KristofVertongen.be

Grant User Full Access On All Mailboxes In Exchange 2013

by on Jul.15, 2014, under Uncategorized

get-mailbox | Add-MailboxPermission -User administrator -AccessRights FullAccess -InheritanceType all

Leave a Comment more...

PrivateKeyMissing when running Enable-ExchangeCertificate

by on Dec.20, 2012, under Exchange 2007

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate -Thumbprint XXXXXXXXX -Services "IIS"

The above error can as a result of multiple reasons. CSR was created with IIS and attempted to be installed through the Exchange Management Shell (EMS), CSR was created in EMS on another Exchange Server, a damaged certificate, or Windows simply “forgets” where it placed the PrivateKey for the certificate. It doesn’t happen all the time, but sometimes the error can be a nuisance.

Option #1: Repair Damaged Certificate (Windows Server 2003/2008)

    1. Open MMC and add the Certificate Snap-In for the Local Computer account.
    1. Double-Click on the recently imported certificate.

Note: In Windows Server 2008 it will be the certificate missing the golden key beside it.

Select the Details tab.

    1. Click on the Serial Number field and copy that string.

Note: You may use CTRL+C, but not right-click and copy.
Open up a command prompt session. (cmd.exe aka DOS Prompt)

    1. Type: certutil -repairstore my “SerialNumber” (SerialNumber is that which was copied down in step 4.)
    1. After running the above command, go back to the MMC and Right-Click Certificates and select Refresh (or hit F5 in the MMC)
    1. Double-Click on the problem certificate. At the bottom of this window (General tab) it should state: “You have a private key that corresponds to this certificate.

Note: In Windows Server 2008 there will be a golden key to the left of the certificate, so there is no need to double-click the certificate.

Now that the Private Key is attached to the certificate, please proceed to enable Exchange Services via Enable-ExchangeCertificate.

Leave a Comment more...

Internet Explorer IESC Notification

by on Jun.28, 2012, under Uncategorized

HKCU\Software\Microsoft\Internet Explorer\Main
NoProtectedModeBanner
REG_DWORD
1

Edit these registry keys on the server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\ESCHomePages]

“SoftAdmin”=”new site name”
“HardAdmin”=”res://iesetup.dll/HardAdmin.htm”
“HardUser”=”res://iesetup.dll/HardUser.htm”

And if you have a 64 bit OS, change this as well, else only 64 bit IE will be affected. This registry key is for the 32bit version of IE.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ESCHomePages]

“SoftAdmin”=”new site name”
“HardAdmin”=”res://iesetup.dll/HardAdmin.htm”
“HardUser”=”res://iesetup.dll/HardUser.htm”

Leave a Comment more...

Create Logins For Users From Imported SQL Database

by on May.31, 2012, under Uncategorized

sp_change_users_login AUTO_FIX, ‘my_user’

Leave a Comment :, , more...

Search SQL Database In All Tables For String

by on May.31, 2012, under Uncategorized

EXEC SearchAllTables ‘Computer’ GO

Here is the complete stored procedure code:

CREATE PROC SearchAllTables (  @SearchStr nvarchar(100) ) AS BEGIN

— Copyright © 2002 Narayana Vyas Kondreddi. All rights reserved.  — Purpose: To search all columns of all tables for a given search string  — Written by: Narayana Vyas Kondreddi  — Site: http://vyaskn.tripod.com  — Tested on: SQL Server 7.0 and SQL Server 2000  — Date modified: 28th July 2002 22:50 GMT

CREATE TABLE #Results (ColumnName nvarchar(370), ColumnValue nvarchar(3630))

SET NOCOUNT ON

DECLARE @TableName nvarchar(256), @ColumnName nvarchar(128), @SearchStr2 nvarchar(110)  SET  @TableName = ”  SET @SearchStr2 = QUOTENAME(‘%’ + @SearchStr + ‘%’,””)

WHILE @TableName IS NOT NULL  BEGIN   SET @ColumnName = ”   SET @TableName =   (    SELECT MIN(QUOTENAME(TABLE_SCHEMA) + ‘.’ + QUOTENAME(TABLE_NAME))    FROM  INFORMATION_SCHEMA.TABLES    WHERE   TABLE_TYPE = ‘BASE TABLE’     AND QUOTENAME(TABLE_SCHEMA) + ‘.’ + QUOTENAME(TABLE_NAME) > @TableName     AND OBJECTPROPERTY(       OBJECT_ID(        QUOTENAME(TABLE_SCHEMA) + ‘.’ + QUOTENAME(TABLE_NAME)         ), ‘IsMSShipped’              ) = 0   )

WHILE (@TableName IS NOT NULL) AND (@ColumnName IS NOT NULL)   BEGIN    SET @ColumnName =    (     SELECT MIN(QUOTENAME(COLUMN_NAME))     FROM  INFORMATION_SCHEMA.COLUMNS     WHERE   TABLE_SCHEMA = PARSENAME(@TableName, 2)      AND TABLE_NAME = PARSENAME(@TableName, 1)      AND DATA_TYPE IN (‘char’, ‘varchar’, ‘nchar’, ‘nvarchar’)      AND QUOTENAME(COLUMN_NAME) > @ColumnName    )      IF @ColumnName IS NOT NULL    BEGIN     INSERT INTO #Results     EXEC     (      ‘SELECT ”’ + @TableName + ‘.’ + @ColumnName + ”’, LEFT(‘ + @ColumnName + ‘, 3630)      FROM ‘ + @TableName + ‘ (NOLOCK) ‘ +      ‘ WHERE ‘ + @ColumnName + ‘ LIKE ‘ + @SearchStr2     )    END   END   END

SELECT ColumnName, ColumnValue FROM #Results END

Leave a Comment :, , more...

Windows XP + Outlook Anywhere autodiscovery

by on Apr.04, 2012, under Exchange 2010

We deployed a Windows 2008 R2 server, Exchange 2010 and Outlook Anywhere. There was one client struggling to get authenticated. It kept asking for username and password. We tried several things:

  • Changed password
  • Check dns
  • Rejoin domain
  • Etc..

However nothing worked, so I tried with his credentials on my laptop which had windows 7 installed, and it worked right out of the box.

Apparently there is a slight difference between the windows xp and windows 7 looks at certificates. Windows XP only looks at the first line. In our Certificate that was server.domain.com we configured Outlook Anywhere on remote.domain.com.

Windows 7 looks at all the lines in the certificate therefore it has no problem connecting.

To fix this issue we need to disable or change MSSTED Mutual Authentication in exchange. You can use the following commands:

From the Exchange Command Shell:

Set-OutlookProvider EXPR -Server $null -CertPrincipalName msstd:server.domain.com (you need to use the first name in the certificate)

If this won’t work, you can always disable the feature with the following command.

Alternate Fix – Disable MSSTD checkbox in Outlook Anywhere (not recommended) in Powershell

Set-OutlookProvider EXPR -Server $null -CertPrincipalName none

Leave a Comment :, , , more...

Trend Micro Worry-Free Advanced Performance Tuning

by on Apr.03, 2012, under Uncategorized

1. Preferences > Smart Protection Network > Untick ‘Enable Trend Micro Smart Feedback
2. Preferenced > Global Settings > System Tab > Agent Connection Verification > Change from Daily 14:00 to a more suitable time out of Business Hours
3. Updates > Scheduled > Schedule > Change from Hourly to Daily to a more suitable time out of Business Hours

Also make sure that scans are not schedule to run during business hours.

Leave a Comment : more...

Monitor HP Smart Array in ESXi 4.0, ESXi 4.1 and ESXi 5.0

by on Mar.08, 2012, under Uncategorized

Procedure

Install the HP CIM update via the rcli (this takes several minutes), and reboot.

Immediately ESXi has loaded, go to unsupported console as described in Prerequisistes above, log in, and type services.sh stop (this will prevent the PSOD, so this needs to be done immediately the server comes up)
cp /bootbank/oem.tgz /tmp
cd /tmp
gzip -d oem.tgz
mkdir oem
cd oem
tar xvf ../oem.tar
cd /tmp/oem/var/lib/sfcb/registration

Now you need to edit oem-providerRegister to only include the Smart Array details.
vi oem-providerRegister
and remove all sections apart from those that start [SMX_SA
(you may what to google how to use vi if you’re unsure, as new people may find it quirky)

cd /tmp/oem
rm ../oem.tar
tar cvf ../oem.tar *
cd ..
gzip -9 oem.tar
mv oem.tar.gz oem.tgz
cp oem.tgz /bootbank
reboot

For ESXi 4.1, the process is exactly the same, except the file you need to edit is oem-hp-smx-provider-providerRegister

The ‘Unsupported’ mode needs to be enabled, and is accessed slightly differently in ESXi 4.1 – at the yellow/grey screen (now referred to as DCUI), press F2 and enter logon credentials. Scroll down to Troubleshooting, and enable Local Tech Support. Keep pressing ESCape until back at the main screen. Now you can press ALT-F1 and logon with your ESXi credentials (ie, not ‘unsupported’ that you used in previous versions)

With ESXi 5.0, no special precautions are required – install ESXi 5.0 as normal, then install the HP bundle as normal.

Leave a Comment :, , , , more...

Deny spam coming from fake internal e-mail addresses.

by on Feb.28, 2012, under Exchange 2007

Get-ReceiveConnector “Default 2008SERVER” | Get-ADPermission -user “NT AUTHORITY\Anonymous Logon” | where {$_.ExtendedRights -like “ms-exch-smtp-accept-authoritative-domain-sender”} | Remove-ADPermission

Don’t forget to create a new relay for scanners or other devices and make this an open relay:

Get-ReceiveConnector “RELAY” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “ms-Exch-SMTP-Accept-Any-Recipient”

Leave a Comment more...

Windows Vista & Windows 7 PPTP VPN Use Connection Credentials For Remote Network

by on Feb.15, 2012, under Windows 7

A problem I have had since upgrading to Vista was being unable to access domain resources once I connect a VPN session to a customer site. Accessing file shares on our network or connecting to Activity would require me to run “cmdkey.exe /delete /ras” to clear the RAS credentials cached when the VPN was established. I never had this issue with my Windows XP installation. So, after getting fed up with always having to run the command, I finally found a solution. Which is to disable using RAS credentials on my VPN connections. To do so, follow these steps:

  1. Locate the .pbk file that contains the entry that you dial. To do so, click Start, type *.pbk in the Research Bar, and then press Enter.
    • Vista location (C:\Users\<USERNAME>\AppData\Roaming\Microsoft\Network\Connections\Pbk
    • XP location (C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk)
  2. Open the file in Notepad.
  3. Locate the following entry: UseRasCredentials=1
  4. Modify the entry to the following: UseRasCredentials=0
  5. On the File menu, click Save, and the click Exit.
Leave a Comment :, , more...

Blogroll

A few highly recommended websites...