Decommissioning of CA server and Recommission of ADCS

Similar Messages

• Exchange 2010 Migration - Decommissioning Multi Role Server and Splitting Roles to 2 new servers - Certificate Query

  Hi,
  I have been tasked with decommissioning our single Multi Role Server (CAS/HT/MB) and assigning the roles to 2 new servers. 1 server will be dedicated to CAS and the other new server will be dedicated to HT & MB roles.
  I think I'm OK with the moving of HT and MB roles from our current server to the new HT/MB server by following "Ed Crowley's Method for Moving Exchange Servers", my focus is on the migration of the CAS role from the current to the new server as
  this one has the potential to kill our mail flow if I don't move the role correctly.
  The actual introduction of the new CAS server is fairly straight forward but the moving of the certificate is where I need some clarification.
  Our current multi role server has a 3rd Party Certificate with the following information:
  Subject: OWA.DOMAIN.COM.AU
  SANs: internalservername.domain.local
            autodiscover.domain.com.au
  The issue here is the SAN entry "internalservername.domain.local" which will need to be removed in order for the certificate to be used on the new CAS server, firstly because the CAS server has a different name and secondly the internal FQDN will
  no longer be allowed to be used from 2015 onwards. So I will need to revoke this certificate and issue a new certificate with our vendor who is Thawte.
  This presents me with an opportunity to simplify our certificate and make changes to the URLs using a new certificate name, so I have proposed the following:
  New Certificate:
  Subject: mail.domain.com.au
  SANs: autodiscover.domain.com.au
            OWA.DOMAIN.COM.AU
  I would then configure the URLs using PowerShell:
  Set-ClientAccessServer -Identity NEWCASNAME-AutodiscoverServiceInternalUrl https://mail.domain.com.au/autodiscover/autodiscover.xml
  Set-WebServicesVirtualDirectory -Identity " NEWCASNAME\EWS (Default Web Site)" -InternalUrl https://mail.domain.com.au/ews/exchange.asmx
  Set-OABVirtualDirectory -Identity " NEWCASNAME\oab (Default Web Site)" -InternalUrl https://mail.domain.com.au/oab
  Set-OWAVirtualDirectory -Identity " NEWCASNAME\owa (Default Web Site)" -InternalUrl https://mail.domain.com.au/owa
  I would also then set up split DNS on our internal DNS server creating a new zone called "mail.domain.com.au" and add an host A record with the internal IP address of the new CAS server.
  Now I know I haven't asked a question yet and the only real question I have is to ask if this line of thinking and my theory is correct.
  Have I missed anything or is there anything I should be wary of that has the potential to blow up in my face?
  Thanks guys, I really appreciate any insights and input you have on this.

  Hi Ed,
  Thanks for your reply, it all makes perfect sense I guess I was being optimistic by shutting down the old server and then resubscribing the edge and testing with mailboxes on the new mailbox server.
  I will make sure to move all of the mailboxes over before removing the old server via "Add/Remove Programs". Will I have to move the arbitration mailboxes on the old server across to the new mailbox server? Will having the arbitration mailboxes
  on the old server stop me from completely removing exchange?
  Also, the InternalURL & ExternalURL properties are as follows:
  Autodiscover:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/Autodiscover/Autodiscover.xml
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/autodiscover/autodiscover.xml
  WebServices:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/EWS/Exchange.asmx
  New CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ews/exchange.asmx
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/EWS/Exchange.asmx
  OAB:
  New CAS - InternalURL: http://svwwmxcas01.pharmacare.local/OAB
  New CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/oab
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/OAB
  OWA:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/owa
  New CAS - ExternalURL: https://owa.pharmacare.com.au/
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/owa
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/
  ECP:
  New CAS - InternalURL: https://svwwmxcas01.pharmacare.local/ecp
  New CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Old CAS - InternalURL: https://svwwmx001.pharmacare.local/ecp
  Old CAS - ExternalURL: https://owa.pharmacare.com.au/ecp
  Our Public Certificate has the following details:
  Name: OWA.PHARMACARE.COM.AU
  SAN/s: autodiscover.pharmacare.com.au, svwwmx001.pharmacare.local
  From your previous communications you mentioned that this certificate would not need to change, it could be exported from the old server and imported to the new which I have done. With the InternalURL & ExternalURL information that you see here can you
  please confirm that your original recommendation of keeping our public certificate and importing it into the new CAS is correct? Will we forever get the certificate warning on all of our Outlook clients when we cut over from the old to the new until we get
  a new certificate with the SAN of "svwwmx001.pharmacare.local" removed?
  Also, I am toying with the idea of implementing a CAS Array as I thought that implementing the CAS Array would resolve some of the issues I was having on Saturday. I have followed the steps from this website, http://exchangeserverpro.com/how-to-install-an-exchange-server-2010-client-access-server-array/,
  and I have got all the way to the step of creating the CAS array in the Exchange Powershell but I have not completed this step for fear of breaking connectivity to all of my Outlook Clients. By following all of the preceeding steps I have created a Windows
  NLB with dedicated NICs on both the old CAS and the new CAS servers (with separate IP addresses on each NIC and a new internal IP address for the dedicated CAS array) and given it the name of "casarray.pharmacare.local" as per the instructions on
  the website, the questions I have on adding the CAS array are:
  1. Do you recommend adding the CAS array using this configuration?
  2. Will this break Outlook connectivity alltogether?
  3. Will I have to generate a new Public Certificate with an external FQDN of "casarray.pharmacare.com.au" pointing back to a public IP or is it not required?
  4. If this configuration is correct, and I add the CAS Array as configured, when the time comes to remove the old server is it just as simple as removing the NLB member in the array and everything works smoothly?
  So, with all of the information at hand my steps for complete and successful migration would be as follows:
  1. Move all mailboxes from old server to new server;
  2. Move arbitration mailboxes if required;
  3. Implement CAS Array and ensure that all Outlook clients connect successfully;
  4. Remove old server;
  5. Shut down old server;
  6. Re-subscribe Edge from new Hub Transport server;
  7. Test internal & external comms;
  We also have internal DNS entries that would need changing:
  1. We have split DNS with a FLZ of "owa.pharmacare.com.au" that has a Host A record going to the old server, this would need changing from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local";
  2. The _autodiscover entry that sits under _TCP currently has the IP address of the old server, this would need to be changed to the IP address of the new CAS;
  3. The CNAME that sits in our FLZ for "pharmacare.local" would need to be changed from "svwwmx001.pharmacare.local" to "svwwmxcas01.pharmacare.local".
  4. Or rather than using the FQDN of the server where applicable in the DNS changes would I be using the FQDN of the CAS Array instead? Please confirm.
  Would you agree that the migration path and DNS change plan is correct?
  Sorry for the long post, I just need to make sure that everything goes right and I don't have egg on my face. I appreciate your help and input.
  Thanks again.
  Regards,
  Jamie

• Decommissioned a file server, but every mobile account in the place is still trying to connect to it on login!

  A couple of months ago we decommissioned the 10.4.11 xserve that was serving as our LDAP server and home directory server for mobile accounts.  We migrated all of that to a newer 10.6.8 xserve.  It was a fairly rough migration, but we've pretty much sorted it out except for one last annoyance: when you look at System Preferences->Accounts->Login Items for all of our mobile accounts, every single client is still trying to mount an afp share on the old server.  Logging in takes FOREVER because the connection needs to time out, so now my users are no longer logging out/in as often as they should, and so their Home Sync's are getting old.
  When you go to the client's Preferences, the line referencing the old server share is still there, but the minus sign is greyed out so the item cannot be deleted.
  The Kind is listed as "unknown" and there is a grey warning triangle next to it.
  This is clearly some sort of template/Preference that is hardcoded to the old name, and whatever file this is got moved to the new server (which has a different name and different numeric IP address.)  Because even the BRAND NEW users that I have created since after "pdc04.hgbc.com" disappeared are trying to log in to the non-existent share on the non-existent server, too!
  I have tried running grep on the entire disk on one of the clients looking for the string "pdc04", and updated everything that I found using vi directly on the files.  I have tried running grep on select directory trees on the new file server looking for pdc04.  In my grep on the client, I found the string in
       /Library/Managed Preferences/user/loginwindow.plist
       /Library/Managed Preferences/user/complete.plist
  but searching all of the logingwindow.plist and complete.plist files on the new server comes up with nothing.
  Does anyone have any idea where the template or preference or plist is on the server so that I can delete or update the file with the new host name?

  I think that Grant is on the right track -- but the problem is that whatever file that pdc04's Server Manager wrote into is not available to pdc's Server Manager to edit or even display.
  We upgraded mostly by turning off the G5 10.4 xserve and unplugging the fiber-channel RAID (with user accounts on it) and plugging the RAID into a fiber-channel card on the new (to us) Nehalem 10.6 xserve, which we did after using Migration Assistant between the machines.  Then we had various and sundry problems, and we ended up moving all of the mobile account directories to the internal RAID on the new server.
  Clearly there is a file somewhere that acts as a template for mobile accounts and it refers to the old machine but its been moved to the new machine.
  Only two of the mobile accounts have directories in the /Library/Managed Preferences folder.  One of them, ironically, is mine, and my account hasn't worked right since we went to the new server.

• Linux install server and solaris 10

  Hi,
  I am trying to learn Solaris as a student. I bought a SPARC (Netra T105 UltrasparcII) server on ebay which requires a network install as there is no cd-rom, or keyboard.
  I only have a linux box (like I said, I'm a stingy student) to use as an install server, there is a few tutorials out there to try and do this, but none for Solaris 10. I have been hacking away at this for days, but cannot get it to install. I have the sparc server using RARP and then getting the /etc/bootparams file and downloading the boot files, but it does not get to locating the jumpstart files or the install files (I dont know if I can install from the terminal using the keyboard (without jumpstart) - I have not got that far yet).
  I always get this, like it cannot find the install directory, I was wireshark on the linux boot server and see loads of NFS traffic after the TFTP download, but cannot seem to see what part it actually at. I have a detailed log at the bottom from putty. Any help greatly appreciated.Cheers
  ERROR: bpgetfile unable to access network
  /sbin/install-discovery: information: not found
  Linux box setup:
  /etc/bootparams
  solaris root=192.168.2.10:/home/sunos/Solaris_10/Tools/Boot rootopts=rsize=32768 boottype=:in install=192.168.2.10:/home/sunos_install/Solaris_10/Product sysid_config=192.168.2.10:/home/sunos_install/jumpstart/sysidcfg install_config=192.168.2.10:/home/sunos_install/jumpstart/jumpstart.conf
  TFTP setup from /tftpboot:
  [root@robert tftpboot]# ll
  total 232
  lrwxrwxrwx 1 root root 8 Jun 10 13:55 C0A80214 -> inetboot
  -rwxrwxrwx 1 root root 221280 Jun 10 13:47 inetboot
  The Openboot can get ahold of the inetboot file and downloads and it and then loads it.
  The following directories are exported through NFS
  [root@robert sunos_install]# cat /etc/exports
  #/home/nfs 192.168.2.0/24(ro,sync)
  /home/sunos *(ro,no_root_squash)
  /home/sunos_install *(ro,no_root_squash)
  [root@robert tftpboot]# showmount -e localhost
  Export list for localhost:
  /home/sunos *
  /home/sunos_install *
  In /home/sunos, I have:
  [root@robert sunos]# tree -L 2
  |-- Solaris_10
  | `-- Tools
  |-- boot
  | |-- hsfs.bootblock
  | `-- sparc.miniroot
  `-- lost+found
  In /home/sunos_install, I have:
  [root@robert sunos_install]# tree -L 2
  |-- Solaris_10
  | `-- Product
  |-- jumpstart
  | |-- jumpstart.conf
  | `-- sysidcfg
  `-- lost+found
  [root@robert jumpstart]# cat jumpstart.conf
  install_type initial_install
  system_type server
  partitioning explicit
  filesys any 2000 /
  filesys any 1500 swap
  filesys any 1500 /var
  filesys any 2000 /opt
  geo N_America
  cluster SUNWCreq
  package SUNWgzip add
  package SUNWless add
  package SUNWman add
  package SUNWbash add
  package SUNWtcsh add
  package SUNWzsh add
  [root@robert jumpstart]# cat sysidcfg
  system_locale=en_US
  timezone=US/Pacific
  terminal=xterms
  name_service=NONE
  timeserver=pool.ntp.org
  security_policy=NONE
  root_password=xxxx
  network_interface=primary
  { hostname=js-test
  ip_address=192.168.2.20
  netmask=255.255.255.0
  protocol_ipv6=yes}
  Putty log file from console:
  root server: 192.168.2.10 (192.168.2.10)
  root directory: /home/sunos/Solaris_10/Tools/Boot
  module /platform/sun4u/kernel/sparcv9/unix: text at [0x1000000, 0x10a096d] data at 0x1800000
  module /platform/sun4u/kernel/sparcv9/genunix: text at [0x10a0970, 0x12615bf] data at 0x1867cc0
  module /platform/sun4u/kernel/misc/sparcv9/platmod: text at [0x12615c0, 0x12615c7] data at 0x18bdf80
  module /platform/sun4u/kernel/cpu/sparcv9/SUNW,UltraSPARC-IIi: text at [0x1261600, 0x126da07] data at 0x18be680
  SunOS Release 5.10 Version Generic_139555-08 64-bit
  Copyright 1983-2009 Sun Microsystems, Inc. All rights reserved.
  Use is subject to license terms.
  \|/Ethernet address = 8:0:20:c2:1b:b4
  -Using default device instance data
  \|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/mem = 1048576K (0x40000000)
  avail mem = 846602240
  root nexus = Netra t1 (UltraSPARC-IIi 440MHz)
  pseudo0 at root
  pseudo0 is /pseudo
  scsi_vhci0 at root
  scsi_vhci0 is /scsi_vhci
  ramdisk0 at root
  ramdisk0 is /ramdisk-root
  root on /ramdisk-root:a fstype ufs
  pseudo-device: dld0
  dld0 is /pseudo/dld@0
  pcipsy0 at root: UPA 0x1f 0x0
  pcipsy0 is /pci@1f,0
  PCI-device: pci@1,1, simba0
  simba0 is /pci@1f,0/pci@1,1
  SUNW,hme0 : PCI IO 2.0 (Rev Id = c1) Found
  SUNW,hme0 : Local Ethernet address = 8:0:20:c2:1b:b4
  PCI-device: network@1,1, hme0
  hme0 is /pci@1f,0/pci@1,1/network@1,1
  SUNW,hme1 : PCI IO 2.0 (Rev Id = c1) Found
  SUNW,hme1 : Local Ethernet address = 8:0:20:c2:1b:b5
  PCI-device: network@3,1, hme1
  hme1 is /pci@1f,0/pci@1,1/network@3,1
  PCI-device: ebus@1, ebus0
  ebus0 is /pci@1f,0/pci@1,1/ebus@1
  su0 at ebus0: offset 14,3803f8
  su0 is /pci@1f,0/pci@1,1/ebus@1/su@14,3803f8
  cpu0: UltraSPARC-IIi (portid 0 impl 0x12 ver 0x91 clock 440 MHz)
  iscsi0 at root
  iscsi0 is /iscsi
  |pseudo-device: zfs0
  zfs0 is /pseudo/zfs@0
  Configuring devices.
  /pseudo-device: devinfo0
  devinfo0 is /pseudo/devinfo@0
  PCI-device: pci@1, simba1
  simba1 is /pci@1f,0/pci@1
  pseudo-device: pseudo1
  pseudo1 is /pseudo/zconsnex@1
  /pci@1f,0/pci@1,1/network@1,1 (hme0) online
  /pci@1f,0/pci@1,1/scsi@2 (glm0):
  Rev. 3 Symbios 53c875 found.
  PCI-device: scsi@2, glm0
  glm0 is /pci@1f,0/pci@1,1/scsi@2
  PCI-device: pci@1, pci_pci0
  pci_pci0 is /pci@1f,0/pci@1/pci@1
  su1 at ebus0: offset 14,3602f8
  su1 is /pci@1f,0/pci@1,1/ebus@1/su@14,3602f8
  ecpp0 at ebus0: offset 14,340278
  ecpp0 is /pci@1f,0/pci@1,1/ebus@1/ecpp@14,340278
  pseudo-device: fssnap0
  fssnap0 is /pseudo/fssnap@0
  pseudo-device: ramdisk1024
  ramdisk1024 is /pseudo/ramdisk@1024
  sd0 at glm0: target 1 lun 0
  sd0 is /pci@1f,0/pci@1,1/scsi@2/sd@1,0
  pseudo-device: winlock0
  winlock0 is /pseudo/winlock@0
  pseudo-device: llc10
  llc10 is /pseudo/llc1@0
  pseudo-device: lofi0
  lofi0 is /pseudo/lofi@0
  pseudo-device: fcp0
  fcp0 is /pseudo/fcp@0
  pseudo-device: fcsm0
  fcsm0 is /pseudo/fcsm@0
  pseudo-device: trapstat0
  trapstat0 is /pseudo/trapstat@0
  pseudo-device: pool0
  pool0 is /pseudo/pool@0
  pseudo-device: mem_cache0
  mem_cache0 is /pseudo/mem_cache@0
  pseudo-device: fcode0
  fcode0 is /pseudo/fcode@0
  -\i2c0 at ebus0: offset 14,600000
  i2c1 at ebus0: offset 14,100000
  i2cadc0 at i2c0: reg=0x0:0x9E, name=bus,address="0,9e"
  i2cadc0 is /pci@1f,0/pci@1,1/ebus@1/i2c@14,600000/adc@0,9e
  i2cgpio0 at i2c0: reg=0x0:0x70, name=bus,address="0,70"
  i2cgpio0 is /pci@1f,0/pci@1,1/ebus@1/i2c@14,600000/gpio@0,70
  i2cgpio1 at i2c0: reg=0x0:0x72, name=bus,address="0,72"
  i2cgpio1 is /pci@1f,0/pci@1,1/ebus@1/i2c@14,600000/gpio@0,72
  |/-\|/-\|/-Using RPC Bootparams for network configuration information.
  Attempting to configure interface hme1...
  \|/-\|/-WARNING: hme1: fault detected in device; service degraded
  WARNING: hme1: No response from Ethernet network : Link down -- cable problem?
  \|/-\|/-\|/-\|/-\|/-\|/-\|/-\|/-Skipped interface hme1
  Attempting to configure interface hme0...
  Configured interface hme0
  ERROR: bpgetfile unable to access network
  /sbin/install-discovery: information: not found

  rmcnaught48 wrote:
  Hi,
  I am trying to learn Solaris as a student. I bought a SPARC (Netra T105 UltrasparcII) server on ebay which requires a network install as there is no cd-rom, or keyboard.
  I only have a linux box (like I said, I'm a stingy student) to use as an install server, there is a few tutorials out there to try and do this, but none for Solaris 10. I have been hacking away at this for days, but cannot get it to install. I have the sparc server using RARP and then getting the /etc/bootparams file and downloading the boot files, but it does not get to locating the jumpstart files or the install files (I dont know if I can install from the terminal using the keyboard (without jumpstart) - I have not got that far yet).You can install using the keyboard with jumpstart. Without jumpstart you'd need local media (you can't enter the OS via the keyboard).
  I always get this, like it cannot find the install directory, I was wireshark on the linux boot server and see loads of NFS traffic after the TFTP download, but cannot seem to see what part it actually at. I have a detailed log at the bottom from putty. Any help greatly appreciated.Cheers
  ERROR: bpgetfile unable to access network
  /sbin/install-discovery: information: not foundHmm. That looks like the image file is corrupt. Can you pull the image from media again? Can you see if there's a /sbin/install-discovery file in the image (usually under Tools/Boot/root). I recall there used to be a problem with that file.
  Linux box setup:
  /etc/bootparams
  solaris root=192.168.2.10:/home/sunos/Solaris_10/Tools/Boot rootopts=rsize=32768 boottype=:in install=192.168.2.10:/home/sunos_install/Solaris_10/Product sysid_config=192.168.2.10:/home/sunos_install/jumpstart/sysidcfg install_config=192.168.2.10:/home/sunos_install/jumpstart/jumpstart.confIf you just want an interactive install (prompt for configuration/settings), you don't need sysid_config or install_config. Those are for automated installations.
  TFTP setup from /tftpboot:
  [root@robert tftpboot]# ll
  total 232
  lrwxrwxrwx 1 root root 8 Jun 10 13:55 C0A80214 -> inetboot
  -rwxrwxrwx 1 root root 221280 Jun 10 13:47 inetboot
  The Openboot can get ahold of the inetboot file and downloads and it and then loads it.
  The following directories are exported through NFS
  [root@robert sunos_install]# cat /etc/exports
  #/home/nfs 192.168.2.0/24(ro,sync)
  /home/sunos *(ro,no_root_squash)
  /home/sunos_install *(ro,no_root_squash)
  [root@robert tftpboot]# showmount -e localhost
  Export list for localhost:
  /home/sunos *
  /home/sunos_install *That looks pretty good.
  You do have the option of running VMware on linux, and putting a Solaris 10 image on it, then using that VM as your boot server. But the problem you're displaying doesn't appear to be related to the linux server.
  Darren

• High availability for file server and exchange with 2 physical servers

  Dear Experts,
  I have 2 physical server with local disks only. I want to setup below on same with high availability, please advise best prossible options. We will be using windows 2012 R2 Server..
  1. Domain controller
  2. Exchange 2013
  As of now I am thinking of setting up below:
  1. Install Hyper-v on both and create 3 VM on each as
  -On Host A- 1 VM for DC, 1 VM for File server with DFS namespace and replication for file server HA and 1 VM for Exchange 2013 with CAS/MBX with DAG and DNS RR for Exchange HA
  -On Host B - 1 VM for ADC, 1 VM for File server DFS member for above and 1 VM for Exchange 2013 CAS/MBX with DAG member
  I have read on internet about new features called scale out file server (SoFS) in Windows 2012 Server but not sure that will be preferred for file sharing.
  Any advise will be highly appreciated..
  Thanks for the help in advance..
  Best regards,

  Dear Experts,
  I have 2 physical server with local disks only. I want to setup below on same with high availability, please advise best prossible options. We will be using windows 2012 R2 Server..
  1. Domain controller
  2. Exchange 2013
  As of now I am thinking of setting up below:
  1. Install Hyper-v on both and create 3 VM on each as
  -On Host A- 1 VM for DC, 1 VM for File server with DFS namespace and replication for file server HA and 1 VM for Exchange 2013 with CAS/MBX with DAG and DNS RR for Exchange HA
  -On Host B - 1 VM for ADC, 1 VM for File server DFS member for above and 1 VM for Exchange 2013 CAS/MBX with DAG member
  I have read on internet about new features called scale out file server (SoFS) in Windows 2012 Server but not sure that will be preferred for file sharing.
  Any advise will be highly appreciated..
  Thanks for the help in advance..
  Best regards,
  DFS is by far the best way to implement any sort of file server. Because a) failover is not fully transparent and does not happen always (say not on copy ) b) DFS cannot replicate open files so if you edit a big file and have node rebooted you're going to
  lose ALL transactions/updates you've applied c) actually slows down the config. See:
  DFS for failover
  http://help.globalscape.com/help/wafs3/using_microsoft_dfs_for_failover.htm
  DFS FAQ
  http://technet.microsoft.com/library/cc773238(WS.10).aspx
  (check "open files" point here)
  DFS Performance
  http://blogs.technet.com/b/filecab/archive/2009/08/22/windows-server-dfs-namespaces-performance-and-scalability.aspx
  SoFS a) requires shared storage to run and you don't have one b) does not support generic workloads
  (only Hyper-V and SQL Server) and c) technically makes sense to expand SAS JBOD or existing FC SAN to numerous Hyper-V clients over 10 GbE w/o need to invest money into SAS switches and HBAs and FC HBAs and new licenses FC ports. Making long story short:
  SoFS is NOT YOUR CASE. 
  SoFS Overview
  http://technet.microsoft.com/en-us/library/hh831349.aspx
  http://www.aidanfinn.com/?p=12786
  http://www.aidanfinn.com/?p=12786
  For now you need to find some shared storage to be a back end for your hypevisor config (SAS JBOD from supported list, virtual SAN from multiple vendors like for example StarWind see below, make sure you review ALL the vendors) and then you create a failover
  SMB 3.0 share for your file server workload. See:
  Clustered Storage Spaces over SAS JBOD
  http://technet.microsoft.com/en-us/library/jj822937.aspx
  Virtual SAN from inexpensive SATA and no SAS or FC
  http://www.starwindsoftware.com/native-san-for-hyper-v-free-edition
  Failover
  SMB File Server in Windows Server 2012 R2
  http://www.starwindsoftware.com/configuring-ha-file-server-on-windows-server-2012-for-smb-nas
  Fault
  tolerant file server on just a pair of nodes
  http://www.starwindsoftware.com/ns-configuring-ha-file-server-for-smb-nas
  For Exchange you use SMB share from above for a file share witness and use DAG. See:
  Exchange DAG
  Good luck! Hope this helped :)
  StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

• Clarification: Decommissioning Exchange Mailbox server after move to Office 365 will not cause problems with the remaining Exchange CAS server

  Environment: 1x Exchange 2013 Mailbox server
  1x Exchange 2013 CAS server
  All users migrated to office365. MX record pointed to Office365
  DIRSync implemented
  Clarification: All users are now using Office365. As per recommendation from Microsoft there should be 1 exchange server to be retained and the rest can be decommissioned. I tried to test the scenario by shutting down the exchange server
  with the mailbox role and leaving the exchange server with CAS role online. I tried to run Exchange Management shell on the CAS but I'm getting errors. To clarify, once I have uninstalled the Exchange server mailbox will the CAS still look for the mailbox
  server? Or do I need to decommission both Exchange servers and then install a new Exchange server with CAS role?

  Hi
  If you are looking for a hybrid coexistence with office 365 then at least one Exchange 2013 Client Access and one
  Exchange 2013 Mailbox server must be installed in the on-premises organization to run the Hybrid Configuration wizard and support Exchange 2013-based hybrid deployment functionality.
  http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  Summary - You need to have at-least one CAS and MBX combined together in onpremise or it can even be seperate CAS and seperate MBX but microsoft recommends to have both CAS and MBX together in onpremise
  Source - 
  http://technet.microsoft.com/en-us/library/hh534377(v=exchg.150).aspx
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• LDAP (Directory service) server and client compatiblw with windows 7

  Hello Experts,
  Earlier we were using Netscape Server 4.0 and Console  in Windows XP for LDAP Integration testing with BRM.
  Now that Windows XP is soon going to be decommissioned and the software is incompatible with windows 7,I am looking for Directory service (both server and client) alternatives compatible with Windows 7.
  Has  anyone tried setting up a Directory service(or LDAP) in windows 7 Operating system ??
  Any help is appreciated. Thank you

  Hello Mr Thio,
  Basic cause for this type of error message is Generally permission issue.If you are using a domain account make sure it is added as local administrator in local machine.
  RK on setup.exe and select run as administrator
  Makes sure you copy installables on local drive and run setup from machine if your are running from CD directly avoid it.
  Below MS link has documented this error please go through the link properly
  http://support.microsoft.com/kb/2799534
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

• Is there a way to open Excell file from the server and display in the UI and save it back on to the

  Hello there,
  Is there a way to open Excell file from the server and display in the UI and save it back on to the server? (like showing xell file as a datagrid - add rows, columns etc.)

  Hi Mike,
  Welcome you to the forum.
  You may try:
  SELECT * FROM MyDBNameHere.dbo.OUSR T0
  Thanks,
  Gordon

• Windows 2008 Server and Windows 8 clients

  Hey Guys,
  I have had this problem for sometime now and really need a solution. I have Windows 2008 Enterprise Server running about 200+ terminal services clients. All Windows XP clients are fine, Windows 7 clients have issues when they get an updated version of
  remote desktop client(to solve the issue we simply rollback the update), Windows 8 clients cannot connect and use out remote app. The issue stems from the newer version of remote desktop client (on windows 7 and embedded in windows 8) cannot connect to our
  terminal server and generates an error and immediately disconnects. The error says "
  Your computer can't connect to the remote computer because an error occurred on the remote computer that you want
  to connect to
  So my questions are, how can i update my Windows 2008 Terminal server version to support these clients, or do u have migrate to Windows 2012? Or is there a solution to my current problem which will allow my client to connect and use the remoteapps?

  Hi,
  Thank you for posting in Windows Server Forum.
  Please follow the below steps and verify result.
  LAN manager authentication level settings (Local security policy->Local Policies->Security Options->Network Security: LAN Manager Authentication level). 
  Try to change it to "Send NTLMv2 response only" 
  Snap:
  If still face the issue please install this Hotfix.
  RDS client computer cannot connect to the RDS server by using a remote desktop connection in Windows
  http://support.microsoft.com/kb/2752618/
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Newie Mail server and running other services

  We have a small office network of 6 macs that connect to a Panther server, this server provides DNS and file sharing and thats about it a Filemaker Sever and Retrospect Server. I doesn't suffer from heavy use
  I have been using a a separate mac to run Quickmail server 1 (os9) and I need to upgrade it as some of the mail protocols are out of date.
  We have a static IP address assigned to our mail gateway by our service provider.
  My question or advice
  Should I just start using OS X server to run mail services
  or
  Upgrade Quickmail and continue running it separately on a new mac mini (or similar)
  My concerns are at the moment any problem with email locally can be solved pretty much without effecting the other server or the network.
  Thanks

  The basic setup is prety simple...
  Replace following with your own equivalents...
  Domain name: woopee.com (the domain name after the "@" in your emails)
  Host name: mail.woopee.com (the hostname your MX record points to. Does not need to match server hostname. This will be the hostname mail server uses when communicating with other servers)
  Local Host Aliases: woopee.com (a list of the domains you want to accept mail for. Probably just same as Domain name?)
  Local network: 192.168.10.0/24 (LAN IP range for local users. Used to bypass authentication when they send mail out)
  Server Admin-> Mail-> General...
  Tick:Enable POP
  Tick:Enable IMAP
  Tick:Enable SMTP, Allow incoming mail, Enter Domain name & Host name (from above).
  Mail-> Relay
  Tick: Accept SMTP relays... Enter localhost IP: 127.0.0.1/32 and Local network (from above).
  Tick: Use these junk mail rejection servers. Add: zen.spamhaus.org
  Mail->Filters
  Tick: scan for junk mail. Minimum score: 5 (can be reduced later)
  Junk mail should be: Delivered (will just tag and forward to recipient)
  Tick: Attach subject tag: * Junkmail *
  Tick: Scan email for viruses
  Infected messages should be: Deleted
  Tick: update junk mail & virus database: 1 time per day
  Mail->Advanced->Security
  SMTP: none (this prevents smtp authentication from anyone outside your Local network)
  IMAP: Tick: Clear, Plain, Cram-md5 (or leave all unticked if only using pop accounts)
  POP: Tick: APOP
  Mail->Advanced->Hosting
  Local Host Aliases: Add: localhost & woopee.com (separate entries, see Local host aliases, above)
  That's it (I think ...although I cannot guarantee I have not missed something). There will be no problem setting this up and seeing it going whilst still using the existing mail server. Set up client accounts to send and receive from new server and you can send mail around internally to test. Last thing would be to change your firewall port-forwarding for SMTP from existing server to new one.
  Watch the mail.log in Console for any errors & do plenty tests.
  Ensure users have mail enabled in Workgroup Manager.
  There are plenty mods available beyond this. Have a good read through the mail services manual (I know its a bit confusing at times) and you should see where the above settings fit in.
  Lots of stuff on the forum here which you can search for. Spam filtering in particular can be made far more effective but requires editing of the underlying unix configuration files - again, plenty of previous discussions about that on forum. Meantime, the zen.spamhaus.org RBL will filter out a great many spammers.
  -david

• I am unable to send mail on my IPad because the iPad ignores the single correctly configures outgoing server and instead looks for long since deleted outgoing server which is not listed in my settings at all.

  Some time ago I used to use an outgoing mail server, which I will call 'XYZ'.  However I changed email providers and now have a new outgoing server which I will call 'ABC'. I tried deleting that old outgoing server when I changed email providers but had problems doing so.  So what I did was completely delete all email accounts from my iPad and then reinstalled the two new email accounts from scratch, complete with the new outgoing server 'ABC'.  That appeared to be successful, and I can receive email OK.  Also the new server 'ABC' is the ONLY outgoing server listed in my settings on either account
  However despite the new server being the only one in my settings the iPad will not send mail and shows an error message saying that the settings for the OLD server 'XYZ' are incorrect.  I cannot amend or delete that server as it has already been deleted and is not listed in my settings.
  It is like the iPad is somehow still remembering that old server and thinks it's the primary one.  Or it's getting old server info fron iCloud or something.
  My iPhone has the same two email accounts and identical settings and does not have this issue.
  Any ideas, other than a complete factory reset?
  Many thanks
  Rob

  From the Mail menu bar, select
  Window ▹ Connection Doctor
  Click the Show Detail button. A drawer opens. Click Check Again and post the text that appears. Anonymize any personal information before posting.

• Accessing time capsule with osx server and vpn

  i have apple server and a time capsule that i use as harddisk. Now I want to access the time capsule by VPN. I cannot make an accesspoint of my time capsule.
  When I turn off file sharing on the time capsule and turn it on on the server then i cannot access my files locally.

  Sorry, have to disagree.
  I have a time capusle and its in the hfs+ and my vista pc reads it fine.
  You do need to download the airport software for windows from apple downloads. Install that and then, windows can see it fine under networking. Then to map a drive letter, just navigate to your time capsule in windows then right click on the share and give it a drive letter.
  Or you can use the cd that came with your time capsule in your windows pc and it will install the client from there.

• Need help with OSx server and profile manager

  I messed up my OS X server and seems like it has stopped working.
  I cannot access my server remotely or locally and it shows Safari cannot connect to server.
  I made mistake resetting keychain to default and all certificates were missing.I restored system.keychain from time machine but not it won't run.
  System log shows
  ec 30 18:31:25 mdmserver.medicalpharmacies.com certadmin[14697]: BundleManager(non-plugin calling servermgr_certs): doCommand finished reply = {
       error = <62706c69 73743030 d4010203 04050625 26582476 65727369 6f6e5824 6f626a65 63747359 24617263 68697665 72542474 6f701200 0186a0a8 07081112 1a1b1c22 55246e75 6c6cd409 0a0b0c0d 0e0f1056 4e53436f 64655a4e 53557365 72496e66 6f584e53 446f6d61 696e5624 636c6173 7311138a 80038002 80075f10 19636f6d 2e617070 6c652e73 65727665 726d6772 5f636572 7473d313 140c1517 19574e53 2e6b6579 735a4e53 2e6f626a 65637473 a1168004 a1188005 80065f10 164e534c 6f63616c 697a6564 44657363 72697074 696f6e5f 1032556e 61626c65 20746f20 66696e64 20706173 73706872 61736520 666f7220 6578706f 72746564 20707269 76617465 206b6579 d21d1e1f 205a2463 6c617373 6e616d65 5824636c 61737365 735c4e53 44696374 696f6e61 7279a21f 21584e53 4f626a65 6374d21d 1e232457 4e534572 726f72a2 23215f10 0f4e534b 65796564 41726368 69766572 d1272854 726f6f74 80010008 0011001a 0023002d 00320037 00400046 004f0056 0061006a 00710074 00760078 007a0096 009d00a5 00b000b2 00b400b6 00b800ba 00d30108 010d0118 0121012e 0131013a 013f0147 014a015c 015f0164 00000000 00000201 00000000 00000029 00000000 00000000 00000000 00000166>;
       errorCode = 5002;
       errorDescription = "Unable to find passphrase for exported private key";
  Dec 30 18:31:25 mdmserver com.apple.xpc.launchd[1] (org.apache.httpd[14695]): Service exited with abnormal code: 1
  Dec 30 18:31:25 mdmserver com.apple.xpc.launchd[1] (org.apache.httpd): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

  Hi!
  Do you have a time machine backup? What you can try to do is a full restore on a testmachine or a VM and export the old keychain and import it into your broken server:
  Passwords:
  http://www.icreatemagazine.com/tips/os-x-tutorial-how-to-transfer-keychain-data- between-macs/
  Certs:
  https://www.racf.bnl.gov/docs/howto/grid/osxcertmgmt
  Good luck!

• Website issue with osx server and hosting

  so i had a website hosted from my osx server and i had bought the domain name from godaddy it worked great but i desided to instead of hosting it on my osx server to just host it on  godaddy so i turned to server off and added the domain to my godaddy account hosting and now it works but one problem all computers can veiw the website but mine. i think it has somthing to do with the fact that my mac was the one hosting it. but if i go to my browser and go to my wesite i get a error but than i go to any other computer and it works great help please

  A couple ideas
  check our /etc/hosts file, you might have an entry for your domain.
  sudo pico /etc/hosts
       do you see any entries for your domain? If so:
       edit the file by navigating with the arrow keys, delete the line
       with your domain. Hit ctrl-x when done (enter 'y' to save the change)
  Clear your DNS cache
       dscacheutil -flushcache
  Try a different DNS server, go into your network settings (In System Preferences)
  Go to Ethernet or Wifi (whichever you are using), click Advanced and under the DNS tab enter:
       8.8.8.8
  Make sure no entries are ABOVE it.
  If none of this works, send the results of these commands:
       cat /etc/hosts
       cat /etc/resolv.conf
       dig +short mydomain.com   (replace with your domain)
  The results of these should point us in the right direction.
  Jeff

• The difference between Telepresence Content Server and MSE 3500

  Good day! Could someone explain me what's the difference between Telepresence Content Server and MSE 3500? Why do I need to obtain two these devices for sorting out my tasks? I want to understand gist of the first and the second devices.

  In addition to what Jonathan posted above, here is a Capture Transform Share Solution Guide that goes over a little bit of what the TCS and MXE are and some possible deployment scenarios.
  In short, TCS is used to record video conferences or lectures that can be streamed on demand or live using various streaming or distribution methods.  One such distribution method is using the MXE 3500 to ingest the recordings from TCS and convert them to different media types and add in-video content such as logos etc.  However, from the MXE, you can't send the video back to the TCS for viewing, you'd need to send that off to another viewing portal such as Show and Share.