Thursday, 3 June 2010

Usefull ESX commands

df -h  lists the filesystems and space available.
perl -spi -e 's|PermitRootLogin no|PermitRootLogin yes|' /etc/ssh/sshd_config enables SSH for root, need to issue service sshd restart afterwards
vimsh -n -e /hostsvc/maintenance_mode_enter or _exi enter mainenance mode from the shell
vmkfstools -Ph -v 10 /vmfs/volumes/$$volume_label$$/ Check free file space as VMFS can only support 32k files
dd if=/dev/cdrom of="isoname.iso" makes an ISO from the CD-ROM in the host.
mkdir iso | chmod 777 iso Makes a directory called iso and sets permissions to read write.

Wednesday, 2 June 2010

A great Exchange resource

Outlook 2003 error after Exchange 2010 transition

If you get this error when you try and open legacy Outlook clients after a transition to Exchange 2010 you need to open the Outlook profile and click 'More options' and 'Security' and enable "Encrypt data between Microsoft Office and Microsoft Exchange Server"

This does not effect Outlook 2007 and 2010 clients as they connect another way.

See for more info, medthod 3 might be worth rolling out of you have a lot of legacy Outlook clients

Outlook 2007 / 2010 SSL warning

Even though you have forked out on a verified SSL cert, internal Outlook 2007/2010 clients get this warning when opening Outlook.

This is because the CAS is using the internal DNS name rather than the external name. For example https://mail.domail.local/ rather than

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri

See for more info

Exchange 2010 Public folder permissions

If you need to alter public folder permissions with in Exchange 2010 you need to download and extract ExFolders program to the C:\Program Files\Microsoft\Exchange Server\V14\Bin folder.

Exchange 2010 SSL Certificates

When you purchase a SSL cert for Exchange 2010 you can no longer get away with a cheaper SSL cert, you must purchase a UC or SAN certificate. I recommend

This is because you need a certificate for UM (unified messaging) even if you don't install the role.

for more help.

MSExchangeAL - EventID 8270 & 8315 : LDAP returned the error [32] Insufficient Rights when importing the transaction.

LDAP returned the error [32] Insufficient Rights when importing the transaction.

...and or

The service could not update the entry 'CN=User Name,OU=Special,,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=footasylumltd,DC=local

Fixed by open the user detailed in the event and clicking the 'security' tab, click 'Advanced' and select/enable Include inheritable permissions from this object's parent.

You can easily find out who does not have this attribute set by installing AD Cmdlets tools and running this command.

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

(DUP) when you ping from ESX

64 bytes from icmp_seq=4 ttl=128 ms (DUP!)

When you ping the VC from an ESX host you get (DUP!) if beacon probing is enabled under the vSwitch NIC teaming load balencing poilcy. This is only the case when "Route based on IP hash" is the case.

Exchange 2010 - OAB setup

When setting up Exchange 2010 there is no provision for legacy OAB, this needs to be configured. Open EMC 2010, navigate to Organisation Configuration and Mailbox, select Offline Address Book, open the properties of the 'Default Offline Address Book' click the distribution tab and enable "Web-based distribution".
Once you have OK'ed the settings you need to right-click 'Update', you will also have to open a CMD prompt and IISRESET