Thursday, 23 December 2010

Slow RDP refresh

A great read...

This command seems to help:

netsh interface tcp set global autotuninglevel=highlyrestricted

netsh interface ip set global taskoffload=disabled

Monday, 20 December 2010

Symantec Endpoint server firewall rules

netsh firewall add portopening TCP 8443 "Symantec server port"
netsh firewall add portopening TCP 9090 "Symantec management console port"
netsh firewall add portopening TCP 8014 "Symantec client communication port"

Thursday, 21 October 2010

Error during the configuration of the host:Failed to update the disk partition information

vSphere client issues this error when creating storage on an iSCSI SAN, in this caseMD3200i

Error during the configuration of the host:Failed to update the disk partition information

This was cuased by me etting the LUN paths to Round Robin rather than Fixed which was the VMware default.

Wednesday, 20 October 2010

How to move a DHCP database from a computer that is running Windows Server 2003 to Windows Server 2008

Export the DHCP database from Windows 2003:

1. On the Windows 2003 DHCP server, navigate to a command prompt
2. Type the following Command: netsh
3. Type the following Command: DHCP
4. Type the following Command: server name or ip address
5. Type the following Command: export c:\w2k3DHCPdb all

Note You must have local administrator permissions to export the data.

Import the DHCP database

1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. Install the DHCP Role on the server.
3. Stop the DHCP server service on the server. To do this, follow these steps:

a. Log on to the target DHCP server by using an account that is a member of the local Administrators group.

b. Click Start, click Run, type cmd in the Open box, and then click OK.

c. At the command prompt, type net stop DHCPserver , and then press ENTER. You receive a "The Microsoft DHCP Server service is stopping. The Microsoft DHCP Server service was stopped successfully" message.

d. Type exit, and then press ENTER.

4. Delete the DHCP.mdb file under c:\windows\system32\DHCP folder.
5. Start the DHCP server service.
6. Right-click on the Command Prompt (cmd) and select run as administrator, to open the cmd prompt using elevated privileges.

Note You must have local administrator permissions to import the data.

7. Type the following Command: netsh
8. Type the following Command: DHCP
9. Type the following Command: server name or ip address
10. Type the following Command: import c:\w2k3DHCPdb
11. Restart DHCP and verify the database has moved over properly.


Thursday, 14 October 2010

Creating PTR records with BT static IP addresses

If you need to create a PTR record for a BT static IP address you need to send an email to:

Stating your broadband phone number, static IP address and which host you want it pointing to.

Tuesday, 12 October 2010

UK ISPs IP address ranges

Vodafone UK -

O2 mobile - -

Blackberry -

T-Mobile -

Opal Telecom - -

TalkTalk -

BT Public Internet Services - - - - - - -

BeThere - -

Demon - -

Telewest Broadband -

Virgin Media - - - - - -

Tiscali - - -

Sky Broadband -

EasyNet -

PlusNet - -

Murphex -

Wednesday, 29 September 2010

Get all SMTP addresses from Exchange server

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(mail=*))" -attr mail displayname -limit 0 > email_addresses.txt

Tuesday, 28 September 2010

Vodafone UK IP addess range

If you need to allow mobile phones in though a firewall the UK Vodafone IP range is: -

Tuesday, 7 September 2010

Exchange 2010 - Quickly install all the required features to install Exchange 2010

To quickly install all the required features to install Exchange 2010

Open the CMD prompt, move to the \scripts folders on the Exchange 2010 DVD and execute this command.

servermanagercmd -ip Exchange-Typical.xml

Monday, 6 September 2010

Installing Dell OpenManage on ESX

Download tarball (check for the latest version)

winscp to /root/temp

tar -zxvf om_6.0.1_Mannode_A00.tar.gz

run from /linux/supportscripts
sh ./ --express

Restart service start

Install firewall Opmanger settings

esxcfg-firewall --o 1311,tcp,in,OpenManage

Wednesday, 18 August 2010

Sophos SBE not updating - fix


-stop sophos agent service
-stop sophos certification manager service
-stop sophos management service
-stop sophos message router service
-stop sophos update manager service

-c:\documents and settings\all users\application data\sophos\update manager\working (delete)

-c:\documents and settings\all users\application data\sophos\update manager\update manager\warehouse (delete)

-c:\documents and settings\all users\application data\sophos\update manager\update manager\cids (delete)-c:\program files\sophos\scc\sum\sum_status.xml, specialactions.xml, ~specialactions.xml (delete the 3 files in the folder)

-start services in reverse order

-update now in the console.

Thursday, 5 August 2010

Windows / SBS 2008 C: low on space

I have discovered a great tool for freeing up space on a System drive of a Windows 2008 after SP2 has been installed computer. WARNING this rolls up service so that I CAN'T be installed.



On Windows 2008r2 the command is...

DISM.exe /online /Cleanup-Image /spsuperseded

Outlook 2007 'Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again later"

After an transition to SBS 2008, Outlook 2007 clients might get this warning when they try to open their Out Of Office Assistant.

You might also see this symptom below if you "Test E-Mail Autoconfiguration." in outlook.

Most troubleshooting websites point you to the certificate being incorrect. However the SBS wizard should have done the job correctly. I fixed this but disabling 'Require SSL' on the autodiscover virtual directory. If that does not work try the EWS virtual directory.

Great Exchange 2007 SSL tool

Friday, 2 July 2010

Quickly add Sophos management ports to SBS 2008 firewall

To allow the network PCs to communicate with the Sophos Control Center you need to open some ports on the SBS 2008 box. Issue these commands from the CMD prompt

netsh firewall add portopening TCP 8192 "Sophos Management"
netsh firewall add portopening TCP 8193 "Sophos Management"
netsh firewall add portopening TCP 8194 "Sophos Management"
netsh firewall add portopening TCP 8081 "Sophos quarantine digest"

Thursday, 3 June 2010

Usefull ESX commands

df -h  lists the filesystems and space available.
perl -spi -e 's|PermitRootLogin no|PermitRootLogin yes|' /etc/ssh/sshd_config enables SSH for root, need to issue service sshd restart afterwards
vimsh -n -e /hostsvc/maintenance_mode_enter or _exi enter mainenance mode from the shell
vmkfstools -Ph -v 10 /vmfs/volumes/$$volume_label$$/ Check free file space as VMFS can only support 32k files
dd if=/dev/cdrom of="isoname.iso" makes an ISO from the CD-ROM in the host.
mkdir iso | chmod 777 iso Makes a directory called iso and sets permissions to read write.

Wednesday, 2 June 2010

A great Exchange resource

Outlook 2003 error after Exchange 2010 transition

If you get this error when you try and open legacy Outlook clients after a transition to Exchange 2010 you need to open the Outlook profile and click 'More options' and 'Security' and enable "Encrypt data between Microsoft Office and Microsoft Exchange Server"

This does not effect Outlook 2007 and 2010 clients as they connect another way.

See for more info, medthod 3 might be worth rolling out of you have a lot of legacy Outlook clients

Outlook 2007 / 2010 SSL warning

Even though you have forked out on a verified SSL cert, internal Outlook 2007/2010 clients get this warning when opening Outlook.

This is because the CAS is using the internal DNS name rather than the external name. For example https://mail.domail.local/ rather than

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri

See for more info

Exchange 2010 Public folder permissions

If you need to alter public folder permissions with in Exchange 2010 you need to download and extract ExFolders program to the C:\Program Files\Microsoft\Exchange Server\V14\Bin folder.

Exchange 2010 SSL Certificates

When you purchase a SSL cert for Exchange 2010 you can no longer get away with a cheaper SSL cert, you must purchase a UC or SAN certificate. I recommend

This is because you need a certificate for UM (unified messaging) even if you don't install the role.

for more help.

MSExchangeAL - EventID 8270 & 8315 : LDAP returned the error [32] Insufficient Rights when importing the transaction.

LDAP returned the error [32] Insufficient Rights when importing the transaction.

...and or

The service could not update the entry 'CN=User Name,OU=Special,,DC=local' because inheritable permissions are not propagated to this object. The inheritable permissions may be disabled because the object belongs to a Windows 2000 administrative group or the inheritable permissions were disable explicitly by an administrator. DC=footasylumltd,DC=local

Fixed by open the user detailed in the event and clicking the 'security' tab, click 'Advanced' and select/enable Include inheritable permissions from this object's parent.

You can easily find out who does not have this attribute set by installing AD Cmdlets tools and running this command.

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

(DUP) when you ping from ESX

64 bytes from icmp_seq=4 ttl=128 ms (DUP!)

When you ping the VC from an ESX host you get (DUP!) if beacon probing is enabled under the vSwitch NIC teaming load balencing poilcy. This is only the case when "Route based on IP hash" is the case.

Exchange 2010 - OAB setup

When setting up Exchange 2010 there is no provision for legacy OAB, this needs to be configured. Open EMC 2010, navigate to Organisation Configuration and Mailbox, select Offline Address Book, open the properties of the 'Default Offline Address Book' click the distribution tab and enable "Web-based distribution".
Once you have OK'ed the settings you need to right-click 'Update', you will also have to open a CMD prompt and IISRESET