Microsoft

Domain Controller Replication Failure

Leave a comment

I have a client that has two domain controllers. When rebooting the PDC, we noticed that access to the Exchange server would stop. Traced the issue back to a GC not being found problem. Added the second DC to be a GC (it’s not recommended to have the Infrastructure Owner be a Global Catalog server, but with only 2 servers to play with…) so that the user systems would be able to use secondary DNS.

But then I noticed in the eventviewer that we were receiving an error:
Replication Failure: The reason is: The source server is currently rejecting replication requests.
Not good.
You can find out the exact error easier by going to Start >> Run >> replmon. Add your entire domain to the list, then expand out the servername. You’ll see red x’s on the non-replicating servers. Click on one of those red x’s to see the exact logs.

The fix:
In a command window, type:
repadmin /options SERVERNAME -DISABLE_INBOUND_REPL
repadmin /options SERVERNAME -DISABLE_OUTBOUND_REPL
The “-” is very important in this instance. It removes the restrictions. + would therefore add the restrictions.

Linux

Anti-SPAM SMTP Gateway

Leave a comment

Ah joy of joys. One good, and bad, thing about Exchange 2007 is that you need to run a separate installation of an SMTP gateway. It’s good for security and also for lowering the load on the exchange server. It’s bad because that’s one extra point of failure, and it won’t work straight out of the box.

Up until recently we’ve been running a custom installed MAIA/Postfix/ClamAV/SpamAssassin server. The problem we’re encountering is the huge database files created by MAIA. Logging of every email is necessary, but we’re growing by 1GB every week. MySQL is a nice server, but even it has limits. One of those limits is when the server grows to the max of the HD – then all services stop. Never a fun time.

So as a backup plan, we installed a standard Ubuntu server running a standard SMTP postfix configuration. Only issue with that is it doesn’t have the anti-SPAM/greylisting (at least it has the AV installed). So instead of 99% of SPAM being blocked, it’s at 0%. Not fun.

Since I’m not the best at Postfix configuration, I decided to go with a package deal: ESVA (Email Security Virtual Appliance). Yes, it’s a virtual machine. You need to run a VMWare server of sorts (or workstation) in order to use this software suite. Click here for the website. So far it’s been a breeze to setup – it’s maintained by several people, has a forum board, and a few whitepapers on how to install/administer. I’ll be fully testing it out on a maiden voyage soon, so look for an update.

***UPDATE***

Here’s a few items that I learned during setup:
Stop “SPAM Not Delivered” messages
Edit /etc/MailScanner/MailScanner.conf and remove "notify" from the spam actions line.
Webmin stops working after an update or during initial setup. You MUST open webmin using the admin panel interface link (under tools).
If you want to edit the message body tags (the “scanned by ESVA” blah blah) go here:
/etc/MailScanner/reports/en
And edit the files you see (txt and html).
To keep /var low, do the following:
Turn on the script in /etc/cron.daily/clean.quarantine by changing the number 0 1
$days_to_keep = 14; in /etc/cron.daily/clean.quarantine
define(QUARANTINE_DAYS_TO_KEEP, 14); in /var/www/html/conf.php
INTERVAL 14 DAY in /usr/local/bin/mailwatch/tools/db_clean.php
esva-update and esva-configure are your friends
/etc/hosts is your friend too – You might need to add the IP of your mailserver and the name here

As a final update: I’m getting roughly 500MB worth of mail every day (SPAM and regular). It doesn’t appear to actually delete the SPAM as I have stated per the rules, but I set the days to keep quarantine to be 7 days instead of 14. 7 days X 500MB = 3.5GB. Weekends receive a ton less mail, so we’d probably be fine with 14, but I just want to make sure.

Microsoft

Show Extended Status Messages Windows

Leave a comment

I’m not a big fan of seeing the whole “windows is starting, please wait” crap that Microsoft makes me view upon startup. I like to know what’s really going on. Is it initializing something? Is it hung up? Am I wearing pants?

Well, that last part I can figure out on my own easy enough. And now I can figure out the first two as well. This requires the use of the trusty regedit application. Don’t make changes unless you know what you’re doing (or trust a guy who can tell if he is or is not wearing pants).

1.) Start >> Run >> Regedit
2.) Navigate to:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
3.) Add the following DWORD Key:
VerboseStatus
4.) Make sure the value of the DWORD is set to “1” (obviously no quotes)
5.) Reboot

Computer Hardware, Miscellaneous

Blackberry Curve 8300

Leave a comment

My work recently provided me with an all-expenses-paid Blackberry Curve 8300. Yay.

That’s both a good and a bad thing.
Good: I have a free phone that I can always check on my work email, personal email, sports scores, talk with people, take pictures of products, etc.
Bad: I have a device that keeps me always in contact with people that need my help.

So I’ve had it for about a month now. I stopped using the silly leather holder they provide in favor for a easier approach: I just lock it and throw it in the pocket.

Then, just yesterday, I stopped being able to move the ball to the left. Correction, I could move the ball to the left, but the cursor wouldn’t recognize any of my efforts. Up, down, right – they all worked just fine.

I’m not one to just sit around sulking, so I jammed a skinny flat screwdriver under the plastic (but metal looking) ring that holds the trackball in place. You can do the same – just above the T and Y keys. Just slowly pry it up, then the ring comes out. Then you can flip the whole phone upside down and the trackball assembly falls gently into your hand.

Blackberry Curve
Blackberry Curve

This is when I noticed a piece of crud (technical term, I know) on one of the wheels that spins. Crud free is the way for me!

Needless to say it all works now. Pretty sure I put the wheel back in upside down, but it doesn’t matter to the phone.

Linux, Troubleshooting

Ubuntu Repositories Download Speed

Leave a comment

I recently upgraded my working Ubuntu 7.10 to Ubuntu 8.04. I hadn’t used the computer in about a month, so there were quite a few updates to do. Namely 83 updates.

sudo apt-get update
sudo apt-get upgrade

It was flying at anywhere from 300KB/sec to 950KB/sec on most of the packages, but then would falter down to 4000bytes/sec (and sometimes even less). I figured it was the Repositories getting nailed, or my network connection becoming unruly.

But, after searching for a while, I found the answer: the us.archive.ubuntu servers are SLOW. Doesn’t matter that the servers reside in the same country I’m located.

Edit the /etc/apt/sources.list file to remove the “us.”

cd /etc/apt
cp /sources.list sources.list.old
nano sources.list

Anywhere it says “us.archive.ubuntu” remove the us., then it should say “http://archive.ubuntu” etc.

Linux

Analog On Ubuntu

Leave a comment

This is a step by step process to install Analog logging server for apache on Ubuntu Server.

Update your ubuntu server
sudo apt-get update
sudo apt-get upgrade

Install analog
sudo apt-get install analog

Edit analog config file
sudo nano /etc/analog.cfg

Now I ended up putting in the following:

OUTFILE /var/www/stats/report.html
HOSTNAME “My Site”
MONTHLY ON
WEEKLY ON
DAILYREP ON
REQUEST ON
DIRECTORY ON
SEARCHWORD ON
SEARCHQUERY ON
BROWSERSUM ON
OSREP ON
FAILURE ON
REQLINKINCLUDE pages
REFLINKINCLUDE *
REDIRREFLINKINCLUDE *
FAILREFLINKINCLUDE *
SUBBROW */*
SUBTYPE *.gz,*.Z

And I kept all the search engine and page include stuff by default.

You can then run a crontab to allow the script to run every hour or day or month.
For everyone’s reference, here’s my settings in Crontab:
sudo crontab -e
15-45 * * * * /usr/bin/analog
That forces analog to run 15 and 45 minutes after every hour, every day, every week, every month.

Ramblings Of An IT Person