Tech for Techs

PROBLEM:
Change an Admin Password in Mac OS X Single User Mode

SOLUTION:
This is a multistep process but it's easy to follow:
•First you need to enter Single User Mode. Reboot the Mac and hold down Command+S at boot to enter into the command line.
•You'll see a note where Mac OS X tells you that you need to run two commands in order to make filesystem changes, this is necessary so let's handle that first
•The first command checks the Mac OS X filesystem for errors and fixes them, it can take a few minutes to run:

fsck -fy

•The next command mounts the root Mac OS X drive as writable, allowing you to make changes to the filesystem:

mount -uw /

•After the filesystem is mounted, you can reset any users password using the following command:

passwd username

•You'll need to enter the new password twice to reset and confirm the changes

Don't know the admin username? No problem
If you're fixing someones machine and you don't know the username to reset, just look in /Users with:

ls /Users/

Here you'll see at least three items, .localized, Shared, and a username. The username is what you'll want to change with the passwd command.

After the password is reset and confirmed, you can exit out of Single User Mode by typing exit or reboot. The Mac will now boot as usual and you'll have access to the machine with the new password.

This is an easier and faster method than the approach taken for resetting lost passwords or using the Mac OS X boot DVD, because it's changing an existing root users password rather than creating a new admin user account. Both work fine though, so you can use whatever method you'd like.

You can use the same approach to navigate around a sleep/wake lock screen, although you'll obviously have to reboot the Mac meaning you will miss whatever is currently on the users desktop.

PROBLEM:
How to size DFS/DFSR Staging Folders?
Calulate the Staging folder size for DFS

SOLUTION:
For the initial replication of existing data on the primary member, the staging folder quota must be large enough so that replication can continue even if multiple large files remain in the staging folder because partners cannot promptly download the files.
To properly size the staging folder for initial replication, you must take into account the size of the files to be replicated. At a minimum, the staging folder quota for servers running Windows Server 2008 R2 or Windows Server 2008 should be at least the size of the 32 largest files in the replicated folder, or the 16 largest files for read-only replicated folders. To improve performance, set the size of the staging folder quota as close as possible to the size of the replicated folder.
To determine the size of the largest files in a replicated folder using Windows Explorer, sort by size and add the 32 largest file sizes (16 if it's a read-only replicated folder) to get the minimum staging folder size. To get the recommended minimum staging folder size (in gigabytes) from a Windows PowerShell® command prompt, use this Windows PowerShell command where <replicatedfolderpath> is the path to the replicated folder

(change 32 to 16 for read-only replicated folders):
(Get-ChildItem <replicatedfolderpath> -recurse | Sort-Object length -descending | select-object -first 32 | measure-object -property length -sum).sum /1gb

PROBLEM:
How to Enable a Windows User Account to Logon as a Service?
Allow User to logon as a Service.

SOLUTION:

• At the taskbar, select Start|Programs|Administrative Tools|Local Security Policy
• Within Local Security Settings|Local Policies, select 'User Rights Assignment'
• On the right, double-click 'Log on as a service'
• Check to see if the required user is listed as having this right. To add a user: click 'Add User or Group', type the first letter of the relevant username, click 'Check Names', select the relevant username, and click 'OK' three times to close.

PROBLEM:
Error: Windows Presentation Foundation Terminal Server Print W has encountered a problem and needs to close. We are sorry for the inconvenience.

When connecting Remote desktop from a Windows XP machine on to Windows Server 2008, and trying to print on a redirected printer, the print comes out fine but the error mentioned in the subject pops up. Microsoft suggests installing ".Net framework 3 with Sp1" and updating the file Tswpfwrp.exe. The .Net fix did not solve the problem for any computer in my organization, updating the Tswpfwrp.exe file did.

RESOLUTION:
1. Copy the file Tswpfwrp.exe from any Windows Vista or Windows 7 machine located in System32 folder
2. Paste the file in System32 folder of the windows XP machine.

Connecting to remote desktop and printing should now work without error.

PROBLEM:
How to Sync Windows 2008 to NTP?
How to add Authoritative NTP Server to AD?
How to setup NTP to External NTP Server?

SOLUTION:
On AD server that is running Windows server 2008 / 2008 R2 you should run command prompt with administrative rights (right click / run as administrator).

First check difference between your server and external time source (in my example pool.ntp.org)

Command: w32tm /stripchart /computer:pool.ntp.org /samples:5 /dataonly

Example:
C:\>w32tm /stripchart /computer:pool.ntp.org /samples:5 /dataonly
Tracking pool.ntp.org [194.249.198.37:123].
Collecting 5 samples.
The current time is 24.6.2011 13:29:08.
13:29:08, +08.8351541s
13:29:10, +08.7976694s
13:29:12, +08.8065559s
13:29:14, +08.7534768s
13:29:16, +08.7956427s

Confiure your server to use external NTP time source for sync:

Command: w32tm /config /manualpeerlist:pool.ntp.org,0×8, /syncfromflags:manual /reliable:yes /update

Example:
C:\>w32tm /config /manualpeerlist:pool.ntp.org,0×8, /syncfromflags:manual /update
The command completed successfully.

Force sync immediately:
Command: w32tm /resync

Example:
C:\>w32tm /resync
Sending resync command to local computer
The command completed successfully.

I will now retry the first command to see the results:

C:\>w32tm /stripchart /computer:pool.ntp.org /samples:5 /dataonly
Tracking pool.ntp.org [193.2.111.2:123].
Collecting 5 samples.
The current time is 24.6.2011 13:19:20.
13:19:20, +00.0485657s
13:19:22, +00.0415741s
13:19:24, +00.0380984s
13:19:26, +00.0342493s
13:19:28, +00.0310221s

PROBLEM:
How to reset TCP/IP Stack in Windows XP
Reset Network Stack Windows XP

SOLUTION:
The reset command is available in the IP context of the NetShell utility. Follow these steps to use the reset command to reset TCP/IP manually:1.To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
cmd

2.At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt
Note If you do not want to specify a directory path for the log file, use the following command:
netsh int ip reset resetlog.txt

3.Reboot the computer.

PROBLEM
How to launch MSCONFIG from command line?
Location of MSCONFIG

RESOLUTION
C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

Save everything below as Set-Exchange2010IISConfig.ps1



<# 
.SYNOPSIS 
    Script provides common configuration of Exchange 2010 RTM & SP1 specific IIS settings.
.DESCRIPTION 
    Redirects / to /owa recommended vdirs
    Configures rights on web.config file for OAB
    Restart IIS
    Redirect 80 to 443
    Force SSL
.PARAMETER URL
    Include this paramter to specify the FQDN of the Exchange server or array.  If ommitted the script will attempt to determine the FQDN and prompt user for confirmation.
.PARAMETER ForceSSL
   Sets Exchange specific virtual directories to require SSL.
.PARAMETER RedirectUrl
    Sets default website to redirect to /owa.
.PARAMETER RedirectProtocol
    Creates custom 403.4 error page to redirect to https://<URL>/owa
.PARAMETER AclOAB
    Adds READ permissions for NT Authority\Authenticated Users to ClientAccess\OAB\web.config file. This switch will NOT create an IIS Backup.
.PARAMETER IISReset
    Restarts IIS at the end of script execution.
.NOTES 
    Author       : Robert Durkin
    Email Addr   : rdurkin (at) ehloworld.net
    My Blog      : http://ehloworld.net
    Rights Req   : Local Server Admin (Run As Administrator)
    Exchange Ver : 2010 & 2010SP1
    Disclaimer   : THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK. BE SURE TO TEST!
    Version      : 1.0 - 04/26/2010 - initial version
                 : 2.0 - 08/02/2010 - Modified to removed httpredirect from all sub sites.
                                      Added custom error message
                                      Removed manditory parameters and detect URL from ClientAccessArray.
                                      push and pop starting location
                 : 2.1 - 08/03/2010 - Added the detection of the ClientAccessArray and the ability to use that or specify your own.
                 : 2.2 - 08/03/2010 - Can detect 403.4 error page and remove to allow script to update error page redirect value.
                 : 2.3 - 03/02/2011 - Added several switch paramters to allow for modular execution of script.
                                      Checks to make sure the script is being run on an Exchange 2010 CAS server.
                 : 2.4 - 03/04/2011 - Checks for proper execution.
                 : 2.5 - 03/21/2011 - Updated redirection function to update the applicationhost.config file with the /commit:apphost parameter
.LINK
   http://ehloworld.net/?p=104
.EXAMPLE
   .\Set-Exchange2010IISConfig.ps1 -url "mail.ehloworld.net" -ForceSSL
.EXAMPLE
    .\Set-Exchange2010IISConfig.ps1 -RedirectUrl -RedirectProtocol
.INPUTS
   None. You cannot pipe objects to this script.
.OUTPUTS
    If changes are made to IIS configuration a backup of the configuration will be created in the <Windows Directory>\System32\inetsrv\backup directory.   
#>

#Requires -Version 2.0

param(
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][string] $URL,
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][switch] $ForceSSL,
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][switch] $RedirectUrl,
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][switch] $RedirectProtocol,
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][switch] $AclOAB,
   [Parameter(Mandatory = $false,valueFromPipeline=$true)][switch] $IISReset
) #end param

###################
# Begin Functions #
###################

function GetExchangeInstallPath
{
    # Get the root setup entires.
    $setupRegistryPath = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v14\Setup"
    $setupEntries = Get-ItemProperty $setupRegistryPath
    if($setupEntries -eq $null)
    {
        return $null
    }

    # Try to get the Install Path.
    $InstallPath = $setupEntries.MsiInstallPath
    return $InstallPath
} # end GetExchangeInstallPath

function UseArray
{
    #Check for a defined CAS array and give user the option to use that.  Or, specify their own root URL
    $ArrayFQDN = (Get-ClientAccessArray).FQDN
    IF ($ArrayFQDN) {
        $title = "Client Access Array detected."
        $message = "Use $ArrayFQDN for URL redirection?"
        $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Configure URL redirection based on the root URL: $ArrayFQDN"
        $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Do not use the detected URL and allow you to specify your own."
        $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
        $result = $host.ui.PromptForChoice($title, $message, $options, 0)
        switch ($result)
            {
                0 { return $ArrayFQDN }
                1 { return Read-Host "`nPlease specify root URL for redirection.`nFor example, if your OWA site is located at `"https://owa.ehloworld.net/owa`" you would specify `"owa.ehloworld.net`"" }
            }
    } #endif
} #endfunction UseArray

function BackupIISConfig
{
    Write-Host "Backing up current IIS configuration" -ForegroundColor green
    pushd
    Set-Location "$env:windir\System32\inetsrv"
    $backup = "Exchange IIS Backup "+(get-date -format "MMddyyyy-hhmmss")
    .\appcmd.exe ADD Backup $backup
    Write-Host "Backup saved to: $env:windir\System32\inetsrv\backup\$backup" -ForegroundColor Green
    popd
} #ENDFUNCTION BackupIISConfig

##############
# Begin Main #
##############

## Check for proper command execution.
IF (!$URL -and ($RedirectUrl -or $RedirectProtocol)){  #If the URL is not specified and a switch that uses it is, try and determine.
    $URL = UseArray
} ELSEIF ($url -and (!($RedirectUrl -or $RedirectProtocol))) {
    Write-Host "URL has been specified, but no associated action specified. Include '-RedirectUrl' or '-RedirectProtocol' with the -URL switch.`n" -ForegroundColor Yellow
    Write-Host "Reference help by running Get-Help $MyInvocation.InvocationName" -ForegroundColor Yellow
    IF (!($AclOAB -or $ForceSSL -or $IISReset)) {
        Write-Host "Script execution doesn't include any needed switches. Please specify action.  Displaying Help." -ForegroundColor Yellow
        Get-Help $MyInvocation.InvocationName
        Exit 0
    }
} ELSEIF (!($AclOAB -or $ForceSSL -or $IISReset)) {
    Write-Host "Script execution doesn't include any needed switches. Please specify action.  Displaying Help." -ForegroundColor Yellow
    Get-Help $MyInvocation.InvocationName
    Exit 0
}

If (!(Get-ExchangeServer -Identity $env:computername) | %{$_.IsClientAccessServer -and $_.IsE14OrLater}) {
    Write-Host "This is not an Exchange 2010 Client Access Server, which is where it MUST be run." -ForegroundColor Red
    Exit 58
}

## Any IIS Changes made will set this to $True and prompt user for iisreset.
$StuffChanged = $False

Write-Host "Preparing execution environment: Loading ServerManager" -ForegroundColor Green
Import-Module ServerManager
if ((Get-WindowsFeature web-http-redirect).installed -eq $false){
   Write-Host "Preparing execution environment: Loading web-http-redirect feature" -ForegroundColor green
   ServerManagerCMD -i web-http-redirect
}

#Add/Update Custom Error Message
IF ($RedirectProtocol) {
    Write-Host "Configuring Protocol Redirection." -ForegroundColor Green
    pushd
    Set-Location "$env:windir\System32\inetsrv"
    IF (.\appcmd list config /section:httpErrors | where { $_ -like "*statusCode=`"403`" subStatusCode=`"4`"*" }) {
        Write-Host "Found 403.4 Error Page; REMOVING" -ForegroundColor yellow
        .\appcmd set config /section:httpErrors /-"[statusCode='403',subStatusCode='4']"
    }
    Write-Host "Creating Custom 403.4 Error Page" -ForegroundColor green
    .\appcmd set config /section:httpErrors /+"[statusCode='403',subStatusCode='4',path='https://$URL/',ResponseMode='Redirect']"
    popd
    $StuffChanged = $True
} #END RedirectProtocol

IF ($AclOAB) {
    Write-Host "Setting ACL on OAB web.config file." -ForegroundColor White -NoNewline
    $PathToFile = (GetExchangeInstallPath)+"ClientAccess\OAB\web.config"
    if (Test-Path($PathToFile)){
       icacls $PathToFile /grant:R 'NT Authority\Authenticated Users:R'
      Write-Host "  :  [Complete]" -ForegroundColor Green
    } ELSE {
      Write-Host "  :  [Missing]" -foregroundcolor Yellow
      Write-host "No web.config file does not exist." -ForegroundColor DarkYellow
   }
} #END AclOAB

## Configure URL Redirection
IF ($RedirectUrl) {
    Write-Host "Configuring redirection to $URL" -ForegroundColor Green
    BackupIISConfig
    pushd
    Set-Location "$env:windir\System32\inetsrv"
    .\appcmd set config "Default Web Site" /section:httpRedirect /exactDestination:false /childonly:true /enabled:true /destination:"https://$URL/owa" /commit:apphost
    .\appcmd set config "Default Web Site/Aspnet_Client" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/Autodiscover" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/EWS" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/ECP" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/Microsoft-Server-ActiveSync" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/OWA" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default web site/PowerShell" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default web site/OAB" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/Rpc" /section:httpRedirect /enabled:false /commit:apphost
    .\appcmd set config "Default Web Site/RpcWithCert" /section:httpRedirect /enabled:false /commit:apphost
    popd
    $StuffChanged = $True
} #End URL Redirection

#Configure SSL
IF ($ForceSSL) {
   Write-Host "Setting SSL configuration" -ForegroundColor green
    BackupIISConfig
    pushd
    Set-Location "$env:windir\System32\inetsrv"
   .\appcmd set config "Default Web Site" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Aspnet_Client" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Autodiscover" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/EWS" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/ECP" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Exchange" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Exchweb" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Microsoft-Server-ActiveSync" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/OWA" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default web site/PowerShell" /section:access /sslFlags:"" /commit:apphost
   .\appcmd set config "Default web site/OAB" /section:access /sslFlags:"" /commit:apphost
   .\appcmd set config "Default Web Site/Public" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
   .\appcmd set config "Default Web Site/Rpc" /section:access /sslFlags:Ssl /commit:apphost
   .\appcmd set config "Default Web Site/RpcWithCert" /section:access /sslFlags:"Ssl,Ssl128" /commit:apphost
    popd
    $StuffChanged = $True
} #END ForceSSL

IF ($IISReset) {
    Write-Host "Restarting IIS." -ForegroundColor Green
    iisreset /noforce
} ELSEIF ($StuffChanged) {
        $title = "IIS Reset Required."
        $message = "Changes have been made that require an IIS reset to apply.  Would you like to reset IIS now?"
        $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Reset IIS."
        $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Do not reset IIS."
        $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
        $result = $host.ui.PromptForChoice($title, $message, $options, 1)
        switch ($result)
            {
                0 { iisreset /noforce }
                1 { Write-Host "IIS has not been reset. Changes will not be applied until IIS is reset.  To reset IIS run: 'iisreset /noforce'". -ForegroundColor Yellow }
            }
} #END IISReset

When moving mailboxes from Exchange 2003 to Exchange 2007 or Exchaneg 2010 either from Exchange Management Console or Powershell using the move-mailbox or new-moverequest cmdlets the move operation might fail with the following error.

Active Directory operation failed on server.domain.com. This error is not retriable. Additional information:
Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], ADOperationException
+ FullyQualifiedErrorId : 6C39B6E8,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest



RESOLUTION:

At first sight it looks like the user initiating the move mailbox doesn't have enough rights to perform this operation, however that user can move other mailboxes just fine.

Here is how to solve the issue


Open Active Directory Users and Computers
From the View menu select "Advanced Features"

Find the user causing the problem and right click properties
Go to the Security Tab
Then Click on Advanced
Check the "Include Inheritable permissions from object's parent"

Issue the move mailbox operation again that should solve it