Sunday, October 31, 2010

Exchange 2010 Remote Management using Powershell

I've been doing a lot of work recently with Exchange 2010 and Powershell and have come across this neat way of managing the Exchange Server within your network from a remote client PC without having to install the Exchange Management Tools and do it through the GUI.


You need to complete these commands from a Windows 7 client machine (or any machine that has Powershell installed) for it to work.


Firstly, you need to enable remote scripts to run on your Windows 7 machine by typing the following command from an elevated Powershell prompt:


Set-executionpolicy remotesigned
At this point, it's worth trying to input an administrative Exchange Powershell command into your client to see if it understands it. Try entering something like:  get-mailbox

Your Windows 7 client will come back with an error stating that the command is not recognisable as an internal Powershell cmdlet - this is correct as we haven't imported the Exchange 2010 session into the local client's Powershell Library yet

Once the 'set-executionpolicy remotesigned' command is completed, enter the following commands to get control of your Exchange 2010 server:
$session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://servername.domainname.local/PowerShell -Authentication Kerberos


(This command makes contact with the Exchange 2010 server and initiates a new Powershell session -don't forget to substitute your own servername and domainname into the line above!)
Import-PSSession $session

(This command then imports the new Powershell session into the local client library)


Now try to run the get-mailbox command again or any other Exchange 2010 Powershell command for that matter and you should now be able to work through administering your server remotely from your client pc!

Tuesday, October 26, 2010

DPM 2010 Monitoring Management Pack Released!

Finally the RTM version of the DPM 2010 Monitoring Management Pack has been released. There are some nice features around SLA based alerting and integration with your in-house ticketing systems.

Here's the link from Microsoft to download it:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32077d99-618f-43d0-843d-4ba4f8019f84&displaylang=en

Friday, October 22, 2010

Hyper V and SCVMM Missing Updates Script

I came across this really handy little script on Microsoft SCVMM Engineer JonJor's blog. This script is basically a reporting tool that checks all of the relevant Hyper-V, Failover Cluster, SCVMM, Bits,VDS, VSS,WMI and WinRM components for installed updates and reports back with any that are missing.

Most of these updates are generally deployed automatically using Windows Update but there are some that slip through the net and this tool will help you find them.

Make sure that you check back to the link below regularly for an updated script as the author continually makes changes and additions to it.

I've already resolved issues on two Hyper-V cluster sites just by installing the recommended updates from this report.

It's worth noting that you are best running the script from a folder on the root of the System Drive with no spaces in the name as I had some initial syntax issues when I named the folder something like 'Hyper V Updates', try naming it to 'missingupdates' or 'hypervupdates' to be sure it works first time.

Here's the link:

http://blogs.technet.com/b/jonjor/archive/2010/10/14/vmmupdate.aspx

Thursday, October 21, 2010

Using DPM 2010 to Restore a System State or Perform a Bare Metal Recovery for a Windows 2008 Server

Here's a step by step video from Microsoft's Shane Brasher on how to restore the system state of a Windows 2008 Server using DPM 2010.

http://www.microsoft.com/showcase/en/us/details/bb0b5339-445b-4298-8705-350f13227b93

And here's one detailing how to perform a Bare Metal Recovery of a Windows 2008 Server - the Bare Metal recovery is a new feature to DPM 2010 and will come in really handy in a non-virtualised environment or if you choose not to back up the entire VHD each day:

http://www.microsoft.com/showcase/en/us/details/bec0b1c6-d1fd-41f0-b4bc-df5791dfc68d

Always handy to know how to do this in case of emergency!

Tuesday, October 19, 2010

Windows 2008 R2 RADIUS with Cisco ASA

I came across an issue last week when a customer had retired their old Windows 2003 RADIUS server and replaced it with a new Windows 2008 R2 server. They had their Cisco ASA device integrated for Authentication of remote IPSec VPN clients to Active Directory through the RADIUS server.

When the old Windows 2003 server was removed and the new Windows 2008 R2 server went in, naturally, the RADIUS had stopped working and needed to be reconfigured.

After playing around with this problem for nearly half a day I found the solution wasn't too technical but more a step by step configuration of both sides of the Authentication process (RADIUS and Cisco ASA) needed to be carried out exactly as outlined below.

One of the main differences of the old RADIUS on the Windows 2003 Server versus the new Windows 2008 R2 server is that the Windows 2008 R2 Server uses the new Microsoft Network Policy Server to provide RADIUS and NAC (Network Access Control) to the network.

When the NPS component is deployed out of the box, it comes pre configured with some policies that can conflict with how you want your Cisco ASA to communicate with it and these policies will need to be deleted and recreated to get the Cisco to communicate with it.

The following blog post outlines exactly the process needed to properly configure your Cisco ASA with a Windows 2008 R2 RADIUS / NPS Server:

http://fixingit.wordpress.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/

Sunday, October 10, 2010

MBSA, SCOM and SCCM Connectors for Microsoft Visio

O.K., so I suppose for some people these products are old news but I came across them this week when creating detailed documentation for some clients and found the add on's they provide are quite useful and informative when creating Visio Network Diagrams for clients.

Basically, these add ons allow you to add MBSA security scan reports to your individual or collective servers and computers on any given LAN and can then change the color of your server stencil depending on the security staus of the machine - e.g. Red for Critical, Yellow for Information and Green for all good!

It will also update the properties of the stencil to tag in the MBSA report and provide better detail information too.

Here's the links to them if you're interested!

http://blogs.msdn.com/b/nickmac/archive/2008/04/14/microsoft-visio-toolbox.aspx

http://technet.microsoft.com/en-us/security/cc184925.aspx