Exchange – Slow Mailbox Migration?
KB ID 0001327 Problem I had a problem recently during an Exchange 2007 to 2013 migration, (client can’t support 2016 yet!) Where the mailbox migrations were taking ages. Solution 1. Disable Microsoft Replication Service Throttling On the ‘Target’ server > Open ‘regedit’ > Navigate to; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth Locate the MRS REG_DWORD Value and...
Exchange AutoDiscover Errors – Creating an AutoDiscover SRV Record
KB ID 0001184 Problem Ages ago I wrote the following article; Outlook Error “The name of the security certificate is invalid or does not match the name of the site.” You used to see this error a lot if your internal, and external domain names were different, and the ‘public’ domain name was on the certificate, in those cases I’d also setup split DNS like so; Windows – Setting Up Split DNS But you can simply create a...
Mailbox Move Error ‘Active Directory property ’homeMDB‘ is not writeable’
KB ID 0001326 Problem I was migrating some mailboxes form Exchange 2007 to Exchange 2013 today, when once again this happened; Error: MigrationPermanentException: Active Directory property ’homeMDB’ is not writeable on recipient ’petenetlive.com/Migration/Users/Pete.Long’. –> Active Directory property ’homeMDB‘ is not writeable on recipient Solution I can’t believe there’s no fix for this yet! This is being caused...
Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication
KB ID 0001117 Problem Once deployed, authentication is handled by the appliances own internal user database, in larger organisations this is a little impractical. So the ability to create an Active Directory Group, and delegate access to Firesight to members of that group is a little more versatile. Solution I’m making the assumption that the appliance does not already have external authentication setup at all, so I’ll...
Windows Folder Redirection
KB ID 0000467 Problem Q: What is Folder Redirection? A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery. Q: What’s the difference between this and a roaming / roving profile? A: Folder redirection keeps information on a server...
Exchange 2013 / 2016 / 2019 Default Receive Connector Settings
Default Receive Connectors KB ID 0001314 Problem Out of the box, Exchange 2016 (&2013) has five receive connectors. Three for the frontend transport service and two for the mailbox transport service. Front End Transport Service: Does not alter, inspect, or queue mail. It is the first port of call for ALL mail coming into (and out of) the Exchange organisation. This service creates THREE receive connectors All are bound to 0.0.0.0...
Microsoft PKI Planning and Deploying Certificate Services Part 3
KB ID 0001312 Problem Following on from Part Two, now we have an offline Root CA, and a CRL server, our next step is defined by our PKI design, are we three tier, or two tier? (Look in Part One for a definition). Solution As previously mentioned, Microsoft just treats Intermediate CAs and Issuing CA’s as the same thing (SubCAs). So the next step is identical for either. But I would suggest one difference, If I was deploying an...
WannaCry – Protect Yourself
KB ID 0001311 Problem Last Friday, the IT world was hit by another attack, WannaCry is a Ransomware infection, that exploits a hole in the windows SMB Protocol. This hole was patched back in March, (Security update MS17-010) so if your, (windows update supported systems) have updates enabled, you will probably already be protected. Why were big organisations like the NHS hit? Primarily because they have systems that are no longer...
Microsoft PKI Planning and Deploying Certificate Services Part 2
KB ID 0001310 Problem In Part One we deployed our offline Root CA Server, now we are going to deploy a ‘Certificate Revocation Location’ server. Solution Before you start: Create a DNS record for ‘pki’ that points to the IP address, that you will have the CRL web server hosted on. I’m installing my CRL server on a separate web server because thats good practice. Starting with a domain joined member...
ADMT (Active Directory Migration Tool) Domain Migration – Part 4
KB ID 0001308 Problem On the homeward stretch now, back in Part Three, we migrated service accounts, groups, and users. Now we turn our attention to our machines. Note ADMT 3.2 Only support the migration of Operating Systems up to Windows 7, (that doesn’t mean Windows 8 and Windows 10 wont work, it just means they are not supported). Migrating Windows 8 and 10 throws a lot of security translation errors, because of the way it...