I was doing a migration from Exchange 2007 (on prem) to Exchange 2013 (on prem), this week. I had a number of mailboxes that were ‘StalledDueToMailboxLock‘.
Solution
Nice easy fix, on the Source and Destination Exchange severs, restart the ‘Microsoft Exchange Mailbox Replication Service‘.
Wont this break my Mailboxes! No, it will interrupt the migration process, (which is already stalled). But the actual ‘Live‘ mailbox, remains on the ‘Source Server‘, until the process is successfully completed anyway.
It can take a few minutes, (time for a coffee) but check and the process should now have resumed ‘CopyingMessages‘.
Related Articles, References, Credits, or External Links
There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)
Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.
OS: CentOS 7 x64
Rancid: 3.4.1
ViewVC: 1.1.24
Solution
Once it’s built, let’s update our server;
[box]
yum upgrade
yum update
Answer any questions with 'y' for yes.
We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);
We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.
Move into the directory, we just created then download RANCID, unzip it, then install it.
[box]
cd /home/rancid/tar/
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar -zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure --prefix=/usr/local/rancid
make install
[/box]
Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.
Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;
[box]
nano /usr/local/rancid/etc/rancid.conf
[/box]
Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches“
Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.
[box]
su -rancid
Or 'su rancid' if you are logged in as root
/usr/local/rancid/bin/rancid-cvs
su
[/box]
Download and install ViewVC.
[box]
cd /home/rancid/tar/
wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz
tar -zxvf viewvc-1.1.24.tar.gz
cd viewvc-1.1.24
./viewvc-install
[/box]
Open the ViewVC config file;
[box]
nano /usr/local/viewvc-1.1.24/viewvc.conf
[/box]
Uncomment and change the values, (as shown above).
Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).
[box]
nano /etc/httpd/conf/httpd.conf
Paste the following (at the bottom)
# Custom Rancid Config
<VirtualHost>
DocumentRoot /var/www
ScriptAlias /cgi-bin/ "/var/www/cgi-bin"
ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
ScriptAlias /query /var/www/cgi-bin/query.cgi
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
[/box]
We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.
Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.
Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.
[box]
mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’;
GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
[/box]
Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!
Now that is set up we can get ViewVC to create its database.
[box]
cd /usr/local/viewvc-1.1.24/bin
./make-database
[/box]
Use the following settings when prompted;
MySQL Hostname (leave blank for default):{Enter}
MySQL Port (leave blank for default):{Enter}
MySQL User: VIEWVC
MySQL Password: Password123
ViewVC Database Name [default: ViewVC]:{Enter}
Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.
[box]
mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’;
GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
[/box]
Edit the ViewVC configuration so that it uses all the parameters you have setup;
Although it looks a pretty scary error, it’s quite straightforward to rectify. I was doing a migration and I’d moved all the mailboxes already, so I had dismounted and removed the mailbox database on the source Exchange server. (Exchange 2010). All I had to to was mount a mailbox database (I just created a new empty one, and mounted it.)
If I then tried to do the migration, it queued up properly!
Related Articles, References, Credits, or External Links
While installing a new Exchange 2016 Server into a clients Exchange 2010 infrastructure last week, the setup failed with the following error.
A cutdown version of the error;
[box]
Write-ExchangeSetupLog -Info ("Cannot find E-discovery arbitration mailbox with name=$name.");
}
}
else
{
write-exchangesetuplog -info "Skipping creating Discovery Arbitration Mailbox because of insufficient permission."
}
}
" was run: "Microsoft.Exchange.Data.DataValidationException: Database is mandatory on UserMailbox.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow)
at Microsoft.Exchange.Configuration.Tasks.DataAccessTask`1.Validate(TDataObject dataObject)
at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.SetRecipientObjectTask`3.InternalValidate()
at Microsoft.Exchange.Management.Common.SetMailEnabledRecipientObjectTask`3.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetUserBase`3.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetMailboxBase`3.InternalValidate()
at Microsoft.Exchange.Management.RecipientTasks.SetMailbox.InternalValidate()
at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
As you can see I’ve got a system mailbox that is not attached to any database, (the one with the yellow error under it). So I simply need to associate that with a mailbox database.
Process edgetransport.exe () (PID=6156). Object [CN={mailbox database name},CN=Databases,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN={domain},CN=Microsoft Exchange,CN=Services,CN=Configuration,DC={domain},DC=com]. Property [PublicFolderDatabase] is set to value [{domain}.org/Configuration/Deleted Objects/Public Folder Store (EXCH2K3) DEL:b60ef8b9-09dd-41c5-9aec-af2a4cc4f33e], it is pointing to the Deleted Objects container in Active Directory. This property should be fixed as soon as possible.
In my case I had a mailbox database that was looking at a public folder database, that no longer existed. (It was on the old/removed Exchange 2003 server).
Solution
Disclaimer: OK this error comes in a lot of forms, and references lots of different processes other than edgetransport.exe. I tried all the stuff I found online to try and fix the problem. But non of them worked, (this error gets logged when the Exchange services start).
In the end I fixed it myself, and it was annoyingly easy.
1. Look in your error message to see the “Mail Database” that’s complaining, (In this example it’s called “Mailbox Database 1507786053”).
2. Launch Exchange system Manager > Organization Configuration > Mailbox > Database Management > Select the offending database > Right click > Properties > Client Settings.
3. Under “Default Public Folder Database” > Browse > Locate and select a live public folder database.
4. Then restart Exchange services (Or reboot).
Related Articles, References, Credits, or External Links
If your VC Database reaches 4GB, the VMware Virtual Centre Server service will stop. A restart of it will result in the service stopping again within a minute.
You will also see see this event logged.
Description:
Could not allocate space for object ‘dbo.VPX_HOST_VM_CONFIG_OPTION’.’PK_VPX_HOST_VM_CONFIG_OPTION’ in database ‘VIM_VCDB’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the file group.
Deploying GFI MailArchiver with Exchange 2010, Using the Outlook Connector, Importing and Exporting Data.
KB ID 0000666
Problem
I’ve been involved with Exchange for a long time, either being directly responsible for it, or supporting others that do. And like all systems it would run a lot smoother if you kept users away from it! But unfortunately you can’t, so your system is probably full of users “Deleted Items” and “Sent Items” and a copy of every email that some users have ever received “Because I might need them”. And for years I’ve been saying “It’s a messaging system not a file storage system” and lecturing users about tidying up their inbox. Yes you can setup retention policies but most people don’t.
Even if you do have conscientious users, some of them click “Yes” when Outlook asks them “Would you like to Auto-Archive your old messages now?” Then you have PST files all over the place getting corrupted and not getting backed up.
In addition, just as techs like me are shouting at users to delete things, businesses are now finding that they need to keep ALL their digital messaging for things like Sarbanes-Oxley and Freedom of Information enquiries. Yes I’m sure you back up your Exchange server but what if you needed to produce a message thread about a particular project that was two years ago in the middle of a month?
Archiving
Is the process of taking a copy of mail messages as they pass through Exchange and copying them off to an external location, in this case a database. The advantage of doing this is that database can be on cheaper midline storage and (potentially) keeps the Exchange database sizes down. With Exchange this is done by setting up Journaling (that’s the process of sending a copy of all [or specified] mail to a journal users mailbox). MailArchiver then takes this mail and put it into its database.
Advantages
1. Performance: Getting all the ‘Old’ Data out of the exchange databases makes them smaller, and more efficient.
2. Elimination of PST files: There’s a big list of reasons why I don’t like PST files. If you’ve ever had a user lose email because of them, then as far as they’re concerned its YOUR fault. There are tools to import PST file into the database, (and to export as well).
3. Disaster Recovery: How nice would it be, the next time users email message ‘disappears’ (Users never delete emails they just disappear), they could restore it themselves, from within Outlook. the Outlook Mail Connector software will do this. Also your backup window for Exchange will be a lot smaller.
4. Compliance: Saving a copy of all messages in a database has the advantage, that it’s searchable, and you can export the data you find in a format that you can import straight back into Exchange or send to someone.
5. Investigation: MailArchiver provides some powerful search and reporting tools. If your HR department needed to see who said what to who about projectXYZ then using conventional methods would be a nightmare.
Solution
GFI MailArchiver 2012 Installation and Configuration
Enabling Journaling in Exchange 2010
Note: GFI Mail Archive setup can do this for you but I prefer to do things manually.
1. Launch the Exchange System Management Console > Recipient Configuration > Mailbox > New Mailbox.
2. User Mailbox > Give it a name and set the password > Don’t create an archive > New > Finish.
3. Option 1: Standard Journaling can be enabled on a mailbox store > Organisational Configuration > Mailbox > Locate the store> Properties.
4. Maintenance tab > Tick Journal recipient then browse for the user you created > Apply OK.
5. Option 2: (Note: Requires an Exchange Enterprise CAL) This is set up using a Journaling rule > Organizational Configuration > Hub Transport > Journal Rules > New Journal Rule.
6. Give the rule a name > Browse for the user you created earlier > Set the scope (in most cases you will want global) > New > Finish.
7. To test it’s working send and email then log on as your ‘Journal’ user and make sure you have a copy in the inbox.
Installing GFI MailArchiver 2012
8. Before installing the GFI MailArchiver server needs the Exchange MAPI Client and Collaboration Data Objects 1.2.1 (Unless you are installing it on the Exchanges server).
9. Also (though not essential) I prefer to disable IE Enhanced Security Configuration, so IE wont get upset with the management console.
10. You can add the URL to trusted sites if you want, but I’m not a fan of IE ESC anyway so I simply disable it.
11. Now run the GFI MailArchiver installer.
12. Now this I DO LIKE, why can’t Exchange do this! These are the server pre-requisites, rather than just falling over and giving you an error (I’m looking at you Windows Exchange Developers!) It offers to do the hard work for you. It takes a while though, best go for a coffee at this point > Next > Select whether you want to check for a newer version > Accept the EULA > Set the destination folder > Next.
13. Here the default setting, WARNING if you already have web services on this server (or even UPS software using port 80), have a common sense check.
Note: If you are not sure, the following command will tell you if port 80 (http) is in use;
[box]netstat -aon | find “:80″[/box]
14. Select Install > Finish.
Configuring MailArchiver 2012
15. The GFI MailArchiver management console will launch > Configure.
16. Next.
17. Enter your licence key and select verify licence key > Next.
18. Next.
19. In this example I’m using the Firebird database, in a production environment you should be using SQL server > Next.
20. Change the paths if required > Enter some domain credentials> Next.
21. Next
22. Next
23. Next
24. I’m selecting Auto > Next
25. As I set the user up myself I’m choosing Manual > Next.
26. Exchange Web Services seems to be less problematic > Enter your Journal user account > Next.
27. Next.
28. Finish.
29. We are now up and configured.
GFI MailArchiver – Outlook Connector, Import and Export
GFI MailArchiver – Using the Outlook Connector
30. Firstly you need to enable ‘Mailbox Folder Structure Retrieval’ on the GFI server > Launch the MailArchiver Management console.
31. Mailbox Folder Structure Retrieval.
32. Change Settings.
33. Enter a user account to connect to Exchange Web Services with, here I’m using my domain admin, whichever account you use needs to have administrative access on the Exchange and the GFI server. It also (domain admin included) needs the following Powershell commands running on the Exchange server before it will work, (change the user name to match your own);
36. I’ve already got a client PC setup with Outlook 2010.
37. I’m just connecting to the GFI servers management URL from the client and downloading the Outlook Connector.
Note: The versions are for Outlook 32 bit and Outlook 64 bit, even if your Windows client is 64 bit you may still be running 32 bit Outlook/Office. If you get it wrong it will tell you your version of Office is not supported.
38. Install the client software, accept the defaults, all you need to specify is the URL of the GFI MailArchiver server.
39. Now when your user opens Outlook, they get an additional mailbox called “GFI MailArchiver Mailbox” that carries a copy of ALL the users mail (Note: Not the mail from before the product was installed, to import that see the import section below, and choose ‘Import for Exchange mailbox’. In addition each user now has a MailArchiver tool bar from which they can search for their mails.
Note: If a user ‘loses’ a mail they can simply drag a copy from their GFI mailbox to their live inbox.
GFI MailArchiver – Importing Data from PST Files
Note: To do this the machine needs to have Outlook installed on it (and NOT Outlook 64 bit!)
40. Launch the GFI MailArchiver Import and Export Tool.
41. Import from .pst files.
42. Add PST file > Browse to your PST file > Open.
43. Select the folder(s) required > Next
44. Select a date range > Select the user that will own the imported data > Next.
Note: I’d rather have an “Import Everything” option!
45. When complete > Finish.
46. Now that user will have the imported mail as well (Note: The default view is “Emails in last 30 days” so don’t panic if you don’t see it all).
GFI MailArchiver – Exporting Data to PST File
47. Launch the GFI MailArchiver Import and Export Tool.
48. Enter the URL of the GFI server > Verify > Ensure it says OK > Next.
49. Select what you want to export (I’m going to search for email containing particular words) > Next.
50. Type in your search text > Find > Next.
51. Here you can restore the mail to a mailbox, export it to .msg or .eml format, or my old nemesis .pst files, I’ll choose the latter > Next.
52. And there’s my .pst file, ready to be sent out to satisfy my freedom of Information enquiry.
Related Articles, References, Credits, or External Links
I was called to a 2003 Server yesterday, that was riddled with malware, whatever was on there was generating a lot of network traffic, so the first thing I did was disconnect it from the network.
That’s fine, but if I wanted to use my usual ‘weapon of choice’ Malwarebytes, how was I going to get the latest database installed?
Solution
WARNING: There is a note on the Malwarebytes website that discourages this procedure, as it breaks the incremental update mechanism of Malwarebytes. They recommend that you use this utility to do the job, and that it should be updated every week (though the page currently has December 2011 as the update date!) . In my case once the machine is clean, I’ll remove Malwarebytes and install Trend Worry Free on it anyway. Either way, I prefer to know for a fact I’m using the latest database.
1. Install and update Malwarebytes on a nice clean machine (In this case, my Windows 7 laptop).
2. Find out what version of Malwarebytes you are running (on the about tab).
3. Navigate to the following location, and take a copy of the rules.ref file, i.e. put a copy on a USB thumb drive.
There’s nothing more annoying, you have just rebuilt your PC and you are missing some drivers. Everything appears to be working but there’s one (or more) devices in Device Manager with a yellow exclamation mark over them called ‘Unknown Device’ or ‘Base System Device”.
Solution
This solution is not a ‘Fix All’ for all situations, but it will point you in the right direction. Even if you can find out that the device is an “Intel chip called EL-XYZ” for example, some Google searching will get you the correct driver when you know what you are looking for.
1. So in device manager (Windows Key+R > devmgmt.msc{enter}). Here are two devices I don’t have drivers for, open the properties for the first one and select ‘Details’ > Change the property to ‘Hardware ID’.
2. Locate the Vendor ID (looks like VEN_{this number}) > Locate the Device ID (looks like DEV_{this number}) > Write them down.
3. Go to PCIDatabase, and search for either, (though the Device ID is your best bet).
4. Progress! Now we know it’s a JMicron Card Reader that needs a driver > There is a link to click as well.
5. Here we are lucky, it’s giving us the direct download form the vendors FTP site, you may not be as lucky, but a Google Search for “{device name} + {version of Windows} + {x64 or x32 bit} + {Driver}” should get you there.
6. I went to that FTP site, and after a bit of clicking about I downloaded the newest driver, (I scientifically picked the one with the biggest number!) And installed it.
. Device Working.
6. The second device didn’t have a handy link, but it told me it was a device made by “Validity” so I guessed it was the finger print reader on my laptop, and got the driver straight from Hewlett Packards site.
Drivers I’ve Had to Look For
I will add any odd ones that have been difficult to find below, (Note: There are literally millions of drivers, these are just the ones I’ve ever had to search for.)
PCIVEN_197B&DEV_2391&SUBSYS_1619103C&REV_3
USBVID_138A&PID_003C&REV_0086
If you want me to add any you’ve add a nightmare locating, click the contact link below and send me the details.
Related Articles, References, Credits, or External Links
Last week a client rang in to say their servers system drive was running out of room. A quick scan showed me the biggest thing on there was a 12 GB database called SUSDB.mdf.
A few searches told me what I’d already guessed from the name, WSUS was the offender, so I set about moving it to their data drive that had lots of free space.
Solution
1. Launch the Windows SBS Console > Backup and Server Storage > Server Storage > Move Windows Update Repository Data.
2. If you are using third party backup software you may see this warning > OK.
3. Locate the Drive you want to Migrate TO and select it > Next.
4. This will move a few GB of data across to the new location. However it does NOT move the database itself.
5. To actually move the Database > Start > All Programs > Microsoft SQL Server 2005 > SQL server Management Studio Express, (Note: You may need to run as administrator).
6. Change the server name to the following and log in.
[box].pipeMSSQL$MICROSOFT##SSEEsqlquery[/box]
7. Expand Databases > Locate the SUSDB Database > Right Click > Detach.
8. Tick the “Drop Connections” box > OK.
9. I suggest you COPY the database from the system drive to the new drive.
10. Once its moved across, back in the SQL management studio > Right click Databases > attach.
11. Add.
12. Browse to the NEW location of the SUSDB.mdf file > OK.
13. OK.
14. Once the database is successfully added back in you can go back to the system drive and delete the original WSUS database.
15. When finished, it’s good practice to tidy up the database > From within the Window Server Update Services Console > Options > Server Cleanup Wizard.
16. Select All > Next > Prepare to wait A LONG TIME (this will probably take a few hours!)
17. When its finished you should see something like this.
Related Articles, References, Credits, or External Links