Antivirus on Windows Server Core

Posted on January 29, 2012 by

As some people say AV on Server Core is a strategic choice. But what are the products that support Server Core?

Here is an exhaustive list of the enterprise anti-virus/endpoit protection products

Supported:

Not specified / Not confirmed:

Not supported:

Posted in Microsoft | Tagged , , , , , | Leave a comment

Romoving LCS 2003 Attributes

Posted on October 26, 2011 by

Migrating from LCS to Lync is not possible without before going through all intermediate versions.
So one way is to start over. For that first we need to remove LCS attributes:

Here it is a simple script with Quest’s ActiveRoles Management Shell for Active Directory

$list = Get-QADUser -ObjectAttributes @{“msRTCSIP-PrimaryHomeServer”=’CN=RTC Services,CN=Microsoft,CN=LCS-Servers,CN=Computers,DC=example,DC=com’} -SearchRoot ‘example.com/Users’
foreach ($item in $list)
{
Set-QADUser $item -ObjectAttribute @{“msRTCSIP-PrimaryHomeServer”=$null}
Set-QADUser $item -ObjectAttribute @{“msRTCSIP-PrimaryUserAddress”=$null}
Set-QADUser $item -ObjectAttribute @{“msRTCSIP-UserEnabled”=$null}
Set-QADUser $item -ObjectAttribute @{“msRTCSIP-IsMaster”=$null}
}

Posted in Uncategorized | Leave a comment

CSV stuck in Redirected Access/Backup in progress after a faulty backup job

Posted on September 27, 2011 by

 

If you follow the step detailed in http://blogs.technet.com/b/askcore/archive/2010/12/16/troubleshooting-redirected-access-on-a-cluster-shared-volume-csv.aspx, about deleting shadows and get:

vssadmin

> delete shadows /all

Error: Shapshots were found, but they were outside of your allowed context.

Try with:

diskshadow

DISKSHADOW> delete shadows all

Number of shadow copies deleted: 1

 

 

Posted in Hyper-V | Tagged , , | 2 Comments

How to remove internal routing information from headers in Exchange 2010

Posted on August 30, 2011 by

Just deny permission Ms-Exch-Send-Headers-Routing for Anonymous Logon

get-SendConnector <connector-name> | Add-AdPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights Ms-Exch-Send-Headers-Routing -Deny

Other permissions:

Send connector permission Description

ms-Exch-Send-Exch50

This permission allows the session to send a message that contains the EXCH50 command. If this permission isn’t granted, and a message is sent that contains the EXCH50 command, the server sends the message, but doesn’t include the EXCH50 command.

Ms-Exch-Send-Headers-Routing

This permission allows the session to send a message that has all received headers intact. If this permission isn’t granted, the server removes all received headers.

Ms-Exch-Send-Headers-Organization

This permission allows the session to send a message that has all organization headers intact. Organization headers all start with X-MS-Exchange-Organization-. If this permission isn’t granted, the sending server removes all organization headers.

Ms-Exch-Send-Headers-Forest

This permission allows the session to send a message that has all forest headers intact. Forest headers all start with X-MS-Exchange-Forest-. If this permission isn’t granted, the sending server removes all forest headers.

Reference: http://technet.microsoft.com/en-us/library/aa998662.aspx

 

 

Posted in Exchange 2010, Microsoft | Tagged | Leave a comment

Outlook and its mysterious ways

Posted on August 5, 2011 by

Is it possible to connect with Outlook Anywhere (RPC over HTTPS) via a proxy with authentication?

A: Sometimes.

Try this:

Setup the web proxy in IE

Create a folder in the mailbox, in its properties go to Home page, check Show home page by default for this folder, add some vaild URL in Address

Go to that folder, logon to the proxy when asked, and check remember user and password.

Close Outlook and open it.

Go to the same folder, verify that the page opens without asking user and password, and wait.

Tested with:

Outlook 2010

Windows 7 not joined to the same domain as ISA server.

Exhange 2003

ISA Server with NTLM Auth

 

Posted in Exchange 2003, Exchange 2007, Microsoft, Outlook | Tagged , , | Leave a comment

Add possible Owner to a Cluster Shared Volume

Posted on June 17, 2011 by

Once a Shared Volumes becomes a Cluster Shared Volume you can’t modify the possible owner list from the Failover Cluster Manager Console.

If you try to “Move this shared volume to another node”, and that node is not a possible owner you get:

Operation has failed.

The action ‘Move to node <nodename>’ did not complete

Error code: 0×80071398. The operation failed because either the specified cluster node is not the owner of the group, or the node is not a possible owner of the group.

It can be changed by command line:

cluster . RES “Cluster Disk 1″ /ADDOWNER:<nodename>

Posted in Hyper-V | Tagged , | 2 Comments

Step by step installation of FCS 1.0 on Windows Server 2008 R2 Core

Posted on June 26, 2010 by

Installing FCS 1.0 standalone on R2 core is not an easy task.

Here are the steps required to get FCS running and updated.

1. Get FCS media.

2. Copy Directory CLIENT\X64

3. Get the latest hotfix for FCS. Current hotfix: Update for Microsoft Forefront Client Security (KB979536)

4. Slipstream the hotfix with RTM package. That is:

4.1. Run 

all-fcsam-kb979536-x64-enu_718720c77c7fc208f618974b9916d991141ad737.exe /extract

4.2. Copy the extracted file mp_ambits.msi to CLIENT\X64

5. Install FCS in standalone mode:

5.1. ClientSetup.exe /NOMOM

5.2. Wait for completion

6. Enable Automatic Updates with sconfig.

7. Opt-in to Microsoft Update… that’s the tricky part..

7.1. Create opt-in.vbs.

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”

‘add the Microsoft Update Service, GUID
Set NewUpdateService = ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,”")

5.2. Run cscript.vbs opt-in.vbs

6. Get the first updates with sconfig:
Search for for (A)ll updates or (R)ecommended updates only? a

Searching for all applicable updates…

List of applicable items on the machine:

1> Microsoft Silverlight (KB982926)
2> Definition Update for Microsoft Forefront Client Security – KB977939 (Definit
ion 1.85.837.0)

Select an option:
(A)ll updates, (N)o updates or (S)elect a single update?

7. Reboot.

8. Wait for the next definitions update.

References:

Opt-in to Microsoft Update via script: http://msdn.microsoft.com/en-us/library/aa826676(VS.85).aspx

Slipstream FCS: http://www.itgeek.co.nz/post/Patch-or-slipstream-Microsoft-Forefront-Client-Security.aspx

Posted in Microsoft | Tagged , , , , , | 2 Comments

Forefront Client Security not downloading updates in Windows Server 2008 R2 Core Install

Posted on June 25, 2010 by

After installing all updates available for FCS, the product is unable to download definition updates. No solution so far.

This is the WindowsUpdate.log file where it’s shown that 0 updates are available  for FCS:

2010-06-25 17:19:37:635 1860 3ac Misc ===========  Logging initialized (build: 7.3.7600.16385, tz: -0300)  ===========
2010-06-25 17:19:37:635 1860 3ac Misc   = Process: C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
2010-06-25 17:19:37:635 1860 3ac Misc   = Module: C:\Windows\system32\wuapi.dll
2010-06-25 17:19:37:635 1860 3ac COMAPI ————-
2010-06-25 17:19:37:635 1860 3ac COMAPI – START –  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:37:635 1860 3ac COMAPI ———
2010-06-25 17:19:37:932  800 4d4 Misc ===========  Logging initialized (build: 7.3.7600.16385, tz: -0300)  ===========
2010-06-25 17:19:37:932  800 4d4 Misc   = Process: C:\Windows\system32\svchost.exe
2010-06-25 17:19:37:932  800 4d4 Misc   = Module: c:\windows\system32\wuaueng.dll
2010-06-25 17:19:37:932  800 4d4 Service *************
2010-06-25 17:19:37:932  800 4d4 Service ** START **  Service: Service startup
2010-06-25 17:19:37:932  800 4d4 Service *********
2010-06-25 17:19:37:979  800 4d4 Agent   * WU client version 7.3.7600.16385
2010-06-25 17:19:37:979  800 4d4 Agent   * Base directory: C:\Windows\SoftwareDistribution
2010-06-25 17:19:37:979  800 4d4 Agent   * Access type: No proxy
2010-06-25 17:19:37:979  800 4d4 Agent   * Network state: Connected
2010-06-25 17:19:38:495  800 508 Report CWERReporter::Init succeeded
2010-06-25 17:19:38:495  800 508 Agent ***********  Agent: Initializing Windows Update Agent  ***********
2010-06-25 17:19:38:526  800 508 Agent ***********  Agent: Initializing global settings cache  ***********
2010-06-25 17:19:38:573  800 508 Agent   * WSUS server: <NULL>
2010-06-25 17:19:38:573  800 508 Agent   * WSUS status server: <NULL>
2010-06-25 17:19:38:573  800 508 Agent   * Target group: (Unassigned Computers)
2010-06-25 17:19:38:573  800 508 Agent   * Windows Update access disabled: No
2010-06-25 17:19:38:589  800 508 DnldMgr Download manager restoring 0 downloads
2010-06-25 17:19:38:604  800 508 Agent Attempt 0 to obtain post-reboot results.
2010-06-25 17:19:39:010  800 508 Handler Post-reboot status for package Package_for_KB975467~31bf3856ad364e35~amd64~~6.1.1.0: 0×00000000.
2010-06-25 17:19:40:010  800 4d4 Report ***********  Report: Initializing static reporting data  ***********
2010-06-25 17:19:40:010  800 4d4 Report   * OS Version = 6.1.7600.0.0.196880
2010-06-25 17:19:40:010  800 4d4 Report   * OS Product Type = 0x0000000D
2010-06-25 17:19:40:135  800 4d4 Report   * Computer Brand = VMware, Inc.
2010-06-25 17:19:40:135  800 4d4 Report   * Computer Model = VMware Virtual Platform
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Revision = 6.00
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Name = PhoenixBIOS 4.0 Release 6.0    
2010-06-25 17:19:40:135  800 4d4 Report   * Bios Release Date = 2009-09-22T00:00:00
2010-06-25 17:19:40:135  800 4d4 Report   * Locale ID = 14346
2010-06-25 17:19:40:432  800 62c Agent *************
2010-06-25 17:19:40:432  800 62c Agent ** START **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
2010-06-25 17:19:40:432  800 62c Agent *********
2010-06-25 17:19:40:432  800 62c Agent   * Online = Yes; Ignore download priority = No
2010-06-25 17:19:40:432  800 62c Agent   * Criteria = “(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains ‘e0789628-ce08-4437-be74-2495b842f43b’ and CategoryIDs contains ’0a487050-8b0f-4f81-b401-be4ceacd61cd’) or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains ‘e0789628-ce08-4437-be74-2495b842f43b’ and CategoryIDs contains ’8c3fcc84-7410-4a95-8b89-a166a0190486′)”
2010-06-25 17:19:40:432  800 62c Agent   * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2010-06-25 17:19:40:432  800 62c Agent   * Search Scope = {Machine}
2010-06-25 17:19:40:432 1860 3ac COMAPI <<– SUBMITTED — COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:40:573  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:40:604  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:44:292  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:44:292  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:44:292  800 62c PT +++++++++++  PT: Starting category scan  +++++++++++
2010-06-25 17:19:44:292  800 62c PT   + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2010-06-25 17:19:48:776  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:48:792  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:49:198  800 62c Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2010-06-25 17:19:49:198  800 62c Misc  Microsoft signed: Yes
2010-06-25 17:19:49:198  800 62c PT +++++++++++  PT: Synchronizing server updates  +++++++++++
2010-06-25 17:19:49:198  800 62c PT   + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2010-06-25 17:19:51:542  800 62c Agent   * Found 0 updates and 1 categories in search; evaluated appl. rules of 20 out of 20 deployed entities
2010-06-25 17:19:51:542  800 62c Agent *********
2010-06-25 17:19:51:542  800 62c Agent **  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:542  800 62c Agent *************
2010-06-25 17:19:51:542  800 62c Report REPORT EVENT: {0FCAEAEE-C28E-4E77-9FFE-E807B7933732} 2010-06-25 17:19:40:339-0300 1 183 101 {99DCE205-CE79-4832-B451-5C53B9884226} 101 0  Success Content Install Installation Successful: Windows successfully installed the following update: Security Update for Windows Server 2008 R2 x64 Edition (KB975467)
2010-06-25 17:19:51:557 1860 3b4 COMAPI >>–  RESUMED  — COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:557 1860 3b4 COMAPI   – Updates found = 0
2010-06-25 17:19:51:557 1860 3b4 COMAPI ———
2010-06-25 17:19:51:557 1860 3b4 COMAPI –  END  –  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
2010-06-25 17:19:51:557 1860 3b4 COMAPI ————-
2010-06-25 17:19:51:651  800 62c Report CWERReporter finishing event handling. (00000000)
2010-06-25 17:19:56:542  800 62c Report REPORT EVENT: {505DA39E-7E75-4A61-881C-F541FE3D3789} 2010-06-25 17:19:51:542-0300 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Forefront Client Secu Success Software Synchronization Windows Update Client successfully detected 0 updates.
2010-06-25 17:19:56:542  800 62c Report CWERReporter finishing event handling. (00000000)

Posted in Microsoft | Leave a comment

Access denied connecting to DNS role on Windows Server 2008 R2 core

Posted on May 17, 2010 by

You get access denied when connecting to DNS role running on Windows Server R2 core install, from DNS manager in R2 or Windows 7.

This happens in the following scenario:

  • w2k8 core is configured in a workgroup, not joined to a domain.
  • From w2k8 r2 or Windows 7 you run cmdkey /add:<ip-core-install> /user:administrator /pass and other remote administration task run without problems, p.e. Event Viewer access.
  • You have installed DNS-Role after enabled Remote Management

To fix this issue install & configure Windows 2008 R2 core in the following order:

0. Install Windows 2008 R2 core

1. Rename server (sconfig)

2. Install DNS-Role

2.1. Run Dism /online /enable-feature /featurename:DNS-Server-Core-Role

2.2. Reboot if needed

3. Run sconfig and enable Remote administration

3.1.  Select 4 (Configure remote management)

3.1.1. Select 1 (Allow MMC Remote Management)

3.1.2. Select 2 (Allow Windows PowerShell)

3.2. Restart

3.3. Run sconfig, option 4, option 3 (Allow Server Manager Remote Management)

4. Use cmdkey & DNS Manager from a remote machine.

Posted in Microsoft | Leave a comment

Error running tomcat on RHCS

Posted on September 23, 2009 by

Starting tomcat as a resource of Red Hat Cluster Suite you get

==> /var/log/tomcat5/catalina.out <==

sudo: sorry, you must have a tty to run sudo

Solution:
Comment out the following line on /etc/sudores (using visudo)
#Defaults    requiretty
Then activate the service with:
clusvcadm -e <tomcat-service>
Additional notes:
Error message in syslog:
Sep 23 16:00:06 nodo2 clurgmgrd[3127]: <notice> status on tomcat-5 “tomcat5-res” returned 1 (generic error)
==> /var/log/tomcat5/catalina.out <==
sudo: sorry, you must have a tty to run sudo
Posted in linux | Leave a comment