beddo

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 275 total)
  • Author
    Posts
  • Avatar
    beddo
    Member
    in reply to: FRS to DFRS Migration has been reverted #362673

    Last report on the exchange error – the KDC service on the DC was actually set to disabled for some reason. Starting that up made the problem go away and all is mostly happy.

    Avatar
    beddo
    Member
    in reply to: FRS to DFRS Migration has been reverted #362672

    An update on this one, this part of the issue is now resolved although there are other things that need cleaning up.. I’ve been poking through the registry comparing with another similarly configured server.

    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesDFSRParametersSysVolsMigratingSysVolsLocal State was set to 4 so I changed it to 3
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNetlogonParameterSysvolReady was set to 0 so I changed it to 1

    This got DFSR back up and running and replicating the SYSVOL folder

    I then went into ADSIEdit and verified that the DFSR-LocalSettings and DFSR-GlobalSettings were as expected. They were so I went to Google and looked for anywhere else that may hide similar settings.

    I was effectively most of the way through this document – https://technet.microsoft.com/en-us/library/dd639789(v=ws.10).aspx having figured out all of the registry stuff. It did point me to the attribute editor for DFSR-GlobalSettings and DFSR-LocalSettings and msDFSR-Flags.

    DFSR-LocalSettings for the DC in question was set to 64 (Preparing) so I changed it to 48 (Eliminated).

    This then made dfsrmig /getmigrationstate report all DCs in eliminated state and migration succeeded.

    Sysvol was then shared out.

    So now the only evidence of there being a problem is an Exchange error (This is an SBS server) saying:

    “Unexpected error The local machine must be a Kerberos KDC (domain controller) and it is not. ID no: 80090339 Microsoft Exchange System Attendant occurred.”

    Avatar
    beddo
    Member

    I realised I never came back here.

    Re the witness, I did try with both file server witness and a lun on the SAN before posting.

    The issue is with StorageCraft ShadowProtect. The software was installed for taking DR images of the hypervisors. Even with backups disabled it appears the drivers that this software installs interferes with CSVs.

    Uninstall ShadowProtect and it works fine. I have a ticket open with StorageCraft regarding it, the last I heard they were replicating the setup in the lab to investigate.

    Avatar
    beddo
    Member
    in reply to: Exchange 2013 Performance #362670

    Re: Exchange 2013 Performance

    That may very well be this issue.

    I know some of our longer standing networks have policies disabling cached mode as earlier versions of Outlook had a habit of corrupting the .ost

    I’ve changed those policies and made sure that Outlook 2007/2010 are set to used cached mode. There’s no template for 2013 on the server so either it will inherit the earlier ones or those clients should be running in cached mode anyway as they will have pulled the default settings.

    Avatar
    beddo
    Member
    in reply to: Exchange 2013 Performance #362669

    Re: Exchange 2013 Performance

    Hi Sembee,

    Thanks for sticking with me and replying again.

    I did try to make it clear that we have third party monitoring tools on the virtual machine and the hypervisor. I am certain it is not a storage bottleneck because the disks are not being thrashed in the slightest.

    I am monitoring the read/write operations, disk queue lengths and page file activity and these aren’t even broaching 20% at the busiest times.

    My reference to Exchange 2010 with a similar configuration (not Exchange 2013) refers to all the clients with have with exactly this configuration (Exchange 2010 in a VM with dedicated drives and 32GB Ram) and they perform far better.

    The system itself is not slow to respond, just operations such as deletes and moves from the client PCs within Outlook. OWA is perfectly fine and does things without any delay at all.

    Avatar
    beddo
    Member
    in reply to: Exchange 2013 Performance #362668

    Re: Exchange 2013 Performance

    Thanks for the reply Sembee,

    The storage is a significant upgrade from the previous server. That was an SBS server with everything running off one RAID1 array. Exchange was sharing with Sharepoint, AD and well everything.

    The new server has a dedicated RAID1 array purely for the Exchange box. The store size is less than 100GB so it isn’t fantastically heavy usage though the logs and database are in the same location.

    I don’t think it is storage related as we have 24/7 performance monitoring running and the averages/busy time are really low.

    An Exchange 2010 box would fly with the same configuration, we have plenty of them out there and there was a point earlier in the week where I almost rebuilt the box to Exchange 2010. We have stuck in there with it with the view that we should be able to get Exchange 2013 running properly.

    I knew Office 2013 SP1 was out but for some reasons didn’t get the email notification from EHLO about the Exchange 2013 SP1 release. We will have to schedule that for the weekend out of hours.

    Avatar
    beddo
    Member
    in reply to: Exchange 2007 Server to 2013 Migration #362667

    Re: Exchange 2007 Server to 2013 Migration

    I have just done a 2010 to 2013 migration and I’m fairly certain we just deleted the old OAB.

    I saw your post on the technet forums saying you resolved it by granting extra permissions to the file/folder that the error referred to.

    Avatar
    beddo
    Member
    in reply to: Global Catalogue Issues #362666

    Re: Global Catalogue Issues

    Hi Sembee,

    Thanks for the info – what we were seeing was the exact opposite of what you describe. Exchange would only talk to the DC that was out of the site and would not talk to the DC on the server it was installed on!

    We have finally managed a reboot and the problem has gone away so it is confirmed as a problem with IPV6 being improperly disabled.

    All the best,
    Colin Waring,

    Avatar
    beddo
    Member
    in reply to: Global Catalogue Issues #362665

    Re: Global Catalogue Issues

    Thanks Virtual,

    The BPA doesn’t show up anything but it does complain about there only being one GC in the DSAccess topology.

    Can mod move this over to the Exchange forum?

    Avatar
    beddo
    Member
    in reply to: Global Catalogue Issues #362664

    Re: Global Catalogue Issues

    This is interesting.

    Typing in the server name with the port works fine however in before clicking the OK button the Status says Unavailable.

    Similarly the entry that is there for the DC also says unavailable but connects fine.

    Something thinks that it is unavailable when it isn’t..

    Avatar
    beddo
    Member
    in reply to: Global Catalogue Issues #362663

    Re: Global Catalogue Issues

    Both done and reported success – I have a recollection of doing that before but can’t remember whether it was this network or another. Either way the SBS server is still logging eventID 2080

    I am also considering that this may be an IPV6 issue. The SBS server was experiencing lockups related to IPV6 and IPV6 was disabled (following a proper guide, not just unbinding it from the adapter). Looking into it again there is a possibility that one step was missed so I have gone through the whole procedure again.

    My thinking is that if Exchange is using IPV6 to connect to the DC/GC it is not going to work but only a reboot will identify whether that is the case now.

    If I’m along the right lines then this thread probably belongs in the Exchange forum rather than AD. We will schedule a reboot tonight.

    Avatar
    beddo
    Member
    in reply to: Global Catalogue Issues #362662

    Re: Global Catalogue Issues

    AD looks OK. Either it isn’t talking to Exchange or Exchange has the issues.

    Quote:
    C:>nltest /dsgetdc: /site:sitea
    DC: \SBS.domain.local
    Address: \192.168.20.20
    Dom Guid: e94851c5-236b-4672-ab0f-0ec537178d20
    Dom Name: domain.local
    Forest Name: domain.local
    Dc Site Name: SITEA
    Our Site Name: SITEA
    Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN
    DNS_FOREST CLOSE_SITE FULL_SECRET WS
    The command completed successfully

    C:>repadmin /options

    Repadmin: running command /options against full DC localhost
    Current DSA Options: IS_GC

    C:>nltest /dsgetdc: /site:siteb
    DC: \2012.domain.local
    Address: \192.168.1.20
    Dom Guid: e94851c5-236b-4672-ab0f-0ec537178d20
    Dom Name: domain.local
    Forest Name: domain.local
    Dc Site Name: SITEB
    Our Site Name: SITEB
    Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLO
    SE_SITE FULL_SECRET WS DS_8
    The command completed successfully

    C:>repadmin /options

    Repadmin: running command /options against full DC localhost
    Current DSA Options: IS_GC

    Avatar
    beddo
    Member
    in reply to: Failed SP3 upgrades #362661

    Re: Failed SP3 upgrades

    I think I may have sussed what caused the problem. The upgrade tasks were left running overnight.

    Our servers have scheduled tasks including a cleanup of temporary folders so my best guess is that the task ran and cleared out the temporary folder before the Exchange setup had completed hence not being able to find the file.

    Avatar
    beddo
    Member
    in reply to: Failed SP3 upgrades #362660

    Re: Failed SP3 upgrades

    For anyone else coming across the same problem, the solution is to run an unattended install – this bypasses the setup GUI that only offers you the ability to add roles:

    Ensure you have rebooted after the failed upgrade then from an administrative command prompt change to the folder containing the service pack and run:

    Setup.com /M:Upgrade /InstallWindowsComponents

    This worked fine for two out of the three remaining servers.

    I am now left with one server that won’t run the unattended install, it just drops back to the console quickly when it gets to “Copying Setup Files”.

    Edit: Another reboot cleared that one

    Avatar
    beddo
    Member
    in reply to: Installing Exchange 2013 #362659

    Re: Installing Exchange 2013

    Glad it helped, we ended up binning 2013 and moving the PSTs back to 2010 as other things didn’t work properly or were intermittent (some of us could use the search feature whilst others got no results etc).

    It’ll be a while before we go back to it I think!

    Avatar
    beddo
    Member
    in reply to: Loss of TCP Connectivity #362658

    Re: Loss of TCP Connectivity

    One of our guys spent most of a day on to PSS about this. After trying everything they decided to try changing the IP address of the server and this resolved the issue. How bizarre.

    Avatar
    beddo
    Member
    in reply to: Loss of TCP Connectivity #362657

    Re: Loss of TCP Connectivity

    Ok, getting somewhere – I remembered an issue from 2003 with an update that caused IPSEC to enter default block mode. Out of curiosity I turned off ipsec and guess what? It all works now.

    Not sure why IPSEC is blocking things as we haven’t set up any policies..

    Edit: False Hope alas, a reboot and the server has gone again :(

    Avatar
    beddo
    Member
    in reply to: Loss of TCP Connectivity #362656

    Re: Loss of TCP Connectivity

    Even more oddly, this only seems to affect outbound connections.

    The server cannot connect active directory and it cannot open websites yet from the other server I get a valid response from IIS on the failed box (all be it a 404 error as Exchange is turned off)

    Avatar
    beddo
    Member
    in reply to: Installing Exchange 2013 #362655

    Re: Installing Exchange 2013

    Following up on this one as Google has no results and Microsoft product support didn’t have a solution.

    I have been able to run the installconfig.ps1 script manually by running an install and then an attach. After doing this the Exchange setup went through without a problem.

    Everything now appears to be up and running so hopefully Google will index this and it’ll help someone else out!

    Commands I ran are here:

    PS C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstaller> .installconfig.ps1 -action i -dataFolder “c:Program FilesMicrosoftExchange ServerV15BinSearchCeresHostControllerData”
    Configuring Search Foundation for Exchange….
    Script execution failed. Please inspect the log file “C:Program FilesMicrosoftExchange ServerV15BinSearchCeresIn
    stallerlogPostSetup_install_20130122213854.log” for more details.
    Error occurred while configuring Search Foundation for Exchange.System.TimeoutException: Timed out waiting for Admin
    node to be up and running
    at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.WaitForAdminNode(String hostControllerNetTcpWcfUrl)
    at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.Install(String installDirectory, String dataDirectoryPath,
    Int32 basePort, String logFile, Boolean singleNode, String systemName, Boolean attachedMode)
    at CallSite.Target(Closure , CallSite , Type , Object , Object , Object , Object , Object , Object , Boolean )
    At C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstallerinstallconfig.ps1:189 char:5
    + throw $_.Exception
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RuntimeException

    PS C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstaller> .installconfig.ps1 -action a -dataFolder “c:Program FilesMicrosoftExchange ServerV15BinSearchCeresHostControllerData”
    Configuring Search Foundation for Exchange….
    Successfully configured Search Foundation for Exchange[/CODE][CODE]PS C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstaller> .installconfig.ps1 -action i -dataFolder “c:Program FilesMicrosoftExchange ServerV15BinSearchCeresHostControllerData”
    Configuring Search Foundation for Exchange….
    Script execution failed. Please inspect the log file “C:Program FilesMicrosoftExchange ServerV15BinSearchCeresIn
    stallerlogPostSetup_install_20130122213854.log” for more details.
    Error occurred while configuring Search Foundation for Exchange.System.TimeoutException: Timed out waiting for Admin
    node to be up and running
    at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.WaitForAdminNode(String hostControllerNetTcpWcfUrl)
    at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.Install(String installDirectory, String dataDirectoryPath,
    Int32 basePort, String logFile, Boolean singleNode, String systemName, Boolean attachedMode)
    at CallSite.Target(Closure , CallSite , Type , Object , Object , Object , Object , Object , Object , Boolean )
    At C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstallerinstallconfig.ps1:189 char:5
    + throw $_.Exception
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : RuntimeException

    PS C:Program FilesMicrosoftExchange ServerV15BinSearchCeresInstaller> .installconfig.ps1 -action a -dataFolder “c:Program FilesMicrosoftExchange ServerV15BinSearchCeresHostControllerData”
    Configuring Search Foundation for Exchange….
    Successfully configured Search Foundation for Exchange[/CODE]

    Avatar
    beddo
    Member
    in reply to: SBS 2011 Fax "REIRRAC ON" #362654

    Re: SBS 2011 Fax "REIRRAC ON"

    I’m afraid not, we have just had to ignore it. We do also find the sbs 2011 service to be far more unreliable than the 2003 one and have to keep restarting it.

    Avatar
    beddo
    Member
    in reply to: Romaing profiles and Outlook 2007/2010 #362653

    Re: Romaing profiles and Outlook 2007/2010

    Roaming profiles are needed so that settings move about with PCs, not just the documents and desktops – these are redirected separately to reduce the profile size.

    Turning it off unfortunately is not an option.

    Neither is downgrading as approx 30 copies of Office 2010 are running, purchased with the PCs as OEM copies and I believe only the volume license gives people the rights to downgrade.

    I guess it is going to have to be a management issue of putting the different PCs in places where people aren’t likely to switch between the versions.

    Avatar
    beddo
    Member
    in reply to: FRS "replica root path has changed" #362652

    Re: FRS "replica root path has changed"

    It does indeed hold all the roles. The old server was dcpromo’d out of the domain gracefully. It is also worth noting that the most recent lockup did not bring forth these messages.

    Personally, I am inclined to blame Mozy Pro as the problem. We have two clients that use this. One on SBS 2008 and this one. The 2008 server has been sluggish ever since Mozy was put on and locked up a few days after Mozy was installed. It hasn’t locked up since but has required reboots due to resource issues.

    Unfortunately the only way I can test that theory is to leave the system running for a few months and see how stable it is.

    Avatar
    beddo
    Member
    in reply to: FRS "replica root path has changed" #362651

    Re: FRS "replica root path has changed"

    Yes, as far as I can tell there is nothing wrong with FRS it just logs the errors in the few days leading up to a lockup and then they go away again. That’s why I suspect they are a symptom of the problem rather than the cause.

    Avatar
    beddo
    Member
    in reply to: First VMWare server locking up straight away #362650

    Re: First VMWare server locking up straight away

    I might have caught it.

    Looks like the SVGA driver from VMWare Tools is the culprit. Unininstalled that and it seems to be stable now.

    Avatar
    beddo
    Member
    in reply to: FRS "replica root path has changed" #362649

    Re: FRS "replica root path has changed"

    The plot thickens.

    Another lockup this morning with no NTFRS errors, no logs. Nothing.

    I have spotted some other errors in event viewer which I don’t think are related. There are some schannel errors approximately an hour before the lockup.

    Event ID 36887, Schannel: The following fatal alert was received: 48.

    Event ID 36888, Schannel: The following fatal alert was generated: 10. The internal error state is 1203.

    I have uninstalled Mozy in case that had anything to do with it but there’s no crash dumps or anything like that because it doesn’t completely crash.

    :confused:

    Avatar
    beddo
    Member
    in reply to: Anti Spam Solutions #362648

    Re: Anti Spam Solutions

    We proxy all our mail hosting customers through a Centos box running ASSP. That way we only have one spam setup to worry about and they all benefit from the rule training.

    There are other companies that provide an external relay other than us such as Trend and Postini. We haven’t used them though.

    Avatar
    beddo
    Member
    in reply to: Folder redirection policy change – missing shortcuts #362647

    Re: Folder redirection policy change – missing shortcuts

    I would be inclined use a share that is on a different path and let the server move/copy the files over.

    Event viewer would probably tell you what is happening though.

    Avatar
    beddo
    Member
    in reply to: Folder Redirection Permissions… #362646

    Re: Folder Redirection Permissions…

    I suspect you are looking at a samba config issue as to the best of my knowledge the account used is that of the user.

    You’d need to check the logs on the linux box to see what it says. Also, how old is that box? Is it running an old version of samba that maybe just doesn’t know how to talk to Win7?

    Avatar
    beddo
    Member
    in reply to: Startup/Logoff/Shutdown Script #362645

    Re: Startup/Logoff/Shutdown Script

    The startup scripts will be running as a local admin on the PCs so won’t automatically have access to network resources, I can only assume that is why you were told to use run as.

    Your script should work for log on / log off

    For help with the runas command just open a command prompt and type runas. Stick you command line in quotes and supply it as the “program” for runas and specify a domain user that has access to the network share.

    The problem with that is the password for runas must be entered interactively and thus the script wouldn’t run properly. You may even find your PC hanging waiting for a response that you can’t input because you just have a screen saying “Running startup scripts”

    You could have the startup script do:

    Code:
    net use \SERVER-01Apps01$ t: /user:DOMAINuser password
    your command >> t:logsstartuplogfile.log
    net use t: /delete

    I’m not sure if mapped drives will work at that stage though and you will need to use a very basic user account that has access to nothing but the log share. Anyone who can access that batch file will get that password so you don’t want expose anything you don’t have to.

    A more secure method may be to have the startup script write a local log file and the login script copy the local log file to a network respository.

    We implemented this kind of solution to monitor a terminal server, however we didn’t do startup scripts. I do however have a vbs script at the office that allows you to send an email instead of write a logfile so that may even be preferable. Let me know and I can dig it out.

    Avatar
    beddo
    Member
    in reply to: Group Policy Empty List #362644

    Re: Group Policy Empty List

    What do you mean an empty list?

    A group policy will show you a list of possible settings. If none of them are set then the policy has no settings and will not do anything. They will still show up though.

Viewing 30 posts - 1 through 30 (of 275 total)