Exchange 2007 to Exchange 2010 Public Folder Migration

This Episode

This episode of UTM comes from a recent experience when migrating a customers HUGE public folder database during an Exchange 2007 to 2010 migration.  Doing it manual wasn’t a solution and how I pulled if off, way to easy.

The Delima

This customer had WAY too many public folders to go in and manually create the boring task of manually tying the replication together.  So I thought back to this great PS1 script that had so much promise.  I went in, ran the script, it ran w/o issue.  Waited several hours, no such luck.  So I sat down this morning and said to myself, there has to be a way to do this and I put my mind to sitting down and working on it.

The Stage

You must have a working Exchange 2010 and built a Public Folder Database on the new server. 
EXCHMB01 = Exchange 2007 Mailbox Server (Old)
EX-MB-01 = Exchange 2010 Mailbox Server (New)
Moving from Exchange 2007 to Exchange 2010.  If you didn’t read above!

The Solution

My PowerShell skills are a 7 out of 10, so there may be a few steps that are easier that I make them, but this is how I did it and it worked, so here we go.

Setting the stage

To make life easier and to make sure that I named things correctly, I used a bit of manual configuration for the first step.

1. Open EMC (Exchange Management Console)
2. Open toolbox then open “Public Folder Management Console”
1. 
3. We are going to quickly add a manual entry to one of the Public Folders to make it easy to copy and paste DB names and Paths.
4. Rt. Click a folder on the Right Pane, Click Properties
1. 
5. Click the “Add” to add all of your Replicas.  For this instance I have an old server EXCHMB01 (Ex07) and a new Mailbox Server EX-MB-01 (EX10)
1. 
6. Now for the fun part.  Like I said these steps might be easier from a CLI, but this way, I can know for sure, just in case not all my Mailbox Servers are Public Folder Replicas.

Setting up the Replicas

1. Open the ESM
2. Run the following:
1. get-publicfolder -recurse |fl Name, Replicas
3. You will get a full list of all your public folders, find the one you edited in “Set the Stage”
1. 
4. Copy the “Replicas data to your clipboard, we will use this for 2 steps.

Making all folders a replica to the new and old server both (For Migration)

When migrating, you temporarily want all data on both Public Folder Databases, so that users in both environments work, using replication to replicate the changes.  So I always setup replicas so that can start replicating as we complete mailbox and other migration tasks.

1. Open ESM
2. Run the following:
1. get-publicfolder -recurse | set-publicfolder -replicas "EX10_PublicDB1","EXCHMB01\Public\Public Folder Database"
3. It is VERY important to notice 2 things here.  From the copy and paste, you will get {} and will need to put quotes between the databses.
1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db
4. Wait, this will take awhile to run, pending on many things.
5. You will get some error about “/” can’t be set, that’s fine.
6. Run the next step to replicate the System Folders
1. get-publicfolder "\NON_IPM_SUBTREE" -recurse | set-publicfolder -replicas "EX10_PublicDB1","EXCHMB01\Public\Public Folder Database"
7. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db

Checking your work

1. Simply run the following:
1. get-publicfolder –recurse |ft Name, Replicas –auto –wrap
2. get-publicfolder “\Non_IPM_Subtree” –recurse |ft Name, Replicas –auto –wrap

Removing the Replicas

Once you are done with the Old server and ready to Decommission the old server, you need to remove the old server from the replica list.  To do this you just modify the above syntax how you added them to remove the old server

1. Open ESM
2. Run the following:
1. get-publicfolder -recurse | set-publicfolder -replicas "EX10_PublicDB1"
3. Notice the missing old server!
4. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db
5. Wait, this will take awhile to run, pending on many things.
6. You will get some error about “/” can’t be set, that’s fine.
7. Run the next step to replicate the System Folders
1. get-publicfolder "\NON_IPM_SUBTREE" -recurse | set-publicfolder -replicas "EX10_PublicDB1
8. Notice the missing old Server!
9. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db

Checking your work

1. Simply run the following:
1. get-publicfolder –recurse |ft Name, Replicas –auto –wrap
2. get-publicfolder “\Non_IPM_Subtree” –recurse |ft Name, Replicas –auto –wrap

Conclusion

I’m not really sure why this was so hard to find, but the solution is pretty simple.  There are other ways to inject the server names, but for a novice to use this guide and with them possibly not knowing where their Public Folders were located, I wanted to show the GUI part and then the commands using copy and paste on how to build the Replicas.

I hope this helps someone and somebody out there thinks… UTM.

My Experiences with OCZ Technology SLD3-25SAT3-120G

 

Doing a little review here, I have an older Acer Laptop.  It’s about 3 yrs+ old, and was one of the first dual core laptops on the market.  When I bought it, I had to wait for about 9 weeks for it to come out.  I have a docking station and I have very little trouble with it.  I replaced the hard drive when I started a new job in 2010 and it’s done nothing but get slower since.  I always noticed that when I was noticing the slow down, the Hard Drive (HD) light was lit solid.

So I’ve been eye-balling SSD drives.  They seem quicker and the fact that there isn’t a spinning platter in a mobile device really sold it.  After lots of research, I decided on the OCZ Technology SLD3-25SAT3-120G from Newegg via: Newegg.com

The disk looked very fast, was compatible with SATA2 and would last until I received my next laptop that will for sure have SATA3 in the next year or so.  So after ordering the drive, I decided that I had WAY too much on my laptop to reload so a clone it was.

Review starts here:

I received my drive, unboxed the Newegg box, to find a sexy little package that was almost like an envelope.  Opening the box I find this sexy little drive that was super light and was build decent enough:

This Looked semi-normal and not much to the outside.  But of course I bought it for the insides.  And don’t think if that “Warranty Void” sticker wasn’t there, I wouldn’t have opened it up.

On to the imaging.

Downloaded the latest Acronis, started a clone and when the clone finished, I shutdown my laptop, plugged in the new drive and started it back up, with a huge kid-like grin on my face.

First boot-up with the SLD3-25SAT3 was normal, lots of Hard Drive light activity and was able to boot straight into windows.  For the search engines, I have to type this out: Acronis Clone works to SSD Drive and Windows 7.

Windows 7 boots up, I login, it says new hardware.  I rebooted as requested.

Next startup.  The next startup seemed much quicker, but I was pulled away for a second to chat with a co-worker, so maybe it wasn’t, hard telling.  Logged into Windows, desktop pops up and once again says New Hardware found.  2nd Reboot on the way.

3rd start after cloning the drive with Acronis.  The BIOS post starts, Windows flashes, and WHAM.. I’m at the login.  Now let me explain a bit to you about this (Please read next section if you don’t care, there is a lot more that matters!).  When I usually turn my laptop on, it takes somewhere between 2-4 minutes to get to the point where my fingerprint reader is working properly.  If I want to login before that time, I had to actually type my password, then wait for what seems to be forever, for it to load Windows and my desktop.  This was not the case, it was ready to roll.

So, I boot up fast, it looks good, I start working and “playing” to see if it’s any faster.  And it was in so many ways, Outlook flying, desktop responsive, almost no HD flashing.  Opening local PDF files that were pretty large was near instant.

YAY for me, new laptop…. Well…. Almost.

Going along about 15 minutes..> BSOD, Blue..Screen…Of….Death.  Reboot and back we go.  After analyzing the dump, it was for sure something HD related.  I go home for the night and computer locked up when I return in the AM.  Time to switch HD’s back or WTF.

So off to the Forums, and I hope if you have this issue, you may have found me here.  I find where there is a newer firmware and even though they are unsure what causes random BSOD for different people, they suggest the upgrade. 

Now here is the kicker:

You can not update the firmware of a Hard Drive you are using.  You must either boot to a boot CD or load the firmware via a computer booted to another hard drive.

So, I finally found a boot ISO as I didn’t want to take my laptop apart again, I found via: Guide Latest version numbers for the Vertex3-Agility3-Solid3 drives

I personally downloaded the latest ISO, booted the computer and followed the prompts to update the firmware.  It was successful and life is good.

I want to tell you what.  After about a month of using this new drive, I’m not sure I could go back to a normal drive, at least on my older laptop.  This thing flies and I’d put it up against most any laptop for most any daily activity that normal and power users do. 

So my thought, 100% worth the $200 for the drive. (Period)

If you have a laptop that is decent, has SATA2 interface and just has a lot of hard drive activity, try this.  Nice thing is that you can move this drive right into your new laptop, do a repair and you have one hell of a SATA3 processing machine.

18 year sentence for Wi-Fi Hacking… Say What?

So I ran across this article Wi-Fi-hacking neighbor sentenced to 18 years - CNN.com as I was surfing through the news of the Inter-webs.  At first sight I was like WTF is going on here.  A dude hacked his neighbors Wifi and ends up with 18 years prison.
So here’s the deal and I must say, I’m not sure 18 years is enough for this one.
Matt and Bethany Kostolnik had reported to police that their neighbor, Barry Arndolf had kissed their 4-year old son on the lips.  Police show up, tick the neighbor off, not enough information to press further charges.
Barry Arndolf reads a few guides (a few have been some personal favorites myself) on “How to Hack WIFI”

• Cracking WEP using Backtrack; A beginner’s Guide
• Ryan Underdown
• Simple WEB Crack Aircracking and Cracking WEP with BackTrack3 –Step-by-Step instructions
• simple_wep_crack [Aircrack-ng]

Barry reads up, starts hacking at his now hated neighbors.  Once inside their network, he hijacks yahoo e-mail accounts sending some hate and death threat letters to people like Joe Biden and other figures that have big guys in black suits that care.
Barry continues to plant child porn on the users My Space and work e-mail addresses.  He even went to the point of sending the poor neighbors copies of their tax returns, just to show that he had possession of everything.
So this guy only gets 18 years, seem not enough, probably ruined the Kostolnik’s life.

So at this point, I’m going to write a nice article on how to use a Fortinet to protect you from this crazy work. 

Will be working on this very soon, “How to secure your WIFI router from external users”  This should help you if you ever have a chance to live next to a total crazy bastard that has some reading and IT skillz.

OPFacebook–Project Hack Facebook by Anonymous because Facebook sells and shares “private” data.

 

OK, so I wish I could get a poll going but how many of you readers out there think that launching a slimy Distributed Denial of Service (DDoS) attack against someone is actually a “hack”, but the group “Anonymous” looks to be loosely organizing an attack against Facebook because they feel that Facebook “Sells user information and data to government agencies and security firms”.  Now disregard that comment if they pull off a nice site defacement hack or prove some big security hole that will legitimately hinder the company.

Now here’s my beef.  If a government agency wanted some sort of data from Facebook, nobody can stop them.   A judge signs a warrant, the FBI/Other Agency serves the warrant to the company, the company must do ‘it’s best” to provide any information that was described in the warrant.  These warrants can be obtained quickly and using the USA Patriot Act, so would it really matter if they gave it up willingly? 

Regardless if they do this or not, why attack Facebook for it.  Are they just bored?  Trying to make some news?  From the reports I’ve read, it seems that the followers are limited at best and I’m unsure if they could actually pull it off, though they’ve DDoS some major players in the Multi-Tier WAN environment. 

Though I am really interested in what these Facebook junkies will do if the page times-out.  I mean watch out Charter/ATT tech support… The Internets are broken.

Resources the Peak my Interest for this Article:

Hacker group vows to 'kill Facebook' - CNN.com

Joe Paterno – a Football God?

 

84-years old and still coaching college football.  In my book I say this guy is a football god.  I mean this guy is like a Timex and just keeps ticking.  Of course, if I made a cool $1 Million/year to coach, I’d coach until the end of my life. 

Just think, he’s been to 36 college bowl games.  He has coached in over 539 games and has 2 National Championships, 3 Big 10 and tons of awards.  He’s been coaching at Penn State for over 62 years, Joe, from me to you… U-T-M!

It’s sad to hear he was hurt on the football field, but at least it is where he loved to be.  He’s 84 years old for gods sake.  He runs that side lines like the lunch lady at a South LA school.  These guys respect him and they should.  Wonder if Devon Smith sits the side lines this year now

References from where I think:

Fox Sports
Joe Paterno - Wikipedia, the free encyclopedia

Apple tops big oil, iPhone5, iShares?

 

Today, it was seen that Apple with all it’s iCrap, temporarily moved past Exxon Mobile in value.  I-N-S-A-N-E.  I guess that’s what a $.75/gallon drop in cost will do to an oil company.

I kinda feel bad for Exxon Mobile.  They didn’t have a chance.  I mean the iCrap has gone crazy and people are buying it, just to buy it.  It’s not like they really use what they buy. 

For example.  I met a guy the other day, that literally bought a $3000 27” iMac.  He bought it because he liked his iPhone 4 and if he liked it, then he’d like the iMac… Right.  Only issue is that everything he did with his business ran on Windows only.  So… he buys VMware Fusion, Windows 7 Ultimate and installs a VM so he can run his programs for business.  This computer did replace his Windows 7 Ultimate laptop that worked wonderful.  So he literally has a $4000+ iTunes player.  Yeah, yeah, he has Office11 and all that, but really, everything he does is Microsoft.

But it proves a point.  The screen looks cool, looks good and they have a nice phone that works.  I wonder if the creator of the iPod (the real guy, not the one the bought the idea) had any clue where life would be just a few short years later.

Some references just for fun:

Apple was Briefly more Worth Than Exxon Mobile Today - I4U News
Apple Share Price is above $400
iOS 5 Details are Official
The iPhone 5 Spec Sheet

And my favorite… Google wins one  Go Google!

Google Beats Apple to a Design Innovation- Curved Glass

Dow Jumps 430 Points… Or should it just jump off a building and go away.

 

I am no economist, but I am a realist.  I understand there are rich people that know rich people and they all sit around, drink tea and eat crumpets while the figure out how to further screw the common man. 

Not that I know what a crumpet is, but here’s the link if you want one via: Crumpet - Wikipedia, the free encyclopedia

So starting over a weekend, the S&P comes up with this crazy idea that the US government is getting along worse than it has in the past.  I’m kind of curious if they ever studied the Civil War or the Great Depression…  I know, different circumstances…  So they decide to downgrade our credit rating from a “AAA” to a “AA”.  I’m unsure who comes up with this scale but when I was in school, we used “plus” and “minus” signs to show what side of a grade you were on.  For some reason, they just add A’s, to the value until they make sure that someone out there is a bit higher or lower, pending on how they felt that day.  Regardless, of all that, S&P seem to have made some sort of calculation mistake, so this calculation mistake was like $2 Trillion in Value via: Just the Facts S&P's $2 Trillion Mistake, that looks like this $2,000,000,000,000, I sure hope this happens next time I balance my checkbook…

Regardless, the S&P makes a mistake, the insiders that get paid from S&P by the DOW marketers and other rich folk that are looking for that “snitch” on the inside get tipped about this “false” value.  They alert the news media maybe this guy was involved? Ted Turner - Wikipedia, the free encyclopedia

Now are you still following me?  Recap.  S&P makes mistake, insider tips a rich guy, rich guy tips news media to drive fear, fear creates a market crash, and the rich folks have enough money to understand to keep what they have and buy as much as possible when the market crashes.  When the market recovers *As it always has* they come out like champs because it’s almost Christmas shopping season, and the rich folk need a raise.

I keep hearing about this market crash, but I remember not to long ago when the market hit 10,000, they were worried it wouldn’t roll over, kinda like Y2K, but rich folks involved not geeks.

DOW Jones Graph from 8/9/11 after the 11th biggest gain in history, but this is also after one of the largest losses in history. 

Only thing I can say here, is that I’m really glad that I’m not retiring anytime soon.  Wish I had a few cool Million to invest this morning.

Restructuring early and Today’s news

 

So today, I have decided to rename the blog to not be quite so focused on Fortinet products but to include Fortinet products in my random rants and posts.  I just realized even though I know a lot about the FortiProducts, there was almost no way I could ever keep enough information alive to interest more than just FortiGeeks…..

 

Anyways, I will start to rant, rave and suggest my personal thoughts on the way things should be, the way they were when I walked 15 miles through 50 foot of snow with one shoe, and generally how stupid some things just are.

I hope at some point I can make you smile, make your day a good one or just help you with something that brought you here.

So just for fun, and attention, this is what is in the NEWS today.  I may go ahead an blog about something in this list next.

Three Dougherty siblings very dangerous via: Siblings 'extremely dangerous'
DOW Jumps 430 points via: 430-point jump after Fed statement
London Crackdown in Effect via: Police swarm London
Charlie Sheen’s Death Good For Ashton 3 and a half men via: 'Men' star- Death episode funny
Joe Paterno gets released from the Hospital via:Paterno released from hospital
Is Apple worth more than an oil Company? via: Which company is worth most-
Remember the Fallen 30 via: Fallen pilot's boy- Don't forget my dad

How to configure a 2wire 2701HGV-B Modem with a FortiGate (ATT uVerse)

Recently I was tasked with bringing a ATT uVerse client online with a new SBS server. They needed site-to-site VPN's between the sites as well as public services forwarded to their SBS server for things like RWW, SMTP, OWA, RDP, etc...

We obtained a 5-block of Static IP addresses and off we went.

After talking to the first 3 "Level 2" technicians, I was confident that I was to statically assign an IP address to my FortiGate 50b WIFI's WAN1 IP, then I could set it up with Static IP's.

So I went ahead and did the obvious to setup a Static IP on my WAN1, configured Default Routes and Firewall policies. After logging on, I found that the www.ipchicken.com saw my static IP address and I thought I was set. Oh, how I was so wrong...

After returning, I tried to access the Public IP of the Firewall to configure some services, even though I had Ping and HTTPS forwarding configured, I was unable to do either. After doing a sniff of the WAN1 interface, I found that the traffic was not making it to the WAN1. Obvious... A firewall.

So I am making this quick guide so that you can save several hours. Here are VERY important details of how this has to work:

• IF you assign a single STATIC IP address behind your network, you CAN NOT disable the firewall. This might be good if you have to have certain traffic come FROM an IP address, but don't want any inbound access to the device.

• To disable the firewall, you will need to setup the device as a DHCP Client.

• You will only be able to have 1 "Device" per Static IP when using DHCP.

• With a FortiGate, it could be possible to have VDoms to get "multiple" devices, but dual WAN addresses are not supported for some reason.  I have tried and tested as well as found other complaining of the same issue.  I will dig up the reasons a very smart man has figured out shortly.

• Once configured correctly, your Device will get a DHCP address from a PUBLIC block and not a private block, thus giving you a public IP on your firewall.

• For network admins and network enthusiasts, this is a very confusing situation. But it is, what it is.

  Here is how I accomplished this.

Basically here are the steps:

1. Pending you have previously been using the ATT modem as a router before trying to install the FortiGate UTM Firewall, you will need to connect to the IP of the uVerse router.

2. To find this, open a command prompt, and type 'ipconfig' The Gateway IP is your ATT uVerse Modem.

3. Open a web-browser and type in the IP of the gateway. In this instance it is 192.168.6.254.

4. Open Home Network and Advanced

5. Configure a new IP and DHCP Pool on your ATT DSL Modem (2701HGV-B). Lets use 10.20.30.254/24 (255.255.255.0) with a DHCP Pool from (10.20.30.100 through 10.20.30.200), we'll only need 1 IP/device.

   

6. When you click "Save" you will loose connection to this device. That is fine, just disconnect all devices except the WAN1 for the firewall

7. IMPORTANT!!! Disconnect all devices from the ATT modem and only have your FortiGate WAN 1 Attached Only to the DSL/ATT Modem.

8. Connect to your FortiGate firewall and login. If you do not know how to do this, please visit my other blog Using a Console Cable to configure a Fortinet Appliance. Change the "Internal Interface" what ever it may be in your situation to a Static or Manual IP. We will reuse our previous 192.168.6.254/24 address, so that we do not have to change any static device on the Internal network. It is suggested that if the IP subnet is 192.168.0.* or 192.168.1.*, to change to a different address. It is possible to use any address below 255 on the following schemes. (10.*.*.*, 192.168.*.*, or 172.16.*.*).

9. Configure the FortiGate WAN1 with a DHCP Address, you should get an address of 10.20.30.*, it will likely be 100, but not always.

10. Configure your Internal Interface with the old ATT Default Gateway (Or the Default Gateway of your choosing). In our instance it will be 192.168.6.254, please make sure to check Ping, SSH and HTPS, we might need these!

11. Configure a simple Internal-->WAN1 policy with NAT enabled.

12. Connect to the Fortigate Internal (Default Gateway) IP via https, using the IP we provided as the Internal IP. Login

13. Open another browser page to connect to the ATT uVerse modem/router via http://10.20.30.254

14. Clear the ATT Routers Machine Cache before starting by visiting the http://10.20.30.254/mdc

15. On the Left column, go to Resets and click the first Item "Reset Local Network". This should clear your device list under http://10.20.30.254 (Home Network)

    

16. Go to the FortiGate Device https://192.168.6.254, Status-->Network-->Interface. Edit WAN1, and click "Renew" next to DHCP.

    

17. Go back to the ATT router and you should see the FortiGate device listed.

18. Click Broadband Link-->Advanced

19. On the left column, select "Routed Interface", Fill in the gateway provided by ATT as well as the subnet mask provided by them. Check the "Auto Open Firewall" checkbox. Click Save.

    

20. Click Home Network-->Advanced and then "Edit Address Allocation" on the right column.

    

21. Inside of here, we will assign the Public IP to the FortiGate. For us Network Administrators, this is a VERY strange way of doing things. Please hang in there, we are almost done.

22. Inside the "Edit Address Allocation" section, you should see your single device.

    

23. Click the Address Assignment and scroll up, on top of the scroll list, is a "Assign Public IP" option. Select this.

    

24. Click WAN IP Mapping on the right side. This should have a dropdown with your Public IP blocks. Choose any that you wish to use.

    

25. Uncheck the "Firewall" box to remove firewalling (finally).

    

26. Go back to the FortiGate Interface and click Renew under WAN1. You may have to do this a few times, but after a few times, you should now have a Static Public IP address.

 

Thank you to all who read and you are welcome to those that learned and may have saved a day of research and calling horrible ATT support. 

 

Enjoy!

Thoughts of the Trade (Upcoming Blogs)

• Securing down your FortiGate UTM appliance
• ATT uVerse and Configuring a FortiGate UTM Appliance for Static IP's and no Firewall
• Configuring a 60c to actually go faster than 100mb/sec.
• Interface(routed) or Policy Based VPN Tunnels for FortiGate UTM Appliances
• Tweaking your Appliance for performance
• Debugging and how to tell what is wrong
• How to submit a full autopsy of an issue to support
• How to configure a FortiGate firewall from the ground up
• How to setup a Redundant VPN
• How to setup a Redundant WAN
• How to configure a FortiWifi AP
• How to create a HA Cluster and some common used settings
• How to capture packets and convert them to pcap for reading
• How to troubleshoot issues