Month: September 2010

Ticket#6: While adding a server to a DAG, Operation fails with Error 0x6f7

In Exchange 2010, While you add a server to a Database Availability Group (DAG), you may receive the below error:

Error:
A server-side database availability group administrative operation failed. Error: The operation failed with message: Error 0x6f7 (The stub received bad date) from cli_RpccCreateCluster

Error 0x6f7 (The stub received bad data) from cli_RpccCreateCluster

Warning:
The operation wasn’t successful because an error was encountered. You may find more details in log file “C:\ExchangeSetupLogs\DagTasks\dagtask_xxxxxxx_add-databaseavailabilitygroupserver.log”

Exchange Management Shell command attempted:
Add-DatabaseAvailabilityGroupServer -Identity ‘DAG01’ -MailboxServer ‘SERVER NAME’

DAG Error 0x6f7

and you can check the mentioned log file (….add-databaseavailabilitygroupserver.log) for more details.
Cause:

You know that when you prepare the server to be a member in a DAG, you configure 2 network cards on that server, one for connectivity to other Exchange servers and other services (MAPI NIC), and the other one for Replication (Replication NIC).

The above error happens when you didn’t configure a default Gateway (GW) in the TCP/IP properties of the (MAPI NIC).
Solution:

Configure a default gateway in the TCP/IP properties of the (MAPI NIC), Even if it’s a dummy IP,

Make sure that your routing table is proper.

What is SMTP Session Tarpitting.

SMTP Session Tarpitting for Windows 2003 and Exchange

A common strategy for increasing the cost of would-be mail abuse uses a technique called tarpitting. Mail servers that tarpit wait a specified period of time before issuing SMTP responses to the client, thus increasing the time investment needed to successfully send a large amount of mail or a constant stream of (usually invalid) SMTP commands. To minimize the impact on the performance of well-meaning senders, servers can tarpit responses only for SMTP errors and allow authenticated clients to bypass the tarpit time.

Tarpitting is a useful countermeasure for:

  • Dictionary harvest attacks (where an attacker is trying to compile a list of valid e-mail addresses from your organization)
  • User account attacks (where an attacker repeatedly attempts to authenticate via username/password guessing)
  • Spam scripts that send more invalid than valid e-mail recipients.

Most of these abuses depend on quick SMTP server responses to complete in an acceptable timeframe. SMTP servers that tarpit slow down the amount of work they can do in a given amount of time, thereby making the abuse less enticing or lucrative.

Until recently, there wasn’t a way to enable tarpitting behavior for Windows/Exchange. Now, you can.

Simply install the KB:842851 package and KB:885881 package. The only requirement is that you’re running Windows Server 2003 with Internet Information Services 6.0. If you’re running Microsoft Exchange, the package automatically integrates with it.

Then, create/set the following registry key:

HKLM\System\CurrentControlSet\Services\SmtpSvc\Parameters\TarpitTime (DWORD)

The key value is the number of seconds you wish the server to tarpit error responses. You must stop/start the SMTP service for the change to take place.

When used with Microsoft Exchange Server 2003 features like recipient lookup, tarpitting increases the cost of invalid lookups that makes it harder to abuse the feature to launch a dictionary harvest attack.

Update#1

SMTP Tarpitting In Exchange 2007…

SMTP Tarpitting is enabled by default in Exchange 2007. This is really good news as admins who configure recipient filtering are automatically protected against directory harvest attacks. This was not the case in exchange 2003, as a registry edit was necessary to enable the feature. Check this KB article for information regarding how to enable tarpitting on an exchange 2003 server.

SMTP Tarpitting is the feature by which a delay is introduced to the rejection response. When a recipient is rejected with a 5.x.x response, a delay of few seconds is introduced before the response is initiated. This makes it difficult for spammers to find legitimate email addresses in a domain by using directory harvesting attacks.

Exchange 2007 has a default tarpit interval of 5 seconds, which can be increased upto a maximum of 10 minutes. Much thought should be put in while changing the tarpit interval, as it will affect legitimate emails as well (the ones that are not spam, like misspelt addresses). The default interval is good in most cases. Tarpit interval is set on the receive connector and is in the format hh:mm:ss.

In order to find the tarpit interval, run the following command

Get-ReceiveConnector connectorname | select tarpitinterval

To increase the tarpit interval to 10 seconds, run Set-ReceiveConnector connectorname –TarpitInterval 00:00:10

Run Set-ReceiveConnector connectorname –TarpitInterval 00:00:00 to disable tarpitting (not recommended).

Sources: The Microsoft Exchange Team Blog, How Exchange Works

Lync 2010 Planning Tool (Release Candidate) – Just Released (via Byron Spurlock’s OCS 2007 R2, and Lync Server 2010 Insights)

Lync 2010 Planning Tool (Release Candidate) – Just Released For those that just couldn’t wait its here! The name for the new (formerly) OCS and its called Lync.  Now since the name is out, on to the planning tool that is available, keep in mind that the tool is still (release candidate).  Below I have a screenshot of the main interface and on the surface it appears quite the same.  Well lets take a look under the hood in the remainder of this blog. Once you begin the process you will be asked based on the … Read More

via Byron Spurlock’s OCS 2007 R2, and Lync Server 2010 Insights

Install Windows Server 2008 Features with servermanagercmd

This is a wonderful reference for the parameters you can use with servermanagercmd, Original post is here

Use one of the below parameters after the servermanagercmd -I command

Role/Service or Main Feature
R/S/F Name
Installatiom command
DHCP Server DHCP Server DHCP
Print Services Print Server Print-Services
Internet Printing Print-Internet
LPD Service Print-LPD-Service
Terminal Services Terminal Services Terminal-Services
Terminal Server TS-Terminal-Server
TS Licensing TS-Licensing
TS Gateway TS-Gateway
TS Web Access TS-Web-Access
TS Session Broker TS-Session-Broker
Active Directory Domain Services AD N/A
Active Directory Domain Controller ADDS-Domain-Controller
Identity Management for UNIX ADDS-Identity-Management
Server for Network Information Service ADDS-NIS
Password Synchronization ADDS-Password-Sync
DNS Server DNS
File Services File Services N/A
Distributed File System (DFS) FS-DFS
DFS Namespace FS-DFS-Namespace
DFS Replication FS-DFS-Replication
File Server Resource Manager FS-Resource-Manager
Services for Network File System FS-NFS-Services
Windows Search Service FS-Search-Service
Windows Server 2003 File Services FS-Win2003-Services
File Replication Service FS-Replication
Indexing Service FS-Indexing-Service
Web Server Web Server (IIS) Web-Server
Internet Information Services Web-WebServer
Common HTTP Features Web-Common-Http
Static Content Web-Static-Content
Default Document Web-Default-Doc
Directory Browsing Web-Dir-Browsing
HTTP Errors Web-Http-Errors
HTTP Redirection Web-Http-Redirect
Application Development Web-App-Development
ASP.NET Web-Asp-Net
.NET Extensibility Web-Net-Ext
ASP Web-ASP
CGI Web-CGI
ISAPI Extensions Web-ISAPI-Ext
ISAPI Filters Web-ISAPI-Filter
Server Side Includes Web-Includes
Health and Diagnostics Web-Health
HTTP Logging Web-Http-Logging
Logging Tools Web-Log-Libraries
Request Monitor Web-Request-Monitor
Tracing Web-Http-Tracing
Custom Logging Web-Custom-Logging
ODBC Logging Web-ODBC-Logging
Security Web-Security
Basic Authentication Web-Basic-Auth
Windows Authentication Web-Windows-Auth
Digest Authentication Web-Digest-Auth
Client Certificate Mapping Authentication Web-Client-Auth
IIS Client Certificate Mapping Authentication Web-Cert-Auth
URL Authorization Web-Url-Auth
Request Filtering Web-Filtering
IP and Domain Restrictions Web-IP-Security
Performance Web-Performance
Static Content Compression Web-Stat-Compression
Dynamic Content Compression Web-Dyn-Compression
Management Tools Web-Mgmt-Tools
IIS Management Console Web-Mgmt-Console
IIS Management Scripts and Tools Web-Scripting-Tools
Management Service Web-Mgmt-Service
IIS 6 Management Compatibility Web-Mgmt-Compat
IIS 6 Metabase Compatibility Web-Metabase
IIS 6 WMI Compatibility Web-WMI
IIS 6 Scripting Tools Web-Lgcy-Scripting
IIS 6 Management Console Web-Lgcy-Mgmt-Console
FTP Publishing Service Web-Ftp-Publishing
FTP Server Web-Ftp-Server
FTP Management Console Web-Ftp-Mgmt-Console
Active Directory Federation Services ADFS None
Federation Service ADFS-Federation
Federation Service Proxy ADFS-Proxy
Web Agents ADFS-Web-Agents
Claims-aware Agent ADFS-Claims
Windows Token-based Agent ADFS-Windows-Token
Active Directory Lightweight Directory Services Formerly ADAM ADLDS
Application Server Application Server Application-Server
Application Server Core AS-AppServer-Core
Web Server Support AS-Web-Support
COM+ Network Access AS-Ent-Services
TCP Port Sharing AS-TCP-Port-Sharing
Windows Process Activation Service Support AS-WAS-Support
HTTP Activation AS-HTTP-Activation
Message Queuing Activation AS-MSMQ-Activation
TCP Activation AS-TCP-Activation
Named Pipes Activation AS-Named-Pipes
Distributed Transaction Support AS-Dist-Transaction
Incoming Remote Transactions AS-Incoming-Trans
Outgoing Remote Transactions AS-Outgoing-Trans
WS-Atomic Transaction Support AS-WS-Atomic
Active Directory Certificate Services Active Directory Certificate Services N/A
Certification Authority ADCS-Cert-Authority or AD-Certificate
Online Certificate Status Protocol ADCS-Online-Cert
Fax Server Fax Server Fax
Network Policy and Access Services Network Policy and Access Services NPAS
Network Policy Server NPAS-Policy-Server
NPAS Routing and Remote Access Services NPAS-RRAS-Services
Remote Access Service NPAS-RRAS
Routing NPAS-Routing
Health Registration Authority NPAS-Health
Windows Deployment Services Windows Deployment Services WDS
Hyper-V Hyper-V Hyper-V
Failover Clustering Failover Clustering Failover-Clustering
Network Load Balancing Network Load Balancing NLB
Desktop Experience Desktop Experience Desktop-Experience
.NET Framework 3.0 Features .NET Framework 3.0 Features NET-Framework
.NET Framework 3.0 .NET Framework 3.0 NET-Framework-Core
XPS Viewer XPS Viewer NET-XPS-Viewer
Windows Communication Foundation Activation Components Windows Communication Foundation Activation Components NET-Win-CFAC
HTTP Activation HTTP Activation NET-HTTP-Activation
Non-HTTP Activation Non-HTTP Activation NET-Non-HTTP-Activ
Windows System Resource Manager Windows System Resource Manager WSRM
Wireless Networking Wireless Networking Wireless-Networking
Windows Server Backup Windows Server Backup Backup
WINS Server WINS Server WINS-Server
Remote Assistance Remote Assistance Remote-Assistance
Simple TCP/IP Services Simple TCP/IP Services Simple-TCPIP
Telnet Client Telnet Client Telnet-Client
Telnet Server Telnet Server Telnet-Server
Subsystem for UNIX-based Applications Subsystem for UNIX-based Applications Subsystem-UNIX-Apps
RPC over HTTP Proxy RPC over HTTP Proxy RPC-over-HTTP-Proxy
SMTP Server SMTP Server SMTP-Server
LPR Port Monitor LPR Port Monitor LPR-Port-Monitor
Storage Manager for SANs Storage Manager for SANs Storage-Mgr-SANS
BITS Server Extensions BITS Server Extensions BITS
Message Queuing Message Queuing MSMQ
Message Queuing Services MSMQ-Services
Message Queuing Server MSMQ-Server
Directory Service Integration MSMQ-Directory
Message Queuing Triggers MSMQ-Triggers
HTTP Support MSMQ-HTTP-Support
Multicasting Support MSMQ-Multicasting
Routing Service MSMQ-Routing
Windows 2000 Client Support MSMQ-Win2000
Messaging Queue DCOM Proxy MSMQ-DCOM
Windows Process Activation Service Windows Process Activation Service WAS
Process Model WAS-Process-Model
.NET Environment WAS-NET-Environment
Configuration APIs WAS-Config-APIs
Windows Internal Database Windows Internal Database Windows-Internal-DB
BitLocker Drive Encryption BitLocker Drive Encryption BitLocker
Multipath I/O Multipath I/O Multipath-IO
Internet Storage Naming Server Internet Storage Naming Server ISNS
Removable Storage Manager Removable Storage Manager Removable-Storage
TFTP Client TFTP Client TFTP-Client
SNMP Services SNMP Services SNMP-Services
SNMP Service SNMP-Service
SNMP WMI Provider SNMP-WMI-Provider
Services for Network File System Services for Network File System NFS-Services
Internet Printing Client Internet Printing Client Internet-Print-Client
Peer Name Resolution Protocol Peer Name Resolution Protocol PNRP
Connection Manager Administration Kit Connection Manager Administration Kit CMAK
Remote Server Administration Tools Remote Server Administration Tools RSAT
Role administration tools RSAT-Role-Tools
Active Directory Certificate Services Tools RSAT-ADCS
Active Directory Domain Services Tools RSAT-ADDS
Active Directory Domain Controller Tools RSAT-ADDC
Server for NIS Tools RSAT-SNIS
Active Directory Lightweight Directory Services Tools RSAT-ADLDS
Active Directory Rights Management Services (AD RMS) Tools RSAT-RMS
DHCP Server Tools RSAT-DHCP
DNS Server Tools RSAT-DNS
Fax Server Tools RSAT-Fax
DFS Management Console Tools RSAT-DFS-Mgnt-Con
File Server Resource Manager Management Console Tools RSAT-FSRM-Mgnt
Hyper-V Tools RSAT-Hyper-V
Services for Network File System Tools RSAT-NFS-Admin
File Services Tools RSAT-File-Services
Network Policy and Access Services Tools RSAT-NPAS
Health Registration Authority Tools RSAT-HRA
Network Policy Server Tools RSAT-NPS
Print Services Tools RSAT-Print-Services
Web Server (IIS) Tools RSAT-Web-Server
Terminal Services Tools RSAT-TS
TS RemoteApp Tools RSAT-TS-RemoteApp
TS Gateway Tools RSAT-TS-Gateway
TS Licensing Tools RSAT-TS-Licensing
UDDI Services Tools RSAT-UDDI
Feature administration tools RSAT-Feature-Tools
BitLocker Drive Encryption Tools RSAT-BitLocker
BITS Server Extensions Tools RSAT-BITS-Server
Failover Clustering Tools RSAT-Clustering
Network Load Balancing Tools RSAT-NLB
SMTP Server Tools RSAT-SMTP
Windows Deployment Services Tools RSAT-WDS
WINS Server Tools RSAT-WINS
Hyper-V Tools RSAT-Hyper-V
Windows PowerShell Windows PowerShell PowerShell
Group Policy Management Group Policy Management GPMC
Quality Windows Audio Video Experience Quality Windows Audio Video Experience Qwave

Microsoft Lync Server 2010 (RC) Lab Deployment Guide

Update 2:

Another great deployment guide for Lync Server 2010

Step-by-step Microsoft Lync 2010 Consolidated Standard Server Install Guide

Update:

This is another great step by step with screenshots for Lync lap, enjoy:

Lync Server 2010 lab deployment guide

Original Post:

File:
Walkthrough Microsoft Lync Server 2010 (RC) Standard Edition Server with External Access.doc

Brief Description
A step-by-step, how-to document you can use to install a Microsoft Lync Server 2010 (Release Candidate) Standard Edition server, along with an Edge Server. This document is suited to lab and product evaluation deployments.

Download

Forefront Protection 2010 for Exchange Server Capacity Planning Tool

Download

Brief Description

The Forefront Protection 2010 for Exchange Server (FPE) capacity planning tool lets you understand the hardware requirements for planning new FPE deployments. It also lets you evaluate the system requirements for existing deployments.

Overview
The FPE capacity planning tool helps you understand how CPU utilization and memory requirements vary by specifying different protection settings of FPE. This tool is based on the capacity planning guidance provided for Exchange Server 2010. The FPE capacity planning tool uses two specific reference architectures, the Standard Reference Architecture which is targeted at the small to medium size customers and then the Enterprise Reference Architecture targeting larger organizations. You can select a workflow associated with a reference architecture and specify CPU utilization and maximum memory constraints for your targeted hardware. You can specify the desired protection settings for each of the FPE server roles in the associated reference architecture, and describe the desired environment to be supported. After all these items are specified, the tool produces a summary of the hardware requirements with the number of servers that should be utilized to support the targeted environment given the FPE protection settings and the specified hardware constraints. The tool also provides performance guidance using graphs to understand performance aspects of the product and comparative performance of virtualized and non-virtualized scenarios with different operating systems and Exchange versions.

System Requirements

* Supported Operating Systems:Windows 7;Windows Server 2003;Windows Server 2008 R2;Windows Vista;Windows XP

Microsoft Excel 2007 or higher.

Instructions

Download the file and open in Excel. Thoroughly read the “Directions” and “Readme” tabs.

Ref.: http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=2303c87d-f976-4424-a192-24d2af02064d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm

Forefront for Exchange troubleshooting: How to use the Fscutility.exe Utility

How to use the Fscutility.exe Utility to disconnect (remove services dependency) the Forefront Security services from Exchange Server or from SharePoint Portal Server:

INTRODUCTION
This article describes how to use the Fscutility.exe program in Microsoft Forefront Security for Exchange or in Microsoft Forefront Security for SharePoint to disconnect the Forefront Security services from Microsoft Exchange Server or from Microsoft SharePoint Portal Server.

Note Forefront Security for Exchange was previously called Microsoft Antigen for Exchange. Forefront Security for SharePoint was previously called Antigen for SharePoint.
MORE INFORMATION
Warning This workaround may make a computer or a network more vulnerable to atta…
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

If you are an administrator, you can use the Fscutility.exe program to disconnect the Forefront Security services from the Exchange server or from the SharePoint server. After you disconnect the Forefront Security services from the Exchange server or from the SharePoint server, Forefront Security is disabled.

In this scenario, Forefront Security remains installed. However, it is no longer connected to the Exchange server or to the SharePoint server. Therefore, Forefront Security cannot scan incoming and outgoing e-mail messages. You may have to disable Forefront Security to do any of the following:

* Troubleshoot issues with Forefront Security
* Run diagnostics on the server
* Install a service pack on the server

For example, if you are experiencing an issue with Forefront Security but you are not sure whether the issue is caused by Forefront Security, you can use the Fscutility.exe program to disable Forefront Security. Then, you can test to see whether the issue still occurs.

You can use the following command-line options with the Fscutility.exe program:

* /status Use this option to display the status of Forefront Security and of the Exchange server or the SharePoint server.
* /enable Use this option to enable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
* /disable Use this option to disable Forefront Security if the Exchange server or the SharePoint server services have been stopped.
* /remove Use this option to remove Microsoft Forefront Security’s registry keys.
* /regmon Use this option to register FSCMonitor.
* /unregmon Use this option to unregister FSCMonitor.

To use the Fscutility.exe program to disconnect the Forefront Security services from the Exchange server or from the SharePoint server, follow these steps:

1. Stop the Exchange server services or the SharePoint server services and the Forefront Security services. To do this, follow these steps:
1. Click Start, click Run, type services.msc, and then click OK.
2. Right-click the service that you want to stop, and then click Stop.

Note Stop the Exchange server services in the following order:
1. FSCController
2. Microsoft Exchange Transport Service
3. System Attendant
4. Information Store

Note Stop the SharePoint server services in the following order:
1. FSCController
2. IIS Admin Service
Note When you stop the Exchange server services or the SharePoint server services, the Forefront Security services will be stopped automatically. If a Forefront Security service is still running after you stop the Exchange server services or the SharePoint server services, right-click the Forefront Security service that is still running. Then, click Stop.
2. Start a command prompt, and then move to the Forefront Security for Exchange folder. By default, the Forefront Security for Exchange folder is in the following location:
Program Files (x86)\Microsoft Forefront Security\Exchange Server
The Forefront Security for SharePoint folder is in one of the following locations:
* x86
Program Files\Microsoft Forefront Security\SharePoint
* x64 or IA-64
Program Files (x86)\Microsoft Forefront Security\SharePoint
3. At the command prompt, type the following command to disable the Forefront Security service, and then press ENTER.

Important When you run this command, the Forefront Security services will be disconnected from the Exchange Server or from the SharePoint server. During this time, Forefront Security will be disabled. Forefront Security will not be protecting your environment by using enhanced virus protection. We recommend that you use the Fscutility.exe program to disable Forefront Security only in a controlled environment. Additionally, make sure that you use an alternative method to maintain enhanced virus protection when Forefront Security is disabled.

Fscutility /disable

After you run this command, you receive the following message:
Microsoft Forefront Server Security VSAPI hooking dll is disabled.
Status: Microsoft Forefront Server Security NOT Integrated
To enable the Forefront Security service, type the following command, and then press ENTER:

Fscutility /enable

After you run the command, you receive the following message:
Microsoft Forefront Server Security VSAPI hooking dll is enabled.
Status: Microsoft Forefront Server Security successfully integrated!
4. To make sure that the Forefront Security services are disconnected from the Exchange server or from the SharePoint server, type Fscutility /status, and then press ENTER.
5. Troubleshoot Forefront Security, run diagnostics, or install a service pack.
6. Restart the Exchange server or the SharePoint server services that you stopped. To do this, follow these steps:
1. Click Start, click Run, type services.msc, and then click OK.
2. Right-click the Exchange server services or the SharePoint server services that you want to start, and then click Start.

After you start the Exchange server services or the SharePoint server services, make sure that the Forefront Security services have restarted. The Forefront Security services should automatically restart after you restart the Exchange server services. If a Forefront Security service has not restarted, right-click the Forefront Security service, and then click Start.

APPLIES TO

* Forefront Security for Exchange

Ref:  KB929076

Backup Your Desktop…

1- How To Backup Firefox Bookmarks:

How to Backup Your Bookmarks Manually

From the Firefox menu bar go to Bookmarks >  Organize Bookmarks to bring up your bookmarks manager.  Now you want to click the top button that says Import and Backup.

backup1

Next, select Backup.  This will bring up a “Save As” box where you can save your bookmarks to any location.  Make sure you leave the bookmark as a .json file too.  Since Firefox 3, this is the type of file Firefox uses for backups.  If you wish to export your bookmarks as an HTML file, go to Import and Backup > Export HTML.  That will give you the more traditional .html backup.

Recover Firefox’s Internal Bookmark Backups

bookmark-backupsDid you know that Firefox has been backing up your bookmarks all along?  They are in your Firefox profile folder.  First thing you need to do is find your profile folder for Firefox.  Depending on your operating system this may be in a different location.  If you are unsure, be sure to check out this previous post:

Once you make it in there you should see a folder named “bookmarkbackups”.  Double-click that folder, and there you have some of your saved bookmarks that you thought you had lost waiting for you to restore them.  If you want more backups to be saved (default is 5) then check out this previous article on the simple about:config tweak you will need to do.

2- How to backup Google Earth Places:

Copy myplaces.kml file (For Windwos 7: C:\Users\<USERNAME>\AppData\LocalLow\Google\GoogleEarth\myplaces.kml)

3- Backup Hosts File

C:\Windows\System32\drivers\etc\hosts

4- Backup IE Favorites

C:\Users\<USERNAME>\Favorites

5- Backup Outlook Files

C:\Users\<USERNAME>\AppData\Local\Microsoft\Outlook