Exchange: Recover Hard Deleted item August 7, 2009
Posted by tiggerjay in troubleshooting.Tags: Exchange, hard delete, outlook, registry
add a comment
The lifecycle of a delete e-mail message in a Microsoft Exchange Environment is similar to most business garbage collection.
- Message is deleted (paper is put in the under desk garbage)
- Delete items folder is emptied (the janitor collects the garbage and puts it in the dumpster)
- Exchange performs maintenance to purge the deleted items (the dumpster is collected by the garbage company)
At various stages the document may be recoverable, but it becomes increasingly difficult. Also, you can skip to the last step by performing a hard-delete (pressing shift-delete).
Recovery is as follows, respective to the numbers above:
- Simply check the deleted items folder, and drag back into the correct location or simply open within the deleted items folder.
- Right-click on the deleted items folder and choose recover deleted items. However, if you performed a hard delete from a different folder (shift-delete) they will be stored in a different recovery location – more later.
- At this point, you are looking to recover from backups only.
Normally an e-mail is deleted, it is moved to the Deleted Items folder (which is really nothing more than a folder). When you empty this folder it goes into a hidden recovery folder which is cleaned by the Exchange Server’s periodic maintenance (hourly, daily, etc). While most people are aware of the recovery folder, most people are not aware that when you hard delete an item (shift-delete) from a folder, it goes into a specific recovery folder for that folder — in other words, every folder or sub-folder you have (inbox, sent items, subfolder, etc) each has their own recovery folder. However in Outlook 2003 and prior, this is a hidden feature which you must enable via a registry hack:
Enjoy
ESXi Monitoring with Veeam August 6, 2009
Posted by tiggerjay in Tool Thursday.Tags: esxi, tools, veeam
add a comment
A great free tool (with a commercial counterpart) I experimented with today was Monitor from Veeam. It provides the ability to view multiple ESXi instances without purchasing virtual center. Now VMware’s virtual center does provide you alot more features and tools. But with Monitor you can view the resources of every ESXi server in your environment.
The following features make this a great tool to checkout:
Performance monitoring: Comprehensive data on resource consumption and workload, from vCenter, ESX/ESXi host, and complete down to the individual VM. Real time data consolidated in one place.
Hardware monitoring: Provides a complete picture of your datacenter, through CIM/SMASH API – track everything from temperature and fan speed, to ventilation, power and more – eliminating the need for service console based hardware monitoring agents.
Correlation of event and performance data: See all of your datacenter activities on a single page, in real time. No need to switch between different virtual machines, hosts or vCenters – all information in under one easy to modify view.
User interface optimized for monitoring: The interface was designed with monitoring, not control in mind.
Quick take: Disabling users August 5, 2009
Posted by tiggerjay in troubleshooting.Tags: acl, active directory, aduc, disable, passwords, uac
add a comment
Here is a quick one for today – we received a call from an executive that they are immediately and are in the process of terminating the employment of an employee. They wanted their account disabled. A junior technician disabled the account and was done. However, what caught the customer by surprise was that the user was still on their computer working – how could this be?
Basically Windows workstations cache the credentials and the only time it will try to authenticate is when it tries to use a network resource, at which point their network access will be denied. However, there is nothing you can do to a user account to prevent them from accessing their workstation if they are already logged on and/or are off the network. The only way to lock them out of their computer is to reboot the system or otherwise force them to authenticate to the domain controller. On that note, what about remote laptop users. Say it is a sales person with a desktop and a laptop. And they left the laptop at home, how do you prevent access? You can chose to disable cached credentials so they must always authenticate against the domain controller via a VPN or another method.
Enjoy!
Paper jamming – Dell 3100CN July 31, 2009
Posted by tiggerjay in troubleshooting.Tags: 3100cn, dell, known issues, paper jam, printer
add a comment
A customer recently called in regarding paper jam issues on their Dell 3100cn color printer. After remote troubleshooting, a technician decided it was likely the roller set. Contacted Dell for replacement parts and ordered them. However upon reviewing the issue closer while onsite, I noticed that the 2nd paper tray had two loose tabs above the paper tray. A quick check confirmed that these were the locking mechanisms to connect the 2nd paper tray. While the tray appeared to work fine, over time, there was enough movement occurring to cause the trays to separate or move just enough for a paper jam to occur. Locking these in place resolved the problem without the need to replace the rollers.
A couple of take aways:
- Read the manual if you’re not familiar with this printer series – yes, most HP printers do not use a lock for the tray, but many (but not all) Dell printers do. Always be familiar with the directions on new equipment.
- If the printer is new and has a low page count, then it isn’t likely the rollers. New being <3 years, and low page count being either half of a maintenance kit page count or very generally 10x the model number (so 30,000 pages in this case).
- Dell printers do not appear to be designed to be maintained. Over 45 screws to replace one roller and a paper sensor.
Enjoy!
Mac computers SMB versus AFP July 29, 2009
Posted by tiggerjay in troubleshooting.Tags: afp, max, osx, samba, smb
add a comment
Since Apple released Mac OS X (10), no longer were users limited to connecting to file servers sharing via AFP, but they were opened to the Windows world of SMB. However, over the years, Macintosh computers have been plagued with problems connecting to Windows shares. A simply query of Google will demonstrate this. The underlying problem is the often buggy SAMBA subsystem which processes SMB shares. Everything from authentication problems to memory leaks, it provides “best effort” SMB connectivity.
Recently while performing some tests, we have confirmed that Mac to Mac or Mac to Unix or Mac to PC, whenever AFP is available, file transfers appear to be more reliable and occur faster. Not faster than a Windows to Windows SMB transfer, but rather faster when compared to a Mac to anything transfer using SMB versus AFP.
So if your SMB transfers for your Mac seem to drag, consider switching to AFP, which is available on Mac, Windows and Unix servers.
Installing ESXi on a Dell PowerEdge server with IDE drives July 24, 2009
Posted by tiggerjay in troubleshooting.Tags: esxi, ide, raid, vmware
add a comment
ESXi is a powerful virtualization hypervisor which is available for free from the VMWasre website. What’s great is it will run on just about any server hardware, and pretty much any workstation for that matter. With some advanced features from the paid-for releases, you can live migrate between virtual servers in the event of a failure. What this means is that you can use non-redundant hardware to virtualize on since it can fail over to another server.
However, one of the non-redundant configurations ESXi does not support is IDE drives in a non-RAID configuration. Fortunately you can configure ESXi to install on IDE drives, but you effectively trick it into believe the drive is a SCSI drive.
The installation instructions can be found on the following website, but be aware that this is an unsupported configuration and support from VMWare may be very limited.
http://www.vm-help.com/esx/esx3i/ESXi_install_to_IDE_drive/ESXi_install_to_IDE_drive.php
Enjoy!
Remote support for hardware problems July 22, 2009
Posted by tiggerjay in troubleshooting.Tags: monitor, mouse, users
add a comment
Remote support tools can be an excellent tool in resolving problems, but they need to be used in combination with the described experience provided by the end user. This recently was discovered in two different problems reported by users but we couldn’t confirm via remote tools.
The first was strange monitor colors – which typically we would associate with a video setting within Windows, however a remote session confirmed that the setting were correct. Additionally, the user was saying that the colors were wrong, like the pallet was all mixed up – yet we couldn’t see this remotely. The problem, when escalated to on-site work: a bad video cable. This caused a problem in how the output of the video card ended up at the monitor – so it was (effectively) a monitor problem. Since the video card and settings were working properly, remotely we were not able to confirm this.
The second was with a mouse problem – according to the user the mouse was moving too fast, erratic. Remotely, it appeared to be working fine, and the settings appeared correct. Our mouse interacted properly. Even adjusting the Windows settings to the slowest, still resulted in too erratic control for the user. While sometimes it is a user error, an onsite review uncovered that this user was on a Wyse Thin Client which also has it’s own control panel and an interface to control mouse speed, and it was set at the highest level. Adjusting this back to the middle corrected the problem.
Next time you’re working with end users remotely, understand the limitations of remote control to diagnose all problems. Be sure to rely upon user feedback.
MFP printer problem isolation/troubleshooting July 17, 2009
Posted by tiggerjay in troubleshooting.Tags: canon, mfp, printer, strange
add a comment
So typically in a mutli-vendor or multi-provider environment, it is best to isolate a problem to which vendor is responsible for a problem. This week I encountered a very interesting problem with a multi-function copier/scanner/copier. This happened to be a rather large canon unit (not to be confused with the desktop models). The typical demarcation point between the network provider and the copier provider is the network cable between the wall and the copier/printer. What happend in this case was that out of the blue the MFP unit stopped printing.
We started by trying to isolate the problem. We changed the printer into a known good network port, reset the print queue, and the device still showed off line in Window Server 2003. We also attempted to ping the device with no avail. We then connected a laptop to both the old and new network jacks, received and IP address properly and was able to perform network tests… So the network must be good – two known working ports… But…
The copier vendor arrived on site, confirmed the problem and then his troubleshooting began with verifying the network configuration (DHCP with a reservation on our servers), also tried to manually set the IP address, and also used a different IP address (statically). None worked on the network. Then he connected his laptop directly to the printer via a crossover cable, and in all cases tried above, it would print without a problem. So he rightfully claimed, it was definately not on the printer side…
So out of the interest of resolution, we decided on a vendor meet (both vendors onsite at the same time). We walked through various troubleshooting steps, and then I asked that he perform a factory reset or default configuration on the copier, and to my suprise, it was not available. He was, however, able to reset the controller via software. Note that we’ve already tried mutliple full power cycles. Yet, after he performed this reset, it grabbed the same (old) DHCP IP address and immediately started to despool from the server. Problem solved.
We then completed the testing, by power cycling the equipment, and performing additional printing test – all of which worked properly.
Lessons learned: Just because you believe you have rulled out your side, doesn’t mean it’s an absolute, but rather a pretty good indication.
Wyse terminal running VNC July 15, 2009
Posted by tiggerjay in troubleshooting.Tags: password, rdp, vnc
add a comment
The majority of Wyse Thin Clients run a version of VNC to permit remote administrators to interact with the otherwise Thin operating system. This is important since traditional remote control tools such as RDP or perhaps a remote access too such as Kayesa or N-Able cannot install an agent.
You can perform a “shadow” operation while using the Wyse Device Manager (WDM), however the underlying access is VNC. All you need to know is the IP address and password. The following is the default passwords. Obviously, it should be on your priority list to change this:
| 1 series terminals (WTOS/Blazer) | password or Password |
| 3 Series terminals (Windows CE) | password or Password |
| 5 Series terminals (Linux) | winterm, password or Password |
| 8 Series terminals (Windows NTe) | Administrator |
| 9 Series terminals (Windows XPe) | Wyse |
Nessus Security Scanner July 9, 2009
Posted by tiggerjay in Tool Thursday.Tags: audit, nessus, security, Tool Thursday
add a comment
Tool Thursday: Nessus Security Scanner
This is an excellent professional tool you should add to your toolbox if you’re serious about vulnerability scanning and auditing your own work. This tool is pretty pricey for the individual technician, but is free for personal (non commerical, non consulting) work. There is also volume licenising available. As always, please respect the legal restrictions – solo consultants, don’t use the free license key.
The primary difference between the professional and free version is the time interval at which they release updated definition files for specific vulnerabilities. The professional also adds some wonderful reporting tools not available in the free release. Download it today and check it out at: http://nessus.org/
This is a great tool to audit and check your network from both outside and inside of your network – also be sure you’re using to only scan networks your authorized to check as the activity from Nessus will certainly trigger a host of firewall alarms at the target site.
Enjoy!
