Author Archives: Jack

Lync Server 2013 - Cannot find any suitable disks for database files. You must manually specify database paths. error

6 Replies

Symptom: You receive the following error while running Step 2: Setup or Remove Lync Server Components under the Lync Server 2013 - Deployment Wizard.

Install-CsDatabase: Command execution failed: “Cannot find any suitable disks for database files. You must manually specify database paths.”

Solution: Verify you have at least 16GB of free disk space on the partition you are installing Lync Server 2013.

Dell PowerConnect 5548 - Enable port mirroring/monitoring via command line

Leave a reply

To enable port mirror/monitoring on the Dell PowerConnect 5548 series switches, please follow the following steps:

  1. SSH or Telnet to the switch
  2. Login to the switch
  3. Execute the command: enable
  4. Execute the command: config
  5. Execute the command: interface gigabitethernet 1/0/##
    1. In this case, use the port number of the device that will be getting the traffic to analyze.  This is the interface your "wireshark" machine would be connected to, to do a packet capture.
  6. Execute the command: port monitor gigabitethernet 1/0/##
    1. In this case, use the port number of the device you want to see the network traffic/activity on.  For example, if my device that I wanted to monitor was on gigabit port 1/0/5, I would use that, not the machine that is going to receive the traffic (not your "wireshark" machine).

Once you are done with the forward, you can disable port monitoring/mirror by executing the following command after running through steps 1-5 again: no port monitor gigabitethernet 1/0/##

Last, if you want to see the status of your mirrored/monitored port, you can do so by executing the following command after repeating steps 1-3: show ports monitor

[Office 365] - Forwarding email from one mailbox to another with ADFS turned on

3 Replies

Synopsis: Employee leaves on personal matters for a month and their department lead requests for mail to be forwarded to their manager.  Typically, mail forwarding would be setup inside of the Exchange console, however, in this case, Exchange is managed by Office 365 (not a hybrid exchange deployment) and the users are being federated to Office 365 via ADFS.  When trying to enable mail forwarding, as outlined in the this help document by the Office 365 team http://community.office365.com/en-us/wikis/exchange/how-to-forward-email-in-office-365.aspx, I would receive an error message.

Symptom: When enabling mail forwarding for the user inside of the Office 365 Exchange portal, I received the following error message:

The action 'Set-Mailbox', 'EmailAddresses', can't be performed on the object 'Firstname Lastname' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

Solution:

Personally, I think this is a bug in Office 365, but they say it is because we are on premise (if all of exchange is managed by them, how can they not enable mail forwarding?).  Any who, the work around is to manage the user's mailbox and set forwarding up as if they would.  See the steps below to achieve the same result:

  1. Login to your Office 365 admin portal.
  2. Click on the Admin dropdown and select Exchange
    Exchange
  3. Once in the Exchange portal, click on your username and select Another user...
    Exchange - Another User
  4. Type in the mailbox you want to edit and click ok
    Select Mailbox
  5. On the "Managing on behalf of" screen, select Forward your email
    Exchange - Forward Your Email
  6. Scroll down to forwarding and type in the email address of the user you want all emails to go to and click start forwarding.  You can optionally select if you want to leave a copy for the user's mailbox or have them silently forwarded.
    Exchange - Start Forwarding
  7. That's it! 🙂

Lync 2013 - DNS Settings

55 Replies

If you are setting up Lync Server for the first time or have been running Lync Server, you will notice that Lync depends heavily on DNS records.  In many cases, a Lync deployment cannot be setup correctly without using a split-dns setup and using a masked UPN; which can make things even more tricky.  Here is a complete listing of DNS records I used to deploy Lync 2013.  I have verifed federation works properly, IMs, conferencing, dial-in meetings, mobile and desktop client sign-in, and desk phones.  Note, records indicated in Red are records that are required/standard in every lync deployment.

Internal DNS Records

Record Type Value Points to
A lyncdiscoverinternal.mydomain.com Lync front end server
A lyncdiscover.mydomain.com Lync reverse proxy
(needed for mobile devices to work interally)
A lync.mydomain.com Lync front end server
A sip.mydomain.com Lync front end server
(multiple A records if enterprise pool)
A dialin.mydomain.com Lync front end server
A meet.mydomain.com Lync front end server
SRV _ntp._udp.mydomain.com Domain Controller/Time Server
SRV _sip._tls.mydomain.com sip.mydomain.com
SRV _xmpp-server._tcp.mydomain.com sip.mydomain.com
SRV _sipinternaltls.mydomain.com sip.mydomain.com
SRV _sipfederationtls.mydomain.com sip.mydomain.com

**Note, you should have A records for all of the hosts in your Lync deployment (front end servers, pools, proxies, etc.).  Those are not covered in the list as they are 100% user defined when deploying Lync.

External DNS Records

Record Type Value Points to
A webconf.mydomain.com Edge server IP as specified in setup wizard
A av.mydomain.com Edge server IP as specified in setup wizard
A sip.mydomain.com Edge server IP as specified in setup wizard
A meet.mydomain.com Lync Reverse Proxy IP
A dialin.mydomain.com Lync Reverse Proxy  IP
A lync.mydomain.com Lync Reverse Proxy IP
A lyncdiscover.mydomain.com Lync Reverse Proxy IP
SRV _sip._tls.mydomain.com sip.mydomain.com
SRV _sipfederationtls._tcp.mydomain.com sip.mydomain.com
SRV _xmpp-server._tcp.mydomain.com sip.mydomain.com

 

Deploying a Read-Only Domain Controller with Server 2008 R2

1 Reply

Recently, I just configured a MPLS link to a remote office and noticed user experience isn't quite what it is at the centralized office.  In an effort to help speed up the user's experience (response time in domain authentication and DNS resolution), we will be going over setting up a Read-Only Domain Controller to allow users to authenticate to the domain in the event the connection between the remote site and the main site would go down, as well as create a cached copy of DNS at the remote site to help increase response times in DNS intensive applications (particularly, web browsing experience).

Requirements

  • Active Directory has been properly configured at a main facility
  • You have servers that are running Windows Server 2003 or greater
  • The domain functional level is set to Server 2003 or higher
  • If there is windows server 2003 environment, the Active Directory schema needs to be extended for RODC installation by running the command: adprep /rodcprep
  • PDC emulator operation master should be on Windows server 2008
    • Execute the following command to find out which machine is the PDC emulator if you are unsure:
      • dsquery server -hasfsmo pdc

Instructions

  1. Deploy a new server (I used Server 2008 R2 in this example).
  2. Open up Server Manager, right click on Roles and select Add Roles
    1. Server Manager - Add Role
  3. Click Next on the Before You Begin screen.
    1. Before you begin
  4. Check Active Directory Domain Services on the Add Roles Wizard and click Next >
    1. Add Role - Select Server Roles
  5. Click Next > on the Active Directory Domain Services screen.
    1. Add Role - ADDS
  6. Click Install on the Confirm Installation Selections screen.
    1. Add Role - Confirmation
  7. Click Close when the installation is done.
    1. Add Role - Results
  8. Click on Active Directory Domain Services once the installation is done, back in Server Manager.
    1. Server Manager - Active Directory Domain Services
  9. Select Run the Active Directory Domain Services Installation Wizard (dcpromo.exe)
    1. Run the active directory domain services installation wizard
  10. Once you see the Active Directory Domain Services Installation Wizard, check the Use advanced mode installation checkbox and click Next >
    1. dcpromo - Use advanced mode installation
  11. Click Next > on the Operating System Compatibility step.
    1. dcpromo - Operating System Compatibility
  12. Check Existing forest, and then check Add domain controller to an existing domain

    1. dcpromo - Deployment Configuration
  13. On the Network Credentials page, type in the name of the domain you want to  connect to and then specify the credentials to add the machine.  These credentials must have at least domain admin privileges to join the DC to the network.
    1. dcpromo - network credentials
  14. On the select a domain screen, select your domain and click Next >
    1. dcpromo - Select a domain
  15. Select a site and then click Next >
    1. dcpromo - Select a site
  16. On the Additional Domain Controller Options page, check DNS Server, Global catalog, and Read-only domain controller (RODC) boxes for each of the rolls and select Next >
    1. Here is some information on what each of the choices do. This is from the following KB article by Microsoft: http://technet.microsoft.com/en-us/library/cc754629(v=ws.10).aspx
      • DNS server: This option is selected by default so that your domain controller can function as a DNS server. If you do not want the domain controller to be a DNS server, clear this check box. However, if you do not install the DNS server role on the RODC and the RODC is the only domain controller in the branch office, users in the branch office will not be able to perform name resolution when the WAN to the hub site is offline.
      • Global catalog: This option is selected by default. It adds the read-only directory partitions of the global catalog to the domain controller, and it enables global catalog search functionality. If you do not want the domain controller to be a global catalog server, clear this option. However, if you do not install a global catalog server in the branch office or enable universal group membership caching for the site that includes the RODC, users in the branch office will not be able to log on to the domain when the WAN to the hub site is offline.
      • Read-only domain controller. When you create an RODC account, this option is selected by default and you cannot clear it.
    2. dcpromo - Additional Domain Controller Options
  17. On the Specify the Password Replication Policy step, adjust the settings for each group, specifying if you want to cache user credentials on the Read-Only domain controller.  In this tutorial, I left all of the options Deny except the Allowed RODC Password Replication Group, which is default per Microsoft.  Click Next > once you have determined the settings you want to use.
    1. dcpromo - Specify the Password Replication Policy
  18. On the Delegation of RODC Installation and Administration step, click the Set... button and select either a user or security group of users that you wish to have Administrative access to the read-only domain controller.  If this is a remote office where you have a designated IT member(s), you would want to create a security group on your read/write DC and then select the group.  However, if you will always know only one individual will login to the RODC, you can specify their user as the one to have local Administrative privileges.  Lastly, if you don't want anyone to be able to mess with the RODC, you can simply click Next > and that will only allow members of the Domain Admins or Enterprise Admins security groups to manage the RODC.  Click Next > once you have decided what security group or user you wish to allow local administrative access to the machine.
    1. dcpromo - Delegation of RODC Installation and Administration
  19. Click Next > on the Install from Media screen to pull the most current information from one of your active domain controllers.
    1. dcpromo - Install from media
  20. Click Next > on the Source Domain Controller screen to Let the wizard choose an appropriate domain controller to replicate from.  If you prefer replication from a specific machine, you may check the Use this specific domain controller box, select the machine from the list, and then click Next >.
    1. dcpromo - Source Domain Controller
  21. Click Next > on the Location to store the Database, Log Files, and SYSVOL; unless you wish to relocate those files to a separate partition.
    1. dcpromo - Location for database - log files - sysvol
  22. On the Directory Services Restore Mode Administrator Password, enter a strong password to be used in the event you need to put the DC in restore mode.
    1. dcpromo - Directory Services Restore Mode Administrator Password
  23. At this point, you can export the settings to make an answer file or you can click Next > for the server to begin applying the configuration.
    1. dcpromo - summary
  24. Click Finish once done and Restart when prompted.

Upon restart, you should be good to go!  I would recommend running the Microsoft Best Practice analyzer and checking the Windows event logs to ensure everything is good to go.

How to list users inside a domain group

Leave a reply

Open up a command prompt on any machine in the domain and execute the following command:

NET GROUP "GROUP NAME" /DOMAIN

At this point, you should see the list of users in correspond group.

NET GROUP Domain

Reverse Sync from iPod (Restore backup from iPod to iTunes)

2 Replies

Recently, we had a drive in our main machine at home fail and of course we didn't backup anything.  As hardware on the drive itself failed, we were unable to run any recovery tools to revive anything off the drive.  Fortunately, much of what was on the machine was on a different drive, except for my iTunes library. Luckily, we had recently synchronized one of our iPod's to the machine and we were able to recover almost the entire iTunes library from the device (cheap backup device eh? :P).

So, how do I recover all of my music/media from my iPod?
Here is how using Windows 8:

  1. Close out of iTunes if you have it open
  2. Open up task manager and click on Services
  3. Stop the following services: Apple Mobile Device, Bonjour, iPod Service
    iPod Service
  4. Make sure your machine is setup to show hidden files
    1. Click on Windows Explorer and select the View Tab
    2. Click on the Options button and select Change folder and search options
      Folder Options
    3. Select the View Tab and check Show hidden files, folders, or drives
      Show Hidden Files
    4. Click OK
  5. Connect the iPod
  6. Select your iPod (Removable Disk) from Windows Explorer (the ipod should be visible if you disabled the services mentioned in the previous steps)
    Select iPod
  7. Navigate to iPod_Control and select Music
  8. Copy all of the files to your desktop
    Copy Files from iPod
  9. Open up iTunes (ignore the warning about the bonjour service not running if it pops up--that's ok)
  10. Click on the little icon in the top left corner and select Preferences from the menu
    iTunes Preferences
  11. Click on Advanced
  12. Check the box that says Keep iTunes Media folder organized
  13. Check the box that says Copy files to iTunes Media folder when adding to library
    Keep iTunes Media organized
  14. Click OK
  15. On your desktop, right click on the Music folder you copied from your iPod and select Properties
  16. Uncheck Hidden and select Apply changes to this folder, subfolders, and files when prompted.
    unhide files
  17. Click OK
  18. Open up the Music folder on your desktop and then drag the folders over to the Music part of iTunes
    Copy Files to iTunes

At this point your tunes should automatically be populating back into iTunes.  iTunes will automatically copy the files from your desktop over to iTunes and properly place them inside your My Music folder.  Just note that doing this process requires double the amount of space on your hard drive temporarily while iTunes copies the files from your desktop, but once all files have been copied, you can safely remove the folder on your desktop and resync your iPod to iTunes.

Lync 2013 Android Client - Version of Lync has been blocked error

2 Replies

Symptom: When logging into the Lync 2013 on an Android or iOS device, you receive the following error:

This version of Lync has been blocked by your system administrator.  Please check for updates or contact your Lync support team.

Lync 2013 Mobile Version

 

Solution: This error is caused by not running the latest version of Lync Server 2013.  Make sure you have at least the February Cumulative Update 1 patch applied to your server.  Without this patch, the Lync client will not be able to login.

You can grab a copy of the patch from: http://www.microsoft.com/en-us/download/details.aspx?id=36820

Details on how to install the patch can be found here: http://support.microsoft.com/kb/2809243