Archive for the ‘server’ Category

New server and already failing Services?!?

April 27, 2018

So if you’re anything like me, you’ll see these two after you have built the server (which is rather disappointing because it’s a shiny new server!);

  • Downloaded Map Manager
  • Google Update Service

Now I know you shouldn’t install Chrome but it’s one of those things that makes life a little easier so sue me.

Anyway its normal to get these alerts cos they start and stop quickly but Windows thinks that means they failed.

Normally we don’t care too much about monitoring these services so just remove them from the manager;

  • Go to Server Manager
  • Find Local Server / All Servers
  • Click Services
  • Top left click Services where it probably has “All”
  • Uncheck the offending Service you don’t want to monitor anymore.
  • Hey Presto… you will now never know if it’s failing 🙂

 

Advertisements

Sharing email folders in 365

March 23, 2018

I’ve had a few issues with this over the years but here’s a few tips to help troubleshoot if you get problems sharing out email folders to other people in the organization.

  • “Permissions can’t be saved for folder X”
    • A quick solution to this is to head over to Outlook! Yes, apparently Outlook is better equipped to add or change permissions than the web portal on Microsoft’s servers.
    • This solution worked for me and weirdly having to use Outlook as my main conduit for permissions changes might seem a little odd but Microsoft are still working on the web portal interface and all the junk that goes along with that.
    • It works the same way, i.e. right click on the folder you want to share and choose Folder Permissions.
  • After adding permissions you still get denied access.
    • After adding users to the folder we want to share, they still aren’t allowed to view it! The problem lays in the root folder (the users name in the folder structure)
    • Right click on the users name > Folder Properties > Add > search for the user you want to give permission > OK. 
    • Change permission level to Reviewer (at a minimum) > OK.
    • ~
    • Now go to the other mailbox and add that shared folder in.
  • To add the shared folder on the end user do one of these options;
    • File > Open & Export > Other User’s Folder > type in the users name or click name and search for them > OK (you have to use the Inbox folder type)
    • The alternative way to add is below;
    • File > Account Settings > Account Settings > Double click on the email account > More Settings > Advanced > Add (from “Open these additional mailboxes”) > Type in the users email address > OK > OK > Next > Finish.

 

Let me know if the above is confusing and I’ll try to write a better guide.

Delete dead DC from domain

March 1, 2018

OK so this post is going to be unusual for me cos I’m just going to post some links for now cos lots of other people have created nice guides.  It’s just a matter of trying to find them!

First one for us lazy folks… the GUI option;

Second is more traditional NTDSUTIL;

Third, everyone else;

More as I find them… I might even make a guide myself but right now I don’t have the time.

Windows Server 2016 Security Tab on OU’s

February 28, 2018

Why oh why Microsoft? By default, they decided to HIDE the security tab on Organizational Units. Sigh.

So in order to unhide (even though you’re a domain admin) you need to do the following;

  • Open Active Directory Users and Computers
  • Click View > Advanced Features.
  • Now, you will see the security tab when you get properties on an OU.

I really don’t know why this “feature” was added but there you have it.

Meraki VPN using AD

February 27, 2018

Key points;

  • Using Meraki VPN and want to use Active Directory.
  • Verified that it works with Meraki authentication.
  • Doesn’t work with Active Directory.

We had this issue with a client that had used an Windows Server 2003 AD server. Worked fine but I forgot how I had set it up and when we got them moved over to a shiny new 2016 server it broke the VPN and sharing.

Here’s the fix on the AD Server;

  • On new server create a self signed certificate.
    • If you don’t know how to do that follows these instructions;
    • Install IIS via Server Manager.
    • Once installed Click on Server Certificates under your IIS Server.
    • Click on Create Self-Signed Certificate.
    • Give it a name (can be anything) and choose Personal.
  • Now that you have a cert you can move to the next step which is Firewall.
  • Create a Firewall rule to open port 3268. This is the Meraki means of communication.

Now on the Meraki;

  • Go to Security Appliance > Client VPN
  • Under Authentication choose Active Directory.
  • Under Short domain, Server IP, “Domain Admin” and Password, fill those in with the relevant info. The Domain admin is the authentication user you’ll need to create to allow the Meraki to verify that the user is allowed.
  • At this point you will want to put the “Domain Admin” (not an actual domain admin! but the VPN authentication user) into a separate OU to wall off these VPN users. Instructions on how to do this will have to wait… I will update.

Should work now 🙂

Can’t join a Windows 2012 server to a 2003 forest

January 21, 2017

Simple solution but here’s the scenario;

I had to replace a 2003 server with a 2012 server. So the original forest and domain is 2003 (I had to upgrade that from 2000!) but when I tried to promote the 2012 server to a DC it balked with this error;

“A domain controller running 2008 or later could not be located in this domain.”

I did some digging and found that it’s really not stopping you but prompting you to put in a recovery password. Thanks for the intuitive message MS.

So simply type in a recovery password and it will allow you to continue the promotion.

Ref: https://social.technet.microsoft.com/Forums/sharepoint/en-US/87876f09-90e6-4548-bdb6-7b1e525951be/adding-a-windows-2012-dc-to-a-windows-2003-forest?prof=required

Symantec, the space hog

December 9, 2015

If you’ve found this page then you know how much of a pain Symantec Endpoint Protection can be when it comes to eating up space. Server today ran out of space – down to 500mb on the main drive. After clean up it’s back to 71GB… yes you read that right.

So how to clean up Symantec Endpoint Protection’s mess? Simple;

Stop the Symantec Services.
Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
Start the Symantec Services.

That bad boy just continues to eat up space without regard for the environment. Now I’m assuming that there is some sort of limit you can impose on the log file but honestly I haven’t had time (who does) and so I periodically remote in and run the above steps.

Fixed problem.

DNS changes in DHCP

December 3, 2015

This is something that might help for future reference. Something I very rarely have to do but would helpful for other people and a good reference.

Specifically changing where your DHCP client points DNS requests to.

  1. Open DHCP Manager
  2. Drill down to the scope
  3. Open Scope Options
  4. double tap DNS Servers
  5. Add your new shiny server and move it to the top of the list
  6. Click OK and you’re done

Symantec Endpoint DB /Log file out of control?

January 29, 2015

So I had a log file that was 98GB.
I found a forum post from Symantec giving a download for a file that would compress the db/log but in order to run that app you had to have lots of space on your drive!
So what happens if I ‘m running out of space and I need more? Tough, you can’t set a different cache folder that the compression tool works with. Wonderful.

Instead, just run through the process of backing up the DB. There is a DB backup app under tools in the Symantec programs location. What does that do? Well for starters is just clears the log file… Oh yeah.

Or you can do this;

  • Stop the Symantec Services.
  • Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
  • Start the Symantec Services.

Simple fix I thought.

Microsoft LLDP woes

December 22, 2014

One of the stranger problems I have come across.
When I boot up the PC neither Wifi nor Ethernet work. they connect ok but have no IP address.
I ruled out Hardware issues as well as router/DHCP issues so it comes down to Windows and more narrowly to Microsoft LLDP protocol driver.
When I enabled this and disabled it the NIC came back to life. Weird huh? If I reboot the problem comes back…
Anyway as a short term fix I created a script to fix this issue;

Echo off
cd \it\nvspbind
nvspbind “Ethernet” /e ms_lldp
Echo Recalibrating…
ping -n 5 -w 1000 127.0.0.1 > nul
nvspbind “Ethernet” /d ms_lldp

Now you will need to download NVSPBIND from Microsoft to do this but it’s worth it and I can confirm it does work.

Download it here; https://gallery.technet.microsoft.com/Hyper-V-Network-VSP-Bind-cf937850

When you download it, it will give you all the arguments you can add.

My example above is on a network device called Ethernet and I put a little “wait” command in there (which is the ping!) then disabled it again. Also I downloaded NVSPBIND to a folder called c:\IT\NVSPBIND.
This worked like a charm for me.