We've been working on a big Exchange 2007 migration project and I thought I'd share some of the lesser mentioned hurdles we seemed to hit:
We are using virtual servers under ESX vi3, and found we were getting daily stop errors until a colleague found this VMware kb article. We only had one other virtual 64 bit box at that point, and it did not yet have the 932596 patch so we were a bit stumped until we found the VMware KB.
We also had an issue (before even moving the Offline address book generation) where the 2007 install broke OAB 2 and 3a generation. A Microsoft escalation engineer (the cool guy who wrote the oabInteg tool) blogged about it here.
We also had issues (also before moving our recipient polices to 2007) with our recipient polices not updating because we needed to remove some disabledGateway Proxy entries. The official Microsoft KB is 948211, but I found a blog entry from Dusan Kosaric to be what turned me on to the problem.
Lastly, I wanted to exclude certain domain controllers from being used by Exchange 2007 (as opposed as to just hard coding what dc's to use) and used KB 298879.
Tuesday, September 09, 2008
Thursday, July 05, 2007
Vmware Infrastructure 3
I have just recently returned from Vmware Infrastructure 3 training in Denver, I'm seriously considering spending a little time studying for the VCP exam.
Then again, I've lately been viewing certification as an exercise in running a study/test treadmill. (It's a single test though, and doesn't ever expire.)
Although our shop has been using Vmware since 1.5 and I've been heavily involved with it since 2.5, this was the first official training class for Vmware I've attended. The class was one of the better training classes I've ever attended. It's pretty refreshing to have a class where all the product labs "just work".
DRS and HA were unique features, representing the ability for Vmware to automatically load balance across multiple ESX hosts and failover VM's when one or more ESX hosts fail. Some of the things I learned that I never knew where that Virtual Center automatically imports members of the local administrators group on the Host running Virtual Center into the Virtual Center Administrators group. (Which is something I confirmed in class. We had no Active Directory or I would test for nested groups, but I suspect they don't import.) Another item is that performance of Raw Device mappings, is supposedly slightly worse than using a vmdk file. The official position is that RDM's should only really be used if software needs raw access to a SAN (such as SAN management software) or if you are doing clustering between vm's or between vm and a physical server.
One point that made me smile, was that neither the instructor or any other students thought it was possible to extend a system disk (such as the C: drive) on a Windows server. Something one of my former colleagues had come up with long ago, by attaching the vmdk to another "helper" vm and using it to extend the disk.
Some of the useful information I found that wasn't part of the course ware material included:
List of Maximums in Vmware
Memory overhead associated with running a Virtual Machine (Page 129.)
If pursuing the VCP, the Blueprint covers the test objectives. (Although attendance in a Vmware class is required for the VCP, no one class covers all the material.)
Then again, I've lately been viewing certification as an exercise in running a study/test treadmill. (It's a single test though, and doesn't ever expire.)
Although our shop has been using Vmware since 1.5 and I've been heavily involved with it since 2.5, this was the first official training class for Vmware I've attended. The class was one of the better training classes I've ever attended. It's pretty refreshing to have a class where all the product labs "just work".
DRS and HA were unique features, representing the ability for Vmware to automatically load balance across multiple ESX hosts and failover VM's when one or more ESX hosts fail. Some of the things I learned that I never knew where that Virtual Center automatically imports members of the local administrators group on the Host running Virtual Center into the Virtual Center Administrators group. (Which is something I confirmed in class. We had no Active Directory or I would test for nested groups, but I suspect they don't import.) Another item is that performance of Raw Device mappings, is supposedly slightly worse than using a vmdk file. The official position is that RDM's should only really be used if software needs raw access to a SAN (such as SAN management software) or if you are doing clustering between vm's or between vm and a physical server.
One point that made me smile, was that neither the instructor or any other students thought it was possible to extend a system disk (such as the C: drive) on a Windows server. Something one of my former colleagues had come up with long ago, by attaching the vmdk to another "helper" vm and using it to extend the disk.
Some of the useful information I found that wasn't part of the course ware material included:
List of Maximums in Vmware
Memory overhead associated with running a Virtual Machine (Page 129.)
If pursuing the VCP, the Blueprint covers the test objectives. (Although attendance in a Vmware class is required for the VCP, no one class covers all the material.)
Monday, April 23, 2007
Passed XP 70-270 Test! Now an MCSA!!
I just recently took and passed the Windows XP 70-270 exam. I had previously taken the following exams (in chronological order) beginning with 70-297, 70-290, 70-294, 70-284 and 70-291.
Even though I waited this long to take the XP 70-270 exam, I was a little surprised to find that I had a perfect (1000) score on this particular test.
Anyway, this completes my requirements for MCSA and leaves me one test short of MCSE. (I plan to start studying for the 70-293 after Vacation. I think I probably should have taken it right after 70-291.)
My study recommendations for the 70-270 are to be thoroughly versed in Share/NTFS permissions, Windows XP install situations and knowledgeable of IE security settings (especially if you don't encounter settings different from the defaults in your day to day activities).
I used an older copy of Exam cram 2, but since it was a pre sp2 for XP version I found it lacking. What benefited the most was hands on experience, and second was Microsoft's own Self Study book. I also used Self Test software, but be sure to understand the explanations and do not just try to memorize the answers.
Friday, February 16, 2007
Understanding the Exchange DST tool in KB930879
For any of those who are actively working to prepare an Exchange 2003 environment for the 2007 Daylight Saving changes are probably looking at the Microsoft KB article 930879
If you are anyone like me, you might find this KB article a little vague and confusing at points.
Some of the issues I hit were:
The Exchange Team blog has a much better walkthrough on this than the KB article.
Unfortunately, it also brought to my attention the issue with these tools and the Auto Accept Agent for resource mailboxes. The current solution is to painfully unregister each mailbox before running the tool, but at least on Exchange team member says they want be able to come up with another solution.
Good luck!
If you are anyone like me, you might find this KB article a little vague and confusing at points.
Some of the issues I hit were:
- Exchange tools (Exchange System Manager) were installed on my admin workstations, and had to be uninstalled. (Which also had it's issues, as I found I had to run the setup from the Exchange CD to remove all components from Add/Remove programs. Going to Add/Remove to uninstall would remove the tools, but leave the Exchange server parent entry and prevent the install of the CDO tools.)
- I missed the mentioning of needing .Net 2 Framework installed, and it took a bit of searching on Google to determine the issue.
- Lastly, it was not very clear how to format the Server DN name when running MSEXTMZCFG.exe. I stumbled across the correct formatting after examining the MSEXTMZ.ini file. (Silly me, I was using LDAP formatting.)
- The registry key for Outlook (in my case) needed to be changed to the 11.0 hive from the 12.0 hive.
The Exchange Team blog has a much better walkthrough on this than the KB article.
Unfortunately, it also brought to my attention the issue with these tools and the Auto Accept Agent for resource mailboxes. The current solution is to painfully unregister each mailbox before running the tool, but at least on Exchange team member says they want be able to come up with another solution.
Good luck!
Friday, January 19, 2007
Daylight Saving Time (DST) 2007 Changes
Earlier in the month I started work on getting a jump on patching systems for the 2007 Daylight Saving Time changes.
(As of March 2007, DST begins on the second Sunday in March and ends on the first Sunday in November. For more information, see Sec.110 of the Energy Policy Act of 2005.)
A short summation of what I found was:
(As of March 2007, DST begins on the second Sunday in March and ends on the first Sunday in November. For more information, see Sec.110 of the Energy Policy Act of 2005.)
A short summation of what I found was:
Microsoft has a patch for 2003 and XP with sp2.
For other versions, you should be able to change the settings with registry keys.
Exchange 2003 gets a little complicated in that you need a CDO patch in addition to the Windows OS patch, but your appointments made by clients with the XP patch may be off an hour or more without the CDO update tools for Outlook 2003 that they have yet to release. I'm still trying to determine if one should also hold off on the Exchange 2003 server patch until the Outlook tool is release.
Also, apparently there is an update for Entourage for Mac users.
Also, apparently there is an update for Entourage for Mac users.
Windows SharePoint Services 2.0 also has a patch. (WSS 2.0 is a part of Project 2003 server and SharePoint Portal Services 2003 in our environment.)
Sun has a time zone updater for Java builds 1.4 and greater.
Novell has a utility to change the DST start and stop values, but you can change them manually.
Blackberry for Exchange needs the Windows OS DST patch and the CDO Exchange patch, and is planning on releasing a patch/CDO update for Blackberry devices in early February.
Thursday, December 14, 2006
Windows Update Error 0X8024402C
Although I generally use Shavlik's HFNETCHKPRO to patch Windows Servers, I recently stumbled across two cases where Windows Update failed to work and I received the error 0X8024402C.
I found Microsoft's article on the issue, but clearing all proxy entries wasn't exactly what I was looking for in my case. (One server was running Project server 2003 and had added an entry as part of the Project server install. The other servers were running Veritas' Enterprise Vault product and had been configured with some proxies as part of their install.)
My solution was to observe the current settings by just running "proxycfg" without any switches and then appending "*.microsoft.com;*.windowsupdate.com" to the bypass list.
For example:
Run "proxycfg" and obtain the results:
Proxy Server(s): https://project;http://project
Bypass List : <local>;project
then run
proxycfg -d -p "<local>" "<local>;project;*.microsoft.com;*.windowsupdate.com
NOTE THERE IS NOT AN ENDING QUOTE
I found Microsoft's article on the issue, but clearing all proxy entries wasn't exactly what I was looking for in my case. (One server was running Project server 2003 and had added an entry as part of the Project server install. The other servers were running Veritas' Enterprise Vault product and had been configured with some proxies as part of their install.)
My solution was to observe the current settings by just running "proxycfg" without any switches and then appending "*.microsoft.com;*.windowsupdate.com" to the bypass list.
For example:
Run "proxycfg" and obtain the results:
Proxy Server(s): https://project;http://project
Bypass List : <local>;project
then run
proxycfg -d -p "<local>" "<local>;project;*.microsoft.com;*.windowsupdate.com
NOTE THERE IS NOT AN ENDING QUOTE
Thursday, May 18, 2006
Help files over network shares
Came across an interesting issue the other day where a SAP Administrator had enabled sharing of the C: drive on a SAP deployment server, only to find he could no longer access the help files.
Apparently Microsoft has change functionality with MS05-026 to prevent a vulnerability in HTML help files and remote code execution. With security update 892675 installed you can't open HTML help files over network shares.
The workaround I used after scouring posts on the internet was to add the following registry key and then uninstall Internet Explorer Enhanced Security Configuration.
Apparently Microsoft has change functionality with MS05-026 to prevent a vulnerability in HTML help files and remote code execution. With security update 892675 installed you can't open HTML help files over network shares.
The workaround I used after scouring posts on the internet was to add the following registry key and then uninstall Internet Explorer Enhanced Security Configuration.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"MaxAllowedZone"=dword:00000001
"EnableFrameNavigationInSafeMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000001
Subscribe to:
Posts (Atom)
Posts
