Malinda Rathnayake - multicastbits.com

Server 2016 Data De-duplication Report – Powershell

Posted on October 8, 2016November 26, 2018 by Malinda RathnayakeLeave a Comment

I put together this crude little script to send out a report on a daily basis

it’s not that fancy but its functional

I’m working on the second revision with an HTML body, lists of corrupted files, Resource usage, more features will be added as I dive further into Dedupe CMDlets.

https://technet.microsoft.com/en-us/library/hh848450.aspx

Link to the Script – Dedupe_report.ps1

https://dl.dropboxusercontent.com/s/bltp675prlz1slo/Dedupe_report_Rev2_pub.txt

If you have any suggestions for improvements please comment and share with everyone

# Malinda Ratnayake | 2016
# Can only be run on Windows Server 2012 R2
#
# Get the date and set the variable
$Now = Get-Date
# Import the cmdlets
Import-Module Deduplication
#
$logFile01 = "C:_ScriptsLogsDedupe_Report.txt"
#
# Get the cluster vip and set to variable
$HostName = (Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain
#
#$OS = Get-Host {$_.WindowsProductName}
#
# delete previous days check
del $logFile01
#
Out-File "$logFile01" -Encoding ASCII
Add-Content $logFile01 "Dedupication Report for $HostName" -Encoding ASCII
Add-Content $logFile01 "`n$Now" -Encoding ASCII
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Get-DedupJob
Add-Content $logFile01 "Deduplication job Queue" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupJob | Format-Table -AutoSize | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Get-DedupSchedule
Add-Content $logFile01 "Deduplication Schedule" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupSchedule | Format-Table -AutoSize | Out-File -append  -Encoding ASCII $logFile01
#
#Last Optimization Result and time
Add-Content $logFile01 "Last Optimization Result and time" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupStatus | Select-Object  LastOptimizationTime ,LastOptimizationResultMessage | Format-Table -Wrap | Out-File -append  -Encoding ASCII $logFile01
#
#
#Last Garbage Collection Result and Time
Add-Content $logFile01 "Last Garbage Collection Result and Time" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupStatus | Select-Object LastGarbageCollectionTime ,LastGarbageCollectionResultMessage | Format-Table -Wrap | Out-File -append  -Encoding ASCII $logFile01
#
# Get-DedupVolume
$DedupVolumeLetter = Get-DedupVolume | select -ExpandProperty Volume
Add-Content $logFile01 "Deduplication Enabled Volumes" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupVolume | Format-Table -AutoSize | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "Volume $DedupVolumeLetter Details -  " -Encoding ASCII
Get-DedupVolume | FL | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Get-DedupStatus
Add-Content $logFile01 "Deduplication Summary" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupStatus | Format-Table -AutoSize | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "Deduplication Status Details" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-DedupStatus | FL | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Get-DedupMetadata
Add-Content $logFile01 "Deduplication MetaData" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Add-Content $logFile01 "note - details about how deduplication processed the data on volume $DedupVolumeLetter " -Encoding ASCII
Get-DedupMetadata | FL | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Get-Dedupe Events
# Get-Dedupe Events - Resource usage - WIP
Add-Content $logFile01 "Deduplication Events" -Encoding ASCII
Add-Content $logFile01 "__________________________________________________________________________" -Encoding ASCII
Get-WinEvent -MaxEvents 10 -LogName Microsoft-Windows-Deduplication/Diagnostic | where ID -EQ "10243" | FL | Out-File -append  -Encoding ASCII $logFile01
Add-Content $logFile01 "`n" -Encoding ASCII
#
# Change the -To, -From and -SmtpServer values to match your servers.
$Emailbody = Get-Content -Path $logFile01
[string[]]$recipients = "[email protected]"
Send-MailMessage -To $recipients -From [email protected] -subject "File services - Deduplication Report : $HostName " -SmtpServer smtp-relay.gmail.com -Attachments $logFile01

Cisco ASA WAN Failover IP SLA- Guide

Posted on May 8, 2015November 26, 2018 by Malinda RathnayakeLeave a Comment

We will proceed assuming

you already configured the ASA with the primary link

Configured the WAN2 on a port with the static IP or DHCP depending on the connection – you should be able to ping the secondary WAN link gateway from the ASA

Note:
Please remove the existing Static Route for the primary WAN link

Configure Route tracking

ASA(config)# route outside 0.0.0.0 0.0.0.0 <ISP 1(WAN1) Gateway> 1 track 1
ASA(config)# route Backup_Wan 0.0.0.0 0.0.0.0 <ISP 2 (WAN2) Gateway> 254

Now lets break it down

Line 01 – you add the WAN1 route with a administrative distance of 1 and we also include the track 1 statement for the SLA monitor tracking (See below)

Line 02 – with the second line we add the default route for the BackupWan link with a higher administrative distance to make it the secondary link

Examples

ASA(config)# route outside  0.0.0.0 0.0.0.0 100.100.100.10 1 track 1
ASA(config)# route Backup_Wan  0.0.0.0 0.0.0.0 200.200.200.10 254

Setup SLA monitoring and Route tracking

ASA(config)# sla monitor 10

Configure the SLA monitor with ID 10

ASA(config-sla-monitor)# type echo protocol ipIcmpEcho 8.8.8.8 interface outside

Configure the monitoring protocol, the target IP for the probe and the interface use

SLA monitor will keep probing the IP we define here and report if its unreachable via the given interface
In this senario im using 8.8.8.8 as the target IP you can use any public IP for monitoring

ASA(config-sla-monitor-echo)# num-packets 4

Number of packets sent to the probe

ASA(config-sla-monitor-echo)# timeout 1000

Timeout value in milliseconds. if you have a slow link as the primary increase the time out accordingly

ASA(config-sla-monitor-echo)# frequency 10

Frequency of the probe in seconds – SLA monitor will probe the IP every 10 seconds

ASA(config)# sla monitor schedule 10 life forever start-time now

Set the ASA to start the SLA monitor now and keep it running for ever

ASA(config)# track 1 rtr 10 reachability

This command will tell the ASA to keep tracking the SLA monitor with the ID:10 and the Default route defined with “Track 1”

if the probe fails to reach the target IP (in this case 8.8.8.8) via the designated interface it will remove the route defined with “Track 1” from the routing table

The next best possible route in this scenario the backup ISP route with administrative distance of 254 takes its place

Configure dynamic NAT Rules (Important)

nat (inside,<ISP 1(WAN1) Interface Name) source dynamic any interface
nat (inside,<ISP 2(WAN2) Interface Name>) source dynamic any interface

Configure the two NAT statements required so that either interface can provide NATting,

Examples

nat (inside,outside) source dynamic any interface
nat (inside,Backup_Wan) source dynamic any interface

This method worked well for me personally and keep in mind i’m no Cisco Guru so if i made a mistake or if you feel like there is a better way to do this please leave comment. its all about the community after all

Until next time stay awesome internetz

Reducing Dell PowerEdge (PE) 2950/2900/2800 II/III fan noise – Fan mod + BMC firmware mod (Noob friendly guide)

Posted on August 8, 2014November 26, 2018 by Malinda Rathnayake1 Comment

Dell 2950 III is one of the best bang for the buck servers you can find on Ebaym but there is one problem this server runs very loud by design.

Example (video Credit David Lohle)

I have my lab setup in my room so I had to do something about this.

After wondering around in the OSMA, DRAC and BIOS with no luck, I turned to almighty Google for help.

Turns out Dell decided not to expose the BMC’s fan controller settings to the users. It’s baked in to the firmware.

Reducing the noise involves two mods, hardware and firmware.

Fan MOD – Lower the Fan speeds to reduce the noise

Firmware mod – Lowering the BMC fan rpm thresholds

Update:

I stress tested the server after the mod, check here for details – Dell PE 2950 Stress test

01. Fan MOD – Lower the Fan speeds to reduce the noise

I stumbled upon this post on the “Blind Caveman’s blog”. – http://blindcaveman.wordpress.com/2013/08/23/problem-dell-poweredge-2950-iii-jet-engine-fan-noise/

Apparently he had success with adding a 47ohm resistor in line to all 4 intake fans, he has a very comprehensive guide on the mod.

I’m just going to put the summery of what I did. (Props to Caveman for coming up with this solution)

Items you need

4pc of 47ohm ½ watt resistors. (Radio shack $1.49)
Heat Shrink. (Radio shack $4.59)
Soldering iron.

Note : You can drop the resistor value to increase the fan voltage

10v = 12 ohms
9v = 2020 ohms
8v = 3030 ohms
7v = 4242 ohms

Fan Mod – Steps

01. Remove the cover.

02. Remove the fan by pulling the orange tabs and gently lifting up.

03. Remove the wire clip cut the “Red” wire and solder the resistor in line with the wire.

Red Wire

04. Re-seat the fans back on the server. (be careful not to let it touch the heat sink right next to it)


Watch out for the Heat-sink

Note:
I just modded the intake fans, OP suggest to mod the PSU fans but I don’t think you need to mess with the power supply fans for 3 reasons.

It’s not going to make a huge difference. (my PE is running below 52db with just the intake fans modded)

PSU is Expensive to replace. (on Ebay PSU is around $100 but four Dell 2950 Fans cost less than $10)

I believe the PSU units should run very cool and efficient as much as possible.

—————————————————————————————————————————

So after the mod, I booted up the server, it was running significantly quieter. BUT… yes there’s a huge but….

Issue 01 – OSMA Errors and fan speed issues

The fan speeds were ramping up and down every few minutes.
When i monitored the fan speeds via DRAC and it showed an error with the fans failing since the idle rpm is lower than the minimum rpm threshold.

What is happening

the BMC lower the fan RPM after the initial boot, since the resistor is in place the lowest RPM is around 1800 and the default minimum RPM error threshold is 2250rpm so the BMC panics, spins the fans back up to 100%, lower them again since the error is cleared. So on. it was going on in a never ending cycle of annoyingness.

So after some more google fu. I found a post written by a German “Artificial intelligence researcher” who faced the same issue after he swapped out the dell fans with lower RPM ones and since dell refused to help him fix it, he engineered his own fix for this by modifying the BMC firmware to reduce the minimum rpm threshold (how cool is that).

His name is Arnuschky – Link | Post link

His post is well written to the point (Kudos to you sir) but its not very noob friendly. 🙁
So I’m going to make a step by step guide using his post as reference with few more additions, for anyone who is new to open source and messing with dell firmwares.

02. Firmware mod – Lowering the BMC fan rpm thresholds

The solution explained-

Arnuschky figured out the exact setting in the BMC’s firmware, the check-sums etc to modify the fan rpm thresholds and wrote a very nifty script to help us modify the values on a downloaded firmware file.

What is BMC (board management controller)

Among many other things, fans are controlled by the BMC and the fan curve and all the values are baked in to the firmware.

BMC (board management controller) by design will ramp up the RPM of the fans every time you add more hardware to the system such as – Add-on cards, RAM, HDD’s, etc

What is IPMI

Intelligent Platform Management Interface, this tool set can be easily installed on any linux distribution and after you enable IPMI in the BIOS (DRAC interface) you can query sensory data from BMC and configure parameters on the BMC.

Procedure

Things you should know –

This worked for many people including me. Myself nor anyone involved will not be held responsible for any damages caused by proceeding with the firmware mod.

You cannot perform this mod on ESXI. But if you are running a base OS like Redhat/CentOS/Ubuntu you should be good to go.

You cannot flash the firmware using a VM (If you know a way please let us know)

To modify the firmware you have to be on a Linux server, you can technically flash the modified firmware from windows server. I will add the details later in the post

Packages required

BMC Firmware file – Dell Drivers and support

IPMI tools

glibc.i686 (If you are on a 64bit OS)

I have Esxi 5.5 installed on the Dell server so I used a Cent OS 6.4 installation running off a USB stick to do the modifications and flashing

Enable IPMI on the DRAC interface

You can do this by logging in to the DRAC web interface or though the bios screen

Press ctrl+E during the post screen to access the DRAC card configuration screen and Enable IPMI

Setting up IPMI Tools

yum install OpenIPMI OpenIPMI-tools

StartEnable the Service

chkconfig ipmi on

service ipmi start

Run the following commands to see if IPMI is working

ipmitool sdr type Temperature

Temp             | 01h | ok  |  3.1 | -48 degrees C
Temp             | 02h | ok  |  3.2 | -42 degrees C
Temp             | 05h | ok  | 10.1 | 40 degrees C
Temp             | 06h | ok  | 10.2 | 40 degrees C
Ambient Temp     | 08h | ok  |  7.1 | 27 degrees C
CPU Temp Interf  | 76h | ns  |  7.1 | Disabled

ipmitool sdr type Fan

FAN 1 RPM        | 30h | ok  |  7.1 | 4200 RPM
FAN 2 RPM        | 31h | ok  |  7.1 | 4200 RPM
FAN 3 RPM        | 32h | ok  |  7.1 | 4200 RPM
FAN 4 RPM        | 33h | ok  |  7.1 | 4200 RPM
FAN 5 RPM        | 34h | ok  |  7.1 | 4200 RPM
FAN 6 RPM        | 35h | ok  |  7.1 | 4200 RPM
Fan Redundancy   | 75h | ok  |  7.1 | Fully Redundant

Install glibc.i686

yum install glibc.i686

note:
Firmware Flash program is 32bit and it will fail with the following warning on 64bit OS

/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

Download the relevant firmware file

Visit – http://www.dell.com/support/

Enter your service tag

Select OS version – Redhat or any other linux flavor (This will allow you to download the .bin file containing the firmware, this is what we need to modify the values)

To save you time here’s the link for the Dell PE 2950 II, BMC firmware V2.50 – direct link

mkdir bmcfwmod 
cd bmcfwmod                                  #create project directory
wget "http://downloads.dell.com/FOLDER00928606M/1/2950_ESM_Firmware_4NNNG_LN32_2.50_A00.BIN"

Set permissions and extract the firmware .bin file

chmod 755 BMC_FRMW_LX_R223079.BIN                              # make executable
sudo mkdir bmc_firmware                                        # create dir as root
sudo ./BMC_FRMW_LX_R223079.BIN --extract bmc_firmware          # yes, you have to do this as root! :(
cd bmc_firmware

Note : You have to extract the bin file in-order to proceed..
Above commands will extract the firmware bin file, in to the bmc_firmware folder.
Check inside the folder to see if you have a file called /payload/bmcflsh.dat.
If not that means your system is not compatible with this mod. If yes, please continue.

Patching the firmware file

Note:
You should be in the bmc_firmware directory created above

Download and run the script

–no-check-certificate switch is used to get around the cert issue due to the github domain name mismatch

wget "https://raw.github.com/arnuschky/dell-bmc-firmware/master/adjust-fan-thresholds/dell-adjust-fan-thresholds.py --no-check-certificate"
chmod 755 dell-adjust-fan-thresholds.py    # set permissions
./dell-adjust-fan-thresholds.py payload/bmcflsh.dat  #execute the py script on the bmcflsh.dat file

The script will prompt you with the following screen

Select your server model in this case I selected Dell PowerEdge 2950 = number 3

Then it will prompt you to select the fans and adjust the threshold.
On the DRAC interface the intake fans shows up numbered 1-4,
I edited the values for the fans 1 thorough 4 (Only the intake fans will be effected)

Setting the value

When you select the fan number it will ask you to enter the value for the new threshold
This should be entered in multiples of 75 for example the default value is 2025 which is a 27×75 so the default value is 27
So to reduce the threshold value you need to enter something lower than 27
I choose 18 as the value, this will drop my threshold to 1350rpm (18×75=1350)

Saving the changes

After editing the appropriate values, enter “W” to write the changes to the firmware as prompted.
This will update the bmcflsh.dat with the modified values

Flashing the modified firmware

If you are on a 64bit OS make sure you have the glibc.i686 package installed

LD_LIBRARY_PATH=./hapi/opt/dell/dup/lib:$LD_LIBRARY_PATH ./bmcfl32l -i=payload/bmcflsh.dat –f

This will map the necessary Shared Libraries and execute the bmcfl32l to flash the firmware file

Fans will rev up and stop for a brief moment during the update, don’t worry it will spool up again in a second.
You do not need to reboot to see the changes, but do a reboot just in case.
So there you go, your Dell 2950 should be purring away on the shelf silently.

Note:
You should disable the IPMI on DRAC since it is a big security risk.

Tested for more 24 hours

Update: Dell PE 2950 Stress test after the mod

No noticeable temperature difference with the components
No post errors
No OMSA or DRAC errors

Noise Level comparison

Before the mod

After the mod

Its a very long post and its almost morning. so forgive me for any grammar, spelling or formatting mistakes.

Until next time…….

Setting up Dell OMSA (Openmanage Server admin) on Vmware ESXI 5.x (Guide)

Posted on August 7, 2014November 26, 2018 by Malinda RathnayakeLeave a Comment

Hello internetz

I recently bought a dell 2950 for my home lab and decided to slap esxi on it and this is a guide on how to install OSMA 7.4 on ESXI 5.x

Note:

At the time of the writing the latest installable version for ESXI is 5.5 update1 this version had issues with the OMSA agent due to a VMware bug, please update to the latest patch to get it up and running

http://en.community.dell.com/support-forums/servers/f/177/t/19581502.aspx

Procedure – Summary

Download the relevant packages – Link
Enter the ESXI host to maintenance mode & Enable EXSI shell and SSH
Install OSMA agent on the EXSI host
Reboot
Exit maintenance mode

On your workstation or server

Install Dell open manager server administrator on your client PC or a sever
Connect to with the ESXI host IP and host login credentials

Download the relevant packages

OSMA for various operating systems can be downloaded from the Dell website

Link

In this case we are using –

Dell OpenManage 7.4 for ESXi 5.5 VIB (ESXI Agent)

Dell OpenManage 7.4 for Microsoft Windows x64 (Management Console)

Enter the ESXI host to maintenance mode

Using ssh

SSH in to the host server and run the following command

esxcli system maintenanceMode set --enable true

Using the VSphere client

Installing OSMA agent on the EXSI host

Transfer the Zip file to the host server using winscp

I used the following location

/var/log/vmware

You can use the data stores but I find this much easier

Install the VIB file

esxcli software vib install –d "/var/log/vmware/OM-SrvAdmin-Dell-Web-7.4.0-876.VIB-ESX55i_A00.zip"

If you transferred the file to a data store

esxcli software vib install -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"

Reboot the server

Reboot –f

Make sure the services are up and running

etc/init.d/./wsman status

It should return: openwsmand is running

etc/init.d/./sfcbd status

It should return: sfcbd is running

etc/init.d/./hostd status

It should return: hostd is running

Exit maintenance mode

Shell –

esxcli system maintenanceMode set --enable false

Installing the management console

Download the respective package for your workstation/Server and install it.
I installed the Dell OpenManage 7.4 for Microsoft Windows x64 on my workstation running windows 8.1
Open the application it will take you to a web interface

Important-

Remember to select “ignore certificate issues” otherwise the login will timeout with the error
Login failed….
Connection timeout

Powershell: simple script for port monitoring (SMTP, HTTP, FTP, etc) using “system.net.sockets.tcpclient” class

Posted on May 3, 2014November 26, 2018 by Malinda RathnayakeLeave a Comment

Recently we had a requirement to check SMTP of two diffrent servers and run a script if both servers failed. i googled around for the tool but ended up putting together this script.

Its not the most prettiest but it works, and im sure you guys will make something much better out of it.

# Define the host names here for the servers that needs to be monitored
$servers = "relay1.host.com","relay2.host.com"
# Define port number
$tcp_port = "25"

# Loop through each host to get an individual result.
ForEach($srv in $servers) {

    $tcpClient = New-Object System.Net.Sockets.TCPClient
    $tcpClient.Connect($srv,$tcp_port)

    $connectState = $tcpClient.Connected

    If($connectState -eq $true) {
        Write-Host "$srv is online"
    }
    Else {
        Write-Host "$srv is offline"
    }

    $tcpClient.Dispose()

}

If something is wrong or if you think there is a better way please free feel to comment and let everyone know. its all about community after all.

Update 4/18/2016 –

Updated the script with the one provided by Donald Gray – Thanks a lot : )

Exchange 2010 Mailbox PST export – New-MailboxExportRequest

Posted on January 9, 2014November 26, 2018 by Malinda RathnayakeLeave a Comment

Remember the Export-Mailbox command on exchange 2007??? The main problem I personally had was the annoying outlook requirement.

With the exchange server 2010 service pack 1 release, M$ introduced a new Cmdlet to export mailboxes on the server. And it does not require outlook.

New-MailboxExportRequest

Step 01 – Mailbox Import Export Role Assignment

Grant the user account permissions to export mailboxes (By default no account has the privileges to export mailboxes)

New-ManagementRoleAssignment -Role “Mailbox Import Export” -User administrator

Step 02 – Setup the Export File Location

We need a network share to export files. (Eg – \Exch01PST_export)

Note:

The Cmdlet gives an error if you point to a directory directly on the Hardisk (Eg – F:PST_export)

Create a Shared folder on a serverNAS and grant Exchange Trusted Subsystem user account read/write permissions to the folder

Exporting Mailbox Items with “New-MailboxExportRequest”

Supporting Cmdlets that can be used with MailboxExportRequest

Cmdlet	Description	Topic
New-MailboxExportRequest	Start the process of exporting a mailbox or personal archive to a .pst file. You can create more than one export request per mailbox. Each request must have a unique name.	Create a Mailbox Export Request
Set-MailboxExportRequest	Change export request options after the request is created or recover from a failed request.	Configure Mailbox Export Request Properties
Suspend-MailboxExportRequest	Suspend an export request any time after the request is created but before the request reaches the status of Completed.	Suspend a Mailbox Export Request
Resume-MailboxExportRequest	Resume an export request that’s suspended or failed.	Resume a Mailbox Export Request
Remove-MailboxExportRequest	Remove fully or partially completed export requests. Completed export requests aren’t automatically cleared. You must use this cmdlet to remove them.	Remove a Mailbox Export Request
Get-MailboxExportRequest	View general information about an export request.	View Mailbox Export Request Properties
Get-MailboxExportRequestStatistics	View detailed information about an export request.	View Mailbox Export Request Properties

From <http://exclusivelyexchange.com/export-mailbox-exchange-2010/>

In this example

Shared folder name- PST_export

server name- EXCH01

Share Path – \Exch01PST_export

Mailbox – amy.webber

Folder permissions –

For this example we are going to use New-MailboxExportRequest cmdlet with the following parameters :

-baditemlimit 200 -AcceptLargeDataLoss

AcceptLargeDataLoss	The AcceptLargeDataLoss parameter specifies that a large amount of data loss is acceptable if the BadItemLimit is set to 51 or higher. Items are considered corrupted if the item can’t be read from the source database or can’t be written to the target database. Corrupted items won’t be available in the destination mailbox or .pst file.
baditemlimit	The BadItemLimit parameter specifies the number of bad items to skip if the request encounters corruption in the mailbox. Use 0 to not skip bad items. The valid input range for this parameter is from 0 through 2147483647. The default value is 0.

From <http://technet.microsoft.com/en-us/library/ff607299(v=exchg.150).aspx>

Exporting the Whole Mailbox

Run the following Cmdlet to initiate the mailbox move request: New-MailboxExportRequest

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber -FilePath \Exch01PST_exportamy.webber.pst

Exporting the User’s Online Archive

If you want to export the user’s online archive to .pst, use the –IsArchive parameter.

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber -IsArchive -FilePath \Exch01PST_exportamy.webber-Archive.pst

Exporting a Specific Folder

You can export a folder from the users mailbox using the -IncludeFolders parameter

Eg: inbox folder layout-

To export the inbox folder

New-MailboxExportRequest -baditemlimit 200 -AcceptLargeDataLoss -Mailbox amy.webber -IncludeFolders #Inbox# -FilePath \Exch01PST_exportamy.webber.pst

Checking the Progress of the Mailbox Export Request

To check the current statues of the mailbox export request use the following cmdlet:

Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

People do crazy stuff scripting with this Cmdlet. Look around in the interwebs for some scripts.

Useful links:

http://technet.microsoft.com/en-us/library/ff607299%28v=exchg.150%29.aspx

http://exclusivelyexchange.com/export-mailbox-exchange-2010/

http://exchangeserverpro.com/exchange-server-2010-mailbox-import-request-logging/

Until next time…

Hacking WatchGuard Firebox to Run pfsense- nanoBSD

Posted on August 28, 2013November 26, 2018 by Malinda RathnayakeLeave a Comment

Hi Internetz, its been a while…

So we had an old Firebox X700 laying around in office gathering dust. I saw this forum post about running m0nowall on this device. since pfsense is based on m0nowall, I googled around to find a way to install pfsense on the device and found several threads on pfsense forums.
It took me a little while to comb through thousands of posts to find a proper way to go about this. And some more time was spent on troubleshooting the issues I faced during the installation and configuration. So I’m putting everything I found on this post, to save you the time spent googling around. This should work for all the other firebox models as well.

What you need :

Hardware

Firebox
Female to Female Serial Cable – link
4GB CF Card (We can use 1Gb, 2Gb but personally I would recommend at-least 4GB)
CF Card Reader

Software

pfsense NanoBSD
physdiskwrite – Download
TeraTerm Pro Web – Enhanced Telnet/SSH2 Client – Download

The firebox X700

This is basically a small X86 PC. we have a Intel Celeron CPU running at @1.2Ghz with 512MB Ram. The system boots using a CF card with watchguard firmware
The custom Intel motherboard used in the device does not include a VGA or a DVI port. we have to use the serial port for all the communications with the device

There are several methods to run pfsense on this device.

HDD

Install PF sense on a PC and Plug the HDD to the firebox.

This requires a bit more of a effort cause we need to change the boot order on bios. and its kinda hard to find IDE laptop HDD’s these days

CF card

This is very straight forward Method. We are basically swapping out the CF card already installed on the device and booting pfsense from it.

In this tutorial we are using the CF card method

Installing PFsense

Download the relevant pfsense image

Since we are using a CF card we need to use the PFsense version built to work on embedded devices.

NanoBSD version is built specially to be used with CFcards or any other storage media’s that have limited read write life cycle

Since we are using a 4GB CF card, we are going to use the 4G image

Flashing the nanoBSD image to the CF card

Extract the physdiskwrite program and run the PhysGUI.exe
This software is written in German i think but operating it is not that hard

Select the CF card from the list.

Note : if you are not sure about the disk device ID. use diskpart and determine the disk ID

Load the ISO file
Right click on the Disk “Image laden > offnen”

select the ISO file from the “open file” window
program will prompt you with the following dialog box

Select the remove 2GB restriction and click “OK”
It will warn you about the disk being formatted (I think), click yes to start the disk flashing process. a CMD window will open and show you the progress

Installing the CF card on the Firebox

Once the flashing process is completed, open up the Firebox and Remove the drive cage to gain access to the installed CF Card

Remove the protective glue and replace the card with the new CF card flashed with pfsense image.

Booting up and configuring PFsense

since Firebox does not have any way to connect to a display or any peripheral ports. We need to use a serial connection for communicating with the device

Install “teraTerm pro web” program we downloaded earlier.

I tried using putty and many other telnet clients didn’t work properly

Open up the terminal window

Connect the firebox to the PC using the serial cable, and power it up

Select “Serial” and select the com port the device is connected to and click OK(You can check this in device manager)

Many other tutorials says to change the baud rates. but defaults worked just fine for me

Since we already flashed the PFsense image to the CF card we do not need to install the OS

By now on the terminal window you should be having the PF sense configuration details. just as with a normal fresh install.

It will ask you to setup VLan

Assign the WAN, LAN, OPT1 interfaces.

ON X700 interface names are as follows

Please refer to pfsense Docs for more info on setting up

http://doc.pfsense.org/index.php/Tutorials#Advanced_Tutorials

After the initial config is completed. you do not need the console cable and Tera Term
you will be able to access the PFsense via the web-interface and good ol SSH via the LAN IP

Addtional configuration

Enabling the LCD panel

All firebox units have a LCD panel in front
We can use the pfsense LCDproc-dev package to enable and display various information

Install the LCDproc-dev Package via the package Manager

Go to Services > LCDProc

Set the settings as follows

Hope this article helped you guys.Dont forget to leave a comment with your thoughts

Sources –

http://forum.pfsense.org/index.php?board=5.0

Recover Exchange Mail store Using Database portability feature in Exchange 2010

Posted on May 28, 2012November 26, 2018 by Malinda RathnayakeLeave a Comment

“Mail server crashed” worst nightmare for a System admin. Followed by tight Dead lines, incident reports, load of complains you have to listen to, Its a full fledged disaster.
In this scenario its a medium size business with with just one single Server running AD and Exchange 2010(not ideal i know) which was upgraded from SBS 2003

AD and DNS failed after de-commissioning the old SBS server.

Recovering from full server backup was not an option and we had the Databases on a separate drive.

Important things to keep in mind when recovering DB’s on a different AD domain

Organization name and the Exchange Administrative Group should be the same in order for the Portability feature to work
Database must be in a clean shutdown state
After mounting the old DB’s always move the mail boxes to new database’s
Exchange 2010 Slandered only supports up to 5 Databases.

there are few method’s to recover DB’s on exchange 2010, This is the method we used.

Check List before proceeding further

Once you have

Restored the Old Databases from backup to a different location on the server
installed the AD (with the same domain name) and the Exchange with the same Administrative Group as the earlier

Preparing the Databases

Checking the statues of the database file

in order for the Database portability feature to work. we need the DB’s in clean shutdown state. To check the Database State we are gonna be using the Exchange Server Database Utility’s file dump mode

Note : if you are restoring from a windows Backup the Database should already be in a Clean shut down state as the exchange VSS backup re-plays the log files before backing up the DB

More Detail on eseutil /MH – link

Launch command prompt and type

eseutil /MH “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Check the output you get and check if the DB is in a Dirty shutdown or a clean shutdown state

If the DB file is in Dirty shutdown state

In this case we did not have any recent backups and we were not able to soft recover the DB since this is a new DC. so we had to do a hard recovery using this command.

eseutil /P “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Click ok on the prompt to continue

Note : using the Hard recovery will result in loss of information depending on the amount of log files you have for that Database

After the Hard recovery to fully rebuild indexes and defragment the database

eseutil /D “D:RestoreoldDB.edb” (the text in blue is the location of the restored old database file)

Mounting the Database using the Portability feature.

Create a new Database

Create a new Database for example we will create one named – recoveryDB1

Go to properties of the new DB > Maintenance Tab > Select the option “This Database can be overwritten by a restore”

Apply the Changes and dismount the Database

Replace the new Database file with the Repaired Database

Firstly go to the folder where the new DB file(recoveryDB1.edb) is located and Rename or delete it

Delete the log files / Catalog files

———————————————————————————————————————–

Rename the Recovered Database

Go to the Folder where the Database we repaired before is located and Rename it to “recoveryDB1”

————————————————————————————————————————–

Replace the newly created Database

Copy the Repaired DB file and replace the new Database file recoveryDB1.edb

Remember the Log files should be deleted or moved before you mount this DB.

Mount the “recoveryDB1” Database From EMC

now the mailStore should be mounted with out an issue

Errors you might run in to
In case you do get errors when mounting the DB such as

Operation terminated with error -1216 (JET_errAttachedDatabaseMismatch, An outstanding database attachment has been detected at the start or end of recovery, but database is missing or does not match attachment info) after 11.625 seconds.

you are getting this error because The DB is in dirty shutdown state, refer to the Preparing the Database Section above to fix the issue by performing a Hard Recovery

unable to mount error ‘s

The new Database Log files are still present, Delete them or move them.

Now you can go ahead and Attach the Mailboxes to the corresponding user accounts.

Word of advice

It will be wise to not to keep this recovered Mail Store in production for long. you will run in to various issues as the Mails start to flow in and out

Create new Mail stores’s and Move the mail boxes to avoid future problems.

Some mailboxes might be corrupted. in that case

Easiest way is to use the

“New-MailboxRepairRequest” cmdlet

Refer to this tech-net article for more info – link

Export it to a PST
Attach the user to a fresh mailbox
Sync back the Data you need through outlook

Create local administrator account using Group pol…

Posted on November 18, 2011November 26, 2018 by Malinda RathnayakeLeave a Comment

Domain Trust relationship failures, it may be a virus making it impossible to login using domain credentials..you are bound to run in to scenario’s like this while managing a AD environment.you will have to login to a local administrator account on the client pc and re join the domain or do what ever the necessary troubleshooting procedures. in some cases you don’t have local admin passwords on some pc’s. so this will be a life saver cause i my self had the unfortunate incident where i had to guide a user to reset the local admin password of a pc over the phone using hiren bootcd.

its very simple actually. use this VB script file, modify it accordingly and add it as a computer start up script via Group policy.

this script first queary for the user name you have specified in the script on the local pc, if it doesn’t exist it will create it as an member of the local administrator group. if the user name already exist it will change the password to the one specified.

‘—————————————————————————————————————
‘this section creates the new user called localsupport if it doesn’t existDim AdminPassword
AdminPassword = “password“

QueryForUser(“user_name“)

                Set objNetwork = CreateObject(“Wscript.Network”)
                strComputer = objNetwork.ComputerName
                Set objComputer = GetObject(“WinNT://” &strComputer)

                Set colAccounts = GetObject(“WinNT://” & strComputer & “”)
                Set objUser = colAccounts.Create(“user”, “localsupport”)
                objUser.SetPassword AdminPassword
                objUser.Put “UserFlags”, 65600 ‘
                objUser.SetInfo

‘add to administrators group
                Set objGroup = GetObject(“WinNT://” & strComputer & “/Administrators,group”)
                Set objUser = GetObject(“WinNT://” & strComputer & “/localsupport,user”)
                objGroup.Add(objUser.ADsPath)

‘msgbox “user was created”

‘this section just changes the password if the user exists

Sub QueryForUser(strlocalsupport)
    Set objlocal = GetObject(“WinNT://.”)
    objlocal.Filter = Array(“user”)
    For Each User In objlocal
        If lcase(User.Name) = lcase(strlocalsupport) Then

                strComputer = “.”
                Set objUser = GetObject(“WinNT://” & strComputer & “/localsupport, user”)
                objUser.SetPassword AdminPassword
                objUser.SetInfo

            ‘msgbox User.Name & ” already exists.” & vbCrLf & “The password was re-set.”
            WScript.Quit
        End If
    Next
End Sub

————————————————————————————————————–

to change the password modify the password within the quotes (marked in red), in the following code section. this also allows you to easily change the password in case you have to give the password to a end user.

Dim AdminPassword
AdminPassword = “password“

QueryForUser(“user_name“)

hope this helps someone, cause this saved my ass so many time. 😛

Managing calendar permissions in Exchange Server 2010

Posted on November 2, 2011 by Malinda RathnayakeLeave a Comment

Admin may get asked to set and add / Edit permissions for shared Calendars.
these Sharing options are not available in EMC, so we have to use exchange power shell on the server to manipulate them.

View existing Calendar permissions

Get-MailboxFolderPermission -identity "Networking Calendar:Calendar"

There are 4 MailboxFolderPermission cmdlets in Exchange Server 2010:

• Add-MailboxFolderPermission

• Get-MailboxFolderPermission

• Remove-MailboxFolderPermission

• Set-MailboxFolderPermission

Each cmdlet have different syntax, follow the links for more information..

In this scenario we need to set following permissions to the Calendar Resource named “Networking Calendar.

user – “Nyckie” – full permissions

all users – permissions to add events without the delete permission

To assign calendar permissions to new users “Add-MailboxFolderPermission”

Add-MailboxFolderPermission -Identity "Networking Calendar:Calendar" -User [email protected] -AccessRights Owner

To Change existing calendar permissions “set-MailboxFolderPermission”

set-MailboxFolderPermission -Identity "Networking Calendar:Calendar" -User default -AccessRights NonEditingAuthor

This assigns the owner righs to the user “nyckig” for the calendar of the “Networking Calendar” resource.and sets NonEditingAuthor permissions as the default permission for the calendar for all other users

__________________________________________

Here are the other permission levels you can assign:-

None – FolderVisible

Owner – CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingEditor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

Editor – CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingAuthor – CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

Author – CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems NonEditingAuthor – CreateItems, ReadItems, FolderVisible

Reviewer – ReadItems, FolderVisible

Contributor – CreateItems, FolderVisible

The following roles apply specifically to calendar folders:

AvailabilityOnly – View only availability data

LimitedDetails – View availability data with subject and location

source –

technet.microsoft.com

http://blog.powershell.no/2010/09/20/managing-calendar-permissions-in-exchange-server-2010/