Thursday, December 20, 2007

VMware: VMware ESX Tools




MS: Exchange 2007 Guides

Exchange Server 2007 Design and Architecture at Microsoft

How the Microsoft Information Technology organization designed the corporate Exchange Server 2007 environment Technical White Paper.

Managing the Calendaring and Collaboration Process By Using Exchange Server 2007 Web Services

Microsoft is using Exchange Server 2007 Web Services to support communication and collaboration for two of its own internal applications. This case study provides a technical-level overview of how Microsoft developers are using Exchange Server 2007 Web Services.

Daily Operations with Exchange 2007

Operating a Global Messaging Environment by Using Exchange Server 2007 Technical White Paper

Exchange Server 2007 Deployment Checklist

This technical white paper discusses the deployment checklists that the Exchange Messaging team created based on the Exchange Server 2007 architecture and design specifications for the corporate production environment.

MS: Optimizing Outlook 2007 Cache Mode Performance for a Very Large Mailbox

How to optimize Outlook 2007 Cache Mode Performance for a Very Large Mailbox in a Exchange Server

Post Number 300!

This is my post number 300 of Enterprise Architectures and my first post in this blog posted in the United States.

I moved to the Bethesda, Maryland, United States, and left Madrid, Spain.

As soon my container arrive home and cable modem is ready, I will continue with this blog.

Thursday, September 27, 2007

CTX: Enable USB Memory Stick on Citrix Presentation Server

When connecting a USB memory stick to a system prior to starting an ICA session, the drive is not mapped in the ICA session.

The USB memory stick is detected as a Device with Removable Storage rather than a local hard disk device.

Refer to the following note:

Thursday, September 20, 2007

SCRIPT: Reset Permissions on a Folder

First you will need to download xcacls.exe from Microsoft.

Then you will to run this command:

xcacls "D:\DATA" /t /g "CREATOR OWNER":F "SYSTEM":F "Domain Admins":F "Domain Users":C

This example will reset all permissions on the D:\DATA folder and assign Full Permissions(F) to CREATOR OWNER, SYSTEM and Domain Admins and Change Permissions(C) to Domain Users.

Tuesday, September 04, 2007

MS: SMS 2003 Technical Notes

SMS 2003 Home Page

Systems Management Server 2003 Concepts, Planning, and Deployment Guide

Systems Management Server 2003 Operations Guide

Systems Management Server 2003 Troubleshooting Flowcharts

SMS 2003 Capacity Planner

Scenarios and Procedures for Microsoft Systems Management Server 2003: Planning and Deployment

Scenarios and Procedures for Systems Management Server 2003: Planning and Deployment

Systems Management Server 2003 Product Documentation

How to troubleshoot Advanced Client Push Installation issues in Systems Management Server 2003

Status message 4909, 4912, 4913, or 4915, or error code 8202 after you install Systems Management Server 2003

How to Verify Site Information is Published to Active Directory Domain Services

Active Directory Schema Modification and Publishing for Systems Management Server 2003

Deploying Custom Software Updates with SMS 2003 R2

SMS 2003 Clients Frequently Asked Questions

How to remove a Systems Management Server 2003 client

An advertisement may not run on remote roaming Advanced Clients after you configure the advertisement to run from a remote distribution point in SMS 2003

An SMS 2003 Advanced Client cannot locate a distribution point

A list of log files that are created in Systems Management Server 2003

How to troubleshoot problems that occur when you use SMS 2.0 or SMS 2003 to advertise programs to SMS clients

The Quick and Cheap Steps to Perform a Lab Installation of SMS 2003 Using Evaluation Code

Thursday, August 30, 2007

MS: Ports That SMS 2003 Uses To Communicate Through A Firewall

This article lists the ports that Microsoft Systems Management Server (SMS) 2003 uses to communicate through a firewall or through a proxy server.

Wednesday, August 22, 2007

MS: SQL Server Login Failed for SMS 2003 Secondary Site server account

Error Message:

Event Type: Failure
AuditEvent Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date: 22/08/2007
Time: 13:18:24
Computer: GMPIL-SMS1
Description:Login failed for user 'SMSDEMO\GMPIL-SMS2$'. [CLIENT:]

MSSQLSERVER 18456 Login failed for user SMS 2003


Add the computer account of the Secondary Site server to the SMS_SiteSystemToSQLConnection_ local group on the Primary Site server.
This allows the Secondary Site server to access the Primary Site server's SQL database.

Tuesday, July 31, 2007

MS: Loading Unsigned Drivers in Windows Vista

Atsiv is a command line tool that allows the user to load and unload signed or unsigned drivers on 32 and 64 bit versions of Windows XP, Windows 2003 and Windows Vista. Atsiv is designed to provide compatibility for legacy drivers and to allow the hobbyist community to run unsigned drivers without rebooting with special boot options or denial of service under Vista.

Thursday, July 26, 2007

MS: How To Obtain The Latest Update Rollup for Exchange 2007

This article describes how to obtain the latest update rollup for Microsoft Exchange Server 2007. Update rollups are a common way to distribute Exchange 2007 fixes (Hotfix) and Exchange 2007 modifications. You can install the latest update rollup to help keep the product up to date.

Monday, July 23, 2007

MS: How to Perform an Unattended Install of Windows XP

This document explain how to Perform an Unattended Install of Windows XP

  • How to perform an unattended install of Windows XP
  • Create a Basic Unattended CD Step by Step
  • Create an Advanced Unattended CD Step by Step
  • OEM Distribution Folders
  • Add drivers to unattended setup
  • The WINNT.SIF file for advanced unattended CD
  • Install applications using the unattended setup
  • Remove folders to save CD space
  • WINNT.SIF Extra Switches
Download the document in PDF format here

VMware: How to install Microsoft Windows 2008 Core on VMware Server

How to install Microsoft Windows 2008 Core (Beta 3) on VMware Server

This document explain how to install Windows 2008 Core (Beta 3) on VMware Server.

  • Create a Virtual Machine for Windows 2008 Core
  • Install VMware Tools
  • Set or change the administrative password
  • Change the screen resolution
  • Configure the network card (IP Address, DNS, WINS, Firewall)
  • Rename the server
  • Join the machine a domain / Workgroup
  • Remove the server from the domain
  • Restart the computer
  • Remote Desktop
  • Windows Update
  • System Properties
  • Configure Pagefile
  • Hotfix Management
  • Applications Management
  • Drivers Management
  • Activate the server
  • Services and Process Management
Download the document in PDF format here

Friday, July 20, 2007

VMware: Change the Screen Resolution on Windows 2008 Core (on VMware Server)

To change the screen resolution on a Windows 2008 Core you have two choices:

1) Run regedit.exe on another computer to remotely access the registry on the Server Core.

2) Change manually.

The registry key with the resolution information is:


Under this key will be a list of GUIDs and you will need to determine which one corresponds to your video card/driver. Under the GUID, you can set:


For example: To change the resolution on a VMware Server, search for "Device Description"="VMware SVGA II"

To manually change resolution on a Windows 2008 Core server on the Command Prompt type:

reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video /s video.reg

Then you will need to edit the video.reg, change the resolution (The values are on Hex), remove the rest of info and save the file.

This an example from VMware Server machine at 800x600:

---- Start Video800.reg ----
Windows Registry Editor Version 5.00



---- End Video800.reg ----

Finally at the command prompt type:

REG IMPORT Video800.reg

MS: Insufficient System Resources Exist to Complete the API Error

The computer occasionally does not hibernate and you receive an "Insufficient System Resources Exist to Complete the API" error message in Windows XP with Service Pack 2, in Windows XP Tablet PC Edition 2005, or in Windows XP Media Center Edition 2005

When you experience this problem, the hibernate feature is not available on the computer until you restart the computer.

This problem typically occurs when the computer uses 1 gigabyte (GB) or more of RAM.

Thursday, July 19, 2007

MS: Windows 2003 SP2 SLP and Exchange Problems

Windows 2003 SP2 Scalable Networking pack and its possible effects on Exchange

MS: SMS 2003 Product Documentation

Systems Management Server 2003 Product Documentation

Systems Management Server 2003 Concepts, Planning, and Deployment Guide

Systems Management Server 2003 Operations Guide

MS: Unattended Install DOSHERE.INF

To unattended install the nice tool from PowerToys DOSHERE.INF you will need to create a new registry file and run using REGEDIT /S DOSHERE.REG

--- Start DOSHERE.REG file ---

[HKEY_CLASSES_ROOT\Drive\Shell\cmd]@="Command Prompt Here"
[HKEY_CLASSES_ROOT\Drive\Shell\cmd\command]@="cmd.exe /k \"cd %L\""
[HKEY_CLASSES_ROOT\Directory\Shell\cmd]@="Command Prompt Here"
[HKEY_CLASSES_ROOT\Directory\Shell\cmd\command]@="cmd.exe /k \"cd %L\""

--- End DOSHERE.REG file ---

MS: Third-Party Solutions for SMS

Web Sites:

MyITForum is the premier online destination for IT professionals responsible for managing their corporations’ Microsoft Windows systems; it is especially useful for IT professionals working with Microsoft Systems Management Server. (

FAQshop endeavors to provide a “one-stop-shop” for systems management questions, answers, and utilities. (

SMS Alliance is a consortium of companies that leverage joint resources to strengthen the capabilities and benefits of SMS. Their mission is to provide organizations with the best-of-breed solutions and services to enhance and extend SMS 2003. (

1E is one of the founding members of the SMS Alliance, 1E is a company on the cutting edge of systems management. It enhances and extends Microsoft management and deployment technologies, delivering advanced automation and reporting across the enterprise. (

Macrovision Corporation, another founding member of the SMS Alliance, Macrovision Corporation is a recognized leader in software deployment packaging, software installation, and software updating solutions. They offer one of the best software packaging tools with AdminStudio.

PS’SOFT, as a founding member of the SMS Alliance, offers extenders for SMS 2003 that focus on IT asset management. They offer a web-based software cataloging system called SMS Software Requests. (

Vintela, another founding member of the SMS Alliance, Vintela offers a seamless solution to extend security and compliance of Microsoft Active Directory to Unix, Linux, and other platforms and applications. They offer solutions that help IT administrators manage Unix, Linux, and MAC systems using SMS 2003. Vintela is now part of Quest Software. (

iAnywhere, the last founding member of the SMS Alliance, iAnywhere offers frontline security and management to SMS and provides extensions to manage your enterprise’s mobile and wireless devices through SMS. (

AppDeploy is the Internet resource to go to when you need to script or repackage an application for distribution. Among other points of interest at the site is a massive library of applications, sorted by application name and vendor name. For each application listed, you’ll find a community-based thread discussing the best practices, links, scripts, and challenges met/overcome with working with the application in regard to installation scripting/repackaging.(

DesktopEngineer is perhaps one of the best resources in the Windows Installer arena. This site offers a wealth of information on Windows Installer technology, techniques, and troubleshooting tips. I have noticed that he is starting to increase the content related to Microsoft’s upcoming PowerShell scripting language. (


SMSView is a utility that is used to extend the functionality of the Microsoft Systems Management Server 2003 advanced client. SMSView allows you to perform the following actions on an SMS advanced client: All nonadmin users to view current mandatory assignments and advertisement status, View advertisement history (past 60 days), View current mandatory assignments, Rerun advertisements, Remote operations (remotely view and manage the SMS client), Display hardware/software inventory status, Display management point/proxy management point, Repair the SMS advanced client. (

SMS 2003 Monster MOF is a MOF file that contains several new classes of MOF that will improve SMShardware inventory capabilities. The Monster MOF will enhance inventory data without requiring intimate knowledge of the SMS_DEF.MOF file. (

SMS 2003 Web Remote Tools assist SMS administrators and allow client administration from a web page. (

Corey Becht’s Right-Click Tools is one of the best set of tools for all SMS administrators. This tool allows you to right click on any collection or individual PC within the SMS Administrator console and initiate hardware inventory, reassign the site code, restart the SMS Agent Host service, rerun advertisements without modifying the advertisement, perform discovery, initiate software inventory, create file collections, monitor software metering usage, refresh machine policies, evaluate policies, update Windows installer sources,change port number, and change cache size.These tools can run per computer resource or for all the members of a collection.(

Microsoft SMS Toolkit 2: Microsoft released a very nice set of tools for SMS called the SMS Toolkit version 2 . It contains the following tools: IIS Lockdown 2.1 Template, URLScan 2.5 Template, Policy Spy, SMS Trace, Advanced Client and Management Point Cleaner, Advanced Client Spy, Policy Verifier, Send Schedule, Management Point Spy, Set Preferred Distribution Point and CAP, Delete Certificate, Patch Management Evaluation, Delete Group Class, Transfer SMS ID, Package Loader, Management Point Troubleshooter, Client Site Assignment Verifier, Site Boundary Tool, Create Secondary Site Tool, Create SMS Address Tool.(

Security Logon Audit Tool (SLAT) extends SMS hardware inventory to include user logon information.This data can be used in web reports and queries. The tool includes the following samplereports: Top users for all systems, User logon information for a specific computer, Systems where the last logged-on user is not the top user, Systems where a specific user has logged on SLAT searches the security event log for the 528 event, which is created when user logon events occur and is enabled via Group Policy. (http://www.systemcentertools)

Enhanced System and User Discovery Tools, out of the box, SMS 2003 does a pretty good job of discovering systems from Active Directory. It’s not perfect, though—there are a few gaps in its methods. The Enhanced System Discovery tool, assists in filling these gaps. Out of the box, SMS 2003 does not perform Windows NT 4 domain discovery. This tool solves that by enumerating all machines from a list of NT 4 domains, resolving their IP addresses from DNS or WINS, and creating data discovery records for each system. (http://www.systemcentertools/)

BITS Bandwidth Manager is an SMS Installer script that lets you throttle BITS bandwidthon Windows XP SP2 systems. You do not need to manually adjust any settings. The script takes care of the Registry key manipulation for you.(

1E SMSWakeUp: this WOL product is able to turn on computers after they have been shut down by users. The wake cycle can be triggered on a regular schedule to power up systems in preparation for the workday, or to perform software deployment activities. (

1E NightWatchman: Since we are talking about waking systems that have been shut down, it maybe a good practice to examine how best to shut down those systems in the first place. Why dowe want to shut down systems? We do this to enforce reboot cycles and to save energy costs. (

1E SMSNomad Branch: Some offices may not have the server hardware to allow for a Distribution Point (DP). But those offices may have a substantial number of users and/or be separated from the rest of the network by a low-speed or saturated WAN link, which you would rather not send multiple copies of a package across. SMSNomad Branch acts similar to a peer-to-peer network, allowing other computers to become DPs. If one machine is shutdown, another is selected as the DP. Included in this technology is multicast, increasing its efficiency to reduce network traffic on the local network segment. (

1E OSD Plus Pack: This is an enhancement to the SMS OSD Feature Pack. It allows you to leverage the SMS OSD Feature Pack in offices that do not have DPs. OSD Plus Pack offers similar functionality to SMSNomad Branch, but also has a few other applications bundledwith it: State Migration Editor, which is an interface for the User State Migration Tool, AppMigrator, which allows the automatic reinstallation of applications after OS imaging, PXE Lite, which is a local PXE server to allow deployment of OS images to bare-metalmachines booted from the network PXE server. (

SMS Companion 2006: This product provides WOL capabilities, similar to 1E’s SMSWakeUp, but leverages slightly different technologies behind the scenes. A key difference is that SMS Companion puts systems in hibernation, rather than powering them off. The following are some of the key applications included with this product:Wake-on-Schedule: Allows clients to come out of a hibernation state. Service Windows: Allows you to restrict the SMS inventory and software distributions from happening during specific time periods, to reduce or eliminate user interruptions. Load Balancing: Allows you to reduce peak network and SMS server loading by making sure that the clients use these resources in a controlled manner. (

Quest Management Xtensions for SMS: Since Windows platforms are not the only systems in an enterprise, you may need a way tomanage other platforms, such as Unix, Linux, and Mac OS X. These management extensions offer that capability for SMS 2003. One of the unique aspects of this product is its support route: first-level support is handled by Microsoft Product Support Services. (

MS: Redirect Desktop or Favorites to a Different Disk or Folder

Sometimes you need to keep your desktop or your favorites in a different disk partition or folder, in my case for backup purposes.

You will need to modify two registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Saturday, July 14, 2007

VMware: Install Windows Vista x86 on ESX Server 3.0

1) Create a new VM with at least 512 MB of RAM and a 16 GB Hard Disk.
2) Copy the IMG/ISO of Windows Vista and the Floppy drive image to the ESX host using Veeam FastSCP, or insert the DVD and a Floppy with the driver into the ESX host.
3) Connect the IMG/ISO file to the Windows Vista VM. Make sure the "Connected" is selected.
4) Power on the Windows Vista VM.
5) Vista install starts and then stops at a point where it can't find the CD/DVD driver. A pop-up with "Load Driver" as the title appears indicating that a required device driver at this point.
6) Connect the Floppy drive image (and ensure "Connected" is selected).
7) After ESX has attached the floppy drive, click on "Rescan".
8) Continue the Setup of Windows Vista.
9) Remove the floppy image from the VM or uncheck "Connected".

Download the Floppy Image with the CD-ROM Driver from

Thursday, July 12, 2007

VMware: Veeam FastSCP for ESX Transfer Timeout

Cannot transfer or edit files on ESX. Transfer timeout. No data transferred in the last 20 seconds.
To fix this problem please check whether the EMC AAM Client is opened for outgoing connections. It should be open to get FastSCP 2.0 work.
(You can enable it through the VI client: Configuration->Security Profile->Properties)

VMware: Exchange Server 2003 Performance on VMware ESX Server 3

This paper discusses the performance and scalability of Microsoft Exchange Server 2003 when deployed within virtual machines running under VMware ESX Server 3.01.

Wednesday, July 11, 2007

VMware: VMware Converter Runtime Error

When you run the VMware Converter v3.0.1 you get this error:

Create the C:\TEMP directory, and then correct Enviroment Variables for the current username and System Variables (Control Panel, System, Advanced,Enviroment Variables)

Tuesday, July 10, 2007

VMware: SSH Access to ESX Server 3.0

Direct root user ssh connections are disabled by default in fresh installations of VMware ESX 3.0 (VI3). Two options:

1) The recommended way to access the system is to ssh to the server as a non-root user and then use the su command to switch to the root account; this leaves an audit trail for accountability purposes.

2) An alternative way to allow root access is to configure ssh to allow the root user to log in.

Edit the ssh configuration file:

* vi /etc/ssh/sshd_config
* Find PermitRootLogin and change to yes (use ESC, then Insert)
* Save the changes (ESC then :wq!)
* Restart the ssh daemon: service sshd restart

3) You can download Veeam RootAccess Wizard from
Veeam RootAccess Wizard helps you to enable or disable remote root access, or create a regular non-root user account. The newly created non-root user will belong to the default ‘users’ group and will be automatically granted remote ssh access. Su or sudo commands can then be used to elevate to the root account for privileged operations.

Thursday, July 05, 2007

Script: Detect VirusScan Installed in a Remote Machine

@echo off
rem * Change MachineName Here *
set machinename=

rem * Change UsernmeName Here *
set username=Administrator

rem * Change Password Here *
set Password=Passw0rd

net use \\%MachineName%\C$ %Password% /USER:%Username%
\\%machinename% query mcshield findstr /i "mcshield"
if not errorlevel 1 goto Installed

echo ** Virusscan NO installed **
goto VSEnd

echo ** Virusscan 8.0 installed **
Goto VSEnd


Remove HP Universal Print Monitor

To remove the HP Universal Print Monitor you'll want to go into the registry and delete the following entries:




You can delete this key using this command in a script:


Wednesday, July 04, 2007

MS: Exchange 2007 IMAP4 Client Access Configuration

1. Set MSExchangeIMAP4 service to automatic
Set-service msExchangeIMAP4 -startuptype automatic

2.Configure IP Address and Port for IMAP4

a.To set the IP address and port for communicating with Exchange using IMAP4 with SSL, run the following command:
Set-IMAPSettings -SSLBindings: IPaddress:Port

b.To set the IP address and port for communicating with Exchange using IMAP4 with no encryption or Transport Layer Security (TLS) encryption:
Set-IMAPSettings -UnencryptedOrTLSBindings IPaddress:Port

3.Configure IMAP4 Authentication - IMAP4 (143) /IMAP4 SSL (993)

a.If you will not be using TLS encryption and you want to allow Basic authentication on an unsecured port, run the following command:
Set-IMAPSettings -LoginType PlainTextLogin

b.If you will not be using TLS, but you want to restrict Basic authentication to use only secured ports, run the following command:
Set-IMAPSettings -LoginType PlainTextAuthentication

c.If you want to use TLS encryption before authentication, run the following command:
Set-IMAPSettings -LoginType SecureLogin

4.Enable IMAP4 Protocol for the User Mailbox (Enabled by default)
Set-CasMailbox MailboxName -IMAPenabled:$true ($false disables the protocol for the specified user)

5.Configure the SMTP Receive Connector on the Exchange Server to Allow Anonymous in order to send Email using the following command:
Set-ReceiveConnector "Servername\default Servername" -PermissionGroups “ExchangeServers,ExchangeUsers,ExchangeLegacyServers,AnonymousUsers"

6.Restart the Microsoft Exchange IMAP4
ServiceRestart-service MSExchangeIMAP4

7. Check the status of the Microsoft Exchange IMAP4
ServiceGet-Service MSExchangeIMAP4

8.Dump the IMAP4 configuration

Note: Remember do not use the Administrator account to test IMAP4, IMAP, SMTP.

MS: Exchange 2007 POP3 Client Access Configuration

1. Set MSExchangePOP3 service to automatic
Set-service msExchangePOP3 -startuptype automatic

2.Configure IP Address and Port for

a.To set the IP address and port for communicating with Exchange using
POP3 with SSL, run the following command:
Set-PopSettings -SSLBindings: IPaddress:Port

b.To set the IP address and port for communicating with Exchange using
POP3 with no encryption or Transport Layer Security (TLS) encryption:
Set-PopSettings -UnencryptedOrTLSBindings IPaddress:Port

POP3 Authentication - POP3 (110) /POP3 SSL (995)

a.If you will not be using TLS encryption and you want to allow Basic authentication on an unsecured port, run the following command:
Set-PopSettings -LoginType PlainTextLogin

b.If you will not be using TLS, but you want to restrict Basic authentication to use only secured ports, run the following command:
Set-PopSettings -LoginType PlainTextAuthentication

c.If you want to use TLS encryption before authentication, run the following command:
Set-PoPSettings -LoginType SecureLogin

POP3 Protocol for the User Mailbox (Enabled by default)
Set-CasMailbox MailboxName -Popenabled:$true ($false disables the protocol for the specified user)

5.Configure the SMTP Receive Connector on the Exchange Server to Allow Anonymous in order to send Email using the following command:
Set-ReceiveConnector "Servername\default Servername" -PermissionGroups “ExchangeServers,ExchangeUsers,ExchangeLegacyServers,AnonymousUsers"

6.Restart the Microsoft Exchange
POP3 Service
Restart-service MSExchangepop3

7. Check the status of the Microsoft Exchange POP3 Service
Get-Service MSExchangepop3

8.Dump the POP3 configuration


Note: Remember do not use the Administrator account to test POP3, IMAP, SMTP.

Tuesday, July 03, 2007

MS: Terminal Server Printer Redirection Wizard Tool

This tool will help resolve Terminal Server Printer Redirection errors by scanning the event log of a Terminal Server or Citrix server to create a custom mapping file for administrators.

The Terminal Server Printer Driver Redirection Wizard will help you troubleshoot and replace print drivers that were unsuccessfully redirected. This tool automates the process found in the Microsoft Knowledge Base article KB239088 entitled “Windows 2000 Terminal Services Server Logs Events 1111, 1105, and 1006”.

This tool will scan a server’s System Event Log and detect all events with Event ID 1111 and Source ‘TermServDevices.’ These events occur when a client machine has a printer driver that the Terminal Server does not recognize.

You can download the tool here

CTX: Event 39 - The CDM redirector has timed out a request to SessionID XX

Event Type: ErrorEvent
Source: CdmEvent
Category: NoneEvent
ID: 39
Date: 03/07/2007
Time: 5:07:34
User: N/A
Computer: SERVER
Description: The CDM redirector has timed out a request to SessionID XX.

This can happen when an application is attempting to access a client device during a disconnect. Check Citrix Server Administration when you see this event appear.
The best way to determine what client device is causing this issue is to turn off client device mapping (client drive, client COM ports, client printers).
Enable them one at a time and monitor the client's logon process.


Increase the settings for the following:

RequestTimeout: Default is 60 (seconds)
DirCacheTimeout: Default is 30 (seconds)
CacheTimeout: Default is 60 (seconds)

Incresea these timeout x 2 or x3 (registry example)

--- Start Registry File ---

Windows Registry Editor Version 5.00

--- End Registry File ---

Monday, June 25, 2007

VMware: Changing the IP Address of Service Console in ESX 3.x

To change the IP address of the ESX 3.x host, you need to change the configuration of the vswif. By default this is vswif0 and this is assumed in this document.
Login to the service console with root permissions, either by using root or doing a su - to get the permissions.

Once in the service console run the command "esxcfg-vswif -d vswif0". This command deletes the existing vswif0. Don't worry if you get a message about nothing to flush.

Then you need to run the command to change the ip address, subnet mask and broadcast address. They are also specified in that order when the command is given. An example command is below.
"esxcfg-vswif -a vswif0 -p Service\ Console -i -n -b"
In this command the -a switch is to add a vswif, the \ in the Service\ Console is deliberate, the -i is the ip address, the -n is the netmask and the -b is the broadcast address.

You now need to change your default gateway, you can do this by editing the network file located at /etc/sysconfig/network. To do this at the command prompt, follow the steps below.
"cd /etc/sysconfig", then
"vi network"
Then while in vi, go to the location of the default gateway using the arrow keys. Hit "i" which will perform an insert and change the default gateway to your liking.
(Optional: yo can edit the host name too).
Hit the escape key twice to exit insert mode.type ":wq!" to write (i.e save) and quit.
At this point you can run some commands to restart the vmware management, but I prefer to restart the server and will recommend you do that. Once the server comes up there are a few things that still need to be done for management in virtualcenter.

Open a remote console to your virtualcenter server, do a ping to make sure the ESX host is pingable after the IP change. Make sure you are seeing the new IP address and it is assumed you have already changed that in DNS. If you are seeing the host correctly, open virtualcenter and disconnect then reconnect the host.

Once the host is connected in virtualcenter we need to change a few bits of configuration information, namely the vmkernel ip address, subnet and gateway. This is so we can vmotion correctly. Click on your host and bring up the configuration tab. Select networking and then properties on the vitual switch.

Select your vmkernel and hit the edit button. Change your ip address here for vmotion and subnet mask. You will not be able to change the default gateway until you hit ok and go back in. Once you have selected ok, then hit edit again on the vmkernel. Select the edit button on the default gateway and change the default gateway on the menu that appears. Select ok, ok again and then close.

Please note all the commands in this document should be used without the "".

Thursday, May 24, 2007

MS: Exchange 2003 ports

For Exchange Communication:
Port 80 for HTTP
Port 691 for Link State Algorithm routing protocol

For Active Directory communication:
Port 389 for LDAP (TCP and UDP)
Port 3268 for Global Catalog Server LDAP (TCP)
Port 88 for Kerberos Authentication (TCP and UDP)

For DNS communication:
Port 53 for DNS (TCP and UDP)

For RPC communication:
Port 135 – RPC endpoint mapper (TCP)
Ports 1024 and higher for RPC services

If you are using IPSec between Frontend- and Backend Servers you have to open:
Port 500 for IKE (UDP)
Port 51 for Authentication Header (AH)
Port 50 for Encapsulation Protocol (ESP)

Rules for firewall

CIFS (Both)
FE/BE Link State Routing (691)
Kerberos Sec (TCP)
Kerberos Sec (UDP)
Kerberos Adm (UDP)
RPC (All)
HTTP Exchange Link State Routing (TCP691)
RPC over HTTP Information Store (TCP6001)
RPC over HTTP DSReferral (TCP6002)
RPC over HTTP DSProxy (TCP6004)

Client Access protocols:

POP3 Secure
IMAP Secure
SMTP Secure

Wednesday, May 16, 2007

CERTIFICATION: Citrix Test 1Y0-306 passed!

Today I passed the Citrix Test 1Y0-306: Citrix Access Gateway 4.2 Advanced Edition: Administration and I got the Citrix Certified Administrator for Citrix Access Gateway 4.0 certification.This is a very, very easy exam, the official course material is enough (plus some experience, the Administrator Manual I have +5 years using Citrix :)
If you don't have the appliance you can install on VMware, check this post

Exam Statistics:

13 Citrix Exams
06 Citrix Certifications
24 Microsoft Exams
15 Microsoft Certifications
05 VMware Certifications
11 VMware Exams

More Info:

Monday, May 14, 2007

MS: How to Reset or Change Microsoft Office 2007 License Key

How to Reset or Change Microsoft Office 2007 Product License Key or Volume License Key (VLK)

Close all Microsoft Office programs.

Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE \Software\Microsoft\Office\12.0\Registration

Inside, you will find another subkey that resembles the following subkey:


Optional: Backup this registry branch by exporting the Registration subkey to a file, just in case the new product key does not work and you have to restore back the old product key.

Under the Registration subkey, there may be several GUID subkeys that contain a combination of alphanumeric characters. Each GUID is specific to a program that is installed on your computer. If you find additional subkeys that reference Microsoft 12.0 registration, then click and open each GUID subkey to view and identify the Office product version by the ProductName registry entry in the right pane.

For example: ProductName=Microsoft Office Professional Plus 2007

After you find the GUID subkey that contains your Office product or program which you want to remove the existing product license key or registration details, delete the following registry entries by right clicking on the registry entry in the GUID subkey, click Delete, and then click Yes.

Exit Registry Editor.

Run or open an Office application program, such as Microsoft Word or Excel or Outlook. Office 2007 will prompt you to enter a new 25-character product key.

Type in the valid and genuine product key, and then click OK. Then when prompted to choose your preferred type of Microsoft Office 2007 installation, press on “Install Now”. Microsoft Office 2007 will be updated with new product CD key or volume license key, and ready for activation (if it’s a non-VLK serial) or use.

Friday, May 11, 2007

CTX: Favorites Web Sites

CTX: Guide for Application Developers

The guide has been developed to provide information on how best to use Citrix technologies for application deployment. It is designed to assist developers that are new to Citrix, as well as seasoned Citrix developers. Please use this guide as a starting point or a reference for basic application concepts of Citrix deployments.

CTX: StressPrinters 1.2 for 32-bit and 64-bit Platforms

Many driver problems in the Terminal Services environment revolve around poor multi-threaded performance, which in turn can cause Print Spooler instability. Problematic multi-threaded performance is usually exposed when multiple users connect to a Terminal Server simultaneously using the same print driver. Symptoms include the failure to autocreate client printers, increased thread count of the Printer Spooler and/or Citrix Print Manager services, and possibly the unresponsiveness and/or unexpected termination of these services (crashes).
This tool can be used to simulate multiple sessions autocreating printers using the same print driver.
It can also be used to compare the following among various drivers:
• CPU load incurred while creating a printer using a particular driver
• Time required to successfully create a printer using a particular driver

CTX: Citrix ICA Client Memory Footprint Toolkit

The Citrix ICA Client Memory Footprint Toolkit allows developers to remove features from a Citrix ICA Client that are not required. This enables better control over the amount of memory required to store and run the client. All information necessary to remove features is included in this toolkit.

CTX: Creating, Configuring, and Testing Health Monitoring & Recovery Tests

Health Monitoring & Recovery is a new feature of Citrix Presentation Server 4.5. The main function of the Health Monitoring & Recovery feature is to monitor the health of Presentation Server. If any of the tests fail, you can configure the Health Monitoring & Recovery feature to generate a recovery action, such as disabling the load balancing capability of the server or restarting the server. The Health Monitoring & Recovery feature includes a number of preconfigured tests; however, you can use the Health Monitoring & Recovery SDK to
create custom tests for your specific environment.
This white paper describes security considerations and how to create, configure, and test Health Monitoring & Recovery tests. The topics covered are:
• “Security Privileges and Testing”
• “Test File Location”
• “HMRSDKTester.exe Utility”
• “Creating and Configuring a Test”
• “Supported Formats”
• “Example of a Nonsupported Scripting Language Test”

CTX: Stress Load of Citrix Server (TLoad)

TLoad is a capacity planning and regression testing solution that enables IT administrators to accurately predict how Citrix environments will perform under high levels of user load. By simulating real user interactions, TLoad customers are able to accurately forecast resource requirements, application behavior and performance bottlenecks ensuring potential obstacles are removed before the system goes live. Through a better understanding of how the Citrix environment will function under load, the system architects and administration team can definitively predict the resources required to deliver the best user experience while minimizing cost.

CTX: Citrix USB Keydrive Toolkit

This note explain how to create and run from a USB key an small ICA client.

CTX: Troubleshooting Tools for Citrix Environments

This is very large list of tools recommended by Citrix Technical Support to troubleshooting Citrix environments .

CTX: Microsoft Updates and Information

This is the central location for Microsoft and Terminal Services related resources that specifically apply to Citrix administrators.

Wednesday, May 09, 2007

MS: Top 7 Tips for Deploying Exchange Server 7

1 ) What are the hardware requirements for Exchange Server 2007?
Microsoft has published the hardware/software requirements for Exchange Server 2007 at
In short, the server must have:
• X64 processor; either the Intel EM64T or AMB64 platforms
• At least 2GB of RAM (plus 2-5 MB per mailbox for optimum performance)
• Light = 2MB/Mailbox
• Medium = 3.5MB/Mailbox
• Heavy = 5MB/Mailbox
• Other factors including the number of Storage Groups, server role, etc play a huge part. See this link for more detailed information:
• Windows Server 2003 x64 or Windows Server 2003 R2 x64, either Standard or Enterprise

2) What are the upgrade paths to Exchange Server 2007?
In-place upgrades are out. You will need to install a new Exchange Server 2007 machine into an existing Exchange 2000 or 2003 organization and move the data. Upgrading from Exchange 5.5 will require a little more work as you will need to completely upgrade the organization to Exchange 2000 or 2003 first. More information on the process can be found here:

3) How should I begin planning for disk space?
The factors that affect your storage plans are much more lenient than before, but they will still require some thought.
• Mailbox Size and Count In other words if your target is 1000 mailboxes at 500MB each then you need to think about 488 GB for the base.
• Dumpster Size You should calculate the additional drive space you will need to hold deleted items until the retention period has expired. This could range from 10-40% and even higher depending on the retention period and expected mail volume.
• Content Indexing If you plan to index mailbox items, then you should add another 5% to the overall volume requirements in order to hold the index.
• Growth You should factor in growth in either mailbox numbers or volume. 20% is a generally acceptable number to use to factor growth.
• Log Files The amount of storage they consume will be based entirely on the frequency of backups and the volume of changes made daily to the database files. Many Exchange administrators use 10% as an initial estimation of log files. As always, plan to have logs stored on a separate set of disks.
• IOPS Mailbox IOPS or Database I/O per mailbox, per second is still an important calculation but we have far more breathing room than we did with previous versions of Exchange. (These numbers are possible if you are using Outlook in cached mode.)
• Light Usage (Receive 20 messages a day) 0.11 expected IOPS per user
• Average Usage (Receive 40 messages a day) 0.18 expected IOPS per user
• Heavy Usage (Receive 80 messages a day) 0.32 expected IOPS per user
• Very Heavy Usage (Receive 120 messages a day) 0.48 expected IOPS per user
• In our mailbox example above; 1000 Average mailboxes would require 180 Disk IOPS for adequate performance. A good 7200 RPM drive can usually get a true 100 IOPS while the more expensive drives can get closer to 150.
• To meet our capacity and IOPS goals, we would need to look at a disk system that could hold at least 860 GB of data and operate at 220 IOPS (for growth) Four disks in a RAID 10 confi guration would probably fit the bill.
Here is a great place to learn more about the variables and to perform a more scientific approach to drive estimation:

4) What do I need to know about Server Roles?
Well, you can’t install a server without choosing a role so you must first understand the roles (and your design) before you can proceed. There are five server roles in Exchange Server 2007; Mailbox Server, Client Access, Hub Transport, Unified Messaging and Edge Transport. Here are a few key notes on each:
• Mailbox Server The name says it all. These will likely be your largest servers
• Client Access Provides HTTP/HTPPS access to the data; OWA, RPC over HTTP and ActiveSync
• Hub Transport Think of this as your internal Bridgehead server
• Unified Messaging Communicates with your PBX system. These components are usually installed on a separate server.
• Edge Transport Inbound SMTP traffic goes here. These components must reside on a separate server. This is where message hygiene is configured and how mail gets into your environment. In single-server environments, the Inbound SMTP and message hygiene functionality can be forced on your Mailbox/CAS/Hub server.
• For more detailed information and the Server Role Roadmap, follow this link:

5) What role does the AD Site have with Exchange Server 2007?
The AD site definitions are important for internal mailbox routing in an Exchange Server 2007 environment. Exchange Server no longer uses routing groups. Instead, it routes based on the routing topology defined within the Active Directory Sites and Services. Here are a couple of important items to note:
• Ensure there are no IP subnets defined in more than one AD site and that there is no overlap
• At least one Hub Transport server should be installed in each Active Directory site
• A Client Access server must be deployed in each site that contains Mailbox servers

6) Does my Active Directory need to be at a certain functional level before I can install Exchange Server 2007?
Yes. First and foremost the Schema Master for your Active Directory Forest must be running Windows Server 2003 R2 or Windows Server 2003 SP1.
Second, you need to make sure the Active Directory domain level functional level must be set for Windows Server 2000 (or higher) native mode for all domains in the forest.

7) Do I have to upgrade my Outlook clients before I install Exchange Server 2007?
Probably not. Outlook 2003, 2003 and Outlook 2007 are all supported. For Outlook Web Access, clients need to have a supported browser such as Internet Explorer versions 7, 6, 5.5, and 5.01, Mac OS X, Linux, Safari, Firefox, Netscape, and Opera.

VMware: VMware Workstation v6.0 released

Today VMware releases the new VMware Workstation version 6.0.0 .

New features in VMware Workstation include:

Windows Vista support: Users can deploy Windows Vista as a guest or host operating system, facilitating re-hosting of legacy systems, enabling upgrade and migration projects with minimal end-user disruption and simplifying Windows Vista evaluations.
Multiple monitor display: Users can configure one virtual machine to span multiple monitors or multiple virtual machines to each display on separate monitors with this industry-first capability, enhancing desktop productivity.
USB 2.0 support: Users can take advantage of high-performance peripherals such as Apple iPods and fast storage devices.
ACE authoring capabilities: As a companion to VMware Workstation 6, VMware now offers a VMware ACE Option Pack, which enables VMware Workstation 6 users to create secure, centrally manageable virtual machines. Mobility is one of the primary benefits of this Option Pack, as it allows users to securely transport virtual machines on portable media devices such as USB memory sticks.
Integrated Physical-to-Virtual (P2V) functionality: Users can create a virtual machine in minutes by “cloning” an existing physical computer.
Integrated virtual debugger: Users can deploy, run and debug programs inside a virtual machine directly from their preferred integrated development environments (IDEs), accelerating debugging with this industry-first integration with Eclipse and Microsoft Visual Studio.
Background virtual machine execution: Users can run virtual machines in the background without the VMware Workstation user interface for an uncluttered user experience.
Automation APIs: Users can write scripts and programs that automate and help quicken virtual machine testing with support for VIX API 2.0.

In addition, VMware Workstation 6 advances the state of the art in virtualization technology with groundbreaking new capabilities including:

Continuous virtual machine record and replay (experimental): Users can record the execution of a virtual machine, including all inputs, outputs and decisions made along the way. On demand, the user can go “back in time” to the start of the recording and replay execution, guaranteeing that the virtual machine will perform exactly the same operations every time and ensuring bugs can be reproduced and resolved.
Virtual Machine Interface (VMI) support (experimental): VMware Workstation 6 is the first virtualization platform to allow execution of paravirtualized guest operating systems that implement the VMI interface.

CTX: How to Install Citrix Access Gateway on VMware

How to Install Citrix Access Gateway v4.2 (Appliance CD) on VMware Workstation or VMware Server guide.
Download the FrameworkX Virtualizing Citrix Access Gateway Step by Step guide from here

Thursday, May 03, 2007

MS: Troubleshooting SMTP problems in Exchange Server

General troubleshooting for transport issues in Exchange 2000 Server and in Exchange Server 2003
This article provides information about basic troubleshooting utilities that you can use with transport components in Microsoft Exchange 2000 Server and in Microsoft Exchange Server 2003 to investigate transport issues. The most common issues involve mail flow.

Thursday, April 26, 2007

BETA: Microsoft Longhorn Server Beta 3 released!

Today Microsoft released a new BETA of the Windows Longhorn Server (AKA Windows Server 2007).

Versions available for download at Connect, MSDN or MS Public Beta:
  • Microsoft Windows Longhorn Server Standard Edition (x86 and x64)
  • Microsoft Windows Longhorn Server Enterprise Edition (x86 and x64)
  • Microsoft Windows Longhorn Server Datacenter Edition (x86 and x64)
  • Microsoft Windows Longhorn Server Web Edition (x86 and x64)
  • Microsoft Windows Longhorn Server for Itanium-based Systems (IA64)

All of these versions are available in English, German and Japanese.

This is a list of new features included in the Beta 3:
  • PowerShell - *new* for beta 3 - powerful scripting.
  • Dynamic Partitioning - *new* for beta 3 - allocate resources on the fly.
  • Internet Information Services (IIS) 7.0 - next gen web and app platform
  • Server Core - more roles, low footprint, no GUI!
  • Terminal Services Gateway - access your apps without RASing in.
  • Failover Clustering - improved cluster management, security, and stability
  • Network Access Protection - keep your network safe from un-healthy clients.
  • Next Generation TCP/IP Protocol - built for speed.
  • Server Manager - setup, config, and manage server roles and features in one place.
  • Native UEFI 2.0 support - *new* for beta 3 - EFI support for OEMs.
  • Read-Only Domain Controller - branch office DCs
  • Distributed File System Replication Service (DFS-R) - fast replication
  • Volume Shadow Copy Service (VSS)