Pages

Friday, July 29, 2011

Attempting to move a mailbox from Exchange Server 2003 to 2010 throws the error: “Active Directory operation failed on someDC.someDomain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0”

Problem

You’re transitioning an Exchange Server 2003 server to 2010 and when you make an attempt to move a mailbox, you receive the following error:

Active Directory operation failed on someDC.someDomain.com. This error is not retriable. Additional information: Insufficient access rights to perform the operation. Active directory response: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.
Click here for help...
http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex6AE46B

Exchange Management Shell command attempted:
'someDomain.com/SomeName School/SomeNameUsers/SomeNameSecondary Students/S11/Eliot Smith' | New-MoveRequest -TargetDatabase 'SomeNameStudents - Light'

Elapsed Time: 00:00:01

image

Solution

The reason why you’re encountering this error is because the account of user’s mailbox you’re trying to move does not have the property: Include inheritable permissions from this object’s parent enabled.  This is not the default configuration of user objects in the domain but I find that a lot of applications or administrators tend to deselect this option when trying to achieve customized settings for the user accounts in their environment.  To correct this, simply open up Active Directory Users and Computers and turn on the Advanced Features as shown here:

image

Once the Advanced Features is enabled, search for the user account you have this problem with:

image

… open up the properties of this object:

image

Navigate to the Security tab of the user object’s property and click on the Advanced button:

image

Notice in the following screenshot that Include inheritable permissions from this object’s parent is not enabled:

image

Simply enable this property as such:

image

Once this property is enabled, you should now be able to move the mailbox.  This manual process works well if you only have a few accounts to modify but if you have hundreds or even thousands, a script may be a better option.  Unfortunately, I did quite a bit of searches on the internet but was unable to find one that works. 

Here’s one that I found and tried but it error-ed out on me: http://gallery.technet.microsoft.com/ScriptCenter/b15da21e-2732-4b63-b7b3-c2b862dd5707/

PS C:\> .\setacl.ps1
C:\data\Profiles\Staff\
\ is True
Set-Acl : The security identifier is not allowed to be the owner of this object.
At C:\setacl.ps1:39 char:20
+             Set-Acl <<<<  -Path $job -AclObject $acl
    + CategoryInfo          : InvalidOperation: (C:\:String) [Set-Acl], InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.SetAclCommand

\ is False
PS C:\data\Profiles\Staff>

image

I’ll definitely update this post if I figure out a way but if someone who happens to pass by this post has a solution, please feel free to share.

Moving an Exchange Server 2003 mailbox to 2010 throws the error: “The property value is invalid. The value can't contain leading or trailing whitespace.”

Through the migrations from Exchange Server 2003 to 2010 I’ve done in the past, I’ve never ran into a problem I encountered over this weekend and while it looks like it’s quite common, I figure I’d blog about it anyways so I can reference my own notes in the future.

Problem

You attempt to move a mailbox from Exchange Server 2003 to 2010 but the process fails with the following error:

Summary: 1 item(s). 0 succeeded, 1 failed.
Elapsed time: 00:00:01

Morgan Smith
Failed

Error:
The property value is invalid. The value can't contain leading or trailing whitespace.
Click here for help...
http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.218.11&t=exchgf1&e=ms.exch.err.Ex9E6D8B

Exchange Management Shell command attempted:
'SomeNamenet.com/SomeName School/SomeName Users/SomeName Secondary Students/S8/Morgan Smith' | New-MoveRequest -TargetDatabase 'SomeName Students - Light'

Elapsed Time: 00:00:01

image

Solution

The reason and solution can be found at the following link: http://www.msexchangeblog.nl/2011/02/18/migrating-exchange-2003-to-exchange-2010-notes-from-the-field/ but just in case it ever becomes unavailable, the reason why you’re encountering this error is because the user’s mailbox you are moving has a display name that either has a leading or trailing white space.  Here’s an example:

image

**Note the trailing white space at the end of the n.

If you only have one or two accounts that have this problem, you can easily fix this by remove the user’s leading or trailing white space by editing the properties.  If you have more than one of these accounts, you can use the solution as described in the blog post I mentioned above.

Redirecting Exchange Server 2010 OWA so users can exclude the /owa path

In Exchange Server 2003, it wasn’t quite as easy to redirect a user who types https://webmail.someDomain.com/ to https://webmail.someDomain.com/exchange as you were required to user a .asp page to redirect the requests to the root over to the /exchange directory.  In Exchange Server 2010, this process has been simplified through a simple text and check box in IIS 7 (http://technet.microsoft.com/en-us/library/aa998359.aspx).  You can find the instructions here but in case someone is looking for a screenshot of what the configuration looks like see the following:

image

Make sure you select the Only redirect requests to content in this directory (not subdirectories) as the redirect will not work without that checkbox enabled (I made the mistake while configuring this wondering why it didn’t work).

Wednesday, July 20, 2011

Cisco UCS B Series Infrastructure IO Module throws the error: “fabric-unsupported-conn”

Problem

You notice that your IO module in your Cisco UCS B series infrastructure throws the following error message:

fabric-unsupported-conn

image

Navigating to the faults tab of your IO module shows the following details:

Affected object: sys/chassis-1/slot-2 <— note that this could be any chassis or slot

Description: IOM 1/2 (B) current connectivity does not match discovery policy: unsupported-connectivity

ID: 415387

Cause: unsupported-connectivity-configuration

Code: F0401

Original severity: major

Previous severity: major

Type: connectivity

image

Solution

The cause is actually quite simple and it’s because you have, say, a 2-link policy set for your chassis discovery policy but you only have 1 link plugged in between your IOM and the fabric interconnects:

image

Note that an error won’t get thrown if you have, say, a 1-link policy set but you have 4 links plugged in so in this case, since we only have 1 cable plugged in from the IOM to the fabric interconnects, changing the policy to 1 link will fix the problem.

Updating Cisco UCS B series infrastructure interface cards throw the warning: “The firmware of the following components cannot be updated because they are using host/management firmware policy:”

I had to update a Cisco UCS B series infrastructure two weeks ago from 1.3 to 1.4 and while going through the usual drill, I was prompted with the following warning message:

The firmware of the following components cannot be updated because they are using host/management firmware policy

image

As the client looked over and asked me what we should do, I realized that as seemingly obvious the warning message may be in suggesting that you should either:

1. Skip the firmware update on these interface cards

2. Remove your existing firmware policy

image

image

… you tend to stop and think about your next steps.

I have to admit that being someone who works on projects, most of my UCS work is greenfield deployments which means whenever I’m upgrading firmware, there’s not much to worry about going wrong.  Yes, I do get called for break/fix issues but I’ve always told people who are in operations and actually maintain their UCS infrastructure that they probably know much more than I do when it comes to working with production environments. 

Now that I’ve digressed way off topic, I almost always choose option #2 which means I need to go to each blade and remove the firmware policy applied to it.  So the next question I got asked by the client was whether this would strip away the existing firmware or cause the blade to reboot.  The answer is actually no.  You can safely navigate to the blade’s policy tab to remove the policy then continue to update the adapters.

Installing Windows on a Cisco UCS C Series server with Cisco UCS Server Configuration Utility

One of the projects I was involved in a month ago had several Cisco UCS C460 M1 servers that required a bare metal Windows Server 2008 install so as I began the process of installing the operating system, I also took the opportunity to screenshot the process.  With that being said, though there’s nothing really special about this post, its main purpose is to demonstrate what the process looks like with the Cisco UCS Server Configuration Utility.

I prefer to use the CIMC for the install instead of the console because I usually fire up a few instances for different servers which will allow me to do simultaneous installs:

image

Mount the Cisco UCS Server Configuration Utility ISO:

image

image

Reboot the server:

image

image

With the Cisco UCS Server Configuration Utility mounted, you’ll see it boot into the utility:

image

image

Accept the EULA as we always do:

image

As shown in the screenshot below, you can see a brief summary of the server information:

image

image

If you proceed to the OS Install menu and attempt to immediately start the installation of the operating system without configuring the hard disks’ RAID level, you’ll see something like this:

image

image

image

If that’s the case, then proceed to configure the disks’ RAID by navigating to Server Configuration –> RAID Configuration:

image

I won’t go into too much detail since the screenshots are pretty self explanatory so to summarize, I’m configuring 2 sets of RAID-1 and 1 hotspare:

image

image

image

image

image

image

image

image

image

image

image

image

image

Now that the virtual disks have been created, we can proceed with the install:

image

image

Those who are familiar to HP SmartStart or Dell Server Administrator will see that Cisco’s utility is pretty much the same:

image

image

image

As shown in the following screenshot, you’ll get the following 4 options for the drivers you want to install:

  1. From www.cisco.com
  2. From SCU boot media
  3. From Network Share
  4. From USB stick on key

For the purpose of the example, I’m going to leave it at the default which is #2:

image

What I’ve noticed is that once the following screen takes a bit of time to process:

image

You’ll notice that the utility will auto select the RAID controller drivers for you and that’s because without loading these drivers, Windows won’t be able to detect the disk.  Although you should try to select all the drivers you’ll need for the operating system (i.e. hba, NICs, etc), it’s ok to leave them out for now because you can always run this CD within Windows to install the missing drivers:

image

image

Once you click next, the drivers will get copied to the server and you’ll then be prompted for the Windows CD:

image

If you’re installing the operating system through the CIMC, unmap and remap the proper ISO and continue:

image

The utility will now copy the required files and then ask for a reboot to install the OS:

image

image

image

Once the server reboots, you’ll see the Windows installation begin:

image

image

image

image

image

image

image

image

… and we’re done.