The 7 FSMO Roles

5 FSMO roles? Oh, no. There are Hidden FSMO roles that they don’t tell you about!  They don’t want you to know about these until you run into a problem!

Have you even been unable to demote a domain controller?  It tells you that it can’t determine the fSMORoleOwner – even though a netdom query FSMO returns all 5 roles?

You may also get: “The Directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles”

Well, there are two hidden roles: CN=Infrastructure,DC=ForestDnsZones  and CN=Infrastructure,DC=DomainDnsZones,DC=

So, the next time you are transferring FSMO roles, you need to move these two as well – before you Decom the old Role Holder!

Run adsi edit as admin.

Right click on ADSI Edit, select Connect to the naming context “DC=DomainDnsZones,DC=yourdomain,DC=tld”

Click and expand the new “Default naming context” – click on the connection point, move to the right column and click Infrastructure:

Right click and select properties or double click to edit.

Scroll to fSMORoleOwner

Double click to edit.

Repeat for naming context “DC=ForestDnsZones,DC=yourdomain,DC=tld”

The fSMORoleOwner in each “Infrastructure” should match.

Printers Deployed via Group Policy

So, ran into a situation the other day where some printers were added to some computers they were not supposed to be on. When we went to remove them – nobody could. Access denied. Enterprise Admin could not remove the printer from the computer.
Why?
Group Policy.

There are a few ways to deploy printers via group policy.
1. Click “Deploy” on your print server. Unless you want everyone and every system in the entire domain to have that printer – do not do this. You won’t know which policy it uses to deploy the printers, you won’t know where it is applied. ( probably sets a “printer” policy on the root of the domain )
2. Create a group policy using Computer Configuration –> Policies –> Windows Settings –>Printer Connections (on older DCs)  ( Don’t do this! )
3. Create a group policy using Computer Configuration –>Preferences –> Control Panel Settings –> Printers (Nobody will be able to delete these printers)
4. Create a group policy using User Configuration –> Preferences –> Control Panel Settings –> Printers (You will be able to delete these printers – and they will show back up on next reboot, unless removed from the policy)

 

O365 and your SPF Record

So, I recently discovered that Office 365 has a new trick up it’s sleeve – using SPF records WRONG.  Had several bouncing and rejection issues with some clients due to this new idiocy.

An SPF record is supposed to match your SENDING ip to the SPF record.  But now O365 is requiring the MX record – the Receiving ip – to be in the SPF record.  Why is this messed up?  Well, for one, many people use third party Spam Filtering services for their MX record – to filter out spam before it gets to their inbox.  So, many MX records are spam filters – not what is sending out the email.  Basically, O365 just opened up a Huge security hole.

Thanks, Microsoft.

Been Busy!

I’ve been doing a lot lately. I have stood up a Windows Server 2012 server, racked it and configured it for a client. I have updated boot code and firmware on firewalls and routers (Sonicwall, Cisco and Mikrotik). Fixed a couple “Read-only Filesystem” linux errors on Xen VMs.  Moved a few websites/email from a hosting service to our own hosting server.

Hmm, written down, it doesn’t seem like a whole lot – until you think about all the steps involved in moving a website, changing DNS in multiple places, syncing emails, doing documentation.

😀

Labtech and MySQL to Monitor Exchange Backpressure

So, we decided we needed to monitor Exchange servers for Backpressure so we can be more proactive in preventing problems.

I wrote a script in Labtech to monitor the event log for incidents that indicate potential issues.  Check out the SQL concat!  The logic checks for existing tickets, either creates a ticket, makes a note on an existing ticket or closes the ticket it if the situation no longer exists.  I didn’t include putting time into the ticket, but that would be fairly easy as well.

See the script export below:

Resend EventLogs
SET:  @BackpressureEvent@ = SQLRESULT[SELECT Concat(eventlogs.TimeGen, ” “, eventlogs.Message) As dEvent FROM eventlogs WHERE eventlogs.`Message` like ‘%resource pressure increased from Medium to High%’ AND (timegen > DATE_SUB(NOW(), INTERVAL 1 HOUR)) AND ComputerID=%computerid% LIMIT 1]
IF  @Backpressureevent@  Contains  High  THEN  Jump to :Alert
SET:  @mysqlquery@ = SELECT COUNT(v_tickets.`TicketID`) FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’ ‘
SET:  @sqlresults@ = SQLRESULT[SELECT COUNT(v_tickets.`TicketID`) FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’]
IF  @sqlresults@  >=  1  THEN  Jump to :ProcessTicket
GOTO :END
:Alert – Label
Note: Backpressure! – need to create a ticket!
:CheckTicket – Label
SET:  @mysqlquery@ = SELECT COUNT(v_tickets.`TicketID`) FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’ ‘
SET:  @sqlresults@ = SQLRESULT[SELECT COUNT(v_tickets.`TicketID`) FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’]
IF  @sqlresults@  >=  1  THEN  Jump to :UpdateTicket
:CreateTicket – Label
LOG:  Exchange Backpressure High! Creating Ticket
Create New Ticket for %clientid%\%computerid% Email:%ContactEmail% Subject:%locationname% / %computername% / Exchange Backpressure Detected
SET:  @eTicketId@ = SQLRESULT[SELECT v_tickets.`TicketID` FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’]
Send Email To:YourCompany@youremail.net Subject:Exchange Backpressure – %clientname% – %computername%
GOTO :END
:UpdateTicket – Label
SET:  @eTicketId@ = SQLRESULT[SELECT v_tickets.`TicketID` FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’]
LOG:  Exchange Backpressure High! updating Ticket
Comment Ticket @eTicketId@ to Admin
GOTO :END
:ProcessTicket – Label
Note: If the Ticket exists then Finish it.
SET:  @monitorticketid@ = SQLRESULT[SELECT v_tickets.`TicketID` FROM v_tickets WHERE v_tickets.`Subject` = ‘%locationname% / %computername% / Exchange Backpressure Detected’]
IF  @monitorticketid@  =  0  THEN  Exit Script
IF [SQL SELECT COUNT(ticketid) FROM tickets WHERE ticketid=@monitorticketid@]  <  1  THEN  Exit Script
IF @monitorticketid@ Ticket Status equals Resolved  THEN  Jump to :ClearMonitorTicketID
RUN SCRIPT:  _System Automation\Functions\Load Properties – Ticketing*
Finish Ticket @monitorticketid@ to @propTicketDefaultUserID@
:ClearMonitorTicketID – Label
SET:  @monitorticketid@ = 0
SET:  [STATE @fieldname@ticketid]  =  @monitorticketid@  for computer @computerid@
:EndProcessTicket – Label
:END – Label

 

Whats so good about Labtech?

Labtech.  RMM tool.  (Remote Monitoring and Management).

What is so great about it?  Well, once you learn it… once you understand it… you can do anything you want with it.

Like what?  Well, you have your normal RMM things like keep track of the computers on the network, what OS, what programs, keeping up with Microsoft patching, installing software, removing software, etc.  Then you have the monitoring – you can monitor just about anything you can think of from registry entries (including installed programs), event logs, pretty much anything you can find in a readable file on the computer, you can monitor and trigger alerts or even emails and text messages on those events.

Then you have scripting.  Some of the things I can accomplish with scripting:

Extract the backup status of a computer from the logs of the backup program and send an email if there is a failure.

Read a file version, compare to an internet site and send an alert if the two are different or off by more than two, etc.

Launch a series of powershell scripts to configure a new windows server, with variables put in when starting the script in Labtech.

With a little creativity, anything you can do via command line or powershell, can be done remotely, in the background, with Labtech.

Yes, that is very cool.

Linux Joy

My home computer has been running Ubuntu Desktop (Debian Linux) for years.  It has only been recently that I have had the pleasure of working with Linux Servers.  I have set up, configured and administered a few LAMP (Linux, Apache, MySQL and PHP) web servers.  For the last couple days, I have been playing with Citrix Xen Server and HyperV to proof-of-concept virtual host NIC Bonding / Teaming and it’s effect on existing Virtual Machines on each platform.

I set up an environment (Xen, then HyperV) on a test server (Dell R710) and added a few Linux VMs (Got to play with Ubuntu Server 16.04 LTS and CentOS 7).  Then I did the Bonding/Teaming and watched for what happened to the existing servers and network connectivity.

Xen Server did very, very well! It had zero network disruptions as NIC Bonding was created and put into place.  Very impressive.

HyperV was less impressive.  There were multiple connectivity disruptions and panic-inducing bouncing before it settled down.

All that, to show off a screenshot:

Updating Ubuntu and CentOS

Computer Console

One of my favorite accomplishments was the “Trustmark Computer Console” that I created for use at Trustmark National Bank.  It was used by the call center and help desk from the time I created it until at least two years after I left.  It may still be used some.

I wrote the original in AutoIT3.  After a while, I re-made it into a VB .NET project.  However, the VB .NET did not do a WMI query quite right, so I had to write a helper script in AutoIT3 to get that piece of information.

Here are some screenshots :

Capture

Some items are blurred out, but under “Computer Name” is a text box where you would put in the name of the computer in the network you wanted to get the info from.  The red/green buttons under that were our major services or processes that should be installed and running.  You could right click on the buttons and start/stop/install those items.

Capture2

Pressing “Enter” from the Computer Name box would go out and get the current information – such as OS, logged in user, free space, IP address, last boot time, mfg and model, processor, memory, etc.

The buttons on the right would run different scripts to automate common tasks.  At the time, on a single domain, it was fairly great for Help Desk Technicians to quickly gather info and fix common items.  I now use Labtech for almost all that functionality.

Here is the User Guide that I wrote for it – Computer Console User Guide