Exchange 2007: Cannot remove accepted domains

Interesting little problem I discovered this morning, when trying to remove domains from the accepted domains tab in Exchange 2007 Server.

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
Action 'Remove' could not be performed on object 'domain-name.com.au'.

domain-name.com.au
Failed
Error:
Cannot remove the domain 'domain-name.com.au' because it is referenced by the proxy address template 'smtp:@domain-name.com.au'.

---------

Our site was a migrated Exchange 2003 organisation to Exchange 2007... which is why I probably couldn't see any reference to the domain in the E-Mail address policies tab. Though some are visible, so I'll just put it down as a dodgy migration process.

I stumbled upon this link, which helped me identify my issue. It references to edit a string for which I had no data for, might be because we're running Windows 2008 domain as well..

Anyway here are the steps I used to resolve the above issue:

Logged onto a domain controller (Windows 2008)

1. Start Menu, Administraive Tools, ADSI Edit
2. Action Menu, Connect to...
3. From the drop down list labled 'Select a well known Naming Context:' I selected 'Configuration'
4. Expanded the tree down, Configuration, Services, Microsoft Exchange, 'Org Name' , Recipient Policies
5. Edit Default Policy
6. Edit 'gatewayProxy'
7. Removed the entry for the domain I was having problems with: 'smtp:@domain-name.com.au'
8. Clicked OK, then OK again, closed ADSI Edit
9. I then waited a few mintues and tried to remove the domain from the accepted domains tab.

It now removed without problems!

ESX: Service Console and default route being lost!

This may seem very trivial.. and indeed it is, the saying "maybe a set of fresh eyes will help" is quite possibly a required procedure rather than a question... geek ego's may get in the way though. :p

Too many late nights and a never ending list of tasks to complete with ever shortening deadlines. This is what lead me to discover some interesting behaviour in ESX and quite possibly apparent in Linux/Unix distro's too..?

To configure a default route in an ESX Service Console (or on a RHEL based distro) is to add the gateway into the /etc/sysconfig/network file. GATEWAY=10.0.0.1

You can then run the command route which should give you an output with something similar to this:

default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0

What I had, no gateway was being set, even though my network file was correctly configured. Manually running the route command was a temporary fix, though it was lost once a reboot or network service restart command was executed:

route add default gw 10.0.0.1

As it turned out, the route was being dropped because of a configuration mis-match in my interfaces file. In the case of my ESX server, the interface file: /etc/sysconfig/network-scripts/ifcfg-vswif0

The culprit was the line: NETWORK=192.168.0.0 when in fact it should of been configured as NETWORK=10.0.0.0

Thus the end to my default route not being set by the configuration of /etc/sysconfig/network

MS Exchange SMTP behind Cisco PIX : Mailguard of DOOM

I'm by no means an expert in Cisco PIX, but I've had my fair share of success troubleshooting random problems with them.

In this episode... My MS Exchange Server 2007 box has been happily humming away for the last few weeks, SMTP for POP users is served up from behind a Cisco PIX 515e. However something bad happened... something very bad.

Just recently I discovered a bunch of users (including myself) could no longer connect to the SMTP server, while other users could. After hours of painstaking troubleshooting, it was nailed down to a problem with the PIX.. a little more research lead to a little security feature from Cisco named Mailguard. Also note that Mailguard can also have adverse affects to POP3 communications when using windows integrated authentication.

Mailguard's role is to check for dodgy connections or non-standard SMTP commands and drop them, basically shielding the SMTP service on the host behind the PIX. In theory great, in practice with Microsoft Exchange servers... not so great.

Don't ask me how Mailguard (SMTP port 25 inspection) became enabled, when it was ever so clearly not enabled for the last few weeks, but this is how it was resolved:

You may have read on lots of posts on the Internet about running the following command:

# no fixup protocol smtp 25

That command didn't resolve our problem, mailguard was still actively dropping connections and or visible via the XXXXXXXXXXXXXXXXXX that appeared when you telnet into port 25 (if we were lucky enough to find a machine which could telnet as Mailguard also outright refuses connections in certain cases).

The trick was to manually remove the esmtp inspections, as I couldn't do it via the ADSM gui.

These steps are what worked for me, however you may need to verify the names of your policies:

# conf t
# policy-map global-policy
# class global-class
# no inspect esmtp

Save that to your startup configuration and your set.

A quick telnet test was all the proof you'll need to know if Mailguard is disabled. You will see the real Microsoft Exchange SMTP banner instead of the XXXXXXXXXX.

ESX Networking from the CLI

11:30 PM Sunday night, tired and still trying to finish off a few tidy up jobs, in preparation for Dell / EMC engineer tomorrow (doing SAN install).

So there I am, trying to add a new port group for a management VLAN I'd created earlier on the pSwitches. However, instead of creating a port group I created a vSwitch, then tried to bind a pNic to it, which was already attached to another vSwitch.

Logic states that ESX shouldn't let me do that... but.... something weird happened.. POOF! The ESX server dropped off the face of the earth. No VM's attached to vSwitch0 had comms! I tested pinging a VM on another vSwitch, worked fine.. I also didn't have a service console on that vSwitch either.. My users based in United States would be waking up soon, so I decided to drive out to the data centre and troubleshoot it. :(

Since I couldn't rely on a nice GUI to manage ESX, I soon realised my ESX CLI knowledge is somewhat lacking! After a quick search I found this site, which saved my bacon:

http://www.petri.co.il/5-critical-vmware-esx-cli-network-commands.htm


This showed me that I had no pNics linked to vSwitch0
esxcfg-vswitch -l

This added the pNic onto vSwitch0 and thus got my service console back on the network. :)
esxcfg-vswitch -L vmnic0 vSwitch0

Jumbo Frames on EMC Clarriion's iSCSI controller

We've recently purchased a EMC Clariion CX3 SAN, which we plan on implementing using iSCSI. After numerous amounts of research, I couldn't find any details on if the Clariion controllers supported larger MTU's / Jumbo Frames.

Well after EMC activated my PowerLink account, first thing I did.... Search for Jumbo Frames and I'm pleased to share the following knowledge:

Jumbo Frames are supported on the following devices (as long as you have Flare release 24 or higher installed):

• CX3-10c
• CX3-20c
• CX3-40c

The bad news is, Jumbo Frames isn't supported on the older CX300i/CX500i or the AX series of arrays.

Remote Storage for Documents - Gmail

So here I am, getting tired of working back late in the office, but hate the hassle of having to VPN in from home, run RDP or map network drives.

So what's an easy way to move a couple of documents between work and home?

After a quick search for online storage, I stumbled upon a neat little Gmail extension that allows you to use your Gmail email account as a file storage dump.

Basically, you install the Gmail Drive extension to your machine, configure your login details and booyaaa, a storage dump without having to sign up to new products, manage new user accounts and passwords.

More info and links to download here: http://www.viksoe.dk/code/gmail.htm

I'm aware that this is several years old, but surprisingly still work fine. I have received a couple of errors here and there when trying to access the drive, but a second attempt immediately after the error, all appears to work fine again.

I'm stilling running Windows XP, not sure of it's compatibility with Vista....

Enjoy your unlimited file storage with Gmail. :)

First Post

Hello World!

Not being self indulgent, just a test.. :)