OALGen encountered error 80004005 while cleaning the offline address list public folders under /o=OurCompany/cn=addrlists/cn=oabs/cn=Offline address book.

 

Get-PublicFolder "\non_ipm_subtree\offline address book\/o=OurCompany/cn=addrlists/cn=oabs/cn=Offline address book" -Recurse |Set-PublicFolder -Replicas "Public Folder Group\public folders"


Get-PublicFolder "\non_ipm_subtree\offline address book\/o=OurCompany/cn=addrlists/cn=oabs/cn=Offline address book" -Recurse | Set-PublicFolder -ReplicationSchedule $alwaysrun


Replace the relevant items with your own database paths and company names. Our system has “Public Folder Group\Public Folders” as the database name, but I think default is “Second Storage Group\Public Folder Database”, so watch for that.

We have Exchange accounts in Outlook 2010 and the Global Address List would not update. One reason was due to an error on our server (address in another post), but then the default times to update are 24 ours, and that’s too long. On our internal systems, we want Cached Mode exchange accounts, but direct/real-time addess to the Global Address List in Active Directory.

1.

Add this to a new registry file and/or add to your user’s registry (not system, each user on workstation). Create a text file on your desktop, copy/paste the text below, save, then double click to add to your registry:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Cached Mode]
"DownloadOAB"=dword:00000000

The above is for Outlook 2010, but for 2007 and 2003, replace the 14.0 with 12.0 and 11.0 respectively.

2.

If you have and OAB files, you need to remove them. In this folder:
%userprofile%\AppData\Local\Microsoft\Outlook
If you see “Offline Address Books”, rename that folder. Close Outlook and reopen.

You should now have direct GAL access and updates are immediate.

Reference more detail here:
http://support.microsoft.com/kb/841273

I was not able to access a newly joined Windows 7 computer on our domain from our Windows 2000 Server.  I just received that error.  “Cannot perform the requested operation”  Sharing was setup ok, permissions and security set ok, firewall was turned off.  I saw an Event ID 2017 on the Windows 7 system, too. Something about “unable to allocate from the system nonpaged pool”.

I found this online. Add the MaxNonpagedMemoryUsage value below in the client’s registry. (Windows 7 system)  Make a restore point first so you can undo if any problems arise.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\MaxNonpagedMemoryUsage

DWORD VALUE: 0xFFFFFFFF

Next, restart the “Server” service on the Windows 7 machine.  Then go back to Windows 2000 Server and try to connect to \\window7machine and see if it can access it now.

This worked great for me, hopefully it works for you too.  However, it may be wise to increase that value in small increments from the default, which I THINK is 0×100000.   I just maxed it out and on my client system to test, and it’s working fine.  Just thought I’d make note of it.  If you have further problems, or this doesn’t fix the issue, remove the value and reboot.  This should return it back to the default.

Go to C:\windows\pchealth\helpctr\binaries.

helpsvc.exe /regserver /svchost netsvcs /rainstall

Run that.
Now we have Help and Support available again.

This drove me nuts!  Why Microsoft had to take something totally simple in Windows 2000 and make it a complicated thing is NOT beyond me!  This is MS we’re talking about!  Of course it’s not easy with newer versions.

Took me a little bit, but here’s the commands I used on our primary domain controller, and it’s working great. that first w32tm command is all one line.

w32tm /config /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org pool.ntp.org”,0×8 /syncfromflags:MANUAL /reliable:yes

w32tm /config /update

net stop w32time

net start w32time

w32tm /resync /rediscover

That should do it. However, always make sure you firewall is open to port 123 outbound!  I initially was receiving this error after running a “w32tm /resync” :

The computer did not resync because no time data was available.

In my case, that was caused by my firewall blocking port 123 for NTP traffic.  Go figure, we’ve been running this particular network for probably 2 years with that firewall blocking port 123, and only now did someone come and ask “why is our computer time off by 6 or  7 minutes?”  This is when you say, “Welcome to the world, can I help you?”  (Good old Beavis)  Well, at least we got our server configured better as a “reliable” time source with the right ntp.org pools.

In Exchange 2007, you have a nice little GUI to set your FQDN on your Send Connector. (Mine is called Outbound, as shown below.)

You can see my FQDN, set under the Hub Transport/Send Connectors of the Exchange Management Console.

However, if you send mail out to an external address, you’ll notice in the headers that your internal server name is still listed! What!? What’s the point of the GUI?

You have top open Exchange Management Shell, and type in a command to solve this. It’s easy.

As shown above, you just type in the command:

set-sendconnector “Outbound” –fqdn mail.1stbyte.com

Replace “outbound” with the name of your send connector, and of course, change to your own FQDN, not mine.

It will come back in error, or success. If success, you can check your headers on and external account right away.

Have fun!

Well for the larger businesses out there, this may not be a useful tip. But for those of us that support small networks, like less than 50 or even 10 systems, utilizing shares on workstations is sometimes needed. For example, I have servers in most all of my networks, and their hard drives are fairly large, but I don’t want to save all my downloads and application CD’s on the server. With newer workstations loaded with larger drives than servers sometimes, I’d rather make use of that space there. Not with the main, business critical data, but only things that are not needed for backups or maybe read only archives. These 500+ GB drives give us a ton of space, and when you only have less than 10 people accessing this data periodically, this makes perfect sense. Constant read/write access with lots of users would require the server, rarely accessed stuff goes on a workstation.

Here’s the problem I ran into though. I like to use DFS and create a single shared, mapped drive for all the users. In there I might have a couple shares pointing to workstations. On XP SP2, this works fine, EXCEPT if you are accessing the DFS link from the system where the share resides. You will get an Access Denied error, even with all the correct permissions.

Here’s a registry fix that will overcome the issue.
(Remember, use the registry at your own risk. Back it up if you must. Heck, backup your whole system!)

Open this key on the XP system:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\Parameters

Add a DWORD value:

EnableDfsLoopbackTargets

Change its value to 1.

Reboot the system.

Your share should now be working from DFS mapped drive from the local system. (the local system where the share is located.)

So you went to add a new address to a user account in Active Directory, and you got an error that this address already exists? Sucks huh? Especially when you don’t know where it could be? Here’s one way to track it down.

On your domain root in AD Users and Computers, right click, select Find. Select Custom Search, click the Advanced tab, and enter an LDAP query like so:

proxyaddresses=smtp:emailaddress@youwanttofind.com

(I am assuming you are not a complete NEWB and you know you should replace that email with the one you want.)

Then click the Find Now button. You should see a in the results below any object that may have this address on it.

I’ve run into this a few times, thought I’d record the solution for once so I remember it.

After adding a new user account, the user does not show up in Outlook’s Global Address List, but does show in All Users. (If you click “To” in a new message, for example, and in the Select Names windows under “Show names from the:” drop down, you select All Users.) Even if I go into Active Directory Sites and Services and manually force replication it does not work. (under the NTDS Settings for each server) Normally, I would even go into Recipient Update Services and manually update, but this does not work either.

I found out that if you have Outlook in Cached Exchange Mode, the Global Address List does not update for up to 24 hours. I don’t know the details on that, but I can force it to update. This is on a per-machine basis, so doing this across the whole network won’t work. (Although, there may be a way to do this, I just don’t know how.)

Go into Outlook, go to Tools, Send/Receive, then click Download Address Book. Make sure you have Global Address List under the Choose Address Book drop down, and click OK. Problem solved.

By the way, I am using Exchange 2003 and Outlook 2003.

When using Folder Redirection on a Windows 2003 server, the default policy is allow only ownership and permissions to the user. No admin account would have access to this folder. For example, you create a Group Policy to redirect user’s My Documents folders to a home directory on the server. Once a user logs on and this policy is applied, the folder is created with ownership of the user only, and file permissions granted for that user only, too.

This has presented a big problem for me, having come from Windows 2000, where this was not the case. As you might guess, when only the user has permissions specified, no administrator can get access to this folder for backup purposes. Our backups always failed.

Well then, on Windows 2003 Server, two default policies are in place making the user’s folders more secure. Nice, but I don’t care. I want backup rights by default. Go into the Group Policy where you would like to define the new policy. I made a new Organizational Unit and put all my computers in there, so I could define the policy at a lower level, instead of at the domain level. Once into and editing you policy, drill down to here:
Computer Configuration –
Administrative Templates -
System –
User Profiles –

In here look for these two policies and enable them:
“Do not check for user ownership of Roaming Profile Folders”
“Add the Administrators security group to roaming user profiles”

Now this will allow Windows 2003 to behave more like Windows 2000 on the redirected folders. Unfortunately, there is one issue. It does not change permissions on previously created folders, only on newly created folders. That’s a pain, but not that big a deal, because I can probably script some folder moves and recreate them.

Also, even though this says “Roaming” in the policy items, they apply to local and roaming accounts.  So even if your users are normal, non-roaming profiles, you still need to set.  In my case, we did not have any roaming profiles and only used folder redirection OR simply had home folders mapped from the server.  Doing either of those had the same permissions problem and the policies mentioned solved the issue. (except for previously created folders, it only changes on newly created folders after the policy change.)

Recently I went to reset a user’s home directory permissions on the server to allow them full control over each file/folder in their home directory. I setup all the normal accounts and of course the actual user account, with Full Control. I then went into Advanced and selected “Replace permission entries on all child objects” and hit apply.

This seemed to work fine, except the user complained that they could not access the documents in certain subfolders. When I checked those subfolders, the permissions were correct, except for her account had no permissions specified. Essentially this means, no perms, no access. So I tried again, same result.

The solution was simple, though, I can’t figure out why this was configured this way. At the root folder you wish to start inheritance, go into advanced under security on that folder. Go into Advanced again, and under Permissions, highlight the user in question, and click Edit. Under the detailed Permission Entry window, at the very bottom is a checkbox for:

“Apply these permissions to objects and/or containers within this container only.”

Uncheck that! And apply the permissions once more. All child objects should now have all the correct permissions! Yay!

I don’t understand why this is set this way. Is there a Group Policy in place I don’t know about? Did a previous IT guy change that? At least I have a solution. J

I found a ton of help on Google for this “Service Unavailable” issue on the OMA virtual directory for Exchange 2003. Unfortunately, this was not something readily available. Several sites will explain the proper config for all the virtual folders in IIS, which you should obviously follow, but they don’t mention one little thing… OMA uses ASP.net 1.1. If you go into the OMA properties in IIS, change it from ASP.net 2 to ASP.net 1.1. After that, it all worked beautifully!

Oh, and by the way, I ran into this issue while setting up some Windows Mobile devices with ActiveSync and Direct Push at a couple clients, one was running IIS5 on Windows 2000, and the most recent was running IIS6 on the Windows 2003. The solution was the same on both of them.

Took me a while, again, to figure this out. Thankfully not as long this second time.

When you use ADModify.net to set properties on groups of objects in Active Directory, you can use variables. Home directories, in my case, is a big one. When I moved to a new server, I didn’t want to set the new home directory on each user, so I used ADModify. Now, when you set the variable, this is what got me. You can use the normal: %username% (for example: \\server\homes\%username%) You have to use the AD way. Set it like this: \\server\Homes\%’sAMAccountName’% Notice the syntax: %’variable’%

You can get ADmodify here: http://www.codeplex.com/admodify/Wiki/View.aspx

It’s a lifesaver!

Edit: 10/24/07
NOTE… those are supposed to be apostrophe’s!  So you can’t copy and paste directly, you’ll need to replace those backticks with apostrophe’s. (wordpress seems to be replacing them on publish.)

Edit: 08/20/08

NOTE that Using ADModify.net OR WiseSoft’s Bulk Modify will NOT create the home directories for new users!  You must either manually create the directories, use AD Users and Computers to set the property (and therefore it will create the directory) which is the standard way of creating them, or script that somehow.   What this means is, you can use ADModify to chagne the HOme Folders property from 1 server to another, but if you are trying to create a bunch of new home folders, ADModify will not do this for you.  So, works great if you want to modify existing, like if you copy all the home directories to a new server and you need to update all the user accounts to reflect the new server name.

The basics of this require that we setup a second CPU to take offsite. This system would have AD loaded, GC set, DNS, and all that stuff needed to run AD separately from the network. Here’s the catch, though. We can’t run this and be current. In a disaster, it would work great to be up and running, but it wouldn’t stay current.

So what do we do? We use a cheap PC, do all that DC stuff on it, and make sure it’s syncing good and working on the network (with the GC, DNS, WINS and stuff). IT SHOULD NOT have any FSMO roles. It’s purely a secondary.

BEFORE running DCpromo on that system, Make an image. And make sure we can recover it quickly. Save that image of the server in “stand alone server” install mode (not a DC or even member server yet), because this is what we’ll use to run this process over and over quickly.

AFTER we run the DCpromo and setup all the DC stuff, make another image. We’ll use this to drop back onto the system for offsite recovery of AD.

Here’s the steps to setup. (in general)

1. Setup a stand-alone server, not member of domain. (include all needed SP’s and patches)
2. Make an image. (PRELOAD image, save this!)
3. Dcpromo and setup all needed AD and make sure NTFrs and syncing work perfectly.
4. Make an image. (OFFSITE-DC image, save this!)
5. Demote the server to a member server again and then remove from domain. (this is to remove it from AD as a DC, make AD cleaner and no NTfrs errors)
6. Add OFFSITE-DC image to system again, BUT DO NOT CONNECT TO NETWORK.

Here’s the steps to run regularly to keep up to date.

1. Take that offsite pc, image over it with the PRELOAD.
2. Join this to the domain and do the DC stuff.
3. Make your OFFSITE-DC image again.
4. Demote the server, remove from domain.
5. Load OFFSITE-DC image on again, BUT DO NOT CONNECT TO NETWORK.
6. Take it offsite, seize the FSMO roles. You now have a DC ready to run in an emergency.

This process might take a day with all the imaging, but if you keep the drive loaded with ONLY the DC, it should be pretty quick. And consider that you won’t sit and watch it, you really should only spend like 2 or 3 hours running the process. Also consider that if you run this every month, or even every couple weeks, you’d get real fast at it. And this is what we want in a disaster recovery situation, fast recovery!

Why do all this? Couldn’t we just do an NTBackup recovery? Well, first of all, last I saw on a Microsoft KB article, recovering to alternative hardware on a DC was not supported. So, there’s one obstacle. Though, they do provide a good “how to” KB article, they say it’s not supported. (now I need to find that article again.) Second of all, I tried doing all of the Microsoft suggestions, and I was never able to recover my DC, whether it was the PDC or a backup, to alternative hardware. Of course, I was using Windows 2000, and recovering to 5 years newer hardware, maybe that might have something to do with it. But you know what, I have a lot of clients that would be in that boat. I’ll have more to say on this later.

Some RAID controllers are not what I call *true RAID* drive controllers. They may have a hardware controller, but they run kind of a fake RAID on the host OS. It’s not really software raid, but the RAID is dependant on the OS.

This, as you might guess, causes some problems when we want to do some fun stuff on the system drive while we are not actually booted into the OS. Like when we want to restore an image of the C: drive! That’s ok though, we’ve got a work-around.

BIG NOTICE, DISCLAIMER, OR WHATEVER….

This is based on a RAID1 mirror.
My RAID controller allowed me to build the array based on one of my drives, yours may not.
Do this at your own risk.
Make sure you have a backup. (DUH!)
If you lose your data, it’s your fault.
Your mileage may vary.

Assuming you have made your image successfully already, here’s what we do. The trick is that you must turn off the RAID functions and break the array first. So that your drives look like they are single drives in the system. Delete the partitions you will be reimaging over. On my server, it was just an onboard BIOS setting.

Boot the system into a PE boot disc. You can get a free one called: Ultimate Boot CD for Windows. It’s a doctored up PE Disc, but you’ll need to “build” it. They have great instructions for that on their site. (just Google it) Anyway, you boot into this, and right when the CD starts to boot, you see the “Press F6″ option, like you see when you do a new Windows install. Insert your floppy disc and load the drivers when it asks. Then it will boot to a custom version of XP.

The PE disc should load and see your C: drive. Make sure you open Drive Manager and create your C: drive again. Only DON’T FORMAT it or make a drive letter. Now open Drive Image XML and load the image you made, and recover it to that C: drive.

Reboot when complete and before Windows loads, open the BIOS or RAID controller and turn on the RAID again. On my controller, I was able to recreate the Mirror by building off the first drive. Let that process complete and reboot. Your system should boot right to that image.

The keys to making this work was:
Make the drive appear as a single drive again, turn off RAID in the BIOS or Controller.
Drive Image XML always crashed on me, even if I loaded the drivers at the F6 prompt. It couldn’t deal with that Host based RAID. (but it appeared fine!)
After image is restored, turn on RAID1 again and build your array based on the newly imaged disk BEFORE you boot back to that drive in Windows.