Monday, August 31, 2009

ESX4 Web Admin

By default ESX4 upgrade disables the web management console. Also a fresh install does the same. When you browse to it you get 403 Service Unavailable.

To get it working, go to
/etc/init.d
run ./vmware-webAccess start

Monday, August 24, 2009

EMC Clariion unmanageable

Well I changed the IP on my Clariion CX3-20c on both SPA and SPB, now they only see themselfs, and no data. Basically the fix was to go into the setup http://IPADDRESS/Setup. then choose the Reset all domain information and restart the Management Server. (Destroy Security and Domain Information), reboot the managment agent, then repeat for Node B as well, then rebuild the domain, and whola, it works again. Don't forget to re-setup any alerts or anything else you have.

Wednesday, August 12, 2009

I want to know what users to harass because their mailbox is too large

Lets say 1GB+ is too large

Get-MailboxStatistics -Server csmailstore1 | Where {$_.TotalItemSize -gt 1GB} | Sort-Object -Property TotalItemSize -Descending | Format-Table DisplayName,TotalItemSize > c:\mailboxsizes.txt

Exchange Send-As problem

Doing an exchange migration between AD Forests, Logging in as my new account, I was able to give myself rights via Exchange and AD to my old mailbox in the old domain. Exchange permissions were a snap, the only exception is that they had to be done via powershell since the Exchange 2007 GUI doesn't allow you to 'pick' users from another forest. Granting the Send As AD Right is also done with powershell , such as

Add-ADPermission "brian smith" -user newADDom\bsmith -ExtendedRights Send-As

However, every 15 minutes or so I noticed that this right would vanish, i'd do a
Get-ADPermission "Brian Smith" ft -wrap > c:\Brian.txt
and notice there was no permissions to newADDOM\bsmith.

I found out one of the security restrictions is that Domain Admins and Enterprise Admins can't have "send-as" rights to another mailbox. Therefore I have to remove myself from those groups in order to work in a Send-As Scenario. Nice Job Microsoft, way to use a 'best practice' guide as an excuse not to fix a huge bug. There are work arounds, but they look to difficult to bother with for the short time before we migrate.

NOTE: you really gotta make sure its removed from all of the groups that are members of any of the other builtin groups.

Tuesday, August 4, 2009

DC's out of Time Sync

So apparently NET TIME is depricated, and replaced iwth w32tm /monitor and other w32tm (windows time) commands.

Doing my w32tm /monitor command showed me that my DC's were out of sync. Seeing this I wondered why. I noticed in the registry that many of my DC's were syncing with time.windows.com. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Since my PDC emulator has the appropriate settings to be an NTP server and is pointing to an external time source my company likes, it's ready to be sync'd with, so I wanted to point all my DC's to it, and not time.windows.com

I modified the "NtpServer" REG_SZ parameter to be the IP of my PDC Emulator, restarted the Windows Time Service, and blamo in less than 3600 seconds, it all works again