Webbo's World another IT geek's corner of the internet…

21Jul/090

Moving Public Folder Replica – SSL Certificate Error

As part of a recent SBS 2003 - SBS 2008 migration we came across the following error when trying to move the Public Folder's from Exchange 2003 to Exchange 2007. When we told Exchange 2003 to move the Replica Set we saw the below error:

The SSL certificate server name is incorrect
ID no: c103b404
Exchange System Manager

image

Searching for a resolution we found a number of sites that listed removing the SSL certificate requirement on the exadmin folder (As per http://support.microsoft.com/kb/324345). Unfortunately this wasn't a complete fix as it also appeared we then needed to use adsiedit to remove the :443: binding on the service. The fix below worked for us:

  1. In IIS navigate to the Exadmin folder, Right click to bring the “Properties” window up and go to the “Directory Security” tab
  2. In the “Secure Communications” section select “Edit”.
  3. Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
  4. If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.
  5. Goto Start – Run and type adsiedit.msc
  6. In the left side pane expand the Configuration container.
  7. Next expand CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1
  8. Right Click on CN=Exadmin and choose Properties.
  9. In the Properties dialog box you will see 2 drop-down lists. drop down the top list and select “Both”. Drop down the second list and scroll down to the attribute “msExchSecureBindings” and double click on it.

    image

  10. If this attribute is set to 443, click the 443 value to select it and click the “Remove” button. Then click “Apply” and then “OK”
  11. Close out of ADSI Edit,
  12. Restarted IISadmin service

Test the replication again, hopefully all should now be working as expected.

Filed under: Exchange 2003, Exchange 2007 No Comments
7Jul/099

McAfee 8.7i On Access Scan Disabled after install

Having set up a new PC and installed McAfee VirusScan Enterprise 8.7i (with or without Patch 1) every so often on different setups we find that it fails to start and reports the On Access Scan / Buffer Protection and Access Protection components are disabled. This failure to start is after rebooting the PC once the application has been installed.

If you check the McAfee services all are started except the McAfee McShield service which although is on Automatic fails to start.

Then checking Event Log we see the following error on the Vista PC's:
Log Name: Application
Source: McLogEvent
Event ID: 5004

Could not Contact Filter Drive. Error = 0x7d1 : The specified driver is invalid.

image

FIX:

To fix the above we found making the below changes to some registry keys did the trick.

1) Open Regedit
2) Navigate to HKLM\SYSTEM\CurrentControlSet\Services\
3) Find the ImagePath key for mfeapfk, mfeavfk and mfebopk
 4) Edit the ImagePath to reflect the full path to the .sys file - this is usually just a case of adding c:\windows\ in front of the path.

image

5) Make this change for the 3 listed McAfee keys (mfeapfk/mfeavfk/mfebopk)
6) Start the McAfee McShield service

image

Filed under: Applications 9 Comments
28Jun/090

Login Failure Error Accessing Server Shares

Recently working on a File/Print server (that was also a backup DC) and began to receieve the following error from client PC's trying to access it -

Login Failure: the target account name is incorrect

Most google posts seem to refer to checking DNS/WINS settings although in this case everything was fine. I could access the shares via \\192.168.xx.xx but not \\servername. Looking in to the error further there were some error logs referencing kerberos issues and the main clue was found after running netdiag. The netdiag report came back with the below error -

[FATAL] Secure channel to domain 'MYDOMAIN' is broken. [ERROR_ACCESS_DENIED]

So if your having a similar issue then it's usually a case of resetting the machine password via the netdom tool. If it's occuring on a workstation you may want to just remove it from the domain and add it back on, however if a server has the issue then this Microsoft article will help -

http://support.microsoft.com/kb/329721 (Description of netdom.exe Syntax and Versions)
http://support.microsoft.com/kb/260575 (How To Use Netdom.exe to Reset Machine Account Passwords / Domain Controller)

Filed under: Server 2003 No Comments
4Jun/090

PFDAVAdmin “Could not expand” error

Recently came across this problem on a Server 2008 box running Exchange 2007. Having downloaded the PFDAVAdmin utility and trying to connect to all mailboxes, it gives the below error when you try to expand any of them. Fortunately it's a nice and easy fix!

Error:

Could not expand https://servername/exadmin/admin/domain/mbx/emailaddress/non_ipm_subtree/: Name cannot begin with the '0' character, hexadecimal value 0x30. Line 1, position 417.

Fix:

Run the PFDAVAdmin utility from a workstation, can download from HERE
Download Microsoft .NET Framework 1.1 HERE
DO NOT install this on the Exchange 2007 server as it will most likely reset the current .NET 2.0 settings and break Exchange 2007.

Filed under: Exchange 2007 No Comments
2Jun/090

Exchange 2007 with Single Name SSL Certificate

Having configured a number of Exchange 2007 sites that only use a Single Name SSL certificate a few issues can be experienced. Outlook will often throw a couple errors your way if a few changes aren't made to Exchange/DNS to ensure they point to the name used in the SSL certificate. These errors are below:

Outlook 2007 Errors:

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again Later.

image image

If you're seeing the above I'd suggest checking out the below site on how to best configure Exchange to suit the SSL certificate being used.

http://www.amset.info/exchange/singlenamessl.asp

Filed under: Exchange 2007 No Comments
22Jan/090

Roaming Profiles ARE NOT written back to server during log-off

Having recently found a Sony laptop that would not copy / sync a users profile during log off I had a hunt round google and found the below from Experts Exchange. Wouldn't have expected this as the cause but carrying out the below solved the problem. One minor note on the particular Sony laptop was that the Sony Event service also needed to be disabled - otherwise the user was spammed with the Vaio Power management feature believing the speed / stamina switch had been changed and the Graphics settings were to be adjusted.

Domain Environment: Microsoft Server 2003/Server 2003 R2 SP2
Affected Operating Systems: Windows XP SP1/SP2/SP3, Vista

Solution:

I have found that the NVIDIA drivers can break roaming profiles functionality. Un-install the video drivers through add/remove programs. Reboot the workstation and see if the profile is written back to the server at logoff.

Re-install NVIDIA drivers & before re-starting the computer:

Go to

1) Start Menu>Run> type services.msc
Scroll down the list of services to: "NVIDIA Display Driver Service" Stop this service from running and also Disable the service from starting again.

2) Go to Start Menu>Run> type msconfig uncheck nwiz.exe, Nvcpl & RunDll32.exe NvMCTray.dll,NvTaskbarInit under startup tab. Then press apply & okay buttons. Do not restart the computer when prompted.

3) Go to Command Prompt:

Start Menu>Run> type cmd press okay
Browse to C:\windows\system32 folder
Cd\ <press enter>
Cd windows\system32 <press enter>
Manually rename the following files after installation and before rebooting:
ren nvcpl.dll nvcpl.dlx <press enter>
ren nvcplui.exe nvcplui.exx <press enter>

4) Reboot Computer & Confirm Profile writes back to server at logoff.

Filed under: Server 2003 No Comments
20Jan/091

Excel 2003 opens blank when trying to load a spreadsheet

Recently had a problem whereby opening a spreadsheet within Excel 2003 would launch the application but the workbook will not open. No error was shown in this case, just the blank grey background. Sometimes this can by the excel.exe remaining open and running as  a 'stuck' process, which can be resolved by loading Task Manager and killing it. Unfortunately that wasn't the case this time so looking in to the problem I found it may or may not display an error:

Cannot find the file 'path' (or one of its components). Make sure the path and filename are correct and that all required libraries are available.

The problem is caused by the Ignore Other Applications setting being set on. To set it off, choose the menu command Tools->Options, navigate to the General tab, turn off the checkbox "Ignore other applications", and then click OK.

Filed under: Office 1 Comment
16Jan/090

Install Microsoft Exchange 2007 Anti-Spam component

image

From http://support.microsoft.com/kb/555924

1. Log on to the Hub Transport Server.
 2. Go to "Start" -> "Programs" -> "Microsoft Exchange Server 2007".
 3. Open "Exchange Management Shell".
 4. Write "Install-AntispamAgents.ps1" and press on the "Enter" key.
 5. Restart "Microsoft Exchange Transport" service.
 6. Go to "Start" -> "Programs" -> "Microsoft Exchange Server 2007".
 7. Open "Exchange Management Console".
 8. Navigate to "Microsoft Exchange" -> "Organization Configuration" > "Hub Transport".
 9. A new tab, named "Anti-Spam" should appear.
 
 Note: To revert to Exchange 2007 default settings, use "uninstall-AntispamAgents.ps1"
             script and restart the "Microsoft Exchange Transport" service.

Filed under: Exchange 2007 No Comments
16Jan/090

Windows 7 ‘First Impressions’

Having downloaded the Windows 7 x86 and x64 ISO's I decided to start an install using VMWare Workstation 6.5. Using the automatic setup wizard within VMWare it picked the Windows 7 image up as a Windows Vista x64 PC, all the defaults that VMWare used for this allowed the install to begin perfectly and bar a slight 'revamp' it looked near identical to the current Windows Vista installation process.

imageimageimageimageimageimage

Once installed there are a few immediate differences that are noticed, primarily the task bar and the introduction of Internet Explorer 8. There's also a nice new 'Action Center' that appears to be the hub for general Maintenance and combines the previously known XP/Vista Security Center items.

UAC looks to have been thought through this time. As with Vista it can still be set to the 'annoy the hell out of me' setting which asks you to confirm everything you do on the PC, however the default setting is a more sensible one that only asks to confirm when a program tries to make a change to the PC. I haven't really tested this yet but I plan too shortly.

imageimageimageimageimageimageimage

The Control Panel has also changed slightly with how the 'List' view is shown. So far the setup seems to be running smoothly (although it's not had a good kicking yet to really test it's features) and it was a very easy install process, with the Windows 7 VM Machine now running I'll start putting various security software on and post my findings!


Filed under: Windows 7 No Comments
5Jan/090

Moving Exchange 2003 UceArchive folder

One of our servers was beginning to run low on drive space - alot of emails had begun to accumulate in the UceArchive so I thought I'd move it out of C: on to another drive with more space. Here's how:

image

1) Open Regedit via Start - Run and type in regedit - click Ok
2) Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter
3) Within the ContentFilter key, create the following String Value (REG_SZ): ArchiveDir  
4) Set the UceArchive folder path e.g. E:\Exchsrvr\Mailroot\vsi 1\UCEArchive.
5) Close Registry Editor, and restart the Simple Mail Transfer Protocol (SMTP) service.

Filed under: Exchange 2003 No Comments
 « Newer Entries  Older Entries »

Archives

Categories

Meta