2015. november 24., kedd

LVM extension

Adding a new raid storage to an existing LVM volume. Real life example. Two new disks added to a raid mirror first.


root@mylinux:~# mdadm --create /dev/md3 --level=1 --raid-devices=2 /dev/sdd1 /dev/sde1

 root@mylinux:~# vgdisplay vg1
  --- Volume group ---
  VG Name               vg1
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1.80 TiB
  PE Size               4.00 MiB
  Total PE              471654
  Alloc PE / Size       471654 / 1.80 TiB
  Free  PE / Size       0 / 0
  VG UUID               iIXHn9-h7s1-6oMw-uFvl-BJMk-Jc8N-lEBRX4

root@mylinux:~# lvdisplay vg1
  --- Logical volume ---
  LV Path                /dev/vg1/home
  LV Name                home
  VG Name                vg1
  LV UUID                CcQBbz-2GAZ-TwWm-zVva-RsRW-j1H9-L6djE6
  LV Write Access        read/write
  LV Creation host, time server, 2014-02-26 14:26:05 +0100
  LV Status              available
  # open                 1
  LV Size                1.80 TiB
  Current LE             471654
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           252:0

root@mylinux:~# pvdisplay
  --- Physical volume ---
  PV Name               /dev/md2
  VG Name               vg1
  PV Size               1.80 TiB / not usable 4.81 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              471654
  Free PE               0
  Allocated PE          471654
  PV UUID               cnWVNt-iawf-fJxq-wgm9-dnmb-rB4y-ij5Oyg

  --- Physical volume ---
  PV Name               /dev/md1
  VG Name               VG0
  PV Size               18.61 GiB / not usable 4.88 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              4763
  Free PE               0
  Allocated PE          4763
  PV UUID               3QdqNr-g6yH-fnL6-5jEf-Jt1k-h03Y-2HPz0v


root@mylinux:~# pvcreate /dev/md3
  Physical volume "/dev/md3" successfully created
root@mylinux:~# pvdisplay
  --- Physical volume ---
  PV Name               /dev/md2
  VG Name               vg1
  PV Size               1.80 TiB / not usable 4.81 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              471654
  Free PE               0
  Allocated PE          471654
  PV UUID               cnWVNt-iawf-fJxq-wgm9-dnmb-rB4y-ij5Oyg

  --- Physical volume ---
  PV Name               /dev/md1
  VG Name               VG0
  PV Size               18.61 GiB / not usable 4.88 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              4763
  Free PE               0
  Allocated PE          4763
  PV UUID               3QdqNr-g6yH-fnL6-5jEf-Jt1k-h03Y-2HPz0v

  "/dev/md3" is a new physical volume of "3.64 TiB"
  --- NEW Physical volume ---
  PV Name               /dev/md3
  VG Name
  PV Size               3.64 TiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               dQiWVr-yKXE-3l7s-2s1x-y8TD-E1w4-GCc8aF

root@mylinux:~# vgdisplay
  --- Volume group ---
  VG Name               vg1
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1.80 TiB
  PE Size               4.00 MiB
  Total PE              471654
  Alloc PE / Size       471654 / 1.80 TiB
  Free  PE / Size       0 / 0
  VG UUID               iIXHn9-h7s1-6oMw-uFvl-BJMk-Jc8N-lEBRX4

  --- Volume group ---
  VG Name               VG0
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               18.61 GiB
  PE Size               4.00 MiB
  Total PE              4763
  Alloc PE / Size       4763 / 18.61 GiB
  Free  PE / Size       0 / 0
  VG UUID               ifFvFY-yt9A-w5g8-af3G-4Kf1-AJdn-Z7531i


root@mylinux:~# vgextend vg1
  Please enter a physical volume path
  Run `vgextend --help' for more information.
root@mylinux:~# vgextend vg1 /dev/md3
  Volume group "vg1" successfully extended
root@mylinux:~# vgdisplay
  --- Volume group ---
  VG Name               vg1
  System ID
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               5.44 TiB
  PE Size               4.00 MiB
  Total PE              1425483
  Alloc PE / Size       471654 / 1.80 TiB
  Free  PE / Size       953829 / 3.64 TiB
  VG UUID               iIXHn9-h7s1-6oMw-uFvl-BJMk-Jc8N-lEBRX4

  --- Volume group ---
  VG Name               VG0
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               18.61 GiB
  PE Size               4.00 MiB
  Total PE              4763
  Alloc PE / Size       4763 / 18.61 GiB
  Free  PE / Size       0 / 0
  VG UUID               ifFvFY-yt9A-w5g8-af3G-4Kf1-AJdn-Z7531i


root@mylinux:~#
root@mylinux:~# lvextend -L+3.6TiB /dev/vg1/home
  Rounding size to boundary between physical extents: 3.60 TiB
  Extending logical volume home to 5.40 TiB
  Logical volume home successfully resized

  root@mylinux:~# vgdisplay
  --- Volume group ---
  VG Name               vg1
  System ID
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  4
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               5.44 TiB
  PE Size               4.00 MiB
  Total PE              1425483
  Alloc PE / Size       1415373 / 5.40 TiB
  Free  PE / Size       10110 / 39.49 GiB
  VG UUID               iIXHn9-h7s1-6oMw-uFvl-BJMk-Jc8N-lEBRX4

  --- Volume group ---
  VG Name               VG0
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               18.61 GiB
  PE Size               4.00 MiB
  Total PE              4763
  Alloc PE / Size       4763 / 18.61 GiB
  Free  PE / Size       0 / 0
  VG UUID               ifFvFY-yt9A-w5g8-af3G-4Kf1-AJdn-Z7531i

root@mylinux:~# xfs_growfs /dev/vg1/home
meta-data=/dev/mapper/vg1-home   isize=256    agcount=32, agsize=15092928 blks
         =                       sectsz=4096  attr=2
data     =                       bsize=4096   blocks=482973696, imaxpct=5
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0
log      =internal               bsize=4096   blocks=235827, version=2
         =                       sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 482973696 to 1449341952


root@mylinux:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VG0-per    19G  2.5G   17G  14% /
none                  4.0K     0  4.0K   0% /sys/fs/cgroup
udev                  3.9G  4.0K  3.9G   1% /dev
tmpfs                 795M  6.5M  789M   1% /run
none                  5.0M     0  5.0M   0% /run/lock
none                  3.9G     0  3.9G   0% /run/shm
none                  100M     0  100M   0% /run/user
/dev/sdc1             3.7T  1.9T  1.8T  52% /backup
/dev/mapper/vg1-home  5.4T  1.8T  3.7T  32% /home

2015. november 14., szombat

APC Smart-UPS plan

Sometimes it's not easy to plan a complicated UPS shutdown and startup scheme. Here are some pictures about the settings if a SmartUPS X-3000 and its management software. The UPS itself has 3 outlets, two dedicated for servers, hosting virtual machines, and one for the network devices (switches) which always have to shuwdown last and startup first. These settings are optimized by me.

General settings

A nice graphical tool to set the processes...
...in the menu of Shutdown / Outlet sequence
How could the management host, connected to the UPS via USB, shutdown the other servers? It's not a trivial question. The answer is the default.cmd. That's executed by the management software when the general shutdown process is started. Its original content and my additions are the following:

@echo off
rem
rem   Maximize for best viewing
rem   This command file provides examples of proper command file syntax
rem
rem   Command Files run by PowerChute Business Edition must be placed in this directory.
rem
rem   Use the full path name of executable programs and external command files.
rem
rem   The @START command must be used to run executable programs (see example below).
rem   For the @START command, path names that include spaces must be enclosed in quotes;
rem   arguments for the executable must be outside the quotes.  A double quote must
rem   precede the quoted path name.  For example, to execute a command file in
rem   c:\Program Files\APC\PowerChute Business Edition\agent\cmdfiles called myShut.exe,
rem   the following line should be entered in the command file:
rem
rem   @START "" "c:\Program Files\APC\PowerChute Business Edition\agent\cmdfiles\myShut.exe"
rem
@echo on
NET USE \\my-backup\IPC$ MyPa$$word /USER:my\administrator
shutdown /s /m \\my-backup /c "UPS INITIATED SHUTDOWN!" /t 15



2015. október 14., szerda

Veeam Backup & Restore 8.0 installation

I've run into this beauty recently:
[Host] Failed to install deployment service.
The Network path was not found
--tr: Failed to create persistent connection to ADMIN$ shared folder on host [Host].
--tr: Failed to install service [VeeamDeploymentService] was not installed on the host [Host].

Discussed here or here or here
Of course I had everything okay, I reached ADMIN$ share, had Remote Registry Service started and so on, all the other stuff. Found an interesting workaround:
"What happens if you deploy required packages on that server manually, and try to add it to a console afterwards? Required packages are VeeamHvIntegration.msi and VeeamTransport.msi that are located in C:\Program Files\Veeam\Backup and Replication\Backup\Packages. "
Sadly it didn't help either. Finally I got the clue here: "Creating another domain admin credentials fixes the problem."
I don't understand why in hell it failed to install with the default domain administrator but anyway, who cares. Just another a few hours to waste. So create a dedicated domain admin, e.g. veeamdeployer, with a super secure password.

Whooha, success.
My first mighty Veeam Backup backup is in progress!
File Level Restore from a Linux VM is an awesome feature from Veeam

2015. szeptember 28., hétfő

Playing around with pattern subtitution

The other day I was given a cool task that I should replace the every second occurance of a character in a line. If there are only one of that special char (e.g. a colon) then do nothing. The list itself had tousands of newlines. Digging deep into this task I've collected some nice tricks around the net I wanted to record here.
#!/bin/bash

xxx="This:is:a:test"
echo "0:" `grep -o ":" <<< "$xxx" | wc -l ` # simple count
y="${xxx//[^:]}"        #pattern matching, y= all the chars that matches the char itself
echo "1: " "$y" # prints :::
echo "2: " ${#y} # stands for the lenght of a string = 3
echo "3: " `echo $xxx | awk -F":" '{print $NF}'` # finds the last occurence and cut the original string after there = test
echo "4: " `echo $xxx | awk -F":" '{print length($0)-length($NF)}' ` # similar to above but prints the found char position in the string = 14
end=${xxx##*:}
echo "5: Last : is in column $((${#xxx} - ${#end}))" # same as above
echo "6: " `sed 's/\(.*\):.*/\1/' <<< $xxx` # cuts the string at the last occurence of : and prints the first part
echo "7: " `sed 's/.*\:/\ /g' <<< $xxx` # cuts the string at the last occurence of : and prints the rest = test
echo "8: " `sed 's/\(.*\):/\1!/' <<< $xxx` # replaces the _last_ occurence of : with a !
echo "9: " $xxx| sed 's/t$/!/' # same as above what have to specify the last char
echo "10: " $xxx| sed 's/:/!/2' # replaces the second occurence of : with !
echo "11: " ${xxx##*:} # cuts the string at the last : and prints the rest = test
echo "12: " "${xxx#*:}" # cuts out the first word, prints the rest = "is:a:test"
echo "13: " ${xxx%:*}!!!${xxx##*:} # replaces the last occurence of : with the string: !!!
echo "14: " "${xxx%?}!"  # replaces the very last character of the string with !
echo "15: " ${xxx%:*} # cuts out the last part of the string using separator : ,selecting the first parts.
echo "16: " $xxx | sed "s/:[^:]*$//"  # cuts out the last part of the string using separator : ,selecting the first parts.
echo "17: " `sed -r "s/([^:]*:){2}//" <<< $xxx` # removes the first two parts separeted by : and prints the rest= "a:test"
echo "18: " "${xxx/:/!}" # replace the first occurence without using sed
echo "19: " "${xxx//:/!}" # replace all occurences of : without using sed
echo "20: " ${xxx:5:2} # for the sake of completion, prints = is. (2 chars from the 6th char)
echo "21: " ${xxx,} # converts the first char to lowercase
echo "22: " ${xxx,,} # concerts all to lowercase
echo "23: " "${0##*/}" # prints the name of the script without using basename
#echo $xxx | awk -F: '{print $1 $2 FS $3 $4}'

2015. szeptember 24., csütörtök

How to perform an automated brick-level (mailbox level) Exchange 2003 backup

Ohh those were the easy, happy and uncomplicated times when people used Windows 2003 SBS and Exchange 2003 servers. Even if it's EOL now there are still many companies out there where managers don't give a heck to security considerations and warnings.
Restoring a relatively large Exchange database from ntbackup is one of those things that none of the sysadmins are raving about. I mean, restoring the whole database just because a skilled user accidentally deleted an "extreme-important-and-high-business-valuable" email.
It's a known sad fact that Exchange 2003 lacks the feature of keeping soft-deleted items in the database for the retention period. So in the above example you don't have any other choice than restoring everything into a second recovery database. That would be funnier if your server partitions are going full and you have no free space to fill with a second multi-gigs database.
One solution would be to use Exmerge but scripting it is maybe the largest pain in the ass I've ever seen and it still can't export mailboxes larger than 2Gigs. Forget it.
But here is my genious method to backup your users emailing daily. All you need is a Windows backup PC on the network with two hard drives: a smaller for your system partition and a larger one to store the backups. And, an Outlook 2010 installed in that system. (Ehm, just a sidenote: you don't need to activate that Outlook anyway.)

First, you need an account which has all the necessary rights to export databases. Create a user named, for example, exmerge with a super-secure password. Just to be an the safe side and be careless enough, add it to your Administrators group.
Open your System Manager and give all rights to exmerge on your Mailbox Store.




That was everything on your server. Go to your backup PC. Open your Outlook 2010 and set up the account of your exmerge user. Older versions of Outlook are no good because they don't cache shared mailboxes for offline use.
Having done, go and get a coffee.Then:

  •     In Outlook click File tab in the Toolbar
  •     Click Account Settings button, select Account Settings
  •     Select the E-Mail tab
  •     Highlight your mailbox, click the Change button
  •     Click the More Settings button
  •     Select the Advance tab
  •     Click the Add button
  •     Type the first characters of your first user's name and let Outlook resolve it with Add button.
  •     Repeat previous step again and again for all the users in your organization
  •     Click the Apply and Ok buttons
  •     Click Next, Finish, and Close buttons
Now let this PC alone and don't touch it during the next 24 hours. Hopefully one day will be enough to download all the emails your users have. It's a good idea to encrypt both hard disks in this machine because, as you may guessed already, all those highly confidental emails will get in those Outlook and your local system hard disk. The exact location you can find that cache file having .ost extension at is something like:
C:\%your user profile%\Local Settings\Application Data\Microsoft\Outlook\Outlook.ost
It will grow pretty large, similar to the size of your exchange priv1.edb file.

Okay, one day later you will have all emails cached and the Outlook GUI responsible again. Now you need a simple scheduled .bat to start Outlook. Outlook needs a few quiescent hour to syncronize all mailboxes. Let it do its jobs.
Some hours later stop it gracefully via, e.g. a runme.bat file including:
@echo off
cscript "c:\scripts\CloseOutlook.vbs"
:EXIT

and that CloseOutlook.vbs contains:
Dim oOL
Set oOL = CreateObject("Outlook.Application")
oOL.Quit

Then grab your whole folder on your C: (if you want to be sure) and copy it with a cleverly parametered xcopy or with any free backup software (e.g. Cobian Backup) onto your second drive. Don't run out of space! Make sure you keep just the sufficent number of versions of the .ost file.
How to restore? It's easy! DO NOT START your Outlook! Instead, open your Control Panel and find Mail. Open it and select Email accounts.

  • Select the Exchange account, and then click Change.
  • Click More Settings. 
  • Choose whether to work offline or online each time you start Outlook     Click Manually control connection state, and then select the Choose the connection type when starting check box.
  • Exit
  • Start your Outlook and select Offline mode.
  • Find the missing emails within the mailbox in question.
  • I am a hell damn genious!



2015. szeptember 18., péntek

How to re-check a resized virtual disk in linux

To recognize a newly added disk:

root@host:#echo "- - -" > /sys/class/scsi_host/host*/scan

To recognize the modified size of old disk:

root@host:# fdisk -l

[...]
Disk /dev/sdb: 11.7 GB, 10737418240 bytes
[...]

Disk /dev/sdb: 214.7 GB, 214748364800 bytesroot@host:# ls /sys/class/scsi_disk/
0:0:0:0  0:0:1:0
root@host:# echo '1' > /sys/class/scsi_disk/0\:0\:1\:0/device/rescan
root@host:# fdisk -l

[...]

Disk /dev/sdb: 236.5 GB, 214748364800 bytes

2015. szeptember 15., kedd

Exchange Survival Kit 3. - hardening and log searching

If your servers have any sensitive data about their services (e.g. version numbers) to hide from from the wide world then you definitely want to change some default settings. First, it's adviseble to change your default Exchange SMTP banners and HELO string to hide your long and ugly default intro string.

For the Send Connector(s):

Open your EAC - Mail Flow - Send Connectors - Select your SEND connector and click on Scoping. On the bottom, find FQDN field and fill it implicitly.


For the Receive Connector(s):

You won't be able to change your internal hostname to your FQDN because your will get an obfuscating error. The phenomenon and the solution detailed in this blog. It's a nice trick but personally I don't care about keeping the timestamp and so on. What's more, I don't think anyone care about them.
So simply open your Exchange Powershell and:
Get-ReceiveConnector|select identity,bindings
Find your connector which bound to port 25 and:
Set-ReceiveConnector <ConnectorIdentity> -Banner "220 go ahead and make my day."

Hide your client's IP 


"In practice that means if you sent an email from Outlook, Outlook Web App (OWA) or an ActiveSync-connected smartphone while on the Corporate Wi-Fi, your device’s Corporate Wi-Fi IP address will be contained in the email. If you were connected to your home Internet at the time, your (public) home Internet IP address will be in the email.
This may give a recipient, or any party snooping up the email while in transit, decent clues of the network you were connected to and the whereabouts of your staff and you. " (all credits go to Will Neumann including the pics)





Searching logs for emails

An example worth thousand words! Note the tricky subject selector expression: selects both the "robbery" subjects AND the empty subjects. (because of the -or operator)

Get-MessageTrackingLog -Server [YOUR.CAS.SERVERNAME] -ResultSize Unlimited -Recipients [your.user@domain.com] -Start "9/12/2015 08:59:59" -End (Get-Date).AddHours(-72) | where{$_.sender -like "*@sender.com"}|where{$_.eventid -like "*eceiv*"}|Where-Object {$_.MessageSubject -match "robbery" -or $_.MessageSubject -notlike ""} select eventid,sender,recipients,messagesubject,timestamp -autosize | ConvertTo-Html > "C:\reports\track.html"

It hits and displays the first AND/OR (disjunction again, my favourite operation!) second matched recipients in a GUI:

Get-MessageTrackingLog -recipients john.snow@got.com,aragorn@mordor.org | select-object eventid,timestamp,messageid,sender,recipient,messagesubject | out-gridview

2015. augusztus 28., péntek

Exchange 2013 Survival Kit 2. - restore and purge

Just found a great MS doc that efficiently explains the basics of how Exchange 2013 handles Recoverable Items Folder. In short: if one user asks you to restore some accidentely deleted and purged email, you no more need to restore the whole database from Windows Backup and mount it to be able to restore the whole mailbox into a former state. At least, in theory.
If you are lucky enough your user remembers the properties of the emails he purged:
- the senders names, or
- the subject strings, or
- the date interval in which the email(s) was.
Unfortunately, Exchange 2013 can't restore a subfolder in your mailbox. Find out why here.
"This seems like it would be a simple enhancement into the cmdlet since the attribute exists on the mail item object.  It would be my vote to make this enhancement since it make single-item restores almost worthless if a folder is accidentally deleted. [...] Thanks for making my life more difficult than it needs to be Microsoft."
(/me also grateful.)

Clearing a Recoverable Items Folder while Single Item recovery is enabled is a bit problematic. See Use the Shell to clean up the Recoverable Items folder for mailboxes that are placed on hold or have single item recovery enabled

Easiest way to export only the Recoverable Items Folder from the mailbox to a .pst:
New-MailboxExportRequest -mailbox joecool -filepath \\localhost\backup\joe.pst -IncludeFolders "Recoverable Items"
An other interesting method explained here using In Place eDiscovery but there are some limitations. According to MS: "You can use In-Place eDiscovery in the Exchange admin center (EAC) to search for missing items. However, when using the EAC, you can’t restrict the search to the Recoverable Items folder. Messages matching your search parameters will be returned even if they’re not deleted. After they’re recovered to the specified discovery mailbox, you may need to review the search results and remove unnecessary messages before recovering the remaining messages to the user’s mailbox or exporting them to a .pst file.
For details about how to use the EAC to perform an In-Place eDiscovery search, see Create an In-Place eDiscovery search. "
Frankly, I've never done a search like this in EAC. Instead, doing a similar thing in Powershell:
First, search your RIF and place the results to Discovery mailbox.
Search-Mailbox "Joe Cool" -SearchQuery "from:'Sam Knows' AND keyword1" -TargetMailbox "Discovery Search Mailbox" -TargetFolder "JoeRecovery" -LogLevel Full Second, search the Discovery again with the same phrase and put the results back into your user (or anyone's) mailbox. The results will show in a strange folder structure: in the upper level there is a short report about the search, a .csv attached with the matching files and somewhere deep in the folders you will find the actual mails.
Search-Mailbox "Discovery Search Mailbox" -SearchQuery "from:'Sam Knows' AND keyword1" -TargetMailbox "Joe Cool" -TargetFolder "Recovered Messages" -LogLevel Full -DeleteContent
(Note the DeleteContent switch: it's important to clear up the Discovery Search Mailbox after yourself.)
Putting the results directly into a .pst:
New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -SourceRootFolder "April Stewart Recovery" -ContentFilter {Subject -eq "April travel plans"} -FilePath \\MYSERVER\HelpDeskPst\AprilStewartRecovery.pst

You can use the EstimateOnly switch to return only get an estimate of the search results and not copy the results to a discovery mailbox. So, just simulating a search to see what would actually happen: (Examples from Microsoft):
New-MailboxSearch "FY13 Q2 Financial Results" -StartDate "04/01/2013" -EndDate "06/30/2013" -SourceMailboxes "DG-Finance" -SearchQuery '"Financial" AND "Fabrikam"' -EstimateOnly -IncludeKeywordStatistics Start-MailboxSearch "FY13 Q2 Financial Results"
Get-MailboxSearch "FY13 Q2 Financial Results" | FL Name,Status,LastRunBy,LastStartTime,LastEndTime,Sources,SearchQuery,ResultSizeEstimate,ResultNumberEstimate,Errors,KeywordHits

To check a user state:
Get-Mailbox "Joe Cool" | FL SingleItemRecoveryEnabled,RetainDeletedItemsFor
To enable a single user:
Set-Mailbox -Identity "Joe Cool" -SingleItemRecoveryEnabled $true
To enable everybody and raise the default retention time limit:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-Mailbox -SingleItemRecoveryEnabled $true -RetainDeletedItemsFor 30
Some more advanced search examples here.

How to destroy your mailboxes permanently


Just find your disconnected mailboxes:
Get-MailboxStatistics -Database "Database name" | where {$_.disconnectdate -ne $null} | select displayname,MailboxGUID

How to purge them:
Get-MailboxStatistics –Database <DB NAME> | where {$_.disconnectdate –ne $null} | select displayname,MailboxGUID Remove-StoreMailbox –Database <Database-Name> -Identity <MailboxGUID-from-the-previous-cmdlet> -MailboxState Disabled (The Remove-StoreMailbox only works against Disconnected and soft-deleted mailboxes!)

Remove all soft-deleted mailboxes:

Get-MailboxStatistics -Database MBD01 | where {$_.DisconnectReason -eq "SoftDeleted"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}
or
Get-MailboxStatistics -Database MDB01 | where {$_.DisconnectReason -eq "disabled"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState disabled -Confirm:$False}  
Hard delete a mailbox (no option to restore it from the actual database!) Remove-Mailbox <Mailbox> -Permanent:$True
Search for specific (or all) emails and delete them from a mailbox
Search-Mailbox -Identity "Joe Cool" -SearchQuery 'Subject:"Very important"' -DeleteContent
Search-Mailbox ... |or: New-MailboxExportRequest -ContentFilter {(Received -lt '11/21/2013') 
-and (Received -gt '11/15/2013') -or (Sent -lt '11/21/2013') -and (Sent 
-ge '11/15/2013')} -Mailbox joecool –FilePath \\Server01\e$\Exports\joecool.pst 
Search-Mailbox -Identity "Joe Cool" -DeleteContent  
Purge  recoverable items and deletions both
Search-mailbox -identity joe.cool -SearchDumpsterOnly -DeleteContent
Check back if it's OK
Get-MailboxFolderStatistics -Identity "Joe Cool" -FolderScope RecoverableItems | Format-Table Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders -Auto
before
after

2015. augusztus 19., szerda

ntopng install on Debian Sqeeze

If you are careless enough to just follow a step-by-step tutorial like this being on a good old Squeeze you surely will end up with a failing and buggy ntopng. E.g. you won't be able to see your newly created users (users tab is totally empty: No Results Found)
Looks somewhat broken
or can not switch between your monitored interfaces. If you start ntopng from shell you may see something like this:
19/Aug/2015 13:28:28 [src/Redis.cpp:170] ERROR: ERR unknown command 'HSET' [HSET ntopng.host_labels ]
19/Aug/2015 13:28:28 [src/Redis.cpp:170] ERROR: ERR unknown command 'HSET' [HSET ntopng.host_labels ]
19/Aug/2015 13:28:30 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:30 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:30 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:30 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:36 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:36 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'
19/Aug/2015 13:28:36 [src/Redis.cpp:148] ERROR: ERR unknown command 'HGET'

This whole thing is because your Redis installation is out of date. Another nice thing in Debian Squeeze is its repositories includes Version: 2:1.2.6-1 Redis. Simply fix that with:
echo "deb http://backports.debian.org/debian-backports squeeze-backports main" >> /etc/apt/sources.list
apt-get update
apt-get -t squeeze-backports install redis-server

Now it is:
redis-server                       2:2.4.15-1~bpo60+2    
How to reset your forgotten ntopng admin password.
You might don't want to bother with compiling ntopng-2.0 packages on a simple standard Squeeze. In that case here are the x64 and x86 versions. You're welcome.

2015. július 28., kedd

Ugly bug in Draytek Vigor firewall?

One day I came across a unique error. A client reported that they were unable to query any nameserver outside their network, except for the case they query standard A records. So, A records worked fine but, e.g. NS or MX records failed with timeout. Local DNS servers was properly set with valid forwarders.
So, we experienced:
nslookup    
Default Server:  dc01.hq.local           
Address:  192.168.80.248                                                                 

> google.org
Server:  dc01.hq.local                   
Address:  192.168.80.248

Non-authoritative answer:                       
Name:    google.org                             
Address:  216.239.32.27                                                                         

> set type=mx 
> google.org                                 
Server:  dc01.hq.local                   
Address:  192.168.80.248                                                                       

DNS request timed out.                              
timeout was 2 seconds.                      
*** Request to dc01.hq.local timed-out   

> server 8.8.8.8                                   
Default Server:  google-public-dns-a.google.com           
Address:  8.8.8.8        

> google.org                            
Server:  google-public-dns-a.google.com        
Address:  8.8.8.8

DNS request timed out.                              
timeout was 2 seconds.                      
*** Request to google-public-dns-a.google.com timed-out      

What a riddle! Guess that! :)
After three hours it turned out that in their Vigor 2925 firewall router there was a built-in rule called "xNETBios > DNS" in the section called "Data filter" (very informative names by Draytek guys, phuhh). That blocked such special DNS queries - even if it was DISABLED!
Default factory settings

Factory settings


In the end I had to disable the entire Data Filter section - in that way, external DNS queries got to work as expected. I'm still unable to find any explanation for this.

Model Name : Vigor2925n
Firmware Version : 3.7.6
Build Date/Time : Nov 17 2014 17:20:57
Working

That's the screen you never want to see on your FSMO roles holder DC!

Windows failed to boot

2015. július 17., péntek

OpenVPN and eToken5100 SafeNet token

SafeNet ePass USB token is a PKI authenticator tool. It's fully supported in, of course, Windows operation systems and, also, in Linuxes. A neat but expensive toy. It also can be used with OpenVPN. With Windows. But you will never find any documentation on how to make these two guys work together in Linux! Except for this blog. Follow these steps on a Debian/Ubuntu system: (this worked in a 12.* Ubuntu+Gnome, not tested with newer ones.)
apt-get update
apt-get upgrade
apt-get install openvpn libhal1 hal-info
unzip the stock driver, unzip the .iso and find your proper .deb or .rpm version. In my case, I installed:
dpkg -i SafenetAuthenticationClient-9.0.43-0_amd64.deb
Run your client tool to check if the token works (and you know your password):


Make your sudo system unsecure, lol: (only this line needs to be modificated)
%sudo    ALL=NOPASSWD: ALL
This is needed because we want to use a simple way to run openvpn by root privileges. Don't forget to restart sudo. And here comes the tricky part. Find the hardware id of your token in the command line with:
openvpn --show-pkcs11-ids
Then, your client.config must look like this: (only the bold lines matters:)

client
dev tun
proto udp
remote your.server.com 2001
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
ns-cert-type server
comp-lzo
verb 3
script-security 2

# for the sake of proper DNS working
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

# this is the connection with the token
pkcs11-providers /usr/lib/libeTPkcs11.so

# your ID goes here
pkcs11-id 'EnterSafe/PKCS\x2315/0250184313021110/ftsafe\x20\x28User\x20PIN\x29/5F4DD36B4A23533FC9BDBB2AC7372236E48F99E5'
or, for example:

pkcs11-id 'SafeNet\x2C\x20Inc\x2E/eToken/0223127c/John\x20token/FC67BBDD7AD8EACD'

Important: don't run the openvpn as a service because you won't see the authentication promt! Instead, in a command line do:
/usr/sbin/openvpn --config /etc/openvpn/client.conf
Entering password
Succesfully typed and connected, you will see:
Connected
Do not close this terminal x-window because the vpn process will die immediately. But the tun interface somehow remains up, so you had better create a "stopopenvpn" script and use it to clean up the processes and interfaces. In my case, that was a
x-terminal-emulator -e "sudo su -c /bin/vpndown"
command, the it called this simple vpndown script in a new window
#!/bin/bash
echo "Please wait..."
killall -9 openvpn
sleep3


The VPN started with a user friendly desktop icon:
x-terminal-emulator -e "/bin/vpnup"
command. That called:
#!/bin/bash
if $(ifconfig|grep tun); then echo "OPENVPN already started, please stop it first. (click -> stopvpn)"
sleep 5
exit 1
fi
sudo su -c "/usr/sbin/openvpn --config /etc/openvpn/client.conf"
echo "Closing interface......"
sleep 5  

The funniest part is the echo Closing interface because that runs only if the openvpn itself is already terminated by the stopvpn in the other window. That is an elegant way to keep the user informed what's going on.
An alternative way to make the connection up without typing anything could be done by the help of the interactive shell expect:
apt-get install except
cat startvpn
#!/usr/bin/expect
spawn sudo su -c "/usr/sbin/openvpn --config /etc/openvpn/client.conf"
expect "Enter John token Password:\r"
send "MyL1ttleP4ssword\r"
interact

2015. július 15., szerda

Living with IPFire (bye-bye pfSense)

In the first part of this article I discussed some interesting facts about pfsense. I, again, strongly recommend not to use pfSense 2.2.* in production environments because it is a totally unreliable and buggy system. Okay but what to use then ?
For instance, one can choose IPFire. Yep, I did. It's rock solid, lightning fast and easy to use system. Everything that can't be told about pfSense. I like it.
Except for one minor thing... And that thing is, sadly, not that minor.
For anyone who is familiar with standard iptables chains and logic (I mean input/output/forward/etc) it's very confusing the way pfsense and IPFire virtually handles the traffic.
IPFire consists lots of built-in chains that can be troublesome at the first glance. But you will never get to know about those ones if you use only the GUI based rules editor. I've spent 3 days, frankly, on creating some very basic allow and deny rule on the red0 interface, without any success. That totally screwed me up. You can just never be sure where (I mean, which chain) your web edited rules will be put in. E.g. below shown rules are all faulty, God knows why.
Playing with basic IPFire rules

So I ended up with editing the /etc/sysconfig/firewall.local file and tadaaam, that worked. If you are an expert on iptables, forget your firewall fancy GUI editor forever.

case "$1" in
  start)
        iptables -A CUSTOMINPUT -d 255.255.255.255 -p udp --dport 7437 -j DROP
        iptables -A CUSTOMINPUT -i red0 ! -s 192.168.1.1 -p udp -j DROP
        ;;
  stop)
        iptables -D CUSTOMINPUT -d 255.255.255.255 -p udp --dport 7437 -j DROP
        iptables -D CUSTOMINPUT -i red0 ! -s 192.168.1.1 -p udp -j DROP
        ;;


Just a small side note: reloading the rules with the GUI also reloads your .local defined rules.

2015. június 29., hétfő

Linux facl minihowto

First step is
apt-get install acl
Allowing members of other groups the full access to a directory, resursively:
setfacl -m d:g:groupname:rwx -R path/foldername
d means default so modifying the default ACL results that all of newly created files and directories will inherit this setting.
Modify the permissions of existing files and directories only [not the default]
setfacl -m g:groupname:rwx foldername

Important notes regarding files: Files can't have default ACL because they can't have child objects. An access ACL for an individual file can override the default: if a file has a special ACL that conflicts the inherited ACL, the file ACL wins: owerwrites the inherited default one.
Clearing an ACL, e.g.:
setfacl -x u:johnny /path/folder
 

2015. június 25., csütörtök

Failed Windows Update = Faulty Domain Controller Windows 2012 =Restart loop = Dead Exchange 2013

To be continued



Get-ExchangeServer –Identity <server_name> -Status | FL

set-exchangeserver -identity servername -staticexcludeddomaincontrollers: oldservername

How to change domain controller name that exchange sees

  https://technet.microsoft.com/en-us/library/jj592690.aspx

 
nltest /dsgetsite
DSGetSiteName failed: Status = 1919 0x77f ERROR_NO_SITENAME
nltest /dsgetdc: FQDN of your domain  


From regedit; drill down the following:
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
Once you click Parameters, add a string word called “SiteName
as written here https://messagingschool.wordpress.com/2014/04/18/dsgetsitename-failed-status-1919-0x77f-installing-exchange-2013-sp1/

 
Get-ClientAccessServer | Test-MRSHealth



-StaticExcludedDomainControllers
https://technet.microsoft.com/en-us/library/dd298163%28v=exchg.150%29.aspx

--

import-module addsdeployment
uninstall-ADDSDomainController -ForceRemoval:$true -Force:$true
https://technet.microsoft.com/en-us/library/jj574104.aspx
http://sysadminconcombre.blogspot.hu/2014/03/scenario-my-test-lab-consists-of-3.html
http://chinnychukwudozie.com/2014/01/27/using-ntdsutil-metada-cleanup-to-remove-a-failedoffline-domain-controller-object/

Finally, check if your DC is really gone:
Detailed list:
Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))"
another method to the same detailed list:
Get-ADDomainController -Filter * | Select-Object name
or a simple list:
Get-ADGroupMember 'Domain Controllers'
(note: 'Domain Controllers' string is localized into your language)

2015. június 16., kedd

Adding CSVs on Windows 2012 R2 Hyper-V Failover Cluster

In the first part of this article I have added some physical and virtual disk to my Dell iSCSI storage. Of course new vdisks do not appear immediately in the failover cluster manager console.
 
So I opened up my disk management console on my hyper-v host.
 

As you can see a new raw disk appears. We should bring it online, initialize, format and provide the disk a descriptive name.


.. and try to add it again by the FCM console - this time surely with success. But this is going to be only an "available storage" - still needs to be added to the failover role.
 
It's a good practice to rename the new disk to ease further identification and error hunting.

Voila, the new clustered virtual disk is ready to host my new VM's image files, you know the .vhdxs and so on.

2015. június 11., csütörtök

Pfsense, Transparent Squid and Dansguardian - a piece of crap

How to set up a transparent Squid (here: http only) proxy with an advanced level security filtering add-in for your local network ?

What is Pfsense? What is a proxy? If you don't know the answer to these questions this is not for you.

1. Install Pfsense
2. Set up your interfaces, default gateway, DNS resolvers or forwarders, etc.
3. Install Squid3 and Dansguardian (at the time of this writing Squidguard is broken in recent Pfsense and won't work with Squid3. In systemlog we can see lots of:
squid[81808]: Squid Parent: (squid-1) process 45089 exited with status 1
squid[81808]: Squid Parent: (squid-1) process 63729 started
(squid-1): The redirector helpers are crashing too rapidly, need help!
and in cache.log:
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
Shared object "libldap-2.4.so.2" not found, required by "squidGuard"
kid1| WARNING: redirector #Hlpr0 exited
FATAL: The redirector helpers are crashing too rapidly, need help!
Of course we have libldap-2.4.so.2 is right there, in /usr/pbi/squidguard-devel-amd64/lib/libldap-2.4.so.8. So after some hours of struggling I decided to give squidGuard up and switch further. Dansguardian is a more advanced and complex filter system anyway.





4. Setup your (transparent) Squid, for example:
5. Setup your Dansguardian


Remember to edit your regexp URL filters because the default ones will surely block some nice part of your harmless favourite pages. In the log (did you turn logging on?) search for:
[2.2.2-RELEASE][admin@my.proxy.local]/var/log/dansguardian: grep DENIED access.log

6. You need an additional port forwarding rule to get it go because, as you can see, Dansguardian listens only on TCP 8080. Pay attention on the Destination address: you should not access Pfsense via Dansguardian. If Dansguardian dies for whatever reason (this happens frequently if you want to upgrade it manually, yeah I've permanently killed it several times in my lab), you won't be able te reach the default webadmin interface. If you use SquidGuard this step is not required because Squid creates its "hidden" firewall rule and SquidGuard does not use any TCP port as DG does.

That's all. If you don't have any blocking firewall rule, your advanced (but not-yet-fine-tuned!) HTTP proxy system works now.

UPDATE: actualy, it does not. Another irritating, ugly, hideous bug here. It's 2015 and this bug still exists for more than 2 years, still in the latest stable release: *DENIED* Web upload is banned.
I've tried these recompiled binaries, written in this forum thread, but after three days of digging deep, I could say that more problems encountered that solved. I'm too pissed off to detail all the hacks I've done.
If anyone asked me if he could give pfsense a try I would say: DO NOT. NEVER. 
YOU SHOULD AVOID using PFSENSE.  Latest "stable" is an ANNOYING, unthinkably BUGGY system, mindlessly designed GUI, full of outdated, incompatible and deprecated packages - what's more, its whole package managing system is broken or, if you are lucky enough, "just" failing - and if packages somehow accidentaly work with each other, pray everyday for the Lord to keep this thing in such a working condition and never think about any system update! I can't imagine that Pfsense is in production use by anyone. How could a sysadmin be so fearless? Looking back to the far past I admit that Pfsense was a great software. But this is the case no more.
I wish I could get these days back of my life wasted on this piece of sh*. More to come in this topic.