Defragment and Repair Exchange Information Stores

An Exchange Information Store is a database. A Standard Exchange Server can host 3 Information Store databases. Each is a Jet database and can exist at its own file path and will have a .edb file extension. You can manually defrag an Exchange database using a tool called eseutil. In this case, you’ll encounter from 5 to 20 minutes of downtime per gig of the Information Store. You can run eseutil, Eseutil can be run to scan a database to determine whether an offline defragmentation is necessary. You can run eseutil to manually determine the space that could be saved with a defrag. To do so, run eseutil with the /m and /s options: eseutil /MS "D:\database\primary.edb" To run a defrag, specify that you are defragmenting a /d for database and /ds for the directory. You will need enough space on the drive with the edb files on it to make a copy of the database (double-click on an Information Store to see the path). In this example we’ll specify a temporary directory to use for defraging on another volume, as follows: eseutil /d /ds /tc:D:\backup\eseutildefrag.edb /p Note: To use a temporary volume, increase the amount of time per gig to defrag the database. While defrag is something that eseutil can help with, I find that it’s also frequently used for performing recovery operations on a database. To check: eseutil /r “D:\database\primary.edb” To run, use the /P option: eseutil /P "D:\database\primary.edb" If you have a corrupt or missing .stm file (according to the version of Exchange, you can create one using the /CREATESTM flag: eseutil /P /CREATESTM "D:\database\primary.edb" There are tons of other options available in eseutil. But sometimes the tool cannot run because corruption extends beyond tables and indexes. To chase down corruption, you can also use isinteg. To test a folder on the exchange server called, specify the server using the -s option and indicate -test to run tests as well as the specific test to run, which can be indicated with the alltests option: isinteg -s -test alltests You can also specify specific tests, replacing alltests with folder, allacltests, allfoldertests, search, global, etc. These tests all have their own options. To run a repair also add the -fix option. A lot of corruption can be caused by problems with the service, IO or corrupt volumes. To check volumes, use chkdsk. IO issues often correlate to Event IDs of 10025, 10026 and 10027. Problems with the Information Store service can be varied but should be tracked using the Event Logs and debugging options on a per-service basis.

My MacSysAdmin Presentations For Today

The first presentation I’ll be doing at MacSysAdmin today is on Windows Server in Mac OS X and iOS environments, which can be found here: MacSysAdmin_Windows The second presentation I’ll be doing today at MacSysAdmin is on iOS deployment, which can be found here: MacSysAdmin_iOS If you’re not able to attend then I hope you will enjoy. I’ll try and get them to Tycho for uploading to the official site asap.

Installing the DHCP Service in Windows Server

With the DHCP service no longer in the Server apps provided by Apple (for the most part), it’s important to look at alternative solutions to host the service. The DHCP Service in Windows Server is a Role that a Windows Server can fill that dynamically assigns IP addresses to client computers requesting addresses. The DHCP Role is easily added using the Server Manager application, available in the Administrative Tools menu of the Start Menu. Once opened, click on the Add Roles button. At the Select Server Roles screen, locate DHCP Server and then check the box for it, which will allow you to click on the Next button. At the DHCP Server screen, click on Next. At the Select Network Connection Bindings screen, check the box for each network interface that will be available to DHCP to host DHCP scopes (a scope being a range of addresses that the server will host. Click on Next. At the Specify IPv4 DNS Server Settings screen, enter the name of the search domain to be assigned in the “Parent domain” field. Then provide the ip address for the first DNS server that is provided to clients in the “Preferred DNS server IPv4 address” field. Click on Next once the appropriate DNS information has been provided. If you are using “WINS servers click on WINS is required for applications on this network” and then click on the Next button. At the “Add or Edit DHCP Scopes” screen, click on the Add… button to provide the first DHCP scope for the environment. At the Add Scope screen, enter the following information:
  • Scope name: A friendly name for the DHCP scope (e.g. Marketing Subnet)
  • Starting IP address: The first IP address in the scope of addresses provided
  • Ending IP address: The last IP address in the scope of addresses provided (note that you cannot overlap pools and that
  • Subnet type: Select a type of scope being created (note that this changes the lease times)
  • Activate this scope: Check this box to make the scope available immediately
  • Subnet mask: The subnet mask used by clients of the scope
  • Default gateway: The router for the scope being created
Once you’re satisfied with your settings, click OK. Next, select whether DHCP will be provided for IPv6 and click on Next. If IPv6 is supported, enter the address of an IPv6 based DNS service. Click Next. Next, integrate DHCP with Active Directory (to disable, use the “Skip authorization of this DHCP server in AD DS”) by either allowing the service to use the credentials of the currently logged in user or using the Specify button to provide a different user account. Click Next. At the Summary screen, verify the settings are as intended and then click on Next.The role is then installed and if you selected to do so the service is started as well. There are a lot of steps here, but if you’re new to Windows Server, don’t let that intimidate you. It’s a wizard and normally takes me a little less than 5 minutes, about what we grew to expect from OS X Server.

Setting FTP Banners in IIS

IIS is a pretty straight forward system to manage. One of the more common post-flight tasks for setups of IIS is to configure FTP banners. In Server 2003, this can be done by opening Internet Information Services (IIS) Manager from Start > Administrative Tools. Then, browse to the server name > FTP Sites > Default FTP Site (or the name of the one you would like to configure if you have multiple per server) and then click on the Properties for the site. At the FTP Site Properties pane, click on the Messages tab. Here, you can provide a Banner to be shown to unauthorized users, a Welcome page, to be shown to authorized users, an Exit and define the maximum number of connections. Click Apply to commit your changes and then restart the site (right-click on it in IIS Manager and click Stop, then Start). In Server 2008 the process is pretty straight forward as well. Open Internet Information Services (IIS) Manager from Start > Administrative Tools. Then click on Connections > server name > name of the site > FTP Messages. Then uncheck the box to Suppress Default Banner. Check the box for Support User Variables. Then in the banner field, provide the message to be shown to FTP users that have not yet authenticated. Then in the Welcome Message field, provide a welcome message (you can use Windows variables here). For example, I like “Welcome %UserName% would you like to play a game”. At the Exit Message field you can provide a message to display authenticated users when they log out of the system. Click on Apply and restart the sites that are changed. This can also be done via appcmd.exe or simply using the set command, setting a config to the site path and a message: set config -section:system.applicationHost/sites /[name=''].ftpServer.messages.bannerMessage:"Welcome to" /commit:apphost set config -section:system.applicationHost/sites /[name=''].ftpServer.messages.suppressDefaultBanner:"True" /commit:apphost

Windows Server 2008 R2

Can you say virtualization? How about “better together”? Do you care about Hyper-V or Windows 7 integration right now? If the answer to either question is yes (and in my experience that’s not always actually the case) then you will want to check out R2. One of the biggest new features in R2 is one that VMware has had for about 5 or so years in Live Migration, the ability to move a virtual machine, while it’s running (assuming the application in use supports the ability to do so and that you’re using Clustered Shared Volumes). This includes failover in Cluster Node Connectivity Fault Tolerance. SC VMM, or System Center Virtual Machine Manager in 2008 R2 is more useful than ever in that you can get a dashboard of what you have in motion and move guests between hosts from a single console. You can also more rapidly provision virtual machines with Channels and saved hardware profile templates. Microsoft also fine tuned their application publishing environment, RemoteApp, their terminal services proxy, now called Remote Desktop Services Gateway) and and tweaked RDP to include a number of new Windows 7 like features. While all of this new stuff is great to have, Microsoft is still not going to give VMware much of a run for their money as ESX jumped a whole new level forward with vSphere. Having said that, Hyper-V becomes more mature with each release and is now fully integrated into Windows Server. R2 also supports remotely connecting to another servers Server Manager console, which will likely reduce the number of times you’re establishing Remote Desktop connections to hosts. It also has a Best Practices Analyzer for each service and a new rev of PowerShell (along with a number of PowerShell commandlets wrapped in GUIs). But Charles, you said Windows 7? Sure I did. R2 adds DirectAccess and BranchCache, two new ways to have remote accessibility for remote clients (rather than using a VPN) and remote workers respectively. Windows Deployment Services also got a bit of a feature boost, namely to ease the migration path into Windows 7. There’s also some new AD stuff. Authentication Assurance for Active Directory Federated Services allows for certificate mapping to OUs. djoin.exe can leverage an xml answer file for joining a client into Active Directory while it’s offline. In addition to exe’s there’s also a number (more than 75) of new commandlets for PowerShell. There’s also a recycle bin for those objects you really didn’t mean to delete and finally, a Active Directory Administrative Center, which is pretty much a commandlet wrapper that provides for task-based support administration (I’m on the fence about this one still). IIS 7.5 is also pretty notable. It has new tie-ins for the newly mentioned next release of SQL Server and an automator-like task generator (another wrapper around PowerShell). Not that I’ve been able to test but apparently I can now use 256 logical processors and 32 with Hyper-V). There’s also new failover options (which I haven’t fully explored so I’ll not go into further detail on those yet), an unattended installation feature and more granularly defined cluster node behaviors in this latest generation of IIS. PS – Terminal Services is now known as Remote Desktop Services.

Setting up DFS in Windows Server 2008

The first task that you will complete setting up any WIndows Server 2008 is to set up a Server Role. To do so, open Server Manager and click on Add Roles. At the Add Roles Wizard, click on the Next button to show a list of roles to add. Check the box for File Services and click on the Next button. Click on Next again. At the Select Role Services screen, you’ll see that File Server is checked. This will install the SMB/CIFS services. You’ll also see Distributed File System. Check the box for Distributed File System and the then check the boxes for DFS Namespaces if you want to setup shared folders that spread across multiple servers. You can enable DFS Replication if you need to configure name spaces that get synchronized between multiple servers. When you’re comfortable that you’ve enabled the services required, click on Next. At the Create a DFS Namespace screen, you can go ahead and create your first namespace. To do so, provide a name for the namespace and click on Next. At the Namespace Type screen, click on Domain-based namespace (or if you will be using only the one server go ahead and click on Stand-alone namespace). Note the Namespace preview. This is the path that you will use to connect to the DFS namespace from client systems. Click Next and then at the Namespace Configuration screen, click on Add and then click on Browse to select a folder to be shared. If you do not yet have a shared folder then click on New Shared Folder. At the Create Share screen, provide the path and the permissions for the folder as you would most shares. If you already have existing shares then select the share which will be used to provide the DFS namespace and click on OK. Back at the Add folder to Namespace screen, verify the information appears correct and click on OK. Now you’ll be back at the Namespace Configuration screen. Here, you’ll see the namespace that is presented to users and below it you will see the share point that you created, which will appear to users as a subfolder of the namespace. Provided that you have DFS installed on a second server you can then add a shared directory from that server as yet another subfolder of the namespace. Otherwise, click on the Next button, then verify the settings and click Install. When the installation is complete, click Close. From Administrative Tools, click on DFS Management. Here, you can use the wizard to publish namespaces to multiple servers for replication, configure the backup services for DFS and perform a variety of other wizardly types of tasks. But more importantly, you can click on Namespaces and configure additional shared folders to be added to the namespace and additional servers.

Adding a Role in Windows Server 2008

Installing services in Windows Server has always been a straight forward affair.  In Windows Server 2008, much of the role addition is wizardly and provides administrators with a guided setup.  To get started, open Server Manager from Start -> Administrative Tools.  Then, click on Roles under the appropriate server in the side bar to the left of the screen.  Next, click on Add Roles and then after reading the Before You Begin screen, click on the Next button. At the listing of available roles, click on the role you would like to install and highlight the checkbox for the role, clicking on the Next button once all roles that you are adding have been selected.  At each step along the way, Microsoft has provided you with a number of links.  If you see them, read them.  For each role you will have a number of role services.  These translate very much into the services you see listed in the Services screen of Server Manager.  Highlight and place a checkmark next to each of the services that you would like to install as a part of your role deployment and then click on the Install button.  If the operating system doesn’t have all of the files (ie – .cab) that are needed to install that role then you will be prompted to insert a disk into the drive. Once the installation is complete you will more than likely need to reboot and then you will either be prompted for a wizard to configure the role or you will be able to access the appropriate mmc for the role in Administrative Tools.

Windows Server 2008: Expanding a Volume

You may find that a disk in Windows Server simply isn’t big enough for your greedy applications.  But never fear, the good folks at Microsoft have given us the ability to expand that volume on the fly, as needed by adding other pools of storage or single disks to it.  However, it’s important to keep in mind that if you have a highly available volume (let’s just say a RAID6) and you add a single disk to it then you have just effectively lost the high availability for the data stored on the extended portion of the volume.  So make sure that the new storage you are adding matches up to your policies on RAID levels, etc. To expand a volume first add the storage and do not allocate it to a volume or create a disk out of it.  Leave it as free space.  Then, while logged in as an administrator, open Administrative Tools from the Server Manager.  From here, click on Storage and select Disk Management.  Then right-click on the disk you wish to expand and click on Extend Volume, which will open the Extend Volume Wizard. Click on the free space to add to the disk from the list under the Available column, which will move it under the Selected column.  From here you will be given a value (in MB) for how much to extend the volume.  This cannot be greater than the number listed in the Maximum available space in MB field.   Once you are satisfied with the storage you will be adding into your logical disk click on the Next button.   Read the overview of what will be added, taking note to verify that the total number of MB is not greater than what is available and click on the Finish button.  Now wait and viola your disk should now be bigger. You can also do this through the command line by using the diskpart command.  Basically, you select a partition from a disk by doing select disk and then select partition (you can list disk and list partition to see what you will be managing).  Then use the Extend Size= variable to define how much to extend it by (by default it will just use all the space so you don’t have to set this if you don’t want to).  Once done type Extend and you’re off to the races.   Once again, I need to emphasize that whole redundancy thing.  If you add a single disk into a volume that was RAID 6 then you’re going to be in a far less redundant scenario.  When possible preserve the RAID type for the original media. An alternative to this process is to use a couple of different strategies.   The first is to use a symbolic link provided the application can traverse one.  You can symlink a folder from one drive onto another.  You can do this using the mklink command.  Using symbolic links may allow you to temporarily isolate what data will go onto, for example, a near line disk being used temporarily as online storage.  This can be useful in situations where you plan on adding a larger disk that is fully redundant later and just need to put your data somewhere in the meantime. Another option is the subst command.  Using the subst command you can basically map a drive letter to a folder on the computer.  This will effectively mount up a path as though it were a network share, used similarly to the NET USE command.  A final option from back in the day is to use the append command, but I think this one was not included with Windows Server 2008 so don’t quote me on that… So another point to make is that the process for expanding a volume works with internal media and external media.  So if you have, for example, a fiber channel disk array or some eSATA storage you can expand an internal disk (let’s say C: or D:) to include this media.  So given a full array of internal disks and no available expansion slots you can fairly easily go ahead and add more media even if you are out of internal space.  Ergo, from a storage standpoint, you can almost always upgrade provided you have an extra PCI or PCI-X slot on a Windows Server.  Or you could theoretically use iSCSI storage, although I haven’t personally gone this route in this type of situation…

Extend the AD Schema in 2008 Server using ldifde

  • To import directory objects, at the command prompt, type the following command, and then press ENTER:  ldifdei-ffilename-sservername:port-m-ausername domain password
  • To export directory objects, at the command prompt, type the following command, and then press ENTER:  ldifde-e-ffilename-sservername:port-m-ausername domain password

Windows Server 2008: Install RIS and WDS

In Windows Server 2008 you can use the Server Manager application to enable RIS (part of Windows Deployment Services, WDS).  To do so, open Server Manager and click on Roles in the left column.  Then click on Next and read the Introduction to WDS items.  It’s worth noting that you can setup your server as a Transport Server in WDS, which is a bit like Multicast clustering (eg – multicast ASR imaging for the Mac).  It’s also worth noting that a Deployment Server will use parts of the Transport Server to do its job so you’ll need to install both.  Once you’re satisfied with your selection, click Next and then click on the Install button to install the services.   Prior to installing WDS it would be a good idea to install DHCP, DNS and Active Directory, or at minimum verify their operations.