Microsoft Exchange 2010 Configuration – Allow Larger Attachments

1.Organization Configuration

Organization Configuration | Hub Transport | Global Settings tab | Transport Settings |

2.Server Configuration

Server Configuration | Hub Transport | select a HT server | Receive Connectors -> select a connector | Properties |

3.Send Connector Configuration

Organization Configuration | Hub Transport | Send Connectors -> select connector | Properties |

4.Recipients Configuration

Recipients Configuration | Mailbox | select mailbox | properties | Mail Flow Settings | Message Size Restrictions|

5.Recipients Group Configuration

Recipients Configuration |Distribution Group | select Group | properties | Mail Flow Settings | Message Size Restrictions

6.Global Setting

Please use adsiedit to connect Configuration container :

Configuration container | Services | Microsoft Exchange |YourOrgName| Global Settings | Message Delivery | Properties,check the below values:

a. delivContentLength

b. SubmissionContentLength

c. msExchRecipLimit

7.Transport Rules

Organization Configuration | Hub Transport | Transport Rules

Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time

http://technet.microsoft.com/en-us/library/bb684892(EXCHG.80).aspx

DNS Scavenging

Scavenging is a feature that will remove expired records based on their time stamps.
Scavenging is not enabled by default.
Scavenging will NOT remove statically configured records, the ones you manually create unless you run dnscmd /AgeAllRecords, which will stamp them making them eligible for scavenging (more below on this). Without running this command, DNS will scavenge dynamically updated records that have reached their time stamp. To look at the time stamps of a record using Windows 2003 DNS, put the DNS console “view” in the menu to Advanced View, then look at the individual record properties, and you will see the time stamp. If using Windows 2008 or or newer, it will show up in the console as a separate column.

Vulnerability in SSL 3.0 Could Allow Information Disclosure

  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Group Policy You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Turn Off Encryption Support Group Policy Object.
    1. Open Group Policy Management.
    2. Select the group policy object to modify, right click and select Edit.
    3. In the Group Policy Management Editor, browse to the following setting:Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Explorer Control Panel -> Advanced Page -> Turn Off Encryption Support
    4. Double-click the Turn off Encryption Support setting to edit the setting.
    5. Click Enabled.
    6. In the Options window, change the Secure Protocol combinations setting to “Use TLS 1.0, TLS 1.1, and TLS 1.2“.
    7. Click OK.
  • Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer You can disable the SSL 3.0 protocol that is affected by this vulnerability. You can do this by modifying the Advanced Security settings in Internet Explorer.To change the default protocol version to be used for HTTPS requests, perform the following steps:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab.
    3. In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0Use TLS 1.1, and Use TLS 1.2 (if available).
    4. Click OK.
    5. Exit and restart Internet Explorer.

How to Autoredirect a Page with Java or HTML

<html>
<head>
<title>A web page that points a browser to a different page after 2 seconds</title>
<meta http-equiv="refresh" content="2; URL=http://example.com/services/computing/">
<meta name="keywords" content="automatic redirection">
</head>
<body>
If your browser doesn't automatically go there within a few seconds, 
you may want to go to 
<a href="http://example.com/">the destination</a> 
manually.
</body>
</html>

…or it can done with JavaScript. This JavaScript example opens the new site in a new browser window after a 4.5-second (4500 ms) delay:

 <script language="javascript" type="text/javascript">
     <!--
     window.setTimeout('window.open("http://example.com/","newsite")',4500);
     // -->
 </script>

OWA Showing Blank Page

I am presented with the OWA Authentication page and enter my credentials and then it throws an “HTTP 500” error instead of opening the mailbox.

You tried to issue an “IISReset /NoForce” and even rebooted the server and still see the symptom.

So the issues is typically caused by the “Microsoft Exchange Forms-Based Authentication” service being in a stopped state. Starting the service immediately fixes the issue.

Equallogic Fun

Well I got some new hardware in. This has allowed me to play with some various configuration settings – settings that I wish I had known about some years earlier.

Above, you can see where I’ve got two members, ONR1, and ONR2 in differing RAID formats, connected (below) the same storage pool,

Below you can see the volumes setup on the storage pool.

After some time, you’ll see that the volumes redistributed across the two sans.

Pretty sweet eh?

Fix Software RAID Windows 2k3

If you’ve intentionally – or unintentionally lost your primary drive in Windows 2003 Software RAID, here’s how you’d get it back.

Load up the 2k3 Install disk

Press “r” for recovery mode

Select your installation

Enter your password

chkdsk /p

bootcfg /rebuild

Adding Disk to Centos LVM

While you can just create a pv out of raw block device I normally try to avoid it as it can cause confusion as to what the block device is being used for. It may also break some of the auto discover routines that LVM can use if it’s missing it’s configuration files.

Here’s an example of using parted to create a GPT with 1 partition that is the whole drive and set the partition flag to be lvm. The mkpart requires that you specify a file system but it doesn’t create the file system. Seems to be a long standing bug in parted. Also the start offset of 1M is to ensure that you get proper alignment.

parted /dev/sdb
mklabel GPT
mkpart primary ext2 1M 100%
set 1 lvm on
quit
pvcreate /dev/sdb1
pvdisplay
vgcreate vg_*name* /dev/sdb1 /dev/sdc1 /dev/sdd1
vgdisplay
lvcreate –extents 100%FREE -n lv_*name* vg_*name*
lvdisplay
mkfs.xfs -f /dev/mapper/vg_*name*-lv_*name*
df -ah

Removing Syslogd Installing Rsyslog and Configure to Splunk

yum shell
remove sysklogd
install rsyslog
run
exit

vi /etc/rsyslog.conf
paste in the below:
# ### begin forwarding rule ###
# The statement between the begin … end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
$WorkDirectory /var/lib/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @@your splunk server:514
# ### end of the forwarding rule ###

chkconfig rsyslog on
service rsyslog restart

VMware Weird Latency Dell R815 Broadcomm Nic

So we were having this weird latency issue with our new R815’s and the Broadcomm nics utilizing iSCSI on a segregated lan.

Turns out we needed the BCM-NetXtremeII-5.0-offline_bundle-940344.zip driver imported into update manager, a reboot later, we were all happy!