The Network Administrator

With Exchange 2010, I remember writing an article on using the PowerShell commands to export a user mailbox to a pst file before SP1. After applying SP 1 to my Exchange 2010 server, these steps have again changed!

You need to use an account that’s a member of the organizational management groups, and have the “Mailbox Import Export” role assignment assigned to you or a role group you’re a member of.  You must specify a UNC path to a network share that the “Exchange Trusted Subsystem” group has read/write access to.

Step One
Create a share on a server, and grant Exchange Trusted Subsystem read/write permission. In this example I’m using “\\servernamehere\c$\ArchivedEmails”

Step Two
Next, you’ll need to grant a user, or group, the Mailbox Import Export role assignment. You can do this using the Exchange Management shell.

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User DomainName\UserName, close and re-open the Exchange Management shell, and you’re ready to go!

Exporting a Mailbox
New-MailboxExportRequest command with the –Mailbox parameter, to specify the mailbox to export along with the –FilePath “\\ExchangeServerName\c$\ArchivedEmails\EmailAlias.pst”

Check the mailbox export progress

Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

I have used this site for a long time and decided to give it a plug here. Just visit http://www.ibeast.com/content/tools/RaidCalc/RaidCalc.asp , enter the number of disks, the desired RAID level, it then will give you the total usable disk space.

Another simple task that Cisco doesn’t quite make 100% clear.

Let’s say you have an existing Cisco 3750 Switch Stack and you have had a bit of an office redesign and you now need to add another member to the stack to add additional port capacity for the new users moving in.

This is mostly simple to do, but there are several checks to make along your journey, and hopefully I can point them out clearly.

1. First, check the stacking status of your existing stack using the below command. It should say that the stack ring speed is “full”. If it doesn’t you need to ensure you have a complete stack “ring” thereby having redundant stacking paths on each switch.

   ZZStack#show switch stack-ring speed Stack Ring Speed : 32G Stack Ring Configuration: Full Stack Ring Protocol : StackWise

   See this publication for stack-wiring help:
   
   http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/hardware/quick/guide/3750GSG3.html#wp49279

2. Once you know your stack is a complete ring(“full”) you can safely break this ring to insert your new switch. ENSURE YOUR NEW SWITCH IS POWERED OFF. Rack this new switch adjacent to your existing switches. “Break” the ring in one place so you can wire your new switch so it fits nice and neat in this new stack, following the wiring schema linked above. Once everything is wiring in place, you may NOW power on your new switch.
3. After a few minutes your switch will have booted and the existing stack should recognize it as joining the stack. You can verify its status with:

   ZZStack#show switch stack-ring speed Stack Ring Speed : 32G Stack Ring Configuration: Full Stack Ring Protocol : StackWise

   ZZStack#show switch Switch/Stack Mac Address : 0024.9803.8e80 H/W Current Switch# Role Mac Address Priority Version State ---------------------------------------------------------- *1 Master 0024.9803.8e80 15 0 Ready 2 Member 0023.ac0f.7880 1 0 Ready 3 Member 001a.e267.0080 1 0 Version Mismatch

   In this example switch 3 was added to the stack, the stack ring looks good, but on the switch status output, instead of saying “Ready” it says “Version Mismatch.” You now need to ensure your switch gets the same IOS version as its stack-mates and reboots for this to take effect(see below).

   If your stack says your new switch is in the “Ready” state, you are in luck and you are done! (except for configuring your new user ports)

4. Automatic Upgrade is a great thing in theory, but I’ve not had the best of luck with it. From what I can tell if your existing stack and this new member you are adding are running different IOS featuresets, the automatic upgrade will NOT WORK.

   To check to see if its working or not, check the log. If you see log entries resembling any of the below, it appears automatic upgrade is working as it should.

   ZZStack#show log ---snip--- Nov 24 16:58:36.388 EST: %IMAGEMGR-6-AUTO_COPY_SW_INITIATED: Auto-copy-software process initiated for switch number(s) 3

   This shows that it has started the auto upgrade process. You can check the status with the “show archive status” command or by continually checking the log.

   If you see the below it was successful and is now rebooting this member switch so the correct IOS loads and it can finally join the stack as it should(and you should be done):

   ---snip--- Nov 24 17:06:04.453 EST: %IMAGEMGR-6-AUTO_COPY_SW: Software successfully copied to Nov 24 17:06:04.453 EST: %IMAGEMGR-6-AUTO_COPY_SW: system(s) 3 Nov 24 17:06:04.453 EST: %IMAGEMGR-6-AUTO_COPY_SW: Done copying software Nov 24 17:06:04.453 EST: %IMAGEMGR-6-AUTO_COPY_SW: Reloading system(s) 3

   If you don’t see any of the above log entries, go on to the next step.

5. This is the step they don’t really explain well. Thankfully, the “Version Mismatch” state, while not activating any of its ports, does allow you to manipulate the flash filesystem of the inconsistent member so you can stage it from the main stack interface.

   If you made it to this step, it probably means there is a featureset mismatch(or some other problem) and you need to force this new member to take the IOS version that the stack is currently running. In this scenario, even the “archive copy-sw” command does not work, so you must either load the IOS bin file manually or use use the appropriate “archive download-sw” command with the “/allow-feature-upgrade” switch to load the IOS to the ENTIRE STACK again, including this new member(but you only need to reboot the new member). I prefer to use the archive command, its slow but its so easy!

   Here’s the link to the software upgrade caveats/howtos for stack configurations(if it seems like I breezed through this last step):
   
   http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00804799d7.shtml

Often times we want to require users to sign into a web using https, but what a pain to give out a new site address. One solution is to create a Custom 403.4 page that redirects http requests to https.

To pull this off we need to head to the web server, and open the IIS manager and Verify SSL is required for the selected site.

1)      Open IIS Manager (Start Menu\Programs\Administrative Tools or %SystemRoot%\system32\inetsrv\iis.msc)
2)      Expand the Computer Name
3)      Expand Web Sites
4)      Right click the web site we wish to modify
5)      Select “Properties

6)      Select the “Directory Security” tab
7)      Select “Edit” in the Secure Communications section
8)      Check off the “Require secure channel (SSL)” option. (This will only allow pages on this site to be viewed only with https.)
9)      Press OK and close all Properties windows

Next we create a HttpRedirect.htm file in notpad or notpad++ and save it to the root of where your website coentent is stored such as C:\InetPub or another directory.

————copy below——————————–

<!– beginning of HttpRedirect.htm file –>
<script type="text/javascript">
function redirectToHttps()
{
var httpURL = window.location.hostname+window.location.pathname;
var httpsURL = "https://" + httpURL ;
window.location = httpsURL ;
}
redirectToHttps();
</script>
<!– end of HttpRedirect.htm file –>

————copy above———————————-

Set the 403 error page to use this file instead of the regular error file

1. Head back to the IIS manager   Expand Web Sites,   Right click the web site you wish to modify,   Select “Properties”

2.  Select “Custom Errors” Tab, Select the “403;4″ error,   Press the “Edit” button,  Browse to and Select the HttpRedirect.htm file in directory you saved it in from the steps above,   Press OK and close all Properties windows

That’s it! You are done!

I have seen this error many times with iPhones, etc. This has been easily fixed every time by simply doing the following.

You will need to have access to Active Directory.

1. Go Active Directory Users & Computers (Enable Advanced Features if needed)

2. Open the properties of the user that is having the issue

3. Click on the Security Tab

4.Click the Advanced button

5. In the Default Permissions tab check the box at the bottom for "Include inheritable permissions from this object’s parent"

6. Wait for AD to propagate

I have used Cloudberry and Cloudberry Pro for some time and have had a great experience with the product. There is a function within Cloudberry to sync an S3 bucket with a drive on your local computer. I had a situation where I needed to pull down several log files daily, but I REALLY didn’t want to do this manually. Cloudberry actually has a PowerShell Snap-in that can be called and scheduled with windows task manager. http://www.cloudberrylab.com/default.aspx?id=14

So my requirements are simple, I want to sync the S3 bucket we will call “logs” with a local directory in this case “C:\temp”

1. Follow the prerequisite steps from Cloudberry first.

Installation

PowerShell Snap-In must be registered and added to console.

Registering Snap-In

If the PowerShell is installed prior to installation of Cloudberry Explorer, you do not need to install Snap-in. Otherwise, run the following command in the Cloudberry Explorer installation folder (c:\Program Files\Cloudberry Lab\Cloudberry Explorer for Amazon S3):
C:\Windows\Microsoft.NET\Framework\v2.0.50727\installutil.exe Cloudberry Lab.Explorer.PSSnapIn.dll

Note: For x64 the command must be like : C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe "C:\Program Files (x86)\Cloudberry Lab\Cloudberry Explorer for Amazon S3\Cloudberry Lab.Explorer.PSSnapIn.dll"

Note: For PRO version the default installation folder is "C:\Program Files\Cloudberry Lab\Cloudberry S3 Explorer PRO"; on x64 – "C:\Program Files (x86)\Cloudberry Lab\Cloudberry S3 Explorer PRO"

Note: You can do this from command line or PowerShell.

You can verify that the Cloudberry Explorer Snap-in is registered. Run the following command:
Get-PSsnapin –Registered
PowerShell displays registered Snap-Ins. Check that Cloudberry Lab.Explorer.PSSnapIn is in the list.

Adding Snap-In to console

You can check that Cloudberry Explorer Snap-in is registered by running command above.
To add Snap-In to console run the following command:
Add-PSSnapin Cloudberry Lab.Explorer.PSSnapIn
Now new command will be available.

Exporting console configuration

You should run Add-PSSnapin command anytime you start PowerShell or you can save configuration using the following.

• Run PowerShell.
• Add Snap-In to console.
• Run the command: Export-Console CloudBerruExplorerConfig

CloudBerruExplorerConfig is the name of a console file to save configuration. To start the PowerShell from a saved configuration run the command:
C:\Program Files\Command Shell> PS -PSConsoleFile CloudBerruExplorerConfig.psc1.
Cloudberry Explorer commands will be available.

2. Using Notepad++ I modified the PowerShell script from cloudberry to satisfy my needs.

Get-PSsnapin –Registered
Add-PSSnapin Cloudberry Lab.Explorer.PSSnapIn

$s3 = Get-CloudS3Connection keystringgoeshere secretstringgoeshere

$source = $s3 | Select-CloudFolder –Path logs
$local = Get-CloudFileSystemConnection
$target = $local | Select-CloudFolder C:\temp
$source | Copy-CloudSyncFolders $target

3. With Notepad++ save the PowerShell script as .ps1

4. Copy the PowerShell script .ps1 file to your desired location on the server or workstation, say C:\autotask

5. Using notepad, etc. also create a cmd file inside the same directory as the PowerShell script file to call the PowerShell script. inside the cmd file type (yours might be different depending on what you named the PowerShell file.

powershell.exe -command C:\Cloudberry_Auto\syncremotelocal.ps1

6. Fire up the windows task scheduler and schedule the the cmd file to run, which in turn will run the PowerShell script.

As a senior network administrator, I am often asked for my recommendations on this topic. Don’t get me wrong MySpace, Facebook and other sites are a great tool to catch up with old friends and to share life events with family local and abroad. Like anything else it is also a place for the bad guys to socialize with known and unknown faces. Facebook privacy controls are committed to protect the minors using Facebook, until they turn 13,  they don’t have public search listings created for them, and the visibility of their information is limited to friends of friends and networks, even if they’ve chosen to make it available to everyone."

Here are a couple things you can do as a parent to keep an eye on what your kids are doing online.

1. Be friends with your child

The easiest trick to track your child’s activity on social networking site is to be his/her friend in disguise.

2. Check Privacy

Make sure that they have the correct privacy settings set for the various social networking sites. Explain to them why its important and work along side them to make sure they are enabled appropriately.

3. Keep the computer public

Make sure the computer is in a common place, such as the family room or living room. Avoid having your family computer in a bedroom or elsewhere where it maybe hard for you as the parent to keep an eye on the computer screen.

4. Monitoring

You may choose a more stealth mode to track your kids online. I think these two products are among the best, depending on how much you want to spend and what functionality you desire.

a. http://www.spectorsoft.com/products/SpectorPro_Windows/entry.asp?refer=12081

b. http://www.sniperspy.com/

Using your favorite Telnet/SSH/Console Client, I like to use Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/, get to a privileged exec mode # then simply issue the command

ASA# show vpn-sessiondb remote

ASA# show vpn-sessiondb summary

ASA# show vpn-sessiondb ?

I am hoping to try and have at least one of these a week, maybe two depending on my schedule.