Remote Desktop Licensing Error

Today I got a call from client that he can’t connect to his Remote Desktop Service  from his Windows 7 client.

He would get following error: The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

Since I was sure the licensing was in order I searched for another possible problems.

The cause of the problem was in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.

So here is one of possible solutions if you are getting this error when trying to connect to Terminal Server (Be sure to backup your registry before you do this or export the MSLicensing keys, in case this isn’t the cause of your problems):

1. Open registry editor (Start > Run > regedit)
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ and find MSLicensing folder
3. Right click on it and select delete
4. Start Remote Desktop Client (Start>Run>mstsc) as local administrator to rebuild the deleted keys

Getting an Exchange Database into a Clean Shutdown State using Eseutil

1. Check to see if your database is in a Clean State by running the following command in EMS:
Eseutil /mh "path/to/the/database.edb"

2. If it is in a clean state, simply copy all the .log files out of the exchange database directory to any location and mount the database.

So you’ve just restored an Exchange database, and now you are trying to mount it. To your surprise, you are getting an error similar to the following:

Couldn’t mount the database that you specified. Specified database: DB2; Errorcode: An Active Manager operation failed. Error: The database action failed. Error: An error occurred while trying to select a database copy for possible activation. Error: The database ‘DB2′ was not mounted because errors occurred either while validating database copies for possible activation, or while attempting to activate another copy. Detailed error(s):
An Active Manager operation failed. Error: Operation failed with message: MapiExceptionCallFailed: Unable to mount database. (hr=0×80004005, ec=-550)

Before you can mount a database restored from a backup, it needs to be in a clean shutdown state. You can use the Eseutil tool to check whether a database is in a clean shutdown state – if it is not in a clean shutdown state you can perform a repair to get the database into consistency.

Soft Recovery using Eseutil

The first thing you want to do is verify that the database is in a dirty shutdown state. We can do this using the eseutil /mh command. For example:

The output from the above command shows us that the database is dirty shutdown:

We can also see from the output, under Log Required, the database is missing a transaction log. We can replay log files into the database (as long as they exist) to get the database into consistency. To do this, we use the following syntax with eseutil:
eseutil /r /l /d
For example, my log file prefix is E02, and my database and logs are stored in G:\E_\Program Files\Microsoft\Exchange Server\V14\Mailbox\DAGDB1 . Here is a screen shot of the command:

When this repair is complete, I can run the eseutil /mh command again to verify that the database is in a clean shut down state:

At this point, I’ll be able to mount the database. This will almost always work when you restore a database from a Windows Server Backup, but there may be times when this doesn’t work and you need to perform a hard repair.

Performing a Hard Repair

Performing a hard repair using eseutil /p will check the database for any damaged pages; if it finds any, it will delete them. Make sure that you can live without any data inside the database before doing a hard repair, because you may lose data. Also, make sure you have twice as much free space as the size of the database before doing a hard repair – this is required for the temporary database that will be created.
To perform a hard repair, use the eseutil /p command, as shown here:

Once this completes, you can use the eseutil /mh command to verify the database is clean shutdown.

Redirection Folder My document From GPO

The following instructions work for redirecting My Documents/Documents. I cannot guarantee it will work for other redirected folders but it follows the same pattern so there is no reason why it shouldn't.

When setting up the root folder for redirected folders:

Setting the NTFS permissions

Create the folder in the required location (ie. E:\Users)

Disable inheritance of permissions from the parent and remove all inherited permissions by clicking the appropriate button.

One entry will already be in the DACL: Local Administrators.

1. Alter Local Administrators: Full Control: This folder, subfolders and files
2. Add SYSTEM: Full Control: This folder, subfolder and files.
3. Add CREATOR OWNER: Full Control: This folder, subfolders and files.
4. Add Authenticated Users: List folder / read data, Create folders / append data: This folder only
5. Add Domain Admins: Full Control: This folder, subfolders and files.
6. Click OK.

These permissions grant users the ability to create their redirected folder in the root folder but not the ability to browse the contents of other people's folders. Best practice dictates that you should allow the redirected folder locations to create themselves as users log on.

Create the share and add share permissions

Share the root folder created earlier as \\SERVER\Users (or if you want to hide it, \\SERVER\Users$\

Adjust the share permissions as follows:

1. Remove Everyone
2. Grant Authenticated Users Full Control
3. Grant Domain Admins Full Control (Not necessary but useful for completeness)

Configure the GPO

1. Open Group Policy Manager
2. Create a new GPO or edit your existing one.
3. Expand User Configuration > Policies > Windows Settings > Folder Redirection
4. Right-click My Documents/Documents and click Properties.
5. Choose Basic - Redirect everyone's folder to the same location
6. Under Target folder location choose Create a folder for each user under the root path
7. Set the Root Path: to \\SERVER\Users
8. As you type, you will see an example location listed to show you how the folders will be created as users log on.
9. On the Settings tab, uncheck Grant the user exclusive rights to Documents
10. Under Policy Removal, select your preferred option depending on your requirements.
11. Link the GPO at the appropriate OU.

Despite assurances from Microsoft in another article, granting users exclusive rights to My Documents in the GPO will stop you from being able to access the contents of a users' folder. Probably not good for backup!

Configuring HP-UX 11i for the HP LeftHand SAN

Follow these steps to configure the iSCSI initiator, incl

uded in the installation of HP-UX 11i, to use with

the HP LeftHand SAN.

Step 1: Verify the iSCSI initiator is running

•

To verify that the iSCSI initiator is running

, in HP-UX 11i execute the following command:

iscsiutil –l

This returns something similar to the following:

Initiator Name :

iqn.1986-03.com.hp:hpntc916.Z3e113981e2afd927

Initiator Alias :

Authentication Method :

CHAP Method : CHAP_UNI

Initiator CHAP Name :

CHAP Secret :

NAS Hostname :

NAS Secret :

Radius Server Hostname :

Header Digest : None,CRC32C (default)

Data Digest : None,CRC32C (default)

SLP Scope list for iSLPD :

Use the initiator node name (shown here in bold) to register the server in the CMC as detailed

in the

HP SAN/iQ Software Users Guide

.

Step 2: Add the discovery target address

•

To add the discovery target address or addresses,

run the following command using the virtual IP

(VIP) address in the cluster:

iscsiutil –a –I (Virtual IP)

(Note that there is no confirmation output of this command.)

2

Step 3: Confirm connection to volume targets

•

Run the following command to ensu

re that the initiator was able to establish a connection to

the volume targets:

iscsiutil –p –D

This returns discovery target informatio

n, which looks similar to the following:

Discovery Target Information

----------------------------

Target # 1

-----------

IP Address : 10.160.32.21

iSCSI TCP Port : 3260

iSCSI Portal Group Tag : 1

User Configured:

----------------

Authentication Method :

CHAP Method : CHAP_UNI

Initiator CHAP Name :

CHAP Secret :

Header Digest : None,CRC32C (default)

Data Digest : None,CRC32C (default)

 In this example, there are 1 volumes.

Note:

The iSCSI sessions were not configured us

ing CHAP, SLP, or any form of digest.

For information on these options, use the

HP SAN/iQ Software Users Guide

and the

iscsiutil

man pages.
Step 4: Confirm HP SAN/iQ

Software volumes

•

To confirm that HP-UX has operating HP SAN/iQ

Software volumes, and to discover the logical

device files for the targets,

enter the following command:

ioscan –fnH 255

This command returns something similar to the following:

Class I H/W Path Driver S/W State H/W Type Description

===========================================================================

ext_bus 21 255/0/3.0 iscsial CLAIMED INTERFACE iSCSI-SCSI

Protocol Interface

disk 1032 255/0/3.0.0.0 sdisk CLAIMED DEVICE

LEFTHANDiSCSIDisk

/dev/dsk/c21t0d0 /dev/rdsk/c21t0d0

ext_bus 22 255/0/6.0 iscsial CLAIMED INTERFACE iSCSI-SCSI

Protocol Interface

disk 1033 255/0/6.0.0.0 sdisk CLAIMED DEVICE

LEFTHANDiSCSIDisk

/dev/dsk/c22t0d0 /dev/rdsk/c22t0d0

ext_bus 24 255/0/12.0 iscsial CLAIMED INTERFACE iSCSI-SCSI

Protocol Interface

disk 1035 255/0/12.0.0.0 sdisk CLAIMED DEVICE

LEFTHANDiSCSIDisk

/dev/dsk/c24t0d0 /dev/rdsk/c24t0d0

There is an entry for each target or volume.

Note:

HP-UX has a limit of 256 block device targets. Af

ter the initial discovery, HP-UX creates a single

logical device for each new device

target (volumes and snapshots) it finds on the HP LeftHand SAN.

Once the HP-UX iSCSI initiator recognizes a target, yo

u need to clear devices from the kernel registry.

See “

Clearing the kernel registry

” below for details of the procedure to clear devices from the kernel

registry.

Step 5: Start using the iSCSI volumes

•

You can now begin using the iSCSI volumes as you

would any direct-attached disks, either as raw

disks or by formatting the disks.

Clearing the kernel registry

HP-UX accommodates 256 iSCSI sessions and does

not clear block device links to old targets

including deleted snapshots. You must manually clear the registry of stale sessions once this

maximum is reached in order to

establish new iSCSI sessions. Note that clearing the kernel

registry clears out all configurations, so afte

r clearing you will need to recreate any old

configurations you want to preserve.

Here is the procedure to clear out your iSCSI configuration from the kernel registry:

1.

Before deleting all the iSCSI information in the registry and rebooting the system, preserve

the original configuration as follows:

# ioscan -kfn > /tmp/ioscan.pre_shutdown.out

# iscsiutil -p > /tmp/iscsi_tgt.pre_shutdown.out 

2.

Delete all iSCSI information from the registry (all steps must be done as root):

# echo "iscsi_krs_delete/W 1" |adb -w /stand/vmunix /dev/kmem

(assuming system was booted

from /stand/vmunix ...)

# iscsiutil –x

3.

Reboot the system immediately.

4.

Once the system is back online, you will have

to recreate your iSCSI configuration.

This completes the procedure for configuring HP-UX 11i for use with the HP L

Delete file older then X days

1. Copy file older than X day to destination folder
     > robocopy (Source) (Destination) /move /minage:x
        example: robocopy c:\temp c:\delete /move /minage:7
        copy file older than 7 days form c:\temp to c:\delete
2. Delete all file at c:\delete
    > del /q destination
       example: del /q c:/delete
       
regards, Asnan

Perintah2 Yang sering Digunakan DI EXchange shell

1. Get-Mailboxstatistic | Sort-Object TotalItemSize –Descending

Event ID : 4001 A transient failure has occurred. The problem may resolve itself in awhile. The service will retry in 56 seconds.

1. Check out the database where is the location of Microsoft System Attendant; Use the below command;
Get-MailboxStatistics | Where-Object {$_.DisplayName -eq "Microsoft System Attendant"} | fl
2. Make sure the database is mounted.
*for my lovely Chubby*

Error updating public folder with free/busy information on virtual machine EOBMAIL02. The error number is 0x80004005. On exchange 2007

In the Exchange Management Shell, run the following command: get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY" -Recurse | fl name,Replicas Notice that at least one of the SCHEDUE+ FREE BUSY folders is missing an Exchange 2010 or Exchange 2007 server listed as a replica. For example, the output may appear as follows: Name : EX:/o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) Replicas : {} In the Exchange Management Shell, run the following command: set-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\" -replicas "" For example, type: Set-publicfolder –identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY\EX:/o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)” –Replicas “Server\Storage Group\Public Folder Database” Verify that the public folder group now has a replica using the command from step 1. In the following example, the folder now has a replica object. Name : EX:/o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT) Replicas : {Public Folder Database}

Some users cannot access Exchange Server 2007 OWA

To resolve this problem, follow these steps:

1. Open Active Directory Users and Computers.
2. Click View, and then click Advanced Features.

Note To make the Security tab available at both the user level and the organizational unit level, you must enable the Advanced Features option in Active Directory Users and Computers. This option is available under the View menu.
3. Open the properties for both the user level and the organizational unit level that the users are located in, and then locate the Security tab.
4. Click Advanced.
5. Make sure that the following check box is selected:
Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here.
6. Force Active Directory replication.

stop recovery document at libreoffice

To stop the recovery process, you can delete the file Documents and settings//Application data/Openoffice.org2/user/registry/data/org/openoffice/Office/Recovery.xcu.

Beware, it resets the settings for Autosave in the Tools>Options>Load/Save>General dialog

Renew Self Certificate for Exchange 2007

Dari exchange management shell;


[PS] C:\Windows\system32>Get-ExchangeCertificate -thumbprint "D5AD872B9DF0428478
051463929E85573FF8A4E8" | New-ExchangeCertificate

Confirm
Overwrite existing default SMTP certificate,
'D5AD872B9DF0428478051463929E85573FF8A4E8' (expires 5/31/2012 10:33:18 AM),
with certificate 'D02FA4CB9596FC240B3583811A8A517E76FC2780' (expires 3/12/2017
1:34:12 PM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y")

dan untuk meng-enable kan iis nya

Enable-ExchangeCertificate -thumbprint “D02FA4CB9596FC240B3583811A8A517E76FC2780” -services IIS

 Remove-ExchangeCertificate –Thumbprint "D5AD872B9DF0428478051463929E85573FF8A4E8"

Bare Metal backup at Windows 2008

Using WBADMIN to crate bare metal backup windows 2008

wbadmin start backup -include:c:,d:,e: -backupTarget:\\SERVER\SHARE -allcritical -quiet

Done

Backup and restore With WBAdmin

To script the backups, you'll need to create a batch file and use the wbadmin start backup command. For a list of the options you can use with wbadmin, you can go to the command prompt and type in, "wbadmin start backup -help".

A sample command you'll use will be:

wbadmin start backup -include:c:,d:,e: -backupTarget:\\SERVER\SHARE -quiet

wbadmin start systemstatebackup -backupTarget:\\share\share:

This example shows you how to backup C:, D: and E: drives and backup systemstate - but of course, you should customize this parameter to suit your system.

Optionally, you can use the -user and -password options to explicitly specify the username and password to use when connecting to the share.

Save this batch file to disk - for example, C:\Users\Administrator\Desktop\RunBackup.bat

Note: you should run the file interactively from the command prompt so that you can test running your script before scheduling it.

To perform a system state recovery of the backup from 04/30/2005 at 9:00 A.M. that is stored on the shared resource \\servername\share for server01, type:

wbadmin start systemstaterecovery -version:04/30/2005-09:00 -backupTarget:\\servername\share -machine:server01

Disable Offline Address Book Outlook 2007

Manually Change Offline Address Book Settings

You can manually edit your Registry and configure the following key to DISABLE the Offline Address Book (note that you will need to create the "Cached Mode" Registry key if it is not already present):
Outlook 2007

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Cached Mode
Parameter: DownloadOAB
Type: REG_DWORD
Value: 0

Outlook 2003

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Cached Mode
Parameter: DownloadOAB
Type: REG_DWORD
Value: 0

At this point, Outlook will no longer automatically download the offline address book. However, if you click the "Send/Receive" button within Outlook, by default it will reset your offline address book setting - in effect it re-enables the offline address book. To prevent this from happening, complete the following steps.
Open Outlook
Go to "Tools" > "Send/Receive" > "Send/Receive Settings" > "Define Send/Receive Groups"
Highlight the group "All Accounts" and click "Edit"
In Outlook 2007, check the "Include the selected account in this group" checkbox
Uncheck the "Download offline address book" checkbox
Click "OK"
Click "Close"

Install Hyper-V on Windows server 2008

Step 1: Install Hyper-V
You can use Server Manager to install Hyper-V.
To install Hyper-V
1. Update to windows server 2008 SP2
2. Click Start, and then click Server Manager.
3. In the Roles Summary area of the Server Manager main window, click Add Roles.
4. On the Select Server Roles page, click Hyper-V.
5. On the Create Virtual Networks page, click one or more network adapters if you want to make their network connection available to virtual machines.
6. On the Confirm Installation Selections page, click Install.
7. The computer must be restarted to complete the installation. Click Close to finish the wizard, and then click Yes to restart the computer.
8. After you restart the computer, log on with the same account you used to install the role. After the Resume Configuration Wizard completes the installation, click Close to finish the wizard.

OAB get prompting password

If you have enabled web-based publishing of your Offline Address Book (OAB) and your Outlook users get continuously prompted to enter their passwords, you need to check a couple of things:

Make sure Autodiscover is working perfectly before you made the OAB change.
Hold down the CTRL button and right click on the Outlook icon on the task bar, then select Test Email Autoconfiguration. Unselect GuessSmart and Secure GuessSmart and keep Use Autodiscover selected. On the Log tab, make sure Autodiscover is successful and that it was able to bind to an SCP.
Make sure that the autodiscover.domain.com entry is added to your certificate’s Subject Alernative Names list.
If you are facing problems with Autodiscover, you should correct that first before attempting the steps mentioned below.
Make sure that you have defined the External and Internal URLs for the OAB virtual directory in your client access server.

Once you have made sure that Autodiscover is working OK, and that the credentials are being prompted for the OAB URL (and not the mailbox server), you need to check the IIS Authentication setting on the client access server.

On the Client Access Server running Windows Server 2008, open IIS Manager console.
Click on Default Web Site
Open Authentication
Note that only Anonymous Authentication is enabled. All other authentication methods should be disabled.
Temporarily enable Windows Authentication
Right click on Windows Authentication and choose Advanced Settings
Uncheck Enable Kernel Mode Authentication and click OK
Disable Windows Authentication
Do an IISRESET

OverAdvertisedSize; message size exceeds fixed maximum size

To use ADSI Edit to modify the global message size limits

1. If it is necessary, install the Microsoft Windows Support Tools. For detailed instructions, see Install Windows Support Tools.

2. Click Start, and then select Run. In the Open field, type C:\Program Files\Support Tools\Adsiedit.msc, and then click OK.

3. Open ADSI Edit, expand Configuration, and then expand CN=Configuration..., expand CN=Services, expand CN=Microsoft Exchange, expand CN=, and then select CN=Global Settings.

4. In the result pane, right-click CN=Message Delivery, and then select Properties.

5. In CN=Message Delivery Properties, select the Attribute Editor tab. In the Attributes section, locate the following attributes:
delivContLength This is the incoming message size limit that corresponds to the MaxReceiveSize parameter in the Set-TransportConfig cmdlet.
submissionContLength This is the receiving message size limit that corresponds to the MaxSendSize parameter in the Set-TransportConfig cmdlet.
msExchRecipLimit This is the maximum number of message recipients that corresponds to the MaxRecipientEnvelopeLimit parameter in the Set-TransportConfig cmdlet.

6. To modify an attribute, select the attribute, and then click Edit. We recommend that you set each global message size limit to match the value of the corresponding organization message size limit. In the Integer Attribute Editor, perform one of the following actions:
To remove the global message size limit, select Clear, and then click OK. The value of the attribute will be .
To enter value for a specific global message size limit, in the Value field, type the value, and then click OK. Valid input values are as follows:
delivContLength Valid input for this parameter is 0 to 2097151 KB. The default value is 10240 KB.
submissionContLength Valid input for this parameter is 0 to 2097151 KB. The default value is 10240 KB.
msExchRecipLimit Valid input for this parameter is 0 to 2147483647 recipients. The default value is 5000 recipients.

Repeat step 6 for each global message size limit that you want to modify.

7. To close CN=Message Delivery Properties, click OK and then click File, Exit to close ADSI Edit.

From: http://technet.microsoft.com/en-us/library/bb310771.aspx

Merubah ukuran hardisk ISCSI

1. umount volume (umount /dev/sdxx)
2. restart iscsi initiator (/etc/init.d/open-iscsi restart)
3. jalankan parted (parted /dev/sdx
4. ganti tampilan unit ke sector (unit s)
5. print table partisi dan catat awal sector dan total sector (p)
6. remove partisi yang ada (rm number)
7. create partisi baru dengan awal sector sama dengan diatas: mkpart primary
8. keluar (quit)
9. cehck file system (e2fsck -f /dev/sdxx)
10 rubah ukuran files ystem ( sudo resize2fs /dev/sdxx)

selamt mencoba

SSH dan Rsync

1. On host_src, run this command as the user that runs scp/ssh/rsync

$ ssh-keygen -t rsa

This will prompt for a passphrase. Just press the enter key. It'll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:

Your public key has been saved in /.ssh/id_rsa.pub

2. Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.

3. On host_dest, login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.
4. Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys

$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.
5. Rsync: synchronizing remote folders with a local machine
rsync -va user@remoteserver:/home/user/* /home/backup/user

Setting koneksi ke HP Lefthand dengan open-iSCSI di Ubuntu 10.10 *

1. di ubuntu 10.10
a. instal package open-iscsi (sudo apt-get install open-iscsi)
b. baca dan catat inititator name di /etc/iscsi/initiatorname.iscsi
ini akan di gunakan untuk membuat koneksi di lefthand

2. di Lefhand

a. Add new server dengan mengunakan initiator name tanpa passowrd.
b. buat volume dan assign ke server yang kita buat di point a.
3 di ubuntu

a. edit file /etc/iscsi/iscsid.conf
[...]
node.startup = automatic
[...]
b. Koneksi ke target (iscsiadm -m discovery -t st -p 192.168.0.1)
c. Login ke target (iscsiadm -m node --targetname "iqn.2003-10.com.lefthandnetworks:ecogreen:110:vol-ubuntu" --portal "192.168.0.1:3260" --login)
d. check harddisk > sudo Fdisk -l
dan akan terlihat tambahan hardisk (/dev/....)
e. format (mkfs.ext4 /dev/sdb1)
f. Mounting (sudo mount /dev/sdb1 /iSCSI


* catatan dari pengalaman membuat koneksi ke lefhand.