DFS: Properties cannot be set on the namespace server – Access is denied

Excellent article on this!
Source link

I ran across a strange problem the other day with DFS. I needed to override the referral ordering for a namespace server, but the change wouldn’t take. I got a status of Error during the “Commit changes.” task. In the detail, it showed “Properties cannot be set on the namespace server \\SERVER.domain.local\Share. Access is denied”
This error must be uncommon, because all of the search results are for a similar but differently worded error about changing the properties of a folder and that issue’s resolutions don’t apply here.
I finally figured out the problem, and thought I’d share!

The Root of the Problem

If you looked at the other search results and forum postings and Microsoft KB articles, you probably went around and checked permissions on the target folders. If you’re here by now, then you know that it wasn’t the problem.
Actually, the issue here doesn’t live on any of the individual namespace servers. Instead it’s a permissions problem in the Active Directory objects used to store information about the DFS shares. The computer object for each namespace server in a namespace will have some permissions granted on that namespace’s object in AD.
In my case, one of the computers was missing (I suspect that this was a side-effect of a swing migration, as the missing computer was a secondary domain controller that was demoted and then re-promoted after the migration, but that’s another story).
It’s worth noting that this prevented me from changing the referral ordering of another namespace server as well, so even if the ACL looks to be in order for the one you’re trying to change, it’s important to check the ACLs for every namespace server.

The Easy Fix?

You could blow away the whole DFS share and start fresh. That should fix the problem. Of course, if you run into errors deleting it, you might have to forcefully delete it, then use dfsutil.exe to clean up the left over registry entries.
Plus, in my case at least, the DFS share worked just fine. I really didn’t want to bring the share down, or worry about cleaning up leftovers.

The Easy Enough Fix

Look ma! No downtime! Since the problem lives in Active Directory, you’ll be making changes to AD itself. We’ll be using ADSI Edit, so hop onto a Domain Controller or a machine with the ADSI Edit RSAT. There’s no need to make this change from a namespace server on the DFS share.
You should also have a complete list of the namespace servers for the share.

Use ADSI Edit to view the DFS configuration

  1. In ADSI Edit, connect to Default naming context.
  2. Browse to DC=ABCD,DC=local > CN=System > CN=Dfs‑Configuration 
  3. Here, you’ll see a list of your DFS shares: CN=ShareName
  4. Open the Properties of the affected share. In the first tab (Attribute Editor), look for the remoteServerName field.

    This contains the list of all the namespace servers that AD has listed. Make sure this matches what is shown in the DFS management console. If it doesn’t, you might have bigger problems, and you may need to resort to the “easy” fix.
  5. Now you can switch over to the Security tab. Click the Advanced button so that you see all the entries and the special permissions.

    Looking at the entries for the computer objects (the ones with the $ at the end), we can see that they all have the “Read/write all properties” access. In this example, you’ll also see a missing object, listed as “Account Unknown(SID)” with the same access as the other computers, so it’s a good bet that this is the  missing one.
Please note that I took these screenshots after I fixed the issue. In the above, STORAGE01$ is not missing, but in the subsequent screens, I use it as the example machine I am adding. I hope it’s not confusing!

Find the missing namespace server and add it back

  1. In the Advanced Security dialog above, click the Add button.
  2. In the “Select…” dialog, click Object Types…” and make sure that Computers is selected. Click OK.
  3. Now choose the computer that was missing from the list, and click OK.
  4. Next, you want to give the computer object the  “Read all properties” and “Write all properties” Permissions. You can leave the Properties alone or clear them all in advance, as I did. By default, other Permissions may be granted, but only the two listed should be kept.Server 2012 Dialog:

    Server 2008 R2 (and earlier) Dialog:

Wait, Then Test

Once the changes are made, wait until they have had time to replicate to all DCs. It can be difficult to tell which DC you’re hitting when you try to make administrative changes with DFS, so best to wait until all of them have the same information. You could force replication if you prefer.
When you’re sure it’s all synchronized, test it out. I didn’t run into any issues after this.

Unsolved Mysteries

I still don’t know exactly how that computer went missing. As I said, there was some turmoil due to a previous swing migration, but the share was working fine. Stranger still, other DFS shares had the same namespace server missing in the ACLs, yet they had no problem making changes to their properties (like the referral ordering). Seems like they should be broken.


Outlook 'contacting the server information' message

After implementing pacfile solution for proxy, the encounter 'contacting the server information' message keep appearing when opening HTML in Outlook.
Internet browsing using Internet Explorer is very slow in loading too.

Manage to isolate it that it is due to constant DNS reverse lookup for each access and the root cause is a certain parameter in the pacfile.

Issue caused by: isInNet(host, "a.b.c.d") parameters.
article link

The danger of IsInNet, isResolveable and dnsResolve forcing client DNS Lookups for every Query

Using isInNet(host, "a.b.c.d") can cause major chaos with your DNS infrastructure. This relatively innocuous looking function will force EVERY browser to perform a reverse DNS lookup on every unique hostname that it tries to contact that’s not already a simple IP address. This can rapidly have significant consequences, depending on how many workstations you have and how robust your DNS infrastructure is. This doesn’t necessary mean that you can’t use this function, but that you must do it carefully and understand the implications. See the "PAC File Tricks" section for one way that it can be used safely.
The function isResolvable and dnsResolve have very similar issues as the described above They forces a DNS query every time the PAC is parsed for every request. Be careful using this for the same reasons. If you have a problem that only one of these functions can solve, use it carefully. Ensure that you don’t do unrestricted lookups for all hosts. Use logic like "if the domain name is and IsResolvable"
If you use these functions, unexpected behavior might result. For example, if you try to look up an invalid domain name it’s possible that there might be a 30+ second delay for the request as the client tries to resolve the name. It can also place a tremendous load on your company’s DNS infrastructure, so be careful of its capacity.

Tools used for the troubleshooting: DNSQuerySniffer

After removing the IsInNet proxy pac parameters, you will realise that the number of DNS query is reduced on the DNSQuerySniffer tool.
And the message has stop and Internet Explorer browsing is loading faster too.

IBM ServeRAID LSI Mega Raid Manager on VMware

 The LSI Mega Raid Storage Manager is a program where you can monitor the health of your array, setup drives and change notification details. IBM has always provided a way for you to manage your array in Windows, Linux, Unix and many other operating systems. Currently configuring the LSI Mega Raid Storage Manager on VMware ESXi 5.1 is not very well documented by IBM. IBM has a retain tip with installation instructions but that tip is outdated. Following these steps below will get the LSI Mega Raid Manager running on an IBM ServeRAID adapter. Please note this guide should work the same for any non IBM server that is running VMware ESXi 5.1 and a LSI Mega Raid Controller.

Tested Configuration and Hardware:
Operating System: VMware ESXi
Version: 5.1
IBM ServeRAID M5110
IBM xSeries 3650 M4 Server

Step 1: Download the latest LSI SMIS for VMware


Step 2: Enable SSH on VMware

From the VMware host console press F2 then go into troubleshooting.
VMware KB 2004746

Step 3: Extract the LSI download and upload the VIB file to /tmp

Step 4: Install the VIB
# cd /usr/bin
# esxcli software vib install -v /tmp/LSI_bootbank_lsiprovider_500.04.V0.38-0006.vib --no-sig-check

Step 5: Reboot the VMware server

Step 6: Download and install LSI MegaRaid Manager. The download is on the same URL from step 2 or you can also download this from IBM. MIGR-5077712

Step 7: Add the VMware hostname to your DNS server. Setup an A record to point your VMware hostname to it's IP address.

Step 8: Install LSI Manager

Perform a basic install, no password is needed during the install.

Step 9: Configure LSI Manager

  • configure host

  • lsi mm 2

  • lsi mm 3

  • lsi mm 4

  • lsi mm 5

Login using the VMware server login details.

  • lsi mm 6

  • lsi mm 7

Note: IBM released retain tip H21152 but the steps currently does not work with ESXi 5.1


Once you have followed these steps you will have full control over your IBM ServeRAID using LSI Mega Raid Controller on a VMware ESXi 5.1 operating system. You will be able to monitor the array from any Windows computer in your network.




VMware KB 2004746

MS Exchange powershell handy commands

Source Link

Get mailboxes that have a space in the displayName
get-mailbox -filter "(displayname -like '* *')" | ft identity,database -wrap -auto

Find Exchange transport rules
Get-TransportRule | ft Name,Priority,{$_.Conditions | select Name,{$_.Words}},{$_.Actions | select Name,Rank,SclValue},Comments -wrap -auto 

Find Exchange 2007 mailbox servers in the local organisation

Get mailbox statistics for mailbox servers with the specified name
get-mailboxserver | where {$_.Name -like 'server*'} | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | select-object -prop DisplayName,LastLogonTime,StorageLimitStatus,TotalItemSize,TotalDeletedItemSize,@{N="Size (MB)";E={$_.TotalItemSize.Value.ToMB()}},@{N="Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.Value.ToMB()}},ItemCount,ServerName,StorageGroupName,DatabaseName.LegacyDN | export-csv -path c:\temp\MailboxStatistics.csv

Get mailbox database size limit/quota settings on malibox stores
get-mailboxdatabase | select-object -prop Name,ServerName,StorageGroup,ProhibitSendReceiveQuota,ProhibitSendQuota,IssueWarningQuota | ft -wrap -autosize

Find the number of mail-enabled contacts in the organisation
get-mailcontact -ResultSize 'unlimited' | measure

Export the IP addressed allowed to relay through the specified connector
$rc = Get-ReceiveConnector -id 'server01\connector01'; $rc.RemoteIPRanges | export-csv -path c:\temp\rc1.csv

Exchange 2007 global transport size limits
get-transportconfig | ft -prop MaxReceiveSize,MaxSendSize -wrap -autosize   

Exchange 2007 transport server sizelimits
get-transportserver | ft -prop Name,OriginatingServer,InternalDsnMaxMessageAttachSize,ExternalDsnMaxMessageAttachSize -wrap -autosize

Exchange 2007 send connector size limits
get-sendconnector | ft -prop Identity,AddressSpaces,MaxMessageSize -wrap -autosize

Exchange 2007 receive connector size limits
get-receiveconnector | ft -prop Identity,AddressSpaces,MaxMessageSize -wrap -autosize

Exchange 2007 mailbox limits other than unlimited
get-mailbox |where {$_.MaxSendSize -ne 'unlimited' -or $_.MaxReceiveSize -ne 'unlimited'} | ft -prop Identity,MaxSendSize,MaxReceiveSize -wrap -autosize

Get the storage group copy status (CCR/LCR/SCR) for mailbox stores 
get-mailboxserver | where {$_.Name -like 'server*'} | Get-StorageGroupCopyStatus  | ft -wrap -autosize

Get storage groups and their SCR stand-by machine
Get-StorageGroup  | ft -prop Name,Server,StandbyMachines -wrap -autosize

Get the storage group copy status (SCR) for the first target on all SGs
Get-StorageGroup | %{Get-StorageGroupCopyStatus -id $_.Identity -StandbyMachine $_.StandbyMachines[0].NodeName} | sort -prop LastReplayedLogTime | select -prop Identity,SummaryCopyStatus,ServiceDown,CopyQueueLength,ReplayQueueLength,LatestAvailableLogTime,LastCopyNotificationedLogTime,LastCopiedLogTime,LastInspectedLogTime,LastReplayedLogTime,LatestFullBackupTime | export-csv -path c:\temp\SCR_Status.csv

Get the storage group copy status (SCR) for the specified server/target
Get-StorageGroupCopyStatus -Server server01 -standbymachine server01 | ft -wrap -autosize

Find the backup status and whether VSS was used for the backup
Get-StorageGroup | %{Get-StorageGroupCopyStatus -id $_.Identity -StandbyMachine $_.StandbyMachines[0].NodeName} | sort -prop LatestFullBackupTime | select -prop Identity,SummaryCopyStatus,ServiceDown,LatestFullBackupTime,SnapshotBackup  | export-csv -path c:\temp\MailboxBackup_Status.csv

Change an Exchange 2007 mailbox type to equipment (or room)
Set-Mailbox MailboxName -Type Equipment

Add full access mailbox permissoins for an Exchange 2007 mailbox
Add-MailboxPermission -Id MailboxName -User:'DOMAIN\group' -AccessRights:FullAccess

Add send as rights to the AD security of a mail-enabled user
Add-ADPermission -Id MailboxName -User:'DOMAIN\group' -ExtendedRights:Send-As

Find mailboxes that are not standard user mailboxes (Room, Equipment)
get-mailbox | where {$_.RecipientTypeDetails -ne 'UserMailbox'} | fl -prop Name,RecipientTypeDetails

Remove mailbox permissions for the specified user
Remove-MailboxPermission MailboxUser -User DOMAIN\User -AccessRight FullAccess    

Find exchange mailbox statistics including per-user mailbox and DB limits 
. C:\data\scripts\PowerShell\Exchange\FindMailboxSizes.ps1 | out-file -file c:\temp\MailboxStats.txt -encoding ascii

Find the AutomateProcessing setting for a resource mailbox
Get-MailboxCalendarSettings  -id mailboxID

Modify a resource mailbox to automatically accept in-policy requests
Set-MailboxCalendarSettings -id mailboxID -AllBookInPolicy:$true 

Find the mailbox type of one or more mailboxes
get-mailbox -id mailboxes* | fl -prop IsResource,RecipientType,RecipientTypeDetails,ResourceType

Find the debug event logging levels set on an Exchange 2007 server
Get-EventLoglevel -server ExchangeServer01

Set the equipment mailbox to auto-accept and allow anyone to automatically book
Set-MailboxCalendarSettings -Identity "mailbox01" -AutomateProcessing AutoAccept -AllBookInPolicy $true

Turn on high logging for the booking attendant
Set-EventLogLevel "server01\MSExchangeMailboxAssistants\Resource Booking Attendant" -Level High

Find all resource mailboxes of type equipment
get-mailbox |where {$_.resourcetype -eq 'Equipment'}

Read Exchange 2007 event logs for the MSExchangeMailboxAssistants (resources)
get-eventlog -logname application -computer server01 -source msexchangemailboxassistants

Check Exchange Message Tracking Logs based on message ID
Get-MessageTrackingLog -MessageId '' -Start "05/07/2011 00:00:00" -End "07/07/2011 06:00:00" -server server01

Check Exchange Message Tracking Logs based on mail subject
Get-MessageTrackingLog -MessageSubject "RE: Subject" -Start "06/07/2011 00:00:00" -End "07/07/2011 00:00:00" -server server01

Find Exchange server version, edition and roles
Get-ExchangeServer | sort | select-object -prop Name,Role,Edition,ServerRole,Site,ExchangeVersion,AdminDisplayVersion | export-csv -path c:\temp\ExchangeServers.csv

Find the mailbox sizes in Exchange 2007 looking at the filesystem
Get-MailboxDatabase | foreach-object {add-member -inputobject $_ -membertype noteproperty -name mailboxdbsizeinGB -value ([math]::Round(([int64](get-wmiobject cim_datafile -computername $_.server -filter ('name=''' + $_.edbfilepath.pathname.replace("\","\\") + '''')).filesize / 1GB),2)) -passthru} | Sort-Object mailboxdbsizeinGB -Descending | format-table identity,mailboxdbsizeinGB 

Update the allowed IP addresses for an Exchange 2007 receive connector
$connector = Get-ReceiveConnector -id 'server01\connector01'; $connector.RemoteIPRanges += ""; Set-ReceiveConnector 'server01\connector01' -RemoteIPRanges $connector.RemoteIPRanges

Move a mailbox to a new database
Move-Mailbox -id user01 -targetdatabase 'server01\sg01\db01' 

View the original warning quota message
Get-SystemMessage -original | where {$_.Identity -like 'en\warn*'}

Add a new warning quota message
New-SystemMessage -QuotaMessageType WarningMailbox -Language EN -Text "Please reduce your mailbox size! Delete any items you don't need from your mailbox and empty your Deleted Items folder."

Hide a mailbox from the GAL
get-mailbox -id user01 | set-mailbox -HiddenFromAddressListsEnabled:$true

Remove SID History from a user
get-aduser -id 'user01' -prop sIDHistory | foreach {set-aduser $_ -remove @{sIDHistory=$_.sIDHistory.value}}

Remove SID history from one or more groups
Import-Module ActiveDirectory; $groups = get-content -path groups_sAMAccountName.txt; foreach ($group in $groups) {get-adgroup -id $group -prop sIDHistory | foreach {set-adgroup $_ -remove @{sIDHistory=$_.sIDHistory.value}}}

Remove multiple attributes from an AD account
$user = get-aduser -id 'user01' -prop HomeDrive,HomeDirectory,ProfilePath; set-aduser $user -HomeDrive $null -HomeDirectory $null -ProfilePath $null

Enumerate public folders
Get-PublicFolder -server server01 -Recurse | ft -wrap -autosize

Restore a deleted user account using AD recycle bin
$deletedaccount = get-adobject -filter 'samaccountname -eq "user01"' -IncludeDeletedObjects -properties *; $deletedaccount | restore-adobject

Reconnect a mailbox to an AD user account 
$user = Get-MailboxStatistics -server server01 | where {$_.displayName -eq 'User01, Test' -and $_.DisconnectDate -ne $null}; Connect-Mailbox -Identity $user.Identity -Database $user.database -User DOMAIN\user01

Group and list the mailboxes on each mailbox store 
get-mailboxdatabase -server server01 | get-mailbox | Group-Object -prop database | ft -wrap -autosize

Create new mail contacts from CSV input in Exchange 2007
$dataSet = Import-Csv -path contacts.csv; foreach ($contact in $dataset)  {  New-MailContact -ExternalEmailAddress $contact.targetaddress -Name $ -DisplayName $contact.displayName -FirstName $contact.givenName -LastName $ -OrganizationalUnit domain.local/Contacts -PrimarySmtpAddress $contact.mail}

Set the primary mail AD attribute of a newly created Exchange 2007 contact
$contacts = get-mailcontact -OrganizationalUnit 'domain.local/Contacts' | where {$_.Name -like 'test*'} ; foreach ($contact in $contacts) {  set-mailcontact -id $contact.identity -WindowsEmailAddress $contact.PrimarySmtpAddress;  $contact.HiddenFromAddressListsEnabled = $true; }

Create a new basic authenticated send connector in Exchange 2007
$pass = Read-Host "Password?" -assecurestring; $credential = new-object System.Management.Automation.PSCredential("domain\username",$pass); $cred = get-credential -Credential $credential; New-SendConnector -Name "send01" -AddressSpaces * -AuthenticationCredential $cred -SmartHostAuthMechanism BasicAuth -DNSRoutingEnabled:$false -SmartHosts smtp.local

Find users who have been delegated send on behalf of rights to a mailbox
$delegates = Get-Mailbox 'room01' | select-object GrantSendOnBehalfTo; $delegates.GrantSendOnBehalfTo.toarray()

Find NDR 5.1.4 duplicate mail addresses from Exchange application event logs 
get-eventlog -logname 'Application' -computer server01 -after "28/10/2011 8:00:00" | where {$_.eventID -eq 3029}

Replace the primary SMTP email address 
Get-Mailbox -id 'user01' | Set-mailbox -EmailAddressPolicyEnabled $false; Get-Mailbox -id 'user01' | Update-List -Property EmailAddresses -Add "SMTP:user01@domain.local" | Set-Mailbox; Get-Mailbox -id 'user01' | Set-mailbox -EmailAddressPolicyEnabled $true

Add a new secondary SMTP address 
Get-Mailbox -id 'user01' | Update-List -Property EmailAddresses -Add "smtp:user01@domain.local" | Set-Mailbox

Check Exchange 2007 queues
Get-Queue -server server01 | ft -wrap -autosize

Find the public delegates for a mailbox and then reset to a new list
Get-Mailbox -id user01 | select -expand GrantSendOnBehalfTo; Get-Mailbox -id user01 | Set-Mailbox -grantSendOnBehalfto User02,User03,User04

Export Exchange client connection statistics (online/cached mode, client ver) 
$dateshort = [DateTime]::Now.ToString("yyyyMMddhhmmss"); get-mailboxserver | get-logonstatistics | select * | export-csv -path ("c:\temp\ExchangeLogonStats_" + $dateshort  + ".csv"); write-host ("c:\temp\ExchangeLogonStats_" + $dateshort  + ".csv")

Get a mailbox from the domain sAMAccountName 
get-mailbox -id 'domain\username' | fl *

Change the sAMAccountName of a mailbox-enabled user account
get-mailbox -id 'domain\user001' | set-mailbox -samaccountname user01

Change the Name/CN/DN of a mailbox-enabled user account
get-mailbox -id 'domain\user' | set-mailbox -DisplayName "User, Test" -Name "User, Test"

Change the alias of a mailbox object
get-mailbox -id 'domain\user' | set-mailbox -alias user01

Check if a mailbox exists
if (get-mailbox -id user01 -ErrorAction SilentlyContinue) {write-host "test"}

Find the oldest and newest dates of mailbox folders
get-mailboxfolderstatistics -id user01 -FolderScope Inbox -IncludeOldestAndNewestItems

Find Exchange logs for messages that failed to deliver
Get-MessageTrackingLog  -Start "21/12/2011 6:00:00" -server server01 | where {$_.eventId -eq 'Fail'} | ft * -wrap -autosize

Find messages where delivery failed 
Get-MessageTrackingLog -EventId FAIL -Start "20/12/2011 6:00:00" -server server01 | ft TimeStamp,Source,EventID,Recipients,Sender,RecipientStatus -wrap -autosize 

See which mailboxes a user has direct permissions to access
get-mailbox -OrganizationalUnit 'domain.local/Mailboxes/Shared' | get-mailboxpermission | where {$_.user -like 'domain\user01'}

Find mailboxes that have a specified ACE set
get-mailbox -OrganizationalUnit 'domain.local/Mailboxes/Shared' | get-adpermission | where {$_.AccessRights -contains 'WriteProperty' -and $_.Properties -like 'Personal-Information'} | ft -wrap -autosize

Find active sync utilisation for mailboxes
Get-Mailbox -ResultSize:Unlimited |ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} |ft identity,devicemodel,LastSuccessSync,LastPolicyUpdateTime,DeviceType,DeviceID,DeviceUserAgent,LastPingHeartbeat,DeviceFriendlyName,DeviceOS,DeviceIMEI,DevicePhoneNumber

Find SMTP mail delivery failures
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -EventId FAIL -Start "01/01/2012 6:00:00" -server $ | where {$_.recipients -like '*@*' -and $_.recipients -notlike '*' -and $_.recipients -notlike 'IMCEAEX*'} | ft EventId,Source,Sender,Recipients -wrap -autosize}

Find the owner of one or more mailboxes
get-mailbox -id user01 | get-adpermission -owner | ft -wrap -autosize

Get the Exchange 2007 organisation config

Find the Exchange 2007 accepted domains (authoritative and relay)

Find logs for distribution list expansion
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog  -EventId EXPAND -Start "29/02/2012 17:28:00" -server $ | ft Timestamp,Sender,RelatedRecipientAddress,Recipients,RecipientStatus -wrap -autosize}

Find logs for e-mail from a specific address
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog  -Sender ""  -Start "29/02/2012 17:28:00" -server $ | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}

Find logs for failed messages
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog  -EventId FAIL -Start "29/02/2012 17:28:00" -server $ | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}

Find logs for messages from the last minute
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -start (Get-Date).AddMinutes(-1)  -server $ | ft Timestamp,Sender,RelatedRecipientAddress,Recipients,RecipientStatus -wrap -autosize}

Find mail attributes for a public folder
get-mailpublicfolder -id "\Folder01\SubFolder01" | fl *

Find Exchange 2007 Web Services
Get-WebServicesVirtualDirectory | fl *

Find Exchange Message Tracking messages from a particular client IP
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -resultsize unlimited -start (Get-Date).AddMinutes(-15) -server $ | where {$_.ClientIp -eq ''} | ft * -wrap -autosize}   

Report explicit OU security for OUs in the domain
$ous = dsquery ou "dc=domain,dc=local" -limit 0; $permissions = foreach ($ou in $ous) {Get-ADPermission -id $ou.replace('"','') | where {$_.IsInherited -eq $False -and $_.User -like 'DOMAIN\*'}}; $permissions | select Identity,User,Deny,{$_.ChildObjectTypes},{$_.AccessRights},{$_.Properties},{$_.InheritedObjectType} | export-csv -path c:\temp\OU_Permission_20120309.csv

Find OWA Internal/External URL configuration
Get-OwaVirtualDirectory | where {$ -eq 'owa (Default Web Site)'} | ft Server,Name,InternalUrl,ExternalUrl -wrap -autosize 

Find transport server message tracking configuraiton 
Get-TransportServer | fl Name,messagetra*

List the available event logs from a remote server
Get-EventLog -computer server01 -list

List the Exchange 2007 diagnostic logging configuration
Get-EventLogLevel -server server01 | ft -wrap -autosize

Enable connectivity logging for Exchange 2007 Edge/Hub transport servers
get-TransportServer -id server01 | set-transportserver -ConnectivityLogEnabled:$true

View messages in the queue
get-queue -server server01 | get-message -IncludeRecipientInfo | fl *

Find recipients with a filter based on department
get-recipient -filter '((Department -eq "DEPT") -and (Alias -ne $null))'

Find users that do not have the specified primary SMTP address domain
get-recipient -filter '(ObjectClass -eq "User")' -resultsize:unlimited | where {$_.PrimarySmtpAddress -notlike "*@domain.local"} | ft Identity,PrimarySmtpAddress -wrap -autosize

Export to CSV users that don't have the specified primary SMTP domain
get-recipient -filter '(ObjectClass -eq "User")' -resultsize:unlimited | where {$_.PrimarySmtpAddress -notlike "*@domain.local"} | select Identity,PrimarySmtpAddress,Department | export-csv -path c:\temp\PrimarySMTP.csv

Expand a nested distribution group, counting all mail recipients
. C:\data\scripts\PowerShell\Exchange\ExpandDL.ps1 "CN=DL01,OU=Groups,dc=domain,dc=local"       

Find the user and SID on mailbox permissions (useful when sidhistory is used)
get-mailboxpermission -id user01 | ft User,{$_.user.securityidentifier} -wrap -auto

Find mailbox enabled users with a first/last name using ActiveDirectory
$users = get-aduser -filter {givenName -like '*' -and sn -like '*' -and mailnickname -like '*'}

Find user mailbox recipients that have a first and last name set
$mailboxes = get-recipient -resultsize unlimited -filter "(firstName -like '*' -and lastname -like '*' -and Alias -like '*' -and RecipientType -eq 'UserMailbox')"; foreach ($mailbox in $mailboxes) {  $firstName = $mailbox.firstname.replace(" ", "");   $lastName = $mailbox.lastname.replace(" ", "");   $primary = $mailbox.EmailAddresses | where {$_.IsPrimaryAddress -eq $true -and $_.PrefixString -eq "SMTP"} ;   $mailSplit =  $primary.SmtpAddress.split(".@");   if ($firstName -ne $mailSplit[0] -or $lastName -ne $mailSplit[1]) {    Write-Host $primary.SmtpAddress;   }}

Find mail recipients that don't have a first or last name (shared mailboxes)
$mailboxes = get-recipient -resultsize unlimited -filter {firstName -eq $null -and lastname -eq $null -and Alias -like '*' -and RecipientType -eq 'UserMailbox'}

Find mailboxes with the specified domain name
get-mailbox -filter {emailaddresses -like '*@domain.local'}

Find mailboxes with the specified domain name as their primary address
get-mailbox -filter {emailaddresses -like '*@domain.local'} | get-mailbox | where {$_.primarysmtpaddress -like '*@domain.local'}

Find distribution lists that can be emailed externally
$dls = get-distributiongroup -resultsize unlimited -filter {Alias -ne $null -and RequireAllSendersAreAuthenticated -eq $true}

Update the accept from for a DL with a list of users
$users = "User01, Test", "User02, Test"; foreach ($user in $users) {$user = get-mailbox -id $user; if ($user) {Get-DistributionGroup -id "DL01" | Update-List -Property AcceptMessagesOnlyFrom -Add $user.distinguishedName | Set-DistributionGroup }}

Update a distribution list to allow sending only from another DL
set-distributiongroup -id dl01 -AcceptMessagesOnlyFromDLMembers dl02

Find the user accounts for mailbox recipients with first and last name 
$mail = get-user -filter {(FirstName -ne $null -and LastName -ne $null)} -RecipientTypeDetails UserMailbox,LinkedMailbox -resultsize unlimited -OrganizationalUnit "OU=Mailboxes,dc=domain,dc=local" | select FirstName,LastName,windowsemailaddress

Find users that don't conform to first.last@ email addresses
$mail = get-user -filter {(FirstName -ne $null -and LastName -ne $null)} -RecipientTypeDetails UserMailbox,LinkedMailbox -resultsize unlimited -OrganizationalUnit "OU=Mailboxes,dc=domain,dc=local" | select FirstName,LastName,windowsemailaddress

Create a new transport rule setting SCL based on subject or body text
$condition = Get-TransportRulePredicate SubjectOrBodyContains; $condition.words = "SCL=9"; $action = Get-TransportRuleAction SetSCL; $action.sclvalue = 9; New-TransportRule -name "Filter01" -Condition $condition  -Action $action

Find mailboxes configured to forward and report details
$outputFile = "c:\temp\EmailForward_" + ([DateTime]::Now.ToString("yyyyMMddhhmmss")) + ".csv"; get-mailbox -filter {forwardingaddress -ne $null} | sort -prop whenChanged -descending | select whenChanged,SamAccountName,Identity,DeliverToMailboxAndForward,ForwardingAddress, @{N='ForwarderPrimarySMTPAddress';E={$recipient = get-recipient -id $_.ForwardingAddress; if ($recipient.recipienttype -eq 'MailContact') {write-output $recipient.externalemailaddress.tostring().replace("SMTP:","")} else {write-output $recipient.primarysmtpaddress}}},@{N='RecipientType';E={$recipient = get-recipient -id $_.ForwardingAddress; write-output $recipient.recipienttype.tostring()}} | export-csv -path $outputFile; write-host $outputFile

Turn on send connector verbose logging
get-sendconnector -id 'SendConnect01' | set-sendconnector -ProtocolLogginglevel verbose

Find NDR 5.4.6 routing loops in the last day from all transport servers
foreach ($server in Get-TransportServer) {Get-MessageTrackingLog -resultsize unlimited -EventId FAIL -Start (Get-Date).AddDays(-1) -server $ | where {$_.RecipientStatus -like '*5.4.6*'} | ft Timestamp,Recipients,RecipientStatus,Sender -wrap -autosize}

Find email addresses that aren't using first.last
foreach ($user in $mail) { if (!($user.windowsemailaddress.tostring().tolower().contains($user.firstname.tolower().replace(' ', '') + '.' + $user.lastName.tolower().replace(' ', '') + '@'))) { write-host $user.windowsemailaddress} }

Export a mailbox to PST
export-mailbox -id user01 -PSTFolderPath c:\temp\user01.pst

Find the Exchange 2003 global restrictions in AD for envelope recipients
Get-ADObject -id "CN=Message Delivery,CN=Global Settings,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=domain,dc=local" -prop msExchRecipLimit

Find the Exchange 2007/2010 global restrictions in AD for envelope recipients
Get-ADObject -id "CN=Transport Settings,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,dc=domain,dc=local" -prop msExchRecipLimit

Find the Exchange 2007 transport settings for max enveople recipients
Get-TransportConfig | fl MaxRecipientEnvelopeLimit

Update managedBy for a distribution group
get-distributiongroup -id DL01 | Set-DistributionGroup -ManagedBy "CN=user01,OU=Mailboxes,dc=domain,dc=local"

Get the offline address book update schedule 
$oab = Get-OfflineAddressBook; $oab.schedule | ft -wrap -auto

Find the offline address book server, PF database and web distribution point
Get-OfflineAddressBook | fl Server,PublicFolderDatabase,VirtualDirectories

Find the Offline Address Book virtual directory
Get-OabVirtualDirectory | ft -wrap -auto

Find the custom resource schema configuration for custom resource properties

Gather public folder statistics
$pfstats = Get-PublicFolderStatistics -server server01

Start the Exchange Management Shell from a standard powershell instance
add-pssnapin  Microsoft.Exchange.Management.PowerShell.Admin; . "C:\Program Files\Microsoft\Exchange Server\bin\Exchange.ps1"

Send an SMTP e-mail with PowerShell 2.0 or later
send-mailmessage -from $sendfrom -to $sendto -subject $subject -body $body -BodyAsHtml -smtpServer $smtpserver

Add an availability address space to access local public folder schedule+ FB
Add-AvailabilityAddressSpace -ForestName -AccessMethod PublicFolder

Query free/busy schedule+ public folder replica information
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY"  -Recurse | ft Name,OriginatingServer,Replicas -wrap -auto

Query free/busy schedule+ public folder information on Exchange 2007/2010
get-publicfolder -Identity "\NON_IPM_SUBTREE\SCHEDULE+ FREE BUSY"  -Recurse | Get-PublicFolderItemStatistics | ft PublicFolderName,Subject -wrap -auto

Show the e-mail addresses for the specified user in list format
((Get-Mailbox user01).EmailAddresses)

Add a secondary e-mail address in Exchange 2010 to a mailbox user
Set-Mailbox user01 -EmailAddresses (((Get-Mailbox user01).EmailAddresses)+="")

Add a secondary e-mail address in Exchange 2010 to a MEU
Set-MailUser testuser01 -EmailAddresses (((Get-MaiLUser testuser01).EmailAddresses)+="") -whatif

Update the targetAddress attribute for an ADSI object
$user = [adsi]"LDAP://CN=testuser01,OU=Migrated,DC=domain,DC=local"; $user.put("targetAddress","")

List the client-side public folder permissions for all public folders
$pfperms = Get-PublicFolder -recurse | Get-PublicFolderClientPermission

Get the report from a Exchange 2010 new-moverequest operation
$MoveReport = (Get-MailboxStatistics -Identity user01 -IncludeMoveReport).MoveHistory

Add to the managedBy property of a distribution list
set-distributiongroup -id $group -managedby (((get-distributiongroup -id $group).managedby) += $user.identity.distinguishedName)

Find the current management roles that have distribution in the name
Get-ManagementRoleAssignment | where {$ -like '*recipient*'} -warningaction silentlycontinue | ft -wrap -auto

Find CAS array information for an Exchange 2010 installation

Find delegate access to a mailbox with Exchange 2010 SP1
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(msExchDelegateListLink=*))" -h dc01.domain.local samaccountname msExchDelegateListLink

Find delegate access to a mailbox with Exchange 2010 SP1 through backlink
adfind -b "DC=domain,DC=local" -f "(&(objectClass=User)(objectCategory=Person)(MsExchDelegateListBL=*))" -h dc01.domain.local samaccountname MsExchDelegateListBL

Convert legacy global distribution groups to universal
Get-Group -ResultSize Unlimited -RecipientTypeDetails NonUniversalGroup -OrganizationalUnit "OU=Distribution Lists,OU=Resources,DC=domain,DC=local" | Where-Object {$_.GroupType -match 'global'} | Set-Group -Universal

Mail-enable legacy global DLs that have been converted to universal
Get-Group -ResultSize Unlimited -RecipientTypeDetails UniversalDistributionGroup -OrganizationalUnit "OU=Distribution Lists,OU=Resources,DC=domain,DC=local"  | enable-distributiongroup

Change group scope for non-universal groups to universal
Get-DistributionGroup -ResultSize Unlimited -RecipientTypeDetails MailNonUniversalGroup | Set-Group -Universal

Upgrade Exchange 2010 legacy groups
Get-DistributionGroup -ResultSize Unlimited | Set-DistributionGroup -ForceUpgrade

Extract all properties of one or more users and save to CSV
get-aduser -ldapfilter "(&(objectClass=User)(objectCategory=Person)(samaccountname=*.exchtest*))" -prop * | export-csv -path c:\temp\TestUsers.csv

Create a new display name with surname in UPPER and first in Title case
$newName = $user.LastName.toUpper() + ' ' + (Get-Culture).textinfo.totitlecase($user.FirstName)

Start a remote powershell session to an exchange 2010 namespace
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://cas01.domain.local/PowerShell/ -Authentication Kerberos;   Import-PSSession $Session

Start a remote powershell session to an exchange 2010 namespace using prefix
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://cas01.domain.local/PowerShell/ -Authentication Kerberos;   Import-PSSession $Session -prefix ResForest

Bitwise OR to whether whether grouptype is distribution or security
if (14 -bor 2147483648 -eq 14) {write-output "Distribution} else {write-output "Security"}

Find mailbox folder permissions in Exchange 2010
$mailbox = get-mailbox -id user01; get-mailboxfolderpermission -id ($mailbox.primarysmtpaddress.tostring() + ":\Calendar")

Find the Exchange 2010 autodiscover URL (then stored in SCP)
Get-ClientAccessServer | fl *autodisc*      

Find Exchange 2010 RBAC management roles
Get-ManagementRole -id 'Distribution Groups' | fl *

Find Exchange 2010 RBAC management role assignments
Get-ManagementRoleAssignment |where {$_.role -eq 'Distribution Groups'} | ft -wrap -auto

Select the value of a property as an array of strings rather noteproperty
$members = get-adgroup "CN=group,DC=domain,DC=local" -server $dc | get-adgroupmember -server $dc | %{write-output $_.SamAccountName.ToString()}

Convert a group from security to distribution
get-adgroup -id migtestdl3 | set-adgroup -GroupCategory 0

Find recipient info from multiple forests and group by primary SMTP domain
$recipients = get-recipient -domaincontroller dc01.domain.local -OrganizationalUnit "OU=People,DC=domain,DC=local" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited ; $recipients += get-recipient  -domaincontroller -OrganizationalUnit "OU=People,DC=target,DC=domain" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited ; $recipients | select @{N='EmailDomain';e={$_.primarysmtpAddress.tostring().split("@")[1]}} | group-object -prop EmailDomain | sort -prop Count | ft -wrap -auto

Find mailboxes from multiple forest and info on e-mail domain and islinked
$mailboxes = get-recipient -domaincontroller dc01.domain.local -OrganizationalUnit "OU=People,DC=domain,DC=local" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited  | get-mailbox -domaincontroller dc01.domain.local; $mailboxes += get-recipient  -domaincontroller dc01.taret.domain -OrganizationalUnit "OU=People,DC=target,DC=domain" -filter {(firstName -ne $null -and LastName -ne $null) -and (RecipientType -eq 'UserMailbox')} -resultsize unlimited | get-mailbox -domaincontroller; $mailboxes | select OriginatingServer,@{N='EmailDomain';e={$_.primarysmtpAddress.tostring().split("@")[1]}},IsLinked | group-object -prop OriginatingServer,EmailDomain,IsLinked | sort -prop Count | ft Count,Name -wrap -auto  

Find mailboxes with an ActiveSync device partnership
get-casmailbox -resultsize unlimited  | where {$_.HasActiveSyncDevicePartnership -eq 'true'}

Find the preferred domain controllers for the current Exchange 2010 session
Get-ADServerSettings | fl *

Set domain controller configuration for an exchange server
Set-ExchangeServer -StaticConfigDomainController dc01 StaticDomainControllers dc01,dc02 -StaticExcludedDomainControllers dc03 -StaticGlobalCatalogs gc01

Link an Exchange 2010 mailbox to a cross-forest security principal
get-mailbox user01 | set-mailbox -LinkedMasterAccount domain\user01 -linkeddomaincontroller dc01.domain.local

Get Exchange 2010 IMAP settings
Get-IMAPSettings -Server cas01

Disable policy and update the primary SMTP address of a 2010 mailbox 
get-mailbox -id "CN=user01,OU=People,DC=domain,DC=local" | set-mailbox -EmailAddressPolicyEnabled $false -PrimarySmtpAddress user01@domain.local

Find the server generating the Offline Address Book
Get-OfflineAddressBook | ft server,guid,AddressLists -wrap -auto (files stored in C:\Program Files\Microsoft\Exchange Server\V14\ExchangeOAB\)

Prepare an Exchange 2010 cross-forest move (create MEU and merge contact)
.\Prepare-MoveRequest.ps1 -Identity $username -RemoteForestCredential $cred -RemoteForestDomainController dc01.domain.local -LinkedMailUser -MailboxDeliveryDomain domain.local -TargetMailUserOU "OU=Resource Forest Accounts,DC=domain,DC=local" -UseLocalObject

Initiate an Exchange  2010 cross-forest move request
New-MoveRequest -Identity $username -RemoteLegacy -RemoteGlobalCatalog dc01.domain.local -TargetDatabase 'DB01' -RemoteCredential $cred -TargetDeliveryDomain 'domain.local' ?Verbose

Get an Exchange 2010 move request report
$moverequest = Get-MoveRequestStatistics -id user01 -IncludeReport; $

Get all the mailbox users in an OU and set a user property
get-mailbox -org "OU=Resource Forest Accounts,DC=domain,DC=local" | set-user -company 'Company01'

Check Exchange 2010 CAS RPC Client Access stats for online mode
$matches = select-string -pattern "2013-03" -simple -path "\\cas01\c$\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access\RCA_201303*"; $results = foreach ($match in $matches) {$line = $match.line;   write-output $line }; $results | out-file -file c:\temp\rpcusage.txt -encoding ascii; $rpc = import-csv -path c:\temp\rpcusage.txt -header date-time,session-id,seq-number,client-name,organization-info,client-software,client-software-version,client-mode,client-ip,server-ip,protocol,application-id,operation,rpc-status,processing-time,operation-specific,failures; $classic = $rpc | where {$_.'client-mode' -eq 'Classic' -and $_.'client-software' -eq 'outlook.exe'}; $classic | select client-name | group-object -prop client-name | ft -wrap -auto Count,Name

Error adding datastores to VMWARE ESXi

source link

Error Message:
I was unable to add any of the local disks to my VMWARE ESXi host as VMFS datastores as I got the error “HostDatastoreSystem.QueryVmfsDatastoreCreateOptions” for object ‘ha-datastoresystem’ on ESXi….” as shown below;

There are various useful suggestions in the Eversity comments for dealing with GPT partitions but they are quite long winded. The quickest solution (as suggested by fdisk) was to use partedUtil.
You need to run the following command for each disk that you’re having issues with (this overwrites the partition table with a standard msdos one which VMware can work with);
NOTE: This will ERASE ALL DATA on the disk in question so be careful to select the right disks!

#partedUtil mklabel /dev/disks/ msdos

To get the disk id: 
ls /dev/disks/

IMCEAEX non-delivery report

Source Link

How to interpret X500 address


When you send email messages to an internal user in Microsoft Office 365 dedicated, you receive an IMCEAEX non-delivery report (NDR) because of a bad LegacyExchangeDN reference. The IMCEAEX NDR indicates that the user no longer exists in the environment.


This issue occurs because the value for the LegacyExchangeDN attribute changed. The auto-complete cache in Microsoft Outlook and in Microsoft Outlook Web App (OWA) uses the value of the LegacyExchangeDN attribute to route email messages internally. If the value changes, the delivery of email messages may fail with a 5.1.1 NDR. For example, the recipient address in the NDR resembles the following:


To resolve this issue, use one of the following methods, as appropriate for your situation.

Method 1: Clear the auto-complete cache file

For more information about how to clear the auto-complete cache file, click the following article number to view the article in the Microsoft Knowledge Base:

2005644 The Outlook auto-complete file contains obsolete or invalid entries
Note The procedure that's described here has to be performed by each user individually.

Method 2: Create an X500 proxy address for the old LegacyExchangeDN attribute for the user

To create an X500 proxy address for the old LegacyExchangeDN attribute for the user, make the following changes based on the recipient address in the NDR:
  • Replace any underscore character (_) with a slash character (/).
  • Replace "+20" with a blank space.
  • Replace "+28" with an opening parenthesis character.
  • Replace "+29" with a closing parenthesis character.
  • Delete the "IMCEAEX-" string.
  • Delete the "" string.
  • Add "X500:" at the beginning.
After you make these changes, the proxy address for the example in the "Symptoms" section resembles the following:

Note The most common items will be replaced. However, there may be other symbols in the LegacyExchangeDN attribute that will also be changed from the way that they appear in the NDR. Generally, any character pattern of "+##" must be replaced with the corresponding ASCII symbol.

How to collect IBM Dynamic System Analysis(DSA) logs for an ESXi server

source link

It is possible to gather DSA data from an IBM server running ESXi without having to boot with a bootable CD or reboot the server at all.

From any machine, Windows or linux, you can run the latest release of the DSA tool, then reference the ESXi server using commandline parameters when running the DSA tool.

Step 1: Download the appropriate IBM DSA utility on any windows server that has connectivity to ESXi server.

Step 2: Open the command prompt and go to the directory where the DSA utility presents.

Step 3: Enter the below command to collect system information

#ibm_utl_dsa_dsyt85t-3.40_portable_windows_x86-64.exe --vmware-esxi  user:password@ip-address

Note: this will take some time to gather diagnostics logs and store it in C: drive.

How to reset mysql root password

Source link 1
Source link2

C. Resetting the Root Password: Windows Systems
On Windows, use the following procedure to reset the password for all MySQL root accounts:
  1. Log on to your system as Administrator.
  2. Stop the MySQL server if it is running. For a server that is running as a Windows service, go to the Services manager: From the Start menu, select Control Panel, then Administrative Tools, then Services. Find the MySQL service in the list and stop it.
    If your server is not running as a service, you may need to use the Task Manager to force it to stop.
  3. Create a text file containing the following statements. Replace the password with the password that you want to use.
    UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
    Write the UPDATE and FLUSH statements each on a single line. The UPDATE statement resets the password for all root accounts, and the FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
  4. Save the file. For this example, the file will be named C:\mysql-init.txt.
  5. Open a console window to get to the command prompt: From the Start menu, select Run, then enter cmd as the command to be run.
  6. Start the MySQL server with the special --init-file option (notice that the backslash in the option value is doubled):
    C:\> C:\mysql\bin\mysqld-nt --init-file=C:\\mysql-init.txt
    If you installed MySQL to a location other than C:\mysql, adjust the command accordingly.
    The server executes the contents of the file named by the --init-file option at startup, changing each root account password.
    You can also add the --console option to the command if you want server output to appear in the console window rather than in a log file.
    If you installed MySQL using the MySQL Installation Wizard, you may need to specify a --defaults-file option:
    C:\> "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe"
             --defaults-file="C:\\Program Files\\MySQL\\MySQL Server 5.0\\my.ini"
    The appropriate --defaults-file setting can be found using the Services Manager: From the Start menu, select Control Panel, then Administrative Tools, then Services. Find the MySQL service in the list, right-click it, and choose the Properties option. The Path to executable field contains the --defaults-file setting.
  7. After the server has started successfully, delete C:\mysql-init.txt.
You should now be able to connect to the MySQL server as root using the new password. Stop the MySQL server, then restart it in normal mode again. If you run the server as a service, start it from the Windows Services window. If you start the server manually, use whatever command you normally use.
C. Resetting the Root Password: Unix Systems
On Unix, use the following procedure to reset the password for all MySQL root accounts. The instructions assume that you will start the server so that it runs using the Unix login account that you normally use for running the server. For example, if you run the server using the mysql login account, you should log in as mysql before using the instructions. Alternatively, you can log in as root, but in this case you must start mysqld with the --user=mysql option. If you start the server as root without using --user=mysql, the server may create root-owned files in the data directory, such as log files, and these may cause permission-related problems for future server startups. If that happens, you will need to either change the ownership of the files to mysql or remove them.
  1. Log on to your system as the Unix user that the mysqld server runs as (for example, mysql).
  2. Locate the .pid file that contains the server's process ID. The exact location and name of this file depend on your distribution, host name, and configuration. Common locations are /var/lib/mysql/, /var/run/mysqld/, and /usr/local/mysql/data/. Generally, the file name has an extension of .pid and begins with either mysqld or your system's host name.
    You can stop the MySQL server by sending a normal kill (not kill -9) to the mysqld process, using the path name of the .pid file in the following command:
    shell> kill `cat /mysql-data-directory/`
    Use backticks (not forward quotation marks) with the cat command. These cause the output of cat to be substituted into the kill command.
  3. Create a text file containing the following statements. Replace the password with the password that you want to use.
    UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
    Write the UPDATE and FLUSH statements each on a single line. The UPDATE statement resets the password for all root accounts, and the FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
  4. Save the file. For this example, the file will be named /home/me/mysql-init. The file contains the password, so it should not be saved where it can be read by other users. If you are not logged in as mysql (the user the server runs as), make sure that the file has permissions that permit mysql to read it.
  5. Start the MySQL server with the special --init-file option:
    shell> mysqld_safe --init-file=/home/me/mysql-init &
    The server executes the contents of the file named by the --init-file option at startup, changing each root account password.
  6. After the server has started successfully, delete /home/me/mysql-init.
You should now be able to connect to the MySQL server as root using the new password. Stop the server and restart it normally.

Linux 2

Step 1: Stop MySQL daemon if it is currently running
Depending on the operating system MySQL is installed on, the daemon can be checked/stopped differently. Here is an example on how to do it in Unix-like systems.
[ NOTE ]: You might need to run it as a Unix System superuser (root) - depending on 
          how the system is configured, and what permissions your Unix account is granted)
Here is how to stop/kill the existing mysql daemon, in case it is running:
      ps -ef | grep mysql      - checks if mysql/mysqld is one of the running processes.
      pkill mysqld             - kills the daemon, if it is running.
Note: if pkill (’process kill’) is not on a particular Unix system, use kill -9 ‘pid’, where ‘pid’ corresponds to processes that were found with ps -ef | grep mysql
Step 2: Run MySQL safe daemon with skipping grant tables
      mysqld_safe --skip-grant-tables &
Step 3: Login to MySQL as root with no password
      mysql -u root mysql
Step 4: Run UPDATE query to reset the root password
In MySQL command line prompt issue the following two commands:
      UPDATE user SET password=PASSWORD("ualue=42") WHERE user="root";
“ualue=42” is a common password for “The Hitchhiker’s Guide to the Galaxy” people which reads “Ultimate Answer to Life, the Universe, and Everything=42“
Step 5: Stop MySQL safe daemon
Follow the first two steps, but this time kill (pkill) “mysqld_safe” instead of “mysqld”
Step 6: Start MySQL daemon
Depending on the operating system (Unix-like examples):
      /etc/rc.d/rc.mysql start
      /etc/init.d/mysql start
      /etc/rc.5/mysql start
etc.. check existing MySQL configuration
Step 7: Root password is reset and ready to use
Password is reset. Privileges are flushed. Start MySQL and login as root with the password set in step 4:
      mysql -u root -p mysql
Note: sometimes (most of the time) ‘root user’ privileges are required for the system (OS) in order to stop/start processes

Troubleshooting WSUS Agents that Are Not Reporting to the WSUS Server

source link

The WSUS client agent may not report to the WSUS server for many reasons. Here I'll go through some of the reasons and how you can troubleshoot the process. There are also some situations you may run into where some or all clients stop reporting to the server and these steps will also help for those scenarios as well.
1. Make sure that the client has the proper WSUS settings
On the client run gpresult or rsop.msc to make sure that the details of the WSUS server exist. If not then a couple possible causes include:
  • The system does not have the group policy from the Domain.
  • The Group Policy is not been targeted to the client system.
To address this, you need to make sure that the group policy is successfully updated on each client and that the WSUS setting is properly configured. For more information on this see the following TechNet documentation:

Configure Automatic Updates by Using Group Policy 

In case you are using a registry modification or local policy make sure that the same is applied. The registry location where the WSUS server configuration is stored is below:

http:// >""
http:// > …etc

Further options on the WSUS Agent settings are available here:
"AUOptions"=dword:0000000X …etc

You can find more details on how you can use scripts to configure the WSUS settings from the following link:

Once you have made sure that the WSUS settings are configured correctly you can move on to next step.
2. Make sure that the agent services are up and running
You need to make sure that the WSUS agent service (Automatic Updates) and BITS (Background Intelligent Transfer Service) are running. The System\Application event viewer events can help you identify and troubleshoot this issue. If you suspect your issue may be related to issues with the Automatic Update or BITS services, here are few links that can be helpful in troubleshooting these types of issues:

KB331716 - List of known issues for Background Intelligent Transfer Service (BITS)

KB969632 - Background Intelligent Transfer Service (BITS) does not start in Windows XP, and you receive a message in the System log: "The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005)"

KB883614 - You receive a "Windows Update has encountered an error and cannot display the requested page" error message when you try to install an update

KB959894 - Error message: “The necessary service "Automatic Updates" (WUAUSERV) is not started or Background Intelligent Transfer Service (BITS) is disabled. Error 0x8DDD0018” or Error codes 0x80244019 or 0x80070422 when attempting to install updates.
3. Make sure the WSUS server is reachable from the client
Make sure that you can access the site /">/">/">http:/// and download the file without errors. If this fails then some possible reasons include:
  • There is a name resolution issue on the client.
  • There is network related issue (e.g. there's a proxy configuration issue, etc.).
One of the most common issues we see is the proxy issue. For that you can check the windowsupdate.log (C:\windows\) and see if there are any proxy related errors. If yes then you can run the proxycfg command to check the win http proxy settings. For more information on the proxycfg command you can check the following link: 

Most of the clients will have the proxycgf utility but if not then you can download it here:

KB830605 - The Proxycfg.exe configuration tool is available for WinHTTP 5.1

If you are finding proxy errors then what you can do is go to Internet Explorer –> Tools -> Connections –> LAN Settings and configure the correct proxy and make sure you can reach the WSUS URL specified. Once done you can copy these user proxy settings to the win http proxy settings using the proxycfg –u command.

Once the proxy settings are specified you can run wuauclt /detectnow and check the windowsupdate.log for errors.
4. Make sure the agent is healthy and working
If you still have errors you can check the windows update agent version. The details on how to do this are here: 

If you find that the agent is not up to date then you can update the windows update agent to the latest here:

KB949104 - How to obtain the latest version of the Windows Update Agent to help manage updates on a computer

For more information see 

You can also use the utility provided in KB971058 that will help you to sort out most of the issues with the agent. Once you've run the fix or updated the agent you can run wuauclt /detectnow and check the windowsupdate.log to make sure there is no issues.
5. Automatic Update Agent Store is corrupted
When we have issues with the ability to download updates and we're experiencing errors relating to the software distribution store then try the following on the client:
a. Stop the Automatic Updates service
b. Rename the software distribution folder (i.e. C:\Windows\SoftwareDistribution).
c. Restart the Automatic Update service
d. Run wuauclt /resetauthorization /detectnow
e. Run wuauclt /reportnow
6. Clients with the Same SUSclient ID
This issue can happen when we image systems and the clients end up having the same SUSclientID. The result is that only one among these clients will appear in the console. You may also see that out of a group of these clients, only one appears at a time but the exact one that does appear may change over time. For those clients that are not registering due to the SUS GUID issue we can use the following:
a. Stop the automatic service
b. Delete the SUSclientID reg key

c. Restart the automatic service
d. Run wuauclt /resetauthorization /detectnow
e. Run wuauclt /reportnow
7. Conflicts with System Center Configuration Manager
This can occur if ConfigMgr 2007 had been previously installed on the server as a Software Update Point (SUP) and Automatic Update reporting events was set to "Do not create WSUS reporting events". The solution is to revert the setting back to "Create all WSUS reporting events" unless ConfigMgr 2007 was uninstalled.

An alternate solution is to use this application to change the level of reporting.

Note : Most of these issues can be traced from windowsupdate.log and the error codes it contains. For understanding what the error codes mean you can check the following link: .
Note: This information was originally contributed by Sudheesh Narayanaswamy, Support Engineer, on the WSUS SupportTeam blog: