Wednesday, July 29, 2015

Creating Keytab for UNIX machines access in Active Directory

For UNIX servers can gain access to AD and that they can take an active object in AD as well as the possibility of SPNs we record for them, work with Kerberos authentication in a transparent, etc. What makes it all possible is the Keytab that is generated by Ktpass tool (native Windows tool).
Below example command to generate the Keytab (remembering that the computer object in AD must be previously created):
ktpass / princess host / COMPUTER.domain.test@DOMAIN.TEST / out NomeDoArquivo_host.keytab / crypto All / ptype KRB5_NT_PRINCIPAL -desonly / mapuser DOMAIN \ COMPUTER $ + rndPass
COMPUTER = Computer Name
DOMAIN.TEST = Domain Name
DOMAIN = Netbios Domain
note: -Necessary align with the UNIX team to computer names and domain involved in the command will be charged with lowercase or uppercase letters.

Tuesday, July 28, 2015

10 PowerShell hot pedaling in your Exchange environment

As one Arrentino saying "How are you"?
Staff, the footprint here is as follows; put 10 hot commands for you streamline your daily tasks.
come on:
# 01 - Test-MAPIConnectivity -Identity EMAILDOUSUARIO@DOMINIO.COM | fl
This command being positive ensures that system services, such as Managed Folder Assistant and OWA able to successfully access the mailbox in question, it also brings that server information is located Database and the user's Mailbox. Bears the name of the Mailbox and the coolest, brings Latency. Not to mention that the camando also shows you the status.
# 02 - Get-MailboxDatabaseCopyStatus * | where {$ _ eq ContentIndexState "Failed".}
This is maniero Pakas Mermão. The more show this command is that it shows you which Databases are with the millennium bug's in the Index. Likes? It has more Mermão.
# 03 - Get-MailboxDatabaseCopyStatus * | where {$ _. ContentIndexState -eq "Failed"} | Update-MailboxDatabaseCopy -CatalogOnly
Recalls that the tip # 02 I said I had more? Command that you identified which Databases are with Millennium Bug in the Index, right? It is Mermão, now you correct. Is not it beautiful?
# 04 - Get-MailboxServer | fl name
Get-ClientAccessServer | fl name
Get-TransportServer | fl name
The above commands list the servers of their respective functions. Convenient and fast as well.
# 05 - Get-MailboxDatabase -Status | ft name, last -auto *
Get that is supimpa. The crazy list the status of the last backup (Full / incremental / copy) of databases.
# 06 - Move-ActiveMailboxDatabase NOMEDODATABASE -ActivateOnServer SERVERNAME -Confirm: $ false
Command to move mailbox.
# 07 - Get-Mailbox -Identity CONTADOUSUARIO | Get-MailboxPermission | fl
It happens sometimes, users report that they are receiving pop up asking for password. This command checks the access permissions.
# 08 - New-MoveRequest -identify CONTADOUSUARIO -TargetDatabase DATABASENAME -BadItemLimit 50 -AcceptLargeDataLoss
Comandinho supimpa to move users. And an environment that there are several rules that comanado Database is very useful.
# 09 - Get-MailboxServer -identity NOMEDOSERVERMAILBOX | Get-MailboxDatabase | where {$ _ name -match "NOMEDATABASE."} | Get-Mailbox
Cool command that shows users on the database.
# 10 - Get-Mailbox -identity EMAILDOUSUARIO@DOMINIO.COM | Select-Object Alias ​​| foreach-object {Get-MailboxFolderStatistics -Identity $ _ alias | select-object Identity, ItemsInFolder, FolderSize.}
This command is to close with a flourish. Get this shows all your folders created in your mailbox, items in your folder and the size of each.

I hope these tips to accelerate everyday tasks. Soon we will bring the TOP 10 PowerShell for Active Directory.

Kill TS sessions remotely

Classic problem: You try to connect remotely to a server via TS and no connections available ...
One of the possible ways to disconnect these sessions, is through an executable called RESET.EXE included in Windows 2003 and later (at least until Windows Server 2012R2 it still exists ... rss ... remembering that this EXE is also found in versions customers Windows).
Below is an example of the command syntax:
To list the sessions of the remote machine, run the following command:
query session / server: NomeDoServidor_ou_IP
The listing of the sessions is necessary, in order to have access to the session ID.
To "overthrow" the session, run the following command:
reset session IDdasessão / server: NomeDoServidor_ou_IP
I hope you find it useful!

Microsoft Cluster - Disco reserved

Personal, recently something happened at least interesting with a Mailbox server (MS-Exchange 2010).
This machine was running on ESXi 5.0. How interesting:
In a VMware environment provisioning happens machines from a template, ie a customized Windows with C and D units, right? You install a Windows update patches, install BKP client and other tools according to your environment. Nice!And how the bidding of templates? When you request to be provisioned a machine from a template vCenter makes a clone of that template, that looks cool. Folks, this is perfect if you are not using this as vmware couple of other, that is, if you are not using as Microsoft Cluster or a DAG (MS-Exchange).
The cluster creation process in one of the steps is necessary make a validation. In this validation step these machines created from the clone with D discs received a warning! Ai houses the personal danger ... It's just a warning. The validation is successful.
what can hapen? It may happen that this disk D please reserved. Now imagine that this machine, as in my example, is running an Exchange that was made in the installation disk D. Oh, my friends, when the phone your table play and the GI or the Help Desk say that dozens of boxes mail are out, or rather, the business executive is no mail. At this time you pick up all your mess and go to the nearest cinema, or you start to cry.
How can we validate it? Staff, the goal of this post is not to bring the fastest and practical troubleshooting to get the reserved disk. The idea here is to show that it exists and should not happen.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C: \ Users \ Admin> diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
--- ----- --- --- - -
Disk 0 Online 100 GB 1024 KB
Disk 1 Online 80 GB 1024 KB
Disk 2 Online 600 GB 0 B
Disk 3 Online 600 GB 0 B
Disk 4 Online 600 GB 0 B
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> detail disk
VMware Virtual Disk SCSI Disk Device
Disk ID: E87C0E42
Type: SAS
Status: Online
Path: 0
Target: 1
Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)
Current read-only state: No
Read-only: No
Boot Disk: No
Pagefile Disk On
Hibernation File Disk On
Crashdump Disk On
Clustered Disk On
Volume ### Ltr Label Fs Type Size Status Info
---- - ---- - ---- --- --- ---
Volume 3 D New Volume NTFS Partition 79 GB Healthy
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C: \ Users \ Admin> diskpart
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
--- ----- --- --- - -
Disk 0 Online 100 GB 1024 KB
Disk 1 Online 80 GB 1024 KB
Disk 2 Online 600 GB 0 B
Disk 3 Online 600 GB 0 B
Disk 4 Online 600 GB 0 B
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> detail disk
VMware Virtual Disk SCSI Disk Device
Disk ID: E87C0E42
Type: SAS
Status: Online
Path: 0
Target: 1
Location Path: PCIROOT (0) #PCI (1500) #PCI (0000) #SAS (P00T01L00)
Current read-only state: No
Read-only: No
Boot Disk: No
Pagefile Disk On
Hibernation File Disk On
Crashdump Disk On
Clustered Disk On
Volume ### Ltr Label Fs Type Size Status Info
---- - ---- - ---- --- --- ---
Volume 3 D NTFS Partition 79 GB Healthy
The Disk ID same in both machines. What's wrong with having the same ID's? The cluster resource not to promote competition in access to this disk puts in reserve.
Best practices in this case is to remove the D drive, what's in your template, and adds it again, the ID will be different for each machine.
and now?I get it best practice to not happen to get in a disk reserved. Okay, tell me there? How do I remove the disc reserves in a situation like this? Well, you can remove the so reserved but can not request a cluster validation on that machine. Remove the reservation and migrate resources, in my example, uninstall disk MS-Exchange D. Remove the disc D. After that add the D disk and install MS-Exchange again. Then do the validation.
Let's put the resolution to remove the reserved mode. Recalling that the idea of ​​this post is to guide so that does not happen.
Open Powershell and type the following command line:
Clear-ClusterDiskReservation -Disk 1 -node node1 -Force
I hope that by sharing this experience I can add something.

Number of active users in AD

Hi All,
Buenos dias. Today we post a powershell line to Activie Directory that can bring a great excuse for a coffee.
This line will bring the number of enabled users in your domain, enjoyed the idea?
Well, I have several cafes, or several conversations about the response of this command.
(Get-ADUser -filter * | where {$ _. Enabled -eq "True"}). Count

Diskpart / s

Hello friends from the world of scripts, powershell, .vbs, .bat, and all those who invest hours working out a good old scripiteco.
This week we prepared something nice with Diskpart. For those who follow the Blog must have read something about disk reserved, right? To stay free of an incident like that, or something like that, we insert the disk D after the VM has been initialized. In this scenario we remove the template D disc and insert again after rising SO ensuring that each VM will have your disc with its unique ID and unique serial.
What needs raised? When we went up a virtual machine only with Disk C and the DVD player (Volume 0) DVD-ROM drive has signed with the letter D. This staff there began to stay cool.
Let's customize this process by removing the D volume and signing with the letter Z. And from that process we will create a partition on the disk.
The automated process requires the following command:
C: \ diskpart.exe / s C: \ temp \ scripts \ dispart.txt - This parameter will call the .txt file, drew guys? We will create a .txt file with the name diskpart.txt insertion commands listed below and saves them in the C: \ Temp \ scripts, cool? The next step is to open the CMD and insert the above command line, repeating the sequence,C: \ diskpart.exe / s C: \ temp \ scripts \ dispart.txt
Once this is done the disk is ready for use.
select volume 0
remove letter = D
assign letter Z =
select disk 1
Attributes disk clear readonly
online disk
convert MBR
create partition primary
assign letter = d
format fs = ntfs quick label = "DATA"
I hope to have cooperated.

List Domain Group Members

My dear colleagues, below script to list the members of all Active Directory domain security groups:
$ Groupinfo = "| Select 'Group Name', 'Group Description', 'Member Name', 'Member Description'
AllGroups = $ @ ()
$ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} -SearchBase "dc = DOMAIN, DC = LOCAL" -Properties Name, Member | select Name, Member
foreach ($ Group in $ MyGroups) {
$ GroupInfo.'Group Name '= $ Group.Name
$ GroupInfo.'Group Description '= $ Group.Description
foreach ($ Member in $ Group.Member) {
$ User = Get-Member ADUser $ -Properties Name | select Name
$ GroupInfo.'Member Name '= $ User.Name
$ Groupinfo | select 'Group Name', 'Member Name'
$ AllGroups + = $ groupinfo | Select 'Group Name', 'Member Name'
$ AllGroups | Export-CSV allginfo.csv -NoTypeInformation
We can use the same script to filter out members of a single chain.For it changed the filter parameter $ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} that selects all domain security groups for $ MyGroups = Get -ADGroup -filter {Name -eq "groupname"}.
I hope you find it useful!

Set-ExecutionPolicy: Can not set execution policy

Hello their maledetos nerds !!! ehehehehe
When trying to run a certain PS script remotely on an Exchange server, I came across the following error message:
. \ UpdateIndexAllMailboxDatabases.ps1: File C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 can not be loaded. The file C: \ Temp \ SCRIPTS \ EXCHANGE \UpdateIndexAllMailboxDatabases.ps1 is not digitally signed. The script will not execute on the system. Please see "get-help about_signing" for more details ..
At line: 1 char: 37
... After a Get-ExecutionPolicy had the RemoteSigned return .There think twice !!! Set-ExecutionPolicy Unrestricted and was returned the following message:
Execution Policy Change
The execution policy helps protect you from scripts That You do not trust. Changing the execution policy might expose you to the security risks described in the help topic at about_Execution_Policies . Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend Help (default is "Y") [?] Y
Set-ExecutionPolicy: Windows PowerShell execution policy successfully updated your, but the setting is overridden by
the policy defined at a more specific scope. Due to the override, your shell will retain its current effective
execution of policy RemoteSigned. Type "Get-ExecutionPolicy -List" to view your execution policy settings.For more
information please see "Get-Help Set-ExecutionPolicy".
At line: 1 char: 1
+ Set-ExecutionPolicy Unrestricted
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: PermissionDenied: (:) [Set-ExecutionPolicy] SecurityException
+ FullyQualifiedErrorId: ExecutionPolicyOverride, Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
As recommended in the message, I ran the cmdlet to list the policy of execution policy by scope
Get-ExecutionPolicy -List
Scope ExecutionPolicy
- -----
MachinePolicy RemoteSigned
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
... Immediately I performed the following Set-ExecutionPolicy -Scope MachinePolicy -executionpolicy Bypass command for the policy to be released ... ops:
Set-ExecutionPolicy: Can not set execution policy. Execution policies at the MachinePolicy or UserPolicy scopes must beset through Group Policy.
To correct this error, we are forced to make this modification directly in season record:
HKLM: \ Software \ Policies \ Microsoft \ Windows \ PowerShell and change the value ExecutionPolicy   toBypass.
By rerunning the command to list the scope for policy, we realize that now really the setting was uncommitted !!
Get-ExecutionPolicy -List
Scope ExecutionPolicy
- -----
MachinePolicy Bypass
UserPolicy Undefined
Process Undefined
CurrentUser Undefined
LocalMachine RemoteSigned
Then I could run my script and they all lived happily ever after!

Verifying GPO Replication

How will my dear readers !!
I am in a constant search for a script that brings me the replication time of Sysvol ... remembering that the environment in question is "Windows Server 2003" as functional mode domain; that is, we only have the ability to replicate the Sysvol with FRS ... who can help ... .eheheheheh
... During this journey, I came across a very cool function called Get-ADGPOReplication filtering results of the cmdlet Get-GPO so we can compare the versions of each GPO Sysvol on all domain DCs !! So we can verify that replication as well as the policy objects are consistent throughout the domain ... I know at this time hit that will thrill cry !!
Below function code:
function Get-ADGPOReplication
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
This function retrieve one or all the GPO and Their report DSVersions and SysVolVersions (Users and Computers)
Specify the name of the GPO
Specify That You want to retrieve all the GPO (slow if you have a lot of Domain Controllers)
Get-ADGPOReplication -GPOName "Default Domain Policy"
Get-ADGPOReplication -All
Francois-Xavier Cat
1.0 22/09/2014 Initial version
Adding some more Error Handling
Fix some typo
#requires -version 3
[CmdletBinding ()]
[Parameter (Mandatory = $ True, ParameterSetName = "One")]
[String []] $ GPOName,
[Parameter (Mandatory = $ True, ParameterSetName = "All")]
[Switch] $ All
if (-not (Get-Module ActiveDirectory -Name)) {Import-Module ActiveDirectory -Name -ErrorAction Stop -ErrorVariable ErrorBeginIpmoAD}
if (-not (Get-Module -Name GroupPolicy)) {Import-Module -Name GroupPolicy -ErrorAction Stop -ErrorVariable ErrorBeginIpmoGP}
Write-Warning -Message "[BEGIN] Something wrong happened"
IF ($ ErrorBeginIpmoAD) {Write-Warning -Message "[BEGIN] Error while Importing the module Active Directory"}
IF ($ ErrorBeginIpmoGP) {Write-Warning -Message "[BEGIN] Error while Importing the module Group Policy"}
Write-Warning -Message "[BEGIN] $ ($ Error [0] .exception.message)"
FOREACH ($ DomainController in ((Get-ADDomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetDC -filter *). Hostname))
IF ($ psBoundParameters ['GPOName'])
Foreach ($ GPOItem in $ GPOName)
$ GPO = Get-GPO -Name $ GPOItem -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPO
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPOItem
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #Foreach ($ GPOItem in $ GPOName)
} #IF ($ PsBoundParameters ['GPOName'])
IF ($ psBoundParameters ['All'])
$ GPOList = Get-GPO -All -Server $ DomainController -ErrorAction Stop -ErrorVariable ErrorProcessGetGPOAll
foreach ($ GPO in $ GPOList)
[PSCustomObject] [ordered] {@
GroupPolicyName = $ GPO.DisplayName
DomainController = $ DomainController
UserVersion = $ GPO.User.DSVersion
UserSysVolVersion = $ GPO.User.SysvolVersion
ComputerVersion = $ GPO.Computer.DSVersion
ComputerSysVolVersion = $ GPO.Computer.SysvolVersion
} #PSObject
} #IF ($ PsBoundParameters ['All'])
} #TRY
Write-Warning -Message "[PROCESS] Something wrong happened"
IF ($ ErrorProcessGetDC) {Write-Warning -Message "[PROCESS] Error while running retrieving Domain Controllers with Get-ADDomainController"}
IF ($ ErrorProcessGetGPO) {Write-Warning -Message "[PROCESS] Error while running Get-GPO"}
IF ($ ErrorProcessGetGPOAll) {Write-Warning -Message "[PROCESS] Error while running Get-GPO -All"}
Write-Warning -Message "[PROCESS] $ ($ Error [0] .exception.message)"
  1. Create a .ps1 file containing the code above, or download it here
  2. Run the script in PS ISE as administrator
  3. Run the function !!
We have some syntax options, such as:
To bring the result of a single GPO:
Get-ADGPOReplication -GPOName "Default Domain Policy"
To bring the result of some policies:
Get-ADGPOReplication -GPOName "Default Domain Policy", "Default Domain Controllers Policy"
To bring its results for the All Policies:
Get-ADGPOReplication -All
We can also improve the filters with the following command:
Get-ADGPOReplication -all | Out-GridView -Title "GPO Verify $ (Get-Date)"
... Now we just need to be able to filter the time required for a change in Sysvol, is uncommitted in all domain DC's.

Saved Queries

Active Directory Queries!!!!!!

Find Groups that contains the word admin

Find users who have admin in description field
Find all Universal Groups 
Empty Groups with No Members 
Finds all groups defined as a Global Group, a Domain Local Group, or a Universal Group
Find all User with the name Bob
Find user accounts with passwords set to never expire
Find all users that never log in to domain
Find user accounts with no log on script
Find user accounts with no profile path
Finds non disabled accounts that must change their password at next logon
Finds all disabled accounts in active directory
Finds all locked out accounts
Finds Domain Local Groups
Finds all Users with Email Address set
Finds all Users with no Email Address
Find all Users, Groups or Contacts where Company or Description is Contractors
Find all Users with Mobile numbers 712 or 155
Find all Users with Dial-In permissions
Find All printers with Color printing capability
Note: server name must be changed
Find Users Mailboxes Overriding Exchange Size Limit Policies
Find all Users that need to change password on next login.
Find all Users that are almost Locked-Out
Notice the “>=” that means “Greater than or equal to”.
Find all Computers that do not have a Description
Find all users with Hidden Mailboxes
Find all Windows 2000 SP4 computers
(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))
Find all Windows XP SP2 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 2))))))))
Find all Windows XP SP3 computers
(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))
Find all Vista SP1 computers
(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))
Find All Workstations
Find all 2003 Servers Non-DCs
(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))
Find all 2003 Servers – DCs
(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))
Find all Server 2008
(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))


Wednesday, February 1, 2012

Hyper-V error "User HAD not accepted the EULA"

These days I came across an error in Hyper-V installed on a server Windows Server 2008.A error "User not HAD accepted the EULA" appears on the console's initial Hyper-V and it was not possible to create virtual machines, errors MMC, compatibility of processors, etc ....


Apply KB

Microsoft Certification-Tips and tricks in the hour of exam!

It is almost the rule in all courses I teach, the questions regarding the tips to have a good use in the race. ... So I decided to post some tips for a better use of the test without studying certificação.Claro that the tips will not be worth the nothing! And my tips are not rules, over time, each in its own way develops a strategy to perform the tests.

Previously, I posted other tips related to the certification process ...

Microsoft Certification - Where to start?
Microsoft Certification - Dumps
Microsoft Certification - How to study for the exam!

... And soon, I will surely post more! Rss

Now, let's get to! Below are some tips for the hour of trial:

  • Choose from the center of evidence:
    • The choice of the center is proof enough importante.Prefira testing centers with few machines, so we can limit the amount of people in one room, reducing the chance of those candidates who are talking boring, and "thinking out loud." In the case of centers of tests with many machines (5 or more), look for unpopular times such as weekends in the morning, etc.. (Usually the center of evidence can you tell how many candidates are going to prove in your schedule.).
    • Choose the testing centers whose place of application of evidence, is reserved and with little fuss or not to take away your concentration.
  • Arrive before the scheduled test:
    • Arrive at the center of events, well in advance to start the race with ease, without running, so you arrive, having a coffee, go to the bathroom, finally gets ready physically and mentally, for the hour of trial.
  • Research before the race:
    • Before the examination starts, go through an assessment of knowledge and experience on the platform and conteúdo.Desde or product involved in the time of the NT that has a legend that if you score the lowest in this study, evidence has been less aggressive in content rss ... .... I do not know if this is real, but as my modesty prevents me from pointing out the highest levels of expertise and experience, always follow this tip! rs
  • During the test:
    • VERY IMPORTANT for the duration of the test: BE QUIET! I've seen many candidates who studied hard and the hours of proof of purely psychological disarray did not have a good use, so avoid the "white".
    • Do not waste time with questions that are not sure of the answers, mark it for review and answer the next!
    • Pay attention to the question, there are clues to the person (s) response (s) right (s):
      • Attention at the beginning of the issues where we have information regarding the versions of operating systems and network topology and domains.
      • Note also in requesting the questão.Muitas times are given information not relevant to the question, just to confuse the candidato.Cuidado expressions as smaller enforce administrative solution faster, more secure solution, finally, calls attention to what really question.
      • If the idea does not answer a question, go ahead and mark it for revisão.Na review, analyze better the question in order to undo some of the answers, so maybe it is easier to account for elimination!

These are simple tips that can help in times of trial, especially those just starting out in certificação.No is more than just studying you'll be fine!

I hope it's useful!

Last Send Message

Follow link for the script that lists the date of the last message sent by the recipients! Very useful especially to find inactive objects.

Just run in PS, select your Hub-Transport's range and date.

Virtual Machine Manager error 19999

I had one problem that presented for the SCVMM error opening the console gerenciamento.Como is not enough, the service "Virtual Machine Manager" entered the state of restart (because of the recovery actions in the service properties).

In Event Viewer, I found the following errors:

ID 2604

Database operation failed.
Ensures that the SQL Server is running and configured Correctly, and try the operation again.

ID 19999

Virtual Machine Manager (vmmservice: 8300) has encountered an error and needed to exit the process. Windows generated an error report with the Following Parameters:
Event: VMM20
P1 (appName): vmmservice
P2 (appVersion): 2.0.4271.0
P3 (assemblyName): Utils
P4 (assemblyVer): 2.0.4276.0
P5 (methodName): MVDSqlRetryCommand.ExecuteNonQuery
P6 (ExceptionType): MVDB.NonFatalDbException
P7 (callstackHash): 3e7

The problem in my case it was caused by authentication problems was that the database on a SQL Server SCVMM separado.Os services were running with the LOCAL SYSTEM account ... is necessary in this case, creating a service account, apply rights to that account and specify the database to perform the same services.

Remote Connectivity Analyzer

This URL is in the Toolbox Exchange Server 2010. ...

A good site to have to Favorites:

We are offering Z1br recovery service bases...

We (Z1br) offering recovery service corrupted Exchange databases. ... When the ESEUTIL and isinteg does not work, it's always good to have a letter (Z1br) up his sleeve! Contact

ExchangeStoreDB ID 123


Follow the link to problem solving in catalog corrupted members of DAG in Exchange Server 2010. The error occurs at the time of activation of the database in another member of the DAG.

I hope it's useful!

Exchange Network Port Reference

Follow the link for all ports used by Exchange 2007 and 2010:

Default permissions of the Sysvol folder

They follow a standard NTFS permissions of the SYSVOL folder:

% SystemRoot% \ Windows \ Sysvol

  • Clear the Allow inheritable permissions from parent to propagate to this object check box
  • Administrators: Full Control
  • Authenticated Users: Read, Read & Execute, List Folder Contents and
  • Creator Owner: Nothing selected
  • Server Operators: Read, Read & Execute, List Folder Contents and
  • System: Full Control

% SystemRoot% \ Windows \ Sysvol \ Sysvol

  • Clear the Allow inheritable permissions from parent to propagate to this object check box

% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain

  • Clear the Allow inheritable permissions from parent to propagate to this object check box

% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

  • Clear the Allow inheritable permissions from parent to propagate to this object check box
  • Administrators: Full Control
  • Authenticated Users: Read, Read & Execute, List Folder Contents and
  • Creator Owner: Nothing selected
  • Group Policy Creator Owners: Read, Read & Execute, List Folder Contents, Modify, and Write
  • Server Operators: Read, Read & Execute, List Folder Contents and
  • System: Full Control

For each file or folder that is located in the% SystemRoot% \ Winnt \ Sysvol \ Sysvol \ domain \ Policies

  • Check the Allow inheritable permissions from parent to propagate to this object check box

Sysvol share permissions:

  • Administrators: Full Control
  • Authenticated Users: Full Control
  • Everyone: Read


MSExchange ADAccess 2114

In a recent project, I experienced a problem (at least by the messages on the Installation Wizard on eSales and Viewer - see image below).. This problem occurred (at least in my case) the installation of the Hub-Transport. Below is the message displayed EventViewer ...

MSEXCHANGEADTOPOLOGYSERVICE.EXE Process (PID = 1256). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in That article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

... Such an error occurs in Exchange Server 2007.2010. The resolution is put to the same Exchange server account in the Domain Admin group. After inclusion of the server group, restart the server and reinstall Exchange (if the problem has been presented in time of installation.).

Also spent a similar problem with Exchange Server 2003 ... in this case, the situation was regarding the deletion of an account of the Exchange server object AD.A restoration was carried out via ADRESTORE and even after inclusion of the restored object in the security groups required for Exchange Server Exchange services failed to initialize ....

Appears in the Event Viewer event ID 2114 MSExchange DSAccess.

In this case, I performed the following procedures:

  1. After the deletion of the object, restore the same with ADRESTORE;
  2. Add in the server security groups required (in some cases, these steps alone are enough to return to normal services);
  3. Remove the network cable from the Exchange server;
  4. Place the Exchange server in Workgroup and restart the server, without attaching the network cable;
  5. In AD, reset the account of the Exchange server;
  6. Plug the cable into the Exchange server and put it back in the field;
  7. Restart the server;

After these procedures, the services back to work!

Another very common procedure for troubleshooting permissions on an Exchange organization, and runs the setup / domainprep command again in DC.

Hope that helps!