IGR IT blog – Page 7 – IT Administrator for the IGR at the University of Glasgow

Synchronisation problems with Outlook 2010 for accounts with secondary mailboxes

We had a problem with a couple of users who kept having synchronisation problems with an Exchange (2010) server, using Outlook 2010. Some mail would not appear in mailboxes, but would appear in the web client. The sync would claim to complete ok, but looking at the Sync Issues folder there were a lot of messages of the form:

13:22:28 Error Synchronizing Hierarchy for Mailbox 'TeamShared' 
13:22:28 [80040305-54A-4DE-1900] 
13:22:28 Your server administrator has limited the number of items you can open simultaneously. Try closing messages you have opened or removing attachments and images from unsent messages you are composing.

This can occur if the secondary mailbox has a a lot of folders, which this one does – there’s a big tree of stuff in there. To solve this we turned off caching of the secondary mailbox. The details of the problem and the various workarounds are given at:

Performance problems when you try to access folders in a secondary mailbox in Outlook

Using custom Diffie-Hellman parameters with Apache 2.2.22 and OpenSSL 1.0.1e (Debian 7 Wheezy)

See https://weakdh.org for the problem – 1024 bit Diffie-Hellman keys are potentially breakable (the ‘logjam’ vulnerability). This can be fixed in Apache 2.4 by pointing it at a custom key, but up to recently ver 2.2 was vulnerable. The issue was fixed in apache 2.2.22-13+deb7u5, which allows a custom DH key to be appended to the server certificate. To use this in Debian 7:

Update to apache 2.2.22-13+deb7u5 or higher.

Generate a new Diffie-Hellman group using

openssl dhparam -out dhparams.pem 2048

Find where the appropriate server certificate file is – standard debian setup specifies this in

/etc/apache2/sites-available/default-ssl

Append the DH group to the server certificate

cat dhparams.pem >> server_certificate.pem

The resulting file should look like

-----BEGIN CERTIFICATE-----
stuff
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
more stuff
-----END DH PARAMETERS-----

Restart Apache.

Checking this using the https://www.ssllabs.com/ssltest/ shows DH 2048 bits

Proxmox clustering and multicast (also, DNS)

After much problems with getting a new Proxmox cluster up and running two things have helped:

Putting the SAN IP addresses in the hosts file, avoiding DNS dependancies (especially when one of the systems isn’t in there yet…). This put me on track: http://blog.rhavenindustrys.com/2013/04/curious-proxmox-clustering-fix.html

Important bit:

127.0.0.1 localhost.localdomain localhost
169.254.0.1 proxmox1.local proxmox1 pvelocalhost
169.254.0.2 proxmox2.local proxmox2

10.10.5.101 proxmox1.example.com
10.10.5.102 proxmox2.example.com

This associates the short aliases with the network used by corosync, while leaving the long addresses to the outside world.

Then tried tests detailed at: https://pve.proxmox.com/wiki/Troubleshooting_multicast,_quorum_and_cluster_issues

The multicast test failed – i.e. running

omping -c 10000 -i 0.001 -F -q <list of all nodes>

on both nodes at the same time resulted in 100% loss. Fixed this by disabling IGMP snooping on the SAN VLAN. ExtremeOS command is:

disable igmp snooping <vlanname>

Hey presto, after getting the second node to join properly:

pvecm add 192.168.xxx.xxx -force

it gets quorum immediately. I suspect this issue was causing a lot of the historical issues with getting quorum to work on this switch.

Outlook 2010 and .pst files on network shares

What everyone says is true. Don’t do it! 2010 seems to be very sensitive to .pst issues. Best to import old ones.

Configuring Proxmox hosts (and other postfix installs) to send email via smarthost V2

In this post suggested using the Satellite system option. However, this seems to do the same as the mail sent by smarthost; no local mail option in exim – i.e. even local mail to root tries to go via the smarthost, which then complains. The Internet with smarthost option is probably the better choice (equivalent to exim’s mail sent by smarthost; received via SMTP or fetchmail).

N.B. Normal proxmox setup seems to be for postfix to use /etc/aliases directly. Double check this file!

Dell OMSA install on Server 2012 R2 issues

Did install first as network admin – couldn’t get page to display and update patch (from 7.4.0 to 7.4.0.2) didn’t complete. Scrubbed and reinstalled as local admin – no problems.
firewall exception may be required for remote access.
https listener warning isn’t relevant for the https web interface!
send test email button didn’t work in ie11, does in chrome.

Windows Server 2012 R2 install on Dell R520 – boot order issue

Installing Windows Server 2012 R2 on a Dell PowerEdge R520. Initially had problems with the “We couldn’t create a new partition or locate an existing one” error. Fixed by going into the bios and changing the boot order so that the internal SD card module came second rather than first (which was needed to make it boot from the SD cards).

Permissions for scm-manager repository directory (.deb install)

For new server mounted storage volume at /var/lib/scm to fit with scm-manager defaults on debian. Note – need to give the scm user permissions to this if the install doesn’t create the directory first!

Booting from dual SD card module on Dell R520

Installed FreeNAS 9.3 on Kingston Ultimate 16 Gb cards on dual SD module in Dell R520 (took ages – so did card synchronisation when first inserted). Came up as boot device missing initially on reboot. Changed hard drive order in the bios to put SD cards first and it booted ok.

pingback test 2

test link