Thursday, December 9, 2010

Exchange 2010 says #550 5.7.1 RESOLVER.RST.AuthRequired

If you make distribution groups in Exchange 2010 and you are enabling them from external senders, make sure you remove the authentication requirement on the group itself. Follow these steps to ensure its setup proper.


#1. Click the Distribution Group name as you want to set
#2. Click the "Properties"
#3. Click the "Mail Flow Settings" Tab
#4. Click the "Message Delivery Restrictions" item
#5. Click the "Properties..." button
#6. Uncheck the "Require that all senders are authenticated" item
#7. Click "OK" button
#8. Click "OK" button again

Thats all you need to do to enabled external senders.
Posted by at No comments:
Labels:

Friday, November 5, 2010

Upgrade your ESX from 4.0 to 4.1 using ESXUPDATE

I just did this upgrade and it was very quick and simple. I followed the guidelines in this video from Vmware.com, do the same or go by the small guide I've written.

http://www.youtube.com/watch?v=F0wSHPSvmpk

Here are the steps you need to take

1. Make sure you obtain your new license keys from your valid account at Vmware.com, your old license will not work on 4.1.
2. Download the two patchfiles you need from Vmware.com, they are named pre-update and update and will have your from and to version in the name, ending with .zip. Upload the two patchfiles to your local VMFS store so they are ready for use.
3. Shut down all our running VMs and put your host in maintenance mode. You can do this by using the vSphere client, or you can do it on the command line as root with the command "vimsh -n -e /hostsvc/maintenance_mode_enter"
4. Run the pre-upgrade patch with "/usr/sbin/esxupdate --bundle=<name of pre-update bundle> update"
5. Run the version upgrade with "/usr/sbin/esxupdate --bundle=<name of update bundle> update"
6. When its done updating, you can either turn off maintenance mode from command line with "vimsh -n -e /hostsvc/maintenance_mode_exit" or you can just restart the host and do it from your vSphere client.
7. When your VMs are started, remember to upgrade the vmwaretools.

Thats all there is, you can do a commandline check with "vmware -v" to make sure you're on the correct version, or check it from your vShpere Client.

Good luck!
Posted by at No comments:

Setup NTP on Windows 2003 DC

This is quite easy but I always end up looking at the web to find out how, so I just made this short note of it here.

Every Domain Controller in a Windows AD need to have a reliable timesource, and personally I like to use "ntp.uio.no", its proven stable over the years. So whenever I setup a new domain controller, I like to setup NTP on it to ensure everything runs smoothly.

Follow the link to this article to get the walkthrough for it.

http://support.microsoft.com/kb/816042

Make sure your PDC emulator has this set as timesource, and if you dont want to set it up on the other DC's, make sure they use the main as internal source.
Posted by at No comments:
Labels: , , ,

Remote Access stirring up problems on Windows 2003 servers.

We came across a problem today regarding a Windows 2003 SBS where Domain Services, Remote Access services and Exchange were all running on same computer. When the server started all were good, but once a VPN remote user connected, things went bad fast. It turned out that once the RAS interface were activated, DNS was updated with the RAS IP-address instead of the normal IP-address to the server, and mail services, domain services and so on were being denied.

After some quick searches on the web I came up with this artice which explain the problem and the solutions needed to correct the problem.

http://support.microsoft.com/kb/292822
Posted by at No comments:

Accessing Windows 2003 shares from OSX

There are several ways to access Windows shares from a Mac, but some are better than others. Up until today I have run SMB sharing all the way, figured it was the easiest and cleanest way to do it atleast with up to date Macs. Today I came across a site where I couldnt easily do that though, so I desided to give File sharing services for Macintosh a go to see how it works.

First of all you install the service itself on the Windows server. Add/Remove programs (run appwiz.cpl to make it quicker), Windows components, Other network file and print services, and then add File Services for Macintosh. When you do, the appletalk protocol will be installed automatically and it might require a restart depending on your system. When you're ready, go into Network connections, properties on your default network, and then choose properties on your new AppleTalk protocol. This is to ensure that you bind appletalk to the correct NIC incase you have more, even disabled ones.

Now, you have your appletalk and you have your sharing, its about time to share something. This is where I messed about a bit before I found the correct way to do it. Go into Computer Management and Shared Folders. This is where you create the magic.

Rightclick and select New Share, press Next and then type in or browse to the folder you want to share, then press Next. It will default come up with SMB share name, but you have to manually select to share it for Apple users, so go ahead and mark the checkbox for Apple, and then choose Next. Now, this is where you need to think straight. Some places you have Everyone full control, other sites you have very stright control over permissions. If you use Custome Share permissions you have pretty much all the control you want over the shares, so just go ahead and choose what level you want, either with the predefined ones, or by custom settings. When you have done, choose Finish and then Close to get rid of the Wizard.

After you're done, you will see that you now not only have the normal Windows share, but you also have an Apple share marked with a small computer sign on the share itself. What you need to do now is to rightclick the Apple share and choose Properties, and then remove the mark on "This volume is Read Only", or you'll have a hard time using the share for anything useful.

Thats about it, test your connections with your Macs, go into your Finder, press Apple-K or use your menu to get to the right place, add your IP into the servername and press Connect and your shared apple folders should appear in your list, and then choose which one you want to mount.

Nothing more to it.
Posted by at No comments:
Labels: , , ,

403 Error with Trend Micro Console

Over the last half year or so I've come across problems with Trends Micros serverconsole at given versions of IIS. When you try to access it you get the normal message that the certificate is invalid and blah blah continue on your own risk of destruction. Thats quite normal, but when you do, you get the 403 message saying you're not authorized to access that page, and no matter how much you refresh, restart or bang the screen, it wont work.

So, how to fix it.

The problem is in the application pool that Trend Micro is assigned, the defaultapp pool in IIS. However, at some point, Microsoft wanted to make IIS more safe, and therefore made the default application pool a bit more secure, and removed some permissions. That isnt really working for Trend, and you have to do some fiddling around to sort it.

The following article from Trend Micro explains it in detail.

http://tinyurl.com/3ez7sb

(using TinyURL cause this stupid editor cant handle questionmarks)

When you get to step 7 the important part shows up. It determines how the permissions for the site will be set. Personally I set it to local system as long as I know its a closed system, and it works wonders. Just follow the walkthrough to the end, restart the webservice, and voila, Trend Micro console works.
Posted by at No comments:

Local computer replacing domain on Terminal Server logon box

There is a known bug with Windows Server 2003 with Terminal Services installed where the users domain at logon is changed whenever an administrator has logged on to the computer for admin purposes. The default domain is then set to local computer at the logon screen, and this gives problems for uneducated users.

Microsoft has provided a regkey for this that you can use after having done admin work on your terminal servers, its in the link below.

www.braathen.no/files/SetDomain.reg

Change the "YourDomain" setting to your local domain name.
Posted by at No comments:
Labels: , ,

Using NTP on ESX hosts

Different people and different sites maintain their time-issues in different ways. Personally I like to setup a NTP connection towards the internet, most ofte to ntp.uio.no, to keep my core systems synced, and then let clients get their time from the AD. However, with ESX hosts thats not as easy, they cant sync through AD (without more setup), so I just run normal NTP setup on them.

The following article shows the full walkthrough on how to set it up, also by using vmware's own NTP servers.

http://tinyurl.com/vmware-ntpsetup

To make sure it works, just run the watch command and see how it goes a while after its setup.
Posted by at No comments:
Labels: ,

Disconnected Vmware ESX hosts in VC

When I came in this morning I logged on our VC console to find some info for a friend, and discovered that one of our ESX hosts was in disconnected mode. I tried reconnecting but that did not work, so I had to dig deeper. I logged on my disconnected host through SSH and ran the following commands.

service mgmt-vmware restart
service vmware-vpxa restart

That took care of it, it seemed the management services on my host had gone into vacation mode, and I could now reconnect the host in my virtual center.

However I discovered a few minutes after when I had reconfigured HA that I could still not migrate one of my VMs while online. I verified my connectivity by using "vmkping" and did not find anything wrong with my IPs or my hostnames, but when I checked the servers time, they were roughly 12 minutes out of sync.

It seems my previous NTP setup did not work as it should, so I ran through the process of the previous article posted here, synced my servers back up and voila, the VM could migrate as it should.

So keeping your systems in sync is not just a directory service necessity, but also very important for any systems talking together.
Posted by at No comments:
Labels: ,

Mail for Exchange - Nokia

Just a short reminder to myself where to go next time I am stuck wondering how to sync Nokia phones with Exchange servers. Download from the following location;

http://businesssoftware.nokia.com/mail_for_exchange_downloads.php

Copy it to the phone with a standard USB cable and install it. What you need is your username, password, domain, email address, and then remember to add the public server name and choose secure or nonsecure transfer. That should be about it.
Posted by at No comments:
Labels: , ,

MS Home server shutting down from EULA errors

Found a solution in this thread.

http://social.microsoft.com/Forums/en-US/whssoftware/thread/af4fc3b4-bb50-4c5e-b09a-72ef2c3ac687/#page:2
Posted by at No comments:

Get rid of certificate warnings in IE

If you're like me, you're administering alot of sites with different certificates installed, and quite often through IP and not the correct domain name/host name. I am always so annoyed by having the extra page with the warning about the certificate, so today I did a search to get rid of it.

http://phawley.blogspot.com/2006/06/internet-explorer-7-certificate.html

Check out this small article about how to remove the warnings, very nice and saves me some clicks.
Posted by at No comments:
Subscribe to: Posts (Atom)