Category: Servers


This is a new weekly post with a tip for Windows, OS X, Linux, iOS, Android… anything really that I hope could help others in their daily computing lives.

This week’s tip is a Windows tip. Ever wonder what permissions you have in your organization? What groups are you part of? What is my SID?

There is a nice command introduced back in the Windows XP days called whoami. First introduced as part of the support tools, and now part of the standard install of windows, this command can give you all the information about the currently logged on user.

If we just issue whoami in CMD, we will get this:

Nothing spectacular, but lets look at the flags to the command:
We can see there is a /ALL flag, lets see what happens when we run whoami /all
(Important SIDs are whited out)
We can see a whole bunch of information, like my username, my SID, domain group memberships and even my permissions.
So if you ever want a user to send you their information, you can make a batch script that has:
whoami /all > userinfo.txt
This will save this information into a text file that the user can send your way and you can see all their group information and make changes as necessary.

IMCEAMAILTO errors in Exchange

Ever get this weird error?

mailto:IMCEAMAILTO-emailaddress%2B40domain%2B2Ecom@localdomain.com>

#550 5.4.4 ROUTING.NoConnectorForAddressType; unable to route for address type ##

I encountered this weird error today. What is that weird e-mail address? IMCEAMAILTO ?? This is what outlook interprets when a user clicks a hyperlink for a ” mailto:emailaddress@domain.com” within an email in outlook to send a new message.

For some reason, outlook does’t actually parse the MAILTO: but instead adds the MAILTO: as part of the email address that you are sending to.

The problem doesn;t stop there unfortunately, because outlook wants to remember every address you ever wrote to )the suggested contacts list), it will actually save the email address for that specific contact, which, will present itself as a contact called “emailaddress@domain.com” with the email address “MAILTO:emailaddress@domain.com”.

To solve this problem permanently for that specific address, we need to dig a bit more and change the email address stype back to SMTP:

With a lot of modern routers (ISA, Watchguard, etc..) we can put some proxy actions for publishing services. What’s the advantage? We can monitor the entire conversation between the client and our web server. Just like client outbound proxies, however, there can be some mishaps.

One good example is how a WebDav server can behave under a http proxy, you may get mixed results. OWA (Outlook Web Access) is a WebDav server for IE clients, and sometimes you may get errors like not being able to see your inbox, but you can see your folders just fine, or Active Sync just not working at all.

First lets look at the OWA error. In my example, I’m using a Watchgaurd XTM firewall with a HTTPS proxy to publish OWA. With the Proxy’s default values, we can log into OWA, but showing anything in the inbox keeps a “loading…” message. In order to make the inbox come up, we need to add a simple checkbox:

Remote Desktop Connection

Which bypasses proxy actions to allow WEBdav.

Next, lets look at ActiveSync. ActiveSync will just not work with watch guard’s default HTTPS proxy. The best way to diagnose it to try to go to the ActiveSync web page:

Watchguard http proxy  Google Images

With this, we need to allow the “Option” method in the HTTP protocol:

Watchguardhttpoption

I recently got myself a Mac Mini (mid-2011) to act as a Media Center, and as a server for my home environment. I will admit, things were not as smooth as I anticipated..

Apart from not having control of DHCP and DNS from the default Server.app (not that I’m bitter), having to download the remote server admin tools to control open directory.. The Time Machine server function never “just worked” for me.

On the server.app, setup is plainly simple. Choose your Disk, and turn it on:

NewImage

So the setup is practically seamless. How does another Mac backup to the time machine server? The server uses bonjour to broadcast the backup service. What’s presented to your Mac is a share on the server called “Backups”:

System Preferences

What SHOULD happen is backups over Wifi, pretty cool! One problem, troubleshooting this thing is not user friendly AT ALL, as in my case:

All Messages

What does “NAConnectToServerSync failed with error: 80” mean?

Of course, Lion is brand spanking new, so googling for help was useless (especially for lion server), Turns out, my password that I was using was the culprit.

In my password, I had a special character “$”. This messes with the mount_AFP command that is issued to backup. The Solution? Create a Backup user without special characters for its password.

Now, with this considered, I find this HORRIBLE! How, in this day and age, not allow special characters for passwords in order for stuff to work? It’s beyond me. A lot of my server experience has been a big mess. In windows when I DCPROMO a server, it installs DNS, why is DNS and DHCP so buried in the settings.. I don’t get it..

Hopefully Apple can get on this and put the same Quality Control it does like its consumer products.. Hell, 50$ Server License for all your Macs, you can pretty much call it a consumer product.

Remember the good old days when you wanted to export an e-mail account out of exchange for archiving, or just general backup purpose? We admins needed to install EXMERGE!
Exmerge was, and still is, a blessing to admin’s everywhere, it was a powerful tool that gave you more control of exporting or importing mailboxes in exchange, packaging everything up in a nice .PST file so you can re-import, or open it up with outlook. Let’s face facts though, by today’s standards, its not the most elegant/modern solution going. I was happy to see that Microsoft added this functionality in exchange 2010 through Powershell, and no Outlook required!

First off, we need to add your AD account as part of the mailbox import export role, lets fire up the Exchange Management Shell and type up:

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User domain\AdministratorAccount

Before we start exporting and importing, there is one small snag, we need to use network shares for output and input of pst files. Of course, it can be a share within the exchange server itself. (Make sure you have full read and write permissions on the share!)

So lets start with Exporting.

When your importing or exporting, you issue a request, think of it as moving a mailbox in the Exchange Management Console. The request holds the status of the job, even when the job fails or completes.

To start an export request:

New-MailboxExportRequest -Mailbox user -FilePath “\\server\share\user.pst”

This will issue an export request.. now what? We can list the export request by issuing:

get-mailboxexportrequest

There is a more detailed output:

get-mailboxexportrequeststatistics

this is good, but now i want the full details of the request I just made:

get-mailboxexportrequeststatistics -identity user\mailboxexport | fl

If we want to create a mailbox import request, its the same commands, but just change “export” to “import”

New-MailboximportRequest -Mailbox user -FilePath “\\server\share\user.pst”

get-mailboximportrequest

get-mailboximportrequeststatistics

get-mailboximportrequeststatistics -identity user\mailboximport | fl

Sometimes you need to publish a bunch of web servers, but don’t have enough public ip addresses to publish them with.

Usually virtual hosts come to the rescue, but what if you have multiple instances of Apache, or just multiple web servers?

There is a way to redirect these requests by using only 1 public IP, and best yet, its completely free! (IN money, not time!)

HAPROXY @ Work

What you will need:
A distro of linux (I like CentOS)
An available machine / be able to create a virtual machine

After installing your Base OS, your going to need to do some “wget” to get the source files to install.

First create a folder:

mkdir /installer
cd /installer

Now its time to get the latest source package of HAProxy:

wget http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.15.tar.gz

Now issue a:

make install

Lets copy haproxy to the sbin folder:

cp haproxy /usr/sbin/haproxy

Now lets go to the etc folder:

cd /etc

and make a new file called “haproxy.cfg” and enter this in the file:

nano haproxy.cfg

global
maxconn 4096 # Total Max Connections. This is dependent on ulimit
daemon
nbproc 4 # Number of processing cores. Dual Dual-core Opteron is 4 cores for example.
defaults
mode http
clitimeout 60000
 srvtimeout 30000
contimeout 4000
option httpclose # Disable Keepalive

frontend http-in
bind *:80
acl is_server1 hdr_end(host) -i server1.com
acl is_server2 hdr_end(host) -i server2.com

use_backend server1 if is_server1
use_backend server2 if is_server2

backend server1
balance roundrobin
cookie SERVERID insert nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
option httpclose
option forwardfor
server Local 192.168.1.x:80 cookie Local
backend server2
balance roundrobin
cookie SERVERID insert nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
option httpclose
option forwardfor
server Local 192.168.1.x:8080 cookie Local

A little bit about this config a little later.

Lets finish the install, lets get the launcher:

wget http://layer1.rack911.com/haproxy/haproxy.init -O /etc/init.d/haproxy

Now finish the startup setup:

chmod +x /etc/init.d/haproxy
chkconfig –add haproxy
chkconfig haproxy on

Now you can start and stop the service by running:

service haproxy stop
service haproxy start

So what about the config file? lets focus on a few section of importance:

The first section is the ACL section:

frontend http-in
bind *:80
acl is_server1 hdr_end(host) -i server1.com
acl is_server2 hdr_end(host) -i server2.com

use_backend server1 if is_server1
use_backend server2 if is_server2

this is saying “Im creating this rule called ‘is_server1’ and in this rule, i want you to check the header information (hdr_end(host)) and see if it matches with server1.com” This same mentality is applied to server2.com

The second part is stating “redirect to backend server ‘server1’ if the rule ‘is_server1’ is true”

So far, so good, now lets take a look at the “backend” section of “server1”:

backend server1
balance roundrobin
cookie SERVERID insert nocache indirect
option httpchk HEAD /check.txt HTTP/1.0
option httpclose
option forwardfor
server Local 192.168.1.x:80 cookie Local

In brief, what this is stating is “this is the configuration for server1, if you are accessing this section, please redirect to server 192.168.1.x:80”

So to add or remove servers in your configuration, all you need to do is add to these two sections the new configuration, and your all set.