User Profile
BrentStobbs
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Azure Backup Server/DPM Online Retention
Hi, The time has come to review my backup strategy. I have Microsoft Azure Backup Server configured and protecting my data. I've been trying to find information on the online retention period for Azure Backup Server, but I can't find the information I'm looking for and I'm hoping someone can clear up my confusion. Hopefully I don't sound too stupid. My configuration backing up my files daily, I retain my daily backups for a month, then weekly backups for 6 months, monthly backups for 2 years, and annual backups for 10 years. My question is if a file/folder is deleted during the year, can I restore it from the annual backup, or does the annual backup only provide a snapshot of my files on the day the backup was taken? Thanks in Advance Brent525Views0likes1CommentRe: is the Microsoft Remote Connectivity Analyzer broken?
I have just rebuilt my Exchange environment and needed to once again test Autodiscover to find out why it wasn't working. For anyone attempting to test autodiscover, I have found a free tool https://www.priasoft.com/autodiscover-testing-tool/ that successfully tests the autodiscover phase. Unfortunately, it doesn't help with a full end-to-end test as the Remote Connectivitiy Tool did but gets you part way there. NOTE: I am not connected to Priasoft in any way, I just found this tool and it sorted me out.5.4KViews0likes0CommentsShared Mailboxes not Caching for Exchange Online User
Recently users reported that the shared mailboxes they access are not updating. Upon investigation, it appears that Outlook will not cache a shared mailbox located On-Prem when the user is in Exchange Online. (This may also be the case for other scenarios, but I haven't tested them) My On-Prem Server is Exchange 2016 running in Hybrid. All my users are in the cloud, all shared mailboxes are located on-prem. Outlook and Exchange is fully up to date. I suspect it was a recent update that has caused this as it has only been reported in the last week. I can go to Outlook and turn the cache off for the shared mailbox, and the user can see all the recent mail, obviously this is only useful if the user is often connected to the internet. Has anyone else experienced this or know of a fix? I have several users who are not always connected and need access to the shared mailbox. For logistical reasons moving the mailboxes to the cloud is not currently an option. That will be done further down the road. Thanks1.3KViews0likes3CommentsPowershell command to get Microsoft 365 Groups that Allow External Senders
Hi, I know I have a few Microsoft 365 Groups that allow external parties to e-mail them, but I cannot remember which groups. Does anyone know the command or script in powershell to retrieve this information, I've tried Get-ExoRecipient and Get-Recipient, but neither of these seem to show the information. Thanks Brent8.8KViews0likes1CommentRe: DynamicSiteName not updating to RoDC Site
Thanks for your reply, unfortunately though I think you missed the point. The process works flawlessly if the client can contact the RWDC in another site. However, if that link is broken or blocked, The site is not updated to the correct site (with the RoDC).6.1KViews0likes3CommentsDynamicSiteName not updating to RoDC Site
I have 2 Active Directory Sites, the first site (Corporate) has my RW DCs, while the second (DMZ) only has a RoDC. The two sites are separated by a firewall which allows Domain Traffic (53, 389, etc etc) between my RoDC and my RWDCs. Traffic from other devices in the second site is blocked, so they can only talk to the RoDC (GC, DNS. DHCP). If I join a device to the domain while it is connected to the Corporate site, the DynamicSiteName registry entry is set to Corporate-Site. I then move to the DMZ and attempt to log in, but it cannot find a DC to authenticate against. I then change the DynamicSiteName to DMZ-Site, and attempt to log in again, it can find the RoDC, authenticate and everything is happy. I can restart the device and do what I like and all is well. If I then move the device back to the Corporate-Site. DynamicSiteName gets updated automatically based on the IP address and everything is still happy. Moving the device back to the DMZ, DynamicSiteName does not get updated, and I am unable to authenticate again until I manually update DynamicSiteName. Obviously if I set a registry entry of "SiteName" the device can physically move between the Sites, but will always be bound to the DMZ-Site. If I open up the firewall and allow domain traffic from the client to the RWDCs, the DynamicSiteName is updated and the user can be authenticated correctly. What am I missing that is stopping the client from detecting the correct site and updating DynamicSiteName from the RoDC when connected to the DMZ?Re: Authenticating to a RoDC is unsuccessful
Thank you again Lain for your quick and thorough response. I have now resolved the issue and I am feeling quite stupid about it. The workstations (both of them) I was testing with were configured for DirectAccess. As the NLS is not available on the network, it was trying to connect via Direct Access and hence using NRPT to resolve the domain name, additionally DirectAccess was not able to reach the Domain Controllers, and as it therefore failed to connect, it was causing the DNS issues. I have removed the DirectAccess configuration for the workstation and things started working as expected. I am going to mark this response as the best answer, but I do want you to know that it was in no small part due to your assistance. I would not have come to this conclusion without the hints you have provided and your guidance with troubleshooting. Sincerely, thank you very much, I was really struggling.22KViews1like1CommentRe: Authenticating to a RoDC is unsuccessful
Thank you again for your on-going assistance here. Yes, the difference in the subnet was simply an oversight in the obfuscation. My DNS resource records essentially match the screenshot you have posted, and the nltests returned pretty much what you'd expect, correctly working on the RoDC with the correct site and domain information, likewise on my server in the same network, but the client is still unable to find the domain. I think I have narrowed down the issue, but still not sure what I am overlooking, and it doesn't make sense. If I run NSLOOKUP and search for the domain (local.domain.com), it lists the (writable) DCs, which we have determined is what is expected. However, if I attempt to ping the domain it cannot be found. It doesn't resolve the name. If I ping the full DNS name of the DC (PDC.local.domain.com), it still fails to resolve the name. Back on the RoDC and connected/working member server, I can ping both the domain name and the full DNS name of the DC. The DC and Member Server are both configured to use the DNS server on the RoDC. So given this information, I opened up the network to allow the client workstation to connect to the DNS in the Corporate Site. The workstation still fails to resolve the name of the DC or Domain. * The workstation can successfully ping the DC by IP Address. * The workstation can successfully resolve other DNS zones from my DNS server (Domain.com, Domain.local, etc) and the forwarded requests to the internet come back successfully (i.e. ping http://www.google.com) but just cannot resolve local.domain.com. There must be something I'm overlooking, but I do not know what that could be.21KViews0likes3CommentsRe: Authenticating to a RoDC is unsuccessful
Hi Lain Thank you for your ongoing assistance with this. You assumption is correct. The RoDC has been put into it's own site with the appropriate subnet and IP Link configured. Replication between sites is working, as I can add/remove users to my administration group which allows logon to the DC, and this is accurately reflected after initiating a replication. I wondered if something went amiss when setting up the RoDC, so I Promo'd it down and then DCPromo'd it again, but still the same issue with the exception of the cached data has gone (which is a good thing for troubleshooting imo). When I run GetComputerSite() on my RoDC it correctly returns the site information (I have censored some information out with *s): Name : ***Isolation Domains : {} Subnets : {192.168.2.0/24} Servers : {******RODC.local.domain.com} AdjacentSites : {****-Corporate-Lan} SiteLinks : {***-Isolation} InterSiteTopologyGenerator : Options : None Location : BridgeheadServers : {*******RODC.local.domain.com} PreferredSmtpBridgeheadServers : {} PreferredRpcBridgeheadServers : {} IntraSiteReplicationSchedule : When I run this same command from the client workstation I get "The specified domain either does not exist or could not be contacted" IPCONFIG /ALL on my RoDC (IP Addresses have been changed from the real addresses): Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Network Adapter Multiplexor Driver Physical Address. . . . . . . . . : ******** DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::e5a5:b81d:9ebe:4303%4(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.200.10(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.200.4 DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 192.168.100.10 (DC1 in Corporate Site) 192.168.100.15 (DC2 in Corporate Site) IP Configuration on my client is set by DHCP with the a single DNS server being the RoDC. The NSLOOKUP command I ran was NSLOOKUP LOCAL.DOMAIN.COM. When run on the RoDC or Client Workstation this returns the correct IP addresses of all my RWDCs (of which I have 4 in 3 Sites), but not the RoDC. Based on this thread https://social.technet.microsoft.com/Forums/lync/en-US/22499c64-6016-4be5-8cb5-f538b49dd321/rodc-not-listed-under-nslookup?forum=winserverDS the RoDC should be listed here. I can confirm there is a PTR record for the RoDC in the Reverse Lookup Zone. Additionally if doing a lookup for _ldap._tcp.dc._msdcs.local.domain.com after setting the type to all, only the RWDCs are listed. The same results occur when running this on my primary DC or within the RoDCs site. The reason I'm fixated on this being the issue, is if a client workstation connects to the site while all connections to any RWDC are unavailable, the client still has to be able to query DNS to locate the RoDC before it can determine what site it is in and ask the appropriate DC (or RoDC) for authentication. Currently my workstations are not aware there is a connectable RoDC that can tell them what site they are in. I'm assuming that I am able to log on to the RoDC because it is knows it is a DC and doesn't need to go looking for one. Or am I barking up completely the wrong tree?21KViews0likes6CommentsRe: Authenticating to a RoDC is unsuccessful
Hi Lain, Thanks for your reply, the links you provided confirm that what I am trying to achieve is not unusual, and confirm that my understanding of the RODC function is correct with the only potential issue is the dynamic update of DNS records which is a bridge I can cross in the future. This should not block authentication. I should also mention that I have a Windows 2019 server in the perimeter network with the RODC that allows authentication and the NLA service correctly assigns the connection as DomainAuthenticated. However, at some point I had allowed this server to communicate directly with a RWDC (though communications are now blocked). Running the powershell command you suggested returns a "Domain cannot be contacted" error on the workstation. Running it on the RODC (or other connected server) confirms the correct site. If I do a lookup for my domain using NSLOOKUP (in either site), the RODC is not listed. Shouldn't it be listed here?22KViews0likes9CommentsAuthenticating to a RoDC is unsuccessful
I have the requirement to create a segregated network for a group of my users. The network will contain 1 file server, an RoDC and a bunch of workstations. The workstations have no connectivity to any RWDC, however the File Server and RODC do have and should always have connectivity as these are dependent on a local connection through a firewall and do not require a VPN or WAN link to be available. Replication is working between my RWDC and the RoDC (confirmed by DNS updates and AD Group Changes are successfully replicated). However, I am still unable to log in to a workstation on the same network as the RoDC. Here are the facts that I know: * On the workstation, Network Location Service is not detecting the Domain (Sets network to Private) * Appropriate users and workstations have been added to the Password Replication Policy (though as I understand it this should not be required as the RODC has connectivity to the RWDC) * Appropriate users and workstations have been "pre-populated" * RODC is a Global Catalog * IP Address for the workstation is issued via DHCP on the File Server, with DNS entry pointing to the RODC. I don't understand why this is not working. Am I missing something?SolvedLogon Failure from 127.0.0.1 via MSExchangeFrontEndTransport.exe
I am getting a lot (thousands per day) of logon failures due to unknown username or bad password on my Exchange Server. The failures in question will be due to invalid account names as the accounts reporting the failures do not exist on my network (though they may have at some point in the past). The caller process is SExchangeFrontEndTransport and the source IP Address is 127.0.0.1. I had previously written this off as someone trying to hack into a previously valid mailbox, or an ex employee who still has a device attempting to retrieve e-mail. However, I decided to dig into this a little more and found that the source IP address is 127.0.0.1 and now I am concerned. My Environment is a single Exchange Server running in Hybrid mode. The Exchange Server has been rebuilt from scratch and this was occurring before and after the server was rebuilt. Any ideas what may be causing this or how I can track it down? Is it likely that there is something stuck in my AD environment that will need to be cleaned up through ADSI edit?3.7KViews0likes0CommentsEWS Not working
Hello, I have an issue on my freshly built Exchange Server (due to an issue the server was wiped clean and rebuilt with the setup.exe /m:recover option). I am getting multiple times a second the following exception: Exception: System.ServiceModel.ServiceActivationException: The service '/EWS/Exchange.asmx' cannot be activated due to an exception during compilation. The exception message is: Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https] I've been searching for a solution for 2 solid days and cannot find one. Is anyone able to point me in the right direction? Thanks1.3KViews0likes2Commentsis the Microsoft Remote Connectivity Analyzer broken?
I am having issues configuring my autodiscover configuration after an exchange server rebuild (Single exchange server which failed and had to be rebuilt using the setup.exe /m:recover option) and it's not working. I go across the the normally faithful connectivity analyzer and I get the following results: Testing TCP port 443 on host <correct DNS for autodiscover> to ensure it's listening and open. The port was opened successfully. Testing the SSL certificate to make sure it's valid.The SSL certificate failed one or more certificate validation checks. Test Steps The Microsoft Connectivity Analyzer is probing the TCP endpoint <correct IP address> on port 443 to detect which SSL/TLS protocols and cipher suites are enabled. We were able to detect the enabled protocols and cipher suites. Additional Details Checking that your server supports modern TLS protocols and cipher suites. Your server supports modern TLS protocols and cipher suites; it should be compatible with Microsoft 365 services. The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server <correct DNS name for autodiscover> on port 443.The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate. Additional Details The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation. Clearly its not a network error. So there is something wrong with my certificate? What could be wrong? It is a GoDaddy SAN cert.11KViews0likes17CommentsRemove Auditing from exchange mailbox
I am trying to move an account from Exchange On-Prem to Exchange Online. The migration failed to complete because there were too many items in a single folder. I checked the ItemsInFolder for the affected user and found the "AUDITS" folder has over 3 million items in it. I want to remove the items from the mailbox, and then restart the Auditing when the mailbox is in Office 365. I disabled auditing on the mailbox using the powershell command "get-mailbox <user> | set-mailbox -AuditEnabled $false". This does not remove the folder, and the Items in the folder continued to increase. I set the time to keep audit items to 0 by "Get-Mailbox <user> | set-mailbox -AuditLogAgeLimit 0". After issuing this command I got a warning telling me that it will immediately delete all audit logs. GREAT! That's what I want, but no, it doesn't delete the audit logs, and they continue to grow. How can I delete this folder or the contents of this folder? I seem to be going in circles.1.6KViews0likes1CommentTeams in Kiosk on Android doesn't allow menu in calls
I have configured an Android device (Samsung) in Kiosk mode to run only Teams. It seems to work well EXCEPT when in a call you cannot tap the ellipse (...) to transfer the call to another user. It works when you first start the phone from shutdown or after a restart, but stops working after an hour or so. Anyone come across this? Have I set to many restrictions on the device?1.4KViews1like0CommentsTracing the source of password failures
Hello, I have a single Hybrid Exchange 2016 set up with ADFS 2016 protecting it with Azure MFA. I have a user account who is continuously getting locked out of their account due to password failures from the Exchange server (DC is reporting the source of the failure as the Exchange Server). I am trying to track down the source of the password failure, but I cannot find the IP address. What logs do I need to be looking at on what server that will give me the IP address? Also, The password failures are not showing up as ADFS failures, I am thinking it is probably an activesync connection causing the problem. Thanks560Views0likes0Comments
Recent Blog Articles
No content to show