• Home
  • About Me

ukstokes.com

tech stuff from a tech bloke

Feed
  • Exchange Patching, and KB911829

    Aug 17th 2006

    By: ben

    No comments

    I recently added a new server to my company's org. After installing Exchange 2003 and SP2 for Exchange, I ran Microsoft update and brought everything up to date and started moving mailboxes across to it on that night. The next day I started getting complaints that OWA was not working for some users. I quickly realised the affected users were all on the new server. I checked and all of the IIS websites were configured in the same way, and the HTTP server in ESM was set up identically across all servers. After rebooting the server out of hours and resetting the IIS websites, I made a small amount of progress and via the front-end I could get it to start loading 'basic version' before giving up half way through. This is how it looked:

    Not very pretty eh ... Going directly through the back-end though, it worked perfectly.

    After some more investigation and following a hunch, I moved my mailbox to a test server (where my mailbox worked through OWA) and started looking at Windows updates that were available for the test server, that were already installed on the new server. Through some testing I eventually found that if KB911829 is installed on the back-end but not the front-end, it will break OWA for users on that server. The fix is simple - remove the patch, or update all the Exchange servers with the same patches.

    Technorati Tags: Exchange 2003, KB911829, Exchange Admin, OWA

    Exchange

  • Damn hackers.

    Aug 15th 2006

    By: ben

    No comments

    I use the superb free services at freedns.afraid.org to control the DNS for ukstokes.com. This is so I can point www.ukstokes.com and my blog to my webhost, and mail.ukstokes.com and other subdomains to my broadband connection at home, for hosting e-mail for my domain, and other smaller websites that don't need to be reliable.

    This weekend, a botnet started attacking afraid.org and bought it and all 4 of it's name servers to their knees, bring mine and hundreds of other websites down. The attack is still going on now. I guess I can't moan too much because my blog and server at home are just for fun, but I feel sorry for the other paying, premium customers who will also have been affected by this, and who's websites downtimes can be directly translated to lost sales and revenue.

    I managed to get on to the afraid.org forum for long enough to view the thread describing the attack. Josh Anderson who owns and maintains the services, posted this in the thread:

    "I don't want to get too specific on the forums publicly with the fine attack details, but the attack was difficult to filter against at least by the night crew, and was about 300 mbps so the ISP would not allow it in for me to ipfw it off, because it would impact other customers, more then the network its self can handle, and they were not able to build a filter against it to scrub it out for some reason, normally they're reasonably good about it, but this has been going on for like 8 days off and on. Could be the time that it happened, since it was like in the early AM on a Sunday, maybe during business hours things would be different with a different crew, I honestly don't know.

    As for retalliation, no one is worth the time it would take to bother attacking back, and other innocent networks that would probably be harmed in the process. I'm simply more exposed to attack vs them, since I actually have a human driven communitiy here. I have to accept it and try to build around it. I need to focus on the beneficial-to-me things I can do to help avoid total downtime vs detremental-to-them things I could do that just wouldn't be worth the effort.

    I appreciate the kind words and helpful suggestions guys

    Josh"

    There's not much I can do apart from wait for the attack to finish and watch for updates on the forum. I want to keep using afraid.org, and it doesn't seem fair to move my custom elsewhere as it's not their fault that this is happening.

    No doubt the source of all this is a teenage grunt on a power trip controlling an army of compromised XP computers. I suspect that if the penalties for computer crime were more severe and this sort of stuff was actually policed, he would probably be outside the reach of the law anyway due to his young age. But, somehow I can't see stuff like this EVER being policed, so something else needs to change; Windows needs to become more secure. But it's not only Microsoft's fault, the public at large need to keep their computers updated and understand what happens when they don't. We need to make things less easy for the hackers.

    I dread to think how many XP computers there are connected on fast broadband connections, that are always switched on and don't have any anti-virus installed. If all of those computers were suddenly patched, had anti-virus installed and then got rebooted tonight, what would become of the hackers and their software zombies then? Would the Internet stay clean and safe for long? I doubt it. But maybe if one third of the world used Apple Mac's, one third used Linux, and the remainder used Windows, that would begin to make things tougher for them. (yeah, keep on dreaming... )

    Technorati Tags: Rant, Opinion, Hackers, BotNet, FreeDNS, afraid.org

    Rants

  • Sharepoint 2007 Beta

    Aug 11th 2006

    By: ben

    1 comment

    I've been asked to install Sharepoint Server 2007 beta for evaluation by part of the business. I'm also pretty interested myself to see how it integrates into Office 2007, and I'm pretty sure we have the beta of that lying around somewhere. Official documentation for Sharepoint 2007 seems to be pretty sparse (or just tricky to find) but I have found some good blog posts that describe the installation and important pre-requisite steps.

    • Sharepoint Cafe - Installing a New Microsoft Office SharePoint Server 2007 Portal: Step-by-Step Instructions
    • A Marvellous Point - How to: Install Sharepoint 2007 Beta1TR on a single machine

    Hopefully I should have a demo of it ready for later on this afternoon, I'll post my feedback and comments as I go forward with this.

    Technorati Tags: Sharepoint 2007

    Windows Servers

  • Offline defrags in Exchange 2003

    Aug 8th 2006

    By: ben

    1 comment

    There seem to be 2 schools of thought on offline defrags. Some say they should be performed at regular intervals to ensure the integrity of your exchange databases, whereas others say they are a risky procedure that should be undertaken carefully and only when absolutely necessary. So, what is the recommended practice?

    Event 1221 in the application log will show how much white space exists in your exchange databases. This appears once per mailbox store at the end of the online maintenance period:

    Event Type: Information
    Event Source: MSExchangeIS Mailbox Store
    Event Category: General
    Event ID: 1221
    Date: 08/08/2006
    Time: 06:00:02
    User: N/A
    Computer: S05010025
    Description:
    The database "1st Storage Group\Mailbox Store (S05010025)" has 39368 megabytes of free space after online defragmentation has terminated.

    Personally I would not worry about a few gigs of white space as it will be reclaimed fairly quickly. As WAN and Broadband links become stronger, Exchange is more abused as a method of sending and storing large files. 40Gb of free space (as above) is worth reclaiming though. Bringing the database size down by 40Gb will significantly reduce the backup, and more importantly, restore times, and reduce the number of tapes used from week to week (and therefore the overall cost of Exchange to your company). There are a few other instances where you might carry out an offline defrag:

    • When your mailbox indexing is completely hosed
    • If your disks are extremely fragmented, and your server is too busy during the online defrag period to make much difference.

    In my last company, users were using public folder trees as a ‘check in, check out’ document management system. This caused very heavy fragmentation of the database until we moved the folder trees to their own server which had more spindles.

    Before launching an offline defrag, make sure you have a good backup of your store. Also ensure you have enough free space on your drive (110% of the size of your store). Then dismount it (there is no need to stop the information store service), and open a command prompt window to issue the commands:

    eseutil /d e:\path\to\priv1.edb /s e:\path\to\priv1.stm

    Note: by default it will create temp files on your C: drive and these could potentially get very large. If you don't have a large C: drive, use the /t and /f switches to specify the locations for your temporary files.

    eseutil /d e:\path\to\priv1.edb /s e:\path\to\priv1.stm /t F:\temp\temp.edb /f F:\temp\temp.stm

    You should see something like this:

    Microsoft(R) Exchange Server Database Utilities
    Version 6.5
    Copyright (C) Microsoft Corporation. All Rights Reserved.

    Initiating DEFRAGMENTATION mode...
    Database: priv1.edb
    Streaming File: priv1.stm
    Temp. Database: TEMPDFRG3940.EDB
    Temp. Streaming File: TEMPDFRG3940.STM

    Defragmentation Status (% complete)

    0 10 20 30 40 50 60 70 80 90 100
    |----|----|----|----|----|----|----|----|----|----|
    .................

    Remember to mount your store again once the defrag has finished. If it has worked you should see a message like this one:

    Moving 'TEMPDFRG3940.EDB' to 'priv1.edb'... DONE!

    Moving 'TEMPDFRG3940.STM' to 'priv1.stm'... DONE!

    Note:
    It is recommended that you immediately perform a full backup
    of this database. If you restore a backup made before the
    defragmentation, the database will be rolled back to the state
    it was in at the time of that backup.

    Operation completed successfully in 5210.484 seconds.

    In this instance it took 1 hour and 26 minutes to defrag a 23Gb database file.

    Technorati Tags: Exchange 2003, Exchange Admin

    Exchange

  • How to purge an orphaned mailbox

    Aug 7th 2006

    By: ben

    22 comments

    Sometimes things can go wrong during a mailbox migration which will cause a mailbox to be orphaned. Things like a network link going down or the migration hanging on "Saving changes to the directory". If you have to forcibly terminate the migration task, you may find yourself left with an orphaned (disconnected) mailbox on the destination server. Then, when you try to purge the mailbox, you may receive this message:

    ID no: c1034ad6
    The operation cannot be performed because this mailbox was already reconnected to an existing user.

    Here are some of your options:

    Try migrating the mailbox again to the same destination. Exchange should know the orphan exists from a failed mailbox move and will automatically purge it, and attempt the move again. This does not always not work though.

    Another alternative, is use ESM to have a look at the mailbox store properties on the store with the disconnected mailbox. On the Limits tab, do you have a check mark next to "Do not permanently delete mailboxes and items until the store has been backed up"? If you do, try backing up the store and purging the mailbox again.

    Here's the final option (which worked for me) if all else fails, and you should ensure you have a recent backup of your stores before doing this. Using ADUC, find the other mailbox in your organisation that has the same display name as your disconnected mailbox. Right click on the user and use the Exchange tasks wizard to delete the mailbox from that user. Now go back into ESM and run the cleanup agent on your stores, and both mailboxes will be in a disconnected state. You will then be able to purge the orphan you want to get rid of. Next you should simply be able to right-click on the remaining orphan mailbox in ESM and use the 'reconnect' option, and specify the user account the orphan belongs to.

    Edit: One more method as suggested below is setting the "Keep deleted mailboxes" option to 0 days and then running the cleanup agent on that mailbox store. Judging by more recent comments this seems to do the trick. Thanks Mike!

    Technorati Tags: Exchange 2003, Exchange Admin

    Exchange

  • Backing up your BES

    Jul 27th 2006

    By: ben

    9 comments

    There are 2 utilities on the BES CD for backing up the BES. blackberrybackup.exe for backing up the config to a text file, and blackberrydbbackup.exe for taking care of the database. These can be scripted in a batch file and run using task scheduler, and then you can let your nightly tape backups pick up the files.

    The blackberrydbbackup utility will produce a .bak file that is roughly the same size as your database, so if you don't clean these files up regularly you will notice your disk space diminish as your backup folder grows massive in size. To counter this I wanted to add a bit at the end of my backup script that would delete files older than a certain age. I found many, many long and complicated scripts that would do this, using if and for statements and masses of variables. I also found vbscripts pages long for doing this but I kept looking for something simple, because I recently looked into how to script this sort of thing using Unix commands (and blogged about it), and I was sure there would be a way using "command prompt" (DOS) commands that would be equally as short and elegant.

    I discovered a new command for this called forfiles. Here's the syntax I used:

    forfiles /m *.bak /D -6 /C “cmd /c del @file”

    The /m switch specifies the search criteria. If you do not use /m it will default to *. The /D -6 is number of days, 6 days old in this instance. The /C switch will execute a command which you need to place inside double quotes. The @file variable in the example represents each file in the search results.

    Here's the complete script:

    e:
    cd\backup

    blackberrybackup.exe -b -o e:\backup\S86_backup.txt -y -w s05010086 -n s05010086 -m "BlackBerryServer"
    blackberrydbbackup.exe -d BESMgmt -E -p -f e:\backup\

    For /f "tokens=1-4 delims=/ " %%a in ('date /t') do SET mdate=%%c%%b%%a
    rename E:\backup\S86_backup.txt e:\backup\%mdate%S86_backup.txt

    echo Finished.

    rem ** Cleanup old files **
    forfiles /m *.bak /D -6 /C "cmd /c del @file"
    forfiles /m *.txt /D -6 /C "cmd /c del @file"

    Technorati Tags: Batch Files, Blackberry, Backups

    Blackberry

  • Using MIMESweeper and LDAP address lists to only allow valid recipients

    Jul 5th 2006

    By: ben

    No comments

    MIMESweeper for SMTP (5.2) can be configured to only accept a message at your mail gateway if the e-mail address exists in your organisation. This is done by creating an LDAP address list and ensuring all mail enabled objects in your Active Directory are added to the list. Then in your MIMESweeper policy, you can configure the list as a Relay Target in the Anti-Relay settings so that mail from external hosts will only be delivered if the recipient is a member of the list. Depending on your mail throughput, implementing this could relieve a lot of the load on your Exchange system and MIMESweeper quarantine areas by cutting out all the junk mails associated with directory harvesting attacks, and all the NDR's which bounce back because the original recipient doesn't exist.

    The caveat that prevented us from implementing this in my last company was we had an oversize public folder structure with thousands of mail enabled public folders, a lot of which had additional SMTP addresses. How to you create the LDAP query to add all of these to the LDAP address list? Here is the solution. If you select the View | "Advanced Features" option in Active Directory Users and Computers, you will see the Microsoft Exchange System Objects OU appears. This OU is dynamically updated and contains all Public Folders. In your MIMESweeper Address List, you can simply add a search criteria pointing to this folder, like so:

    Full DN: cn=microsoft exchange system objects,dc=xxx,dc=yourdomain,dc=com
    Class: objectclass=*
    Attributes: mail,proxyAddresses

    Technorati Tags: MIMESweeper, MailSweeper, LDAP, Spam, Microsoft Exchange, Exchange Admin

    Messaging

  • Blackberry stuff

    Jun 30th 2006

    By: ben

    3 comments

    I've spent a fair amount of time this week deploying a Blackberry server and handsets for my new company (well, not my company, but you know what I mean). I haven't installed a Blackberry Enterprise Server since version 3.6, we are now on version 4.1 and the installation routine has been updated and simplified slightly in the new version:

    • You don't need to muck around with cdo.dll anymore. The DLL and Patch that used to be required for cdo.dll is rolled into Windows Server 2003 SP1.
    • You don't need to install MSDE anymore. It's done automatically by the BES setup program.
    • Since MSDE is set up for you, all of the choices to do with the SQL database have been removed from the setup program.

    The BES I have been configuring is actually running in a virtual environment, which is a concept new to me ... but the end result is exactly the same as if it was installed on a physical server.

    My next task has been documenting the configuration. This involves creating an extremely detailed Word document (using a standard company template) detailing the configuration with diagrams and installation instructions, and a 2nd document which will be a single sheet containing all the basics you would need to know if you were left to look after a bunch of Blackberry users for a few weeks. Good documentation is incredibly valuable but it's such a time consuming process (and not my most favourite thing to do ....)


    Blackberry Topology

    Blackberry Server tip of the day

    Blackberry log files have to be kept in check or they will slowly consume all of your free disk space. I would recommend turning logging off completely, and then just switching it on for troubleshooting if required.

    Start > Programs > Blackberry Enterprise Server > Blackberry Server Configuration

    On the Logging tab, change all instances of “Debug log daily file” to “No”.

    Technorati Tags: Blackberry, BES, Administration

    Blackberry

  • Crap domains

    Jun 30th 2006

    By: ben

    No comments

    A while ago when the .eu level domains were made available to the public, I tried to register www.benstokes.eu and www.stokes.eu. My application for www.stokes.eu was unsuccessful, which annoyed me as that was the one I really wanted. It annoys me more, that many months later www.stokes.eu is deserted and still gives a DNS error. Why register it if you're not going to use it??!

    The registration process for .eu domains was a bit of a joke during the 'landrush' period, you basically had to apply and pay for a domain (along with loads of other people applying for the same names), and then your registrar applies on your behalf. On the day they were made available, the registrars could only apply for one domain every 10 seconds, to make it fair to everyone. I don't think it's very fair though that I don't get my money back for my failed application. Instead I get a credit for an alternative .eu domain, but the trouble is, all the best ones are gone already.

    So I thought I'd jump on the Web 2.0 bandwagon and I started looked for words ending in eu (thinking along the lines of del.icio.us), If I was French I would have loads of words to choose from but the English dictionary was drawing blanks. On a tangent I wondered if www.stok.es was available, I checked and it was! I registered it immediately, but on reflection now I'm wondering if my new domain name is really a bit sh.it, exactly like Rob Manuel says ...

    Anyone want a .eu domain? I've got one going spare ...

    Technorati Tags: Domains, Domain Names, Web 2.0

    Random stuff

  • NewDotNet: Filthy spyware

    Jun 7th 2006

    By: ben

    2 comments

    My definition of spyware is software that:

    • Installs without your knowledge or consent
    • Does not appear in add/remove programs
    • 'Phones home' with information, normally about Internet browsing activities

    NewDotNet claims that their software is not spyware, and yet it meets all of my criteria above. I discovered it on my laptop yesterday, it's one of those annoying 'search' programs that replaces the 'Page cannot be displayed' page when you type in a bad URL (like ww.google.com). I wonder if anyone actually uses these search programs?

    The thing that really annoyed me was the removal process for this software. It doesn't appear in Add/Remove programs. You cannot simply delete the folder containing the DLL from your C: drive as you get an 'Access Denied' message. OK, so how about deleting all references to newdotnet and new.net from the registry, rebooting and then deleting the files? Not a bad approach, and I've used it to clean spyware from my machine before. But, you can't do it with newdotnet because it will break your winsock stack, and therefore all of your network devices will stop functioning. The next time you reboot you will get an error message and be unable to access the Internet.

    But why would a program want to re-engineer your winsock stack though? The answer is because doing so can allow all DNS queries to be forced through the newdotnet DLL, so that when you request a bad or malformed URL such as http://ben.stokes in your browser, newdotnet will perform the DNS query instead of your usual DNS server, and if the domain does not exist, it will redirect your browser to 'quickbrowsersearch'.

    So you can see it's truly awful software, one might even so far as to call it "a pile of wank". There are stories in forum posts about people who have reinstalled Windows just to get rid of it. Below are some links including more information on what newdotnet does and how to clean it off your system:

    • PCPitStop Forums Thread on newdotnet
    • WinTipz.com
    • cexx.org explains newdotnet in some depth

    Since newdotnet have been known to file lawsuits to people who accuse them of writing spyware, I will point out now that the article above is based on my personal thoughts, opinions and experiences, rather than facts.

    Technorati Tags: NewDotNet, new.net, Spyware, Internet Explorer, Security, Rant, Opinion

    Rants

    • <
    • 1
    • ...
    • 7
    • 8
    • 9
  • Subscribe

  • Recent Posts

    • Script to list all local admins in your domain
    • Connect Skydrive as a Windows mapped drive
    • D-Link DWA-131 and Ubuntu
    • Configure a non-enterprise Blackberry handset for Exchange
    • Upgrading bugzilla from 3.0.x to 3.4.6
  • Spam Blocked

    14,696 spam comments blocked by
    Akismet
  • Recent Comments

    • deobfuscate on Deleting unwanted public folder stores
    • ben on D-Link DWA-131 and Ubuntu
    • Darryl on D-Link DWA-131 and Ubuntu
    • Andrew Montague on How to purge an orphaned mailbox
    • Orval Eske on Configure automatic login on OCS 2007
  • Categories

    • Android
    • Blackberry
    • Blogging
    • Desktop Linux
    • Enterprise Linux
    • Exchange
    • Messaging
    • Mobile
    • News
    • Nintendo
    • OCS
    • Random stuff
    • Rants
    • Scripting
    • Technology
    • VMware
    • Windows Servers
    • Windows Vista
  • Tags

    Active Directory Android Bash scripting BES Blackberry Bugzilla Cacti CentOS Citrix Desktop Linux DivX Dr DivX Enterprise Linux Google iptables K2 Wordpress 2.5 kickstart Linux Logical Volumes LVM Messaging Mobile N95 netfilter networking Open Source Performance Putty Random Rant Red Hat Red Hat Summit RHEL routing Scripting SSH thin client Ubuntu VBScript Video Encoding VMware Windows Windows Vista wireless
  • Tweets

    • Quite an interesting read. RT @engadgetmobile Apple's App Store Review Guidelines: 'we don't need any more fart apps' http://bit.ly/byrsHP 17 hours ago
    • @Jedipottsy I don't think you can unify 2 inboxes on 2 gmail accounts. Could be wrong on that though. 22 hours ago
    • RT @RogersMary: Hello!! HTC Magic+ Customers should expect HTC to start rolling out 2.1 OS today, OTA 2010/09/08
    • @Jedipottsy I use gmail for my domain (ukstokes.com). You just sign up and point your mx records to Google's servers. 2010/09/08
    • @tjralph I definitely fall into that camp. 2010/09/08

© Copyright ukstokes.com. All rights reserved.

Theme designed by Nischal Maniar