Search This Blog

Thursday, 28 February 2013

How to Empty a Mailbox of Content in Exchange Server 2010 SP2

Cannot find Search-Mailbox


Before you can use the cmdlet Search-Mailbox you need to load the Snap In for this. Otherwise the error above is displayed and the cmdlet is not found.

Add Snap In


Load the Snap In with the cmdlet Add-PSSnapin Microsoft.Exchange.Management.Powershell.E2010



You can then use the cmdlet Search-Mailbox to find a mailbox and then choose the parameter DeleteContent to empty the mailbox.

Search-Mailbox -Identity "" -DeleteContent

This will not delete any folders in a mailbox these must be deleted manually.

Wednesday, 27 February 2013

IP address conflict with a Cisco ASA and ARP

We had an interesting issue today, a client has a Cisco 5510 ASA and a Cisco 3560 switch. A Windows Server would not show the right IP address with an ipconfig, we always got a 169.x.x.x address and if we disabled the NIC and enabled the IP address conflict dialog window was displayed.

Now we know no other device had this IP address as the server VLAN was statically assigned, we used the command show arp on the 3560 and found the mac address for the IP address we had the conflict on.

This mac address was also listed against several other IP addresses in the server subnet so we decided to find out what device had this mac address.

Using show mac address on the 3560 we saw that the mac was on port Gi0/21.  This switchport was connected to our Cisco ASA.  So what had happened was that we had an IPSEC tunnel on the ASA that had the same subnet as our servers at the other end, this resulted in the ASA claiming ARP for that subnet so that it could manage the NAT for the traffic to cross the tunnel.

You can remove this issue by disabling Proxy ARP on the ASA.  This is done with the sysopt noproxyarp interface

More on this can be read here from Cisco.

Saturday, 23 February 2013

When a SSD fails, it fails!

I have a 250GB Solid State Drive for my laptop, it's been great while it worked but today while writing an email my laptop just switched off.

I switched in again thinking probably dead battery and no hard disk found, the disk is dead. No warning, nothing.

So unlike a traditional hard disk which can slow down, click or whirr before it dies a SSD just stops working. Can you put it in the fridge and then connect to a desktop to try to recover your data? Well No.

Data is gone, all lost.

Now before you feel sorry for me or laugh depending on your nature, I have taken steps to prepare.

I keep all my data in Dropbox, Sky Drive and Google Drive. That's all my documents, music, PDFs, and Screen Steps guides. Email is Exchange so that's safe too.

So I have to install Windows 8, Office 2013 and Screen Steps and I can work. add iTunes and my media is back.

Should take a couple of hours. Not really a worry, but how many of us prepare like this? I did but I'm an IT pro, I should be fired if I hadn't!

As more laptops ship with SSD drives this problem is going to become more apparent.

Where is your important data? If its on your Desktop or in My Documents it's time to think about a backup. I've seen the pain of lost data, it hurts big time and could cost you more than just money.

Friday, 22 February 2013

DCOM Properties greyed out in Windows 2008 R2

The system event log can get full of these types of message, it usualy means a DCOM service needs additional permissions to be set. But in Windows 2008 R2 you will find the DCOM settings are all greyed out. This is by design and you will not have permission to change these settings until you follow the guide below.

1. Event Log ID 10016


Look for the Event Log ID 10016 in the System Log and then open the event. Take note of the GUID that is referenced.

2. Search Registry


Open regedit32 and search for the GUID.

3. Key Permissions


When the key is found right click on the key and choose permissions.

4. Advanced Permissions


Click on the Advanced button.

5. Owner


Click on the Owner tab and then note the current owner is TrustedInstaller.

6. Change Owner


Click on the Security Group you want to change ownership to and then click Apply to change this. Note the change of current owner.

7. Change Permissions


Return to the permissions properties and highlight the Security Group you want and then assign the Full Control permission.

8. Confirm DCOM Properties


Open the DCOM MMC and you will see that the properties for the DCOM object are now not greyed out.

Monday, 18 February 2013

This is our own HP Advisory - c03668975

You know you have a good problem when you get a vendor to create an advisory based on your incident.  Well it has finally happened to us.  The advisory here relates to a problem we had with our HP MSA P2000 LFF Array in the last quarter of 2012.  

Now I have to start by saying that HP Support were excellent and I could not fault their efforts to resolve this, we had multiple hardware changes and engineer visits to get to the bottom of this and it took somewhere in the region of 2 months to get to Tier 2 Support at HP and for the cause to be found.

So if you have a HP MSA P2000 LFF array and see the controllers fail with a memory over temperature error and you have ESXi 5.x then look at this, it might just be the same issue we had and it will save you no end of grief and stress!

Friday, 15 February 2013

How To - Configure a Head Start Restore to vSphere

This guide explains how to configure a Head Start Restore to the Hosted vSphere at CSCM.

vCenter Server


Logon to the vCenter Server and choose the ESXi Host that will be supporting the Virtual Machine. In this example we will be using

Create a Virtual Machine to host the HSR


Right click on the ESXi Host and choose the option to create a New Virtual Machine. Then choose the Typical option.

Name and Location


Name the Virtual Machine with the following convention.

HSR - Client Name Server Type



Choose a location for the Virtual Machine, this should be a MID-vdisk with the appropriate amount of free disk space.

Guest Operating System


Choose the Guest Operating System that is the same as the Client Server that is being restored.



Choose the Isloated Network for the netwokr card, ensure it is set to Connect at Power On.

Image Manager


Now you have to go to the Image Manager Server and check the size of the disks in the server that is to be restored. On the Image Manager find the Server that is being managed and then look at the disk sizes for the Backup Images, this will show you the size of the disk partition that has been backed up.

Create a Disk


We now need to create a Virtual Disk that is at least as large as the disk we are trying to restore, so to leave a little space create a disk that is 5GB larger than you need. In this example our restore server disk is 200GB so I am creating a 205GB disk. Ensure this is thin provisioned.

Complete the Virtual Machine


Accept the configuration and create the Virtual Machine.

Additional Hard Disks


If the server to be restored has more than one hard disk then you will need to create the additional disks. Right click on the Virtual Machine and choose Edit Settings

Virtual Machine Properties


Choose the Add button.

Device Type


Choose Hard Disk and Next.

Create a Disk


You now create a disk as you did before for the additional restore server partitions.

Disk Size


Choose the capacity of the disk, that it is Thin Provisioned and that it is stored with the virtual machine.

Advanced Options


Click Next

Complete Disk Add


Click Finish

Image Manager Head Start Restore Job


Back on the Image Manager server choose the Add new HeadStart Restore job.

New Job


Choose the Location field and click the drop down arrow.

Add Location is required


If there is no location choose the option Add new location.

Location Settings


Choose Type and select VMWare ESX/ESXi Server and then in the Server field enter the IP address of the ESXi Server. Enter the credentials for the ESXi Server

HeadStart Restore Volumes


Choose the option Add new HeadStart Restore volumes

Base Images


Note that the Base Images listed match those of your restore server.

Add Volumes


For each volume choose the option Click to browse for volume.

Digital Certificate Error


Choose Yes to ignore the certificate error.

ESX Inventory


Hover the mouse over each vdisk and select the disk that matches the volume you are restoring. For example for the C: volume at 72GB choose the vdisk you created at 77GB in size. Choose Select.

Add all disks


Repeat this process for each of the HSR Restore Volumes. Choose Save.

Restore Job Running


The Head Start Restore is now complete and will show as Restoring. You have a Head Start Restore running.

Toot Toot! MSP Mentor Awards 2013

Sometimes you have to blow your own horn and today is one of them.  Toot Toot!  We have been awarded position 362 of 501 top MSP Mentors Worldwide today.

So for once I do not have to write much on this blog, below is the comment from MSP Mentor on our award and recognition.

Nine Lives Media Names CSCM IT Solutions
to the MSPmentor 501 Global Edition

Sixth-Annual Report, Formerly the MSPmentor 100, Lists
The World’s Top 501 Managed Service Providers (MSPs)

February XX, 2013CSCM IT Solutions has landed on Nine Lives Media’s sixth-annual MSPmentor 501 Global Edition (, a distinguished list and report identifying the world’s top 501 managed service providers (MSPs). This year’s report has been expanded extensively to include:
  • New: MSPmentor 501 Global Edition
  • New: MSPmentor 100 Small Business Edition (top MSPs with 10 or fewer employees)
  • MSPmentor 200 North America Edition
  • MSPmentor 50 EMEA (Europe, Middle East, Africa) Edition
  • MSPmentor 25 AANZ (Asia, Australia, New Zealand) Edition
  • New: In-depth data tracking mobile device management (MDM), managed cloud services and other recurring revenue opportunities for MSPs.
"Everyone in the team is buzzing from this news, to be recognized among your peers is fantastic!" said Kyle Heath, one of the Business Leaders.

The MSPmentor 501 report is based on data from MSPmentor’s global online survey conducted October-December 2012. The MSPmentor 501 report recognizes top managed service providers based on a range of metrics, including annual managed services revenue growth, revenue per employee, managed services offered and customer devices managed.

“MSPmentor congratulates CSCM IT Solutions on this honor,” said Amy Katz, president of Nine Lives Media, a division of Penton Media. “Qualifying for our MSPmentor 501 Global Edition puts CSCM IT Solutions in rare company.”

MSPs on this year’s global 501 list lifted their combined annual recurring revenues 24.5 percent to $2.54 billion. Together, those MSPs now manage more than 5.6 million PCs and servers, and nearly 400,000 smartphones and tablets, according to Joe Panettieri, editorial director, Nine Lives Media.

MSPmentor, produced by Nine Lives Media, is the ultimate guide to managed services. MSPmentor features the industry’s top-ranked blog, research, Channel Expert Hour Webcasts and FastChat videos. It is the number one online media destination for managed service providers in the world.

About Nine Lives Media
Nine Lives Media, a division of Penton Media (, defines emerging IT media markets and disrupts established IT media markets. The company’s IT channel-centric online communities include MSPmentor (, The VAR Guy ( and Talkin’ Cloud (

Nine Lives Media, a division of Penton Media
Joe Panettieri, Editorial Director
212-204-4206 or

Windows 2008 R2 changes to Public Firewall Profile

If like us sometimes something just goes wrong and you get that call that "all our applications have stopped working" but your Managed Services application says all is good.  It could be this.

The Network Awareness Location Service.  This server is what determines which Windows Firewall Policy you get on a workstation or server and sometimes it goes wrong and sets a server on a Public Firewall profile.  When this happens applications just stop as all incoming ports are pretty much shut down.  So when everything looks great but no one can work check this one out.

Have a read of this Blog from Microsoft on the NLA Service.

It could just save your bacon.

Thursday, 14 February 2013

Put Die Hard to sleep

Die Hard 5 is the most ridiculous film I have ever seen. I suspended disbelief as it started and quit after 5 minutes when Bruce takes an Aeroflot flight to Moscow with no Visa.

What follows is a Mercedes sponsored car chase gun fight window smashing chase through Russia featuring beards, oligarchs, hired goons in Italian suits and a sexy daughter with red lips.

More bullets are fired than in Saving Private Ryan and no one really gets shot, it's a 12A so kids note, people don't die until you are 18, then they die. OK.

Skip to Ruski with Uranium, Chernobyl rubbish and a helicopter with truck in it for no reason. Boom boom bang bang explosion end.

Back to USA for sunshine and a milkshake.

They made films like this years ago, Commando was a fine example, but when Bruce does his one liners even Roger Moore couldn't save them. They stink.

There is only one moment that worked, a homage to Alan Rickman falling in slow mo from Die Hard. That's it for in gags.

I wanted to leave after 10 minutes because I knew what was coming. Just do not bother, go watch Die Hard or Die Hard 2 for the real McClaine. Better still go see Django Unchained for a real movie experience.

Wednesday, 13 February 2013

How to - Automatically Delete Old Backup Files from a USB Disk

This guide explains how to use the forfiles and at commands to delete any file type from a USB disk that is over a certain age in days.

1. USB Disk


Here we have a USB disk that has the common problem, there is not enough disk space left on the disk for the backup to be stored.

2. Age of Files


Here we can see that some of the files are of different ages and we would like this disk to be clear to allow room for tonights backup.

3. Command Prompt


Run the command cmd and then at the command prompt we will use the command called forfiles.

4. Forfiles Command


The forfiles command has multiple options but the main use we have is to delete all files with a certain extension from a certain location that are over a certain number of days old. So the syntax is explained below

forfiles /P G:\ - This is the path location and in our example the G: disk, but this could be any folder path.

/M *.TIB - This describes the file extension we want to find, so by using *.TIB we will find all Acronis Backup Ffiles, however this could be used for any file extension or *.* for any file.

/D -7 - This is the number of days that the file must be older than for the command to return an answer so we are only going to find files older than seven days.

/C "cmd /c del /q @path" - This is the more complex part of the command, this is the command that will be executed against the result we generated in the first part. In this example we will run cmd with /c to terminate the command once it is complete, next we use del to delete files with the /q for quiet mode so we do not have to confirm the delete and finally we add @path to take the folder path from the first part of the command!

So what we end up with is forfiles /P G:\ /M *.TIB /D -7 /C "cmd /c del /q @path"

5. Run Forfiles Command


If we now run this command we see that the one TIB file has been deleted as this was over 7 days old. NB The command has no confirmation so be 100% sure you know what you are going to delete and where before you execute.

6. Schedule this Everyday


OK so now we have the command to clean up our disks we want to run this everyday automatically and we can do this with the at command. The at command allow you to run a command at a specific time at reoccuring intervals.

at 18:00 - The first part of the command says run at 18:00 or anytime in the 24 hour clock you choose.
/every:m,t,w,th,f - The second part of the command schedules what days the command will run, in this case it is Mon - Fri. Saturday is S and Sunday is SU

You then follow the command with the forfiles command to create a scheduled task.

7. Confirm Scheduled Task


To confirm that the task is scheduled you can run the at command with no switches and you will see the output describing the task number, days to run, time to run and the command to run.

NB If you make an error entering the command you can delete the task with the command

at /1 delete - Where 1 is the number of the task ID.

8. Command Switch Options

Below are the full switch outputs for the forfiles and at commands.

9. ForFiles Command

FORFILES [/P pathname] [/M searchmask] [/S]
[/C command] [/D [+ | -] {dd/MM/yyyy | dd}]

Selects a file (or set of files) and executes a
command on that file. This is helpful for batch jobs.

Parameter List:
/P pathname Indicates the path to start searching.
The default folder is the current working
directory (.).

/M searchmask Searches files according to a searchmask.
The default searchmask is '*' .

/S Instructs forfiles to recurse into
subdirectories. Like "DIR /S".

/C command Indicates the command to execute for each file.
Command strings should be wrapped in double

The default command is "cmd /c echo @file".

The following variables can be used in the
command string:
@file - returns the name of the file.
@fname - returns the file name without
@ext - returns only the extension of the
@path - returns the full path of the file.
@relpath - returns the relative path of the
@isdir - returns "TRUE" if a file type is
a directory, and "FALSE" for files.
@fsize - returns the size of the file in
@fdate - returns the last modified date of the
@ftime - returns the last modified time of the

To include special characters in the command
line, use the hexadecimal code for the character
in 0xHH format (ex. 0x09 for tab). Internal
CMD.exe commands should be preceded with
"cmd /c".

/D date Selects files with a last modified date greater
than or equal to (+), or less than or equal to
(-), the specified date using the
"dd/MM/yyyy" format; or selects files with a
last modified date greater than or equal to (+)
the current date plus "dd" days, or less than or
equal to (-) the current date minus "dd" days. A
valid "dd" number of days can be any number in
the range of 0 - 32768.
"+" is taken as default sign if not specified.

/? Displays this help message.

FORFILES /S /M *.txt /C "cmd /c type @file | more"
FORFILES /P C:\ /S /M *.bat
FORFILES /D -30 /M *.exe
/C "cmd /c echo @path 0x09 was changed 30 days ago"
FORFILES /D 01/01/2001
/C "cmd /c echo @fname is new since Jan 1st 2001"
FORFILES /D +13/2/2013 /C "cmd /c echo @fname is new today"
FORFILES /M *.exe /D +1
FORFILES /S /M *.doc /C "cmd /c echo @fsize"
FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file"

10. At Command

The AT command schedules commands and programs to run on a computer at
a specified time and date. The Schedule service must be running to use
the AT command.

AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]
AT [\\computername] time [/INTERACTIVE]
[ /EVERY:date[,...] | /NEXT:date[,...]] "command"

\\computername Specifies a remote computer. Commands are scheduled on the
local computer if this parameter is omitted.
id Is an identification number assigned to a scheduled
/delete Cancels a scheduled command. If id is omitted, all the
scheduled commands on the computer are canceled.
/yes Used with cancel all jobs command when no further
confirmation is desired.
time Specifies the time when command is to run.
/interactive Allows the job to interact with the desktop of the user
who is logged on at the time the job runs.
/every:date[,...] Runs the command on each specified day(s) of the week or
month. If date is omitted, the current day of the month
is assumed.
/next:date[,...] Runs the specified command on the next occurrence of the
day (for example, next Thursday). If date is omitted, the
current day of the month is assumed.
"command" Is the Windows NT command, or batch program to be run.