Test DMARC record for a domain
article #1086, updated 24 hours ago

A free tool:

https://www.dmarcanalyzer.com/dmarc/dmarc-record-check/

Categories:   Email   DNS

==============

Mount NFS Shares in Linux
article #1045, updated 4 days ago

So you have an NFS server share known to be working, and you want to mount its share(s) on your Linux client machine. Here’s a summary. We’re using NFS4.

  1. So we start out thinking that we have an NFS server 10.11.11.10. We verify it’s ready for connection, if we run this command from the client:
    showmount -e 10.11.11.10
    and receive one or more NFS folder shares, e.g.:
    /Media 10.11.11.0/255.255.255.0
  2. We need a place to mount the share on this machine. So:
    mkdir /Media
  3. Next we try it manually:
    mount -t nfs 10.11.11.10:/Media /Media
  1. Now let’s make sure all of our NFS4-related services are enabled and running on the client.
sudo systemctl enable nfslockd.service
sudo systemctl start nfslockd.service
sudo systemctl enable nfs-idmapd.service
sudo systemctl start nfs-idmapd.service
  1. We now make sure that permissions allow users of the client read/write access to the share. There are two problems here. The first is to make the shared folder and all contents read/writable by all designated users. The second is to make this happen across systems, i.e., from server to clients.

So first we set the shared folder and all contents chmoded g+rwXs, chgrped to a sharing-designated group, on the server side. We then create a new user group on both server and clients, perhaps named “sharedfiles”, add all selected users to that group on clients and server, make sure the GID is the same for the group name on all of the machines, and then reboot them all.

The GID is a numerical indicator for the group, which is more important to the local OS than the name of it. As part of the above we do need to make sure the GID is the same for our new user group, across all machines, or else the OSes will not recognize the equivalency. On each of them then, after the group is created, we do this:

groupmod -g 20000 sharedfiles

A list of current groups and GIDs is available here:

cat /etc/group

You’ll notice that 20000 places the new group long after all of the others in general. This is intentional, to avoid conflict with existing configurations.

  1. Then we set up automount. We do this by adding the following line to the end of /etc/fstab:
10.11.11.10:/Media /Media nfs noauto,x-systemd.automount,intr,rsize=4194304,wsize=4194304,x-systemd.device-timeout=10,timeo=14,x-systemd.idle-timeout=1min 0 0

Items:

  • NFS by itself is normally a very strong connection at a very low level, which means that unless an NFS mount is handled with care by other facilities, a client machine can freeze up very hard if its server becomes unreachable, rather different than SMB on Windows. There are at least three different methods to do this well. The above uses a facility within systemd, which this author found much easier to handle than the other two he found. If your Linux system does not use systemd, you should use one of the others, e.g., autofs, which is a layer unto itself.
  • The option “intr” is instead of “hard” or “soft”. It makes NFS transactions explicitly interruptible, which helps prevent corruption if the server goes down.
  • rsize and wsize can vary a lot. The number is in bytes. The above is a recent report on gigabit; if you’re on a lower-speed network you should use a correspondingly full order of magnitude smaller pair of numbers, e.g., the commonly reported rsize=8192,wsize8192.

Categories:   LAN Networking   Linux OS-level Issues

==============

Symbolic Links (symlinks) in Windows
article #371, updated 5 days ago

In Vista or Windows 7, there is a built-in command, “MKLINK”. Here’s a good reference, suggested by Matt Quick:

http://www.howtogeek.com/howto/windows-vista/using-symlinks-in-windows-vista/

For a long while they were called “junctions”. In Server 2000, Server 2003, or XP, you’ll need this:

http://technet.microsoft.com/en-us/sysinternals/bb896768

The syntax is a bit different for each. And Windows does not support these “junctions” to directories on remote shares. But this can help a lot, for instance, when moving something like a profile folder from local drive to local drive. They are set up at the NTFS filesystem level, just like Unix/Linux.

A great example of usage, is moving a profile folder. It works like this:

  1. Create a new user, local if it’s not a DC.
  2. Reboot the server/PC, to unlock profile files and folders.
  3. Log in as the new user.
  4. Create a new folder for the profile to be moved.
  5. Robocopy the old profile folder’s contents to the new. Make sure you get everything hidden!
  6. Rename the old folder as backup, and create a junction from the new folder to the old folder’s container.
  7. Log in as the new user and test.

Categories:   Tools   Windows OS-Level Issues

==============

Browse shadow copies (VSS)!
article #747, updated 5 days ago

From the amazing Matt Quick:

http://www.shadowexplorer.com/

Categories:   VSS   Tools

==============

Use any Windows key with your Windows 7 ISO
article #768, updated 5 days ago

From the amazing Matt Quick. The “eicfg removal utility” here:

http://code.kliu.org/misc/winisoutils/

will take a Windows 7 ISO of any version, and convert it into one which will install whichever version is appropriate for your OS key. Detailed instructions are here:

https://mattthequick.wordpress.com/2015/01/13/create-all-in-one-windows-7-install-media-by-removing-ei-cfg/

Categories:   Windows OS-Level Issues   

==============

Automatically backup PSTs
article #772, updated 5 days ago

From the amazing Matt Quick:

https://mattthequick.wordpress.com/2015/01/15/how-to-automatically-back-up-your-pst-in-outlook/

Automatic PST backups for Outlook versions 2002, 2003, 2007:

http://www.microsoft.com/en-us/download/details.aspx?id=9003

Can be made to work with Outlook 2010:

http://support.microsoft.com/kb/2030523/en-us

And something new for Outlook 2013:

http://outlookbackupaddin.codeplex.com/

Categories:   Outlook   

==============

Connect to Office 365 via PowerShell
article #804, updated 5 days ago

Contributed by the excellent Matt Quick:

https://mattthequick.wordpress.com/2015/11/25/connect-to-office-365-via-powershell/

Categories:   Exchange and Exchange Online   Office 365

==============

Outlook Autodiscover After Migrating To Office 365 / Exchange Online
article #839, updated 5 days ago

After migrating all email accounts from an on-premises Exchange 2008 or later server to Exchange Online, there remains the problem of what to do about new Outlook profile creation. Outlook will still look for the old server name, and especially if you want to keep the old server alive for a while, you will have significant problems getting Outlook 2013 to do anything with Exchange Online. Here is what the extraordinary Matt Quick and I did recently with beautiful results.

For the sake of this discussion, “localdomain.local” is the LAN-local AD-enabled domain, and “publicdomain.pub” is the Internet domain. The on-prem Exchange originally had local DNS name “exchange.localdomain.local” and Internet DNS name “exchange.publicdomain.pub”.

  1. Migrated all mailboxes from on-premises Exchange 2010 to Exchange Online. Dirsync was used for initial account setup, then turned off for the actual copyover process which was done with MessageOps.
  2. In Exchange Management Shell, ran Get-ClientAccessServer to get the canonical name of on-prem Exchange (we’ll say it was EXCHANGENAME), and then Set-ClientAccessServer -Identity EXCHANGENAME -AutoDiscoverServiceInternalUri $NULL (replacing EXCHANGENAME with the actual name) to nullify as many defaults as possible.
  3. Set autodiscover.localdomain.local as a CNAME to autodiscover.outlook.com.
  4. Set autodiscover.publicdomain.pub as a CNAME to autodiscover.outlook.com in Internet DNS. This LAN has a local copy of publicdomain.pub in its domain controllers, so copied this record to the local server as well.
  5. Unregistered the NIC for the on-premises Exchange server in DNS. The checkboxes are in the DNS tabs of both TCP/IPv4 and TCP/IPv6, within the Advanced area of the NIC. This is done so that DNS changes which are next, will not be undone automatically.
  6. Removed DNS A records exchange.localdomain.local and exchange.publicdomain.pub from local and Internet DNS respectively.
  7. Added DNS CNAME records exchange.localdomain.local and exchange.publicdomain.pub, both pointing to outlook.office365.com, to local and Internet DNS as appropriate.
  8. Set up oldexchange.localdomain.local and oldexchange.publicdomain.pub as A records pointing to the IP being used by the on-premises Exchange, to local and Internet DNS as appropriate, for archival uses and until we are ready to decommission the on-prem Exchange altogether.

Categories:   Exchange and Exchange Online   Office 365

==============

Installing the GUI onto Windows Server 2012 Core
article #853, updated 5 days ago

The indefatigable Matt Quick provides thus:

http://prajwaldesai.com/switching-between-gui-and-server-core-in-windows-server-2012/

Categories:   Servers   Windows OS-Level Issues

==============

Bluescreen at boot with win32k.sys error
article #1022, updated 5 days ago

If Windows 7 won’t boot all the way, if it gives a bluescreen involving win32k.sys, it may be a bad update. Boot into startup repair and rename FNTCACHE.DAT in system32 to .OLD. That forces Windows to make a new one and boot will occur next time.

Courtesy of the excellent Matt Quick.

Categories:   Windows OS-Level Issues