Thursday 3 June 2010

Usefull ESX commands

df -h  lists the filesystems and space available.
perl -spi -e 's|PermitRootLogin no|PermitRootLogin yes|' /etc/ssh/sshd_config enables SSH for root, need to issue service sshd restart afterwards
vimsh -n -e /hostsvc/maintenance_mode_enter or _exi enter mainenance mode from the shell
vmkfstools -Ph -v 10 /vmfs/volumes/$$volume_label$$/ Check free file space as VMFS can only support 32k files
dd if=/dev/cdrom of="isoname.iso" makes an ISO from the CD-ROM in the host.
mkdir iso | chmod 777 iso Makes a directory called iso and sets permissions to read write.

Wednesday 2 June 2010

A great Exchange resource

http://www.howexchangeworks.com/

Outlook 2003 error after Exchange 2010 transition


If you get this error when you try and open legacy Outlook clients after a transition to Exchange 2010 you need to open the Outlook profile and click 'More options' and 'Security' and enable "Encrypt data between Microsoft Office and Microsoft Exchange Server"

This does not effect Outlook 2007 and 2010 clients as they connect another way.

See http://support.microsoft.com/kb/2006508 for more info, medthod 3 might be worth rolling out of you have a lot of legacy Outlook clients



Outlook 2007 / 2010 SSL warning


Even though you have forked out on a verified SSL cert, internal Outlook 2007/2010 clients get this warning when opening Outlook.

This is because the CAS is using the internal DNS name rather than the external name. For example https://mail.domail.local/ rather than https://mail.domain.com/

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

See http://support.microsoft.com/kb/940726 for more info

Exchange 2010 Public folder permissions

If you need to alter public folder permissions with in Exchange 2010 you need to download and extract ExFolders program to the C:\Program Files\Microsoft\Exchange Server\V14\Bin folder.

http://msexchangeteam.com/files/12/attachments/entry453398.aspx

Exchange 2010 SSL Certificates

When you purchase a SSL cert for Exchange 2010 you can no longer get away with a cheaper SSL cert, you must purchase a UC or SAN certificate. I recommend http://www.instantssl.com/ssl-certificate-products/ssl-certificate-ucc.html

This is because you need a certificate for UM (unified messaging) even if you don't install the role.

See http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010
for more help.

MSExchangeAL - EventID 8270 & 8315 : LDAP returned the error [32] Insufficient Rights when importing the transaction.


LDAP returned the error [32] Insufficient Rights when importing the transaction.

...and or


The service could not update the entry 'CN=User Name,OU=Special,,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=footasylumltd,DC=local


Fixed by open the user detailed in the event and clicking the 'security' tab, click 'Advanced' and select/enable Include inheritable permissions from this object's parent.

You can easily find out who does not have this attribute set by installing AD Cmdlets tools and running this command.

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}


(DUP) when you ping from ESX


64 bytes from xxx.xxx.xxx.xxx: icmp_seq=4 ttl=128 time=0.xxx ms (DUP!)

When you ping the VC from an ESX host you get (DUP!) if beacon probing is enabled under the vSwitch NIC teaming load balencing poilcy. This is only the case when "Route based on IP hash" is the case.

Exchange 2010 - OAB setup



When setting up Exchange 2010 there is no provision for legacy OAB, this needs to be configured. Open EMC 2010, navigate to Organisation Configuration and Mailbox, select Offline Address Book, open the properties of the 'Default Offline Address Book' click the distribution tab and enable "Web-based distribution".
Once you have OK'ed the settings you need to right-click 'Update', you will also have to open a CMD prompt and IISRESET