|
COCKMOUTH.GIF posted:stuff
|
# ? Dec 12, 2011 18:59 |
|
|
# ? Apr 18, 2024 00:37 |
|
nexxai posted:The first thing I'd be doing is running dcdiag on the DC and making sure that everything there comes out cleanly. Who the hell knows if my boss even did that to begin with. He likes to leave everyone in the dark when it comes to the details of any "upgrades" he's completed. This is a guy who in a production environment is running only one DC on RAID 1 and kept one disk from the array on the side untouched as a "backup" in case the upgrade went south. I'll poke around on the DC tomorrow morning.
|
# ? Dec 13, 2011 06:09 |
|
COCKMOUTH.GIF posted:Who the hell knows if my boss even did that to begin with. He likes to leave everyone in the dark when it comes to the details of any "upgrades" he's completed. This is a guy who in a production environment is running only one DC on RAID 1 and kept one disk from the array on the side untouched as a "backup" in case the upgrade went south. I'll poke around on the DC tomorrow morning. It's easy for a novice to miss a lot of steps when migrating away from 2003. Fire up ADSIEdit and if you dig down to the administrative groups, I bet you see the old 2003 admin group still in there. If everything is properly migrated, then it should be completely safe to eliminate that entire subtree in AD, but I wouldn't in this case. If I had to guess, I would say that when the migration to 2007 was done, a migration to a new DC was also done and likely not done correctly. Besides all of the AD-integrated brouhaha that comes with later versions of Exchange, there's probably stale DNS records still left over, improperly configured or missing replication partners, things like this can play hell with authentication. Windows 7 is a lot more tolerant w/r/t authentication problems, and there are a lot of core differences in how Outlook 2003 and 2010 utilize the MAPI. Your issue could be stemming from any number of these. I'll tell you the same thing I tell some of the guys at the office when little oddities like this crop up: Make sure AD is healthy, check everything. Do not expect anything to "work" until it is. In this case, check the NTFRS and Directory Services event logs on the DC, I bet there are a slew of errors and warnings barking at you in there. Blame Pyrrhus fucked around with this message at 19:49 on Dec 13, 2011 |
# ? Dec 13, 2011 19:42 |
|
I'm having a strange issue of my own. I'm going through the simple task of building out a DAG for one of my clients, and adding the second DAG member server keeps bombing out on me. What happens is, I can create the DAG, and add the first server fine. When I add the second, it brings the server into the cluster as a node (I can watch it do so in the failover cluster manager), but then that server fails to issue a heartbeat, and after a couple of minutes, is evicted from the cluster. The 2 systems have 1 NIC each, on the 192.168.0.x network. If I configure a second NIC on a physically separate 10.10.10.x network, use the set-dagnetwork command to only allow replication on that network, everything works just dandy. But I cannot ever utilize the 192.168.0.x network in the cluster in any capacity, so it is effectively useless for me to only use the 10.10.10.x network. I've looked high and low for probably causes, and have ruled out permission issues, problems with the CNO, and all of that jazz. The likely cause is that the client uses a sonicwall NSA device and basically just turned on all of the security features, so I'm pretty sure that some UDP filtering is blocking the cluster heartbeats, but I'm unsure how to work around this. I've turned off anything obvious on the NSA, but it's still happening. The 10.10.10.x network does not interact with the Sonicwall NSA device at all, and clustering works perfectly fine on that network. My question is: Can I make adjustments to how the failover clustering heartbeat behaves so that maybe it doesn't piss off the security appliance? I've used cluster.exe to look at the cluster properties, but am unsure what properties are the best ones to adjust. I've got carte blanche to do as I please on these VMs, and have even tried to completely remove and re-build them from scratch. I'm basically tearing my hair out here. edit: Traced it down to a definite issue with either the NSA or the switch, using network monitor I could see UDP/3343 drop for exactly 60 seconds at a stretch, causing the introduction to the cluster to fail. Giving sonicwall a call in the morning. Ugh. Blame Pyrrhus fucked around with this message at 23:30 on Dec 13, 2011 |
# ? Dec 13, 2011 20:53 |
|
Might be an Outlook question, but I'm setting up some shared mailboxes in Exchange 2010 (clients use Outlook 2007), the new actual shared mailbox that generates a disabled user account in AD. Using the "open additional mailboxes" to get it to show. Works fine, but is there any way to hide everything BUT the actual inbox? I don't want Calendar/Contacts/Journal/etc, just the inbox.
|
# ? Dec 20, 2011 20:43 |
|
I think you have to do that at the client level, at least I don't know of a way to do it in Exchange 2003. If you open the mailbox as that user in Outlook and then right click on the folder you can assign permissions. I think you can do it at the "mailbox" level and then do an exception with more permissions to the Inbox, but I have not tried that. May or not be the best way, but that is how I have done it the few times I've had to.
|
# ? Dec 20, 2011 21:01 |
|
Internet Explorer posted:I think you have to do that at the client level, at least I don't know of a way to do it in Exchange 2003. If you open the mailbox as that user in Outlook and then right click on the folder you can assign permissions. I think you can do it at the "mailbox" level and then do an exception with more permissions to the Inbox, but I have not tried that. Yeah, but the shared mailbox is made with a disabled AD account, so I don't even think you can do that.
|
# ? Dec 20, 2011 21:05 |
|
Crackbone posted:Yeah, but the shared mailbox is made with a disabled AD account, so I don't even think you can do that. It's a bit of a gently caress about. Logon to the mailbox in Outlook and set the permissions on the top of the mailbox to "folder visible", and set the permissions on the Inbox. It shouldn't matter that the account is disabled, all that should matter are the permissions. The important thing is that the person/people who need access don't have permissions on the actual mailbox in the EMC as that will trump the other permissions and let them see everything.
|
# ? Dec 20, 2011 21:09 |
|
Bitch Stewie posted:It's a bit of a gently caress about. Yep, that did that trick. I just had to give myself full permissions, set the visible, then remove myself and everybody else. Thanks.
|
# ? Dec 20, 2011 21:21 |
|
Somebody asked this a few months back, hoping to get a better reply. I've got somebody who was using a outlook rpc via http exchange setup. The exchange server is one I don't have control of, and he no longer has access to. He removed his account from Outlook, and of course lost all the stuff that was in it. All we have is the OST file, so he's hoping we can recover it via one of these ost to pst conversion utilties. Is this possible (as I understand those OST files are encrypted), and if so, any recommendations on a specific utility? There's dozens of those things out there.
|
# ? Dec 23, 2011 14:02 |
|
Crackbone posted:as I understand those OST files are encrypted
|
# ? Dec 23, 2011 16:28 |
|
Anyone have any insight into this sort of error? Event Type: Error Event Source: MSExchangeIS Event Category: General Event ID: 9667 Date: 12/23/2011 Time: 8:20:53 AM User: N/A Computer: SERVERNAME Description: Failed to create a new named property for database "First Storage Group\Mailbox Store (SERVERNAME)" because the number of named properties reached the quota limit (8192). User attempting to create the named property: "username" Named property GUID: 00020386-0000-0000-c000-000000000046 Named property name/id: "X-ACS-Spam-Tests" Exchange 2003
|
# ? Dec 23, 2011 22:17 |
|
This is what google is telling mequote:I decided to just raise the limit by editing the registry. On my Exchange 2003 server, I used regedit to add 3 keys in: Also some links to the reasoning for the issue in that thread. http://www.thedartboard.net/forum/showthread.php?t=155 Edit, I should read more, looks like MS has a hotfix for this in 2k3 http://support.microsoft.com/kb/972077
|
# ? Dec 23, 2011 22:25 |
|
Thanks, I was looking for something along these lines. Everything I was finding was relating to similar problems in 2007.
|
# ? Dec 23, 2011 22:35 |
|
This thread doesn't get much action, but I figured this is worth a shot. I just got requested to "link" multiple public calendars within exchange to one main calendar. What they have is about 20 public calendars for specific people's schedules (they don't work for our company, we just keep track of where they are going to be). These calendars are updated by multiple people, and also view by multiple people. What I am being asked to do, is create one calendar that will somehow "stay updated" with all the appointments from the 20 other calendars. Any idea if this is even possible?
|
# ? Jan 5, 2012 21:20 |
|
Yikes, not sure if that's possible out of the box, but it looks like there is an app that will do it (not exactly cheap) http://www.codetwo.com/exchange-folder-sync/practical-applications/#group-calendar
|
# ? Jan 6, 2012 03:36 |
|
Moey posted:This thread doesn't get much action, but I figured this is worth a shot. Not really possible. You have 2 "options" 1. The outlook client provides side-by-side views that accomplishes a similar effect. This is really how it should be handled, I imagine the unified calendar would be an unreadable mess by itself. Hell, you can nest all of the 20 shared calendars under the same shared mailbox (or *gag* public folder) if you want to ease access to it. 2. Create a single resource calendar and include it as a recipient for all calendar requests. If you actually do this, you need to re-evaluate your life choices.
|
# ? Jan 6, 2012 20:34 |
|
Not sure if this is the right thread for this but I'll post it anyway and you guys can tell me to gently caress off if it isn't. Got blacklisted on spamhaus the other day (some clod got a virus), so I scoured the network, cleaned the infected machines and de-listed us. Checked for traffic on port 25 and we're good, no spam. Shortly after I got re-blacklisted, and this time it is because we have two different domains that people send email from on the same exchange server, and apparently when they are doing a reverse lookup, they see a different domain name and blacklist us. Is there anything I can do to fix this short of setting up an entirely new mail server for the second domain?
|
# ? Jan 9, 2012 15:57 |
|
You shot my Apoc ;__; You shouldn't be getting blacklisted for problems with reverse DNS entries. Some places will block for that, but as far as I know you shouldn't be put on a public blacklist. Don't quote me as I've been in that environment, but what I think you should do is direct a second external IP to the same internal IP (server) and create a separate rDNS entry for it. Also you should just block all outbound traffic on port 25 except for your mail server.
|
# ? Jan 9, 2012 16:42 |
|
Internet Explorer posted:You shot my Apoc ;__; Yeah I've done that already, there is no bunk smtp traffic going out as far as I can tell, frustrating that I can't get any information outside of 'TROJAN ACTIVITY' I should just call my ISP and get them to redirect the second IP I guess. Also eve-online is a Bad Game.
|
# ? Jan 9, 2012 17:03 |
|
Are you on any other Blacklists? Check here - http://mxtoolbox.com/blacklists.aspx If not, as long as you've blocked port 25, I would just request to be taken off spamhaus again and wait and see. Have you checked your Exchange server for any weird traffic or viruses? And yeah, definitely make those changes to the IP addresses / rDNS.
|
# ? Jan 9, 2012 17:10 |
|
Linux Nazi posted:Not really possible. You have 2 "options" Yea, there isn't anything baked into Exchange to do this. Every reasonable solution that I give them, they come back to me within an hour asking why I can't just make some magic happen and do exactly what they want. Jerks.
|
# ? Jan 9, 2012 18:53 |
|
Internet Explorer posted:Are you on any other Blacklists? Check here - http://mxtoolbox.com/blacklists.aspx Think I solved it, lets see if I get re-blacklisted again now. Edit: Got a snarky email from one of the guys at CBL telling me my ISP was a liar.
|
# ? Jan 9, 2012 19:20 |
|
Furnok Dorn posted:Not sure if this is the right thread for this but I'll post it anyway and you guys can tell me to gently caress off if it isn't. The traps that report to blacklists have latency, so if you remove yourself very shortly after being nailed, some traps may still have a report for your IP queued from earlier, and then it re-submits you. You may be completely clean, but still get re-listed for a couple of days. Stay on top of it. Some antispam products cache results rather than re-submit. So joebob.com may still be using a previously checked result rather than performing a new check. Also some spam software perform checks on RBL providers that reference and cache other providers. This is why you always configure proper firewall and NAT policies for your mail services. quote:Shortly after I got re-blacklisted, and this time it is because we have two different domains that people send email from on the same exchange server, and apparently when they are doing a reverse lookup, they see a different domain name and blacklist us. People often conflate rDNS and sender domain validation, but they aren't the same thing. rDNS is a connection heuristic, to validate the connection, not the submitter's mail domain(s). rDNS checks against the incoming FQDN response, so you only require 1 record. For instance, let's say you run 2 mail domains on your server, - @bigdicks.com - @littledicks.com @bigdicks.com is your primary, so you define your FQDN on your send connector as "mail.bigdicks.com", which has the appropriate A and rDNS records in order. When your server submits "EHLO mail.bigdicks.com" the rDNS checks against that domain. The rDNS check only validates the connection, it is completely unrelated to the mail domain you are submitting for, that's what SPF records are for. The fact that you are submitting a mail for the domain @littledicks.com does not matter. Just make sure your SPF record for that domain is in order. For instance, my mail domain for my personal account is @pipefl.com Since I use hosted Exchange, the sending server(s) are going to use something like "serverfarm-02341.bigshit.outlook.com". Which has a proper rDNS PTR configured. Office365 doesn't define an entire send connector and unique IP for my 1 account on my personal domain, it sends mail for all of it's hosted domains out the same framework. So my SPF record for @pipefl.com reads: "v=spf1 include:outlook.com ~all" Blame Pyrrhus fucked around with this message at 19:26 on Jan 9, 2012 |
# ? Jan 9, 2012 19:24 |
|
Oh man thats super informative, thanks
|
# ? Jan 9, 2012 19:30 |
|
If I add another smtp address to a user in ESM (EX2010) and set it as the reply address, shouldn't it automatically switch over when a user reopens outlook? Or do I need to wait for the OAB to download again? This is really frustrating. I have a use rina remote office and theyve got a different domain on their email. This usually works without a hitch but for them its just not switching over.
|
# ? Jan 9, 2012 22:04 |
|
LmaoTheKid posted:If I add another smtp address to a user in ESM (EX2010) and set it as the reply address, shouldn't it automatically switch over when a user reopens outlook? Is the change correctly applied in webmail?
|
# ? Jan 9, 2012 22:51 |
|
Linux Nazi posted:Is the change correctly applied in webmail? Yep. Emails from her are still coming from the other domain (which I left there so email doesn't bounce). The new domain is set as the default.
|
# ? Jan 9, 2012 23:23 |
|
LmaoTheKid posted:Yep. Emails from her are still coming from the other domain (which I left there so email doesn't bounce). The new domain is set as the default. Basically if webmail reflects the change correctly then it's a client-side or caching issue. Try rebuilding her outlook profile if you haven't already. If webmail is not reflecting the change then double check her mailbox.
|
# ? Jan 10, 2012 14:38 |
|
Question, My manager is having an issue with his email account. When some people try and email him it is bouncing back saying his account doesnt exist. He did delete his email account from exchange and recreate it after he tested microsoft hosting which messed up a lot of stuff. If my boss emails someone they are able to reply. Some users are able to email him after a reboot but not all. I disabled cache mode on outlook and that hasnt helped so far. Any ideas?
|
# ? Jan 10, 2012 17:13 |
|
Linux Nazi posted:Basically if webmail reflects the change correctly then it's a client-side or caching issue. Try rebuilding her outlook profile if you haven't already. Thanks, it looks like it just took a while to replicate to hwer outlook. She's in LA and our server is here in NY. I'm getting replies from the new domain now. Guess I panicked.
|
# ? Jan 10, 2012 17:46 |
|
LmaoTheKid posted:Thanks, it looks like it just took a while to replicate to hwer outlook. She's in LA and our server is here in NY. I'm getting replies from the new domain now. Guess I panicked. Remember this is all integrated into AD now, so you have to wait on replication out to other sites, which depending on your configuration could be hours.
|
# ? Jan 10, 2012 18:56 |
|
Drumstick posted:Question, If he removed his mailbox and re-created it, then users may still have the previous object in their autocomplete cache. This is separate from the Outlook Cached mode, I'm talking about the nickname cache (.nk2 file for Outlook 2007 and earlier). I'm talking internal users here, external users will have their messages delivered without issue, assuming his e-mail address is the same. The issue is that the outlook client caches the old account's no-longer-valid x400 information (I believe it's the x400 that causes the problem, somebody feel free to correct me) as part of the cached autocomplete. If replying to a message, it just replies to the correct object. And if you open outlook and manually select [TO:] then it also probably delivers. Solution: Have one of the affected users type his name into the To: field. As it drops down the autocomplete listings, arrow down to it and hit delete. Then try to send a message to the mailbox normally.
|
# ? Jan 10, 2012 19:08 |
|
Thank you so much, that took care of it.
|
# ? Jan 11, 2012 19:39 |
|
I'm far from an expert in Exchange, but this seems unnecessarily complicated. I was asked to give a list of all emails under a distribution list. Only about 1/3rd of all users in AD are members of this distribution group, and the scripts I'm finding are not working for me. The closest I got was with the one from http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_21639737.html, but it only returns a fraction of the entire list before spitting a message saying "C:\query.vbs(62, 25) Active Directory: The directory property cannot be found in the cache." I also tried just typing an email to the distribution list, hitting the little + to expand it and seeing all the names, but that only gave me the names, and not everyone's email addresses. Can someone help out?
|
# ? Jan 12, 2012 19:24 |
|
Alfajor posted:I'm far from an expert in Exchange, but this seems unnecessarily complicated. I was asked to give a list of all emails under a distribution list. Only about 1/3rd of all users in AD are members of this distribution group, and the scripts I'm finding are not working for me. Yeah it's one of those weird "This must be simpler than it seems?" things IMO. FWIW I use Hyena from SystemTools, it's shows group memberships (a DL is just a group) and lets you do a shift/ctrl select and copy/paste into Excel or whatever.
|
# ? Jan 12, 2012 19:42 |
|
Another vote for Hyena. I love it.
|
# ? Jan 12, 2012 19:43 |
|
Ooooh, that might just be it. Gonna ask my boss to buy this. Thanks, goons! *ninja edit: already downloaded and running on the 30 day trial.
|
# ? Jan 12, 2012 19:51 |
|
Alfajor posted:I'm far from an expert in Exchange, but this seems unnecessarily complicated. I was asked to give a list of all emails under a distribution list. Only about 1/3rd of all users in AD are members of this distribution group, and the scripts I'm finding are not working for me. Exchange 2007 / 2010? get-distributiongroupmember -identity {groupname} |fl name,primarysmtpaddress Exchange 2003, no idea.
|
# ? Jan 12, 2012 20:12 |
|
|
# ? Apr 18, 2024 00:37 |
|
I work for retards who refuse to shell out or even use an open-source ticket tracking at all. So I have to somehow make Exchange + Outlook work as a ticket system. Currently, we use Tasks to assign projects to people. This worked fairly well in the past when we had 10 or so clients. Now we have upwards of 50 and a number of different technicians working on projects at any given time. What do you goons recommend as far as having a single shared mailbox in Exchange 2007 for this workflow: - Email comes in to helpdesk email. - Secretary sees helpdesk email, assigns to a technician - Secretary creates a Task in Outlook and assigns it to a technician. - Other technicians, secretaries, and managers need to see what was assigned and the progress of said task. Like I said, I work for idiots who refuse to change this workflow at all. Not my call. I'm open to suggestions of how to do this or similar software that I can use to do this as well.
|
# ? Jan 12, 2012 20:35 |