Injecting VMware SCSI Drivers after P2V conversion
Having had a few old Microsoft Windows Server / Small Business Server 2003 boxes die, I managed to at least grab an image of the disks to then look at a P2V conversion.
The images where made with Acronis or O&O which I then restored to a VMware virtual environment, the problem being that as the server had already died I couldn't inject the drivers pre-conversion. This gave a lovely 0x0000007B Inaccessible_Boot_Device BSOD once the restored VM tried to boot Windows.
The article from VMware that initially helped point in the right direction is HERE
To inject the drivers I booted the VM with ERD Commander (available via Microsoft DART) then imported the required .sys files and registry keys as the above VMware KB articles references.
Once done the old Server 2003 images worked perfectly!
I've included the required reg/driver files to save having to build a 2003 environment.
Taken from a Server 2003 32bit environment - VMSCSI.zip
Purge Deleted Mailboxes in Exchange 2010
Having transferred a number of old mailboxes out to PST (Exchange 2010 SP1 is awesome!) I needed to purge the now deleted users and the associated mailboxes.
This was part of an Exchange 2007 to 2010 migration where I found the helpful commands here & here.
In brief:
Set the the Mailbox Database retention period in the Exchange 2010 console. This is found via Organization Configuration - Mailbox - Database Management Tab - Select the Database and Right Click to view Properties - Limits Tab and then set the Deletion settings to Zero whilst unticking the 'Don't Permanently delete...' option.
Load up the Exchange Power Shell and run the below -
Get-MailboxDatabase -server "servername" | Clean-MailboxDatabase "Database Name"
Once done you can now dismount the Database and run the below via CMD to defrag and reclaim the disk space -
eseutil /d "C:\mailbox database path\database.edb"
Now remount the store, set the retention options back to their preferred and job done!
Outlook 2010 Large OST with Cached Mailboxes
Outlook 2010, by default, now cache's any additional mailboxes a user may have attached. This can cause the locally held OST file to jump in size quite considerably! I certainly tend to see issues on older machines once the OST file goes over 10GB but some have hit the 50GB mark which cripples Outlook - I believe this is also the physical cap for the file.
In Outlook 2007 you could turn caching on for shared mailboxes via this MS Article (HERE)
In Outlook 2010 you can turn this feature off so it reverts back to how Outlook 2007 handled cache via this MS Article (HERE)
To turn Outlook 2010 Cache for Shared Folders off:
- Close Outlook
- Open RegEdit (via Start, Run, type in Regedit, Click OK)
- Browse to the below key -
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Cached Mode - Look for (or create) the following REG_DWORD -
CacheOthersMail - Set the Value to 0
- Job Done!
I'm not aware of any immediate Best Practices but as a possible work around (should users need an offline ability for any additional mailboxes) Outlook 2010 is now able to hold multiple Exchange accounts within one profile. These each then cache to their own individual OST files and show as if they were attached mailboxes to help remove any confusion to an end user.
Veeam FastSCP – Error 800700c1
Having stumbled across this before I thought it easier to add the fix here for quicker reference.
When using Veeam's FastSCP to copy a VM on a 64bit PC you can often see the below error:
"Retrieving the COM class factory for component with CLSID [5F1555F0-0DBB-47F6-B10B-0AB0E1C1D8CE} failed due to the following error: 800700c1"
The following site has a nice quick fix - http://www.everything-virtual.com/?p=279
In brief download the single corflags.exe file and run the below command (e.g. corflags is placed in c:\temp)
"c:\temp\corflags "C:\Program Files (x86)\Veeam\Veeam Backup and FastSCP\VeeamShell.exe" /32BIT+"
Make sure you run the above as an Administrator (e.g. CMD run as administrator etc) as it caught me out on my first attempt!
Patching VMware ESXi 5.0
More for my own reference as I always forget the commands! Nice guide via the community forum on how to patch a host via CLI can be found HERE
In brief for a standalone ESXi host:
Upload the patch Zip file to the ESXi datastore
Shutdown any VM's running on the ESXi host
Enter Maintenance Mode on the ESXi host
Load up VMware vCLI and run the below (replace the server IP/Username/Datastore with appropriate details)
esxcli --server=10.10.10.10 --username=root software vib update --depot=/vmfs/volumes/datastore1/ESXi500-201109001.zip
It will then ask for your password, once entered it begins the update
You should then drop back to the vCLI prompt once done, reboot and you're all set!
Cisco IOS Schedule Tasks with kron
A few handy commands to help schedule simple tasks such as router reboots, config archives or backup to tftp/ftp.
As a couple of examples I often use for reference the below shows how to backup to a TFTP server or reboot on a weekly schedule.
First create the Policy and give it the appropriate commands to run from global configuration -
Router(config)#kron policy-list BackupTFTP
Router(config-kron-policy)#cli show run | redirect tftp://10.0.0.1/backupconf.cfg
Now create a schedule for the BackupTFTP policy to run -
Router(config)#kron occurrence BackupTFTP at 23:59 Sun recurring
Router(config-kron-occurrence)#policy-list BackupTFTP
The above creates a policy called BackupTFTP which copies the running config to a TFTP server running on 10.0.0.1, the file is saved as backupconf.cfg. The policy name, tftp details and saved filename can of course all be changed to whatever suits. The policy is then scheduled to run every Sunday at 23:59, the scheduled date/time/day can also of course be changed to whatever is preferable.
As another example the below schedules a daily reboot of a router using similar commands -
Router(config)#kron policy-list DailyReboot
Router(config-kron-policy)#cli reload
Router(config)#kron occurrence DailyReboot at 05:30 recurring
Router(config-kron-occurrence)#policy-list DailyReboot
Cisco IOS Login Attacks
Having checked some logs for my home router I noticed a few brute force attacks occuring over the last day or so. I noticed numerous tries a while back on the default SSH port (22) so I looked to change it to a random high port number - this drastically lowered the unauthorized attempts.
Now normally I'd promote restricting access to specific IP's or having to VPN in first etc but as it's my home kit I tend to log in at random, and from all over the place to test or double check settings so I don't really want to do this. Having a brief read around there are some nice login options that can be used which I thought I'd post here more for my reference.
Cisco IOS Login (enhancements)
To enable logging of login attempts:
Router(config)#login on-failure log
Router(config)#login on-success log
To enable login blocking after failed attempts:
Router(config)#login block-for #s attempts # within #s - (#s = time in seconds, # = number of attempts)
If the login block is tripped it will deny ALL login attempts made for the specified time. To block attempts for 60 minutes should 5 login attempts fail within 5 minutes I have used the following: login block-for 3600 attempts 5 within 300
This is awesome! However, what happens if you need to access the router but aren't onsite or have console access? You can use an access list so that when in quiet mode you can still connect from legitimate sources. If you then specify a particular ip or range for example you can ensure access from known 'safe' networks or machines.
First create the required access list (other wise a default will be created, basically a block all list). In my case I've used the below to only allow access from my home LAN to the main methods of admin access.
Router(config)#ip access-list extended LoginBlock
Router(config-ext-nacl)#permit tcp 192.168.11.0 0.0.0.255 any eq telnet
Router(config-ext-nacl)#permit tcp 192.168.11.0 0.0.0.255 any eq www
Router(config-ext-nacl)#permit tcp 192.168.11.0 0.0.0.255 any eq 22
Router(config-ext-nacl)#permit tcp 192.168.11.0 0.0.0.255 any eq 2222
Router(config-ext-nacl)#deny tcp any any eq telnet
Router(config-ext-nacl)#deny tcp any any eq www
Router(config-ext-nacl)#deny tcp any any eq 22
Router(config-ext-nacl)#deny tcp any any eq 2222
Router(config-ext-nacl)#permit ip any any
Now we can apply the access list via the command:
Router(config)#login quiet-mode access-class LoginBlock
To confirm the login options you can use 'show login' which will display items from the below:
Router#show login
A default login delay of 1 seconds is applied.
Quiet-Mode access list LoginBlock is applied.
All successful login is logged.
All failed login is logged.
Router enabled to watch for login Attacks.
If more than 5 login failures occur in 300 seconds or less,
logins will be disabled for 3600 seconds.
Router presently in Normal-Mode.
Current Watch Window
Time remaining: 164 seconds.
Login failures for current window: 0.
Total login failures: 5.
Remotely Enable RDP via PsExec
Had a PC this morning that wouldn't log on to the domain as it was reporting that the "The trust relationship between this workstation and the primary domain failed".
Unfortuantely without being able to log on, or connect up remotely via some usual tools, I had to look to enable RDP remotely and then allow it through the firewall. Here's what looked to work in our case:
- Download PsExec from Microsoft and place it in a suitable location (e.g. C:\PsTools\)
- Open a command prompt (via Start-Run-CMD) and navigate to the PsTools directory.
- Enter in the following commands (replacing \\remotepc with the remote machine name). The below will enable RDP via Registry if not allready allowed. It will also allow RDP through the Firewall.
-
psexec \\remotepc reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
-
psexec \\remotepc netsh firewall set service remoteadmin enable
-
psexec \\remotepc netsh firewall set service remotedesktop enable
IMCEAMAILTO error with Outlook 2007
Noticed this error popping up a few times recently which causes Outlook 2007 / Word 2007 to have some problems when clicking mailto: links. The below is the full error:
Delivery has failed to these recipients or groups:
'email@domain.com' (MAILTO:email@domain.com)
<mailto:IMCEAMAILTO-email@domain.com@yourdomain.local>
The message couldn't be delivered because of a routing error. Please contact your helpdesk.Diagnostic information for administrators:
Generating server: EXCHANGE.yourdomain.local
IMCEAMAILTO-email@domain.com@yourdomain.local
#550 5.4.4 ROUTING.NoNextHop; unable to route ##
FIX:
You can request the hotfix available via Microsoft - KB2475888
Once installed though your Outlooks NK2 cache will still have some incorrect entries causing the bounce backs. These can be fixed using NK2Edit available HERE - Just change the problematic MAILTO addresses to SMTP and save your NK2 file.
Office 2003 Error 1311 Source file not found SKU011.CAB
Had an older Windows XP machine with Office 2003 pop up with the below error when a new user logged on and tried to open Outlook.
Microsoft Office Professional Edition 2003
Error 1311: Source file not found: <file path>\SKU011.CAB. Verify that the file exists and that you can access it.
Clicking Retry/Cancel unfortunately didn't progress to anything further but hunting around the below registry change appeared to help resolve.
FIX:
1. Open Regedit
2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Delivery\{90000409-6000-11D3-8CFE-0150048383C9}\
3. Find the CDCache entry and change it to 0
4. Office should now load up or at least allow a repair install which is what we did to resolve.