Roachys Weblog

I’ve seen so many people attempt to restore Exchange and fail using Microsofts built in tools, or come unstuck because they want to restore a single mailbox, that I thought I’d document the free method of backing up Exchange that we use, so that it will hopefully help others.

One of the tools available from Microsoft free is Exmerge.  It allows individual mailboxes to be individually exported to PST files, which can then either be re-imported back into Exchange or simply opened in Outlook.  Exmerge is available from http://www.microsoft.com/downloads/details.aspx?familyid=429163ec-dcdf-47dc-96da-1c12d67327d5&displaylang=en

Extract and save to the Exchsrv/bin directory, and when the appropriate mailboxes have been selected, destinations set save the configuration.  This will create an exmerge.ini file.

This can then be scripted in a batch file and run as a scheduled task.  I create a folder on the local disk of the Exchange server (although this can be done to a mapped drive) for each day I want the backup to run.

My exmon.bat file reads:

D:\exchsrvr\bin\exmerge.exe -F C:\scripts\exmon\exmerge.ini -B

Which runs the exmerge.exe, with the options specified in scripts\exmon\exmerge.ini and runs the script as a batch job using the -B switch.

To clean the folder prior to running, I have a separate batch file that runs earlier on the same day that runs

del /F /Q /S z:\Exchange\exmon\*.*

Subsequently to back up the PST files to a separate server I use the excellent BackupPC running on a Debian server.  Installation instructions for Debian are here: http://www.debianhelp.co.uk/backuppc.htm

The BackupPC box is confugured to access the SMB share that the PST’s are stored in, as well as additional file shares on the server.  BackupPC supports incremental backups and backups via a variety of methods (including SSH and rsync, as well as SMB).

It’s also possible to archive off historic backups for off-site using the archive functions within BackupPC.  As a free solution for backing up mailboxes and beiong able to recover easily (with version control) this is very effective…

Following a reboot of our Exchange 2003 server, the Pop3 service stated it was started, but on trying to connect to port 110 using telnet it just popped up “connection to the host lost”.  When we attempted to restart the service it hung when starting – there were no events in the event viewer following the stopping of the service.

The solution was to kill the process in Task Manager (inetinfo.exe).  We found it immediately re-spawned and worked…

I’ve just had to migrate a batch of printers to a new AD print server. Fortunately this process was made somewhat painless by the Microsoft Print Migration tool available here:

http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=9b9f2925-cbc9-44da-b2c9-ffdbc46b0b17&displaylang=en

Outlook web access does not allow the inclusion of images by default. However it is possible to embed the image within the signature.

First upload the image you wish to include to a web server and make a note of the full path. ie, http://www.yourdomain.com/images/companylogo.jpg.

Then create a new signature in Outlook and ensure the path of the image on the signature points to your webserver. You can find the raw signature files in “C:\documents and settings\username.domain\application data\microsoft\signatures” on Office 2007/XP.

You can then edit the raw signature in Notepad.This is an ideal opportunity to tidy up the messy html created by Outlook when designing the signature in the first place. Find the image src and edit to point to the full path of the hosted image

Send an email with the signature embedded to the users email address and open the email within OWA (in IE). Copy the signature then go into Options -> Email Signatures and paste in the signature.

The Network-Manager pptp client in F10 just wasn’t working for me.  Nothing in the logs, not output….just nothing at all. The pptpconfig client is  a far better solution – it’s available from : http://pptpclient.sourceforge.net.  Unfortunately there are no installation documents available for F10 – it is easy to install though:

#rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc10/pptp-release-current.noarch.rpm

# yum –enablerepo=pptp-stable install pptpconfig

# pptpconfig

….enter the details of your PPTP account and connect.  Add additional routes if required

For a while I’ve been fighting the good fight with poor stability using the webDav Exchange connection in Novell evolution.  This has now been replaced with a more functional solution (proper native MAPI support) in Ubuntu 8.10 and will be soon in Fedora 10 with OpenChange.

Finally, Evolution is behaving as you might expect it to when connecting to an Exchange server – the improvements are immense, both in stability and functionality.

The OpenChange site is here for more information:

http://www.openchange.org/index.php?option=com_frontpage&Itemid=1

Hopefully this will be an end to using a buggy interface and the all to frequent crashes, along with the curse of occasional missing mail items.  I’ve only been using it for a day, but already I’m loving it!

I’ve just finished installing a pfSense firewall as a second gateway for a network that required a dedicated internet connection for some services. Some of the hosts on the network use the main office internet connection as their default gateway. As a result of this I was unable to connect to these hosts from remotely via the VPN, as the return path for the packets attempts to go via the primary internet connection, rather than via the VPN.

I had a quick glance at the pfSense/OpenVPN docs to see whether there was anything I could specify in pfSense and they stated that the machines needed to use the pfSense as the default gateway – this was unacceptable for our purposes here (one of the devices in question is the Asterisk VoIP server on the network which needs to use the other Internet connection for it’s external traffic). There is an easy solution to this however by simply adding a static route back to the IP range issued to DHCP clients via the pfSense’s internal IP.

This looks something like this:

Effectively any internal machines that need to be visible over the VPN need to have an appropriate return path configured. The DHCP scope I have used for VPN clients is 10.0.200.0/24.
For linux machines on the network, the route can be added on a temporary basis (ie. until reboot) by entering the following command on the host:

route add -net 10.0.200.0/24 gw 10.204.6.1

or permanently by adding an entry into the /etc/sysconfig/static-routes (on Centos as per http://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-networkscripts-static-routes.html)

On Windows hosts this can be achieved by adding a persistent route:

route add -p 10.0.200.0 mask 255.255.255.0 10.204.6.1

By default, Microsoft exchange uses the username when creating email addresses for users using Recipient Policy.

eg.

username@domainname.com

However, in many cases the standardised email address format is slightly different – for example:

firstname.lastname@domainname.com

This is actually really easy to edit in the Exchange System Manager using a few variables:

%g  = Given Name (First name).
%3g = means first 3 letters of Given Name
%s  = Surname (Last name).
%3s = means first 3 letters of sn.
%d  = displayname.
%m  = Exchange alias.

Once this has been edited, just right click on the Policy and click Update this Policy now.

Sometimes it’s necessary to discover the MAC address of a remote system on a network quickly (for example when setting up DHCP scope reservations). It’s fortunately a really easy process to determine this information.

First of all, ping the remote host, then run an

arp -a

at the command line.  This will give you the MAC details.  The catch is that this only works on the same subnet – when trying to do this on a remote subnet (on the other side of a router, etc) you won’t get a response…there is a solution for this though, as long as the remote host you want to determine the MAC for is a Windows host.

NBTscan is a tool that can do this (and is available from the repositories on most linux distros (or at least on Debian, Ubuntu and Fedora, and is  also downloadable for Windows )

It looks like following Dan Kaminsky’s exploit being made public the first attacks have been reported on DNS servers:

http://www.techcentral.ie/article.aspx?id=12375

I can’t believe that there are many people out there who haven’t yet patched their DNS servers……but it’s worth checking on the Doxpara site (http://www.doxpara.com/)

…that is, of course unless you’re DNS has been hijacked and you are being sent to a spoofed doxpara site

Still bad news for those running Mac DNS servers as Apple still haven’t released a patch, although apparently the Bind team have stated that the BSD version of the patch can be ported….

Further info here:

http://xforce.iss.net/xforce/xfdb/35575