Category Archives: 2008

SCVMM Powershell Scripts

Posted by

0


I have been working on setting up a shared VMM configuration where I have multiple servers that are shared with multiple developers (they each have their own server but all ties into the same SCVMM.

I copied over VMs, ISO, and Templates to the individual servers but I wanted the resources on each server to be defined as belonging to the developer using it.

But when you copy them they all show as unknown…… now I am lazy and don’t want to go to the properties of each object and set the owner, and powershell being the wonderful thing it is made this easy so here is my “owner script”

You can run as individual 1 liners or save all together as a single .ps1 file

 

*************************************************************

Get-vmmserver localhost

#Set all TEMPLATES on SERVER1 to USER_ONE

Get-Template | ? {$_.LibraryServer -EQ "SERVER1.LAB.LOCAL"} | Set-Template -Owner USER_ONE | FT name, owner

#Set all ISO on SERVER1 to USER_ONE

Get-iso | ? {$_.LibraryServer -EQ "SERVER1.LAB.LOCAL"} | Set-iso -Owner USER_ONE | FT name, owner

#Set VM on SERVER1 to USER_ONE

get-VM | ? {$_.LibraryServer -EQ "SERVER1.LAB.LOCAL"} | Set-VM -Owner USER_ONE | FT name, owner

get-VM | ? {$_.VMHOst -EQ "SERVER1.LAB.LOCAL"} | Set-VM -Owner USER_ONE | FT name, owner

#Set VHD on SERVER1 to USER_ONE

Get-VirtualHardDisk | ? {$_.LibraryServer -EQ "SERVER1.LAB.LOCAL"} | Set-VirtualHardDisk -Owner USER_ONE | FT name, owner

 

****************************************************************

Troubleshooting RBAC

Posted by

0


(or determining RBAC Permissions)

  • Get-ManagementScope - displays defined scopes, or details of a individual scope.
  • Get-ManagementRole
    • GetChildren – enumerate roles of immediate children
    • Recurse – enumerate roles of children and the children of those roles
    • Cmdlet – enumerate roles include this specific cmdlet
    • CmdletParameters – enumerate roles include this specific parameter
    • RoleType
  • Get-ManagementRoleEntry – shows all the role entries in a Management role (Ex: Get-ManagementRoleentry “Recipient Policies\*”)
  • Get-RoleGroup – shows all the groups or if you specify one with –ID will give you details on that group
  • Get-RoleGroupMember – shows all the group’s members (ex: Get-RoleGroupMember “Organization Management”)
  • Get-RoleAssignmentPolicy – Shows the role assignment policies
  • Get-ManagementRoleAssignment

    • http://technet.microsoft.com/en-us/library/dd351024.aspx
    • Examples: 
      • Get-ManagementRoleAssignment –Role “Organization Configuration” –GetEffectiveUser –Delegating $False | FL Name, RoleAssigneeName, EffectiveUserName, AssignmentChain (shows the users and groups that have Org Config RBAC permissions)
      • Get-ManagementRoleAssignment -WritableRecipient administrator –GetEffectiveUsers (shows the users that can make changes to administrator)

      •  

Note: As with all powershell commands you can use help cmdlet –examples to get more info (ex: help Get-ManagementRoleAssignment –Examples)

 

What version is my Exchange Server?

Posted by

1


Have you run into an issue where you were asked what build of exchange you have and weren’t able to provide a quick answer? well now you can.

 

Here is the Microsoft Wiki that contains all the 2007-2010 version numbers.


http://social.technet.microsoft.com/wiki/contents/articles/exchange-server-and-update-rollups-builds-numbers.aspx

For older versions
http://support.microsoft.com/kb/158530

 

To find your build number just run this from powershell

Get-ExchangeServer |ft identity,*DisplayVersion

Disable TOE and RSS

Posted by

0


These technologies are great if your environment support them end to end, but if not you may see some of the following issues.

Symptoms include

  • Sporadic Network issues.
  • Service failing (Because of network login issues)
  • Delay in service start (Because of network login issues)
  • Unexplained issues that Seem to be network related but other areas have already been investigated

 

Resolution: To keep it as simple and reliable as possible

  1. Update to latest drivers
  2. Disable Everything that says offload or scaling in the NIC properties
  3. Disable it for the OS as well

2008      

  • netsh interface tcp set global rss=disabled
  • netsh interface tcp set global chimney=disabled
  • netsh interface tcp set global autotuninglevel=disabled

2003

  • Netsh int ip set chimney disabled

Random issue with Outlook 2003 accessing Exchange 2010.

Posted by

3


Possible Symptom

  • Slow or hangs when accessing shared calendar or public folder information from outlook 2003
  • Delay in email
  • Errors
    • “Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.”
    • “Unable to expand the folder. The set of folders could not be opened.”

 

3 Possible causes

  1. RPC Throttling
    • Here is a very good article on it
    • In a nutshell you need to set a policy that will increase “RCAMaxConcurrency”
      • As a testing step run this:
        Get-ThrottlingPolicy | set-ThrottlingPolicy –RCAMaxConcurrency $null
      • If it does resolve the issue follow the article above to set a new policy correctly and revert the test setting
        Get-ThrottlingPolicy | set-ThrottlingPolicy -RCAMaxConcurrency 20
  2. UDP notification
    • Solution is to put the 2003 Outlook client in cached mode.
  3. Genuine network issues (here are some general tips)
    1. Check cabling
    2. Check Switch Logs
    3. Try to isolate client to server to eliminate network issues as a cause.
    4. Disable TOE and RSS on NICS
    5. Check that the NIC and the switches are running the same speed and duplex
    6. Use a sniffer to inspect traffic.

Publish Exchange 2010 with TMG (cont)

Posted by

13


Walkthrough on publishing all roles through TMG. (Part 4/4 SMTP)

This assumes:

  1. you have a MX record pointed to a name that points to the external IP of your TMG
  2. You have already configure your exchange to allow anonymous access on the receive connector

Configure SMTP rule on TMG

  1. Open Forefront TMG
  2. Click on  image_thumb51_thumb1[1]
  3. In the Action Pane under Task click image
  4. image
  5. image
  6. Enter your Transport Server internal IP
  7. image
  8. image
  9. image
  10. You should now be able to send mail through your TMG to your Exchange.

Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:

1. OWA
2. EWS\Outlook anywhere
3. Active sync
4. SMTP

Publish Exchange 2010 with TMG (cont)

Posted by

8


Walkthrough on publishing all roles through TMG with AD pre-auth on TMG. (Part 3/4 active sync)

Configure Active sync rule on TMG

  1. Open Forefront TMG
  2. Click on image_thumb5[1]
  3. In the Action Pane under Task click  image_thumb6[2]
  4. Give the rule a Name ill name mine “2010 Activesync”
  5. image
  6. Next –> Next
  7. image
  8. Internal Site Name should be your CAS server FQDN (needs to be on the cert)
  9. image
  10. The external name is what you use to access active sync(Also needs to be on the cert)
  11. image
  12. Select the Listener OA listener created on Part 2.
  13. image_thumb24[1]
  14. image
  15. image
  16. Finish
  17. Now Outlook anywhere is published!
  • Go Back To OWA

  • Go Back to Outlook anywhere

  • Move on to SMTP

    Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:

    1. OWA
    2. EWS\Outlook anywhere
    3. Active sync
    4. SMTP

    • Publish Exchange 2010 with TMG (cont)

    Posted by

    9


    Walkthrough on publishing all roles through TMG with AD pre-auth on TMG. (Part 2/4 EWS\Outlook anywhere)

    Configure Outlook anywhere rule on TMG

    1. Open Forefront TMG
    2. Click on image_thumb5[1]
    3. In the Action Pane under Task click  image_thumb6[1]
    4. Give the rule a Name ill name mine “2010 OA”
    5. image
    6. Next –> Next
    7. image_thumb8[1]
    8. Internal Site Name should be your CAS server FQDN (needs to be on the cert)
    9.  image_thumb9[1]
    10. The external name is what you use to access OA (Also needs to be on the cert)
    11. image
    12. Click new to make a new Listener
    13. image_thumb11[1]
    14. Name it whatever you want, I named mine “Basic Auth” because I am going to use it for Basic auth for OA\EWS.
    15. image_thumb12[1]
    16. Select one of the External IPs listed (not all IP addresses or you cant do multiple auth methods)
    17. image
    18. Select the certificate you imported earlier
    19. image_thumb14[1]
    20. Use HTTP Authentication
    21. image 
    22. Click –> Next –> Finish –> Select the Listener.
    23. image
    24. image 
    25. image_thumb19[1]
    26. Finish
    27. Now Outlook anywhere is published!

    Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:

    1. OWA
    2. EWS\Outlook anywhere
    3. Active sync
    4. SMTP

    Publish Exchange 2010 with TMG (Forefront Threat Management Gateway)

    Posted by

    30


    Walkthrough on publishing all roles through TMG with AD pre-auth on TMG. (Part 1/4 OWA)

    Keep in mind to do it this way you need to have the following

    1. At least 2 External IPs listed on the external NIC (in order to have both forms based auth for OWA\ECP and Basic for OA,EWS,EAS
    2. A multi-name trusted Certificate with all applicable names (For more information) –This is critical!
    3. TGM can authenticate with AD already (either domain joined or authentication configured)

    Start By preparing the exchange server

    1. Configure Exchange 2010 for basic authentication
      1. Run the following on the CAS server that will be published
        • Set-OwaVirtualDirectory -id <CasServer>\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
        • set-WebServicesVirtualDirectory -id <CasServer>\* -WindowsAuthentication $true -BasicAuthentication $true
        • set-EcpVirtualdirectory -id <CasServer>\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
        • set-OabVirtualDirectory -id <CasServer>\* -WindowsAuthentication $true -BasicAuthentication $true
        • set-ActiveSyncVirtualDirectory -id <CasServer>\* -BasicAuthentication $true
    2. Copy the 3rd party certificate to the TMG server.
      1. Click Start –> Run –> Type MMC
      2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
      3. Click Personal –> certificates
      4. Right Click on 3rd party certificate and click all tasks –> export
      5. Click Next –> Yes, Export Private Key –> Base-64 –> next –> Browse for file location.
      6. Next-> finish
      7. Copy certificate file to the TMG server
      8. Click Start –> Run –> Type MMC
      9. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
      10. Click Personal –> Right Click certificates –> all task –> import –> next –> select file –> next –> next finish
    3. Configure OWA Rule on TMG
      1. Open Forefront TMG
      2. Click on image
      3. In the Action Pane under Task click  image
      4. Give the rule a Name ill name mine “2010 OWA”
      5. image
      6. Next –> Next
      7. image
      8. Internal Site Name should be your CAS server FQDN (needs to be on the cert)
      9. image
      10. The external name is what you use to access OWA (Also needs to be on the cert)
      11. image
      12. Click new to make a new Listener
      13. image
      14. Name it whatever you want, I named Mine FBA because I am going to use it for Forms Based auth for OWA.
      15. image
      16. Select one of the External IPs listed (not all IP addresses or you cant do multiple auth methods)
      17. image
      18. Select the certificate you imported earlier
      19. image
      20. Use Form Authentication
      21. image
      22. You can configure SSO if you have other sites that will use this listener
      23. image
      24. Click –> Next –> Finish –> Select the Listener.
      25. image
      26. image
      27. image 
        You CANNOT use “all users” here you need to have authenticated users or another group that requires authentication or your will not get prompted for auth. and get a 500.24 in browser
      28. Finish
      29. Now OWA is published!
    4. Now on to EWS\Outlook Anywhere

     

    Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:

    1. OWA
    2. EWS\Outlook anywhere
    3. Active sync
    4. SMTP

    DAG Cross Site\Subnet networking – Additional Configuration

    Posted by

    5


    When you add servers to a DAG it will create a network for every subnet\NIC that server is connected to, this is nice because as soon as you add the server it can replicate with the other nodes.
    However there are some post configuration steps you need to take otherwise replication will occur over the MAPI\Client network and never use the replication network.

    1. You should NEVER have multiple gateways, if you have a private\heartbeat network that is routed you need to remove the gateway and add a static route.
      Example: You configure the gateway on the public NICsimage  
      and configure the following static routes:
      Site A  image
      Site B  image
       
    2. Next you will notice your “DAG Networks” may look something like thisimage
      The issue with this configuration is that there is no clearly defined replication or mapi networks, so what we need to do is collapse them into 2 dag networks.
    3. Modify the networks to include both subnets, (I named mine for easy identification.
      i.e. Combine 10.0.1.x with 10.0.2.x and 192.168.2.x and 192.168.1.x
      image
    4. I would also recommend disabling replication on the MAPI or client network, (it will be used anyway if the replication network is not available.

    You should now be replicating over the replication network, you can verify with the following:

    • Get-MailboxDatabaseCopyStatus <DatabaseName> -ConnectionStatus | fl name, outgoingconnections,incomminglogcopyingnetwork