Juniper JUNOS software installation

If you want to update your juniper SRX/EX equipment the easiest way to do it is to copy the new software to a usb key and insert it in your firewall or switch.

You can create a snapshot of the current Junos and configuration using this cmd:

request system snapshot media usb

After you insert the USB key, you will see that the USB is automatically recognised. It is however not automatically mapped and you have to do it manually (first open the shell with: start shell):

mkdir /tmp/usb
mount -t msdosfs /dev/da0s1 /tmp/usb

You can find the device number (in this case da0 as soon as you insert the USB drive or by going into the shell and executing: ls /dev).

After the USB is mounted, you can issue your command:

request system software add /tmp/usb/name_of_the_software no-validate no-copy

After the installation first you have to reboot the equipment:

request system reboot

And if everything goes to plan, you can also copy it to the alternate slice:

request system snapshot slice alternate

Posted in Juniper | Tagged , , , | Leave a comment

Attachment cannot be opened in Outlook web App but can be accessed using Outlook

The new security feature of Office365 is blocking access to .xml files when you try to view the e-mail message in Outlook web App. In the meantime you can see the attachment and download it using your Outlook client.

You can change the settings for which type are allowed/blocked using powershell cmdlets:

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedFileTypes @{Remove = ".xml"}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AllowedFileTypes @{Add = ".xml"}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -BlockedMimeTypes @{Remove = "text/xml", "application/xml”}
Get-OwaMailboxPolicy | Set-OwaMailboxPolicy –AllowedMimeTypes @{Add = "text/xml", "application/xml”} 

Posted in Exchange Hybrid, Office 365 | Tagged , , , | Leave a comment

How to find users with specific Office365 license

Ever wondered how can you find the users that have some untypical Office 365 licenses? Last week i had to find all the users that have the Dynamics 365 for Talent license (part of the Dynamics 365 portfolio of licenses).

The Users or the Active Users search on the portal was not a huge help so I had to use powershell to get the desired info.

First you will have to connect to your Office365 via powershell:

Connect-MsolService

Enter your username and password. After you connect, you can see all the licenses for your tenant using this cmdlet:

Get-MsolAccountSku

If you are searching for a specific license (for instance the Dynamic 365 for Talent) you can use the following cmdlet:

Get-MsolUser -all | Where-Object {($_.licenses).AccountSkuId -match "HCM_Trial"}

It will show all the users that have this license assigned.

Posted in Office 365 | Tagged , , | Leave a comment

How to change product key and activate Windows Server 2019

The new Windows Server 2019 has been already made available by Microsoft and the first problem i encountered was rather strange. When you attempt to change the product key for your Windows Server 2019 GUI version you will get the frustrating message that the key is not for the version of Windows Server you installed.

You can always change the product key using the slmgr.vbs script.

slmgr.vbs /ipk #####-#####-#####-#####-#####
slmgr.vbs /ato
Posted in Windows Server 2019 | Tagged | Leave a comment

Exchange mailboxes and AutoMapping

When you are trying to enable/disable the AutoMapping feature on a user or a shared mailbox you can always use the Exchange management shell cmdlet:

Add-MailboxPermission

The correct syntax would be something like this:

Add-MailboxPermission -Identity User1 -User User2 -AccessRights FullAccess -InheritanceType All -AutoMapping $false

The AutoMapping feature is stored in AD under the attribute msExchDelegateListLink. You can find all the AD user accounts that have AutoMapping enabled by checking the msExchDelegateListLink attribute.

In the rare case where you cannot seem to disable the AutoMapping using the Add-MailboxPermission cmdlet you can always delete the user account from the msExchDelegateListLink attribute.

If you just want to list the users that have the AutoMapping feature enabled for a certain mailbox, you can use this AD powershell cmdlet:

Get-ADUser "User1" -Properties msExchDelegateListLink | Select Name, msExchDelegateListLink
Posted in Exchange Hybrid, Exchange Server 2013, Exchange Server 2016, Exchange Server 2019, Office 365 | Tagged , , | Leave a comment

So SharePoint thinks my file is checked out!

Recently I had an issue with a word document that was marked as checked out in SharePoint 2013 but there was no checked out icon nor I could check in the file. At first I taught I could use the Discard Check out button in the Office ribbon in the FILES section. The button was greyed out and i wasn’t able to edit the file. Every time i would press Check Out, there will be an error popping up saying that the file was locked for editing and checked out for another user. I contacted the user and asked him to login inside and check if he was able to Check In the file. Unfortunately he was also unable to Check In the file. He also got the same error saying that the file was Checked Out by him.

So what to do?

As always there is a solution but we have to use powershell and open the webpage using powershell in the context of the user and use the ReleaseLock cmdlet.

First we have to get the UserID for the user that holds the file:

$myWeb = Get-SPWeb http://thenameofyoursite

$myFile = $myWeb.GetFile(“the path to your document”)

$myUserID = $myFile.LockedByUser.ID

$myUser = $myWeb.AllUsers.GetByID($myUserID)

 

Now that we have the user ID, we can open the site in the context of this user and do the ReleaseLock:

$impSite = New-Object Microsoft.SharePoint.SPSite($myWeb.Url, $myUser.UserToken)

$impWeb = $impSite.OpenWeb()

$fileURL = “the path to your document”

$impFile = $impWeb.GetFile($fileURL)

$impFile.ReleaseLock($myFile.LockId)

 

That is it. The file should be released and it can be accessed by other users.

 

Posted in SharePoint 2010, SharePoint 2013, SharePoint 2016 | Tagged , , , , | Leave a comment

SharePoint list with fixed/freezed header

A customer asked if SharePoint has an option to fix/freeze the header with the columns names when you have a really large list. I didn’t know the answer so I told them that I will try and solve the problem for them. The problem is a pretty common one, the SharePoint list can always be opened in Excel and there you can easily fix the header. But what about the SharePoint view for this list.

I came across this  solution called STICKIHEADERS for SharePoint. You can find it here: http://spoodoo.com/products/stickyheaders-for-sharepoint/

So how can we implement it? If you want it only for a single list, you can follow my instructions here. You will first need to download this files:

  1. the stickiheader JQuery solution: you can find it here
  2. the jquery.min.js soluton: you can find it here

You can upload both files to your Site Assets library on your SharePoint Page. Open your site, go to Site Contents and than go to Site Assets. Click on the Files tab and choose Upload Document. Choose both documents and wait for them to upload to your SharePoint library.

After you finish with the upload, you can browse to your list. Click Edit Page and click on Add web part. Choose Media and Content and from the web parts choose Script Editor.

The Script Editor will be added to your site and you can click Edit Snippet on the right.

Paste the following text inside the Edit Snippet windows:

<script src=”http://your_sharepoint_site_link/SiteAssets/jquery.min.js”></script>
<script type=”text/javascript” src=”http://your_sharepoint_site_link/SiteAssets/StickyHeaders_3.1.1.js”></script>

Click Insert and after that click on Stop Editing your page.

After you click it you can try and scroll your list and see that the header is now flowing just as you browse.

 

 

Posted in SharePoint 2010, SharePoint 2013, SharePoint 2016 | Tagged , , , , | 2 Comments

Free/Busy Information not working in an Exchange hybrid environment

After configuring our hybrid environment and moving a couple of test mailboxes to the Cloud, I found out that none of our migrated mailboxes can see the Free/Busy information for people that have mailboxes on-prem. This is a tricky problem since the Free/Busy information works for both: users that have mailboxes on-prem and when a user that has mailbox on-prem tries to access a Calendar in Outlook for a user that has a mailbox in the Cloud. I’ve tried to solve this problem using Google since this is a very common problem. I’ve even checked Microsoft article https://support.microsoft.com/en-us/help/2555008/how-to-troubleshoot-free-busy-issues-in-a-hybrid-deployment-of-on-premises-exchange-server-and-exchange-online-in-office-365 and made sure that everything works. The funny thing was that even though Outlook had problems retrieving the Free/Busy information, every time I tried the Exchange Connectivity test from the Office365 tab that you can find here https://testconnectivity.microsoft.com/ I received a successful attempt and I could see the appointments for the on-prem user. I’ve also tried the Outlook autodiscover test from the Exchange server tab and this test also completed successfully.

We have a pretty complex Exchange environment. We have 4 Exchange servers on 3 locations. Three of the servers form a DAG where we have 10 Exchange Databases. Three of the servers are also part of an CAS array. All our Exchange servers are Exchange 2010 with SP3 and the latest CU installed. I’ve configured the Hybrid environment using Microsoft’s hybrid configuration wizard and it also completed without reporting any errors. I’ve enabled the hybrid configuration only for two domains from the 10 that are accepted on our Exchange servers. Both domains are of course federated with Office365.

I’ve actually opened a case with Microsoft Support about this problem and they provided an online troubleshooter for this problem. You can find it here:  https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment

I’ve started the troubleshooter and choose the problem I had: My Cloud user can’t see free/busy for an on-premises user.

 

We tested the free/busy information on-prem and decided it works.

 

We also verified that the autodiscover is resolving to our on-prem Exchange CAS server. Just to be safe we verified using both methods.

We connected to Exchange Online (you can find the guide here: https://technet.microsoft.com/library/jj984289(v=exchg.160).aspx) and tested the Organization Relationship. There was no need to change everything since everything was set up correctly.

The next steps should be done on all Exchange Servers that are members of the CAS array.

 

We checked the IIS logs on both CAS servers and searched for the autodiscover part and didn’t find any errors.

We also checked the IIS logs for exchange.asmx/wssecurity.

We’ve checked the EWS external URL and it was already setup correctly and accessible from the internet.

WSSecurity was enabled on our Autodiscover directory and on our EWS directory.

We’ve checked the Handler Mappings on our EWS directory in IIS on all of our CAS servers and svc-Integrated was not missing.

The solution for our problem was on Step 10. We checked all CAS members for the svc-Integrated handler mapping for the Autodiscover endpoint and on one of them a lot of the handler mappings were missing. There is a link in the troubleshooter for resolving this error by doing a re-register of the dlls for .NET 3.0, but we chose a different method. We knew that there is nothing wrong with our other endpoints so we decided to re-create the Autodiscover endpoint on the server that had a problem.

  1. First we made a backup of the settings for this endpoint using this powershell cmdlet:
    Get-AutodiscoverVirtualDirectory -Identity “<name_of_your_exchange_server>\Autodiscover (Default Web Site)” | FL
    The parameters you need to write down are: BasicAuthentication, WindowsAuthentication, WSSecurityAuthentication, Path, InternalUrl, ExternalUrl and WebSiteName
  2. After that we removed the virtual directory using this powershell cmdlet:
    Remove-AutodiscoverVirtualDirectory -Identity “<name_of_your_exchange_server>\Autodiscover (Default Web Site)” -DomainController <name_of_your_domain_controller>
  3. To create the virtual directory you can use this powershell cmdlet:
    New-AutodiscoverVirtualDirectory -BasicAuthentication $true -WindowsAuthentication $true -WSSecurityAuthentication $true -Path “the_path_to_your_Exchange_Autodiscover_folder_on_your_disk” -InternalUrl “the_url_for_your_autodiscover_service_that_is_reachable_internally” -ExternalUrl “the_url_for_your_autodiscover_service_that_is_reachable_externally” -WebSiteName “Default Web Site” -DomainController <name_of_your_domain_controller>
  4. Do an iisreset on the server you just created the Autodiscover virtual directory.

After we recreated the virtual directory we tried to access the Free/Busy Information from a cloud mailbox for a user that is on-prem and immediately got a success and were able to see the info.

I didn’t reach the end of the troubleshooter since this was my problem but if nothing of the above solves your problem you can try to reach the end of the troubleshooter.

Some of the blogs I’ve found on the internet suggest you do a IIS reset on all your CAS servers but unfortunately that didn’t do the trick for me.

 

 

Posted in Exchange Hybrid, Exchange Server 2007, Exchange Server 2010, Exchange Server 2013, Office 365 | Tagged , , , , , | Leave a comment

Direct Access not working “IPv6 is disabled. Contact your admin for help”

A strange problem started to show up with certain Windows 8 and Windows 8.1 client computers using Direct Access for HQ connection. The client computer is trying to connect through the Direct Access tunnel and the error it shows when you click on the Direct Access connection name is “IPv6 is disabled. Contact your admin for help”. We have not made any changes to the clients IPv6 settings nor have changed any of the Group Policy Objects concerning Direct Access.

After some digging I found out that the IPv6 protocol on the client computer has been Disabled using the registry. You can check it by opening the registry editor and going to the hive:

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters

There should be a DWORD key with the name DisabledComponents that has a value different from 0x00000000 (in my case the value of 0x0000008e was added).

All you have to do is either delete this key or set it to 0x00000000 and restart the computer.

regHive

After I set it to 0 and restarted the computer the Direct Access connection started working again.

 

 

 

Posted in Direct Access, Windows 8, Windows 8.1, Windows Server 2012 | Tagged , , , , , , , | 12 Comments

Juniper SRX “Your session has expired” no matter where or what you click

When you log in your Juniper SRX device using the web interface you may experience a strange problem where whatever or wherever you click you get a popup saying “Your Session has expired. Click OK to redirect to login page”.

The problem is that the SRX has no more free space to create new web pages so it just says Your session has expired.

 

When you check the storage of the device you can see a very strange thing of  Available memory being overused (-25.6 MB in my case and capacity of 108%).

You can check the available storage using this command:

show system storage

To solve the problem you will have to do a system storage clean-up using this command:

request system storage clean-up

It will list a bunch of files that you probably don’t need.

After that the web console or the JWeb interface is working again.

storageJuniper

 

Posted in Juniper | Tagged , , , , , | Leave a comment