Event ID: 7023 DHCP Client service does not start

Symptoms:

The DHCP Client service does not start after you upgrade a Windows 2000 Server-based domain controller to Windows Server 2003

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description: The DHCP Client service terminated with the following error: Access is denied.

Cause:
This problem occurs because the Network Service account does not have sufficient permissions to access the following registry subkeys when you upgrade to Windows Server 2003:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

Solution:

To resolve this problem, assign the Network Service account Full Control access to the following registry subkeys and subkeys under:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

http://support.microsoft.com/kb/895149

Postmaster In Exchange Server

Symptoms:
By default, the postmaster is used to transmit non delivery reports and any other messages that are generated internally by Exchange. However, Exchange 2007 does not contain a postmaster mailbox. This means that those who receive non delivery reports cannot reply back and ask for help.

Solution:
Get-TransportServer
To check and make sure that the postmaster has not already been assigned

Set-TransportServer servername –ExternalPostmasterAddress postmaster@yourdomain.com
You must assign an e-mail address to the postmaster

Get-TransportServer command again to verify that Exchange has been configured to use the postmaster address that you have assigned

You can create the postmaster mailbox in the same manner as you would create any user mailbox or just assign to existing user using add email address

Anti-Spam for Exchange Server 2007 with Hub Transport

Symptoms:
After Installing new Exchange 2007 server with Hub Transport, you realized it is not Anti-Spam Enabled. Many information and Best Practice only refer to Edge Transport. What if you don't have any budged to created Edge server or you only run small organization but must have Anti-Spam mechanism?

Solution:
Actually the Anti-Spam features can be installed directly into the Hub Transport module on the Exchange Server using Power Shell.
1. Run the Install-AntispamAgents.ps1 script. This script is located in the %system drive%/Program Files/Microsoft/Exchange Server/Scripts
2. Restart the Microsoft Exchange Transport service:
Restart-Service MSExchangeTransport
3. Specify the internal SMTP servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet
set-transportconfig –internalsmtpserver x.x.x.x
4. Check 'Server Configuration\Hub Transport', notice the 'Anti-spam Updates Enabled' set to 'True'. If it's not you need to run:
Enable-AntispamUpdates -SpamSignatureUpdatesEnabled $true -UpdateMode Automatic
5. Add quarantine mailbox for administrator to check, deleted, and send again (Approved) quarantined email
6. Do required configuration (SCL and custom configuration) for Anti-Spam features:
- Content Filtering
- IP Allow List
- IP Allow List Providers
- IP Block List
- IP Block List Providers
- Recipient Filtering
- Sender Filtering
- Sender ID
- Sender Reputation

More info: http://technet.microsoft.com/en-us/library/bb201691.aspx

Exchange 2003 to new Exchange 2007 server sending failure

After introducing first Exchange Server 2007 server into an existing Exchange Server 2003 organization, you may encounter an mail flow issue between the two servers.

Symptoms:
- Emails sent from Exchange 2007 to Exchange 2003
- Emails not sent from Exchange 2003 to Exchange 2007 and might be seen in the queue of the Exchange 2003 server.

Solutions:
Remove the smart host from the Default SMTP Virtual Server and instead configure a new SMTP Connector for the Routing Group to send internet email (the namespace of “*”) to the smart host.

Prevent the network adapter from detecting a link state

To prevent the network adapter from detecting a link state, follow these steps.

Note The NetBEUI protocol and the IPX protocol do not support Media Sensing.

1. Start Registry Editor.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

3. Add the following registry entry to the Parameters subkey:

Name: DisableDHCPMediaSense
Data type: REG_DWORD (Boolean)
Value: 1

Note This entry controls the behavior of Media Sensing. By default, Media Sensing events trigger a DHCP client to take an action. For example, when a connect event occurs, the client tries to obtain a lease. When a disconnect event occurs, the client may invalidate the interface and routes. If you set this value data to 1, DHCP clients and non-DHCP clients ignore Media Sensing events.

4. Restart the computer.

Note Microsoft Windows Server 2003 supports Media Sensing when it is used in a server cluster environment. By default, however, Media Sensing is disabled in a Windows Server 2003-based server cluster, and the DisableDHCPMediaSense registry entry has no effect. In Windows Server 2003 Service Pack 1 (SP1), the DisableClusSvcMediaSense registry entry was introduced. You can use this registry entry to enable Media Sensing on the Windows Server 2003-based nodes of a server cluster. The details of the DisableClusSvcMediaSense registry entry are as follows:

Key: HKEY_LOCAL_MACHINE\Cluster\Parameters
Name: DisableClusSvcMediaSense
Data type: REG_DWORD (Boolean)
Default value: 0

By default, the DisableClusSvcMediaSense entry is set to 0. When this entry is set to 0, Media Sensing is disabled. If you set the DisableClusSvcMediaSense entry to 1, you can use the DisableDHCPMediaSense entry to enable Media Sensing. This behavior matches the behavior of a Microsoft Windows 2000 Server cluster environment.

More info: http://support.microsoft.com/kb/239924/

Handling Exchange IMF & SCL

To enable IMF auto-updates:

1. In Registry Editor, navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange

2. Create the following value (DWORD):

ContentFilterState

and give it a value of 1.

To configure IMF to also add the SCL rating to the archived message:

1. In Registry Editor, navigate to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter

Note: You might not find this key in place. If that is the case, create a new key under the Exchange key and call it ContentFilter

2. Within the ContentFilter key, create the following value (REG_DWORD):

ArchiveSCL

and give it a value of 1.

restart the Simple Mail Transfer Protocol (SMTP) service

Custom Weighting Feature for Exchange IMF

IMF version 2 includes a completely new feature called the Custom Weighting Feature (CWF), which allows you to customize IMF even further. With CWF you can filter e-mail messages based on specific phrases within the body of the messages, the subject line or both.

Below is an example of specific phrases and values you can use in the MSExchange.UceContentFilter.xml file.

<?xml version="1.0" encoding="UTF-16"?>
<CustomWeightEntries xmlns="http://schemas.microsoft.com/2005/CustomWeight">
<CustomWeightEntry Type="BODY" Change="5" Text="abcde"/>
<CustomWeightEntry Type="BODY" Change="-5" Text="fghij"/>
<CustomWeightEntry Type="BODY" Change=”6" Text="klmno"/>
<CustomWeightEntry Type="SUBJECT" Change="MIN" Text="pqrst"/>
<CustomWeightEntry Type="BOTH" Change="MAX" Text="uvwxy"/>
</CustomWeightEntries>

Notes:
1. MSExchange.UceContentFilter.xml, should always be in the working path of IMF in latest update subfolder (be sure to check them regularly againts IMF Update)
2. You migh to restart SMTP services to make sure no problem while loading them
3. MSExchange.UceContentFilter.xml file should saved in Unicode format
4. SCL Result : a. determine by + and - change, b. if MAX match then reset to 9, c. if MIN macth then reset to 0.
5. CWLs will not match an entry to a substring of a word, but will match a shorter phrase to part of a longer phrase

The registry key for a TCP IP printer port

The registry key for a TCP IP printer port looks like this :

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports]
"StatusUpdateInterval"=dword:0000000a
"StatusUpdateEnabled"=dword:00000001

;all defaults : RAW, port 9100

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\IP_1.92.1.2]
"Protocol"=dword:00000001
"Version"=dword:00000001
"HostName"=""
"IPAddress"="1.92.1.2"
"HWAddress"=""
"PortNumber"=dword:0000238c
"SNMP Community"="public"
"SNMP Enabled"=dword:00000000
"SNMP Index"=dword:00000001

;customized: LPR, LPR Queue Name, port 515

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports\IP_192.168.1.123]
"Protocol"=dword:00000002
"Version"=dword:00000001
"HostName"=""
"IPAddress"="192.168.1.123"
"HWAddress"=""
"PortNumber"=dword:00000203
"SNMP Community"="public"
"SNMP Enabled"=dword:00000000
"SNMP Index"=dword:00000001
"Queue"="this_is_a_user_defined_lpr_ue"
"Double Spool"=dword:00000000

Symptoms:
Users who would like to prevent worms which execute without any user interaction using an “AutoRun.inf” file, can disable the Windows AutoRun feature completely with the help of the Windows group policy editor (Gpedit.msc). This would be helpful to stop USB virus spreading.

If you want to disable using GPO for all clients under Active Directory, follow instruction to access that http://iwan-it-admin-tips.blogspot.com/2009/01/domain-group-policies-edit.html

Solution:
Group Policy
>Local Computer Policy
>>Computer Configuration
>>>Administrative Templates
>>>>System
>>>>>Turn off Autoplay - Enabled

Do the same for User Configuration

For AD:
Group Policy Object Editor
>Default Domain Controllers Policy [sever name] Policy
>>Computer Configuration
>>>Administrative Templates
>>>>System
>>>>>Turn off Autoplay - Enabled

Do the same for User Configuration

How to access Domain Group Policies

Symptoms:
Need to Apply Domain Group Policies for AD Windows server 2003 R2 sp2 ?

Solution:
1. Administrative Tools > Active Directory Users and Computers.
2. In the left console tree, right-click the name of the domain to which the policy is applied, and then click Properties.
3. From Group Policy Tabs, Choose Default Domain Policy continue by click Edit Button

Beside this, you can upgrade to Group Policy Management Console (GPMC) to improve.

Remotely Adding Firewall Exception List

Purposes:
You want to add Firewall Exception List under Client PC remotely

Solution:
1. Make sure you can remote registry Client PC
2. Open regedit.exe
3. File > Connect Remote Registry...
4. Browse your Client PC Name
5. Add this entry: (in this sample I add Radmin access)
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"4899:TCP"="4899:TCP:LocalSubNet:Enabled:Radmin"

6. To Enable Open File and Sharing Access
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

7. To Enable Disable Firewall, using this Key
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
"DoNotAllowExceptions"=dword:00000000

Eseutil Error -528

Problem:
While try to recover priv1.edb and pub1.edb

c:\\Program Files\Exchsrvr\MDBDATA>"c:\\Program Files\Exchsrvr\bin\Eseutil" /r e00

Initiating RECOVERY mode...
Logfile base name: e00
Log files:
System files:

Performing soft recovery...


Operation terminated with error -528 <JET_errMissingLogFile, Current log file missing> after xxx seconds

Cause:
Missing valid Exx.log files

Solution:
1. Look folder c:\\Program Files\Exchsrvr\MDBDATA
2. Copy last E000xxx.log, E00.log and E00.chk to other place
3. Delete E00.log
4. Rename last E000xxx.log to E00.log
5. Execute
c:\\Program Files\Exchsrvr\MDBDATA>"c:\\Program Files\Exchsrvr\bin\Eseutil" /r e00
5. You may need this procedures with following order:
c:\\Program Files\Exchsrvr\MDBDATA>"c:\\Program Files\Exchsrvr\bin\Eseutil" /g

c:\\Program Files\Exchsrvr\MDBDATA>"c:\\Program Files\Exchsrvr\bin\Eseutil" /p

c:\\Program Files\Exchsrvr\MDBDATA>"c:\\Program Files\Exchsrvr\bin\Eseutil" /d

Failure to Terminal Services ISA Server

Symptoms:
mstsc.exe (Terminal Services) failure to access ISA Server after some windows updates

Cause:

ISA server not allowing Remote Access from outside network

Solution:
1. From Administrative Tools > Terminal Services Configurator
2. Choose Connection
3. On Right Side, Right Click on RCP-Tcp then choose properties
4. Under Network Adapter Tab, make sure only your Internal Network is selected inside Network Adapter dropdown