Cisco Ospina

We’ve been using Spiceworks since the first of April and really like it.  If you haven’t heard of Spiceworks, ITChurch.com has great review.

Has anyone performed an upgrade to Spiceworks 3.0 from 2.0 and are now experiencing duplicates?  Before the upgrade, our Inventory was accurate with about 160 workstations.  It now shows over 230 workstation.  When I look at the workstations, some duplicates have the same name,  but different SN’s (one will be correct, the other will show the computer name for the SN).  Then, other duplicates will show ws01 for one computer name, and then ws01.domain.com for the name on the other.  I’ve posted in the Spiceworks Support, but haven’t gotten anything back yet.  When I delete the duplicates, it picks them right back up in the next scan.

We are using the Help Desk feature, and have manually input a lot of info and notes, so starting from scratch is something we are trying to stay away from.

How is your Spiceworks upgrade going?

The latest version of SpiceWorks, 3.0, is here! There are many improvements and I’m looking forward to upgrading our SpiceWorks Virtual Server soon. We have been using it for a few months now and really like it! I’ll do a blog on our SpiceWorks experience and setup soon.

http://spiceworks.com/

Looking for a conference to learn a little more about VMWare and Virtualization? Check out the VMWare Virtualization Forum 2008. They probably have one coming near you!

UPDATE: April 23, 2008

Today I used the MS Technet Article on “How to Remove the Last Legacy Exchange Server from an Organization”.  There is one section that is very confusing.  Under the “To remove the last Exchange 2003 or Exchange 2000 server…” section, number 5 gives a Command Shell command to run.  They put “dc=<domain>” but it’s actually “dc=<domain>,dc=<ext>”.  I don’t think “ext” (domain extension) is the correct term, but here’s the example:

My domain name is scc.com, so my command shell will look like this:

Remove-ADPermissions “dc=scc,dc=com” -user “scc.com\Exchange Servers” -AccessRights WriteDACL - InheritedObjectType Group

If you do not have your “dc” correct, then you will get errors!  Copy and paste the code above and change it to match your domain name. 

Thanks to my good friend and volunteer, John S., for spending the time and research to get through this issue on his own Exchange 2007 Server, and for immediately passing it on to me! (We both did our Exchange 2007 Upgrades/Migration at the same time)  Hope this helps!

Not only can you have your Outlook 2007 pull your favorite RSS feeds directly into Outlook, you can also use Word 2007 to create and post blogs directly to your blog from your Word document…

“How do I get started?”, you may be thinking!

• First you’ll want to open Word 2007. Once you have Word opened, simply click your “Office Button” and then click “New”.
  
• Once you click new, you’ll be prompted do you want to create a new document or a new Blog. Select Blog.
  
• Then you’ll need to register your Word 2007 with your blog. I use WordPress, so I simply chose “WordPress” in the drop-down menu.
  
• You’ll be prompted for your Blog link, as well as your user name and password. Once you have typed this information in, your computer will be registered to publish directly to your blog. Images and all!
  

Try it out!

Dameware Mini Remote Control is a Remote Desktop software that I’ve been using for almost 6 years now. Dameware is an application that will allow you to interactively remote control another workstation on your network. When you log into your users computer, you can see their desktop and they can also see you on their desktop. This is great for those who support multiple buildings, or even a single building with employees spread out. If your user has an issue on your network, simply log into their computer and see exactly what’s going on. You can then reconfigure, or fix the problem however you need to without leaving your desk.

Dameware is licensed per technician, so one technician can log into an unlimited number of computers. The best part, Mini Remote Control is only $89.95!

What are you using to provide remote assistance to your users? If you are currently not using anything, I would highly recommend downloading a 30 day trial from www.dameware.com. You will not be disappointed.

This week we installed our first Linux Server. It’s a CentOS box that is being used as a Web Development Server in-house. Our Production Server will be a RedHat box Dedicated Server hosted offsite. So far so good. We have a few volunteers that are great with Linux who helped with the installation and on going support. I am interested in learning as much as I can, since I am ultimately responsible for the server.

All you Linux users, post some “must have” or “must know” comments that will help with managing and maintenance of this new server. I’m all ears (or “all eyes” I guess I should say, since I’ll be “reading” them)

BES - Message Status: Desktop email program unable to submit message.

Windows 2003 SBS with Blackberry Professional Software Server installed in the SBS server.

I ran into this problem at a side job/contract job, that I worked last weekend.  Although we don’t use SBS at the church, and this particular problem didn’t happen at the church, I wanted to post it on my blog for anyone doing a google search on the same problem.  Hopefully you’ll find this blog sooner than later and save time troubleshooting.

You can install Blackberry Professional Software on Windows 2003 SBS.  You’ll need to create your BESAdmin account in AD and be sure the account is a member of Domain Users (not admins).  You’ll also need to make sure that BESAdmin has Send As rights on your Exchange Server.  Then log into the SBS as BESAdmin.  Once you have BES running correctly, you can log out and log back in as Administrator to mange your SBS server.  If you need to do anything to BES, log back out and back in as BESAdmin.

Here’s the problem we ran into: the user could receive e-mail, and the calendar, contacts, etc seem to sync.  But when the user tried to send an e-mail, he would get:  Message Status: Desktop email program unable to submit message.  We checked the users Security in AD and had to add the BESAdmin to the Security with Send As rights.  Within 30 minutes later, the BESAdmin had disappeared from the Security on the account.  Ultimately, our problem was that this particular user was part of the “domain power users” group.  This is a privileged group.  We removed the user from the group and all is well.

Check out this link for a more detailed and official explanation of the problem:

http://blogs.technet.com/sbs/archive/2006/06/30/439685.aspx 

Out of 11 Blackberry’s on our Blackberry Professional Server that I manage onsite at our church, I had trouble with two.  They both could not Activate wirelessly.  When I plugged in the cable, I could successfully activate via Desktop Manager. However, once I unplugged the cable, I could not send/receive e-mail, nor sync with Calendar, Contacts, Tasks, etc. When I tried to send an e-mail, I received a Message Status: Service Blocked.  When I called the service provider, the moment I told her I had a BES online, they said “I’m sorry, there’s nothing we can do since you have your server you’ll need to go through Blackberry.  I can help you wipe the phone as a troubleshooting step, but from there, I’ll have to transfer you to RIM.”  So they transfered me.  After spending almost an hour on hold, I spoke with RIM.  I gave him the PIN numbers of both Blackberry phones and sure enough, they said that neither phone had the service provisioned on their phones to allow them to connect to a Blackberry Enterprise Server.  He told me to call back the service provider and ask them to be sure that the phone has the correct plan to work with a Blackberry Enterprise Server.  After doing this, we found out that the phone had a service plan that allowed for Blackberry Internet Mail (not BES).  They upgraded the plan, reprovisioned the phone, and all is working.

So… if you are receiving  Message Status: Service Blocked, call your service provider and ask them to verify that your account is provisioned to work with a Blackberry Enterprise Server.  Once they change the plan and re-provision the account, you should be all set to Activate Wirelessly.

Exchange 2007 Upgrade

This is step-by-step documentation of the Exchange 2007 upgrade (or migration) from Exchange 2000 to Exchange 2007.

Current Exchange Setup:
     1 Windows 2000 Domain Controller
     1 Windows 2003 Domain Controller
     1 Exchange 2000 Server (installed on the W2k DC)

February 15, 2008 Friday
New Exchange Server is in. Winston, one of his friends and I had it rack mounted in about 5 minutes. Winston had to leave, so I stayed finish setting up the cables, etc.

Server Specs:
Dell PowerEdge 2950 III
2 x Quad Core Xeon Processors, 3.0 Ghz
8 GB RAM (4 x 2GB sticks)
8 x 73GB 15 RPM Serial-Attached SCSI 3Gbps 2.5-in HotPlug Hard Drives
Perc6i SAS RAID Controller, 2×4 Connectors, Int, PCIe, 256MB cache, x8 Bkpl
1.44MB Floppy Drive
24x IDE CD-RW/DVD ROM Drive
Integrated SAS/SATA RAID 1/ RAID 5, PERC 6/i Integrated
Redundant Power Supply

Once I got the KVM, Network and Power Cables plugged in, I booted the system to check it out. I ordered the system without an OS because non-profit for Win 2003 Server is much less than OEM & retail. I first logged into the RAID Bios. It had 2 drives in a RAID 1 and the rest (6 drives) in a RAID 5. I deleted the RAID 5 array, then recreated another 2 drives in a RAID 1 and the final 4 drives in a RAID 5. Final outcome is RAID 1 for the OS, RAID 1 for the Exchange Logs, and RAID 5 for the Exchange Database.

February 16, 2008 Saturday
During the first service (Sat night) I came up and installed Windows 2003 Server x64 on the new exchange server. Once the OS was installed, I proceeded to download all the windows updates until the OS was completely updated. Went to second service for Praise and Worship.

February 18, 2006 Monday
Monday night we had an IT – Network Support Team meeting. At this meeting, we had to perform the following:

• Move the 5 FSMO roles from the Windows 2000 Domain Controller to the Windows 2003 Domain Controller. This was a very simple, straight forward, processes documented at:
  

  http://technet2.microsoft.com/windowsserver/en/library/99f53498-ce25-4ab4-b476-7aa6e1997d641033.mspx?mfr=true
  

• Join new Exchange 2007 to the domain.
  
• Install IIS, including: Enable Network COM+ Access, and IIS (in the details of IIS select IIS Manager, Common Files, WWW Services).
  
• We then had to prepare Exchange 2000 Permissions. We did this by placing the Exchange 2007 Server disk in the new exchange server, go to the command prompt, cd d:, and run  Setup /PrepareLegacyExchangePermissionsThis command completed successfully.
  
• Our next step was to Extend the Active Directory Schema. This is done by going to the command prompt, cd d:, and run  Setup /PrepareSchema
  
  
• Next would be:  Setup /PrepareAD
  
  
• And finally:  Setup /PrepareDomain
  
  
• Once these are run, we would run the prerequisites from the Exchange 2007 CD: Steps 1, 2, 3. On our system, since we had the Windows Update patches up-to-date, steps 1 & 2 were already installed.
  

Everything seemed to be going well up to the Setup /PrepareSchema part. Once we ran this command, we got an error message:

Setup encountered a problem while validating the state of Active Directory: Domain Controller ‘mail.scc.com’ Operating System Version is 5.0 <2195> Service Pack 4. The minimum version required is 5.2 <3790> Service Pack 1

I noticed that it’s looking at mail.scc.com, which is our 2000 DC, the one we just moved the 5 FSMO roles from. I tried to ping scc.com and sure enough, it resolved mail.scc.com’s IP. I went to my workstation and my workstation, however, was resolving the 2003 domain controller, Fiserv.scc.com. I thought maybe the mail server just needed to be rebooted so I rebooted the mail server. While it was rebooting, I went back to the new exchange server and when I pinged scc.com, this time it resolved Fiserv.scc.com’s IP address (yeah!). I proceeded to run the Setup /PrepareSchema command and this completed successfully this time. I though Great! And stopped here for the day.

February 19, 2008 Tuesday
No sooner from crawling out of the bed did I have my laptop up and running and logged into the network. I logged into the new exchange server and pinged scc.com, it resolved mail.scc.com’s IP address… NO! I proceeded to remember how to change the lmhost.sam file to put Fiserv.scc.com’s ip address and scc.com. Once I did this, I pinged scc.com and it resolved Fiserv.scc.com Yeah! Back to the command prompt to run Setup /PrepareAD. I get the same error message above stating OS Version is 5.0. NO!!! So I hit google to begin researching the issue. I found a link that said to run the /domaincontroller:ServerName and this will direct it to the correct server. Sure enough…

When I added the /domaincontroller:ServerName switch, it completed successfully.

Now, it’s time for the installation of Exchange 2007. If I am unable to install Exchange from the GUI interface that appears with the AutoRun, I may have to run the “unattended installation” from the command prompt so I can include the /domaincontroller:ServerName switch.

3:00pm – Tuesday I’ve done the research and sure enough, due to our networking having a Windows 2000 Domain Controller, we are required to run the install from a command line. I’ve done the research and found the switches that I need to run the setup from a command line. Here’s the command line I’m using:

Setup /mode:install /roles:ca, ht, mb, mt /enablelegacyoutlook /legacyroutingserver:mail.scc.com /domaincontroller:Fiserv.scc.com

Here we go!

OK, so we started the upgrade and all was going well until the setup failed due to an Access Denied to the DVD Drive????

I started the setup again and had to end up taking out the MT under the /roles switch, because it had already installed the MT (Exchange Management Tools). I also had to take out the /legacyroutingserver because it could only use this once (notice it failed during the Hub Transport installation). After starting the install again, this time it completed successfully.

Great. So now I can open the Exchange Management Tools and I see all the mailboxes that are located on the Exchange 2000 Server. Yeah! Time to move a mailbox.

I haven’t received my Backup Exec 11d software yet, so I can’t backup the new exchange server until I get the software (hopefully end of this week or early next week). Having said this, I will not move everyone over until I am able to backup Exchange 2007, of course. I will, however, move my mailbox J. While my mailbox is still on Exchange 2000, I’ve exported it to a PST file on my desktop called BACKUPdate. Now at least I have a backup I can restore should something go wrong between now and the time I get my backup software.

March 14, 2008

OK, so I didn’t keep up with the detailed installation logs after we ran into a few other problems. Now I will give a detailed “recap” of what has happened up to today.

The night I completed the setup, I moved my mailbox over successfully. I wasn’t able to send/receive e-mail though. My outlook detected the new server and reconfigured itself, but no mail flow. I’m guessing that because the installation failed during the HT role initially, it didn’t complete the receive and send connectors. On top of that, I noticed about 10:00pm that my production server was offline. I checked the server and the information store was stopped. Long story short with the production server, I spent about 3 ½ hours on the phone with Microsoft until we got my production server’s Information Store to start and stay started. This wasn’t due to the Exchange 2007 upgrade, however. It just happened to do this during the upgrade.

So once we got my production server back up and running, they transferred me to an Exchange 2007 technician and after another hour and a half, we had mail flow going! At that point, we had not received our Backup Exec, so I was the only one on the server for several days.

Since I was on the server, I started looking into OWA and Exchange Active Sync. With Exchange 2007, you use one SSL Certificate for both OWA and Exchange ActiveSync (as well as Autodiscover if are going to use that). You need to purchase a Unified Communications SAN Certificate. This will allow for your internal domain an external domain to be on the same certificate using the SAN (Subject Alternative Name). Our problem is that we are the registered owners of our external domain, savannahchristian.com. We are not, however, the registered owner of our Private Internal Active Directory Domain, scc.com (short for Savannah Christian Church). Though this hasn’t been a problem for the 5 plus years this domain has been in place, now it has become a problem. Why? Well, if you are not a registered owner of your internal domain, then you can’t find any Third Party Certificate Authority to put that name on the Certificate for you. If we were only talking about OWA, it wouldn’t be that big of a deal. Not many people use OWA in-house. The problem is that Office 2007 does care if that internal domain name is on the certificate and if it not, you will get a message stating that the certificate is not trusted and you have to click Yes to continue, twice. This happens every time you open Outlook 2007.

So the question was how to get my internal domain name on my SSL Cert. There were a couple options:

1. Rebuild the domain to either savannahchristian.com or a domain name that I can purchase. The problem with this is we have over 10 servers, and over 140 computers on our network. This would mean rebuilding the whole network, including recreating each profile under the new domain (since the domain name is different, when the user logs in it will create a different profile). This was not an option that we wanted to take.
   
2. Build an internal Certificate Authority Server and create my own SAN Certificate.
   

We opted to go with number 2. After a quick install of a new Virtual Server, I proceeded to install the Certificate Servers (add/remove programs, windows components). I used the CSR that I created from Exchange and was able to make my own SAN Cert that included my internal and external domain. This worked great. After importing this cert into Exchange, the errors went away in Outlook 2007. I tried OWA and now I was getting a “Trusted Root Certificate” message. I went back into my CA server and grabbed the root certificate. I added the root cert to each computers trusted root’s folder via AD Group Policy. That worked great. I also had to install the trusted root certificate along with the SAN certificate into each Windows Mobile device. All is working well.

Now the problem I have is that I cannot “push” the root certificate to our staff’s home computer. When they go to OWA, they see the “trusted root certificate” message that says “Continue. Not recommended”. So I have to figure out how to push the root cert to their computers. I was able to successfully manually add the root cert to my home computer and all is well, but I really don’t want to have to do that. I’d rather it be done automatically. Any ideas?

I got my Backup Exec software in. You have to have version 11d in order to backup Exchange 2007 (which is what I ordered). I had to run a few prerequisites on my Backup Exec server including adding the Exchange Management Tools to the Backup Exec server. You will need to install the 32 bit version of Exchange Management Tools (if your Backup server is a 32 bit OS). You’ll also need to be sure they are the same version (ie, Exchange 2007 Server has SP1, you’ll need to update your Management Tools on your backup server to SP1 as well). Once you have this done, and you have your backup server install correctly, you’ll be able to backup and restore to the message. This is working great!

Once my backup was install, I successfully transferred over all of our mailboxes. I also moved my Public Folders.  Microsoft recommends leaving your old server online for at least 2 weeks to allow everyone to open Outlook so it will automatically configure to the new server. I moved my send connectors to send e-mail directly from the Exchange 2007 server, and I configured my Barracuda Spam filter to point directly to the Exchange 2007.

Everything is working great. I’ll give it about another week or so and then I’ll begin the steps to remove your last legacy exchange server. I’ll keep you posted!

UPDATE: April 23, 2008

Today I used the MS Technet Article on “How to Remove the Last Legacy Exchange Server from an Organization”.  There is one section that is very confusing.  Under the “To remove the last Exchange 2003 or Exchange 2000 server…” section, number 5 gives a Command Shell command to run.  They put “dc=<domain>” but it’s actually “dc=<domain>,dc=<ext>”.  I don’t think “ext” (domain extension) is the correct term, but here’s the example:

My domain name is scc.com, so my command shell will look like this:

Remove-ADPermissions “dc=scc,dc=com” -user “scc.com\Exchange Servers” -AccessRights WriteDACL - InheritedObjectType Group

If you do not have your “dc” correct, then you will get errors!  Copy and paste the code above and change it to match your domain name. 

Thanks to my good friend and volunteer, John S., for spending the time and research to get through this issue on his own Exchange 2007 Server, and for immediately passing it on to me! (We both did our Exchange 2007 Upgrades/Migration at the same time)  Hope this helps!