Wednesday, September 26, 2012

How to Cluster IronPort C-Series Appliances

This will explain the quick overview of how to cluster two of these devices together to provide an easy way to administer multiple IronPorts on the same network.

1. Login to the IronPort using SSL.  I prefer Putty.
2. Enter CLUSTERCONFIG
3. The CLI will ask if you want to enter cluster mode.  Select Y.
4. You will then see a list of cluster commands.
5. At this point if you have no cluster enter the option to create a cluster.
6. Follow the prompts.  Give it a name, select the ports, etc.  I always recommend setting the cluster to communicate on the internal management IP address.
7. Once the cluster config is complete the IronPort will apply the changes which only takes a minute or so.
8. To add other machines repeat this exact process only selecting the option to join an existing cluster.
9. During the join select the IP address of the first IronPort you put into the cluster.  Follow the prompts and complete the join.

I have found this process very helpful if an IronPort fails because I don't have to take the time to configure the replacement from scratch.  

This setup shares the configs so all you do is bring the replacement IronPort online, give it a static IP address and the same name as the unit you are replacing, login to it via the CLI and join it to the cluster.  

Once you have done that it will copy the configuration  from your cluster and will be ready to run.

Good luck on your cluster setups.

Monday, September 10, 2012

PrivateKeyMissing when running Enable-ExchangeCertificate

PrivateKeyMissing when running Enable-ExchangeCertificate

Enable-ExchangeCertificate : The certificate with thumbprint XXXXXXXXX was found but is not valid for use with Exchange Server
(reason: PrivateKeyMissing).
At line:1 char:27
+ Enable-ExchangeCertificate <<<< -Thumbprint XXXXXXXXX -Services "IIS"


The above error is a result of a glitch with Exchange 2007. This issue does not happen all the time as it is completely random, but when it does happen no certificate can be installed or removed through the Exchange Management Shell (EMS). For whatever reason it may be, the system forgets where it placed the Private Key or the certificate store is damaged.

Repair Damaged Certificate Store:

1) Open MMC (Microsoft Management Console) to the Certificate Manager (Certificates Snap-in) for the Local Computer account.
2) Double-Click on the recently imported certificate (It will be missing the golden key).
3) Go to the Details tab.
4) Click on the Serial Number field and copy down that number. (Leave window open)
5) Open up the command prompt (DOS Prompt -- CMD.exe)
6) Type: certutil -repairstore my "SerialNumber"( SerialNumber is that what was copied down in step 4.)
7) After running the command, go back to the MMC and right-click Certificates and select "Refresh".
8) One should now see the golden key associated with the certificate.
9) Double-check in the Exchange Power Shell with: Get-ExchangeCertificate

Alternatively if the above does not work try the following:
Note: Follow these steps if running Windows Server 2008 only

1) Open MMC (Microsoft Management Console) to the Certificate Manager for the Local Computer account. (Certificates Snap In)
2) Look in the Personal section of the Certificate Manager and there should be icon(s) without a little golden key. (Those with the key have the private key bonded to them.)
3) Delete the icons without the golden key.
4) Go back to the EMS.
5) Run the Import-ExchangeCertificate and Enable-ExchangeCertificate in one line like so: [ Import-ExchangeCertificate -Path c:\exchange.globessl.com.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, IIS, POP" ]
*** Please modify the command according to your needs. ***
6) Things should be golden from here and if they are not, please contact Microsoft.

Monday, September 03, 2012

Migrate Windows 7 to a new SSD

What you’ll need: your old hard drive; a back-up drive, either internal or external; a blank CD-R/DVD-R or the Windows 7 installation disc and your new SSD.

Step 1: Shrinking your original partition to fit on the smaller

First make sure your original OS drive only contains two partitions -- the system reserved partition and the partition that houses your OS. If you have any others, back everything up from them onto the backup disk as you'll lose them in this process.

Once that’s done, it’s time to shrink your OS partition so it will fit inside the SSD, which is likely to be smaller than the older OS drive. Go to the start menu and right-click 'Computer' before selecting 'Manage'.

Select 'Disk Management' on the left, just under the 'Storage' header.

Right-click your OS partition, which is usually labelled as C:, and then select 'Shrink Volume'. The computer will think for a moment as it queries the volume for available shrink space.

In 'Enter the amount of space to shrink in MB', enter a value that's at least 10% smaller than the usable capacity of your new SSD. For example, if you’re moving over to a 120GB SSD, enter 100,000 to be safe.

If you can’t shrink the partition enough, try defragging the drive first. If that fails, you’ll need to start uninstalling applications from C:. Do this until you’re able to shrink the drive enough. Once it’s shrunk, your new OS partition will be small enough to fit inside your SSD.

Step 2: Create an image of the now shrunken OS drive

Plug in your backup drive, be it an external drive or an internal drive. It must be bigger than the size of your shrunken original OS partition.

Head to the control panel and double-click the 'Backup and Restore' option.

On the left-hand side, select 'Create a system image'. During the backup wizard, it will ask where you want to store the new image -- select your backup drive.

Start the backup and then hurry up and wait -- this can take up to 15 minutes or more to complete.

Once it's finished, you’ll be asked if you want to create a system repair disc. If you don’t have your Windows 7 installation disc, select yes and it will guide you through the creation of a system repair disc. If you do have your Windows 7 installation disc, select no. Then shut down your PC.

Step 3: Install the new hard drive and restore from the image

We’re halfway there -- now it’s time to set up the new drive. Firstly, open your PC case and disconnect all of your drives except for the backup disk. Plug in your new SSD as described in our photo tutorial this week. After double-checking all your connections, boot up your system and insert the repair disc or Windows Install disc in your optical drive.

The computer should boot from the optical disc and at the first screen select the 'Repair your computer' option. Then select the 'Restore your computer using a system image that you created earlier' option from the next screen before clicking next.

On the next screen, select the 'Use the latest available system image (recommended)' option and then click next.

Now you need to double-check you’re not going to wipe any other drives, so click the 'Exclude disks' button.

You should only see one hard drive in the list -- if there are any more, make sure they’re selected with a tick mark otherwise they’ll be erased.

Click 'Next' and finally, 'Finish'. A warning sign will pop up, asking if you’re sure you want to continue -- select Yes.

If this process fails, it means your shrunken partition still wasn’t small enough, so you’ll need to go back to Step 1 and uninstall more applications before shrinking and mirroring the drive again.

If this process works, you’ll be prompted to restart your computer. Click 'Don’t restart', and then click 'Shutdown'.

Step 4: Final Steps

Plug all your other drives back in, but don't plug the original OS drive in at this point. If you want to use that drive, save it for later -- our priority now is to make sure the new drive is working.

Boot the PC up -- Windows should load from your SSD, though it may need a reboot once it's detected a new device in the SSD.

It’s time to go back into the Disk Management area. Go to the start menu, right-click 'Computer' and select 'Manage'. Once again, head into the same 'Disk Management' section on the left as you did in Step 1.

Right-click your new OS partition (again, usually called C:) and select 'Extend Volume', then click next.

Don’t adjust any of the default values -- Windows will automatically calculate exactly how far you can extend the partition to fill your new SSD. Click Next and then Finish, and your partition will be extended to fill the SSD.

Finally, we need to enter a single command via the command prompt in administrator mode. Go to 'Start > All programs > Accessories', then right-click 'Command Prompt' and run it as an administrator. Type this command at the command prompt:

winsat disk

This command makes Windows detect the new drive as an SSD and thus enable all the features unique to these drives. You’re now good to go!