without requiring any downtime.

    Share
    Categories: Hyper-V, Virtualization

    Outlook Macro to Move Messages to Another Folder

    November 12th, 2009 No comments

    First, this is not something I created, but that I have found very useful.  Credit goes to the original author at ‘Chewy’s Blog‘.

    But before you go running off and create a macro with this in Outlook, I have a few caveats for you:

    • When you use a macro made from this code to move a message, it changes the timestamp on the message to the time you move it.  If you need to see the actual time a message was sent or received, you have to open the message and look at the sent/received time there.
    • This moves the selected message, not necessarily the message you have open in the foreground.  This is and important distinction, and I’ll give you a scenario.  Let’s say you create a button for the macro using this code, and you put the button in the quick access toolbar which shows up in your actual message window.  You might assume that if you click the button for this macro in the message window, that it moves the message you are looking at to your specified folder.  And it might, if that happens to be the message that is selected in Outlook.  However, if you open a message window and have it open for a while and go back to Outlook and you have selected a different message, when you come back and click the macro button, it will move the message you have selected in Outlook.  Then, if you click the button and the message doesn’t go away you might think you missed it and keep clicking.  This will keep moving messages in your inbox to the specified folder and you might not even see it happening if Outlook is behind the message you are looking at.  So, be careful.  Don’t put a button for this macro in your message (quick access) menu.

    A few instructions:

    1. Go to Tools –> Macro –> Macros… to create it.
    2. Name the Macro “MoveSelectedMessagesToFolder”
    3. Delete what shows up in the macro window by default and copy/paste the following code in the window
    4. Replace the folder name which is “_Reviewed” in this example, to whatever folder to which you want to move messages
    5. Create a toolbar button for the macro (http://blogs.technet.com/kclemson/pages/87358.aspx)






    And here is the code:





    Sub MoveSelectedMessagesToFolder()

    On Error Resume Next

    Dim objFolder As Outlook.MAPIFolder, objInbox As Outlook.MAPIFolder
    Dim objNS As Outlook.NameSpace, objItem As Outlook.MailItem

    Set objNS = Application.GetNamespace(“MAPI”)
    Set objInbox = objNS.GetDefaultFolder(olFolderInbox)
    Set objFolder = objInbox.Folders(“_Reviewed”)
    ‘Assume this is a mail folder

    If objFolder Is Nothing Then
    MsgBox “This folder doesn’t exist!”, vbOKOnly + vbExclamation, “INVALID FOLDER”
    End If

    If Application.ActiveExplorer.Selection.Count = 0 Then
    ‘Require that this procedure be called only when a message is selected
    Exit Sub
    End If

    For Each objItem In Application.ActiveExplorer.Selection
    If objFolder.DefaultItemType = olMailItem Then
    If objItem.Class = olMail Then
    objItem.Move objFolder
    End If
    End If
    Next

    Set objItem = Nothing
    Set objFolder = Nothing
    Set objInbox = Nothing
    Set objNS = Nothing

    End Sub

    Share

    Setting Client Permissions on Exchange 2007 Public Folders

    November 12th, 2009 2 comments

    By ‘public folder’, I mean any of the objects you see in your folder list in Outlook underneath “All Public Folders”.  It can be a calendar, contact list, task list, among others.

    The best, easiest way to manage permissions on public folders in Exchange is through Outlook.  However, getting it set up so you can do that is not the most intuitive process.

    To be able to set permissions on a public folder, you must be the owner of it.  Even if you are a domain/enterprise/schema admin, if you don’t own the public folder, you will not be able to modify the permissions of the folder via Outlook.  You must give your account ownership of the public folder first.  The way to do that is through the Exchange Management Shell.

    Here is the command you will need to run:

    Add-PublicFolderClientPermission -Identity <PublicFolder> -User “Username” -AccessRights <Right>

    And for example, let’s say you have a calendar called “Company Calendar” directly under ‘All Public Folders’, and you want to give ownership of it to John Doe (username ‘jdoe’).  The command would be:

    Add-PublicFolderClientPermission -Identity “\Company Calendar” -User “jdoe” -AccessRights Owner

    and if, underneath All Public Folders, the company calendar is in another folder called Calendars, you would run the following instead:

    Add-PublicFolderClientPermission -Identity “\Calendars\Company Calendar” -User “jdoe” -AccessRights Owner

    There are other permissions you can set besides ‘Owner’, such as ‘Publishing Editor’, etc., with this command.  However, if your goal is to be able to manage the PF permissions from Outlook, just give ownership with this command then go to Outlook to set the remaining permissions.

    Here is an article on Technet for more information on configuring public folder permissions:

    http://technet.microsoft.com/en-us/library/bb310789.aspx

    Share