Берлога Сисадмина – SysAdmin Lair

While participating in a discussion on LinkedIn (http://linkd.in/r3WJPl) where we were discussing what are the different processes\habits that people have in order to setup a newly acquired machine, i decided to document my own process. I personally use a mix of WinPE and ImageX to image the machine and that way preserve that new PC smell.

Here are the details:

to create the WinPE disk, Download the Windows Automated Install Kit from here (http://go.microsoft.com/fwlink/?LinkId=136976) and install in on a workstation.

On that computer, click Start, All Programs, Windows AIK, right-click Deployment Tools Command Prompt, and then select Run as administrator.

In the command prompt type “copype.cmd x86 c:\winpe_x86” to prepare the staging area.

In the command prompt type “copy c:\winpe_x86\winpe.wim c:\winpe_x86\ISO\sources\boot.wim” to copy the boot image to the staging area

In the command prompt type “copy “c:\Program Files\Windows AIK\Tools\x86\*.*” c:\winpe_x86\iso\” to copy all the tools for manipulating the wim files to the staging area.

Now you need to create a Bootable a USB key. you can refer to an old post of mine that explains and shows the video on preparing the USB stick here (http://blogs.technet.com/b/canitpro/archive/2009/02/16/windows-7-on-a-stick.aspx) or folow the steps below.

To prepare the USB key using the diskpart utility built-in to Windows 7.

• In a command window type “Diskpart” to start the utility, once started use the following sequence to prepare the key to be bootable.
• List disk (to see with disk is your USB key)
• select disk 1 (where disk 1 is the USB key)
• clean (Ensure that you’re NOT pointing at your system disk. CLEAN will wipe your partition table WITHOUT asking for confirmation)
• create partition primary
• select partition 1
• active
• format quick fs=fat32
• assign (take note of the drive letter assigned to the key)
• exit

now that the key is ready, copy the staging area to your key “Copy C:\winpe_x86\iso\*.* /e D:\” D: being the drive letter assigned to the USB key.

Your key is now ready. so boot your newly acquired PC (or any PC you need to capture) with the USB key we just created and once booted connect to the network share you want to use as your repository for the image.

in my case i use my home server so the command will be as follows “net use z: \\home\public” you should be prompted for credentials, and once supplied the drive Z: will be mapped.

once mapped, it’s as simple as using the ImageX utility to capture your system partition to the network drive. the command line in my batch file looks like this, “imagex /capture c: z:\newpc\lenovox61data.wim “lenovo x61″ /verify”

you can find more information on the ImageX command line structure here.

Once the process is finished, i have an image i can restore at any point should i need to.

I hope this helps.

Cheers.

 

(c)

In the Exchange 2003 world and below, those administrators looking to automate and control the behaviour of MAPI profiles on user’s desktops quickly became familiar with tools like:

• ORK (Office Resource Kit)
• .PRF Files
• .OPS files (from the Office Profile wizard)
• PROFGEN
• PRFPATCH
• ExProfRe

 

For a refresher on such joys of .PRF files etc. take a peek at:

Whitepaper: Configuring Outlook Profiles by Using a PRF File

Automate Outlook Profile Creation Using PRFPATCH

The Exchange Profile Update tool

 

Owch, those were some painful days! Thankfully with Exchange 2007/2010 and Outlook 2007/2010 we are able to move on from such tasks. Exchange 2007 introduced the Autodiscover web service which is used by Outlook 2007 and above to automatically configure the required Outlook settings. This not only includes the initial connection to Exchange but also if the administrator then makes changes to URLs then Outlook will detect and apply such changes. This is a great boon to administrators and will reduce user & configuration issues.

Sounds good does it not? It is but I typically see this as one of the most misunderstood and misaligned services in Exchange. As far as I am concerned if your Autodiscover is broken then Exchange is broken in your environment and needs immediate remediation.

 

Take 10 minutes to carefully read through these links:

Exchange 2010 — Understanding the Autodiscover Service

http://technet.microsoft.com/en-us/library/bb124251.aspx

 

Exchange 2007 — White Paper: Exchange 2007 Autodiscover Service

http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx

 

You’re back? Good reading – right? If you didn’t read it shame on you

 

The key issue that I encounter when working on Exchange engagements is the perception that Outlook ONLY uses DNS for Autodiscover. If your workstation is domain joined and you are connected to the internal network you should NOT be using DNS to determine which server you will contact for Autodiscover, this is a very common falsehood. In actual fact you should be leveraging a Service Connection Point (SCP) in AD. The SCP is published into AD when a CAS server is installed. This is done automatically by the setup routine. You can see the value in ADSIEDIT as the serviceBindingInformation attribute and in PowerShell using the Get-ClientAccessServer –AutoDiscoverServiceInternalUri parameter.

By default this will be the FQDN of the server. This should be changed to a Load Balanced URL as per your Exchange design to achieve HA.

To show this in a diagram:

Outlook will build either (but not both) a list of CAS servers in-site or out of site. The AutodiscoverSiteScope value is used to determine site membership. It will the sort them and connect to the 1st one in the list. This means that you will typically connect to the CAS that was installed first. If Outlook fails to contact any CAS server based off its SCP look-up then it will fall back to DNS.

 

For external Outlook clients in Starbucks, they are not able to directly contact AD (I sure hope that you don’t have a DC exposing 389 TCP to the Internet…..) and thus will use DNS to locate the Autodiscover endpoint. This is illustrated here:

 

A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover service

http://support.microsoft.com/?kbid=940881

Prior to this update Outlook would perform these DNS queries by default:

• https://<smtpdomain>/Autodiscover/Autodiscover.xml
• https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
• http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml

With this updates installed the SRV query is added:

• https://<smtpdomain>/Autodiscover/Autodiscover.xml
• https://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
• http://autodiscover.<smtpdomain>/Autodiscover/Autodiscover.xml
• SRV record query for _autodiscover._tcp.<smtpdomain>

 

As an example:

1. Autodiscover posts to https://contoso.com/Autodiscover/Autodiscover.xml. This fails.
2. Autodiscover posts to https://autodiscover.contoso.com/Autodiscover/Autodiscover.xml. This fails.
3. Autodiscover performs the following redirect check:GET http://autodiscover.contoso.com/Autodiscover/Autodiscover.xmlThis fails.
4. Autodiscover uses DNS SRV lookup for _autodiscover._tcp.contoso.com, and then “mail.contoso.com” is returned.
5. Outlook asks permission from the user to continue with Autodiscover to post to https://mail.contoso.com/autodiscover/autodiscover.xml.
6. Autodiscover’s POST request is successfully posted to https://mail.contoso.com/autodiscover/autodiscover.xml.

Note: If you Internet facing DNS provider does not support SRV records then you cannot use this feature.

 

You may not want your users to see the redirect warning as mentioned in step 5 above. if so then please review :

You cannot suppress the Autodiscover redirect warning in Outlook 2007

http://support.microsoft.com/kb/956528

(Note the change in Registry path for the recent updates)

 

 

BONUS CHAT

There are other really interesting things you can do with the registry to tune and alter the default behaviour of Autodiscover on the Outlook client machine.

The registry key for Outlook 2007 is:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover

 

The registry key for Outlook 2010 is:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\AutoDiscover

 

 

By changing the values below you alter the default behaviour of Autodiscover.

Value name: PreferLocalXML
Value type: DWORD
Value data: 0 or 1

Value name: ZeroConfigExchange
Value type: DWORD
Value data: 0 or 1

DisableAutoStartup

Value type: DWORD
Value data: 0 or 1
Value name: ExcludeHttpRedirect
Value type: DWORD
Value data: 0 or 1
Value name: ExcludeHttpsAutodiscoverDomain
Value type: DWORD
Value data: 0 or 1
Value name: ExcludeHttpsRootDomain
Value type: DWORD
Value data: 0 or 1
Value name: ExcludeScpLookup
Value type: DWORD
Value data: 0 or 1
Value name: ExcludeSrvRecord
Value type: DWORD
Value data: 0 or 1

 

To expand on the Local XML option, when Autodiscover functionality is available on your e-mail server, Outlook 2007 initiates the Autodiscover process to obtain server connectivity settings. Once a server that supports Autodiscover is located, the server returns XML data that provides the information needed for Office Outlook 2007 to automatically configure your e-mail account.

The Local XML registry value allows you to specify a local path to an .xml file that Outlook 2007 can additionally use to configure its e-mail account. The name of the registry value is the host name of the e-mail address that is provided to Outlook. In the following example, the specified path to the .xml file would be used for any e-mail addresses ending in contoso.com. The path in the first case is to a file named Autodiscover.xml located on a server named server1. A local option is then shown.

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover

Value Type: DWORD

Name: contoso.com

Data: \\server1\share\autodiscover.xml

or

Data: C:\autodiscover.xml

 

See http://technet.microsoft.com/en-us/library/cc837949(office.12).aspx for additional registry entries that you may wish to deploy with the Outlook client.

 

 

(c)

Automatic installation of the requires OS components for Exchange 2010 can be simplified if you using the Exchange 2010 source with SP1 integrated:

Setup.com /InstallWindowsComponents

(c)

A quick fix for VSS related issues when running ANY backup software that uses VSS for backups. After running this procedure you will be required to reboot the server.

1. Create bat file named vssfix.bat
2. Copy paste the following content:

net stop “System Event Notification Service”
net stop “Background Intelligent Transfer Service”
net stop “COM+ Event System”
net stop “Microsoft Software Shadow Copy Provider”
net stop “Volume Shadow Copy”
cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 /s ATL.DLL
regsvr32 /s comsvcs.DLL
regsvr32 /s credui.DLL
regsvr32 /s CRYPTNET.DLL
regsvr32 /s CRYPTUI.DLL
regsvr32 /s dhcpqec.DLL
regsvr32 /s dssenh.DLL
regsvr32 /s eapqec.DLL
regsvr32 /s esscli.DLL
regsvr32 /s FastProx.DLL
regsvr32 /s FirewallAPI.DLL
regsvr32 /s kmsvc.DLL
regsvr32 /s lsmproxy.DLL
regsvr32 /s MSCTF.DLL
regsvr32 /s msi.DLL
regsvr32 /s msxml3.DLL
regsvr32 /s ncprov.DLL
regsvr32 /s ole32.DLL
regsvr32 /s OLEACC.DLL
regsvr32 /s OLEAUT32.DLL
regsvr32 /s PROPSYS.DLL
regsvr32 /s QAgent.DLL
regsvr32 /s qagentrt.DLL
regsvr32 /s QUtil.DLL
regsvr32 /s raschap.DLL
regsvr32 /s RASQEC.DLL
regsvr32 /s rastls.DLL
regsvr32 /s repdrvfs.DLL
regsvr32 /s RPCRT4.DLL
regsvr32 /s rsaenh.DLL
regsvr32 /s SHELL32.DLL
regsvr32 /s shsvcs.DLL
regsvr32 /s /i swprv.DLL
regsvr32 /s tschannel.DLL
regsvr32 /s USERENV.DLL
regsvr32 /s vss_ps.DLL
regsvr32 /s wbemcons.DLL
regsvr32 /s wbemcore.DLL
regsvr32 /s wbemess.DLL
regsvr32 /s wbemsvc.DLL
regsvr32 /s WINHTTP.DLL
regsvr32 /s WINTRUST.DLL
regsvr32 /s wmiprvsd.DLL
regsvr32 /s wmisvc.DLL
regsvr32 /s wmiutils.DLL
regsvr32 /s wuaueng.DLL
sfc /SCANFILE=%windir%\system32\catsrv.DLL
sfc /SCANFILE=%windir%\system32\catsrvut.DLL
sfc /SCANFILE=%windir%\system32\CLBCatQ.DLL
net start “COM+ Event System”
Run the batch and reboot your server.

From here.

Did I mentioned that it’s ugly? So yes, extremely ugly.

An excellent article.

Definitely a nice utility to add some color to logs.
CCZE
Includes plug-in support.

From the web site:

CCZE is a robust and modular log colorizer with plugins for apm, exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd, vsftpd, xferlog, and more.

Today I bumped into an issues while trying to install Visual Studio 2005 SP1 update on Windows 2003 SP2 system.


Error 1718. File C:\WINDOWS\Installer\220bc2.msp did not pass the digital signature check. For more information about a possible resolution for this problem, see http://go.microsoft.com/fwlink/?LinkId=73863

As well found event id 1008 in the event log. Make sure to read carefully through the article since it’s crucial for the success of the installation.  Specifically through the part below:

If the previous steps do not resolve the issue, follow these steps:

1. Click Start, click Run, type control admintools, and then click OK.
2. Double-click Local Security Policy.
3. Click Software Restriction Policies.Note If no software restrictions are listed, right-click Software Restriction Policies, and then click Create New Policy.
4. Under Object Type, double-click Enforcement.
5. Click All users except local administrators, and then click OK.
6. Restart the computer.

Important After you follow the previous steps, local administrators can install the .msi package or the .msp package. After the package is installed, reset the enforcement level by following the previous steps. In step 5, click All users instead of All users except local administrators.

As well login locally with Administrator’s account and have a free space on the C:\ drive of at least 2GB.

Regardless of any suggestions in the article, still the update KB925336 can fail to install, giving the following error:

Failed to migrate dependent packages.

The only solution I could found is to install the VS 2005 SP1 from http://update.microsoft.com.

It worked for my surprise, regardless of the fact that the downloaded update was the same as the one I tried to install.

Oh well …

Well, it depends.
ESX 4.1 to OpenFiler- 1.3 minutes
Windows 2008 to OpenFiler- 15min and counting ….
Microsoft in it’s best.

Recently, one of my clients had serious issues with Windows 2008 server which was running Exchange 2010, issues which resulted in reinstall of the entire server. Since Exchange 2007 I remembered that Microsoft keeps the data in the AD which supposedly should make the process of recovery more easy in case reinstall of the server. Until here all is right. However, when I reinstalled the server and was planning finishing the work in a simple command line of:

setup /m:recoverserver

I was stopped by a situation that the setup/recover will fail with meaningless message of:
Language Pack Checks             ……………………. FAILED
A Setup failure previously occurred while installing the HubTransport role. Either run Setup again for just this role, or remove the role using Control Panel.
The ExchangeSetup.log also was pretty empty and didn’t reveal much:

…….

[10/25/2010 01:23:06.0931] [1] Beginning processing.
[10/25/2010 01:23:06.0932] [1] Current ScopeSet is: {Domain Read Scope: {, }, Domain Write Scope(s): {, }, Configuration Scope: {, }, Server Configuration Scope(s): {, }, , Exclusive Scope: {, }}
[10/25/2010 01:23:06.0932] [1] Resolved current organization: .
[10/25/2010 01:23:06.0932] [1] Searching objects of type “OrganizationConfig” with filter “$null”, scope “SubTree” under the root “$null”.
[10/25/2010 01:23:06.0948] [1] Previous operation run on domain controller ‘dc1.mydomain.net’.
[10/25/2010 01:23:06.0948] [1] Preparing to output objects. The maximum size of the result set is “unlimited”.
[10/25/2010 01:23:07.0429] [1] Ending processing.
[10/25/2010 01:23:08.0752] [1] [ERROR] A Setup failure previously occurred while installing the HubTransport role. Either run Setup again for just this role, or remove the role using Control Panel.
[10/25/2010 01:23:08.0763] [1] Ending processing.
[10/25/2010 01:23:08.0765] [0] The Exchange Server setup operation did not complete. Visit http://support.microsoft.com and enter the Error ID to find more information.
[10/25/2010 01:23:08.0771] [0] End of Setup
[10/25/2010 01:23:08.0771] [0] **********************************************

I wasn’t sure about what “Language Packs” the setup talks since the only language that is used in the organization was English. I assumed that the screen doesn’t refresh properly and the actual problem is with HubTransport role. I was looking for the resolution for quite some time, till I bumped in to the following solution:

Take a backup of the registry
Browse to the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\Hub Transport
Delete the “Watermark” and “Action” key

I have deleted only the Watermark key and it did the trick. ServerRecover properly finished.

…………..

E:\>Setup /m:recoverserver

Welcome to Microsoft Exchange Server 2010 Unattended Setup

Preparing Exchange Setup

Copying Setup Files              ……………………. COMPLETED

The following server roles will be recovered
Languages
Hub Transport Role
Client Access Role
Mailbox Role
Management Tools

Performing Microsoft Exchange Server Prerequisite Check

Language Pack Checks             ……………………. COMPLETED

Configuring Microsoft Exchange Server

Preparing Setup                  ……………………. COMPLETED
Stopping Services                ……………………. COMPLETED
Copying Exchange Files           ……………………. COMPLETED
Language Files                   ……………………. COMPLETED
Restoring Services               ……………………. COMPLETED
Languages                        ……………………. COMPLETED
Hub Transport Server Role        ……………………. COMPLETED
Client Access Role               ……………………. COMPLETED
Mailbox Server role              ……………………. COMPLETED
Exchange Management Tools        ……………………. COMPLETED
Finalizing Setup                 ……………………. COMPLETED

The Microsoft Exchange Server setup operation completed successfully.

…………..

VMware VMserver2 beta 2
HOST: Linux
Guest: Any machine

/var/log/vmware/hostd.log full of those messages:
'Proxysvc' 3086011280 warning] SSL Handshake on client connection failed:

Well, I can’t say I solved it, but atleast it’s working. The issue was that sometimes a console will not open and present with an error saying it unable to locate the guest machine. I found out that you should connect through web interface using FQDN name and not just a hostname.
Like this: http://host.domain
And NOT: http://host
Adding the certificate into the local store also was done (not sure if it helped)

Still the log is full however I can connect to the console of the guests.

You need to subscribe to rpmforge repository.

1. Install repository:
rpm -Uvh http://apt.sw.be/redhat/el5/en/i386/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

2. Import GPG key
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

3. Run update on the system
yum update -y

4. Install NTFS support
yum install fuse fuse-ntfs-3g dkms dkms-fuse

5. Create a mount point for NTFS device (usb used as an example)
mkdir /mnt/usb

6. Check dmesg to see where the device maped to.
dmesg | more

7. Mount usb device in READ-ONLY mode (of cause you can mount it in any mode, it’s just an example)
mount /dev/sda1 /mnt/usb/ -t ntfs-3g -r -o umask=0222

Note: sda1 – is how my system sees the connected USB drive.

Based on (c)

One of the problems I encountered recently was an issue of connecting to the console of the guest machine with in VMware 2 web interface. It appears that you should uninstall 1.0.5 mui BEFORE installing the new version.

If not done,  when trying to connect to the console you’ll probably receive an error message stating that “Machine actively refusing connection”. As you recall, mui interface running on port 902. The upgrade is not done properly because of some reason and system states that the port is occupied. Which actually not – “netstat -ano” shows it clearly (the host is running CentOS 5.1).

More details will follow…

During upgrade of VMware’s VMserver version 1.0.4 to version 1.0.5 on Windows 2003 server I have encountered the following error message:

“Warning 25301.IIS configuration failed (-2147463164). You will have to configure the VMware site manually”

After a brief check I found out that 3 services were disabled on that server:

1. World Wide Web publishing service
2. HTTP SSL
3. IIS Admin Service

I started them all, rebooted the server, uninstalled VMserver, rebooted, installed the VMserver 1.0.5 once again and the setup finished without any problems.

Link to russian explanation

Не то что-бы в сети и на сайте Microsoft нет документации по востановлению Exchange серверa но вся эта инфа собрана в почти десятке инструкций разных дат выпуска, охватывает версии 5.5, 2000, 2003 что лично мне не очень удобно так-как если требуется востановить определенную версию и как правило это именно так и есть, то выискивать по двухсот страничному мануалу инструкции касающиеся моей версии не очень удобно. Поэтому я решил написать короткое пособие по востановлению Exchange сервера для случая когда надо востановить данные годичной и более давности или требуется востановить данные находящиеся в определенное время на сервере. Естественно работающий backup обязателен. Что мы будем делать? Поднимем совершенно отдельный работающий домен AD. Не связанный с production. Установим на него Exchange 2003 и востановим данные с бэкапа.

Сия операция в деталях:

1. Поднимаем сервер, создавать разделы как на оригинальном сервере Exchange – НЕ НАДО, они могут быть любыми, естесственно места для баз должно быть достаточно.
2. Инсталируем сервер, имя NETBIOS и имя домена AD может быть любым.
3. На него-же ставим Exchange с именем организации так-же как в production сети.
4. Меняем имя Administrative group на то-же что и в production сети.
5. Создаем/меняем имя storage group на то-же что и в production сети.
6. Создаем mailbox store с тем-же именем что и в production сети.

Все.  При запуске восстановления через любую программу backup база запишется в созданую нами, имена файлов edb и stm для баз может быть любым.