jump to navigation

Ricoh sc542 Error Code on mp5500 mp6500 mp7500 2051 2060 2075 3035 3045 October 31, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Reseting SC 542 error code on Ricoh copier
Grin
Cheesy  Press  CLEAR MODE(yellow) key,
Cheesy  Press  1 , 0 , 7
Cheesy  Press and hold down CLEAR/STOP (red) key for more 5 sec.
Cheesy Press in the SP Mode( on the touch pane)
Cheesy  Open the front door turn OFF the power main switch, and turn it ON
http://copierliquidationcenter.com

Ricoh sc542 Error Code on mp5500 mp6500 mp7500 2051 2060 2075 3035 3045

Remove ‘WD SmartWare’ from your Western Digital Passport or MyBook October 28, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Remove ‘WD SmartWare’ from your Western Digital Passport or MyBook « Let Me Teach You Something

If you’ve purchased a Western Digital Passport or MyBook drive in the past little while (I’ve recently bought 3), you’ve no doubt run into the Western Digital Smartware. This is a virtual drive that is setup with the hard-drive that mounts every time you plug it in. It would seem that at first it’s permanent, and the only way to get it to disappear is to install the software that comes with the drive. However, there is a fix that Western Digital provides on their website. Don’t ask me why a simple ‘delete’ function or ‘eject permanently’ isn’t more readily available.

You can view the instructions from Western Digital on this link, or on this page below! Note that these instructions may change in the future; If newer editions of the drive come out, then I’ll be making an update to the page. This should work for the next year at least:

Mac instructions will come first, and Windows users look further down the page.

IMPORTANT

The following precautions must be performed before installing the firmware update:

  • All AntiVirus software MUST be disabled.
  • All Anti-Spyware software MUST be disabled.
  • ANY and ALL programs that would require drive access during the update MUST be disabled.
  • Failure to perform these precautions may cause data corruption/loss and/or drive failure.

Mac STEP 1:Firmware Update: Release 1.032 (11/19/09)

Western Digital Passport Drive

Western Digital’s portable ‘Passport drive’

Mac OS® X, Tiger®, Leopard®, Snow Leopard™
This update is recommended for Mac OS X 10.4.11, Mac OS X 10.5.8 and any version of Mac OS X 10.6.

  1. Disconnect all other external drives from the computer except for the My Book or My Passport hard drive you want to update.
  2. Ensure that the My Book or My Passport drive is connected to a USB port on your computer.
  3. Download Firmware Updater for Mac. (mirror here)
  4. Unzip the Firmware Updater and double click WD Essential and Elite Firmware Updater for Mac.
  5. Verify the attached drive’s serial number located on the back of the drive.
  6. Select the drive displayed.
  7. Click Update Firmware.
  8. Drag both My Book Drive and WD SmartWare Virtual CD icons to Trash bin.
  9. Click OK.
  10. Click Accept the End User’s License Agreement (EULA).
  11. Click Yes.
  12. Once the updater is finished, click Exit.
  13. Turn off the drive – For My Passport, disconnect the USB cable. For My Book disconnect both USB and power cables.
  14. Wait 10 seconds. Reconnect the USB/power cables.

Mac STEP 2:Download and run the VCD Manager

  1. Download VCD Manager VirtualCDManager_v1003.zip for Mac to your desktop. (mirror here)
  2. Unzip the utility and double click to open.
  3. Click Continue to disable the VCD.
  4. Click Accept the End User’s License Agreement (EULA).
  5. Click Drive to configure and select your drive.
  6. Verify desired Virtual CD setting.
  7. Once the utility has found your drive, click Configure Drive.
  8. Once the Virtual CD setting is finished, click Exit.
  9. Power cycle the drive – For My Passport, disconnect the USB cable. For My Book disconnect both USB and power cables.
  10. Wait 10 seconds. Reconnect the USB/power cables.
  11. Verify that the VCD no longer appears.

PC STEP 1:Firmware Update: Release 1.032 (11/16/09)

Western Digital MyBook

Western Digital’s External ‘MyBook Drive’

Before running the Virtual CD Manager, you must first update the firmware on your hard drive.

  1. Disconnect all other external drives from the computer except for the My Book or My Passport hard drive you want to update.
  2. Download the Firmware Updater for Windows. (mirror here)
  3. Unzip the file and double click to open the Firmware Updater.
  4. Click Continue to update the firmware.
  5. Verify the attached drive’s serial number located on the back of the drive.
  6. Click Update Firmware.
  7. Click Accept the End User’s License Agreement (EULA). The updater will scan the drive; this may take a few minutes.
  8. Once the updater is finished, click Exit.
  9. Turn off the drive – For My Passport, disconnect the USB cable. For My Book disconnect both USB and power cables.
  10. Wait 10 seconds. Reconnect the USB/power cables.

PC STEP 2:Download and run the VCD Manager

  1. Download VCD Manager WDSmartWareVirtualCDManagerforWindows-v1.0.7.4.zip for Windows to your desktop. (mirror here)
  2. Unzip the utility (Extract the file using an extraction utility.)
  3. Double click WDSmartWareVirtualCDManagerforWindows-v1.0.7.4.exe.
  4. Click Continue to disable the VCD.
  5. Once the utility has found your drive, click Configure Drive and then click Exit.
  6. Turn off the drive – For My Passport, disconnect the USB cable. For My Book disconnect both USB and power cables.
  7. Wait 10 seconds. Reconnect the USB/power cables that have been disconnected in the previous step.
  8. Verify that the VCD no longer appears.

And there you have it, good riddance!

credit to Western Digital for the instructions:
http://www.wdc.com/wdproducts/updates/?family=wdsmartwareutilities
http://www.wdc.com/wdproducts/updates/?family=wdsmartwareutilitiesmac

Webster’s Presentation Virtualization Tips and Tricks from the Trenches October 28, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Webster’s Presentation Virtualization Tips and Tricks from the Trenches

Webster’s Presentation Virtualization Tips and Tricks from the Trenches

How (and why) Microsoft is killing the GUI on Windows Server October 20, 2011

Posted by John Ruby in BlogoSphere.
add a comment

 

Don Jones, Contributor

Man, say “no more GUI on Windows Server” in a crowded room of IT professionals, and you’d better be standing near the door. Nothing gets folks more riled up than the idea that they won’t be able to drag-and-click their way through administrative tasks any more.

If that’s you, then relax. It’ll be fine.

Microsoft’s goals
Microsoft has a problem. On the one hand, they have a lot of people working in smaller environments who will never be programmers. Not ever. Those folks are only successful with Windows because of the windows – meaning that they’re able to leverage their desktop-centric skills to manage a server.

Show Me More

This is, in fact, how Microsoft got to where it is today. The GUI let it trivialize NetWare, gave it a leg up on Unix, and got Windows into departments and organizations all over the world.

On the other hand, Microsoft is now dealing with organizations that have hundreds and thousands of servers. Those guys are getting a little tired of having to log into three dozen servers, one after the other, just to click a checkbox to change some configuration setting. It’s boring, it’s error-prone, and with today’s salaries it’s downright expensive.

There’s another problem, too, and it’s called server stability. We all want five 9’s: 99.999% server availability. Not a lot of Windows servers achieve it. People still brag, however, about that old NetWare server that’s sitting in a closet somewhere, happily humming along and never needing rebooting. However, it’s a NetWare server without a GUI. Turns out, enabling a GUI on a server operating system can be pretty impactful. Creating and managing the desktop environment requires serious computing power and doing it over and over and over again can definitely have a deleterious effect on server stability. That’s not even mentioning patches: The current GUI-less Server Core version of Windows gets markedly fewer patches than its full-GUI cousin.

So, on the one hand you’ve got folks who need the GUI. On the other, folks whoneed better automation. And in the middle, servers that could do a lot better if the GUI wasn’t used.

Dealing with the dichotomy
So Microsoft says to itself, “Okay, we need to take the time to build the GUI. But there’s all this functionality that has to go into it, so it’s going to take time. Then we’re supposed to turn around and spend the same amount of time writing the same functionality in a command-line tool? What a waste!”

You might suggest that Microsoft back off a bit and think about it. “Hey,” you might tell them,“why don’t you just move the actual functionality into some external file, like a DLL? Then both the command-line tool and the GUI could use that same functionality.”

Brilliant! And what do you think PowerShell is?

PowerShell commands live in DLLs. PowerShell’s engine is a DLL. What you see when you run PowerShell is a very tiny little interface that allows a human to load those DLLs and make them do stuff. Those same DLLs can also be called from within a GUI: Witness Exchange Server’s GUI console, and the new Server Manager in Windows 8 Server. See, with PowerShell, you get both.

And that’s the path forward
So it’s entirely possible for Microsoft to kill the GUI while still making the GUI. Take the GUI off of the server OS. Use PowerShell to enable command-line management of the server – but run those commands on your workstation. Or, if you prefer, boot up a GUI on your workstation and manage the server from there. Heck, you can almost do that today – you don’t seriously log on to a domain controller to add new users do you? Active Directory Users and Computers runs just fine on your workstation.

Another neat feature of PowerShell is Remoting, which gives commands a universal way of talking to remote servers. So the idea is to never log onto the console, ever again. Just manage everything remotely – using a CLI or a GUI, whichever you prefer – from your client computer. So they’re not really killing the GUI. They’re just moving it off the server, and letting the server be a server.

More on PowerShell

Using PowerShell to manage Microsoft Hyper-V

Learning the value of designing PowerShell functions for reuse

The problem with this approach up to now is that there’s too many things we can’tconfigure without using a GUI. Network adapters for example, or the Windows Firewall. I mean, I know you can configure those things from the command-line, but yuck – the syntax is awful. That’s what Microsoft is fixing in Windows 8, giving us everything in PowerShell – meaningeverything can have a remote GUI built atop it.

GUI. Command-line. Doesn’t matter, you can take your pick. And you get a more stable server along for the ride. What’s not to love about that?

Follow SearchWindowsServer on Twitter @WindowsTT.

ABOUT THE AUTHOR
Don Jones
is a Senior Partner and Principal Technologist for Concentrated Technology, LLC, a strategic consulting and analysis firm. Contact him through the company’s Web site, http://ConcentratedTech.com.

http://searchwindowsserver.techtarget.com/tip/How-and-why-Microsoft-is-killing-the-GUI-on-Windows-Server?asrc=EM_NLT_15211842&track=NL-1687&ad=851828

How do I deliver messages quarantined by Forefront Security for Exchange Server (FSE)? October 19, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

How do I deliver messages quarantined by Forefront Security for Exchange Server (FSE)?

PoorPoorFairFairAverageAverageGoodGoodExcellentExcellent

If you need to deliver a message or attachment that has been quarantined by FSE, there are several options.

Delivering a message from quarantine

If you want to deliver an entire message that has been quarantined, you can use the Deliver button on the Quarantine work pane to deliver the quarantined message to the intended recipient(s) or any other designated recipients.

When you click the Deliver button, the Confirm Delivery dialog box is displayed, which enables you to specify the recipients and the delivery action for the message being delivered.

If a single file is selected for delivery, the original recipients populate the To:, Cc:, and Bcc: fields. If multiple files are selected, the fields are initially empty.

There are three choices in the Delivery Action section:

  • Original Recipients—The recipients fields are disabled. Click OK to deliver the selected files to their original recipients.
  • Above Recipients—The recipients fields are enabled and can be changed by the administrator. Click OK to deliver the selected files to the named recipients.
  • Original and Above Recipients—The recipients fields are enabled and the administrator can change them. Click OK to deliver the selected files to both the original recipients and any additional ones entered.

When quarantined messages are delivered to the user’s mailbox, the original message is included as an attachment. When the user opens the attachment, the original message launches within Outlook as a separate message.

Note: On an Edge Server Forefront has no access to the Active Directory, so you must enter a full e-mail address with a fully qualified domain name, even if delivery is to an addressee inside your Exchange organization. If you do not enter a fully qualified domain name, Forefront will not be able to deliver mail from quarantine.

Forwarding attachments from quarantine

Attachments that were quarantined by the virus scanner or the file filter can be forwarded.

Forwarding attachments quarantined by the virus scanner

Attachments that were quarantined by the virus scanner cannot be forwarded unless the scan jobs are disabled. Any forwarded attachment that contains a virus is redetected and treated appropriately.

Forwarding attachments quarantined by the file filter

Attachments that were quarantined by the file filter are scanned for filter matches unless the General Option setting Deliver from Quarantine Security is set to Compatibility Mode. This enables messages to be forwarded without being redetected by any of the scan jobs.

To enable attachments to be delivered without being redetected, Forefront Security for Exchange Server adds a special tag to the subject line of the message. You may customize this tag by changing the entry in the registry key value ForwardedAttachmentSubject. This value enables administrators to specify the tag text to use in the subject line. The subject line tag text can be changed to a unique string for the organization or changed into another language.

Note: If you set the General Option Deliver from Quarantine Security to Compatibility Mode and change the subject line tag text, messages tagged with the old tag text will be filtered if they are re-scanned for any reason. This is because the filter will only honor the new tag text in the subject line.

Using the ExtractFiles tool to save quarantined files to a local folder

You can also extract all or a subset of the quarantined files to a local folder. To do this you use the ExtractFiles console tool that is included with FSE.

From the command prompt, enter the following syntax to use ExtractFiles tool:

extractfiles Path Type

Path: The absolute path of the folder in which to save the extracted quarantined files.

Type: The type of quarantined files to extract. This can be the specific name of a virus, a specific extension, or all quarantined files. For example:

· Jerusalem.Standard   Extracts files that were infected with the virus named Jerusalem.Standard.

· *.doc   Extracts quarantined files that have a .doc extension.

· *.*   Extracts all quarantined files

Examples:

extractfiles C:\temp\quarantine Jerusalem.Standard

extractfiles C:\extract\ *.doc

For more information about the FSE quarantine, refer to the Reporting and Statistics topic in the Forefront TechNet documentation library.

How do I deliver messages quarantined by Forefront Security for Exchange Server (FSE)? – TechNet Articles – Home – TechNet Wiki

DFS – Clean Old DFS Replication Groups October 19, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

DFS – Clean Old DFS Replication Groups

You may use ADSIedit.msc to check the object of on the DCs to remove the Phantom DFS namespace information.

a. Open ADSIedit.msc.

b. Connect to Default Naming Context (the domain name)

c. Expand and locate the container, which show the DFS root information

CN=<name_of_the_DFS replication group>,CN=DFSR-GlobalSettings,CN=System,DC=<name_of_your_domain>

For example, in this screenshot

Replication group: contoso.com\publicns\share

AD metadata

CN=contoso.com\publicns\share,CN=System,DC=CONTOSO,DC=COM

you can remove and delete it in AD

If possible, please run "repadmin /syncall" to sync the AD database on all the DCs, because the DFS root may try retrieving the DFS root information from its closest domain controller in its on site, thus we may need to the AD replica has been prepared.

For your reference, you may also refer to the following KB article to manually decommission a DFS root server.

How to manually decommission a root server that hosts a domain-based DFS root in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;842218

Hope it helps.

Scorprio

Microsoft Exchange 2010 SP1 Information Store Terminates Unexpectedly October 17, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Microsoft Exchange 2010 SP1 Information Store Terminates Unexpectedly | Kraft Kennedy | Technology Blog

Update 12/14/2010 – Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2010 SP1 which addesses this issue.

2423776 (http://support.microsoft.com/kb/2423776/) The Exchange Information Store service crashes frequently during a public folder replication process on an Exchange Server 2010 public folder

———–

Microsoft has confirmed a bug with Exchange 2010 SP1 where the Information Store services will continuously restart itself every minute or possibly more frequently.

This issue is evidenced by the presence of Event ID 7031 in the System Event Log.

The Microsoft Exchange Information Store service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Exchange 2010 System Event 7031

This will be immediately followed by Event ID 7036

The Microsoft Exchange Information Store service entered the running state.

Exchange2010 System Event 7036

Rinse. Repeat.

I have only found this to be an issue with servers running the Mailbox Role which host Public Folder Replicas. If you increase logging for the Information Store, you will likely notice Event ID 3093 in the Application Event Log.

Increase Information Store Logging
Get-EventLogLevel MSExchangeIS |Set-EventLoglevel -Level High

Error -2147221233 reading property 0×67010003 on object type tbtReplication from database “PF_DATABASE_NAME”.

Exchange 2010 Application Event 3093

If you are experiencing this issue, you have two options:

  1. Contact Microsoft Support or your TAM to obtain bug fix KB2423776. This bug fix is a temporary patch and will be included in the release of Exchange 2010 SP1 Update Rollup 2.
  2. Wait for Exchange 2010 SP1 Update Rollup 2. The ETA is currently unknown, however I am expecting it to be released in the next few weeks.

The interim hotfix installs cleanly and does resolve the issue. If you choose to go this route, the following steps are required to implement the fix. Note: This update will need to be removed using these same steps before installing UR2.

Steps to apply the Interim Update:

  1. Run sn.exe -Vr * to disable strong name verification.
  2. Run sn.exe -Vl to verify that strong name verification is disabled.
  3. Run the MSP file to install the Interim Update on the system.
  4. Run sn.exe -Vu * to enable strong name verification.

Steps to remove the Interim Update:

  1. Run sn.exe -Vr * to disable strong name verification.
  2. Uninstall Interim Update for Exchange 2010 from Add/Remove programs.
  3. Run sn.exe -Vu * to enable strong name verification.
  4. Run sn.exe –Vl to verify that strong name verification is enabled.

Additional information about Strong Name Verification can be found here.

Good luck!

Dave Carlson David Carlson ILTA Kraft Kennedy KKL

Taking a good look at Exchange 2003 Mailbox Manager – Exchange Team Blog – Site Home – TechNet Blogs October 17, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Taking a good look at Exchange 2003 Mailbox Manager

Taking a good look at Exchange 2003 Mailbox Manager – Exchange Team Blog – Site Home – TechNet Blogs

The Exchange Team

Avatar of The Exchange Team

The Exchange Team

Microsoft

319,202

Recent Achievements 3 3 4

New Blog Commentator Blogs All-Star Blog Party Starter

View Profile

21 Mar 2005 1:09 PM

  • Comments 8

This is a 1st post related to Mailbox Manager in this series, where I am trying to answer some most common questions about how this works.

What is Mailbox Manager?

Mailbox Manager is a tool that was designed to help enforce corporate message retention policies, and manage information store sizes. This allows you to clean mailboxes based on message size, message type, message age, and other properties. Mailbox Manager runs within the System Attendant process and does not run as a separate service like it did in Exchange 5.5.

Configuring Mailbox Manager

Mailbox Manager policies are applied very similarly to email recipient polices in Exchange. They can be configured on the same email policy or as a separate policy. A separate policy is the recommended way of configuring MM policies.

To verify that you are not applying a Mailbox Manager policy on any of the email policies, you need to right click on each policy in the ESM and verify that the property pages do not include "Mailbox Manager Settings" as shown below:

This setting controls what tabs are available in the Exchange System Manager. Once you enable or disable a property page, this also sets whether or not the msExchPolicyOptionList attribute gets populated on that particular Recipient Policy. You can view this in ADSIEdit as shown below. Note: If you accidentally check off Mailbox Manager Settings and Click OK, you have effectively told the RUS to update every recipient with a Mailbox Manager policy that falls within the LDAP scope of that policy. You do not need to apply the policy as the RUS treats MM policies differently in the way that it stamps the users.

There are normally two values that you will see for this attribute. One will be for E-Mail addresses (0xfc 0x1c 0x49 0x26 0x50 0x9e 0x57 0x48 0x86 0x1b 0x0c 0xb8 0xdf 0x22 0xb5 0xd7) and one will be for Mailbox Manager (0xec 0x13 0x68 0x3b 0x89 0xce 0xba 0x42 0x94 0x42 0xd8 0x7d 0x4a 0xa3 0x0d 0xbc). This attribute will tell you what type of proxies are being applied for that policy. Simply checking or un-checking a value on the property pages will update this attribute.

Creating Mailbox Manager Policies

One of the largest issues for Mailbox Manager is how to filter out via an LDAP filter who does and does not get cleaned by Mailbox Manager. For example, let’s say you have your standard 4×5 Storage Group/Mailbox Store scenario and you have the executive mailboxes on the first two stores within a storage group and the rest are all user mailboxes. How in the world does one create a filter to do that through the GUI? Currently, you can’t. This will take some custom LDAP filters and the size of this filter can be huge and in a large environment.

Here is an example to filter out the Executive users for a Mailbox Store called StoreA under two different storage groups

(&
(objectClass=user)
(objectCategory=person)
(mailnickname=*)
(|
(homeMDB=CN=StoreA,CN=SG1,CN=Information Store,CN=ServerName,CN=Servers,CN=AdminGroupName,CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=whatever,DC=com)
(homeMDB=CN=StoreA,CN=SG2,CN=Information Store,CN=ServerName,CN=Servers,CN=AdminGroupName,CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=whatever,DC=com)
)
)

The above example was shortened, but you can see that creating these LDAP queries are quite complex and is the only way to get around the limitation of the LDAP filter GUI.

To create a new policy, right click on Recipient Policies in the ESM and select New Recipient Policy. Under Recipient Policies select "Mailbox Manager Settings" during the creation. Enter a descriptive name on the General tab and then select the LDAP filter you would like to apply this policy to. Select the "Mailbox Manager Settings (Policy)" to setup what you would like to clean within the users mailboxes. The available operations you can perform against mailboxes are the following:

• Generate report only
• Move to Deleted Items Folder
• Move to System Cleanup Folders
• Delete Immediately

When selecting the processing type, you effectively update the MsExchMailboxManagerMode attribute for that policy. The following are the possible combinations for this attribute.

0 —> Indicates "Generate Report Only"
1 —> Indicates "Move to Deleted Items Folder"
2—-> Indicates "Move to System Cleanup Folder"
3—-> Indicates "Delete Immediately"

When selecting which folders you would like the policy applied to, you need to understand that for the folders other than the "System Cleanup" or "All Other Mail Folders", subfolders are not processed by default. Subfolders are only processed when you select the "All Other Mail Folders" option. When selecting this folder option, this will clean out ALL subfolders in all folders in your mailbox. If you have contacts, appointments, or any other items that you do not want to have cleaned in any folders in your mailbox, you will need to exclude specific message classes shown next.

To exclude specific message classes, you can use the following configuration window.

The list of available messages classes that you can include are in the following table:

IPM Type

Outlook type

IPM.NOTE

Mail message

IPM.POST

Post (in this folder)

IPM.APPOINTMENT

Appointment and Meeting Request entries

IPM.TASK

Task

IPM.CONTACT

Contact

IPM.ACTIVITY

Journal entry

IPM.DISTLIST

Distribution List

IPM.STICKYNOTE

Note

If you would like to send a notification to the end user regarding what was moved in their mailbox and how much data was processed, you can select that option and change the notification message to whatever you would like it to say:

Once you successfully create the policy, the RUS now takes over to apply the policy to each of the users that fall within the LDAP filter that you created. Once the RUS stamps each of the users, you will get a new setting under mxExchPoliciesIncluded for the Mailbox Manager policy.

Getting an LDP dump of a user will show that attribute populated with a new Mailbox Manager Policy.

msExchPoliciesIncluded:
{6020959E-00A1-4D41-B1B5-1DCCBF47440F},{3B6813EC-CE89-42BA-9442-D87D4AA30DBC};
{2C6C407F-51A3-4FD5-934F-2B6924BEB645},{26491CFC-9E50-4857-861B-0CB8DF22B5D7};

Mailbox Manager Policies are uniquely identified by their GUID {3B6813EC-CE89-42BA-9442-D87D4AA30DBC}. E-mail Address Policies have their own GUID of {26491CFC-9E50-4857-861B-0CB8DF22B5D7}. So from the above example in the first line, we show the ObjectGUID of the policy itself, followed by the identifying GUID. This is very useful in identifying WHO is getting what policy applied. Keep in mind that you can have only one Mailbox Manager Policy at any given time and it is the RUS responsibility to keep this updated properly. There was a problem in Exchange 2003 SP1 that when a user is moved in and out of scope of a Mailbox Manager policy, that the previously policy is not removed, so two MM policies exist for that user. This causes the user to get two different cleaning policies applied to their mailbox. Applying the hotfix in 883351 will resolve this issue

Now that we have our policy in place and all of the users stamped, we need to go and configure each Exchange server to run the Mailbox Management process at a given time and to select who will get the administrative reports. To do this, get properties of an Exchange server and select the Mailbox Management tab.

Under "Start mailbox management process", select when you would like to run this process. This process should run only once within a 15 minute period. If you select a period that is greater than one 15 minute time period, the process may run multiple times causing the user to get multiple email reports if that is configured.

Under "Reporting", you can select whether you want to send a detailed report or a summary report. A detailed report will send an attachment of all users that were processed and how much data was moved/deleted in each folder. The summary report will give you the total amount of data that was processed in any given pass.

Under "Administrator", select the Administrator that you would like to send the report to. At this time, you cannot select a Distribution List to email this report to, only a user.

Now that you have everything configured, there is one more option in which you can manually run this process by right-clicking on a specific server in the ESM and selecting "Start Mailbox Management Process".

Next post will be on "How Mailbox Manager processes recipients"!

Orphaned DFS Namespace – How to Remove October 15, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

Orphaned DFS Namespace – How to Remove

It seems that you want to know how to delete the orphaned namespace information \\ourdomain.tld\DFS_Test from the DFS Management console. Meanwhile, you can query the current namespace \\ourdomain.tld\DFS_Prod which is on the production server.

As the domain-based DFS configuration stores in the AD database, every time we launch the DFS management console, it will try to retrieve the DFS information from AD.

There are two nodes in AD which stores the information of the DFS:

Node1. Store the DFS Namespace information which shows under the Namespaces node in DFS management console.

CN=DFS-Configuration, CN=System, DC=Domainname, DC=domainsuffix

Node2. Store the DFS Replication group information which shows under the Replication node in DFS management console.

CN=DFSR-GlobalSettings, CN= System, DC=Domainname, DC=domainsuffix

In this case, you may use ADSIedit.msc to delete the orphaned namespace information \\ourdomain.tld\DFS_Test under the node CN=DFS-Configuration.

1. Launch ADSIedit.msc

2. Connect to "Default naming context" (the domain partition)

3. Expand and locate to the following node:

CN=Dfs-Configuration, CN=System, DC=ourdomain, DC=tld

4. Check if the orphaned namespace CN=DFS_Test is under it, if so, you may delete this node CN=DFS_Test

Afterwards, please run "repadmin /syncall" if there is multiple domain controllers in the environment and then run "dfsrdiag pollad" on all the DFS member servers to manually make them sync the information from AD database.

Then, you may launch the DFS management console and then right-click on the orphaned namespace, and then select Remove Namespace from Display… if needed.

Stefan Hazenbroek: AD Certificate Services: How To Install on Windows Server 2008 R2 Core October 15, 2011

Posted by John Ruby in Solutions, Troubleshooting & Knowledge Bases.
add a comment

 

dinsdag 12 januari 2010

AD Certificate Services: How To Install on Windows Server 2008 R2 Core

Windows Server 2008 R2 Core offers the possibility of installing a Certificate Authority. However, not much documentation is available on how to configure the role using the commandline.
In this blogpost I will explain how you can install the role and use it to issue certificates to your servers and clients.
Log in to the server (Windows Server 2008 R2 Server Core server) that you’re going to install the Certification Authority on. You need Domain Admin or equivalent permissions on a single forest, single domain infrastructure or Enterprise Admins on a multi-domain infrastructure to be able to install AD Certificate Services correctly. The following command has to be issued on the commandline:

Dism /online /enable-feature /featurename:CertificateServices

Don’t forget, the DISM command is Case-Sensitive, so you should keep the Capitcal C and S in mind.
Instead, if you have powershell installed on your Windows Server 2008 R2 Core machine you can also use the following commands to install the role:
First, fire up powershell by typing powershell in the cmd screen. When Powershell is fired up type:

Import-Module ServerManager

At the top of the screen you’ll see the module being imported, when it’s complete you have the possibility to use the CMDLets Add-WindowsFeature,Get-WindowsFeature and Remove-WindowsFeature. Install AD Certificate Services using the following command:

Add-WindowsFeature ADCS-Cert-Authority

Restart the server when the installation is completed to be sure that all needed information is correctly populated and login to the server again.
Now, the nice folks over at the PKI blog published a nice article on how to use a VBScript to install a Certificate Authority. Check out:

http://blogs.technet.com/pki/archive/2009/09/18/automated-ca-installs-using-vb-script-on-windows-server-2008-and-2008r2.aspx

Download the script from above link and place it somewhere you are able to access it from the machine the CA is running on. Browse to the directory you placed the script in and execute the following command to install an Enterprise Root Certification Authority:

Cscript setupca.vbs /ie /sn NameOfYourCA /sk 4096 /sp "RSA#Microsoft Software Key Storage Provider" /sa SHA256

When you’ve issued above script and it completed succesfully (it’ll take about a minute or so) you will be able to start your CA. Go to the Windows 7 workstation with RSAT installed and open up Computer Management. Browse to the machine your CA is running on and fire up the service Active Directory Certificate Services. When running this from the commandline you issue the name CertSvc.
On the RSAT machine, open up the Certification Authority shortcut in the Administrative Tools folder. When you open this shortcut you’ll receive the following error:

This is no problem. Click on OK and when in the MMC right click Certification Authority (Local). In the submenu you choose Retarget Certification Authority. Choose Another Computer in the wizard and fill in the hostname of the machine that is running your CA. From now on you can manage your Certification Authority from your machine with RSAT installed.

Stefan Hazenbroek: AD Certificate Services: How To Install on Windows Server 2008 R2 Core