I have 2 sets of data in separate sites that are mirrors of each other. The 2nd set is a clone of the 1st set. However, the 1st set will be the live data and therefore will be changing going forward. We need to setup DFS between the two, with the second set acting as a receive only. This is fine, we can do that. My query is, when I initiate DFS, is it going to try and re-copy everything over again, or will it realise that most stuff already exists and is the same and therefore no need to copy / change it? Thanks
I have a situation whereby there are 3 sites.
Site a - User site
Site b - User site
Site c - datacentre
Site a can talk to site c fine Site b can not talk to everything in site C
In particular, workstations in site b are struggling to communicate properly with site c. For example - there are servers that we can ping, tracert, even telnet on port 80 (or other app ports) to but cannot for example browse network shares on them. Microsoft Network Monitor shows connections are made during these attempts, but I cannot browse and get the following message:
"\\server\share" is not accessible. You might not have permissions to use this network resource. Contact the admin of this server to find out if you have access permissions. The specific network name is no longer available.
The server is available and I do have access. I can access without issue from Site A.
Where should I start looking?
I am struggling to find a decent way to do this. For one reason or another (not important, it is what it is) we have a rather a lot of users who are disabled but are still a member of all of their pre-disable groups. This is causing a few issues such as distribution list failures, difficulty enumerating ACL's etc.
Does anyone know of an easy way to bulk remove groups from users that are disabled? For ease, they all exist in one container now so if its something that can be done on container level, that's useful. Also, I know we could delete the accounts, but for auditing and cross linking with our HR system, that is not possible.
I have a situation with the following setup:
ESX Host - ESX1 Vmware guest os : box1,box2,box3,box4.
There is a special VPN connected to box1 and box3.
All of the guest OS's have full access to the rest of the network.
My aim is to have two groups:
box1 and box3 in one group box2 and box4 in another group.
These should only have access to their own group, and the vpn that comes into box1/2. They should not be able to see the rest of the network.
Due to some port and vm issues, is there a way I can do this from the guest OS's? using internal firewall or ipsec etc?
The aim is to have a duplicate AD environment from our real network, setup on the box3 and box4. Needs to be a duplicate and co-exist as this is dev for some interfaces from other systems, that I cannot pipe of to a dev environment.
A bit of a strange request, but I am hoping someone can poke me in the right direction.
Thanks
The situation is this. I have 2 terminal servers in an estate with lots and lots of servers. The TS's can be used by anyone and will primarily be used for remote working (via a VPN solution). The users who will use the TS will also be using other desktop machines, and appropriate group policies for desktop builds etc are already in place.
What I need to do is move the c:\documents and settings folder to the D:\ drive for all users.
For various reasons, the profiles need to be local to the machine and a D: drive with suitable space has been created.
I have setup some test users with a Terminal Servers Profile setup within AD with the following settings:
Profile Path: d:\profile\%username%
Terminal Services Home Folder | Local Path: d:\profiles\%username%
With this done on the d: drive a profile folder with the username will be created, but only a "Windows" fodler will be created in there. THe normal documents and settings stuff still appears in the C Drive.
How do I stop this and point all at D:\ drive?
For info, I have started with fresh accounts.
I have a situation where I have and ISA 2006 server (on Win2k3) that has an internal and an externaly facing NIC's. All works fine but I need to add a couple of routes for the following reason:
- Our monitoring software is on a different network.
- Our Terminal server is on a different network.
Currently, access to the internet, through this proxy server, from the terminal server fails. Also, monitoring of the ISA server via a remote monitor or the installed agent talking to the remote monitor (BMC) also fails. The default enterprise rule on ISA blocks the traffic as I beleive it doesn't trust / know about those networks.
Here is my routing table:
I need to add a couple of address, but this one being the main one: 192.168.245.137 / mask 255.255.255.192 / gateway 192.168.245.129
But I can't get it to work. Routing is not my strong point but at the moment have no one else available to help. Can you offer any assistance?
Please ask if you need more info
OK So the environment is Exchange sp on Windows 2003 server. This weekend we had to move a bunch of users of off one information store that was corrupt and onto a temp store delete the original dodgy store and then move the users back from the temp store to one of the three other stores under the same original storage group.
Since then we are having some weird access issues relating to calendars. I am assuming it is all related, but it might not be.
The problem is that users are unable to see any calendars that they have previously had access to. The weird thing is, that some of the users in question are not ones who have been moved nor are they trying to access calendars that belong to people whose accounts have been moved. Hence my assumption its related but possibly not.
The message received is "Unable to display the folder. The calendar folder could not be found."
here is the kicker, if i move someone who is trying to access other calendars, to a different mailbox store (thereby creating a new email account and sending stuff over), things start to work again. this to me indicates a permissions problem however I am unsure in what way.
Looking for help out there please guys :)
Cheers
I have a complicated problem that I will try to explain.
We have a portal based website that is accessible from outside of our organisations infrastructure via username and password. Certain types of files are not accessible on the website to certain people in certain locations. The problem is not user specific; in sites where you can access the files, you can do it as any user, in sites you can not access the files, you can not access them on any user. The sites that can access / download the files do not appear to have anything in common - some work from some corporate buildings, some dont, some work from some home networks, some don't.
The only common factor I can see, is that when it does not work, it is for specific files only. Mainly .doc .xls .ppt .gif.
The mimetypes in IIS appear to be setup correctly and have not changed.
The setup of the server side of things is quite complicated.
There is a front end server that serves most pages, when one of the images (gif - jpg work fine) or a doc from the page are called, you either get an image placeholder or a gateway not found message. The files that are called, reside on another webserver which has a virtual directory on a further seperate server (a nas device).
The 2 webservers are Windows 2000 (iis5) and the nas with the data is windows 2003.
This is a new problem, up until now there have been no similar issues since the inception a couple of years ago.
Nothing obvious is showing in any of the event logs
IIS logs don't show anything obvious either - in fact, I have compared the get commands from a number of different client requests and all match up just fine - ie ones that work look like ones that fail.
Another thing to bear in mind, is that the system must know the file is there, as you get a bad gateway error. When testing with a fake file that doesnt exist, you get a 404.
I am sure there is info I have missed or you will need, to help me, so please ask.
I look forward to your ideas and responses.
Regards
Kip
We are about to start using a proxy.pac file in our environment. It will be a very simple file with most traffic going to the proxy but a handfull of sites going direct (where they are hosted internally etc).
We have a couple of sites that need adding to go direct, but only on specific ports. By this i mean
http://www.test.com - Through Proxy http://www.test.com:765 - Go direct
Anyone able to suggest how I do this, as I cant even get it to work with the in url option.
Thanks
Situation is this:
I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set).
These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry.
We have tried the password do not expire tickbox and that seems not to have worked.
Thanks in advance.
Kip
The organization in question currently has a GPO set which was primarily setup in IE6 days. This GPO enforced a non-changeable homepage of the company portal page. Since IE7 and tabbed browsing have been introduced, they would like to have the company portal opened as the home page and a second tabbed homepage set to a search engine (Google / Bing - Whatever).
I cannot see a way to do this with a Group Policy setting. It appears GPO is not tab / IE7 aware. Or is that just my version/system.
Can anyone suggest a way to do this?
I have an issue with a certificate authority in a windows 2003 domain. We need one configured to allow ssl/tls encrypted traffic over LDAP so that our Application Gateway server is able to allow users to change domain passwords.
I do not have a lot of knowledge on certificates and the server functions of a CA.
We have had a CA setup on a domain server that is not a domain controller. This appears to be fine. However, when trying to add a new Automatic Certificate Request under the Public Key Policies section, I get strange results.
When carrying out this action I choose the Domain Controller Certificate template and hit next I get the following screen:
alt text http://www.evilmunky.com/cafail.png
I would actually expect to be able to choose the CA server at this point. Clicking finsh, closes the wizard and there are no more options to choose from. Can anyone suggest some diagnostic steps I can take?
As a very diverse and technical bunch I thought I would ask the question here and see how people do things.
We have a requirement for people outside of our organisation / network / domain to view internal people's calendars for the purposes of booking meetings.
How do people in other places deal with this?
We are running XP / Office 2003 / Win 2003 domain / Exchange 2003
Can this be done with Sharepoint?
Any other clever ways to do it?
Look forward to your input.
regards
Kip
Good (insert appropriate time of day here) SF folks,
I have the following situation; We have a message size limit for sending set at 20mb in Global Settings | Message Delivery. We have a limit of 50mb set at an external 3rd party spam vendor. I need to enable some users to be able to send messages that are upwards of around 40mb in size. However, when I set the Sending Message Size Maximum to 50mb within the delivery restrictions of a users exchange properties, it would appear that this does not win.
It seems that the lowest value wins for this situation.
I need to be able to allow certain users to send messages larger than the 20mb limit, but to have everyone else have the 20mb limit in place. How can I do this? The only way I could see was to raise the limit set in Global Settings | Message Delivery to 50mb and then set everyone elses (bar the people who need increased limit) delivery restrictions max size down. But I cannot see an easy way to do the last bit hence my post here looking for advice.
There are valid reasons we need to send mail this size and whilst we are putting together other mechanisms for delivery this data, we still need to get this put in place.
Thanks in advance
Kip
I have a requirement to set the Outlook client to use a specific RPC port that will allow me to poke Outlook through our secure Application Level Gateway (Appgate). I have found article : KB 833799
That tells you how to setup a profile with a PRF file to use certain ports.
My question is this - do I need to force Exchange to use those ports (IE set Exchange to use those ports only) or can exchange continue to work on a random port basis.
If I do need to change them, how the heck do I do it and does it require a reboot?
Will it cause any adverse affects if i do this?
Also, does this need to be done on all exchange servers or can i get away with doing it on just the one that has mailboxes that need to access it in this way.
Thanks in advance for your help and suggestions.
Kip