Exchange 2010 and Receive Connectors (Relaying)

I'll be the first to admit that I can be a total nub at times - which is why when I recently migrated a network and introduced a new exchange server I ran into a small problem.

On the previous server, clients were able to send email from their bespoke software directly to the server but they couldn't do this anymore.

I checked all the settings on the receive connectors and everything seemed fine - eventually I tracked the problem down to a power-shell command that needs to be run on the receive connector in question (thank you http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-relay-connectors-exchange-server-2007-2010-part2.html)

Get-ReceiveConnector <RelayName> | Add-ADPermission –User “NT Authority\Anonymous Logon” –ExtendedRights ms-Exch-SMTP-Accept-Any-Recipient,ms-exch-bypass-anti-spam

As a heads up, if you try and copy and paste the command off the website mentioned above there's a typo in it which will throw an error (look closely and there is a space between smtp- accept- which needs removing)

Back on track - I should now be able to send a mail.. but no, still coming up with unable to relay.

Eventually I read the most useful advice that I've EVER read when dealing with receive connectors..

Change the FQDN that the receive connector provides in response to HELO commands

Why so useful? Well, you can instantly see which connector you are connecting to and find out where the problem lies. Immediately, I could see that I was connecting to a default connector which has no purpose. So I disabled it and tried again - BOOM

And that is why i'm a nub.. it's so obvious and so brilliant!

PS. don't forget to restart the transport service when you make changes :)

Microsoft Small Business Server 2011 and Sage Accounts/Sage Line 50 2015 data service (SBS 2011)

Sage have released their yearly update, however this time around it seems that they've decided to make it more difficult to have your Sage data installed on a server instead of a local PC.

If you have Sage on a network share but no app installed on the server and you update it to 2015, then you may (will!) receive a warning message when you try to connect  that the "Sage Data Service" is not running on the target server.

Usually I don't have the Sage software installed on server - its just another access point that needs maintaining. Instead, the data just resides on a share.

So the fix is to install Sage on the server - but alas, Sage have decided that SBS 2011 is not worthy! If you try and install it from the auto-run app it says that you don't have a compatible system.. even though we all know its 2008 R2 in disguise.

The solution? For me it was a simple task of navigating to the install folder on the sage CD and then running "clientserversetup.exe" instead of trying to install it from the auto-run application.

One thing that may also help is SP1 - but then if you're running SBS 2011 and you don't have SP1 you need a bit of a slap anyway :)

Hope it helps someone.

Edit: It seems that if you can install Sage from the auto-run it actually gives you the option of just installing the "Data Service" instead of the whole application so it may be worth looking into that. But for my part, the above solution fixed it quickly for me.

Edit 2: I confirmed today that SP1 has nothing to do with this - its all down to running the executable instead of installing from the autorun

Microsoft Small Business Server (SBS) 2011 Expired Certificate Renewal

We have a lot of SBS servers at our clients and naturally the self signed certificates (our clients don't like parting needlessly with money, so we never end up having third part signed certs) expire after 2 years of creation.

In the past, I used to run the "Set up your Internet Address" wizard to re-create the certificate as suggested on many forum posts, however I discovered a much neater (and probably correct way) of doing this earlier in the year.

1: Open up the Windows Small Business Server 2011 Standard Console
2: Go to the Network Tab
3: Connectivity Tab
4: On the right hand menu select "Fix my network"
5: The wizard will search for potential problems and should identify that the certificate has expired
6: Renew the certificate

And that should be all

If the certificate isn't showing as expired in the fix my network then the setup your internet address wizard has never been ran - which could cause problems!

Dealing with exchange and small zips containing viruses using transport rules

I have a number of client who often fall for the "Please pay this invoice. Open attached file" type of email. They get it, open it and are then infected with a virus.

A lot of these type of mails seem to slip through spam and AV services, therefore following a suggestion elsewhere I've created the below guide to filter out small attachments. The logic is that generally only larger files get zipped, so if its really small chances are it's a virus.

I understand that this is not always the case - some people zip to password protect and you could add a section to the rule to allow emails from certain addresses always through or certain file names etc. The below is a basic set of guides to follow to setup a filtering system that will move small zips/rars/whatever you want to a different location.

1: Start by making an email address for all the crud to go to - occasionally it may be legitimate and you may need to take a look at it.
2: I made a mail enabled public folder and gave access rights to certain people just in-case something sensitive ended up in there
3: Once made, it's time to head over to the exchange management console
4: Go to Organisation Configuration, Hub Transport and then Transport Rules
5: Create a new Transport Rule, I called mine as below (for when I forget what it was for!)
Name: Small Attachment Spam
Comment: Catches spam by looking for small attachments (ie zips) and moves them to an alternative email

6: Leave the Rule enabled and click next
7: From the list of conditions select "When any attachment file name matches text patterns" and tick it
8: From the same list, also select "When the size of any attachment is greater than or equal to limit"

Double check what you have ticked! If it doesn't work later its because you've most likely selected the wrong option here as there are a few named very similar things

9: Click on the first rule in the second section down (Where is says Apply rule to message when any attachment file matches"
10: In the list, enter your file extensions. I included the dot, so my list contains:
.zip
.exe
.scr
.rar

11: You should see the "and when the size of an attachment is greater than or equal to 0B" in the list below too - leave this set to 0.
12: Click next
13: Scroll down to near the bottom of the list and this time select "Redirect the message to addresses"
14: In the section underneath, click redirect message to addresses 
15: Add the address we created earlier. If you don't want to redirect it you can select a different option such as "Delete the message without notifying anyone".
16: Click next again
17: From the list select "Except with the size of any attachment is greater than or equal to limit"
18: From the lower half, click on except when the size of any attachment is greater than or equal to 0B
19:  Depending on the client this amount changes - if its someone who may send small zips I make it quite small. If its a client who never sends or receives zips then I'll set it as high as 100kb.
20: Click OK
21: Click Next and then Click New

That's it - your rule is now live on the system. This is just a basic example, you can add more to the rule and get it to do a number of other things but this should certainly be a good start.

Cheers

Network Card Drivers for a HP DL360e Rack Server

Just a quick one; had a new server to setup for a client and had real troubles finding the correct network drivers.

After much investigation, turns out that the driver you need for a DL360e rack server is:
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdHome?sp4ts.oid=5317160&ac.admitted=1405944960782.876444892.492883150

Its the HP Ethernet 1Gb 4-port 366i Adapter - the card is a quad port on-board

Why HP didn't add it to the downloads section on the 360e download page I don't know but hopefully this will save someone 30mins of messing around.

Cheers

-- Update --
It has come to my attention since writing this that I may have gone slightly awry when looking for the drivers. Apparently (and I haven't yet had a chance to check this) the drivers are embedded on the motherboard in some kind of flash memory which you can get to appear much like a USB drive by looking in the BIOS

I'd love to hear if this was true - anyone out there shed any light on this?

Hypervisor not running (3112) - AMD FX series CPUs "Virtual machine could not start because the hypervisor is not running"

Having recently decided to build a new test machine for virtual activities, I decided on a budget FX-6300 (piledriver) with a Gigabyte board and 32GB of corsair memory.

After installing Server 2008 R2 and adding the hyper-v role, my first problem started with hyper-v not being able to mount the VHD files.

No worries there, that's a known problem and needs 2008 R2 SP1 installing.

After installing SP1, I ran into a new problem where I got the following error message:

"Hypervisor not running" error 3112

Lots of digging later and i'd managed to get myself into a panic; I was thoroughly convinced i'd wasted my money on a system that wasn't going to run Hyper-V. I'd checked all the basics, AMD Virtualisation support etc and was looking at other peoples suggestions such as hardware DEP.

After much searching, I stumbled on an Microsoft KB support article (2568088) which cured issues with hyper-v and the bulldozer CPUs. In desperation, I tried installing it on the off chance that it would solve my problem even though I have a piledriver.

And guess what? It did.

Thank you Microsoft for the hot-fix, perhaps its about time you updated the details to include other architectures?

I hope that certainly hopes somewhere out there as much as it helped me - KB article is below:

http://support.microsoft.com/kb/2568088

Edit: 10/04/2015
Looks like the hotfix details have been updated now to reflect that it started with the bulldozer series.

Update: 16/07/2015
This problem occurred today on a server following a RAID failure - the secondary plex kicked it and the virtual machines wouldn't start. Long story short, the hypervisor wasn't starting automatically. to fix, I can this from an elevated command prompt:

BCDEDIT /set hypervisorlaunchtype auto   

On a side note, it's also come to my attention that work-arounds have been added to the hotfix notes to get around the AMD issues:

To work around Issue 1, follow these steps:

1. Start Hyper-V Manager.
2. Right-click the virtual machine in question, and then click Settings.
3. Under the Processor configuration for the virtual machine, click to select the Migrate to a physical computer with a different processor version check box, and then click OK.
4. Start the virtual machine.

Windows Backup and Hyper-V - My experiences (0x80042336 and failed to mount virtual hard disk)

I recently installed a virtual platform for a client and ran into a few problems when it came to backing up the virtual machines. Much reading into the subject left me rather confused as there were no real answers the problem, however I do now seem to have it working as it should be.

Setup

Server 2008 R2 running Hyper-V

1 x SBS 2011 Virtual Server

12 x Windows XP Virtual Machines

The Problem

Windows Backup was set to take a full system backup to a removable USB HDD. When the backup starts, it takes all XP machines offline into a saved state as the integration services aren't fully compatible and then tries to backup the SBS machine. After about an hour, the backup fails with error code 0x80042336 . 

If I look in the hyper-v event logs I see an error: failed to mount virtual hard disk for one of the of the VHDs.

I tried changing the job so that only the drives with the VHDs stored on them were included - no good. Started checking hot-fixes, also no good. 

The Solution

Further investigation showed that the SBS machine was waiting on the Sharepoint SP1 upgrade that I posted about previously (http://mindofdes.blogspot.co.uk/2013/10/sbs-2010-backup-issues-operation-to.html). Apparently, even though this is located inside a guest it can effect the backup. Therefore I ran this and upgraded it.

Afterwards, I checked the VSS writers on the host and saw that the hyper-v write was in an error state waiting for a previous operation to complete. I tried restarting the VSS services but this didn't help at all.

At this point, I decided to give the server a full reboot and then run the backups again - low and behold the backup burst into life and seems to be quite happy now.

Did I get lucky? Was it the SharePoint issue causing the problem? Did the first backup break the vss writer when it failed? or perhaps a combination?

Who knows - but for me the issue seems to be resolved.