One of our customer migrated his whole IT infrastructure into another datacenter. We powered off virtual machines at production site and powered on cloned versions of virtual machines. Domain Controllers were up all the time. Only member servers’ clones moved into another datacenter. They’ve ran for three days in another datacenter. Active Directory domain was up all the time. After tests we deleted clones in another datacenter and powered on virtual server in primary datacenter – their friday’s copies. And now we had problems on couple of servers.
Read more…
Categories: Security, Windows Tags: bad password, computer account, ERROR_ACCESS_DENIED, event, ghost, netdom, netlogon, network, nltest, relationship, reset password, secure, security database, snapshot, Unauthenticated, vitual
I couldn’t connect via ActiveSync on my account. I’ve checked events on CAS server and I found:
Exchange ActiveSync doesn’t have sufficient permissions to create the “CN=Zilinec Ondrej – testovaci TS uzivatel,OU=TESTUSERS,OU=UZIVATELIA,OU=XXX,DC=XXX,DC=in,DC=XXX,DC=XX” container under Active Directory user “Active Directory operation failed on DCB1.XXX. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
“.
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type “msExchActiveSyncDevices” and doesn’t have any deny permissions that block such operations.
Details:%3
Read more…
This weekend was again migrating for Exchange 2010 
And right now other problems and solutions
On one CAS server I logged in via OWA and I’ve got internall error 500 from IIS 7.0.
Read more…
This days I was installing one Exchange 2007 server into existing Exchange organization (two other Exchange 2007 servers). I enabled one new server all features which Exchange 2007 brings to clients: Outlook Anywhere, Autodiscover, ActiveSync. After couple days we discovered that by this setting not only local users were affected, but all clients connecting into Exchange Organization (also those connecting to two old servers).
Read more…
Here is a short script to find out the size of mailboxes in your Exchange 2010 infrastructure. This information is not visible in EMC.
Get-MailboxStatistics -Server 'mailserver' | select DisplayName, TotalItemSize | sort TotalItemSize
Microsoft people should leave good things in GUI consoles and not force admins into powershell.
When I migrate mailboxes between Exchange servers I increase numbers of move requests because two is really limiting in nowadays network and servers speeds.
Read more…
Today I was migrating mailboxes from Exchange 2003 to new server Exchange 2010. Almost all accounts were working fine except couple. I receive following error:
Read more…
Categories: Exchange Tags: access, active directory, AD, error, exchange, exchange 2010, failed, insufficient, INSUFF_ACCESS_RIGHTS, migration, move request, rights
Today I spend about one hour debugging weird problem. When I migrated physical machine into VMWare I couldn’t connect via RDP into it.
Read more…
It’s getting on my nerves to enable telnet client everytime I need to debug something on Windows 2008 or Windows 7.
Read more…
Today I was at one cutomers and they had two Windows 2003 domain controllers. They bought another server and wanted to install domain controller on Windows 2008 R2.
Read more…
Categories: Windows Tags: 2008, adprep, do, does, done, empty, enter, file, forestprep, line, log, nothing, r2, waiting, waits, Windows
Skor nez si vysvetlime ako sa aplikuju GPO politiky na pocitace a uzivatelov, vysvetlime si ako editovat GPO politiky. Ked si ujasnime tuto jednoduchu vec, mozeme sa pustit do hlbsej analyzy aplikovania GPO politik.
Editovanie GPO politik
O vytvoreni a linkovani GPO politiky som pisal v predchadzajucej casti serialu. Ked uz mame vytvorenu GPO politiku potrebujeme v nej zmenit nastavenia, aby sa tie nasledne aplikovali na pocitac alebo uzivatela. Editovanie GPO politiky zacneme pravym tlacidlom na GPO politiku a vyberom Edit:
Read more…
Categories: GPO, Windows Tags: aplikovanie, asyncrhonne, background refresh interval, fast boot, force, gpo, gpupdate, Group Policy Object, lokalny admin, synchronne, syncronize
At one of my customer I was implementing SAP GUI into Terminal Services farm. When you run SAP GUI as Administrator, SAP GUI works perfectly.
Read more…
Group Policy Management Console (GPMC)
Velmi davno, ked boli GPO politiky este v plienkach, na Windows 2000 bol velmi velky problem spravovat samotne GPO politiky. Robilo sa to cez konzolu Active Directory Users and Computers, kde sa museli na danu uroven v AD zapnut Properties a nasledne sa vybrala zalozka Group Policy, kde sa dalo dalej krvopotne manipulovat s GPO politikami:
Read more…
I was wondering what would Windows XP payload to be. I always thought that there will be random characters or something like that, but I was wrong.
Read more…
Ako som spominal v predchadzajucom clanku, lokalne politiky nie su moc vhodne na centralne spravovanie prostredia, kedze kazda lokalna politika zije svoj “lokalny zivot” Na centralne spravovanie politik pre koncove pocitace potrebujeme funkcnu Active Directory (dalej len AD) domenu a v nej vyuzijeme Group Policy Object. Ale co to vlastne ten Group Policy Object je?
Read more…
Skor ako sa pustime do samotnych Active Directory GPO, by som rad pripomenul, ze na kazdom pocitaci od Windows 2000 su Local Group Policy. Jedna sa o lokalne politiky. Ku tymto lokalnym politikam sa dostaneme spustenim prikazu gpedit.msc. Ked si spustime dany prikaz na pocitaci uvidime nasledovnu obrazovku:
Read more…
Coraz viac zistujem, ze lokalni administratori vo firmach nerozumeju GPO a preto ich nepouzivaju. A ked ich aj pouzivaju, tak im vacsina aj tak nerozumie. Preto som sa rozhodol o napisanie serialu o GPO politikach a spravit tak osvetu v tomto smere.
Tak mi drzte palec. Dufam, ze sa bude pacit.
———
Obsah serialu:
#1 GPO Serial – Lokalne Politiky
#2 GPO Serial – GPO v domene cast 1.
#3 GPO Serial – GPO v domene cast 2.
#4 GPO Serial – Aplikovanie GPO
Once upon the time I was at customer which had all infrastructure servers (and also all domain controllers) in VMWare VM. He decided to have one more domain controller on physical server. Only server he could use was management server, which was full of management tools.
Read more…
At one of our customer I was asked if there is any tool to make some statistics out of Exchange mailflow. You can use GUI Microsoft Exchange Tracking Log Explorer. This tool it usefull unless you need to make some smarter data handling. This tool doesn’t count how many mails user sent or received. Even those data displayed on the end are not exportable.
Read more…
Recent Comments