Archive for the ‘server’ Category

Windows Server 2008 FTP setup issue

March 26, 2019

I won’t go into WHY I was setting up a WINDOWS server with FTP but I wanted to share a little troubleshooting tip.

The standard setup is super simple – just install IIS (6 or 7 for server 2008) and then add FTP as an option.

You can mess around with the permissions, ports numbers, users, etc.

What tripped me up, and it’s obvious in hindsight, is the port numbers. I had wrongly assumed that if I change the port number for the FTP server (which is recommended anyway) from the default, Windows would update the firewall. It does NOT update the firewall… Doh.

A quick disable of the standard FTP firewall rule and creation of a new one with the new port number fixed the issue.

Advertisements

New server and already failing Services?!?

April 27, 2018

So if you’re anything like me, you’ll see these two after you have built the server (which is rather disappointing because it’s a shiny new server!);

  • Downloaded Map Manager
  • Google Update Service

Now I know you shouldn’t install Chrome but it’s one of those things that makes life a little easier so sue me.

Anyway its normal to get these alerts cos they start and stop quickly but Windows thinks that means they failed.

Normally we don’t care too much about monitoring these services so just remove them from the manager;

  • Go to Server Manager
  • Find Local Server / All Servers
  • Click Services
  • Top left click Services where it probably has “All”
  • Uncheck the offending Service you don’t want to monitor anymore.
  • Hey Presto… you will now never know if it’s failing 🙂

 

Sharing email folders in 365

March 23, 2018

I’ve had a few issues with this over the years but here’s a few tips to help troubleshoot if you get problems sharing out email folders to other people in the organization.

  • “Permissions can’t be saved for folder X”
    • A quick solution to this is to head over to Outlook! Yes, apparently Outlook is better equipped to add or change permissions than the web portal on Microsoft’s servers.
    • This solution worked for me and weirdly having to use Outlook as my main conduit for permissions changes might seem a little odd but Microsoft are still working on the web portal interface and all the junk that goes along with that.
    • It works the same way, i.e. right click on the folder you want to share and choose Folder Permissions.
  • After adding permissions you still get denied access.
    • After adding users to the folder we want to share, they still aren’t allowed to view it! The problem lays in the root folder (the users name in the folder structure)
    • Right click on the users name > Folder Properties > Add > search for the user you want to give permission > OK. 
    • Change permission level to Reviewer (at a minimum) > OK.
    • ~
    • Now go to the other mailbox and add that shared folder in.
  • To add the shared folder on the end user do one of these options;
    • File > Open & Export > Other User’s Folder > type in the users name or click name and search for them > OK (you have to use the Inbox folder type)
    • The alternative way to add is below;
    • File > Account Settings > Account Settings > Double click on the email account > More Settings > Advanced > Add (from “Open these additional mailboxes”) > Type in the users email address > OK > OK > Next > Finish.

 

Let me know if the above is confusing and I’ll try to write a better guide.

Delete dead DC from domain

March 1, 2018

OK so this post is going to be unusual for me cos I’m just going to post some links for now cos lots of other people have created nice guides.  It’s just a matter of trying to find them!

First one for us lazy folks… the GUI option;

Second is more traditional NTDSUTIL;

Third, everyone else;

More as I find them… I might even make a guide myself but right now I don’t have the time.

Windows Server 2016 Security Tab on OU’s

February 28, 2018

Why oh why Microsoft? By default, they decided to HIDE the security tab on Organizational Units. Sigh.

So in order to unhide (even though you’re a domain admin) you need to do the following;

  • Open Active Directory Users and Computers
  • Click View > Advanced Features.
  • Now, you will see the security tab when you get properties on an OU.

I really don’t know why this “feature” was added but there you have it.

Meraki VPN using AD

February 27, 2018

Key points;

  • Using Meraki VPN and want to use Active Directory.
  • Verified that it works with Meraki authentication.
  • Doesn’t work with Active Directory.

We had this issue with a client that had used an Windows Server 2003 AD server. Worked fine but I forgot how I had set it up and when we got them moved over to a shiny new 2016 server it broke the VPN and sharing.

Here’s the fix on the AD Server;

  • On new server create a self signed certificate.
    • If you don’t know how to do that follows these instructions;
    • Install IIS via Server Manager.
    • Once installed Click on Server Certificates under your IIS Server.
    • Click on Create Self-Signed Certificate.
    • Give it a name (can be anything) and choose Personal.
  • Now that you have a cert you can move to the next step which is Firewall.
  • Create a Firewall rule to open port 3268. This is the Meraki means of communication.

Now on the Meraki;

  • Go to Security Appliance > Client VPN
  • Under Authentication choose Active Directory.
  • Under Short domain, Server IP, “Domain Admin” and Password, fill those in with the relevant info. The Domain admin is the authentication user you’ll need to create to allow the Meraki to verify that the user is allowed.
  • At this point you will want to put the “Domain Admin” (not an actual domain admin! but the VPN authentication user) into a separate OU to wall off these VPN users. Instructions on how to do this will have to wait… I will update.

Should work now 🙂

Can’t join a Windows 2012 server to a 2003 forest

January 21, 2017

Simple solution but here’s the scenario;

I had to replace a 2003 server with a 2012 server. So the original forest and domain is 2003 (I had to upgrade that from 2000!) but when I tried to promote the 2012 server to a DC it balked with this error;

“A domain controller running 2008 or later could not be located in this domain.”

I did some digging and found that it’s really not stopping you but prompting you to put in a recovery password. Thanks for the intuitive message MS.

So simply type in a recovery password and it will allow you to continue the promotion.

Ref: https://social.technet.microsoft.com/Forums/sharepoint/en-US/87876f09-90e6-4548-bdb6-7b1e525951be/adding-a-windows-2012-dc-to-a-windows-2003-forest?prof=required

Symantec, the space hog

December 9, 2015

If you’ve found this page then you know how much of a pain Symantec Endpoint Protection can be when it comes to eating up space. Server today ran out of space – down to 500mb on the main drive. After clean up it’s back to 71GB… yes you read that right.

So how to clean up Symantec Endpoint Protection’s mess? Simple;

Stop the Symantec Services.
Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
Start the Symantec Services.

That bad boy just continues to eat up space without regard for the environment. Now I’m assuming that there is some sort of limit you can impose on the log file but honestly I haven’t had time (who does) and so I periodically remote in and run the above steps.

Fixed problem.

DNS changes in DHCP

December 3, 2015

This is something that might help for future reference. Something I very rarely have to do but would helpful for other people and a good reference.

Specifically changing where your DHCP client points DNS requests to.

  1. Open DHCP Manager
  2. Drill down to the scope
  3. Open Scope Options
  4. double tap DNS Servers
  5. Add your new shiny server and move it to the top of the list
  6. Click OK and you’re done

Symantec Endpoint DB /Log file out of control?

January 29, 2015

So I had a log file that was 98GB.
I found a forum post from Symantec giving a download for a file that would compress the db/log but in order to run that app you had to have lots of space on your drive!
So what happens if I ‘m running out of space and I need more? Tough, you can’t set a different cache folder that the compression tool works with. Wonderful.

Instead, just run through the process of backing up the DB. There is a DB backup app under tools in the Symantec programs location. What does that do? Well for starters is just clears the log file… Oh yeah.

Or you can do this;

  • Stop the Symantec Services.
  • Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
  • Start the Symantec Services.

Simple fix I thought.