EarthReactor

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 205 total)
  • Author
    Posts
  • Avatar
    EarthReactor
    Member
    in reply to: Decommissioning one of two exchange 2013 servers #377248

    Have a bit more info now –

    Both exchange servers (lets call them server1 and server2) have the mailbox role and the client access role installed. So I am guessing that because client access role is installed on both, outlook just tries connecting to either server?

    I just dont know whether its safe to uninstall exchange from server2 – how can I confirm this?

    I know for certain there are no mailboxes left on server2, but I am not sure if it is as simple as uninstalling exchange now, or if there are other things that need to be checked first? Any help much appreciated.

    Avatar
    EarthReactor
    Member
    in reply to: Problem with exchange 2016 and outlook connectivity #377247

    Hi guys, dont worry I sorted it now – did not realise there is apparently something new to exchange 2016 (I think) called mapi over http?
    Anyway, there was a URI that had to be configured for that to work –
    https://technet.microsoft.com/en-us/library/mt634322(v=exchg.160).aspx

    Avatar
    EarthReactor
    Member

    ^^ Exchange does not work well alongside g-apps unfortunately.

    Ah, the windows 8 option and windows mail sounds good.

    Avatar
    EarthReactor
    Member

    Hi Jeremy, does google apps work well with Thunderbird? I don’t want to lose any functionality if I can help it as Google Apps basically operates like an exchange mailbox in outlook using a proprietary addon I believe (google apps sync for outlook).

    Using webmail was the first thing I tried but it gets a bit annoying especially as I am managing client accounts in both Google and office 365 so would have to keep logging out, also not as easy to tab between desktop web mail.

    Cruachan I also tried two outlook profiles but what tends to happen is I open one and forget about the other and each one relates to a separate IT support business so don’t really want to neglect messages arriving from either account.

    Avatar
    EarthReactor
    Member

    Hi guys,
    The network settings are the same.
    I have even tried creating a new network adaptor in hyperV and then assigning IP settings to it but it did not help.

    Jeremy I take your point about the MAC address though, I’ll have a mess around with that today and see if it resolves the issue.

    Avatar
    EarthReactor
    Member
    in reply to: WSUS Keeps crashing – SBS 2008/Standard FE #377243

    Re: WSUS Keeps crashing – SBS 2008/Standard FE

    I’ll post back here when I have an update.

    Avatar
    EarthReactor
    Member
    in reply to: WSUS Keeps crashing – SBS 2008/Standard FE #377242

    Re: WSUS Keeps crashing – SBS 2008/Standard FE

    cruachan;287977 wrote:
    Far from abnormal, it’s almost expected behavior in WSUS running under SBS IME. :shock:

    From what you said though, you’ve changed the default WSUS settings so it doesn’t keep the updates locally. IIRC that might be the issue, or at least part of it, as SBS throws it’s toys out of the pram if WSUS isn’t exactly as it likes. Might be worth running the SBS BPA and seeing what it says.

    Thats a fair point.
    I am trying the cleanup tool now, but only ticking one box at a time, maybe that will work, if not then Ill go for getting an additional drive and moving the DB over to that.

    Avatar
    EarthReactor
    Member
    in reply to: WSUS Keeps crashing – SBS 2008/Standard FE #377241

    Re: WSUS Keeps crashing – SBS 2008/Standard FE

    Biggles77

    Thanks for the info, ok by the sounds of it my situation isn’t abnormal then, although it is strange that the WSUS console continuously crashes and becomes unresponsive.

    Ossian

    I have tried the cleanup but it continuously crashes out.
    I have not tried the Move WSUS wizard yet mainly because I dont have anywhere to move it to.

    Having said that, based on everyones comments, I think that is the sensible option, so I will arrange for some addtional storage, and then move WSUS to it.

    Ill report back with result.
    Thanks guys.

    Avatar
    EarthReactor
    Member
    in reply to: WSUS Keeps crashing – SBS 2008/Standard FE #377240

    Re: WSUS Keeps crashing – SBS 2008/Standard FE

    biggles77;287960 wrote:
    David, do you have the option of moving WSUS to a different partition or HDD? Also, 28GB sounds very small for WSUS updates.

    28GB is not the updates themselves – I have already changed the settings so that updates are not stored locally, its just the DB file size, is that still small?

    The option to move the database, if the above is normal then yes it will be an option, the only issue is that the systems are on managed hosting so space comes at a premium. For that reason I just wanted to explore other options first.

    Avatar
    EarthReactor
    Member
    in reply to: Very strange networking problem re port 25 traffic… #377237

    Re: Very strange networking problem re port 25 traffic…

    Hi Jeremy,
    thanks for your reply.
    Yes, I did have a receive connector set up to only receive on port 25.
    I did not have any outbound restriction in place though.

    Also, when testing, I reverted the receive connector to original values, thus allowing all traffic inbound on port 25.

    And as said, outbound port 25 had not been blocked by me.

    I did have a suspicion it may have been something at ISPs end, but when I spoke to them they said it was not.

    However, since speaking to them the issue has not occurred.

    I will keep this thread open and if and when it happens again, I will try some more trouble shooting steps based on what you have said.

    Avatar
    EarthReactor
    Member
    in reply to: Very strange networking problem re port 25 traffic… #377236

    Re: Very strange networking problem re port 25 traffic…

    Thanks for the reply James.

    I thought that would resolve it as well to begin with – I have seen similar issues a few times, but restarting the transport service does not help – and in fact I’m certain that I have restarted the entire server and it does not resolve the issue (I’m going to confirm that next time it occurs).

    The issue is only resolved after a reboot from the router – thats why I was almost certain that changing the router would have solved it, but it hasn’t.

    Also, it seems even more strange that once the issue occurs, we cannot even establish an OUTBOUND telnet connection over port 25…??

    Avatar
    EarthReactor
    Member
    in reply to: Looking for a good remote support software #377235

    Re: Looking for a good remote support software

    Sounds really good. Sounds like it would be expensive though (as it sounds like an all in one solution).

    Avatar
    EarthReactor
    Member
    in reply to: Looking for a good remote support software #377234

    Re: Looking for a good remote support software

    Just had a quick look. It’s looks really good. I like the sound of the workstation deployment that is mentioned in the ROI calculator.

    Avatar
    EarthReactor
    Member
    in reply to: Problem setting up terminal server session broker #377233

    Re: Problem setting up terminal server session broker

    Its still not working, but there is another thing I am not sure about.

    I have the following configuration:

    Both servers are accessed over the WAN.

    both servers have their own public IP addresses which we use when connecting to them via RDP.

    They also have their own local IP addresses – which are assigned on their NICs.

    We have a firewall that NATs between remote and local IP.

    so when I set up the servers as farm members, it says that the local IP addresses are used for reconnection – will this work?

    And also, in the round robin config, I have two A records with the same host (the farm name) but do I use the local IPs or the remote IPs?

    Avatar
    EarthReactor
    Member
    in reply to: Problem setting up terminal server session broker #377232

    Re: Problem setting up terminal server session broker

    ^^ Ah that makes sense now. I completely misunderstood what was meant by round robin!

    OK, I will try this after hours this evening and report back.
    thanks.

    Avatar
    EarthReactor
    Member
    in reply to: Problem setting up terminal server session broker #377231

    Re: Problem setting up terminal server session broker

    Meirp;285620 wrote:
    Hello Again .
    you must enable round robin in dns server from what i remember round robin is allowed by default .
    yes my friend create 2 A record with same name is necessary and must
    we are missing a little something .
    i think you problem is in group policy settings
    you configured right policy ?
    please cancel local Firewall in terminal server and Broker server ?

    i wait for you answer
    thank u

    Should the round robin be set up at the host for the domain/FQDN, or on the local domain server?

    I havent added anything in group policy, I thought changes could be made in group policy OR just by configuring each terminal server individually to be part of the farm.?

    OK, Firewalls I can turn off and see if that helps.

    Ah, now you have made me think – we do actually have some NAT going on so not sure if that would effect it – we have a public IP for each of the servers, and also private IPs, and then pfsense firewall handles the NAT between them… maybe thats why its not working?

    Avatar
    EarthReactor
    Member
    in reply to: Need to create virtual LAB #377230

    Re: Need to create virtual LAB

    yea not enough ram at all. 2012 is very greedy, especially once you put exchange on it and so on.
    We normally put 16GB on a 2012 DC. Anything below 10GB will not run well at all.
    Unlike the days of 2003 where you could run it on 2GB with no problem.

    Avatar
    EarthReactor
    Member
    in reply to: Problem setting up terminal server session broker #377229

    Re: Problem setting up terminal server session broker

    Meirp;285594 wrote:
    Hello

    you must create 2 record A with same name and different IP Address
    you need in the server broker add 2 Server to group :Session Broker Computers”

    dont forget applied policy on terminal server computer .

    good luckl

    On the session Broker server I have added both terminal servers to the session broker computers local group.

    then on each terminal server, in remote desktop session host configuration, I have set up farm membership, typed in DNS name for the session broker, and then used the same farm name on both.

    still every time I connect, log off and connect again, I automatically connect to the server whose IP I typed into remote desktop computer field.

    I understand that I am supposed to set up two A records of same name but different IP addresses – so when a client queries that FQDN, they will get several IP addresses returned, and pick the top 1 – as I understand it, this helps to balance the initial connection requests between terminal servers, but I don’t think its a necessity is it?

    Whichever server gets the initial login request, it should still query the session broker and then pass the request on accordingly shouldn’t it??

    Maybe I am missing something else?

    I did try connecting with administrator account, maybe that is exempt from being brokered?

    Avatar
    EarthReactor
    Member

    Re: How to configure external relay for authenticated users

    Hi Simon,
    thanks for the reply. That makes sense, and in fact as it currently stands, I have done what you advised against – I ticked the exchange users box on the current, and only, connector, and that solved the problem.

    However, as I understand it, that means that authenticated relay is now available on port 25, and if an external body guesses an accounts credentials, they can relay through our server.

    The idea of the second connector is to only allow authenticated relay on port 587, is that right?

    I will try to put it back the way it should be.

    Avatar
    EarthReactor
    Member

    Re: How to configure external relay for authenticated users

    that’s interesting and now that you mention it, I think I have come across that sort of scenario in the past and wondered what the reason for it was.

    In this case, I checked and the user is not a member of any protected groups. To be sure I have also created a test user that is just a standard user, and the issue still remains.

    In receive connectors I just have 1 connector, its set to listen on 25 and 587 and from 0.0.0.0-255.255.255.255.

    In authentication only TSL and basic auth is ticked.

    in permission groups, only anonymous users are ticked.

    Avatar
    EarthReactor
    Member

    Re: How to configure external relay for authenticated users

    could well be, is that likely to cause a problem?

    Avatar
    EarthReactor
    Member
    in reply to: Exchange 2013 problems with RPC and autodiscover #377225

    Re: Exchange 2013 problems with RPC and autodiscover

    Just a quick note to say that I have finially got to the bottom of it.
    Simon you got me looking in the right places – at the Exchange URIs.

    I came across this article on exchange 2013 setup:

    http://ilantz.com/2013/06/29/exchange-2013-outlook-anywhere-considerations/

    I followed all of that very carefully, then done another IISRESET, and it all worked.

    Autodiscover is now working perfectly for remote users.

    Im so glad that is resolved and working correctly now.

    Its quite ironic though because the original problem I had with a user that prompted all of this investigation, WASNT fixed by the above steps!

    It turned out that the only reason her outlook stopped working was because somehow “compatibility mode” had been ticked for her outlook 2013 icon!

    Im happy though because this autodiscover issue was a very real problem in itself.

    Avatar
    EarthReactor
    Member
    in reply to: Exchange 2013 problems with RPC and autodiscover #377224

    Re: Exchange 2013 problems with RPC and autodiscover

    Sembee;284587 wrote:
    Do an Autodiscover test through Outlook.
    http://semb.ee/adt

    See what is being returned to the client.
    Some references to an internal server are fine, because eventually it needs to hit the mailbox role holder. Whether it is an issue though is another matter.

    Simon.

    can I post the results here? With obscured personal details?
    The output doesn’t show any errors as such.
    But then as soon as I close outlook, it wont open again – server unavailable message displays.
    then I have to set up another profile manually.
    And yes, there is a proper SSL cert from Godaddy and its a multi domain one.

    Avatar
    EarthReactor
    Member
    in reply to: Exchange 2013 problems with RPC and autodiscover #377223

    Re: Exchange 2013 problems with RPC and autodiscover

    Hi,
    thanks for the quick reply.

    I have followed those instructions – including the configuration of split DNS.

    I restarted exchange services and restarted IIS via IIS7 admin.

    The issue still persists.

    I can successfully configure outlook anywhere, if I enter everything manually –
    server:local server FQDN
    mailbox:mailbox name
    and then tick connect to microsoft exchange over http
    URL:Public FQDN.

    But that is then a very intermitent setup – at a random point in time, it will later fail – I guess thats when it tries to update itself via autodiscover?

    The remote connectivity analyser still says that it cant resolve a local address (server.domain.local), anywhere else I can check to see if that still resides?

    By the way, it is exchange 2013, if I didnt mention that already.

    In ECP, I have changed all virtual directory URIs (internal and external) to the appropriate values, but all with the FQDN rather thatn the internal one.

    Avatar
    EarthReactor
    Member
    in reply to: SPF records and what to do with them #377222

    Re: SPF records and what to do with them

    Yes, SPF records show what mail servers can legitimately send emails on behalf of your domain.

    There are loads of generators around to build a correct SPF record, such as this one:
    http://www.spfwizard.net

    The basic principal is that you need any mail servers sending email for your domain, to be listed in the SPF record in one way or another – I think it can be done by IP,FQDN,to include all mail servers associated with another IP and some other options as well.

    The record should reside on whichever DNS server is responsible for your domain – so if you use this tool:
    http://dnscheck.pingdom.com

    Whatever nameserver it reports for your domain, is the palce where you should go to add the TXT record.

    As Ossian stated, in your case it will most likely be your cpanel server – unless you have only added an A record for your web hosting and your DNS/email is managed elsewhere.

    Avatar
    EarthReactor
    Member

    Re: how large can I make the event log files without causing an issue?

    wullieb1;283686 wrote:
    I’d be asking why the logs are getting so large in the first place.

    I have set it up to archive the security log every 500MB.
    Its up to 4GB after about 3 days.

    I think the reason they are so big is that I have set it to audit every file action for all users for the main shared folder that the company uses! And the reason being is that someone is continuously, and accidentally, moving and or deleting client folders and they want to pinpoint who it is.

    Avatar
    EarthReactor
    Member

    Re: how large can I make the event log files without causing an issue?

    ^^thanks very much.
    Now I looked again, there is an option to set a limit, and have the logs archived when the limits are reached. I take it that should have the same effect?

    Avatar
    EarthReactor
    Member
    in reply to: Please create Linux discussion in this forum #377219

    Re: Please create Linux discussion in this forum

    JeffJames;283397 wrote:
    Hi David –

    Ossian, Biggles, and Daniel are all correct: Petri is primarily a site for Windows Server admins, so we don’t have much for Linux on the content side either.

    That being said, we have just posted the first of a new article series about Linux that is written specifically from the perspective of a Windows Server administrator, primarily for Windows admins who may have to deal with a Linux server or two at times.

    Here’s the first article in the series:

    Linux for Windows Server Administrators
    http://www.petri.com/linux-for-windows-server-administrator.htm

    We’d appreciate any feedback on the article series, so let me know if you have comments.

    Kind regards,

    – Jeff

    Thanks for letting us know, the first article looks really interesting.

    I can almost feel the linux sub-section coming… :-)

    Avatar
    EarthReactor
    Member
    in reply to: Problem with SSL Certificate in Outlook 2010 #377218

    Re: Problem with SSL Certificate in Outlook 2010

    Sembee;283237 wrote:
    You need to change the host names in Exchange to match the name on your SSL certificate.

    http://semb.ee/hostnames2007

    Simon.

    that worked perfectly – I am not sure what was wrong as I just ran the commands to insert the correct values through shell – but I think it was something to do with the internal and external access URLs configured in exchange.

    Thanks alot!

    Avatar
    EarthReactor
    Member
    in reply to: Problem with SSL Certificate in Outlook 2010 #377217

    Re: Problem with SSL Certificate in Outlook 2010

    I have just added records manually for mail.publicdomain.com and autodiscover.publicdomain.com and I can ping both of them now from the clients.

    However, this certificate warning is still coming up in outlook, I don’t understand why because everything seems to be correct..??

    Any ideas?

Viewing 30 posts - 1 through 30 (of 205 total)