I was running into authentication problems with SharePoint on a fresh installation on a new farm.
I was receiving Status code: 0xC000006D in the security logs for my user account.
The fix is to check KB 896861 for more information. Method B resolved my issues.
Sunday, November 29, 2009
Tuesday, September 29, 2009
When SBS Goes Bad - Exchange 2007 Recovery
Like many other small businesses, I use Microsoft Small Business Server. More specifically, SBS 2008 Standard Edition. Being an IT professional, I ALWAYS have a secondary AD server just in case something happens to the SBS server. This past week, my SBS 2008 server crashed! It was pretty nasty. The LDAP authentication was skewed, the kerberos key was skewed. Basically, the only thing that would have saved my tail would have been a system state backup from a month ago. I only kept 15 days.
Fortunate for me, I had the 2nd ad server. So I used some resource tools to remove the metadata for the SBS server, and set the burflags on my ntfrs service to make the sysvol share authoritative for the domain and restarted the ntfrs service. I brought up another 2008 x64 server and installed Exchange 2007 on it. I created a restore group and restored my SBS exchange database. I moved over the configuration data in AD to point to the new exchange server. Unfortunatly, the database I restored would not mount. I was receiving the error: MapiExceptionCall Failed 0x080004005 ec=-511 (I also received 502, 510 on previous tries). I was able to repair the database using eseutil.exe with the /p and /d options. After the passes completed successfully, I was able to mount the database and initiate the merge between the recovery group and the live database for what is referred to as a "dial tone" restore.
All is well now! I ousted the SBS server and went with another virtual AD server and standalone exchange. SBS is no more for me (FOR NOW).
Fortunate for me, I had the 2nd ad server. So I used some resource tools to remove the metadata for the SBS server, and set the burflags on my ntfrs service to make the sysvol share authoritative for the domain and restarted the ntfrs service. I brought up another 2008 x64 server and installed Exchange 2007 on it. I created a restore group and restored my SBS exchange database. I moved over the configuration data in AD to point to the new exchange server. Unfortunatly, the database I restored would not mount. I was receiving the error: MapiExceptionCall Failed 0x080004005 ec=-511 (I also received 502, 510 on previous tries). I was able to repair the database using eseutil.exe with the /p and /d options. After the passes completed successfully, I was able to mount the database and initiate the merge between the recovery group and the live database for what is referred to as a "dial tone" restore.
All is well now! I ousted the SBS server and went with another virtual AD server and standalone exchange. SBS is no more for me (FOR NOW).
Tuesday, June 2, 2009
Connecting to Cisco IPSEC VPN from x64 Windows Vista
A constant issue I have been hearing about lately is the ability or lack there of to connect a Windows Vista (usually x64) to Cisco IPSEC VPN devices. As you may already know, Cisco is moving away from IPSEC VPN on their newer devices and as of this writing have not released any plans to implement IPSEC on x64 or Vista platforms. They are moving toward SSL VPN connections, which in most cases, requires additional license purchase along with your multi thousand dollar initial investment in their ASA line of products.
In the search to fix this problem I have run across an open source implementation that has worked so far so good with Cisco VPN devices. This open source product uses the OpenVPN tapi interface as its backend and a user friendly front end that will import your Cisco VPN client .pcf with ease. IMPORTANT NOTE: When you are finished installing this package, you MUST reboot your computer!! Enough chatter go download already! http://sourceforge.net/projects/vpncfe/
Hope this helps!!
In the search to fix this problem I have run across an open source implementation that has worked so far so good with Cisco VPN devices. This open source product uses the OpenVPN tapi interface as its backend and a user friendly front end that will import your Cisco VPN client .pcf with ease. IMPORTANT NOTE: When you are finished installing this package, you MUST reboot your computer!! Enough chatter go download already! http://sourceforge.net/projects/vpncfe/
Hope this helps!!
Sunday, March 8, 2009
Microsoft CRM 4.0 IFD (Internet Facing Deployment) Tool
In order to access your Microsoft CRM 4.0 deployment from the internet correctly, you must run the CRM IFD TOOL to make the proper modifications to your system.
You can find the tool at the following location:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=69089514-6e5a-47e1-928b-4e4d4a8541c0
You can find the tool at the following location:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=69089514-6e5a-47e1-928b-4e4d4a8541c0
Monday, February 9, 2009
Live Communications Server 2005 to Office Communications Server 2007 Migration
In the mood of migrations, I decided to step up into the world of now-- all the way around! After the move to SBS 2008, it seemed natural to upgrade my communications platform. I decided to step up to the plate with OCS 2007 Standard Edition.
Currently, I was running Live Communications Server 2005 Standard Edition with a single Standard Server deployed and a single Access Proxy for federation and remote access. This setup has worked very well for the past ~3 years, so I was hesitant to forge ahead, but hey, why not?!?
I started by bringing up 2 new virtual servers running 2003 Standard Edition x86 (32 bit). Of course I used the Vmware 3.5 platform I just moved over to. The server handling the role of Standard Edition had a single network interface on the corporate network. The new Edge/Access Server is multihomed, one interface on the public internet, the other residing on the corporate network.
I brought Office Communications Server 2007 up along side the Live Communications Server 2005 deployment. After all was installed, I logged into the old 2005 Standard Server and fired up dsa.msc to move the users to the new pool. This worked very well after I granted the correct permissions to the administrator user.
The only gotcha I hit was when I tried to bring my phone online. The new 2007 deployment was set to disallow/block the version of Communicator Phone Edition (CPE) I had downloaded from microsoft. After a quick modification of the client version filter on the Edge and Standard Server, I was able to log in and get to my Real Time Communications!
I already like the performance of OCS 2007 opposed to LCS 2005. The first feature I noticed is the ability to assign your contacts to security levels. This can manipulate what information of yours they can view, and when they can contact you based on your status. Also, the communication seems MUCH faster and more reliable already. Some of my contacts often reported I would miss IM's they sent me with the 2005 system... Hopefully that will go away now!
Now I am on to get the web conferencing server, web access server and A/V server roles going...
Currently, I was running Live Communications Server 2005 Standard Edition with a single Standard Server deployed and a single Access Proxy for federation and remote access. This setup has worked very well for the past ~3 years, so I was hesitant to forge ahead, but hey, why not?!?
I started by bringing up 2 new virtual servers running 2003 Standard Edition x86 (32 bit). Of course I used the Vmware 3.5 platform I just moved over to. The server handling the role of Standard Edition had a single network interface on the corporate network. The new Edge/Access Server is multihomed, one interface on the public internet, the other residing on the corporate network.
I brought Office Communications Server 2007 up along side the Live Communications Server 2005 deployment. After all was installed, I logged into the old 2005 Standard Server and fired up dsa.msc to move the users to the new pool. This worked very well after I granted the correct permissions to the administrator user.
The only gotcha I hit was when I tried to bring my phone online. The new 2007 deployment was set to disallow/block the version of Communicator Phone Edition (CPE) I had downloaded from microsoft. After a quick modification of the client version filter on the Edge and Standard Server, I was able to log in and get to my Real Time Communications!
I already like the performance of OCS 2007 opposed to LCS 2005. The first feature I noticed is the ability to assign your contacts to security levels. This can manipulate what information of yours they can view, and when they can contact you based on your status. Also, the communication seems MUCH faster and more reliable already. Some of my contacts often reported I would miss IM's they sent me with the 2005 system... Hopefully that will go away now!
Now I am on to get the web conferencing server, web access server and A/V server roles going...
Sunday, February 8, 2009
SBS 2003 to SBS 2008 Migration
With the addition of a windows mobile 6 device, windows 2008 with exchange 2007 makes a powerful combination. The main feature I like is the ability to issue a command on the server to wipe all company data off the device in the event it is lost or stolen.
On that note I decided to upgrade to Small Business Server 2008.
The process was very straight forward. I followed the small business migration guide available here on technet: http://technet.microsoft.com/en-us/library/cc546034.aspx.
I had no issues except for permissions migrating my data over to the new server, which was a quick fix resetting and owning what tossed the access denied error.
My problem came when I tried to move over my email router for our CRM 4 deployment. For some reason the crm user for the forwarder mailbox is unable to authenticate against https:///exchange from the local machine. However from XP/2003, the user authenticates sucessfully. After many different methods of access from the new 2008 SBS server itself and my x64 Standard 2003 CRM Server, I chose to go with a suggested OS for the email router component. The OCS 2007 deployment was rolled out on 32 bit operating systems (cause it is all that is supported), so I installed the email router on the main server in the OCS topology.
I went to http://microsoft.com/downloads and grabed v1.2.1 of the Exchange MAPI collaboration objects and installed it on the server. Next, I installed the email router component, set my inbound and outbound rules, deployment info and bada bing, worked like a charm first try! Long story short- stick with the suggested, SUPPORTED configurations on this software.. ;)
On that note I decided to upgrade to Small Business Server 2008.
The process was very straight forward. I followed the small business migration guide available here on technet: http://technet.microsoft.com/en-us/library/cc546034.aspx.
I had no issues except for permissions migrating my data over to the new server, which was a quick fix resetting and owning what tossed the access denied error.
My problem came when I tried to move over my email router for our CRM 4 deployment. For some reason the crm user for the forwarder mailbox is unable to authenticate against https://
I went to http://microsoft.com/downloads and grabed v1.2.1 of the Exchange MAPI collaboration objects and installed it on the server. Next, I installed the email router component, set my inbound and outbound rules, deployment info and bada bing, worked like a charm first try! Long story short- stick with the suggested, SUPPORTED configurations on this software.. ;)
Wednesday, February 4, 2009
Xen Enterprise 5 to VMWare ESXi 3.5 Migration
So I decided to get off my multi year xen kick with a migration finale over to the free version of vmware 3.5i ESX. There were a few political reasons for this move, but the most important part of it was cost and upgrade path to maintain a commercial product as my primary virtualization platform.
A large supporting factor was the fact that Xen is not compatible with the Supermicro Blade set I purchased a few months back. This was a huge investment I made to consolidate space, have an inexpensive and quick upgrade path to scale/grow with. The blades can be easily found on VMware's HCL ;) Citrix was not very interested in moving into a position of support, so I got the thumbs down on compatibility from their team..
I started out by flashing the LSI MPT bios. Vmware went right on these babies with no fuss. Next I started testing vmware with a few low traffic virtual machines. VmWare held up well. I wasnt flattered, but just satisfied with it's performance. So to kick off the migration to vmware, I started with my windows domU's. The vmware conversion tool made this a breeze! I installed the package on every machine due to the fact I am too frugle to buy an enterprise license.. After the tool installed, I was able to click through the wizard and suck the machines right into my ESX Server! That was pretty swift, I must admit...
After the machines were fired up on the ESX server, I had to install the vmware tools, adjust some IP addresses and rename the adapters for easy admin. After the reboot, all the alerts from the monitoring system cleared and we were back in business. About 8 virtual servers were migrated this way, disks ranging in size from 39gb to 100gb. Actual time for the longest conversion was only 35 minutes or so over a gigabit copper switch.
Next I am faced with 4 CentOS 5.x linux servers left on this dom0. I tried a few different methods to seemlessly migrate this host to vmware, all of which failed. Tried methods include ghosting (ghost would not load network drivers on vmware host + lvm was lost during the process), completed backup via tar then relocation to the new machine, and rsync to rsync with both systems in rescue mode.
NOTE: To boot from CD on xen server enterprise 5 use the following command from the CLI: xe vm-param-set HVM-boot-policy="BIOS order" uuid=After you issue the command, you will be able to set the boot order in the management gui software.
When you want to boot back from the virtual hard drive device, issue the command, but set the boot-policy directive to "". You will still have to define the uuid of the DomU.
I finally gave up on a clone type movement and decided to install the new vm and just migrate the critical data over. This worked very well, and I did not experience any down time for this web server becuase I left the old data up long enough for DNS to propagate, then removed the old web server from the farm.
A large supporting factor was the fact that Xen is not compatible with the Supermicro Blade set I purchased a few months back. This was a huge investment I made to consolidate space, have an inexpensive and quick upgrade path to scale/grow with. The blades can be easily found on VMware's HCL ;) Citrix was not very interested in moving into a position of support, so I got the thumbs down on compatibility from their team..
I started out by flashing the LSI MPT bios. Vmware went right on these babies with no fuss. Next I started testing vmware with a few low traffic virtual machines. VmWare held up well. I wasnt flattered, but just satisfied with it's performance. So to kick off the migration to vmware, I started with my windows domU's. The vmware conversion tool made this a breeze! I installed the package on every machine due to the fact I am too frugle to buy an enterprise license.. After the tool installed, I was able to click through the wizard and suck the machines right into my ESX Server! That was pretty swift, I must admit...
After the machines were fired up on the ESX server, I had to install the vmware tools, adjust some IP addresses and rename the adapters for easy admin. After the reboot, all the alerts from the monitoring system cleared and we were back in business. About 8 virtual servers were migrated this way, disks ranging in size from 39gb to 100gb. Actual time for the longest conversion was only 35 minutes or so over a gigabit copper switch.
Next I am faced with 4 CentOS 5.x linux servers left on this dom0. I tried a few different methods to seemlessly migrate this host to vmware, all of which failed. Tried methods include ghosting (ghost would not load network drivers on vmware host + lvm was lost during the process), completed backup via tar then relocation to the new machine, and rsync to rsync with both systems in rescue mode.
NOTE: To boot from CD on xen server enterprise 5 use the following command from the CLI: xe vm-param-set HVM-boot-policy="BIOS order" uuid=
When you want to boot back from the virtual hard drive device, issue the command, but set the boot-policy directive to "". You will still have to define the uuid of the DomU.
I finally gave up on a clone type movement and decided to install the new vm and just migrate the critical data over. This worked very well, and I did not experience any down time for this web server becuase I left the old data up long enough for DNS to propagate, then removed the old web server from the farm.
Subscribe to:
Posts (Atom)
