We’ve been working on some major upgrades to our Exchange environment over the last while. During the course of that, we started receiving NDR’s for messages sent to mail-enabled public folders. Initially, these were “MapiExceptionNotAuthorized” messages, which are related to permissions. Those were sorted out without too much trouble, as the NDR is at least somewhat descriptive. But then we started receiving a very generic NDR of #550 4.4.7 QUEUE.Expired; message expired ##.
…not really much to go on. Exchange 2007 does give some more “in plain English, please!” information in its NDR’s, but that also wasn’t much help:
Delivery has failed to these recipients or distribution lists:
[user display name]
Microsoft Exchange has been trying to deliver this message without success and has stopped trying. Please try sending this message again, or provide the following diagnostic text to your system administrator.
Wow…that was helpful…
(more…)
Alright, so the title for this post seems pretty out there, but I can guarantee you that I have come across this on multiple machines. I’m not saying “If you install Windows Media Player 11 on your computer, networking will break,” I’m just saying that if you experience the symptoms outlined below and you’re stuck, trying uninstalling WM11 and the WM11 codec; you just might get lucky.
So, one of the other techs in the office calls me over: He’s been beating his head against a wall with a remote user being unable to get internet connectivity on his Windows XP workstation. The tech has been on this thing for hours, tried just about everything he can think of shy of a workstation rebuild, and he’s looking for some team support. I have him throw the ticket my way; I figure that another set of eyes can only be helpful. With a bit of digging, we isolate the symptoms:
- Full connectivity to the local server is available
- Name resolution is still solid
- Pings are working to both local and remote addresses
- Anything higher up the stack than pings only work locally, and bail as soon as you cross a router. This includes file shares, RDP, FTP, HTTP/s, MAPI, and I’m guessing anything else higher than layer 4. (more…)
On a recent network audit for a prospective new client, I came across an issue in the Exchange System Manager for their Exchange Server 2003 box. When you tried to browse into any public folder management, ESM presented the following error:
The SSL certificate server name is incorrect. (more…)
Lately, our company has started developing user web portals for our clients. The main goal is to provide a central reference point for common links (webmail, helpdesk, remote assistance links … ), howto documents, and other files and resources. A secondary goal was to also allow user administrators to perform basic user management through a web interface. This would include things like disabling/creating/unlocking user accounts, resetting passwords, and modifying group memberships for access reasons. Myself and the other admin tasked with setting up this portal are most familiar with PHP, and so we went of looking for the best means of interfacing with Active Directory through PHP. (more…)
We recently received reports of message delivery delays in our Exchange organization. We run Exchange 2007, so I checked out the Hub Transport Servers and discovered that messages were piling up in the Submission queues on both of the main hub transports. Restarting the Microsoft Exchange Transport service didn’t get things going again, so I turned to the Application Log to try to figure out what was going on. (more…)
If you’re looking for an easy online storage solution for Windows (and have a gmail account kicking around), check out the Gmail Drive by bjarke. It’s a free shell extension for Windows that basically adds a new drive to your computer. When you try to access the drive through Windows explorer, you are prompted for your gmail login details (you have the option of saving the details to avoid having to login each time you access the drive).
(more…)
One of our techs recently ran across a problem with a new Windows Vista Business laptop trying to synchronize offline files to a Windows Server 2000 file server. Synchronization would start, but the Sync Center in Vista would show failures for every single file that was attempted to be sync’d. The error message read something to the extent of “The process cannot access the file because it is being used by another process“.
We tried the usual: checking permissions on the folders being offline’d (I know that’s probably not a word, but you get what I mean); deleting his local cache of Offline Files; disabling and then re-enabling Offline Files. But we just kept on banging our heads against the same error. At first, just about any web search for the error resulted in either something about Windows Home Server or databases or something of the like. Eventually, though, we struck gold:
http://support.microsoft.com/kb/296264/en-us: Configuring opportunistic locking in Windows
(more…)
Part I demonstrated how to find aged or inactive accounts, and in Part II we will look at another lingering account type: disabled accounts.
Like inactive accounts, Directory Searchers also come in handy for disabled accounts. We can also, however, read an Active Directory account’s status directly from a hidden attribute on the ADSI object. Let’s start with the Directory Searcher method. This entry also draws from Bahram’s Blog. The code:
$adobjroot = [adsi]''
$objdisabsearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objdisabsearcher.filter = "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
$resultdisabaccn = $objdisabsearcher.findall() | sort path
(more…)
We’ll start off with Inactive accounts first, and then work on the disabled accounts after that.
Active Directory in Server 2003 has a nice user/computer attribute called lastLogonTimeStamp that can help us keep track of inactive accounts. If you have ever tried to use that attribute, however, you might have come up with something like this…
(more…)
I am pretty sure I’m not the only one who wants something more descriptive than DSC1900298.JPG to name my digital photos. And yes, I know that Windows Explorer allows you to rename pictures en masse, but I don’t like the convention they have chosen in that the first file is named [common name].JPG, then the subsequent files are named [common name] (2).JPG and so on and so forth.
I had a few requirements for how I wanted to go about this:
- Get rid of the parentheses. If I will be posting those pics online anywhere, I wanted to keep the names as free of special characters as I can.
- Number the first file. The Windows Explorer route does not number the first file when doing bulk renames. This is easy enough to do manually, but I just don’t want to bother.
- Keep a constant number of digits in the index number. I want the renaming process to take into account how many pictures there are and adjust the number of index digits accordingly. If there are fewer than 10 files/images, then only 1 digit is required (e.g. 1, 2, 3, 4…9). If there are between 10 and 99 files (inclusive), then two digits are required (01, 02, 03…10, 11, 12…99). I think you get the idea. Windows definitely doesn’t do that.
(more…)
