Wednesday, July 30, 2014

Event ID 8003 - The master browser has received a server announcement from the computer that believes that it is the master browser for the domain on transport NetBT_Tcpip_


Thank you, Rob Morin, for the solution..

Source: http://www.hightechdad.com/2007/05/09/how-to-fix-master-browser-mrxsmb-event-id-8003-errors/

Another way to fix this, rather than stopping/disabling the Computer Browser Service is to unbind NetBIOS from Tcp on each of the interfaces. To find out which interfaces are bound, type 'BROWSTAT.EXE DN' at a command prompt - this will list the interfaces such as 'DeviceNetBT_Tcpip_{7B935...' as displayed in your System Event Log. Steps to disable NetBIOS over TCP:
1) Open Network Connections in the Control Panel
2) Open the Properties dialog for any interface
3) If TCP/IP is checked, select it and click 'Properties'. (If it is not checked, click 'Cancel' - this interface does not have tcp/ip bound)
4) Click the 'Advanced' button
5) On the 'WINS' tab, select the radio button for 'Disable NetBIOS over TCP/IP'
6) Click OK, OK, then Close

If you run BROWSTAT.EXE DN again, the list of interfaces should be one less now. Keep doing this for each interface in the list and you will eliminate all of these MRxSMB messages.

This can also be disabled using DHCP options if you are using DHCP on your network. Just be careful when you have legacy and non-Windoze boxes that need WINS to connect to the network.
Posted by at No comments:

Wednesday, July 23, 2014

How can I find the KMS server on my domain / network

Use the following command

nslookup -type=SRV _vlmcs._tcp.your.domain.suffix

Source:  http://www.bonusbits.com/main/HowTo:Determine_an_Active_KMS_Host_Server_on_a_Domain_Through_a_DNS_Query

Posted by at No comments:

Wednesday, July 16, 2014

Renewing locally signed TLS Certificates on Exchange 2010

Get the thumbprint with..


 Get-ExchangeCertificate | fl

 copy and paste into following commands...

Get-ExchangeCertificate -thumbprint “0FDB0D02E7E9806EB7F252E5296E098287A21DBC” | New-ExchangeCertificate

TO have it not be used for any services, use this other add your services (SMTP IIS IMAP, etc)

enable-exchangecertificate -Thumbprint "5904E1FF48088BB3EE472F61E718CE8516B7327F" -Services:None

: Corrections are welcome

Posted by at No comments:

Monday, April 14, 2014

Giving users access to Exchange Management console snap-in (Exchange 2003/2007/2010)

source : http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html

Assigning administrator rights to the Microsoft Exchange Server user

The user that you have created for the Microsoft Exchange Server agent must be a domain administrator with full administrator rights on Microsoft Exchange Server. The administrator rights are required to access the Microsoft Exchange Server components. You must provide administrative rights to the user.

Before you begin

Create a Microsoft Exchange Server user who has the mailbox on the Exchange Server that is being monitored.

About this task

This task provides information about assigning administrator rights to the user. Minimum rights required for the Microsoft Exchange Server agent to run and display data are as follows:
  • Exchange Server 2003 - Exchange Administrator
  • Exchange Server 2007 - Exchange Recipient Administrator
  • Exchange Server 2010 - Exchange Recipient Management

Procedure

For Microsoft Exchange Server 2003, complete the following steps to grant full administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange > System Manager. The Microsoft Exchange Systems Manager opens.
  2. Click Action > Delegate control. The Exchange Administration Delegation Wizard opens. Click Next.
  3. On the Users or Groups page, click Add.
  4. In the Delegate Control window, click Browse. Select the new user that you have created, and then click OK.
  5. From the Role list, select Exchange Full Administrator, and then click OK.
  6. Click Next, and then click Finish.
For Microsoft Exchange Server 2007, complete the following steps to grant recipient administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Console. The Exchange Management Console window opens.
  2. In the Console tree, click Organization Configuration.
  3. In the Action pane, click Add Exchange Administrator.
  4. On the Add Exchange Administrator page, click Browse. Select the new user that you have created, and then select Exchange Recipient Administrator role.
  5. Click Add.
  6. On the Completion page, click Finish.
For Microsoft Exchange Server 2010, complete the following steps to grant recipient administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Console. The Exchange Management Console window opens.
  2. In the Console tree, click Toolbox.
  3. In the Work pane, double-click the Role Based Access Control (RBAC) User Editor tool. The Exchange Control Panel window opens.
  4. Enter the user credentials for the account with permissions to open the user editor in the Exchange Control Panel. Click Sign in.
  5. Click the Administrator Roles tab.
  6. Select the Recipient Management role group, and then click Details.
  7. In the Members area, click Add.
  8. Select the user that you want to add to the role group, and then click OK.
  9. Click Save to save the changes to the role group.
  10.  
  11. source : http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html
Posted by at 3 comments:

Friday, April 4, 2014

Getting the IP and MAC address from a ChromeBook and ChromeCast


ChromeCast

  1. open the Chromecast app on your Android phone or tablet 
  2. tap on upper left corner icon for Devices to appear 
  3. tap on a Chromecast device you have named (Ready to Cast)
  4. wait for it to connect
  5. Chromecast Settings - Device Info; name, WiFi settings, time zone, SHARE DATA, IP address, MAC Address and Build number.
 source: https://groups.google.com/forum/#!topic/chromebook-central/VABcRQydXXY 


 ChromeBook


  • Click on the Network and Settings window on your tray (where it shows the time, battery, avatar, etc.).
  • Click on the WiFi section to see network details.
  • There will be an “i” button in the bottom-right corner, click on it and your MAC and IP addresses will be displayed.
That’s it! Pretty simple, right?

source: http://chromespot.com/2013/12/02/how-to-get-chromebook-mac-ip-address/
Posted by at 7 comments:

Sunday, March 23, 2014

Renewing an Exchange Certificate - Self signed / StartTLS or Transport (Exchange 2007 / 2010 / 2013)

source: http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm

Bharat's article is what I've used numerous times.

Just do a Get-exchangeCertificate | FL

Then with what youve provided you just highlight the SMTP cert
Thumbprint : 15405C99D3837CFF0DD2EA0213DAD6A241B

and then type out

Get-ExchangeCertificate -thumbprint “15405C99D3837CFF0DD2EA0213DAD6A241B” | New-ExchangeCertificate

then just bounce the microsoft exchange transport service.

source: http://forums.msexchange.org/Renewing_self-signed_SMTP_certificate/m_1800558152/tm.htm
Posted by at No comments:

Tuesday, March 18, 2014

Check Exchange Server Patch Level

Source: http://serverfault.com/questions/448827/how-do-i-determine-the-sp-and-rollup-version-of-an-exchange-installation




Slow method

Open "Programs and Features", select view updates, and search for the relevant Exchange 2010 patch.

Fast method

Run this command in Powershell

 gcm exsetup | %{$_.fileversioninfo}
 
Then use this URL to decipher the version number:

http://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollups-build-numbers-en-us.aspx




Source: http://serverfault.com/questions/448827/how-do-i-determine-the-sp-and-rollup-version-of-an-exchange-installation
Posted by at No comments:

Tuesday, March 11, 2014

Exchange 2013 (version 15) Viewing and setting Message Size Limits


http://technet.microsoft.com/en-us/library/jj150562%28v=exchg.150%29.aspx

Posted by at No comments:

Tuesday, March 4, 2014

How enable/disable FIPS cryptography in WIndows - all version



source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7


In WIndows 8, open up a command prompt wondoe and kick off gpedit.msc and go from there...

First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.
The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:
  1. Using an account that has administrative credentials, log on to the computer.
  2. Click Start, click Run, type gpedit.msc, and then press ENTER.
  3. In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings, and then double-click Security Settings.
  4. Under the Security Settings node, double-click Local Policies, and then click Security Options.
  5. In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
  6. In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled, and then click OK to close the dialog box.
  7. Close the Local Group Policy Editor.
If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

source: http://stackoverflow.com/questions/4886368/how-to-enable-fips-on-windows-7
Posted by at 12 comments:

Tuesday, February 25, 2014

Resolving VSS errors without a reboot


source: http://community.spiceworks.com/topic/170650-vss-writer-and-backup-issues
Mel9484 Dec 13, 2011 at 2:26 AM
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)

Previous post was not properly aligned.

source: http://community.spiceworks.com/topic/170650-vss-writer-and-backup-issues
Posted by at No comments:

Connectwise System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

 source: http://ipswitchft.force.com/kb/articles/FAQ/Windows-Platform-FIPS-validated-crypto-message-appears-trying-to-access-Login-aspx-1307565986146

Answer/Solution:
 
Your Windows environment may be configured to use FIPS encryption that is conflicting with WebInspect.
To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.
  1. Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears. 
  2. Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing." 
  3. If entry this is enabled, disable it.
Also, open the registry editor and browse to the following path.  Make sure this registry subkey is set to 1:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
ASP.NET 2.0 uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The ReindaelManaged implementation has not been certified by the National Institute of Standards and Technology (NIST) as compliant with the Federal Information Processing Standard (FIPS). Therefore, the AES algorithm is not part of the Windows Platform FIPS validated cryptographic algorithms.

Posted by at 2 comments:

Tuesday, January 28, 2014

Port alternatives for SMTP / Exchange server

 
On Thu, 12 Apr 2012 13:53:24 +0000, andyh999 wrote:
 
>We are using port 25 and 587 to send non-secure messages to external servers. Since some ISP's block port 25 we setup 587 a while back for those who contract with the ISP's that block 25.
 
Anyone that's running a SMTP server can find an alternative to using
port 25. Have a look at http://www.dyndns.com as an example. What's
required is a SMTP relay server.
 
>At some point I would like to secure port 587 but I believe would have to contact all users who currently use this port to check on "this server requires a secure connection (SSL)" once I check on "require a secure channel" on the virtual server properties. If this is incorrect please let me know.
 
If you're using anything except port 25 for server-to-server SMTP
you're going to have one heckuva problem. Port 587 is the SMTP Client
Submission port, not the SMTP Server port. Since you use port 587 for
YOUR clients it isn't a problem to manage communication and
configuration. How you'd tell some anonymous SMTP server that they
have to use some alternative port to 25 is a task I'd rather not
undertake.
 
>Due to the sensitive nature of information that passes through our Exchange server we want to at the least encrypt the username and password for outgoing messages. If you have other recommendations on how to do this please share.
 
If the information is sensitive then you should encrypt the message,
not just the transmission channel. Encrypting the channnel only
protects the content "on the wire," but does nothing for the messages
"at rest".
 
>So if I want to send secure email on port 465 what do I need to do?
 
Just send the mail on that port. Since there's no negotiation expected
the data should only be accepted if your server exchanges its
certificate with the target server.
 
---
Rich Matheisen
MCSE+I, Exchange MVP
 

Posted by at No comments:

Friday, January 24, 2014

VSS Writers and corresponding services

source: http://www.planetcobalt.net/sdb/vss_writers.shtml

Reset VSS Writers

VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).

Since this burnt me once too often, I started compiling a list of VSS writers and the services that need to be restarted to reset each of them. Some are rather obvious, others (System Writer for instance) not so much.

VSS Writer Service Name Service Display Name
ASR Writer VSS Volume Shadow Copy
BITS Writer BITS Background Intelligent Transfer Service
COM+ REGDB Writer VSS Volume Shadow Copy
DFS Replication service writer DFSR DFS Replication
FSRM writer srmsvc File Server Resource Manager
IIS Config Writer AppHostSvc Application Host Helper Service
IIS Metabase Writer IISADMIN IIS Admin Service
Microsoft Exchange Writer MSExchangeIS Microsoft Exchange Information Store
Microsoft Hyper-V VSS Writer vmms Hyper-V Virtual Machine Management
NTDS NTDS Active Directory Domain Services
OSearch VSS Writer OSearch Office SharePoint Server Search
OSearch14 VSS Writer OSearch14 SharePoint Server Search 14
Registry Writer VSS Volume Shadow Copy
Shadow Copy Optimization Writer VSS Volume Shadow Copy
SPSearch VSS Writer SPSearch Windows SharePoint Services Search
SPSearch4 VSS Writer SPSearch4 SharePoint Foundation Search V4
SqlServerWriter SQLWriter SQL Server VSS Writer
System Writer CryptSvc Cryptographic Services
WMI Writer Winmgmt Windows Management Instrumentation    
This list is far from complete. It merely contains those writers I already had to deal with.

source: http://www.planetcobalt.net/sdb/vss_writers.shtml

Posted by at No comments:

Thursday, January 16, 2014

Delegate the Server Administrator role to a user on an Exchange Server (2003, 2007 or 2010)


source: http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html

Procedure

For Microsoft Exchange Server 2003, complete the following steps to grant full administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange > System Manager. The Microsoft Exchange Systems Manager opens.
  2. Click Action > Delegate control. The Exchange Administration Delegation Wizard opens. Click Next.
  3. On the Users or Groups page, click Add.
  4. In the Delegate Control window, click Browse. Select the new user that you have created, and then click OK.
  5. From the Role list, select Exchange Full Administrator, and then click OK.
  6. Click Next, and then click Finish.
For Microsoft Exchange Server 2007, complete the following steps to grant recipient administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Console. The Exchange Management Console window opens.
  2. In the Console tree, click Organization Configuration.
  3. In the Action pane, click Add Exchange Administrator.
  4. On the Add Exchange Administrator page, click Browse. Select the new user that you have created, and then select Exchange Recipient Administrator role.
  5. Click Add.
  6. On the Completion page, click Finish.
For Microsoft Exchange Server 2010, complete the following steps to grant recipient administrator rights to the user:
  1. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Console. The Exchange Management Console window opens.
  2. In the Console tree, click Toolbox.
  3. In the Work pane, double-click the Role Based Access Control (RBAC) User Editor tool. The Exchange Control Panel window opens.
  4. Enter the user credentials for the account with permissions to open the user editor in the Exchange Control Panel. Click Sign in.
  5. Click the Administrator Roles tab.
  6. Select the Recipient Management role group, and then click Details.
  7. In the Members area, click Add.
  8. Select the user that you want to add to the role group, and then click OK.
  9. Click Save to save the changes to the role group.

    source: http://publib.boulder.ibm.com/infocenter/tivihelp/v24r1/index.jsp?topic=%2Fcom.ibm.itcamms.doc_6.3%2Fexchange%2Fassign_admin_rights.html
Posted by at No comments:

Friday, January 10, 2014

Office365 - Granting permission to another user's mailbox

Source: http://community.office365.com/en-us/forums/148/t/167084.aspx

There are two options for you to grant User B’s Full Access permission to User A.

1. If you are using Office 365 after-upgrade, you can grant Full Access permission in Exchange Admin Center (EAC).

a. Log into the admin center with global administrator account.

b. Click the “Outlook” tab in the top panel to enter OWA (Outlook Web App).

c. In the address bar, change the URL after “owa” to “ecp”. For example, if the URL of your Outlook Web App is https://server.outlook.com/owa/?exsvurl=1&ll-cc=1033&modurl=0&realm=domain.onmicrosoft.com, please change it to https://server.outlook.com/ecp/ to enter your Exchange admin center.

d. Click recipients on the left navigation.

e. Click mailbox on the right panel and double-click the display name of the mailbox (User B) you want to edit.

f. Click mailbox delegation on the left navigation.

g. Add User A under Full Access.


Please note: After granting the Full Access permission, we recommend you re-sign in to OWA (User A) to use “Open Another Mailbox” to open the mailbox (User B).

2. Use Windows PowerShell to grant Full Access permission.

a. Connect Windows PowerShell to the Service: http://help.outlook.com/en-us/140/cc952755.aspx

b. Run the following command:
Add-MailboxPermission -Identity "User B" -User UserA -AccessRights FullAccess -InheritanceType All

For more detailed information, please refer to the following link: http://technet.microsoft.com/en-us/library/bb124097(v=exchg.150).aspx

@AppRiver, your efforts are appreciated.

Thanks,
Anna Shi

Source: http://community.office365.com/en-us/forums/148/t/167084.aspx 
Posted by at No comments:
Subscribe to: Posts (Atom)