Use Windows Backup to Truncate Logs in Exchange 2010 with DAG Configuration

July 14, 2012August 31, 2015 Josh Reichardt 3 Comments

I ran into a few minor glitches that weren’t mentioned in other posts when using this method in my own environment. So first I will mention what was different for me, then I will be going over the full set of instructions to use this method. My goal for this post is to be as thorough and unambiguous as possible so there are no questions after reading these instructions.

First, it wasn’t readily apparent what specifically needed to be backed up in the pieces I read. Though, it is quite possible I managed to misread the sections that described them. After some experimentation in our test network I learned that all volumes containing databases and log files need to be backed up. This means that if you have separate drives for logs and databases, both of them need to get backed up, I would have saved a lot of time had I known this beforehand. And, as far as I can tell, both the mailbxes and logs have to be backed up for this method to work, not just one or the other. So just to reiterate this with an example, you have to back both the (L:) and (M:) volumes up.

The other thing that was mentioned in other posts but wasn’t clear cut was the need to change the registry key to disable VSS trasnport replication. It is necessary for Exchange environments using a DAG configuration with both active and passive databases, if this change isn’t the case the backup may work but your logs won’t get truncated. Finally, ensure that you have the Microsof Exchange Server Extension for Windows Backup service started.

Log on to the server by using an account that has local administrator access, and open regedit
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\ExchangeServer\v14\Replay\Parameters.
Add a new DWORD value named EnableVSSWriter, and set its value to 0.
Exit Registry Editor and then restart the Microsoft Exchange Replication service.

Okay, now we need to enable the Windows Backup feature (I will leave that to the reader), just make sure not to enable the backup command line tools (they are outdated).

So now you just create your backup job and after everything is all said and done your logs should get truncated, it seems like a lot more work than should be necessary but if your logs don’t get truncated then really bad things happen, so it is a small price to pay I guess to make sure things are working the right way.

That’s pretty much it. Once the backup has completed your log volume should have more room. There are other ways to clear the transaction logs, maybe I will go over them in another post but this method is (for the most part once you figure out what you’re doing) easy and built into Windows. Just make sure you have enough free space somewhere on your network to house the backups, especially if there there is a lot to move.

An Easy Way to Synchronize your Passwords

July 8, 2012August 31, 2015 Josh Reichardt 1 Comment

I have a lot of passwords. Like, somewhere in the range of 50 or so for various work stuff, email, home server, websites, etc. I don’t know about anybody else, but I can’t remember that many passwords let alone keep track of which ones change or expire. In this post I will be going over a way to keep passwords centralized in one place, secure and available to me whenever I need them (for the most part). On top of that this is a great way to keep all of your passwords up date easily. Because I am always creating new accounts or changing existing account passwords this is essentially the best way that I have found to do it over the years.

It is a fairly simple idea in practice so let’s get going. You will need a few things first. Download and install Dropbox on any and all of the computers that you will want to view/edit or create username and passwords on. I like Dropbox because it works cross platform so I can sync my folders on a Linux, Android iOS or Mac OS system like I would on a Windows box, which is pretty handy. Oh yeah, and its free.

Next we are going to need to go get a program called KeePassX. This is what actually keeps track of your passwords. This project was spawned originally from KeePass. One very nice feature is that the password database files are compatible across programs so if you don’t like KeePassX you can check out KeePass and everything will just work, and vice versa, going from KeePass to KeePassX. I like this program because like Dropbox it is cross platform, reliable, free (Open Source), has some pretty handy features and is super easy to use.

Ok sweet, now that we have the tools we need it is just a matter of getting up and going. Not a lot of configuration but there are a few steps. The first is to make a home for you password file and your encryption key (if you want to use two factor authentication) inside Dropbox. I made a folder called “keepassx” to put my crypto key, “keepassx” and my password file “passwords.kdb” in there.

But we need to create these files with KeePassX before we can put them in our Dropbox folder. Easy enough, most of these should be pretty much self explanatory so if I miss something let me know.

So this is the screen you get when you open up KeePassX by default. If you already have your password file created just enter your master password and your key file (encryption key) if you created one to open up your password list. If this is the first time opening the program choose a master password and decide if you want to use an encryption key. The encryption key, should you choose to make one, will be one of the files that goes into your Dropbox folder to be synchronized.

NOTE: The password pictured above is your master password and should be chosen carefully. It should be unique, have as many unique characters and as much entropy as possible if you want your password file to be as secure as possible.

Once you have created your password/encryption, the rest is easy. Take a spin, create some password entries, build a few groups whatever you want just so we can get some data into the password database. Then just save your file and choose the path to Dropbox that you chose.

Now from whatever other device you would like to access this from just open KeePassX, enter your password and browse to the location you set for your password file.

Building a Better Bash Script

July 1, 2012August 31, 2015 Jake Alheid 13 Comments

I often find myself writing a lot of bash scripts that wrap functionality of my services and programs in ways that make my job easier. While bash doesn’t lend itself well to traditional “inheriting” of program elements, it still is very helpful to build a toolbox of snippets, templates, and bits of script that let me assemble new scripts with tried and true methods to get things done.

One of the hardest things to do well in bash is parsing command line options in a consistent cross platform way. The template below shows an example of how to do this that allows for short, long and positional options.

The template uses getopt to normalize short options after parsing long options in a two pass approach. Using getopt transforms options into their canonical form – for example, the option string “-c foobar -laht -v” after being parsed by getopt, becomes “-c foobar -l -a -h -t -v”, allowing them to be handled more consistently.

The getopt string (stored in the variable “opts” below) consists of all the short option letters, with letters that take an argument (e.g. cmd -a foo) being followed by a colon. So if I had short options “a” and “b”, and “b” took an argument, my getopt string would be “ab:”.

# Option defaults
OPT="value"

# Gets the command name without path
cmd(){ echo `basename $0`; }

# Help command output
usage(){
echo "\
`cmd` [OPTION...]
-f, --flag; Set a flag
-o, --opt; Set an option with argument (default: $OPT)
-v, --verbose; Enable verbose output (include multiple times for more
             ; verbosity, e.g. -vvv)
" | column -t -s ";"
}

# Error message
error(){
    echo "`cmd`: invalid option -- '$1'";
    echo "Try '`cmd` -h' for more information.";
    exit 1;
}

# getopt string
opts="fvo:"

# There's two passes here. The first pass handles the long options and
# any short option that is already in canonical form. The second pass
# uses `getopt` to canonicalize any remaining short options and handle
# them
for pass in 1 2; do
    while [ -n "$1" ]; do
        case $1 in
            --) shift; break;;
            -*) case $1 in
                -f|--flag)     FLAG=1;;
                -o|--opt)      OPT=$2; shift;;
                -v|--verbose)  VERBOSE=$(($VERBOSE + 1));;
                --*)           error $1;;
                -*)            if [ $pass -eq 1 ]; then ARGS="$ARGS $1";
                               else error $1; fi;;
                esac;;
            *)  if [ $pass -eq 1 ]; then ARGS="$ARGS $1";
                else error $1; fi;;
        esac
        shift
    done
    if [ $pass -eq 1 ]; then ARGS=`getopt $opts $ARGS`
        if [ $? != 0 ]; then usage; exit 2; fi; set -- $ARGS
    fi
done

# Handle positional arguments
if [ -n "$*" ]; then
    echo "`cmd`: Extra arguments -- $*"
    echo "Try '`cmd` -h' for more information."
    exit 1
fi

# Set verbosity
if [ "0$VERBOSE" -eq 0 ]; then
    # Default, quiet
elif [ $VERBOSE -eq 1 ]; then
    # Enable log messages
elif [ $VERBOSE -ge 2 ]; then
    # Enable high verbosity
elif [ $VERBOSE -ge 3 ]; then
    # Enable debug verbosity
fi

The other interesting thing is that this template allows for multiple verbose flags (-v, -vv, -vvv, etc.) to specify different levels of verbosity – which can be a very handy thing for debugging a misbehaving script or controlling output from a subcommand.

Have other good tips for bash scripting? Share them in the comments!

View this template as a gist on github: https://gist.github.com/2765260

Disable the Customize Ribbon Option in Office 2010

June 29, 2012August 31, 2015 Josh Reichardt 116 Comments

So I recently had a specific request at work from a user, which, unless I note somewhere I am sure I will forget. Basically, the requester does not want to grant the ability for users to be able to change the default UI ribbon settings within Outlook 2010 or any other Office 2010 program. The easiest way to explain it is, the user wants to disable the “Customize Ribbon” option as pictured below.

While I don’t know of an exact way to accomplish to “grey out” this option I did find a way to wipe the ability out to adjust these settings within Group Policy. The setting is located in the following location within Group Policy Manager. The setting we are looking for is labeled Turn off user customization via UI.

User Configuration -> Administrative Templates -> Microsoft Office 2010 -> Global Options -> Customize -> Turn off user customization via UI

NOTE that you need to have the Office 2010 Group Policy templates installed on the machine you are attempting to set the policy from (if you have questions just let me know and I can follow up with instructions on how to do this). Here is what the setting looks like:

And here is what the updated Outlook “Customize Ribbon” option looks like:

Podcasts for System Administrators

June 25, 2012August 31, 2015 Josh Reichardt 6 Comments

Over the years I have slowly built up a collection of resources that I find valuable in keeping my skill set sharp and my abilities fresh. One of the best resources, for me anyways, happens to be listening to podcast’s. Podcast’s are a great learning tool, especially if you can get into the habit of listening to them frequently. It is surprising how much of the things from those podcast’s stick in my head. I tend to like listening to a podcast when I am driving or out by yourself on a walk/run or just doing some other physical activity. I have found that this is a great method for me to escape from work and clear my head by engaging in some sort of activity while listening to a podcast.

I have experimented and listened to a wide variety of podcasts during this period of time. Some of them have been less than great, but for the most part I think that I have found a good balance of technical and general level podcasts relating to a variety of topics within system administration and I feel like sharing the ones that I have gained the most from in the past few years.

So here is my list (in no particular order).

Security Now!
The title pretty much sums things up. This is a video podcast (but audio only is just as good IMO) that focuses in on what is happening in the world of security in IT and computing. There is a good mixture of broad technical information and news as well as great nitty gritty detail (for example deep dives into topics such as how TCP/IP works, which I highly recommend). The co-host Steve Gibson does a great job of explaining things in detail, especially when it comes to very complicated and complex topic. He has a brilliant way of making these topic easy to understand and not overly confusing. Even though Leo Laporte annoys the living shit out of me, he and Gibson make a good pair and do a good job covering security in such a way that makes the topics in this category interesting.

Hak5
This video podcast is billed as a hacker oriented podcast. A lot of interesting hacker and Linux topics are covered in this podcast as well as great in depth interviews among a variety of other things. I personally love the cast of this podcast, which I believe makes it more enjoyable to watch. I have learned probably more tips and tricks from this podcast than from any other and the format is in a style that is humorous as well as informative so it doesn’t usually get very boring. I highly recommend this podcast if you are interested in hacking or Linux or other cool, little known about topics of interest.

Packet Pushers
If you are a hardcore networking guy, then this is a great podcast for you! I have only recently been listening to this podcast but I can’t say enough good things about it. The material is just about as technical as you can get, which is great for me. The hosts and guests are top notch as well, as nearly if not all of them are prominent figures in the networking world. I don’t know how they do it, but every one of their shows seems to keep my attention even if they are discussing a topic that is over my head. I learn a ton from every episode I listen to and, as I said, if you have anything to do with networking then I would strongly suggest you check this podcast out.

RunAs Radio
This is another great sysadmin podcast plus Rich Campbell’s voice soothes me. The people on this podcast are top notch as well, the guests are always interesting and the content is also very detailed and technical. I have to admit that I tend to skip some of these just because they sometimes cover topics that don’t really pique my interest entirely but that being said, all of the shows are well done and informative and I’m sure would be of great value to others that had more of an interest in these areas. This podcast usually isn’t drawn out like others, which is another reason I like it because it doesn’t give me a headache after listening to it.

FLOSS Weekly
I just found this podcast and am excited to try it out, it looks like there is a ton of interesting stuff in this podcast. The main focus of the show is anything and everything open source. There are interviews with figures is the open source world as well as news and other open source tools. I will update this post once I listen to this podcast a few times to give more information about it.

PowerScripting Podcast
This show focuses on the world of Powershell. I find this show to be helpful for me because I work in a Windows environment and I absolutely love Powershell for administration, chastise me if you must. It is great to have a podcast that focuses on Powershell because I feel like it gives me an advantage over others just because I can keep an inside track on what kind of developments and other things are happening. This show covers news, interesting topics within the Powershell universe and also have interesting and informative guests on the show as well. If you are a Windows admin or have anything to do with Powershell, I suggest you check this podcast out.

Podnutz Pro
This podcast takes you into the world of small to mid size business administration. One of the co-hosts works for and MSP and goes through the details of his work. It is interesting to see the point of view of somebody working in an MSP admin role because it is much different than that of a typical sysadmin. There is a lot of good technical content in this show as well (can you tell I like the technical content?) and although there isn’t much in the way of outside guests for content they manage to do a pretty good job in finding interesting topics to cover in depth. I must warn though, this content can sometimes get a little bit dry as well as dragged out at times though because the hosts of the show are admins, not radio show hosts. Still recommended, just not all of it is as worthwhile as some other podcast’s.

The Linux Action Show!
Hands down the most informative Linux podcast I have come across. They cover relevant topics, interview people in the industry and just do a great job overall. The content they cover is interesting and the hosts of the show seem to be well informed and are entertaining as well. They are nerds but they are great hosts and don’t have any trouble delivering their content and keep things fresh. The delivery is crisp and smooth and their shows seem to flow very well. I highly recommend this podcast to anybody working with Linux on a daily basis or even for people new to the Linux scene, the shows are done in such a way that pros and newbies should both feel welcomed.

TechSNAP
This is another podcast that I was recently turned on to so don’t have much to report on this one yet. This show is similar to Security Now in some ways because it covers a lot of interesting security news. My favorite part about this show though is that its not overdone with ads and they really don’t go on too many tangents unrelated to IT. Another cool fact about the show is that some of the less common topics are covered, like a lot of talk about BSD and ZFS and how to use them, which has been helpful to me. I recommend this podcast for anybody that enjoys show like Security Now as it is fairly technical but is really interesting.

The UC Architects
This is a great show that is relatively new that I just recently picked up on. This show covers all things Unified Communication, focusing primarily on Lync and Exchange but also covers many other topics in the Microsoft world as well. There are some seriously smart people on this show as nearly all of the hosts and guests either are MVP’s, MCM’s or work for Microsoft. I like this show because I have found it gives a great glimpse into the UC world that is not really covered very well elsewhere, it is more of a niche I would say and this is the place to go if you have anything at all to do with Exchange, Lync or any other Microsoft UC product. This show has it all; in depth technical conversation, reviews, news and much more.

Stack Exchange Podcast
This podcast covers a number of interesting topics that revolve primarily around running a startup and everything that goes along with it. Great guest interviews, tips and tricks about Stack Exchange, and a wide range of topics. Here is a description from the site: “The Stack Exchange team gives you an unparalleled look inside the building and running of one of the web’s hottest startups: Stack Exchange. Instead of the typical podcast format, Jeff & Joel are joined by a different guest each week as they discuss the strategy and direction of Stack Exchange, the decisions they’ve made about the community and where things are going next.”

Healthy Paranoia
This is one of the newer IT related podcasts that I have found that I actually enjoy. It presents some very technical information yet it isn’t difficult to follow. The hosts and guests all have a solid foundation in security, so the quality of this podcast is pretty top notch. The topics are broad enough though that you don’t have to be a super hardcore security pro to follow them, therefore the topics are interesting and are usually very relevant to what system administrators deal with in many security related areas. I definitely recommend this podcast to any sysadmin that either has an interest in security or for any security pros out there looking to boost their knowledge, the show is accommodating and appealing to multiple different areas of IT.

BSD Now
A Weekly BSD Podcast – News, Interviews and Tutorials. “We advocate the use of FreeBSD, OpenBSD, NetBSD, DragonflyBSD and PC-BSD. Our show aims to be helpful and informative for new users that want to learn about them, while still being entertaining for the people who are already pros.”

DevOps Cafe
Interviews with interesting members of DevOps community.

The Joe Rogan Experience
Okay, so this podcast isn’t exactly geared towards system administrators necessarily but this show is really good and is hilarious (Joe Rogan is a professional comedian) and covers a variety of very interesting topics and features some genuinely funny, interesting and smart people. There are even some IT pros that have been on the show, check out episode #361 if you want to listen to the VP of Cloud Security at Trend Micro talk about coffee, for example. This podcast is a great addition to your collection if you want to learn something and be entertained but aren’t up for something that is too technical, its more of a show that you can just turn on and have in the background, which can be nice sometimes.

That’s it for now, I will be adding to and updating this list as I find more interesting podcast’s but I have to say these are among my favorites to listen to and watch right now. They all have some sort of unique quality to them yet they all tie into system administration one way or another. I’m sure there are other ones out there so if you know of any other good sysadmin podcast’s let me know and I will check them out and hopefully add them to this list.