Month: September 2010

Ticket#6: While adding a server to a DAG, Operation fails with Error 0x6f7

In Exchange 2010, While you add a server to a Database Availability Group (DAG), you may receive the below error:

Error:
A server-side database availability group administrative operation failed. Error: The operation failed with message: Error 0x6f7 (The stub received bad date) from cli_RpccCreateCluster

Error 0x6f7 (The stub received bad data) from cli_RpccCreateCluster

Warning:
The operation wasn’t successful because an error was encountered. You may find more details in log file “C:\ExchangeSetupLogs\DagTasks\dagtask_xxxxxxx_add-databaseavailabilitygroupserver.log”

Exchange Management Shell command attempted:
Add-DatabaseAvailabilityGroupServer -Identity ‘DAG01’ -MailboxServer ‘SERVER NAME’

DAG Error 0x6f7

and you can check the mentioned log file (….add-databaseavailabilitygroupserver.log) for more details.
Cause:

You know that when you prepare the server to be a member in a DAG, you configure 2 network cards on that server, one for connectivity to other Exchange servers and other services (MAPI NIC), and the other one for Replication (Replication NIC).

The above error happens when you didn’t configure a default Gateway (GW) in the TCP/IP properties of the (MAPI NIC).
Solution:

Configure a default gateway in the TCP/IP properties of the (MAPI NIC), Even if it’s a dummy IP,

Make sure that your routing table is proper.

What is SMTP Session Tarpitting.

SMTP Session Tarpitting for Windows 2003 and Exchange

A common strategy for increasing the cost of would-be mail abuse uses a technique called tarpitting. Mail servers that tarpit wait a specified period of time before issuing SMTP responses to the client, thus increasing the time investment needed to successfully send a large amount of mail or a constant stream of (usually invalid) SMTP commands. To minimize the impact on the performance of well-meaning senders, servers can tarpit responses only for SMTP errors and allow authenticated clients to bypass the tarpit time.

Tarpitting is a useful countermeasure for:

  • Dictionary harvest attacks (where an attacker is trying to compile a list of valid e-mail addresses from your organization)
  • User account attacks (where an attacker repeatedly attempts to authenticate via username/password guessing)
  • Spam scripts that send more invalid than valid e-mail recipients.

Most of these abuses depend on quick SMTP server responses to complete in an acceptable timeframe. SMTP servers that tarpit slow down the amount of work they can do in a given amount of time, thereby making the abuse less enticing or lucrative.

Until recently, there wasn’t a way to enable tarpitting behavior for Windows/Exchange. Now, you can.

Simply install the KB:842851 package and KB:885881 package. The only requirement is that you’re running Windows Server 2003 with Internet Information Services 6.0. If you’re running Microsoft Exchange, the package automatically integrates with it.

Then, create/set the following registry key:

HKLM\System\CurrentControlSet\Services\SmtpSvc\Parameters\TarpitTime (DWORD)

The key value is the number of seconds you wish the server to tarpit error responses. You must stop/start the SMTP service for the change to take place.

When used with Microsoft Exchange Server 2003 features like recipient lookup, tarpitting increases the cost of invalid lookups that makes it harder to abuse the feature to launch a dictionary harvest attack.

Update#1

SMTP Tarpitting In Exchange 2007…

SMTP Tarpitting is enabled by default in Exchange 2007. This is really good news as admins who configure recipient filtering are automatically protected against directory harvest attacks. This was not the case in exchange 2003, as a registry edit was necessary to enable the feature. Check this KB article for information regarding how to enable tarpitting on an exchange 2003 server.

SMTP Tarpitting is the feature by which a delay is introduced to the rejection response. When a recipient is rejected with a 5.x.x response, a delay of few seconds is introduced before the response is initiated. This makes it difficult for spammers to find legitimate email addresses in a domain by using directory harvesting attacks.

Exchange 2007 has a default tarpit interval of 5 seconds, which can be increased upto a maximum of 10 minutes. Much thought should be put in while changing the tarpit interval, as it will affect legitimate emails as well (the ones that are not spam, like misspelt addresses). The default interval is good in most cases. Tarpit interval is set on the receive connector and is in the format hh:mm:ss.

In order to find the tarpit interval, run the following command

Get-ReceiveConnector connectorname | select tarpitinterval

To increase the tarpit interval to 10 seconds, run Set-ReceiveConnector connectorname –TarpitInterval 00:00:10

Run Set-ReceiveConnector connectorname –TarpitInterval 00:00:00 to disable tarpitting (not recommended).

Sources: The Microsoft Exchange Team Blog, How Exchange Works

Lync 2010 Planning Tool (Release Candidate) – Just Released (via Byron Spurlock’s OCS 2007 R2, and Lync Server 2010 Insights)

Lync 2010 Planning Tool (Release Candidate) – Just Released For those that just couldn’t wait its here! The name for the new (formerly) OCS and its called Lync.  Now since the name is out, on to the planning tool that is available, keep in mind that the tool is still (release candidate).  Below I have a screenshot of the main interface and on the surface it appears quite the same.  Well lets take a look under the hood in the remainder of this blog. Once you begin the process you will be asked based on the … Read More

via Byron Spurlock’s OCS 2007 R2, and Lync Server 2010 Insights

Install Windows Server 2008 Features with servermanagercmd

This is a wonderful reference for the parameters you can use with servermanagercmd, Original post is here

Use one of the below parameters after the servermanagercmd -I command

Role/Service or Main Feature
R/S/F Name
Installatiom command
DHCP Server DHCP Server DHCP
Print Services Print Server Print-Services
Internet Printing Print-Internet
LPD Service Print-LPD-Service
Terminal Services Terminal Services Terminal-Services
Terminal Server TS-Terminal-Server
TS Licensing TS-Licensing
TS Gateway TS-Gateway
TS Web Access TS-Web-Access
TS Session Broker TS-Session-Broker
Active Directory Domain Services AD N/A
Active Directory Domain Controller ADDS-Domain-Controller
Identity Management for UNIX ADDS-Identity-Management
Server for Network Information Service ADDS-NIS
Password Synchronization ADDS-Password-Sync
DNS Server DNS
File Services File Services N/A
Distributed File System (DFS) FS-DFS
DFS Namespace FS-DFS-Namespace
DFS Replication FS-DFS-Replication
File Server Resource Manager FS-Resource-Manager
Services for Network File System FS-NFS-Services
Windows Search Service FS-Search-Service
Windows Server 2003 File Services FS-Win2003-Services
File Replication Service FS-Replication
Indexing Service FS-Indexing-Service
Web Server Web Server (IIS) Web-Server
Internet Information Services Web-WebServer
Common HTTP Features Web-Common-Http
Static Content Web-Static-Content
Default Document Web-Default-Doc
Directory Browsing Web-Dir-Browsing
HTTP Errors Web-Http-Errors
HTTP Redirection Web-Http-Redirect
Application Development Web-App-Development
ASP.NET Web-Asp-Net
.NET Extensibility Web-Net-Ext
ASP Web-ASP
CGI Web-CGI
ISAPI Extensions Web-ISAPI-Ext
ISAPI Filters Web-ISAPI-Filter
Server Side Includes Web-Includes
Health and Diagnostics Web-Health
HTTP Logging Web-Http-Logging
Logging Tools Web-Log-Libraries
Request Monitor Web-Request-Monitor
Tracing Web-Http-Tracing
Custom Logging Web-Custom-Logging
ODBC Logging Web-ODBC-Logging
Security Web-Security
Basic Authentication Web-Basic-Auth
Windows Authentication Web-Windows-Auth
Digest Authentication Web-Digest-Auth
Client Certificate Mapping Authentication Web-Client-Auth
IIS Client Certificate Mapping Authentication Web-Cert-Auth
URL Authorization Web-Url-Auth
Request Filtering Web-Filtering
IP and Domain Restrictions Web-IP-Security
Performance Web-Performance
Static Content Compression Web-Stat-Compression
Dynamic Content Compression Web-Dyn-Compression
Management Tools Web-Mgmt-Tools
IIS Management Console Web-Mgmt-Console
IIS Management Scripts and Tools Web-Scripting-Tools
Management Service Web-Mgmt-Service
IIS 6 Management Compatibility Web-Mgmt-Compat
IIS 6 Metabase Compatibility Web-Metabase
IIS 6 WMI Compatibility Web-WMI
IIS 6 Scripting Tools Web-Lgcy-Scripting
IIS 6 Management Console Web-Lgcy-Mgmt-Console
FTP Publishing Service Web-Ftp-Publishing
FTP Server Web-Ftp-Server
FTP Management Console Web-Ftp-Mgmt-Console
Active Directory Federation Services ADFS None
Federation Service ADFS-Federation
Federation Service Proxy ADFS-Proxy
Web Agents ADFS-Web-Agents
Claims-aware Agent ADFS-Claims
Windows Token-based Agent ADFS-Windows-Token
Active Directory Lightweight Directory Services Formerly ADAM ADLDS
Application Server Application Server Application-Server
Application Server Core AS-AppServer-Core
Web Server Support AS-Web-Support
COM+ Network Access AS-Ent-Services
TCP Port Sharing AS-TCP-Port-Sharing
Windows Process Activation Service Support AS-WAS-Support
HTTP Activation AS-HTTP-Activation
Message Queuing Activation AS-MSMQ-Activation
TCP Activation AS-TCP-Activation
Named Pipes Activation AS-Named-Pipes
Distributed Transaction Support AS-Dist-Transaction
Incoming Remote Transactions AS-Incoming-Trans
Outgoing Remote Transactions AS-Outgoing-Trans
WS-Atomic Transaction Support AS-WS-Atomic
Active Directory Certificate Services Active Directory Certificate Services N/A
Certification Authority ADCS-Cert-Authority or AD-Certificate
Online Certificate Status Protocol ADCS-Online-Cert
Fax Server Fax Server Fax
Network Policy and Access Services Network Policy and Access Services NPAS
Network Policy Server NPAS-Policy-Server
NPAS Routing and Remote Access Services NPAS-RRAS-Services
Remote Access Service NPAS-RRAS
Routing NPAS-Routing
Health Registration Authority NPAS-Health
Windows Deployment Services Windows Deployment Services WDS
Hyper-V Hyper-V Hyper-V
Failover Clustering Failover Clustering Failover-Clustering
Network Load Balancing Network Load Balancing NLB
Desktop Experience Desktop Experience Desktop-Experience
.NET Framework 3.0 Features .NET Framework 3.0 Features NET-Framework
.NET Framework 3.0 .NET Framework 3.0 NET-Framework-Core
XPS Viewer XPS Viewer NET-XPS-Viewer
Windows Communication Foundation Activation Components Windows Communication Foundation Activation Components NET-Win-CFAC
HTTP Activation HTTP Activation NET-HTTP-Activation
Non-HTTP Activation Non-HTTP Activation NET-Non-HTTP-Activ
Windows System Resource Manager Windows System Resource Manager WSRM
Wireless Networking Wireless Networking Wireless-Networking
Windows Server Backup Windows Server Backup Backup
WINS Server WINS Server WINS-Server
Remote Assistance Remote Assistance Remote-Assistance
Simple TCP/IP Services Simple TCP/IP Services Simple-TCPIP
Telnet Client Telnet Client Telnet-Client
Telnet Server Telnet Server Telnet-Server
Subsystem for UNIX-based Applications Subsystem for UNIX-based Applications Subsystem-UNIX-Apps
RPC over HTTP Proxy RPC over HTTP Proxy RPC-over-HTTP-Proxy
SMTP Server SMTP Server SMTP-Server
LPR Port Monitor LPR Port Monitor LPR-Port-Monitor
Storage Manager for SANs Storage Manager for SANs Storage-Mgr-SANS
BITS Server Extensions BITS Server Extensions BITS
Message Queuing Message Queuing MSMQ
Message Queuing Services MSMQ-Services
Message Queuing Server MSMQ-Server
Directory Service Integration MSMQ-Directory
Message Queuing Triggers MSMQ-Triggers
HTTP Support MSMQ-HTTP-Support
Multicasting Support MSMQ-Multicasting
Routing Service MSMQ-Routing
Windows 2000 Client Support MSMQ-Win2000
Messaging Queue DCOM Proxy MSMQ-DCOM
Windows Process Activation Service Windows Process Activation Service WAS
Process Model WAS-Process-Model
.NET Environment WAS-NET-Environment
Configuration APIs WAS-Config-APIs
Windows Internal Database Windows Internal Database Windows-Internal-DB
BitLocker Drive Encryption BitLocker Drive Encryption BitLocker
Multipath I/O Multipath I/O Multipath-IO
Internet Storage Naming Server Internet Storage Naming Server ISNS
Removable Storage Manager Removable Storage Manager Removable-Storage
TFTP Client TFTP Client TFTP-Client
SNMP Services SNMP Services SNMP-Services
SNMP Service SNMP-Service
SNMP WMI Provider SNMP-WMI-Provider
Services for Network File System Services for Network File System NFS-Services
Internet Printing Client Internet Printing Client Internet-Print-Client
Peer Name Resolution Protocol Peer Name Resolution Protocol PNRP
Connection Manager Administration Kit Connection Manager Administration Kit CMAK
Remote Server Administration Tools Remote Server Administration Tools RSAT
Role administration tools RSAT-Role-Tools
Active Directory Certificate Services Tools RSAT-ADCS
Active Directory Domain Services Tools RSAT-ADDS
Active Directory Domain Controller Tools RSAT-ADDC
Server for NIS Tools RSAT-SNIS
Active Directory Lightweight Directory Services Tools RSAT-ADLDS
Active Directory Rights Management Services (AD RMS) Tools RSAT-RMS
DHCP Server Tools RSAT-DHCP
DNS Server Tools RSAT-DNS
Fax Server Tools RSAT-Fax
DFS Management Console Tools RSAT-DFS-Mgnt-Con
File Server Resource Manager Management Console Tools RSAT-FSRM-Mgnt
Hyper-V Tools RSAT-Hyper-V
Services for Network File System Tools RSAT-NFS-Admin
File Services Tools RSAT-File-Services
Network Policy and Access Services Tools RSAT-NPAS
Health Registration Authority Tools RSAT-HRA
Network Policy Server Tools RSAT-NPS
Print Services Tools RSAT-Print-Services
Web Server (IIS) Tools RSAT-Web-Server
Terminal Services Tools RSAT-TS
TS RemoteApp Tools RSAT-TS-RemoteApp
TS Gateway Tools RSAT-TS-Gateway
TS Licensing Tools RSAT-TS-Licensing
UDDI Services Tools RSAT-UDDI
Feature administration tools RSAT-Feature-Tools
BitLocker Drive Encryption Tools RSAT-BitLocker
BITS Server Extensions Tools RSAT-BITS-Server
Failover Clustering Tools RSAT-Clustering
Network Load Balancing Tools RSAT-NLB
SMTP Server Tools RSAT-SMTP
Windows Deployment Services Tools RSAT-WDS
WINS Server Tools RSAT-WINS
Hyper-V Tools RSAT-Hyper-V
Windows PowerShell Windows PowerShell PowerShell
Group Policy Management Group Policy Management GPMC
Quality Windows Audio Video Experience Quality Windows Audio Video Experience Qwave

Microsoft Lync Server 2010 (RC) Lab Deployment Guide

Update 2:

Another great deployment guide for Lync Server 2010

Step-by-step Microsoft Lync 2010 Consolidated Standard Server Install Guide

Update:

This is another great step by step with screenshots for Lync lap, enjoy:

Lync Server 2010 lab deployment guide

Original Post:

File:
Walkthrough Microsoft Lync Server 2010 (RC) Standard Edition Server with External Access.doc

Brief Description
A step-by-step, how-to document you can use to install a Microsoft Lync Server 2010 (Release Candidate) Standard Edition server, along with an Edge Server. This document is suited to lab and product evaluation deployments.

Download

Forefront Protection 2010 for Exchange Server Capacity Planning Tool

Download

Brief Description

The Forefront Protection 2010 for Exchange Server (FPE) capacity planning tool lets you understand the hardware requirements for planning new FPE deployments. It also lets you evaluate the system requirements for existing deployments.

Overview
The FPE capacity planning tool helps you understand how CPU utilization and memory requirements vary by specifying different protection settings of FPE. This tool is based on the capacity planning guidance provided for Exchange Server 2010. The FPE capacity planning tool uses two specific reference architectures, the Standard Reference Architecture which is targeted at the small to medium size customers and then the Enterprise Reference Architecture targeting larger organizations. You can select a workflow associated with a reference architecture and specify CPU utilization and maximum memory constraints for your targeted hardware. You can specify the desired protection settings for each of the FPE server roles in the associated reference architecture, and describe the desired environment to be supported. After all these items are specified, the tool produces a summary of the hardware requirements with the number of servers that should be utilized to support the targeted environment given the FPE protection settings and the specified hardware constraints. The tool also provides performance guidance using graphs to understand performance aspects of the product and comparative performance of virtualized and non-virtualized scenarios with different operating systems and Exchange versions.

System Requirements

* Supported Operating Systems:Windows 7;Windows Server 2003;Windows Server 2008 R2;Windows Vista;Windows XP

Microsoft Excel 2007 or higher.

Instructions

Download the file and open in Excel. Thoroughly read the “Directions” and “Readme” tabs.

Ref.: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=2303c87d-f976-4424-a192-24d2af02064d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm