Exchange 2003 services erratic or stopped after FSMO role transfer and DC demotion

We had problems with Exchange 2003 server after transferring FSMO roles from the DC server to a different DC server and demoting the original server to a basic file server (Exchange server was completely separate i.e. not a DC).

The process of transferring FSMO roles and demotion as described in these MS articles:
http://support.microsoft.com/kb/324801

http://support.microsoft.com/kb/238369

went through without any problems but later in the day we had reports from Exchange users that they could not get email – Exchange server was acting erratically and eventually services stopped altogether.

It transpired that the Recipient Update Server (RSU) was at fault. The RUS needs to use a Global Catalog server (typically there is only one per domain). It was looking at the old server for the Global Catalog. I tried to change it to the correct server but ran into an error when trying to select the DC stating ‘The operation failed. ID no 80004005 Exchange System Manager’.

I checked there were no rogue records in AD of old DC servers using Petri’s excellent article: http://www.petri.co.il/delete_failed_dcs_from_ad.htm, but no old servers were listed.

As I could not change the RUS settings through the system manager I looked for another way to change them and found this solved the problem:

Open ADSI Edit and navigate to ConfigurationServicesMicrosoft Exchange<Organization Name>Address Lists ContainerRecipient Update Services.

On the right side, you will see the RUS links listed.

Right click on the relevant RUS and select Properties.

Where you see “Select a property to view:” select msExchServer1NetworkAddress.

You should see the current Domain Controller listed.

Click on the Clear button

Change to correct server and click Set and OK

Restart the Microsoft Exchange System Attendant Service

 

Windows Server Strict Naming not allowing server alias names (CNAME DNS records)

By default Microsoft Windows Server only allows clients to access it via file manager (SMB access) using the name of the server. It will not allow you to use an alias e.g. a CNAME alias setup in the DNS server records.

To rectify this follow instructions in this Microsoft article:

http://support.microsoft.com/kb/281308/en-us

This opens up all sorts of possibilities e.g. for SQL mirroring we can give servers names like SQL_Principal, SQL_Mirror, SQL_Witness rather than their actual names which means if we bring a new server online we can simply change the DNS record to the new IP of the server. Or our Exchange server has an alias of Exchange and all our Outlook clients point to Exchange on our domain rather than the actual server name – again a simple DNS change is all that is required to swap servers.

DNS Records not updating for DHCP clients

When we setup Microsoft DHCP and DNS servers we found that when client machines obtained new DHCP IP addresses on the local subnet the relevant A and PTR records were not added to the DNS server. This manifested itself when client machines could not be pinged.

Apparently the DNS records are not updated unless a client machine requests it – which does not happen when a new address is obtained.

To change this behaviour:

This is a modified configuration supported for Windows Server 2003-based DHCP servers and clients that are running Windows Server 2003, Windows 2000, or Windows XP. In this mode, the DHCP server always performs updates of the client’s FQDN and leased IP address information regardless of whether the client has requested to perform its own updates.

To configure a DHCP server to register and to update client information with its configured DNS servers, follow these steps:

  1. Open the DHCP properties for the server
  2. Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.

 

Does not print or prints strange characters when using Terminal Server/RDP Easy Print service

We recently upgraded to Windows 2008 R2 terminal services/RDP and started getting reports from Windows XP users that they could not print and were getting error messages or were getting strange characters being printed when using the new Easy Print service.

Easy Print uses the local printer drivers rather than requiring the drivers to be installed on the terminal server – very useful to admins!

To solve this make sure that .NET framework 3.5 is installed.

Made sure that youhave Version 7 of TS client installed on the XP machine.

You can download this from: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=20609
(Note: even though this is version 7 it shows up as V6.1 under the file version in XP!)

Renamed this file: c:windowssystem32TsWpfWrp.exe to TsWpfWrp_OLD.exe (this was version 3.0.6920.1109 on our XP machines) just as a backup.

Copy a Win 7 version of the file to the same location – latest version we found was 3.0.6920.1201.

This solved both the error coming up and weird characters being printed.

Breakthepaywall 1.3.0 now available

BreakthePaywall! is a free add-on for Internet Explorer 7 or higher using Windows XP, Windows Vista or Windows 7 that simplifies using the various methods for circumventing website paywall restrictions.

NEW Version 1.3.0 now available! – this latest release solves the problems with Microsoft’s August 2011 update for IE which changed the way cookies are stored and also adds functionality for deleting Flash cookies and HTML5 DOM Storage. Go to the download area to install the latest version.

Locking after Autologon using Wizmo

We occasionally have to setup a server to autologon after a re-boot.

This is usually required to support an application that needs to be logged on e.g. to perform data updates every 12 hours.

Autologon can be achieved by following the instructions in the following Microsoft article: http://support.microsoft.com/kb/324737

However, once logged on the desktop is accessible by anyone. For instance you may have a remote terminal application like VNC running for remote access to the server – if someone tried to connect the server IP using VNC they will get immediate access to the desktop without having to enter a password.

We needed some way of locking the desktop immediately after logging on – enter ‘Wizmo’, a utility created by the great Steve Gibson at Gibson Research. Amongst the many functions of this neat utility is a locking function. You can run it from the command line as follows:

wizmo.exe lock

Just create a batch file or script file with this command and put it in the startup folder of the profile you are autologging on as.

Wizmo can be downloaded from: http://www.grc.com/wizmo/wizmo.htm