The Problem
For whatever reason, Exchange (and DNS) is hyper sensitive to a DNS domain that provides a bogus response (say one Name Server is healthy, the other is not). It appears to be an issue where we need to wait until the DNS TTL expires or, we perform the 'solution' below. This is a temporary measure as we work with the end user domain, to find out what is going on with their DNS (in both cases, after flushing DNS locally and my AD DNS server, I would get a different DNS NS result, and sometimes an MX record, sometimes not … strange, but their problem). However, Exchange 2007 seems to be especially sensitive to this…
For example, with the domain below, here is the error I've been experiencing (in the Exchange 2007 Queue…) – 451 4.4.0 DNS query failed
The Solution
Or should I say, the workaround. The solution is contact the destination DNS/domain provider and have them fix their problems (though perhaps a future fix from Microsoft/Exchange will resolve this, or maybe they have and I'm somehow unable to stumble across the answer). However, the workaround is…
■Flush your Active Directory DNS Cache (to do this, you'll need to have 'advanced' turned on, the View option in DNS)
On your Exchange 2007 Server(s), flush your local DNS Cache
IPCONFIG /FLUSHDNS
For me, repeatedly, when I click 'retry' in the Exchange 2007 Message queue, the message leaves immediately. Sure enough, a few hours later I have a crap record but it does at allow the messages to flow. Now to get the target domain/DNS provider to cooperate and recognize they have a problem, of some sort…
Controlla anche connettore d'invio in trasporto Hub, nella scheda rete, che sia flagggata la casella Utilizza le impostazioni di ricerca dns esterno nel server di trasporto
giovedì 22 settembre 2011
venerdì 26 agosto 2011
Sysprep in windows 2008
Con il tool fornito da Microsoft sysprep, che in Windows 2008 è disponibile nella directory C:\Windows\system32\sysprep, si effettua la procedura per il cambio del SID.
Per evitare possibili imprevisti dovuti ad un’errata procedura, gli step raccomandati da seguire sono due:
1. Aprire il Command Prompt con diritti di Administrator
2. Eseguire il comando:
c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown
Per evitare possibili imprevisti dovuti ad un’errata procedura, gli step raccomandati da seguire sono due:
1. Aprire il Command Prompt con diritti di Administrator
2. Eseguire il comando:
c:\windows\system32\sysprep\sysprep.exe /quiet /generalize /oobe /shutdown
giovedì 25 agosto 2011
Rimuovere download Microsoft Update da Win2008
1. Open Start >> Run or press window key + r
2. Type “services.msc” (without quotes) and Click OK , this will open services window.
3. Right click on Automatic Updates Service and select Stop.
4. After the service is stopped, press window key + r
5. Type “%windir%\SoftwareDistribution” (without quotes) and press enter.
6. Open the Download folder and delete all contents of the Download folder.
7. Close the window, press Window Key + r ( or Open Start >> Run )
8. Type “services.msc” (without quotes) and Click OK
9. Right click on Automatic Updates Service and select Start.
10. That’s it Done
2. Type “services.msc” (without quotes) and Click OK , this will open services window.
3. Right click on Automatic Updates Service and select Stop.
4. After the service is stopped, press window key + r
5. Type “%windir%\SoftwareDistribution” (without quotes) and press enter.
6. Open the Download folder and delete all contents of the Download folder.
7. Close the window, press Window Key + r ( or Open Start >> Run )
8. Type “services.msc” (without quotes) and Click OK
9. Right click on Automatic Updates Service and select Start.
10. That’s it Done
domenica 21 agosto 2011
OracleVm re-Register host
Hi Honza,
just tried it:
Before:
# /opt/ovs-agent-latest/utils/repos.py -l
[ * ] b2638dcd-fa49-4646-a7da-83e91e7e26c4 => /dev/hdb1
# du /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool
2316896 /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool/30_OEL1
Then:
# /opt/ovs-agent-latest/utils/cleanup.py
This is a cleanup script for ovs-agent.
It will try to do the following:
*) stop o2cb heartbeat
*) offline o2cb
*) remove o2cb configuration file
*) umount ovs-agent storage repositories
*) cleanup ovs-agent local database
Would you like to continue? [y/N] y
Cleanup done.
No Repos anymore:
# /opt/ovs-agent-latest/utils/repos.py -l
Create New:
/opt/ovs-agent-latest/utils/repos.py -n /dev/hdb1
[ NEW ] b2638dcd-fa49-4646-a7da-83e91e7e26c4 => /dev/hdb1
/opt/ovs-agent-latest/utils/repos.py -r b2638dcd-fa49-4646-a7da-83e91e7e26c4
Not mounted yet:
# df -k
/dev/hda2 4466156 930456 3305168 22% /
/dev/hda1 101086 45803 50064 48% /boot
tmpfs 296536 0 296536 0% /dev/shm
Initializing:
/opt/ovs-agent-latest/utils/repos.py -i
Mounted!:
# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda2 4466156 930468 3305156 22% /
/dev/hda1 101086 45803 50064 48% /boot
tmpfs 296536 0 296536 0% /dev/shm
/dev/hdb1 33551720 6040232 27511488 19% /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4
And data still there:
# du /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool
2316896 /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool/30_OEL1
However as noted above: The /OVS link to the /var/ovs/mount point will be created when you register the server with OVM Manager.
All additional data will be left on the device.
just tried it:
Before:
# /opt/ovs-agent-latest/utils/repos.py -l
[ * ] b2638dcd-fa49-4646-a7da-83e91e7e26c4 => /dev/hdb1
# du /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool
2316896 /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool/30_OEL1
Then:
# /opt/ovs-agent-latest/utils/cleanup.py
This is a cleanup script for ovs-agent.
It will try to do the following:
*) stop o2cb heartbeat
*) offline o2cb
*) remove o2cb configuration file
*) umount ovs-agent storage repositories
*) cleanup ovs-agent local database
Would you like to continue? [y/N] y
Cleanup done.
No Repos anymore:
# /opt/ovs-agent-latest/utils/repos.py -l
Create New:
/opt/ovs-agent-latest/utils/repos.py -n /dev/hdb1
[ NEW ] b2638dcd-fa49-4646-a7da-83e91e7e26c4 => /dev/hdb1
/opt/ovs-agent-latest/utils/repos.py -r b2638dcd-fa49-4646-a7da-83e91e7e26c4
Not mounted yet:
# df -k
/dev/hda2 4466156 930456 3305168 22% /
/dev/hda1 101086 45803 50064 48% /boot
tmpfs 296536 0 296536 0% /dev/shm
Initializing:
/opt/ovs-agent-latest/utils/repos.py -i
Mounted!:
# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda2 4466156 930468 3305156 22% /
/dev/hda1 101086 45803 50064 48% /boot
tmpfs 296536 0 296536 0% /dev/shm
/dev/hdb1 33551720 6040232 27511488 19% /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4
And data still there:
# du /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool
2316896 /var/ovs/mount/B2638DCDFA494646A7DA83E91E7E26C4/running_pool/30_OEL1
However as noted above: The /OVS link to the /var/ovs/mount point will be created when you register the server with OVM Manager.
All additional data will be left on the device.
venerdì 19 agosto 2011
Server database Aruba down 20 agosto 2011
I server dei database di Aruba dalle 23 del 19 agosto 2011, sono andati down, o almeno non sono raggiungibili, il problema riguarda solo i server con database, tanto è vero che i siti rispondono, ma viene visualizzato un errore di connessione.
Rimaniamo in attesa di una comunicazione ufficiale da parte di Aruba.
giovedì 11 agosto 2011
HA initiated a failover action in cluster Vmware
Ho trovato questo messaggio “HA initiated a failover action in cluster your-cluster-name in datacenter your-datacenter-name” sul mio vCenter. Niente è cambiato, le vm non sono state riavviate l'HA continua a funzionare tranquillamente, per risolvere ho usato il seguente metodo:
1. Turn OFF VMware HA on Cluster Feature setting.
2. Enable VMware HA setting again.
1. Turn OFF VMware HA on Cluster Feature setting.
2. Enable VMware HA setting again.
martedì 28 giugno 2011
Active directory Backup and Restore
Active Directory Recovery
One of the most important step in a recovery strategy for domain controllers is to perform the proper backups while everything is working correctly. In addition to regular full backups, you should perform regular system state backups. Restoring from a system state backup, is faster than restoring from a full server backup.
Be aware of the Windows editions when performing a system state backup:
With Windows Server 2008 R2 you can use Windows Backup (GUI) to take a systemstatebackup.
With Windows Server 2008 you must use wbadmin start systemstatebackup (CMD) to take a system state backup. The backup can only be saved to a local drive (not the same drive as the system state data), not to a shared folder or a disc.
There is 3 type of restoring Active Directory / AD Objects
1. Nonauthoritative:
A nonauthoritative restore returns the domain controller and the Active Directory database to its state at the time of backup. When the domain controller returns online, Active Directory replicates the database with other DC’s on the domain. Any changes that took place since the backup are replicated to the restored domain controller.
Most common use of a nonauthoritative restore is to bring an entire DC back from a failure.
2. Authoritative:
An authoritative recovery used to restore a designated object or container of objects to its state at the time of the backup. Fx., if an administrator accidentally deletes an OU that contains a large number of users. If you restore the server from backup, the default nonauthoritative process doesn’t restore the deleted OU because the domain controller is updated to the current status of its replication partners, which means that the OU is deleted.
When you perform an authoritative restore, you prevent specific objects from the backup from being overwritten by Active Directory replication. With the authoritative restore, the Update Sequence Number (USN) is incremented so that it is higher than the existing USN of the (deleted) object in the Active Directory replication system.
Use an authoritative restore to restore specific objects in Active Directory.
3. Active Directory Recycle Bin
You can use Active Directory Recycle Bin if your AD DS run with Windows Server 2008 R2 FFL/DFL . AD Recycle Bin helps to minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
Click Here if you want to Enable AD Recycle Bin.
The following methods show how to perform a domain controller restore. If possible, use the first method in the table.
Dcpromo:
If the server boots but Active Directory is corrupt, you can use dcpromo.
Run dcpromo to remove Active Directory from the domain controller (The server will become a member server)
Run dcpromo again to install Active Directory. The AD data will be copied from another DC on the network.
Run dcpromo /forceremoval if you are unable to remove Active Directory.
The disadvantage of using dcpromo is that the entire Active Directory database must be replicated across the network from another domain controller. However, you can use the Install from Media option to copy the database from media to reduce network traffic.
Restore system state:
If the server boots but Active Directory is corrupt, you can restore the system state data from a recent backup. After the backup is restored, Active Directory replication copies only the changed data to the restored domain controller. To use this method to restore a domain controller:
Reboot the server in Directory Services Restore Mode (DSRM). Use one of the following methods:
Reboot the server. Following the BIOS screen, press F8. Select Directory Services Restore Mode (DSRM) .
At a command prompt, type:
bcdedit /set safeboot disrepair
shutdown -t 0 -r
From Command Prompt (Run as Administrator) Run wbadmin start systemstaterecovery to restore the system state data.
Restart the server in normal mode. If you used bcdedit to start the server in DSRM, type the following at a command prompt:
bcdedit /deletevalue safeboot
shutdown -t 0 -r
Critical volume or full server restore:
If you are unable to reboot the server, you will need to perform a critical volume or full server restore. This restore rebuilds the entire server, along with the Active Directory database. Use the wbadmin start recovery command to start the restore. A full server restore not only restores Active Directory, but data on all other volumes as well.
To enter DSRM, you must supply the recovery mode password. You set this password during the domain controller installation. If you need to set or change the password, use the following steps:
Open an elevated command prompt by clicking Start, then right-clicking Command Prompt and selecting Run as administrator.
Type ntdsutil.
Type set dsrm password.
Type reset password on server.
Enter the password.
Confirm the password.
Type quit, then quit again.
fonte: http://thelaith.net/2010/09/29/active-directory-backup-and-restore/
One of the most important step in a recovery strategy for domain controllers is to perform the proper backups while everything is working correctly. In addition to regular full backups, you should perform regular system state backups. Restoring from a system state backup, is faster than restoring from a full server backup.
Be aware of the Windows editions when performing a system state backup:
With Windows Server 2008 R2 you can use Windows Backup (GUI) to take a systemstatebackup.
With Windows Server 2008 you must use wbadmin start systemstatebackup (CMD) to take a system state backup. The backup can only be saved to a local drive (not the same drive as the system state data), not to a shared folder or a disc.
There is 3 type of restoring Active Directory / AD Objects
1. Nonauthoritative:
A nonauthoritative restore returns the domain controller and the Active Directory database to its state at the time of backup. When the domain controller returns online, Active Directory replicates the database with other DC’s on the domain. Any changes that took place since the backup are replicated to the restored domain controller.
Most common use of a nonauthoritative restore is to bring an entire DC back from a failure.
2. Authoritative:
An authoritative recovery used to restore a designated object or container of objects to its state at the time of the backup. Fx., if an administrator accidentally deletes an OU that contains a large number of users. If you restore the server from backup, the default nonauthoritative process doesn’t restore the deleted OU because the domain controller is updated to the current status of its replication partners, which means that the OU is deleted.
When you perform an authoritative restore, you prevent specific objects from the backup from being overwritten by Active Directory replication. With the authoritative restore, the Update Sequence Number (USN) is incremented so that it is higher than the existing USN of the (deleted) object in the Active Directory replication system.
Use an authoritative restore to restore specific objects in Active Directory.
3. Active Directory Recycle Bin
You can use Active Directory Recycle Bin if your AD DS run with Windows Server 2008 R2 FFL/DFL . AD Recycle Bin helps to minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
Click Here if you want to Enable AD Recycle Bin.
The following methods show how to perform a domain controller restore. If possible, use the first method in the table.
Dcpromo:
If the server boots but Active Directory is corrupt, you can use dcpromo.
Run dcpromo to remove Active Directory from the domain controller (The server will become a member server)
Run dcpromo again to install Active Directory. The AD data will be copied from another DC on the network.
Run dcpromo /forceremoval if you are unable to remove Active Directory.
The disadvantage of using dcpromo is that the entire Active Directory database must be replicated across the network from another domain controller. However, you can use the Install from Media option to copy the database from media to reduce network traffic.
Restore system state:
If the server boots but Active Directory is corrupt, you can restore the system state data from a recent backup. After the backup is restored, Active Directory replication copies only the changed data to the restored domain controller. To use this method to restore a domain controller:
Reboot the server in Directory Services Restore Mode (DSRM). Use one of the following methods:
Reboot the server. Following the BIOS screen, press F8. Select Directory Services Restore Mode (DSRM) .
At a command prompt, type:
bcdedit /set safeboot disrepair
shutdown -t 0 -r
From Command Prompt (Run as Administrator) Run wbadmin start systemstaterecovery to restore the system state data.
Restart the server in normal mode. If you used bcdedit to start the server in DSRM, type the following at a command prompt:
bcdedit /deletevalue safeboot
shutdown -t 0 -r
Critical volume or full server restore:
If you are unable to reboot the server, you will need to perform a critical volume or full server restore. This restore rebuilds the entire server, along with the Active Directory database. Use the wbadmin start recovery command to start the restore. A full server restore not only restores Active Directory, but data on all other volumes as well.
To enter DSRM, you must supply the recovery mode password. You set this password during the domain controller installation. If you need to set or change the password, use the following steps:
Open an elevated command prompt by clicking Start, then right-clicking Command Prompt and selecting Run as administrator.
Type ntdsutil.
Type set dsrm password.
Type reset password on server
Enter the password.
Confirm the password.
Type quit, then quit again.
fonte: http://thelaith.net/2010/09/29/active-directory-backup-and-restore/
Iscriviti a:
Post (Atom)