Friday, July 26, 2013

Eventvwr filtering for a specific user - Windows Server


source:http://social.technet.microsoft.com/Forums/windowsserver/en-US/264b58d9-a512-4a04-a186-31e019786a63/filter-winserver-2008-event-security-log-by-account-name-used-or-user-how

I came across your answer when faced with the same problem on Windows Small Business Server 2008. In my case I had to use TargetUserName rather than subjectUsername. I.e

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">* [EventData[Data[@Name='TargetUserName']='testuser']]</Select>
  </Query>
</QueryList>
 

The query then worked fine.

Wednesday, July 17, 2013

Test Email flow using SMTP commands, nslookup, ehlo, helo, troubleshooting mailflow

 
How_tos

Test Email flow using SMTP commands

165
 
 
Spiciness

Steps

Often you need to test email and if it's working. With these commands you can test email flow at a very granular level to determine what's broken and where.
Scenario:
Your domain: mydomain.com
Domain you wish to send to: theirdomain.com


1.

Determine the mail server you're sending to.

* Open a CMD prompt
* Type NSLOOKUP
> set q=mx
> theirdomain.com
Response:
Non-authoritative answer:
theirdomain.com MX preference = 50, mail exchanger = mail.theirdomain.com




Nslookup_big
2.

Connect to their mail server

SMTP communicates over port 25. We will now try to use TELNET to connect to their mail server "mail.theirdomain.com"
* Open a CMD prompt
* TELNET MAIL.THEIRDOMAIN.COM 25
You should see something like this as a response:
220 mx.google.com ESMTP 6si6253627yxg.6
Be aware that different servers will come up with different greetings but you should get SOMETHING. If nothing comes up at this point there are 2 possible problems. Port 25 is being blocked at your firewall, or their server is not responding. Try a different domain, if that works then it's not you.


Telnet_begin_big
3.

Send an Email

Now, use simple SMTP commands to send a test email. This is very important, you CANNOT use the backspace key, it will work onscreen but not be interpreted correctly. You have to type these commands perfectly.
ehlo mydomain.com
mail from:<martin9700@mydomain.com>
rcpt to:<recipient@theirdomain.com>
data
This is a test, please do not respond
.
quit

So, what does that all mean?
EHLO - introduce yourself to the mail server HELO can also be used but EHLO tells the server to use the extended command set (not that we're using that).
MAIL FROM - who's sending the email. Make sure to place this is the greater than/less than brackets as many email servers will require this (Postini).
RCPT TO - who you're sending it to. Again you need to use the brackets. See Step #4 on how to test relaying mail!
DATA - tells the SMTP server that what follows is the body of your email. Make sure to hit "Enter" at the end.
. - the period alone on the line tells the SMTP server you're all done with the data portion and it's clear to send the email.
quit - exits the TELNET session.


Telnet_session_big
4.

Test SMTP relay

Testing SMTP relay is very easy, and simply requires a small change to the above commands. See below:
ehlo mydomain.com
mail from:<martin9700@mydomain.com>
rcpt to:<recipient@someotherdomain.com>
data
This is a test, please do not respond
.
quit
See the difference? On the RCPT TO line, we're sending to a domain that is not controlled by the SMTP server we're sending to. You will get an immediate error is SMTP relay is turned off. If you're able to continue and send an email, then relay is allowed by that server.

Source: http://community.spiceworks.com/how_to/show/11-test-email-flow-using-smtp-commands

Tuesday, July 16, 2013

Setting and checking message size limits on Exchange Server 2010

source: http://eightwone.com/2010/09/29/exchange-message-size-limits/


Exchange Message Size Limits

While traveling trough your Exchange organization or beyond, e-mail messages may be imposed to all sorts of limitations. One of these limits is the message size limit, which can be set on the following levels:
  • Organizational Level
  • Send Connector
  • Receive Connector
  • AD Site Links
  • Routing Group Connectors
  • Individual
The path evaluated is as follows: User Send Limit > Receive Connector > Organization Checks > Send Connector > User Receive Limit

In general, the lowest size limit on an e-mail route determines if a message can be successfully transported from sender to the recipient. Exception is the individual setting which can override the other settings for internal messages. Strategy is to define limits where appropriate and as soon as possible. It’s a waste of resources to accept a message, send it throughout the organization via several hops, to finally reject the message because the recipient has a maximum receive size limit.

Organizational Level

The message size limits on the organization level can be set through the Exchange Management Console via Organization Configuration > Hub Transport > Global Settings by opening the Properties of Transport Settings:


TransportSettings

Of course, you can also view the settings using the Exchange Management Shell using Get-TransportConfig, e.g.


TransportSettings-EMS
As you can see, the default value in Exchange 2010 is 10240 (10 MB) for both receive as well as send message sizes. If you require a higher value, for example to enable people to send and receive larger attachments, you can use the EMC or Set-TransportConfig:

Set-TransportConfig –MaxReceiveSize 25MB –MaxSendSize 25MB

As you might expect, MaxReceiveSize applies to receive connectors, MaxSendSize applies to send connectors. Valid range for this setting is anywhere in the range between 64KB and 2GB or Unlimited. When set to Unlimited (which once was the default values in Exchange 2007 RTM), no limit will be imposed. I don’t recommend using Unlimited since it can lead to service disruption caused by processing large messages.

Send Connector

The message size limits on a send connector can be set through the Exchange Management Console via Organization Configuration > Hub Transport > Send Connectors by opening the Properties of the Send Connector:

SendConnector-EMC 

You can also use Get-SendConnector to view the setting:

SendConnector


The default maximum sending message size for Exchange 2007/2010 send connectors is 10 MB. If you want to be able to send larger messages over this send connector, you can use the EMC or Set-SendConnector:

Set-SendConnector –Identity Internet –MaxMessageSize 25MB

Valid range for this setting is anywhere in the range between 64KB and 2GB or Unlimited.

Receive Connector

The message size limits on a send connector can be set through the Exchange Management Console via Server Configuration > Hub Transport by opening the Properties of the Receive Connector in the Receive Connectors pane:

ReceiveConnector-EMC

You can also use Get-ReceiveConnector:

ReceiveConnector
The default maximum receiving message size for receiving messages for Exchange 2007/2010 receive connectors is 10 MB. If you want to be able to receive larger messages over this receive connector, you can use the EMC or Set-ReceiveConnector:

Set-ReceiveConnector –Identity “MAIL1\Default MAIL1” –MaxMessageSize 25MB

Valid range for this setting is anywhere in the range between 64KB and 2GB or Unlimited.


AD Site Link

Messages travelling between Hub Transport servers are subject to AD site link limits. By default site links have no message size limit. You can view AD site link settings using Get-AdSiteLink or use Set-AdSiteLink to configure MaximumMessageSize when required.


ADSiteLink
Note that Hub Transport servers use least cost routing to route messages. When a message exceeds a site link limit, the message will not be delivered. Hub Transport servers will not try to deliver the message using a different route.

Routing Group Connectors

In a co-existence scenario you might have routing group connectors connecting Exchange 2007/2010 to an Exchange 2003 environment. Routing group connectors have no maximum message size limit by default.
To inspect a routing group connector maximum message size settings, use Get-RoutingGroupConnector:

Get-RoutingGroupConnector <ConnectorID> | FL Name, *Max*

To configure a maximum message size limit on a RGC use Set-RoutingGroupConnector:

Set-RoutingGroupConnector <ConnectorID> -MaxMessageSize 25Mb
Individual

You can create exceptions for the MaxReceiveSize and MaxSendSize values for mailbox users, mail-enabled contacts and distribution groups. By default no limits are imposed (i.e. Unlimited). To inspect the settings for a mailbox user, navigate to Recipient Configuration > Mailbox and open the Properties of the User. Activate tab Mail Flow Settings and open the Properties of the Message Size Restrictions settings:

UserMessageSizeSettings

or use the related cmdlet, e.g. Set-Mailbox UserID –MaxSendSize 1GB –MaxReceiveSize 1GB:

UserMessageSizeSettings-EMS

If you set an individual maximum send or receive size setting higher than the organization or connector limits, the individual setting will override those limits when the message is send internally, e.g the recipient resides in the same organization. This way you can create exceptions for certain individuals which require a higher message size limit.

source: http://eightwone.com/2010/09/29/exchange-message-size-limits/

Wednesday, July 10, 2013

Default Gateway is set to 0.0.0.0

can use DOS to remove route

or

uninstall bonjour software that accompanies Adobe products

Adding a static ip route with command line DOS

source: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_addstaticroute.mspx?mfr=true


To add a static IP route

1.Open Command Prompt
2.At the command prompt, type:

route add destination mask subnetmask gateway metric costmetric if interface
where:

destination 
Specifies either an IP address or host name for the network or host.
subnetmask
Specifies a subnet mask to be associated with this route entry. If subnetmask is not specified, 255.255.255.255 is used.
gateway
Specifies either an IP address or host name for the gateway or router to use when forwarding.
costmetric
Assigns an integer cost metric (ranging from 1 through 9,999) to be used in calculating the fastest, most reliable, and/or least expensive routes. If costmetric is not specified, 1 is used.
interface
Specifies the interface to be used for the route that uses the interface number. If an interface is not specified, the interface to be used for the route is determined from the gateway IP address.

For example, to add a static route to the 10.0.0.0 network that uses a subnet mask of 255.0.0.0, a gateway of 192.168.0.1, and a cost metric of 2, you type the following at a command prompt:

route add 10.0.0.0 mask 255.0.0.0 192.168.0.1 metric 2
Note

To open command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt
To make a static route persistent, you can either enter route add commands in a batch file that is run during system startup or use the -p option when adding routes.
Routes added by using the -p option are stored in the Windows registry under the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes
All symbolic names used for destination or gateway are looked up in the network and computer name database files (Networks and Hosts), which are stored in the local systemroot\System32\Drivers\Etc folder.
If a route addition fails, you can use the tracert command to verify that the gateway specified is directly reachable from the same subnet as this computer.

To delete: Route delete <ip addr> 


source: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_addstaticroute.mspx?mfr=true


Sync issues with Roaming profiles - force sync them!

source: http://community.spiceworks.com/topic/252872-roaming-profile-won-t-sync


BEST ANSWER
Collin8612Aug 22, 2012 at 10:42 AM
I usually get this problem when the profile gets too big, and downloading temporary files fail. They get stuck in a locked state. The temporary files re named prf*.tmp (like prf847.tmp, prf1234.tmp, etc.)
If that is the case, this is how I normally fix it:
Log out of all computers.
Delete the roaming profile on the server.
Log into local computer as admin; delete all prf*.tmp files from the profile on the local computer.
Log into local computer, don't worry about errors saying it can't find the remote copy.
Log out; let is synch.
Log in - should be Good To Go
Sometime it works if you just delete the server profile recommended by Scott
·Reply
 
source: http://community.spiceworks.com/topic/252872-roaming-profile-won-t-sync