5ain7 ga11 . CH || i7-l3ak5. CH || g07r007.CH

Event ID: 13559 The File Replication Service has detected that the replica root path has changed

by on May.20, 2015, under ADFS, Knowledgebase, Server-Plattformen, Windows 2003 Server, Windows 2008 Server

Ich hatte das Problem, dass ein DC nicht mehr replizierte. Der SysVol Share (Netlogon, etc) war vorhanden, aber die Files wurden nicht repliziert.

Im Log sah man folgende Meldung:





The File Replication Service has detected that the replica root path has changed from “c:\windows\sysvol\domain” to “c:\windows\sysvol\domain”. If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.
This was detected for the following replica set:

Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.

[1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.
[2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.

For more information, see Help and Support Center at



Der Server wurde scheinbar mal virtualisiert (P2V)….


Folgendes schafft Abhilfe:

The solution to the problem is to create a file in the c:\windows\sysvol\domain” named NTFRS_CMD_FILE_MOVE_ROOT with out any file extension, then restart the
file replication service.

Ich musste noch den noch Replikationsintervall abwarten. Danach wurden folgende EventLogs publiziert:




Leave a Comment more...

Scheduled Exchange Powershell Output via Email

by on May.05, 2015, under Exchange 2010, Exchange 2013, Exchange Server, Knowledgebase, PowerShell ISE, Server-Plattformen, Windows 2008 Server, Windows Server 2012 R2

Möchte man einen Exchange PoweShell Output terminiert ausführen und per Email senden, dann geht dies mit folgendem Script. Im Script habe ich gerade noch den Output in HTML formatiert und mit einer Table verpasst. In diesem Falle war es ein Get-MessagetrackingLog Output über einen ganzen Tag.

[code language=”powershell”]
$smtpServer = “mail.it-leaks.ch”
# SMTP Relay Server
$smtpFrom = “DailyReport@it-leaks.ch”
# SMTP Absender
$smtpTo = “spicedham@inter.net”
# Absender
$messageSubject = “Daily Report”
# Subject

$style = “< style>BODY{font-family: Arial; font-size: 10pt;}”
$style = $style + “TABLE{border: 1px solid black; border-collapse: collapse;}”
$style = $style + “TH{border: 1px solid black; background: #dddddd; padding: 5px; }”
$style = $style + “TD{border: 1px solid black; padding: 5px; }”
$style = $style + “< /style>”
# Style auf Arial setzen und Table einbauen

$message = New-Object System.Net.Mail.MailMessage $smtpfrom, $smtpto
$message.Subject = $messageSubject
$message.IsBodyHTML = $true
# Nachricht zusammenfügen und als HTML deklarieren

$message.Body = get-messagetrackinglog -Start (Get-Date).AddHours(-24) -Sender “out@it-leaks.ch” -EventID “SEND” | select {$_.Recipients},{$_.MessageSubject},{$_.TimeStamp} | ConvertTo-Html -Head $style
# Message Content aus Exchange PowerShell generieren

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)
# Message senden

Damit das Script via Windows Scheduler täglich ausführen kann, habe ich es in einem CMD Wrapper verpackt, welcher das Script via Exchange PowerShell ausführt.

[code language=”powershell”]
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command “. ‘c:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; D:\DailyScripts\SendEmailwAttachHTML.ps1”

Anschliessend kann das CMD File via Windows Scheduler geplant werden.

Leave a Comment more...

SSL Wildcard Konfiguration für Exchange POP3 und IMAP

by on Apr.08, 2015, under Exchange 2007, Exchange 2010, Exchange 2013, Exchange Server, Knowledgebase

Wenn man versucht, bei einem Exchange 2010/2013 den POP3 und IMAP Services ein Wildcard Cert zuzuweisen, kommt folgende Meldung:

<Enable-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXX -Services POP
WARNING: This certificate with thumbprint XXXXXXXXXXXXXXXXXXXXXX  and subject '*.example.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.>

Das gleiche ist bei IMAP…

Der FQDN der X509 Certs muss dazu angepasst werden.

<Set-POPSettings -X509CertificateName mail.domain.ch>
<Set-IMAPSettings -X509CertificateName mail.domain.ch>

Danach noch die Services restarten.

<Restart-service MSExchangePOP3>
<Restart-service MSExchangeIMAP4>

Die Dienste lassen sich jetzt zuweisen.

Leave a Comment more...

ADFS / WAP and Exchange 2010 OWA Problem mit Kerberos (0x8007052e)

by on Apr.02, 2015, under ADFS, Exchange 2010, Exchange 2013, Exchange Server, Knowledgebase, Security, Server-Plattformen, Windows Server 2012 R2

Ich hatte das Problem, dass sich die User via Outlook Webapp (published via ADFS & WAP) nicht formularbasiert anmelden konnten. EAS und Konsorten funktionierten einwandfrei.

Nach dem Login auf dem neuen ADFS Page, passierte einfach nichts…



Auf dem WAP Server sieht man, dass ein Kerberos Ticket angefordert wird, der ADFS Server aber kein Ticket zurücksenden kann. Die Logs auf dem WAP Server zeigten folgendes:




EVENT ID 12027, Username and Password wrong (0x8007052e).


Auf dem ADFS Server sieht man folgendes:




Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
Microsoft.IdentityServer.Web.InvalidScopeException: 06a7aa66-3aad-e311-80c1-005056983900

 at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.ValidateSignInContext(MSISHttpSignInRequestContext msisContext, WrappedHttpListenerRequest request)

 at Microsoft.IdentityServer.Web.Protocols.MSISHttp.MSISHttpProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)

 at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)

 at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Das Problem lag daran, dass der WAP-Server keine Berechtigung hatte Kerberos-Sicherheitstokens anzufordern. 

Nachdem ich den WAP Server in die Gruppe <Windows Authorization Access Group>
hinzugefügt hatte, funktionierte es nach dem Reboot einwandfrei.


Windows Authorization Access Group
In the user account in Active Directory there is a computed token. This is a computed version of the same security token that is created when a user logs in. You only need to add users to this group for special software that requires this access
Leave a Comment more...

Sonicwall NAT Loopback Policy

by on Mar.30, 2015, under Firewalls, Knowledgebase, Kommunikation, Networking




Original Source: LAN Subnets
Translated Source: WAN Primary IP
Original Destination: (WAN server object)
Translated Destination: (LAN server object)
Original Service: Any
Translated Service: Original
Inbound Interface: LAN Interface
Outbound Interface: Any

Leave a Comment more...

Sophos UTM – 9.2xx to 9.304 up2date fails

by on Mar.30, 2015, under Firewalls, Knowledgebase, Networking, Security

gefunden auf:





Updating between minor UTM version releases is failing

First seen in

Sophos UTM


All updates on the UTM are applied sequentially, for example 9.200 updates to 9.201 before updating to 9.202. Upgrading issues can arise when an upgrade path between two minor versions is offered for example 9.2 to 9.3. Dependant on the speed in which the updates are installed to your UTM, you may be left with two upgrade routes, one of which will be invalid. An example of this would be if your UTM has downloaded the upgrade file between 9.209 and 9.300 but never applied this update, the files would remain on your system. After a few weeks 9.209 to 9.210 may have been released creating a second path based on revision version rather than minor version. If you install this update the scripts will also try to install 9.209 – 9.300 which is no longer valid because you are already running on a more recent version.
(note – Since 9.211 was released, the upgrade package from 9.210 to 9.304 was removed.  You now need to upgrade from 9.210 to 9.211, and then to 9.304)

What To Do

  1. Log into the WebAdmin of your UTM and temporarily disable automatic updating
  2. Log into the UTM shell of the UTM and escalate your user rights to root
  3. Using the following commands remove the redundant packages from these locations.
    • # rm -rf /var/up2date/sys-install/*
    • # rm /var/up2date/sys/*
    • # rm /var/up2date/.queue/*
  4. Change your location to the /var/up2date/sys location
    • # cd /var/up2date/sys
  5. Download the correct update file available from the download server.  The example below works for 9.211 to 9.304
    • # wget http://download.astaro.com/UTM/v9/up2date/u2d-sys-9.211003-304009.tgz.gpg
  6. Run the installation using the command:
    • # auisys.plx
  7. Re-enable automatic updating on the UTM

If your UTM is using High Availability, you may also need to remove these same files from the slave node as well.  When remotely accessing an HA cluster you can move to the slave node through the command # ha_utils ssh and when prompted enter the passwords.  The same procedure as above can then be used to resolve the updating issues but with the difference that the update files need to be downloaded on the master, and then copied to the slave using SCP.  From the master, after you have run a wget of the up2date files,  run the command ‘hs’ to identify the ‘cluster IP’ of the Slave node which will either end with a 1 or 2 depending on which node is the Master.  The output will look similar to this:

<M> fw1:/root # hs
Current mode: CLUSTER MASTER with id 1 in state ACTIVE
— Nodes ———————————————————————–
MASTER: 1 node1 9.210020 ACTIVE since Sat Jan 24 17:40:43 2015
SLAVE: 2 Node2 9.210020 UP2DATE since Thu Jan 29 13:03:58 2015

Taking the slave’s IP run the SCP command below from the directory in which the up2date files you wish to copy to the slave are located.

scp u2d-sys-9.210020-304009.tgz.gpg loginuser@

Then enter the password for ‘Loginuser’ – Note that whilst the slave is in status ‘up2date’ no config changes are sync’d across, so if the shell passwords were changed after the problem happened, the slave will still be using the old password.

After the files are copied across, use the command ‘ha_utils ssh‘ to switch to the slave, then move the files copied from the master, to the up2date location as follows:

mv /home/login/u2d-sys-9.210020-304009.tgz.gpg /var/up2date/sys

Now you can run auisys.plx on the slave.

If you need more information or guidance, then please contact technical support.
Leave a Comment more...

Problem mit Windows Updates auf frisch installierten Server 2012 R2 (8024402C)

by on Mar.06, 2015, under Knowledgebase, Server-Plattformen, Windows Server 2012, Windows Server 2012 R2

Ich habe immer wieder bemerkt, dass bei einer frischen Installationen eines Server 2012 R2 die Windows Updates nicht ordnungsgemäß funktionieren.

Es kommt immer folgende Meldung:




Folgendes schafft Abhilfe:
<netsh winhttp reset proxy> im CMD eingeben und dann ging es wieder.

Komische Sache..habe ich weder WSUS noch einen Proxy im Einsatz.

Leave a Comment more...

Resetting Cisco Catalyst 29XX to factory settings

by on Feb.26, 2015, under Cisco, Knowledgebase, Kommunikation, Networking, Switches

Grundkonfig löschen:

Cat2950# delete flash:vlan.dat
Delete filename [vlan.dat]?

!— Press Enter.

Delete flash:vlan.dat? [confirm]y

Cat2950# reload
Proceed with reload? [confirm]y
4w5d: %SYS-5-RELOAD: Reload requested

VLAN DB löschen:

Cat2950# delete flash:vlan.dat
Delete filename [vlan.dat]?

!— Press Enter.

Delete flash:vlan.dat? [confirm]y

Cat2950# reload
Proceed with reload? [confirm]y
4w5d: %SYS-5-RELOAD: Reload requested

Leave a Comment more...

Reseeding Exchange 2013 Search Index

by on Feb.23, 2015, under Exchange 2013, Exchange Server, Knowledgebase, Server-Plattformen

Wie repariert man eine defekte Exchange 2013 Search Index Database?

Zuerst einmal checken, ob die DB überhaupt Probleme hat.



<Get-MailboxDatabaseCopyStatus -Server SERVERNAME | FL Name,*Index*>


In diesem Fall steht:  Reseeding of the index is required

Na, dann machen wir das:


  • “Microsoft Exchange Search” und “Microsoft Exchange Search Host Controller” Dienst stoppen
  • In den Ordner mit der Datenbank browsen. Darin findet man einen Ordner mit langen Strings.In diesem Ordner ist der Index gespeichert. Den Order umbenennen oder ganz löschen


  • Danach die soeben gestoppten Dienste wieder starten.
  • Nach ein paar Minuten sollte der Ordner wieder erscheinen.

<Get-MailboxDatabaseCopyStatus -Server optivevs01 | FL Name,*Index*>

..zeigt wiederum den aktuellen Status an: The Microsoft Exchange Search Service is crawling the database.


Wenn der Task durch ist, sollte folgender Status ersichtlich sein:

ContentIndexState            : Healthy


Leave a Comment more...

Exchange: interne Servernamen aus Email Receive Header entfernen

by on Feb.19, 2015, under Exchange 2010, Exchange 2013, Exchange Server, Knowledgebase, Server-Plattformen

Beim Versand eines Emails via Exchange sieht ein Header normalerweise so aus, dass der interne Servernamen  im Header mitgegeben wird:

<Received: from mailout.in-the-cloud.ch ( by vex10.itc.local
( with Microsoft SMTP Server id 14.2.347.0; Thu, 19 Feb 2015
14:19:50 +0100
Received: from mail.external.ch (mail.external.ch []) by
mailout.in-the-cloud.ch with ESMTP id tdORrIH8XGrJEANV for <me@in-the-cloud.ch>; Thu, 19
Feb 2015 14:22:05 +0100 (CET)
Received: from exchange.internal.local ([fe80::7598:91fd:6be7:2967]) by
exchange.internal.local ([fe80::7598:91fd:6be7:2967%11]) with mapi id
14.03.0224.002; Thu, 19 Feb 2015 14:22:04 +0100>


Wenn man will, dass diese Information verschleiert wird, dann kann man dies via Exchange Shell unterbinden.

<Get-SendConnector “Send-Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -user “NT AUTHORITY\Anonymous Logon”>

ACHTUNG, bei einem deutschsprachigem Exchange heisst es: <NT-AUTORITÄT\ANONYMOUS-ANMELDUNG>

Der Header sieht danach so aus:

<Received: from mailout.in-the-cloud.ch ( by vex10.itc.local
( with Microsoft SMTP Server id 14.2.347.0; Thu, 19 Feb 2015
14:19:50 +0100
Received: from mail.external.ch (mail.external.ch []) by
mailout.in-the-cloud.ch with ESMTP id tdORrIH8XGrJEANV for <me@in-the-cloud.ch>; Thu, 19
Feb 2015 14:22:05 +0100 (CET)>

Leave a Comment more...


A few highly recommended websites...