Thursday, June 30, 2016

Bridged Wireless over Site to Site

I setup a new Sonicwall Soho-Wireless recently, for a satellite site.
The users had mobiles and printers to setup on Wireless, so given the size of the site, I just bridged the inbuilt wireless to X0.

Once installed onsite, there was some requirement for the wireless clients to connect via the site-site VPN to head office.

I ended up having to make 2 firewall rules.


Friday, June 24, 2016

Server 2008 Logon

I had a client who could not log onto the SQL server to run some critical backups.
As it was days away from end of financial year, they were getting a bit worried.

The Logon process would get stuck at Applying Group Policy Printers policy...

During the process, the user had gotten fed up, and disconnected the remote session.
When they contacted me, I was getting the following error.

To resolve this, I logged in as my account, and ran "query process winlogon.exe". Identified the process without a session name, noted the PID. Located that PID in Task Manager (you cannot use the taskkill.exe application), and killed the process.

I then created a security group in Active Directory called "Group Policy Exceptions" and added the server in question, Fired up Group Policy Management, found the policy in question, and added the group in Delegation with "Read" permissions. Clicked on Advanced, and then unticked "read" and ticked "Apply group policy - Deny".

Logged on as the user, and confirmed successful login.

Monday, June 20, 2016

Client Managed Distribution Groups

So previously, having a user manage the distribution group via Exchange 2007 and older, through Outlook was relatively easy. You just had to remember to tick the box in Active Directory, to allow them to modify the group.

Exchange 2010 and above has changed this "by design".

To resolve this, you need to download and run the Manage-GroupManagementRole.ps1 script, from TechNet.

Run the following from the Exchange Management Shell: Manage-GroupManagementRole.ps1 -creategroup -removegroup

This takes care of everything you need, and you can then use Exchange to control the groups that you wish users to be able to modify.

Friday, June 17, 2016

Windows Updates Broke My Group Policy

After the most recent round of Windows Updates, 2 of my clients started losing Group Policy Object settings on all workstations.

I tracked the issue to KB3163622, which changes the security context from users to computers, when reading the group policies.
The fix is to ensure that "Authenticated Users", or if you use Security Filtering, ensure "Domain Computers" is added with Read permissions.

More information can be found here:

Friday, June 10, 2016

0x8007046a - Not enough server storage is available to process this command

One of my clients received a new 2012 R2 server, with over 10tb of drive space on the data drive.
During the process of migrating their data from the old 2003 R2 server, I ran into the error message "Not enough server storage is available to process this command" while just manually copying the files through Windows Explorer. There was approximately 1tb worth of data to copy. Giving me 9tb free on the drive. Plenty of space.

The files were of random sizes. Some being 50gb in size, others being 10mb in size. There was no rhyme or reason.

Out of curiosity I decided to utilise Robocopy to complete the task. I normally use this for data to retain permissions, but had neglected to as this was just a backup repository.

I ran the following command robocopy \\sourceserver\folder e:\folder /mir /e /log:log.txt

All the files copied successfully.
Moral of the story? Always use robocopy.

Exchange 2010 Memory Usage Limit

Any self respecting Exchange SysAdmin will be able to tell you, that it is incredibly normal, and expected, for store.exe (Microsoft Exchange Information Store) to contionously grow in memory usage, until it uses 100% of the free RAM resources available.

This has been the case for as long as I can remember.

One of my clients is using SBS 2011, which comes with Exchange 2010.
They also heavily utilize the SQL components of SBS 2011.

The afore mentioned normal behavior of store.exe causes delays when doing basic things in SQL on the SBS 2011 server.

After a bit of searching, I found the following ADSIEDIT work around.
Connect to the Configuration Naming Context

Navigate to Configuration > Services > Microsoft Exchange > "Organisation Name" > Administrative Group > Servers > "Server Name" > InformationStore

Right click on InformationStore, select Properties and locate the both msExchESEParamCacheSizeMax and msExchESEPCacheSizeMin

I set the following, which is 1gb for min, and 4gb for max. Please note, that you must enable both Min and Max options for it to work.

Exchange 2007 uses different page sizes, and I only calculated for Exchange 2010.
Exchange 2013 and 2016 do not have SBS versions, so you won't ever need to worry about limiting their store.exe sizes.

Once you've done this, you need to restart the Microsoft Exchange Information Store, and it should stay under the 4gb limit.

Friday, June 3, 2016

Cisco VPN Install Error 27850

One of my clients recently had an issue with their MYOB AO software, which requires a Cisco VPN client to be installed to complete certain tasks.
For some reason, it had removed itself, and when attempting to reinstall manually, I encountered the following error in Windows 7 x64:
Error 27850. Unable to manage networking component.  Operating system corruption may be preventing installation.
The long and short of it is a registry edit.
Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\MaxNumFilters
Default: 8
Maximum setting: 14

I have bumped this up to 14 for my client, and it's now successfully working.