• Exchange Script to List User Mailbox Sizes

    Exchange 2010 Command to List user mailbox sizes: 


    Used this script recently, actually just today, to list all the user mailboxes and their sized.

    List All user Mailboxes and Sizes on Exchange

    Start Exchange command Shell and rung the following command. it will list all the user mailboxes and send the adat to a text file. You can change the text file location or change to the directory in which you would like to same the file in, remove the path from the script so the files sames to the current location.  Of course, you must also specify the mailbox database from your server - replace "ExchangeServer" with your servername 

    This worked perfectly:

    Get-MailboxStatistics -Server 'ExchangeServer" | where {$_.ObjectClass -eq "Mailbox”} | Sort-Object TotalItemSize -Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}} -auto >> "c:Tempmailbox_size.txt”

  • Modify AD User Object Properties with ADSI Edit

    Modify AD Object User Properties with ADSI Edit

    There comes times where the UI interface like Microsoft Management console does not permit or as hard it is to belive does not have acecss to a user property that needs to be changed. With going too in depth about the scenario that led to the need to find another way to edit AD user propertied, there is a way to to it. Using ADSI edit, you can edit any property avaialbel and I suspect some that are not avaialble through normal administrative means such as a management console. Although i did not persue an alternate approach like using power shell scripting, i suspect there might be a way to do it through pweor shell too. 

    Using ADSI Edit to Change User Propertied in Active Directory

    In this case, there was a client who had migrated their email to Office 365. There on-site Exchnage server had consequently failed before it was correctly removed from the network and organization. This left users configured with mailbox properties. The situation was that the lcoal administrator wanted to hide and address from the Global Address list. The user could be seen in Office 365 and syncing to this user on the local on-site AD. They did not want to delete this AD account and so hence, it was stuck showing up in the Global address list. The wya to remove it wa to start the exchange management console or Command shell and check the box to hide the user from the global address list, this was not an option because as mentioend the exchange server was not accessible.


    AD User preoperties can be changed or modified with ADSI Edit  

    Strat ADSI edit, connect to the domain configuration context.. Then navigate to the desired user and property. In this case it was the "Hide Address" property. Set to True or 1 and exit. The email and user is not hiddent from the Global Address List. 

  • Android and iPhone ActiveSync Devices Not Displaying Email

    No Email Displayed on Android and iPhone ActiveSync Devices

    A recent client was having an issue with getting Active-sync email on their smartphone. The smartphone was an android but it did not matter weather it was an android, iPhone of other device. For example, I used a blackberry 10 simulator to test. I setup a test account on the Blackberry simulator smartphone and the account setup no problem but no email was displayed. 

    Stuck at Loading email on Android

    On the android, the account would setup but the display would be stuck at and not get past Loading. Messages never appeared and there was not send or receive functionality. 
    After trying various methods to fix the Stuck at Loading or no email being displayed at all depending on the Activesync device, the solution had to do with permissions.

    ActiveSync, no email displayed.

    Logically, this was not an area to look at and change first and experimenting with permission is a dangerous undertaking. That is why I created this post so perhaps another person dealing with this same issue will find this post rather quickly and not waste too much of their time trying to iron out the issues on the server and especially on the smartphone. As mentioned, all email accounts were setup using active sync and regardless of whether the phone's Activesync account was added using auto-discover or setup manually, the results were the same. 

    The customer in this case had their own Exchange server, they were not hosted with any exchange email and active-sync service. Their server has been migrated to newer versions over the years and they also used to have a BES (BlackBerry Enterprise Server) version or two. I believe the combination or the BES server itself had required or caused the permission to be changed somewhere in the distant past of this organization and now that setting change was causing issues with active-sync and smartphones and tablets.

    The setting as the image shows is the per user.
    Go to Active directory Users and Computers. find your user and right-click properties. When the properties page opens, click on the security tab, then click on the Advanced button, then check the box next to Inherit Permissions from Parent.  

    After this setting was updated on the test user, email displayed. Reconnect the account, or reboot the Microsoft Activesync device. Tried the same on another live account and that account then was able to not only log into their server, setup the account, on their phone but also was able to see and reply to messages.  



  • VPN Connection Disconnects Local Share Connections and Access

    PPTP VPN Connection Disconnects Local Share Connections and Mapped Drives

    To solve this problem, disable the option in advanced tcp setting to use the default gateway of the remote network.

  • vCloud Director Replace Self Signed SSL Certificate with CA signed

    VMWare vCloud Director 5.1 and 5.5



    Replace Self-signed SSL certificate with CA Signed cert.

    As many of do, we get a solution working whether it's from vmware or other software of applciation vendors. When all is good and working, we then look to get rid of those certificate warnings and errors caused and generated by using self signed certificates. Other times, changing out the self-signed certificate is just simply required and not done just for esthetics.  

    This is a proceedure for replacing self signed certificates for VMWare vCloud Director 5.5 with CA signed SSL certificates.
    The source for this proceedure was derived from vmware's documentation. There are a few things I wanted to add to this as the information is missing from vmware's documentation.

    I hope others are able to find this post and save themselves some time. The more experienced people who are replacing the certifctae will probably be able to work their way around the small issues encountered as I did. This will help those who are more unsure (or less sure depending on how you look at it). 

    Four things things I wanted to add.

      - Firstly, VMWare's process works. For those of you worried about something bad happening or Director breaking because of the swapping of certs, rest assured it will not (at least, it certainly did not for me). 
      -  VMware's documentation I suspect is recycled from earlier 5.1 or earlier SSL generating documentation (at the time this post was written, vCloud 5.5 documentation was lacking and most probably will be updated).  The reason for why I suspect this is because the generation of the certificate in the store is RSA and defaults to 1024 bit encryption. The certificate CA I used did not like this and wanted 2048. It just did not work with 1024. The keytool option for creating the 2048 bit encryption is not shown in vmware's documentation (it will certaintly be updated for sure).
      - Some CA authorities provide us not .cer files but .crt files. VMWare's documentation shows the import of .cer files however .crt file will work just as well for the root , intermediate and your SSL site and consoleproxy service certificates.
      - Confirmed, wildcard certs work without issue. Wildcard certs can be used for vCloud Director web and consoleproxy services.
    Let's begin the change process

    You most likely have a certificates.ks file already located somewhere on the vcloud director server's file system. It was created when you created the self singed certificates. If you did not create self signed certificates, that is okay too. A .ks (keystore file ) will be created when you follow this proceedure.

    I opted to create the keystore file in the /opt/vmware folder of the vClolud Director file system logged in as root.
    If there is already a .ks file there, rename it or move it out of the directory. It can get confusing if there is more than one file.

    Renaming, deleting, or moving the existing certificates.ks file will not stop any services. The keystore file is used by the director configuration script then it's not touched after that unless the configuration script is run again.

    My VMware vdirector server operating system is CentOS 6.4 x64. I have installed GNOME desktop and have gedit package installed as well. I have two vmware vcloud director servers both with the same version of CentOS (yes, I did the certificate swap from self-signed to CA signed on both servers).

    Recall from the installation of vCloud Director that you have two network interfaces; one for the http service (alias name http) and the other for the proxy service (alias name consoleproxy).

    - log in as root.
    - start your linux desktop if you installed one (in my case startx gets it going) then open a terminal window to proceed.

    - change directory to /opt/vmware (#cd /opt/vmware)
    - confirm (#pwd )

    - check for other keystores (#ls -al). This proceedure creates a certificates.ks file. If one alredy exists rename it.

    1. Create an untrusted certificate in the new keystore for the HTTP service.

    This command creates an untrusted 2048 bit certificate in a keystore file named certificates.ks. Note that we are using a 2048 bit encryption key. vCloud director documentation does not include the -keysize option.

    keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -keysize 2048 -alias http

    2. Answer the organizational keytool questions.

    The keytool will ask for fist and last name, type the fully qualified domain name associated with the IP address you want to use for the HTTP service - for example (this should be resolvable from Internet but could be internal as well).

    3. For the remaining organization questions asked by the keytool, provide appropriate answers for your organization and location, as shown in this example.

      What is your first and last name? [Unknown]
      What is the name of your organizational unit? [Unknown]:Cloud Engineering Dpt.
      What is the name of your organization? [Unknown]: your company name
      What is the name of your City or Locality? [Unknown]: your city
      What is the name of your State or Province? [Unknown]: your state or province
      What is the two-letter country code for this unit? [Unknown]: AU, or US, or UK, etc.
      Is, OU=Cloud Engineering Dpt., O="your company name", L="your city", ST=your state, C=AU

    Enter key password for (RETURN if same as keystore password):

    4. Create a certificate signing request for the HTTP service.

    This command creates a certificate signing request in the file http.csr. The CSR data is what you will provide to the CA authority when requesting the certificate from them.

         keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -certreq -alias http -file http.csr

    5. Create an untrusted certificate for the console proxy service.

    This command adds an untrusted certificate to the keystore file created in Step 1. Again, note the -keysize 2048 option.

         keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -keysize 2048 -alias consoleproxy

    6. When keytool asks for your first and last name, type the fully-qualified domain name associated with the IP address you want to use for the console proxy service.

    7. For the remaining questions, provide answers appropriate for your organization and location, as shown in the example in Step 3.

    8. Create a certificate signing request for the console proxy service.

    This command creates a certificate signing request in the file consoleproxy.csr.

         keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -certreq -alias consoleproxy -file consoleproxy.csr

    9. Send the certificate signing requests to your Certification Authority.

    If your certification authority requires you to specify a Web server type, use Jakarta Tomcat (Apache will work too). In my case, the certificate authority did not have Jakarta Tomcat as an option. They had only Tomcat and it worked fine.

    10. The CA will provide you with the signed certificates. For simplicity of this proceedure, save the files in the same folder /opt/vmware then import them into the keystore file using the following command.  In addition to your SSL certificate generated by your CSR data, you will need to import your CA's root and Intermediate certificates into the store. Recall that the keystore file is new and started empty. The only things in it are what we are putting into it. Well, we need to add the CA's certs to complete the chain to our cert.

    Import the Certification Authority's root certificate into the keystore file.

     .crt or .cer Certificate File Type Can be Imported into vCloud Director 

    The following command imports the CA's root certificate from the root.cer file to the certificates.ks keystore file.

    Using a .crt Certificate File for vCloud Director

    a. If you were provided a .crt file, use that file. You don't have to convert it or rename it to another extension. If the name of the root certificate is not root.cer or root.crt then change the command below to use the name provided or rename your file to root.cer or root.crt to match the command for simple copy and paste.

         keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias root -file root.cer

    b. (Optional) If you received intermediate certificates, import them into the keystore file.

    This command imports intermediate certificates from the intermediate.cer or intermediate.crt file to the certificates.ks keystore file.

         keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias intermediate -file intermediate.cer

    c.  Import the certificate for the HTTP service.

    Now it's time to import your SSL certificate for vmware vcloud director http service to use.

    This command imports the certificate from the http.cer file to the certificates.ks keystore file. If you were provided a .crt file, that is fine to use.

         keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias http -file http.cer

    d. Import the certificate for the console proxy service.

    This command imports the certificate from the consoleproxy.cer file to the certificates.ks keystore file. Again, a .crt file is fine.

         keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import -alias consoleproxy -file consoleproxy.cer

    11. To verify that all the certificates are imported, list the contents of the keystore file.

         keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

    You will see the root, intermediate and your two certificates listed in the output. Your certificates will be "private". If you are using a wildcart certificate, you will not see the FQDN names. You will see *

    After updating the SSL certificate on your vCloud Director

    First stop the vzcloud director service (on Cent OS):
        # service vmware-vcd stop

    Rerun the "configure" script for director to apply the new certificate and it becomes active. 
        # /opt/vmware/vcloud-director/bin/configure

  • Error ENTERPRISE DOMAIN CONTROLLERS Replicating Directory Changes Access


    Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context

    If you do not have RODC, read only domain controllers in your domain, this error is safe to ignore. If you will have RODC Active Directory domain controllers in your domain, run adprep /rodcprep from the Windows 2008 R2 installation media. If running adprep on a Windows 2003 or 2000 domain controller, use adprep32 /rodcprep from the Windows 2008 R2 installation media.

  • Right Click Computer Icon Choose Manage Nothing Happens


    Right clicking on computer icon on the desktop or through explorer to start computer manager and nothing happens.

    The problem can be fixed with a registry change for what action occurs when right-clicking the computer and selecting manage computer.

    Go to this key in the registry:

    Change the program that is already there. By default it is %SystemRoot%system32CompMgmtLauncher.exe .

    Change it to
    mmc %SystemRoot%system32compmgmt.msc as shown in the image.

    Right click on Computer icon and choose manage, computer management will now open.

    Computer Manager Doesn't Open on Right Click

    The solution above works every time for this problem unless the issue is more serious. The screen capture was taken from a computer, a server actually in this case, that was having the described issue - Computer Management Console was not opening.



    Support Services - Microsoft RDP, Terminal Services RDS


    Remote Desktop Connection (Remote Desktop Protocol)

    Without Citrix and prior to RDS on 2008 R2 server, remote desktop protocol was a client connection application and for remote access for support of servers it was and still one of the most widely used applications for remote control access of servers. Built-into Microsoft server and professional level of desktop operating systems, it was a common default method for getting remote access and control of servers for remote administration and server and desktop support. On desktops this remote access and control feature was not normally turned on by default for remote control with the installation of the desktop operating system, however with a few clicks it could be and was enabled, even remotely by using remote registry access.
    The default colors allowed for an RDP session with the earlier clients was often limited by default to a maximum of 24 bit color. This was not a technical limitation but a default settings in the system's registry of the target computer. It was set to the maximum color 24 bit depth to reduce bandwidth requirements. With a quick registry change on the remote computer however, the color limit can be increased to true color (32 bit). In later releases of the operating system like Windows 7, Windows 8, Vista, Server 2008 Standard, R2 and later, increasing the color depth does not require system registry changes.


    Help and Assist computer users worldwide

    A Useful Way to Provide Tech Support

    Supporting computers and servers over long distances is difficult and challenging at times but with the use of software that enables remote access support over the internet, small companies can become global companies without requiring a remote office in each remote distant location.

  • Enable Remote Desktop Connection in Windows 7 using Regedit Remotely

    Enable RDP (Remote Desktop Connection) in Windows 7 Remotely using The Registry Editor - Regedit

    Connect to the Remote Windows 7 Computer Using Regedit

    First connect to the remote Windows 7 desktop over the network using windows regedit. Run regedit by clicking o nthe Start button then entering regedit in the search flield and hit enter.  Do this on the lcoal computer that will be used to connect to the remote Windows 7 computer.



    Enable Remote Desktop in Windows 7 Remotely

    Modify the Registry key for terminal server RDP remote connections . Once you ahve accessed the remote windows 7 computer's registry, navigate to the key fDenyTSConnections . It is found by navigating to HKLM Hive  -> System -> CurrentControlSet -> Control -> Terminal Server


    Remotely edit registry settings in windows

    Enable RDP on a Windows 7 Computer Remotely

    Open and modify the fDenyTSConnections setting to 1 from 0.  Do this by double-clicking the fDenyTSConnections in the right window pane of the registry editor. The value is a DWORD value. 

    Remotely Modify Windows Registry to Enable Remote Access


    Microsoft RDP for PC Tech Support

    Microsoft RDP for PC Tech Support

    Microsoft RDP is used by many for providing tech support of desktops and servers. Although RDP is a protocol built into most Microsoft Windows Operating systems except home editions, it does not provide the capability of screen sharing. Also, it is turned off by default or limits the users that can connect by default. RDP or RDC connection when used, permits remote control access of the remote desktop or server for tech-support or users to use their desktop remotely. It permits local files access and remote file access of document on network shares. It also permits local and remote printer access and access to all applications on the remote computer. It allows users to access their desktops form remote locations.

  • Exchange 2003 Exchange 2010 Migration Coexistence NO Email Flow


    This was an Exchange 2003 to Exchange 2010 migration. IIt is a swing migration as both servers will coexist and have have active mailboxes on both of them. There will be a migration of mailboxes and then the Exchange 2003 server will be de-comitioned and removed from the organization. In the end , there will be a single exchange 2010 email server.

    No Email between Exchange 2003 And Exchange 2010 Servers

    The problem with this install is that there was no email flow between the servers. No email worked beween the servers local mailbox to mailbox. The solution was to configure a routing group connector that would route mail between the two servers. This routing group connector for whatever reason was not added during the installation of exchange 2010.

    The image in this post is from a real exchange 2010 server that had the New-RoutingGroupConnector run in the exchange management shell . It has to be done from the exchange 2010 server. The two routing groups , first administrative group and the default one created for the exchange 2010 transport can be seen  on the exchange 2003 server but you cannot add this conenctor to route email between the two server from the 2003 server.

    This is the command that was run only the server names have been changed:

    [PS] C:>New-RoutingGroupConnector -Name "Interop RGC" -SourceTransportServers "exchange 2010 server name" -TargetTransportServers "exchange 2003 server name" -Cost 10 -Bidirectional $true -PublicFolderReferralsEnabled $true

    The above command worked perfectly.

    You may have to start the Exchange shell as administrator.


  • 2B9EJN5JNGB2


    PCTech Go Computer, Server, Software, Data Network Posts

    Provide support of computers and servers through the web with remote control software that works through firewalls and over all sorts of network. Networks including wireless, broadband like 3G and 4G, also older technologies like T1 circuits and other leased lines cna be used to provide useful remote tech-support. VPS also permit access for remote support and remote access control.


The content of this website belongs to a private person, is not responsible for the content of this website.