Archive for category Windows Server

Exchange autodiscover

We’ve been having a couple of really annoying issues for awhile, but never often enough or serious enough for me to really dig into it. It’s slow today and it happened again so I was determined to figure it out. The solution was annoyingly simple.

Two issues:

  1. When typing up an email to an internal user I would randomly get an error saying MailTips couldn’t be retrieved. It didn’t happen all the time though.
  2. I have heard from a couple of people that when they tried to set their out of office response it wouldn’t let them. But again, it didn’t happen to everybody and was not always an issue for the two people I heard from.

It wasn’t until today when I got the MailTips error again that I realized the two problems were related.

I ran the Outlook tool to test e-mail autoconfiguration and every autodiscover test failed. I swear I ran that before we updated to Outlook 2016 from 2010 and it passed, but maybe I’m losing my mind.

Anyway, the solution was to create a cname record on the DNS (of course!) server. Works perfectly now.

Source: Setup a DNS record for Autodiscover

  1.     On your remote desktop session, select Start / Programs / Administrative Tools / DNS.
  2.     Right-click your domain name and select New Alias (CNAME).
  3.     Under Alias Name enter: autodiscover
  4.     Under Fully qualified domain name (FQDN) for target host enter:
  5.     Click the Ok button.


1 Comment

Group policy on server 2012

We finally got our new server up and running as a new domain controller. Now we have a server 2008 and server 2012 as our DCs – our main DC was running server 2003, ouch. Trying to manage windows 7 machines with server 2003 was not fun so this was very exciting for me. I was working last week on making sure things were syncing properly between the two of them so I could start cleaning up group policy and look in to changing the way I have our printers set up. Things are a little different in group policy management editor, but not much.

One thing I did notice is you can now easily check the status of active directory and sysvol replication for the domain. When you open group policy management click on your domain and to the right the first tab will be the status. You can hit the detect now button on the bottom right to pull it and see what it says.


When I did this for the first time last week, instead of it saying 1 domain controller with replication in sync, it had 1 for domain controller with replication in progress. I can’t remember exactly what it said when you clicked the arrow next to it to show the details. But if you clicked on the domain controller this is the window that opened:


I tried figuring this out for at least 3 hours before I finally found a site that told me how to fix it. Being interrupted and having to work on other things probably didn’t help. It’s been a week now and I don’t remember what the site was. Clearly the permissions are messed up, but where to fix the permissions was the problem. All you need to do is open group policy management editor for whatever policy is on the list above. Right-click on the policy name and go to properties.


Go to the security tab, click advanced near the bottom and in the permissions tab click restore defaults. That was it, it was that simple. But it took forever for me to find the solution. Now one thing I noticed the next day was that resetting the permissions also resets who the policy applies to. Obviously I have the intern policy in order to lock down where they can go and what they can do. After resetting the permissions I logged in the next day and thought things looked weird because my control panel was missing. I logged in to the domain controller and noticed under security filtering in group policy management it was set for authenticated users instead of just the intern group. I didn’t realize it reset who it applies to until it applied to me, whoops. Luckily only 2 other people noticed before I fixed it.


Leave a comment

Keeping track of who deleted and created files

I received a call on Monday at home from someone at work in a panic because an entire folder on our network drive was missing. I had to recover it from our backups of the previous evening. I thought we had already set it up so we could find out who deletes files and folders, but we didn’t. I finished setting it up yesterday and had to go to four different pages to really get all the info I needed.

From all the reading I did online for how to track this information there are a couple of ways to do it. You can do it in group policy or you can use the auditpol tool if running server 2008. Starting with Server 2008 they added audit categories which allow you to fine tune what you want to see in the event log. With Server 2003 you can only enable an entire class, which could cause a huge amount of useless information to be included. That would defeat the purpose of me wanting to set file auditing to begin with because I wouldn’t want to search through a massive amount of logs for a couple of events.

First, if you are running a server 2003 domain still (I cry a little inside about this being true for us) you’ll need to go into group policy and enable force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. You can find that setting under computer configuration > policies > windows settings > security settings > local policies > security options.

I made the following changes on the file server directly since that’s the only one we care about. To audit when files and folders are deleted or created you want to enable success audits for the file system subcategory under the object access class. Here’s a list of all the classes and subcategories that I found helpful.  If you want to view all of the subcategories and their settings you can type auditpol /get /category:* into a command prompt. To enable this category use this in the command prompt auditpol /set /subcategory:”File System” /success:enable /failure:enable.

The last step is just like setting permissions on folders. Go to the folders you want to monitor, right-click on them and go to properties. Go to the security tab and then click the advanced button. Instead of using the permissions tab we’re using the auditing tab.  Click edit under this tab and add whatever group of users you want to monitor, in my case it was just the domain’s built-in users group since I want to what everybody does on our network share when they create and delete things. Then you can check the boxes for what actions you want to keep track of. In my case it was just the boxes for creating files, creating folders, delete subfolders and files, and delete.

Then you’re done. When you want to go back and check the event log on the file server you’ll see events under the file system category for the boxes you checked.

Next time someone deletes something they aren’t supposed to I can chase them down.


  1. Technet forum – Where is my : Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
  2. Technet forum – auditing file share on windows 2008 R2
  3. Technet – Fine Tune Your Security Audit Policies
  4. Technet forum – how can track who deleted file/folder from Windows Server 2008
  5. Technet – Advanced Audit Policy Configuration descriptions

Leave a comment

GFI MailEssentials mail stuck in quarantine

I’ve had this problem more than a couple times now. I go into MailEssentials to take a look at the quarantined email, but when I try to approve something it just sits there and won’t go through. It’s been an easy fix every time. The first time it happened I had to contact support since I couldn’t find this problem in the knowledge base. I don’t like how they have it set up, I rarely seem to find the article I need. Then they’ll send me the link after I contact support and I feel like an idiot for not finding it myself.

Anyway, the first step is to go into services.msc and stop all of the GFI services. Once you’ve done that you want to find the config.mdb file in the antispam folder. In my setup there are two config.mdb files, one under Program Files\GFI\MailEssentials\Antispam and the other in Program Files\GFI\MailEssentials. I looked at the one with the most recent timestamp to figure out what I needed. Open it in Access, go to the database tools tab, then compact and repair database. I don’t know what keeps breaking my database but this has fixed it every time. It shrunk the size this time by about 200k and the web interface is a bit snappier as well.


Leave a comment

Domain time syncing

I’ve been seeing this error on one of our domain controllers for awhile.

It’s a not a big deal, but annoying so I looked at fixing it today. Found this page about it and looked in the registry to check the settings it walks your through. The only thing that I needed to change was adding ,0x1 to the end of the servers since we weren’t using the IP addresses. I’ll check on it later to see if the error is still popping up.


This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append ,0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from,0x1 to,0x1 here. Alternatively, you can specify the IP address of this time server, which is instead.


Leave a comment

Exchange server memory settings

Our Exchange server has been locking up lately, not terribly often so it isn’t the end of the world, but it obviously should not be happening at all. I eventually noticed an error in the event log that only shows up after a reboot so I didn’t notice it right away. We are running Exchange 2003 on a Server 2003 (32bit) box with 4 gigs of RAM. Hopefully upgrading this year…

Source: MSExchangeIS

Event ID: 9665

The memory settings for this server are not optimal for Exchange.

Then it links to the first article at the bottom of this post. Not being one who likes to jump right into registry settings on a server I first downloaded the best practices analyzer for Exchange and ran that to see if anything other issues came up and to see if it would be a little more helpful with what specific things I should look at for the memory problem.

The issues it found relating to memory utilization were:

  • ‘SystemPages’ set too high
  • ‘HeapDeCommitFreeBlockThreshold’ not set
  • ‘SystemPages’ setting – this second entry actually recommends the value to set it at to be zero.
  • USERVA is set incorrectly

The SystemPages setting was recommended to be set to zero in the BPA so I did that right away seeing as how it looked to be the easiest fix. The next two things I tried were adding the /3GB and /USERVA=3030 switches to the boot.ini file. Now right off the bat I didn’t think it worked properly because after hitting OK it showed 3030 being a separate OS entry even though I know I put it all on one line. I didn’t want to make all the registry changes at the same time in case I broke something so I held off on doing anything else. I rebooted the machine over night but still saw event 9665 in the log. Here is what the boot.ini file looked like after adding the switches:

[Boot Loader]
[Operating Systems]
multi(0)disk(0)rdisk(0)partition(2)\WINNT=”Microsoft Windows Server 2003″ /fastdetect /NoExecute=OptOut /3GB /Userva=3030

I googled the USERVA switch and came across a couple forums talking about them (the last 2 bullets) and they both said to replace the /NoExecute switch with /Execute. I did some research before making the change to see if it would really matter. I have a gist of what /noexecute does but do not fully understand the pros/cons of using it or not using it. So to test it out I swapped out the switches and right away noticed that 3030 was not listed in the drop down as an OS. That makes me think the switches are set properly.

I have yet to restart the Exchange server to test these changes. I am debating whether to do it tonight again or wait until Friday. It makes me cringe a little when I make changes that require reboots on the servers during the week. There is always that fear of them not coming back up properly. I think I will wait until Friday and report back – but I have a feeling this will work.

Update: After rebooting over the long weekend I came in today and ran the BPA again. All of the errors mentioned above were fixed. /win



Leave a comment

SideBySide errors in event viewer

I’ve been working a lot on our SMTP server configuring and watching a new spam filter. One of the features hasn’t been working quite right so went searching through the event log for anything that could possibly be related. This is what the event viewer looked like:

Not pretty. Every 15 minutes, on the dot, there was 6 errors in a row. So the hunt began. I wasn’t sure if this was related to the problem I was having but my spam filter is mentioned in one of the errors so I figured it wouldn’t hurt to fix it and if it helps, then great.  Here are the details of the 3 errors I was repeatedly seeing:

I started Googling to see what I could find and it turns out that there are quite a few things that will cause these errors to show up. The problem is that the errors aren’t specific enough to tell me which of the solutions would work. I can’t remember what sites I went to but the one solution that kept showing up was installing one of two Microsoft Visual C++ Redistributable Packages – either 2005 or 2008.

I tried 2005 but that didn’t make a difference at all. I then tried the 2008 package and ever since I installed it my event viewer has been perfectly clean – no errors at all.  I also installed a critical windows update, the net framework 3.5 I think is what it was. But I don’t think that was related to it. It would have been nice if the package I needed showed up in windows updates when I did the custom scan. But that would be too easy.



Leave a comment