Users Cannot Access Public Folders Post Migration (Exchange 2016)

KB ID 0001295 

Problem

This post comes form my colleague Andrew Dorrian, he usually follows my migrating public folders article. Recently after a couple of Exchange 2016 migrations he has seen a problem where the public folders are visible in the Exchange Admin Console, but the users can’t access them.

Solution

Open ADSIedit.msc and connect to the ‘Configuration’ context.

Navigate to;

CN=Services > CN=Microsoft Exchange > CN=(your organization name) > CN=Administrative Groups > CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > CN=Databases.

Locate you mailbox database(s) > Right Click > Properties > Locate: msExchHomePublicMDB  > Edit > Clear > OK > Apply > OK.

Open an Exchange administrative shell and run the following command;

[box]Set-OrganizationConfig -PublicFoldersEnabled Local[/box]

Note: Depending on the size of your organisation, you might want to wait a while for the changes to get replicated.

Related Articles, References, Credits, or External Links

NA

Windows – Display Memory Modules From Command Line

KB ID 0001294 

Problem

This is a handy command I came across this week, If you need to know the hardware memory configuration for a machine, and either don’t want to open the case to take a look, or you are at a different location, (i.e. remote connected onto the machine). How do you do it, without installing some audit software?

Solution

Simply run the following command;

[box]wmic MEMORYCHIP get BankLabel,DeviceLocator,Capacity,Tag[/box]

Examples;

Here’s an example, (on an HP DL360 G6) we can see that there are Qty 2 2GB memory modules, and they are fitted into slots two and five, and (dedicated to CPU number 1, so this also tells me it’s dual CPU capable server, with only one CPU fitted!

Here’s a much older server, we can see we have Qty 4 1GB DIMMS in slots zero to three.

Related Articles, References, Credits, or External Links

NA

ESX Cannot Mount MSA P2000 Datastores

KB ID 0001292 

Problem

For the first time in ages I’ve been doing a VMware upgrade this week, a client had an MSA P2000 G3 and two G8 DL380 servers running vSphere 5.5. I put in a new 6.5  VCSA, built some new G9 DL380 servers,  I noticed that the SAN was presenting five storage LUNs but the new ESX 6.5 servers could only see three of them?

Strangely when I selected the SAS storage controllers they could see all 5 storage LUNs, but the datastores refused to appear.

Solution

I checked that the SAN was not masking the LUN’s (it wasn’t, the default was read/write for everything). I connected to the  console and proved the storage could be seen.

[box]

[root@ESX1:~] esxcli storage core path list
------output removed for the sake of brevity------

sas.50014380388d8480-sas.d0b8d32406430000-naa.600c0ff00014dfce99cd2d5401000000
   UID: sas.50014380388d8480-sas.d0b8d32406430000-naa.600c0ff00014dfce99cd2d5401000000
   Runtime Name: vmhba3:C1:T1:L4
   Device: naa.600c0ff00014dfce99cd2d5401000000
   Device Display Name: HP Serial Attached SCSI Disk (naa.600c0ff00014dfce99cd2d5401000000)
   Adapter: vmhba3
   Channel: 1
   Target: 1
   LUN: 4 <-- First missing LUN
   Plugin: NMP
   State: active
   Transport: sas
   Adapter Identifier: sas.50014380388d8480
   Target Identifier: sas.d0b8d32406430000
   Adapter Transport Details: 50014380388d8480
   Target Transport Details: d0b8d32406430000
   Maximum IO Size: 4194304

sas.50014380388d8480-sas.d0b8d32406430000-naa.600c0ff00014ddb44c57ac5401000000
   UID: sas.50014380388d8480-sas.d0b8d32406430000-naa.600c0ff00014ddb44c57ac5401000000
   Runtime Name: vmhba3:C1:T1:L5
   Device: naa.600c0ff00014ddb44c57ac5401000000
   Device Display Name: HP Serial Attached SCSI Disk (naa.600c0ff00014ddb44c57ac5401000000)
   Adapter: vmhba3
   Channel: 1
   Target: 1
   LUN: 5 <--Second Missing LUN
   Plugin: NMP
   State: active
   Transport: sas
   Adapter Identifier: sas.50014380388d8480
   Target Identifier: sas.d0b8d32406430000
   Adapter Transport Details: 50014380388d8480
   Target Transport Details: d0b8d32406430000
   Maximum IO Size: 4194304

------output removed for the sake of brevity------

[/box]

At this point I opened a support call with VMware and started doing other work while I waited for them to ring back. By the following morning I was still waiting, but I had found this article, I had built the new servers with HP Build versions of ESX, but perhaps I just needed to install the HP VAAI Plugin? I was fiddling with this when a nice chap called Supreet rang from VMware. I explained what I was trying to do, and got him WebEx’d on (I try not to waste a ton of time saying I’ve done X,Y, and Z, people do that to me all the time, and it just slows the process down, if anything I’d done was correct, it would have been fixed already!)

He confirmed the hosts were definitely seeing the storage;

[box]

[root@ESX1:/var/log] esxcli storage vmfs extent list
Volume Name     VMFS UUID                            Extent Number  Device Name                           Partition
--------------  -----------------------------------  -------------  ------------------------------------  ---------
P2000_SAS1      502cba95-9e8cab7c-749d-ac162d6f719d              0  naa.600c0ff00014ddb4d3d82a5001000000          1
P2000_SAS2      502cbb3d-c7b6c728-f088-ac162d6f719d              0  naa.600c0ff00014dfce05d92a5001000000          1
P2000_SAS3_R10  50753c5d-384acc4c-c4b6-ac162d6f719c              0  naa.600c0ff00014ddb4514e745001000000          1
P2000_SAS4      542eb3f8-da4ea518-553e-ac162d6f719c              0  naa.600c0ff00014dfce99cd2d5401000000          1
P2000_SAS5_R1   54ad3e22-b39316bd-3e65-ac162d6f719c              0  naa.600c0ff00014ddb44c57ac5401000000          1

[/box]

Note: The bottom two are the missing ones. Using that information he had a look in the logs.

[box]

[root@ESX1:/var/log] grep -i "542eb3f8-da4ea518-553e-ac162d6f719c" vmkernel.log | less
[root@ESX1:/var/log] grep -i "54ad3e22-b39316bd-3e65-ac162d6f719c" vmkernel.log | less

[/box]

That showed up the following;

[box]

2017-03-20T16:23:16.754Z cpu15:68106)WARNING: HBX: 2354: Failed to initialize VMFS distributed locking on volume 542eb3f8-da4ea518-553e-ac162d6f719c: Not supported
2017-03-20T16:23:16.754Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 1 uuid 542eb3f8-da4ea518-553e-ac162d6f719c FD 0 gen 0 :Not supported
2017-03-20T16:23:16.754Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 2 uuid 542eb3f8-da4ea518-553e-ac162d6f719c FD 4 gen 1 :Not supported
2017-03-20T16:23:16.896Z cpu15:68106)WARNING: HBX: 2354: Failed to initialize VMFS distributed locking on volume 542eb3f8-da4ea518-553e-ac162d6f719c: Not supported
2017-03-20T16:23:16.896Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 1 uuid 542eb3f8-da4ea518-553e-ac162d6f719c FD 0 gen 0 :Not supported
2017-03-20T16:23:16.896Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 2 uuid 542eb3f8-da4ea518-553e-ac162d6f719c FD 4 gen 1 :Not supported
 
2017-03-20T16:23:16.675Z cpu15:68106)WARNING: HBX: 2354: Failed to initialize VMFS distributed locking on volume 54ad3e22-b39316bd-3e65-ac162d6f719c: Not supported
2017-03-20T16:23:16.675Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 1 uuid 54ad3e22-b39316bd-3e65-ac162d6f719c FD 0 gen 0 :Not supported
2017-03-20T16:23:16.675Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 2 uuid 54ad3e22-b39316bd-3e65-ac162d6f719c FD 4 gen 1 :Not supported
2017-03-20T16:23:16.910Z cpu15:68106)WARNING: HBX: 2354: Failed to initialize VMFS distributed locking on volume 54ad3e22-b39316bd-3e65-ac162d6f719c: Not supported
2017-03-20T16:23:16.910Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 1 uuid 54ad3e22-b39316bd-3e65-ac162d6f719c FD 0 gen 0 :Not supported
2017-03-20T16:23:16.910Z cpu15:68106)Vol3: 3090: Failed to get object 28 type 2 uuid 54ad3e22-b39316bd-3e65-ac162d6f719c FD 4 gen 1 :Not supported

[/box]

That pointed him towards the VAAI, (perhaps the stuff I’d been reading, had me on the right track?)

[box]

[root@ESX1:/var/log] esxcli storage core device vaai status get
naa.600c0ff00014ddb44c57ac5401000000
   VAAI Plugin Name:
   ATS Status: unsupported
   Clone Status: unsupported
   Zero Status: supported
   Delete Status: unsupported

naa.600c0ff00014dfce99cd2d5401000000
   VAAI Plugin Name:
   ATS Status: unsupported
   Clone Status: unsupported
   Zero Status: supported
   Delete Status: unsupported
------output removed for the sake of brevity------

[/box]

Note the difference, the following is on the older servers that were working fine;

[box]

VMware ESXi 5.5.0 Update 3
~ # esxcli storage core device vaai status get
naa.600c0ff00014ddb44c57ac5401000000
   VAAI Plugin Name: hp_vaaip_p2000
   ATS Status: supported
   Clone Status: supported
   Zero Status: supported
   Delete Status: unsupported

naa.600c0ff00014dfce99cd2d5401000000
   VAAI Plugin Name: hp_vaaip_p2000
   ATS Status: supported
   Clone Status: supported
   Zero Status: supported
   Delete Status: unsupported

[/box]

At this point, I piped up about the VAAI stuff I’d been reading, and told them that I’d download the VIB, and it was already on the offending server.

So they installed it and rebooted the server, (there were no running VMs on the new box).

I waited with bated breath, and it didn’t fix it 🙁 It was at this point that they gave me the bad news, HP P2000 G3 is not supported on ESX 6.5, (In fact its not supported on 6.0 either!)

Well I suppose that’s an answer, but not the one I wanted! I downgraded the hosts to 5.5U3a Same Problem! So I downgraded them to 5.0.0, then they wouldn’t boot, (error indicate unsupported hardware). So I set about upgrading them to 5.5U2, (to be on the safe side).

Also while this was going on, I updated the firmware on the SAN controllers;

Thankfully this time the servers booted up fine, and saw the storage and mounted all the datastores.

 

Related Articles, References, Credits, or External Links

NA

Reset IBM / Lenovo IMM Username and Password

KB ID 0001291 

Problem

After recycling an old M3 3650 IBM X Series server the other week, I was stuck trying to get into the IMM, because no one knew what the password was.

 

The default username of USERID and password of PASSW0RD (with a zero) didn’t work either.

Solution

For me it was OK because I could reboot the server and get directly into the BIOS , (Press F1 at boot)

System settings.

Integrated Management Module.

Reset IMM to defaults.

REMEMBER this will reset the name and IP settings, so you need to update them, and DON’T FORGET to press ‘Save Network Settings’, or nothing happens!

You can now use the default username USERID and default password (PASSW0RD).

Reset IMM Password Remotely

Remotely connect to your IBM server Download the IBM ASU Utility  (Note: There’s an x64 bit version, and an x32 bit version, run the correct one to extract the tools).

Run the following command to ensure that the USERID account exists

[box]

asu64.exe show IMM.LoginID.1
OR
asu.exe show IMM.LoginID.1

[/box]

It should detect the IMM by IP address and return IMM.LoginID.1=USERID

Note: If it returns a different username you can check each login ID and reset them one by one.

[box]

asu64.exe set IMM.password.1 Password123
OR
asu.exe set IMM.password.1 Password123

[/box]

Related Articles, References, Credits, or External Links

NA

Audacity – Looping Audio (Repeating Sections)

Looping Audio KB ID 0001290

Problem

Those that know me, will know I’ve been struggling to learn the guitar over the last few months. Recently my teacher, (the extremely talented Mr John Robson,) gave me some tab to learn, and helpfully recorded a backing track. 

Now it’s only 8 bars long, and not particularly fast, but I was still struggling to keep up. 🙁 Like all practical skills I learn by good old EDIP, (Explanation Demonstration Imitation Practice). However I don’t multitask well, Mmm thats not strictly true, I don’t multi-problem well! In an effort to break the problem down into smaller problems I wanted to just play one problem at a time! This needed me to play and loop a section at a time, to at least give me a chance!

 

A number of weeks ago I had asked my tutor how to do this and he said, “Use Audacity, it’s free as well.” 

Solution: Looping Audio

Open you audio track in Audacity and ensure you have the right selection tool chosen (1). Click and drag within the track (2), (not on the top of the track or it will annoyingly autostart playing from where you clicked). Finally, press and hold shift, and press the space bar. (I read some posts that said shift and click also works but it does not on my mac).

 

Related Articles, References, Credits, or External Links

NA

Cisco IOS – Enabling LLDP

KB ID 0001289 

Problem

If you’re running Cisco IOS on all you devices then you can use CDP  to see what’s directly connected, (unless you are on a Cisco firewall, but I did say IOS devices). 

[box]

Petes-Switch#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Petes-CPE.petenetlive.com
                 Gig 1/0/19        148             R S I  CISCO2901 Gig 0/0
Petes-Switch#

[/box]

But just about every other vendor uses LLDP (Link Layer Discovery Protocol,) to do the same job. So how do you discover what ports you are plugged into on them, or what they are?

 

Solution

Well in most cases, (depending on your code) your devices also support LLDP, it’s just disabled by default. You simply turn it on with an ‘lldp run’ command.

[box]

Petes-Switch(config)#lldp run
Petes-Switch(config)#exit
Petes-Switch#show lldp ?
  entry      Information for specific neighbor entry
  errors     LLDP computational errors and overflows
  interface  LLDP interface status and configuration
  neighbors  LLDP neighbor entries
  traffic    LLDP statistics
  |          Output modifiers
  

[/box]

Now I see my neighbours, (yes that is how it’s spelt I’m English!) In my example below the neighbour is a Dell Switch.

[box]

Petes-Switch#show lldp neighbors
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
90b1.1cf4.39e1      Gi1/0/11       120                        ManagementEthernet 0/0
90b1.1cf4.39e1      Gi1/0/14       120                        TenGigabitEthernet 1/45
90b1.1cf4.39e1      Gi2/0/13       120                        TenGigabitEthernet 0/44
90b1.1cf4.39e1      Gi1/0/13       120                        TenGigabitEthernet 1/44
90b1.1cf4.39e1      Gi2/0/14       120                        TenGigabitEthernet 0/45
90b1.1cf4.39e1      Gi1/0/16       120                        TenGigabitEthernet 1/47
90b1.1cf4.39e1      Gi2/0/16       120                        TenGigabitEthernet 0/46
90b1.1cf4.39e1      Gi1/0/15       120                        TenGigabitEthernet 1/46
90b1.1cf4.39e1      Gi2/0/15       120                        TenGigabitEthernet 0/47

Total entries displayed: 9

[/box]

 

Related Articles, References, Credits, or External Links

HP Networking – Tracing Networks and Locating IP addresses

Can A Domain Trust Another Domain With The Same ‘Root Domain’ Name?

KB ID 0001288 

Problem

About a month ago I was with a client to do some investigation/consultancy, they were a large company with their head office in the UK and a number of other offices around the world. They had a number of domains and sub domains and wanted to consolidate them all into a new domain.

Well that’s all OK, but the UK company has been purchased by a large American company, who were putting a lot of pressure on them to ‘get this done’.

So what was the problem? Well the American company had a domain called olduscomp.com, and were undergoing their own migration (not yet started) to newuscomp.com. The UK company wanted to use ukcomp.newuscomp.com 

Me: Thats OK once newuscomp.com is built, we will make ukcomp a child domain of that, that’s not a problem.

Client: Well that might not be built for quite some time, the guys in the states have problems of their own.

Me: OK we will build it here, then build our child domain, then we can then give them the root domain?

Client: That probably wont fly either, can we just build ukcomp.newuscomp.com here, them make it a child domain later?

Me: No, (the fist DC in a child domain needs to be a member of the parent domain).

Client: OK can we build ukcomp.newuscomp.com, and then when the US guys build newuscomp.com, can we get the domains to trust each other?

Me: I dont think so, (they have a similar namespace), I don’t think that will work? I would need to test it to see if it was possible.

The problem was dancing about on my mental ‘back-burner’ for the next few weeks, so in my free time, I thought I would investigate if it was possible.

Solution

Well I built both the domains, my usual procedure to creating a domain trust is;

  1. Create a conditional DNS forwarder in domain A for domain B
  2. Create a conditional DNS forwarder in domain B for domain A
  3. Go to Active Directory Domains and Trusts and setup the trust

As you can see from the diagram above I used subdomain.domain.com for the first domain, and I used domain.com for the second domain. So when I started, the only thing these domains shared is some namespace.

Creating a conditional forwarder in subdomain.domain.com for domain.com went without a hiccup.

However when I tried to create a conditional forwarder in domain.com for subdomain.domain.com this happened;

A problem occurred when trying to add the conditional forwarder. A zone configuration problem has occurred.

Oh dear, some investigation explained why;

Above from: Technet: Using Forwarders

However it does say I can delegate the namespace to another DNS server, would that work? If you don’t know what a delegation is read this article.

Then I setup the trust, and validated it.

So yes it does work, but you need to remember that these are two different domains that trust each other they just share a common piece of namespace. If it was a parent and child domain then when you were assigning permissions you would see something like this;

But instead, in our case when assigning permissions  you will see;

So yes it works and it looks like a sub domain, you can even call is a subdomain, but it isn’t, it’s just another domain that you can trust.

Related Articles, References, Credits, or External Links

NA

Windows – A Delegation For This DNS Server Cannot Be Created

KB ID 0001287

Problem

When promoting a server to be a domain controller, you might see the following error,

“A delegation for this DNS server cannont be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are intergrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain “{zone-name}“, Otherwise, no action is required”.

Or if you are on older domain controllers;

I’ve clicked past this error many thousands of times, because I know its safe to do so, but what does it mean? And why (in most cases), can you simply ignore it?

Solution

Quick Answer:

If you’re here because you have just Googled the error and don’t really care, because you have work to do, then in 99% of cases this error can be ignored. Unless you need assets within your internal domain DNS to to addressable, or look-upable, (if those are words!) From the public internet.

But I’m creating a child domain? If you are creating a child domain, then the machine you are promoting to be a domain controller in the new child domain, should be a member of the root domain first! Also you need to be logged on with a member of the enterprise administrators group. When creating a child domain you should NEVER see this error because a DNS delegation is created for you automatically in the root domain. The only error you may see is;

Could not log into the domain with the specified credentials. Supply a valid credential and try again.

Make sure you are a member of the root domains enterprise admin group and that the root domain is contactable.

The Long Answer:

It’s complaining because it can’t make a ‘delegation’ in the domain that’s directly above you, what does that mean? Well a delegation is (as the name implies) a method of delegating authority for a DNS zone somewhere else, to another DNS server to be precise. so for the following;

AD domain domain.com looks to the servers responsible for com and looks for a delegation to itself, if one does not exist it tries to create one and will fail.

AD Domain subdomain.domain.com looks to the servers responsible for com and looks for a delegation to itself, if one does not exist it tries to create one and will fail. NOTE this domain might look like a subdomain/child domain but if you selected new domain in a new forest, it isn’t (this can be confusing that’s why I’m mentioning it).

AD Child Domain subdomain.domain.com This will look to the DNS servers responsible for domain.com (the root domain in your forest) and it will create a delegation for you. For this to work you will have selected “Add a new domain to an existing forest”.

Providing you are an enterprise administrator the delegation will be created for you in the domain ‘above’ you.

If you open the delegation, you will see that the name server entry for your child domain has been created;

The domain ‘Above’ me isn’t a Windows domain, or it’s a public domain?

Then, if you need to have your domain assets addressed by their DNS name from the internet, you need to do the following.

  1. Allow DNS access to your internal DNS Server(s) from the Internet, (via UDP and TCP port 53).
  2. Create an A (or AAAA) record for each of your DNS servers, with a public name i.e. ns1.yourdomain.com etc.
  3. Create an NS (name server) record that points to each of your DNS servers A (or AAAA) records.

 

Related Articles, References, Credits, or External Links

NA