Daily IT Matters, this is the place where I post my daily findings on IT.

Thursday, October 30, 2008

Monitoring your windows servers with email alerts from the commandline

This is something that you will have to face allways.
You must monitor all servers that are under your command this way ensuring that servers keep on running happily.

For this I use the builtin perfmon and I use the opensource application SendEmail [you can download it here]
SendEmail is just an exe you don’t have to install it, just put in a folder lets say [ D:\SendEmail ]
I use a complete seperate machine to monitor my network this way I keep the load off from monitoring and this ensures the most accurate data.

In this example I want to monitor the free space on the c:\ drive of a remote server called “Fileserver”
On the machine from which you want to monitor start perfmon just hit [winkey + r and type perfmon] this is the quickest way.

image

 

You will see this screen:

image

In the left hand side expand performance logs and alerts.

image

Right click alerts and choose [New Alert Settings]

 

image

 

give your alert a meaningfull name

image

And Hit [OK]

Fill in the comment field with a meaningfull comment :-) and hit the [Add] button to add a counter.

image

The radiobutton Select counters from computer, select the performance object ‘LogicalDisk’ and Select the instance C: then click “Add”  and then “close”


image

You should now see this screen: set it like shown it will trigger an Alert when the c drive is under 500 MegaBytes. and this is sampled every hour.

 image

Now select the “Action” tab
image  
You see that I placed a checkmark at “Log an entry in the application event log”
And that I placed a checkmark at “Run this program”
I always want important events in the windows eventlog so that is why I checkmarked “Log an entry in the application event log”
With “run this program”  I let a batch run in this batchfile I fire SendEmail.

We will create this batchfile now:
First we need to find out what syntax SendEmail understands.

Open an commande prompt [winkey + r and then type cmd] and go to the folder containing the SendEmail executable.
Mine is set on drive x: I did create a network mapping for it.

so in the command prompt on x: I type SendEmail and that gives me the following options.


Synopsis: sendEmail -f ADDRESS [options]

Required:
-f ADDRESS from (sender) email address
* At least one recipient required via -t, -cc, or -bcc
* Message body required via -m, STDIN, or -o message-file=FILE

Common:
-t ADDRESS [ADDR ...] to email address(es)
-u SUBJECT message subject
-m MESSAGE message body
-s SERVER[:PORT] smtp mail relay, default is localhost:25

Optional:
-a FILE [FILE ...] file attachment(s)
-cc ADDRESS [ADDR ...] cc email address(es)
-bcc ADDRESS [ADDR ...] bcc email address(es)
-xu USERNAME username for SMTP authentication
-xp PASSWORD password for SMTP authentication

Paranormal:
-b BINDADDR[:PORT] local host bind address
-l LOGFILE log to the specified file
-v verbosity, use multiple times for greater effect
-q be quiet (i.e. no STDOUT output)
-o NAME=VALUE advanced options, for details try: --help misc
-o message-file=FILE -o message-format=raw
-o message-header=HEADER -o message-charset=CHARSET
-o reply-to=ADDRESS -o timeout=SECONDS
-o username=USERNAME -o password=PASSWORD
-o tls= -o fqdn=FQDN

Help:
--help the helpful overview you're reading now
--help addressing explain addressing and related options
--help message explain message body input and related options
--help networking explain -s, -b, etc
--help output explain logging and other output options
--help misc explain -o options, TLS, SMTP auth, and more




This is how my batchscript looks like



x:

SendEmail -f alert@mydomain.org -t ict@mydomain.org -u alert %1 -m "Alert %1 !" -s mymailserver


exit



In the firstline I go to X: this is where my SendEmail folder is.

In the secondline I actually fireup SendEmail.


-f this is the from address


-t this is the to address


-u this the subject line: You’ll notice the %1 in %1 the batchscripts reads the first argument that is given when starting  the alert I’ll explain this later. 
-m is the message body.


-s is the mailserver




The script is now ready save it where it can be found easily.

(I store all my running scripts in a production environment in folder called active scripts, decommisioned scripts I store in a folder called inactive scripts)




Now I’ll explain the %1 this is an variable that stores the argument that was given when starting the batchscript.

On the Action Tab in you’ll see a button called “command line arguments” click it now you will see this screen



 



image



The checkbox “Single Argument String” means that the script is called with 1 argument so you can only use %1 because you only have a single argument.

If you deselect it the check arguments are all in different variables %1 will be the name of the Alert %2 will be the date and time %3 measured value you’ll get the idea.





I want all the data in 1 string and I want all arguments.





Now hit “OK”



Now when the alert is triggered we get an email with all the data we need.




I hope this helps you in monitoring your servers.

Tuesday, October 21, 2008

How to delete the deleted Items folder in Exchange 2003

 

I had a problem that users used the deleted Items as a filing cabinet.
This is how we got rid of that J

There are 2 ways accomplishing this task one is via GroupPolicy and one is through Exchange System Manager.
In this article I’ll discuss the latter because I love to use the tools builtin in ESM.

Go to ESM

clip_image002[9]

Then go to the folder recipients in ESM and hit the right mousebutton.
And choose [Recipient Policy]

clip_image004[8]

The dialogbox New Policy appears check the checkbox [Mailbox Manager Settings] and hit [OK]
clip_image006[8]

Now give the Policy a meaningfull name
clip_image008[8]
And Hit the [Modify] button because I want this policy only to be applied to the office department in Amsterdam.
I’ll show you how I can do that.
In the find Exchange Recipients dialogbox go to the dropdownbox find and choose Custom Search.

clip_image010[8]

In the Custom Search Tab choose Contact and select Department.
(I use in ADUC the organization tab and I fill the department field with Amsterdam for users in the OU Amsterdam)

clip_image012[8]

clip_image014[8]

Now click [Add]

The filter will appear in the condition list and we can hit the [OK] button
clip_image016[8]

You’ll get a message
clip_image018[8]

You can hit [OK]

When you use a custom search your ldap query is very short.

(&(objectCategory=contact)(department=Amsterdam))

If I would have used the exchange recipients my query would look like this.
(&(&(&(& (mailnickname=*)
(|
(&
(objectCategory=person)
(objectClass=user)
(!(homeMDB=*))
(!(msExchHomeServerName=*)))
(&
(objectCategory=person)
(objectClass=user)
(|(homeMDB=*)
(msExchHomeServerName=*)))
(&
(objectCategory=person)
(objectClass=contact))
(objectCategory=group)
(objectCategory=publicFolder)
(objectCategory=msExchDynamicDistributionList) )))
(objectCategory=user)(department=Amsterdam)))

We now go to the actual Settings TAB [Mailbox Manager Settings (Policy)]

In the dropdown list [When processing a mailbox] I chose Delete Immediately.
You can also let a report be generated but that is not what we want.
clip_image020[8]
Only set the checkbox for Deleted Items and I edited the rule like this

clip_image022[8]

This way all Items older than 30 days are deleted.
The policy is set and we have completed the first part, now we have to go to the mail server in ESM which is under Administrative groups,

clip_image024[8]

When you select the server hit the right mouse button and choose properties.
Then go to the TAB [Mailbox Management]

clip_image026[8]
Choose the settings you like but let it not interfere with a backup or defragment process which both should run every night (at least in my case it is)

I hope this helps you in getting rid of those users who use the deleted items folder as a filing cabinet.

Monday, October 13, 2008

Friday, October 03, 2008

Microsoft Hyper-V Server FREE

Microsoft Hyper-V Server 2008 provides a simplified, reliable, and optimized virtualization solution, enabling improved server utilization and reduced costs. Since Hyper-V Server is a dedicated stand-alone product, which contains only the Windows Hypervisor, Windows Server driver model and virtualization components, it provides a small footprint and minimal overhead. It easily plugs into customers’ existing IT environments, leveraging their existing patching, provisioning, management, support tools, processes, and skills.

Key Benefits
  • Improved server utilization
  • Small footprint
  • Minimal overhead

IT Pros can easily to leverage their existing knowledge and skills with Microsoft virtualization products, as well as the collective knowledge of the community, minimizing any learning curve. In addition, with Microsoft providing comprehensive support for Microsoft applications and heterogeneous guest operating systems, customers can virtualize with confidence and peace of mind.

When to Use Hyper-V Server 2008

Microsoft Hyper-V Server 2008 is a great choice for customers who want a basic and simplified virtualization solution for consolidating servers as well as for development and test environments. Hyper-V Server 2008 only offers the most basic of virtualization features, making it ideal for:

  • Test and Development
  • Basic Server Consolidation
  • Branch Office Consolidation
  • Hosted Desktop Virtualization (VDI)

Customers who require richer and more robust virtualization features, such as Quick Migration, multi-site clustering, large memory support (greater than 32 GB of RAM), and more than four processers on the host server, should use Windows Server 2008. Windows Server 2008 provides business continuity, disaster recovery, greater scalability for consolidating large workloads, and flexible and cost-effective virtualization rights (one free virtual instance for Standard Edition, four free virtual instances for Enterprise Editions, and unlimited virtual instances for Datacenter Edition with the purchase of a license of Windows Server 2008).

The following table outlines which Hyper-V–enabled product would suit your needs:

Virtualization Needs

Microsoft Hyper-V Server 2008

Windows Server 2008 Standard

Windows Server 2008 Enterprise

Windows Server 2008 Datacenter

Server Consolidation

Available Available Available Available

Test and Development

Available Available Available Available

Mixed OS Virtualization (Linux and Windows)

Available Available Available Available

Local Graphical User Interface

  Available Available Available

High Availability—Clustering

    Available Available

Quick Migration

    Available Available

Large Memory Support (Host OS) > 32 GB RAM

    Available Available

Support for > 4 Processors (Host OS)

    Available Available

Ability to Add Additional Server Roles

  Available Available Available

Guest Virtualization Rights Included in Host Server License

None—Each Windows Guest VM Requires a License

1 Physical + 1 VM*

1 Physical + 4 VMs*

1 Physical + Unlimited VMs (Free)

* Each additional Windows guest VM requires a license.

If you need to acquire and host new server licenses, Windows Server 2008 Standard, Enterprise, and Datacenter provide the best value.

Tuesday, September 30, 2008

[Solved] The Group Policy client-side extension Internet Explorer Zonemapping failed to execute

I had the error below in my application eventlog.

 

image

 

Event Type:    Error
Event Source:    Userenv
Event Category:    None
Event ID:    1085
Date:        30-09-2008
Time:        15:20:30
User:        NT AUTHORITY\SYSTEM
Computer:    TBG-TS01
Description:
The Group Policy client-side extension Internet Explorer Zonemapping failed to execute. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

My problem was with my site to zone assignment list I used a wildcard like this: “*microsoft.com” but what you need to do is this “*.microsoft.com
So it is safe to say that the documentation from microsoft needs some sort of an update stating that you can only use a wildcard infront of dot.

Below is the microsoft explaination:

 

This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.

Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)

If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:

Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.

Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.

If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.

If this policy is not configured, users may choose their own site-to-zone assignments.

Google