DONT FORGET YOUR MASTER PASSWORD you don't need master PW during the update but you can reset the master PW if you forget it. Master PW's are used for installs.

To reset password: from Server where Ajera is installed:

1. Go to the Ajera Folder.
2. Select Ajera Server Administration.
3. Click Tasks.
4. Select Change Mater Password.
5. Type the New Password.
6. Re-enter New Password.
7. OK.

Log into server

Launch the Ajera Server Administration Utility and click "TASKS"

Once you click on the "TASK meu you will be presented with the following

Then UPDATE AJERA

 You also have the option to backup and restore Ajera

The update will back up your existing DB

Your backup path may be C:\Ajera\Backups  Other locations may be different based on installation paths.

This backup hung for us for some odd reason- we decided to install SQL management studio and do the backup inside SMSE  1.3gb database took 3-4 min to fully backup successfully. 

Backups will depend on database size and hardware system and may take longer due to your environment.

We recently did a 9.00 to 9.10 and the backup took about 15 minutes using the backup database on tasks menu inside Ajera.

CLICKING UPDATE will verify your current install and present what update will get installed.

CLICK BEGIN

REQUIREMENT CHECK

CHECK COMPLETE - Click Continue 

ACCEPT THE LICENSE AGREEMENT

GOTCHA - 

If you have Sonicwall Gateway AntiVirus configured correctly, you will get this error

You can temporarily shut the AV and add the two sites later to the exclusion of the AV

GOTCHA:

If you get a file in user error, check the path, if its part of IIS 

Just open the IIS Manager and temporarily stop the site.

Don’t forget to re-start the site when the update is completed

IIS Manager - Right-click and stop the site 

DONT FORGET YOUR MASTER PASSWORD you don't need master pw during the update but you can reset the master pw if you forget it. Master PW's are used for installs 

This is the master Password window

The update will continue upgrading the old version 8 or whatever version you have
We have seen upgrade times of 15-20 min depending on CPU and subsystem
You may see the upgrade sit at backing up for over 10min or more
Check TaskManager and watch the SQL and Ajera processes. You will see CPU movement on these processes during your upgrade.

UPDATE IS A SUCCESS !!  Now restart your Ajera site in IIS then have someone test access and verify some very recent entries.

Ajera - Running Two Database Instances Onsite

Ajera and other cloud based vendors would love for you to host you data with them in the cloud.  This can be a great move for a small office, but as you grow, you weigh cloud vs onsite costs and on site kicks in as less expensive quite a few times.

We have one client that would like to host another database for a recently purchased company which needs to be completely separate from the existing Ajera installation.

Ajera (after numerous emails and discussions) does not like two DB instances on the same network. They feel data can get corrupted.

Well our solution will be the following:

-Create another VM strictly for the newly acquired company and install Ajera. Our existing Ajera only VM just hums no issues for 3+ yrs.
-Give the VM the required system specs.
 -Create a new HyperV virtual switch with a VLAN tag of 5.
-Create a new subnet.
-Assign the VM an IP of the new subnet.
-Sonicwall Create a new VLAN network interface  VLAN tag 5 for the subnet .
-We can add the new subnet to an old machine lying around to keep nice and cozy for Ajera.

And we think that should cover it and make Ajera happy as the last email they didn't see an issue with this setup. 

The user will be accessing this new subnet/VM onsite therefore no SSL cert will be needed.

We will keep you posted of developments.

Too Many HP AirPrint Printers on Your Network

You may have a client with a few air printers and of the same model which makes looking on an iphone or Android more confusing as the names are all the same followed by the MAC address.

If you want some order to this chaos go to the HP web page of the printer.

On older models this is called Bonjour Service.
Just change the Bonjour Service Name to a more location appropriate name and SAVE.

On newer HP printers you need to be directed to the HTTPS secure page

Then go to AIR PRINT Status, click EDIT SETTINGS

Change Printer Name to a more location appropriate name and APPLY

Altaro Backup Error "BASEBACKUPCONTROLLER_18"

We use Altaro Backup exclusively. We swear by the product and the support has been awesome when needed.

There are times we need to learn to resolve issues ourselves as it give us a bit of satisfaction that we can accomplish solving issues on our own without hand holding at times.

We moved a VM from one host to another over the weekend. New Server hardware.
Everything was running well from the Altaro backups to the running of the VM on the temp server we installed to get the server off a failing Dell server. So failing server to temp server: all good.
Temp server to new server hardware: failed backups.

We built and brought in a new INTEL server system with 2016 Server.
E3-1230v6, 32GB Ram, 3.7TB usable storage.
We use a Buffalo TeraStation 3410DN for backups.
We use the latest Altaro software release for backup.
We team  2 Host nic's and 2 VM nic's - vm queues off, jumbo frames on.
Copied the VM back to the new server.

After the VM copy we had to reestablish the VM static IP and booted the server. All was well.

When we went to do our first Altaro backup we had a failure of the backup.
The backup started.
Backup preparing.
Then the error happened right at the creating shadow copy.


STARTED WITH THIS ERROR:

On Fri, 18 Aug 2017 00:18 A Warning occurred during a backup for SERVER-VM

Hide Details
The backup snapshot for this VM is not application consistent. The backup will proceed in crash-consistent mode. (Error code 'RCTCONTROLLER_011')
Please make sure that backup integration services are enabled for the VM. Otherwise check the event logs within the VM. If the issue persists please contact Altaro Support.




WHICH LEAD TO THIS ERROR:


The operation encountered an error. (Error code 'BASEBACKUPCONTROLLER_018')

An error occurred while opening a virtual disk (Error code 'VIRTUALDISKSTREAM_002')

The backup snapshot for this VM is not application consistent. The backup will proceed in crash-consistent mode. (Error code 'RCTCONTROLLER_011')
Please make sure that backup integration services are enabled for the VM. Otherwise check the event logs within the VM. If the issue persists please contact Altaro Support

We did some searching and found a few that said RESTART COM and DCOM and VSS Service.
No luck there

We found another from Altaro that basically covered all the possible issues Alot in ther "Gulp". We did not try all the options in this support post. We did try ADD SCSI CINTROLLER TO VM. This did not work.

We checked VSS writers - All looked good. No errors there.

We checked our event log and found a few cryptic NTDS and a VSS error. Unable to access.

Ahh, might be a permission error.

Which after searching, led us to this smart fella:

Igor Puhalo who runs the site: IP Loging

And this did the trick:

If you have this error you probably installed DHCP server role on your server. Very detailed explanation and solution you can find on Microsoft link https://support.microsoft.com/en-us/kb/2298620 It is the same for Windows Server 2012/2012 R2 version.

If you want to keep things simple all you need to do is add Network Service account on this registry key HKLM\System\CurrentControlSet\Services\VSS\Diag . After you give it full permission this error will be gone.

And his comment confirms our exact VM setup:
If you dont see this error in Event log after some time it is fine. If you want to see it again just take network service full permission in the same registry key. This error usually happens on DC with DHCP installed. I hope I helped. Just ask. If I have an answer I will post it


Thanks to Igor for posting this great find !

Intel Server Build with S1200 Series Board with 4TB usable VM storage On Site Solution

We've been building servers for a long time. We are an Intel channel partner and have enjoyed their excellent server products along with their very professional server support when needed.

Lately, we have been building quite a few S1200 series servers along with the P4304XXSHCN chassis for a HyperV 1-2 server solution for our clients.

We will follow the install of this server setup at a later date.

Our builds have been as follows:

CHASSIS: Intel  P4303XXSHCN with 4 HOT SWAP Drive Bay and 1 550Watt P/S
MOTHERBOARD: Intel S1200SPS Motherboard
MEMORY: 2 x 16GB Kingston ECC memory 32GB total
CPU: Intel Xeon E3-1230 v6 CPU  4 core / 8 thread  3.50Ghz.
HARDDRIVE: 4 SEAGATE or WD equivalent SAS 2TB in RAID 10 config for VM's
HARDDRIVE: SSD Intel 3510 120GB for Host O/S
NETWORK: Intel E1G42ETBLK Dual Port Gigabit Ethernet
RAID: Intel RS3WC080 8 Port RAID card
BACKUP: Buffalo 3010 Series NAS
BACKUP SOFTWARE: Altaro HyperV Backup Unlimited Edition with  DeDupe
UPS: APC 1500 VA

You can build these ten ways to Sunday and there could be guys out there that may disagree with our build but we have had no issue what so ever with this system. Ever.

No power supply redundancy. Well do you know how many times an Intel server P/S went down on us in 15 yrs. "0" That's just our past knowledge talking to us when you pair the server to a good UPS. I'm just using common sense here and giving our clients a cost effective in house solution for their business.

We run a DC VM or a DC and app server VM with no issue for 10-20 user offices with no performance issues.

We can update the chassis and storage to go 8 bay 4TB x 8 for 16TB of storage or 6TB x 8 for 24 TB of storage. SATA or SAS  - We can build to suit if interested. Contact us at 732 528-4975 or info@calldataserv.com

Always update your server to the latest BIOS.

Photos for documentation and cabling purposes:

Motherboard mounted

Backplane accessory wiring

CPU Fan power connectors
2 x 16GB Memory modules placement
Power connectors

RAID Card and cables used - Connected to Port '0" on Card

RAID Cables

Backplane photo with SAS cables connected 

Notice your port assignments

The very tried and true 3510 Intel SSD for the 2016 Server Host O/S

Got these on Amazon, hence the Dell logo as our regular distributor was allocated on this fine SSD

Four Seagate Enterprise SAS 2TB RAID 10 5yr warranty

Front bays - labeled to show right to left port assignments

Our SanDisk 16GB USB nib with Server 2016 O/S ready to install 

Also to be used to reinstall O/S incase the SSD tanks

BIOSUPDATE
First thing after the server is built we update the BIOS
We went with this package: Intel® Server Board S1200SP Firmware Update Package for EFI

This package will not work as it is used to create a WinPE envrionment
Intel® Server Board S1200SP Family BIOS and Firmware Update for Intel® One Boot Flash Update (Intel® OFU) Utility and WinPE


Use a USB drive 8GB
Format Fat32
Copy unzipped BIOS contents (root data) to the drive
Boot to the EFI shell  Press F6 during boot
If the Shell does not pickup the files and start the script automatically Change drive to USB drive
The EFI shell will default to fs0:
We had to change to fs3: (with colon) as that was our USB drive location, then RUN>startup.nsh
Its should automatically start the BIOS update

The update will ask you if you want to update the following:
SDR only
FRU only
SDR & FRU   - This option will ask for additional chassis update info
Modify asset tag only
Exit FRU/SDR Update

Weekly SonicWALL rebooting

​This is a bit crude, has no actual day or time of choice.

But my guess is you'll need to start this at the actual time you want to reboot.

Go to your sonic IP

Log in

The change the ending url after your internal IP to  /diag.html 

Example  https://192.168.0.1/diag.html

Then scroll down to DIAGNOSTICS​ - a bit past half way down

 

Once a week = 10080 minutes

Log in Sunday at 11pm or week and time of your choice.

Add your minutes, click ACCEPT top of page, and you should be good.

Check your log to verify.​

Upgrading and updating Deltek Ajera: Some gotcha's

Trying to upgrade/update  Deltek Ajera can go fairly smooth most of the time.There are some gotcha's that will crop up to interfere with the update/upgrade.

We have been running Ajera in a VM flawlessly for over 2 years for some architectural/engineering firms. We have just Ajera running on this machine plus a small billing add-on. That is it.

We install and use Microsoft SQL Management Studio to backup and manage the backed database in Ajera.

We actually tried to do a backup from the task window only for it to fail.The backup worked flawlessly in SQL Management Studio

If you're interested in contacting us. call 732 528-4975 and leave a message or email support @dataservsupport.com with your needs.

Here we go:Start by clicking Ajera Server Administration. On our server 2012r2 this is in our start menu.

Then TASKS.

Then UPDATE AJERA 

 You also have the option to backup and restore Ajera

The update will back up your existing DB

This backup hung for us for some odd reason- we decided to install SQL management studio and do the backup inside SMSE  1.3gb database took 3-4 min to fully backup successfully. 

Backups will depend on database size and hardware system and may take longer due to your environment. 

We recently did a 9.00 to 9.10 and the backup took about 15 minutes using the backup database on tasks menu inside Ajera.

Click BEGIN, then It will then check Pre-Requisites

Click Continue

Accept the license agreement

GOTCHA: 

If you have Sonicwall Gateway AntiVirus configured correctly, you will get this error

You can temporarily shut the AV and add the two sites later to the exclusion of the AV

GOTCHA:

If you get a file in user error, check the path, if its part of IIS 

Just open IIS Manager and temporarily stop the site.

Don’t forget to re-start the site when the update is completed

Set your master password in the new version, write it down !

The update will continue upgrading the old version 8 or what ever version you have
We have seen upgrade times of 15-20 min depending on CPU and subsystem
You may see the upgrade sit at backing up for over 10min or more
Check TaskManager and watch the SQL and Ajera processes. You will see CPU movement on theses processes during your upgrade.

All done  - Restart IIS , then go to http://127.0.0.1/ajera to check your work

Office365 Calendar and Contacts Share Permissions

Here is a list of permissions you can grant 365 users to your company Office365 shared calendar and contacts.  Very handy to have when sharing critical company contact info.

Example: Part time or temp users - Grant them as REVIEWER, as they can just look, but not add or delete.

Should you wan them to add contacts, then its CONTRIBUTOR you would assign that user.

Office 365 - Mail and Calendar folder permission levels

If someone has shared a mail folder or their calendar with you or designated you as a delegate for that folder/calendar, then you have permission to perform certain activities in that folder/calendar. The extent of the activities you can perform mail folder or calendar you are a delegate for, depends on your role (or combination of permissions) for that mail folder/calendar.

---

Mail folder permission levels

Owner: Create, read, modify, and delete all items and files, and create sub-folders. As the folder owner, you can change the permission levels others have for the folder. (Does not apply to delegates.)
None: You have no permission. You cant open the folder.
Contributor: Create items and files only. The contents of the folder do not appear. (Does not apply to delegates.)
Reviewer: Read items and files only.
Non-Editing Author: Full read details. Create items. Delete own items. Folder visible.
Publishing Editor: Create, read, modify, and delete all items and files, and create sub-folders. (Does not apply to delegates.)
Editor: Create, read, modify, and delete all items and files.
Publishing Author: Create and read items and files, create sub-folders, and modify and delete items and files you create. (Does not apply to delegates.)
Author: Create and read items and files, and modify and delete items and files you create.
Custom: Perform activities defined by the folder owner. (Does not apply to delegates.)

Note - With author or editor permissions, a delegate has send-on-behalf-of permission. Sent messages contain both the managers and delegates names. Message recipients see the managers name in the Sent On Behalf Of box and the delegates name in the From box.

---

Calendar permission levels

Note: The list below contains names of permissions levels in Outlook on the web - Outlook desktop client, respectively.
Availability only - Free/Busy time: Allows someone to view blocks of time as Free, Busy, Tentative, Away.
Limited Details - Free/Busy time, subject, location: Allows someone to view your Subject and Location. Events set to private will only display as Private Appointment to viewers.p>
Full Details - Reviewer: Allows someone to view your Subject, Location, Attendees, and Description. However, any event you mark as private displays simply as Private Appointment to viewers.
Editor - Editor: Provides read/write/modify access.
Delegate - Owner: In addition to "Editor" permissions, a delegate can also be selected to receive calendar notifications/requests/invitations. By default, 'Delegates' cannot view/modify events set to Private. You do have the option to grant the delegate the ability to view (full details) Private events.

The New NK2 File A.K.A the Streaming Autocomplete Cache File. Where did it go?

Since we been installing exchange and Office 365, almost everyone and I mean everyone seems to think their name cache file is their address book or related to the address book.

If you fail to import this file after a 2007/10 Office upgrade you will have some very sad or possibly angry users.

After upgrading office, this file may not be imported or upgraded along with the new installation.

Here is a screenshot of what the new NK2 file or now known as Stream-Autocomplete file provides.
When you start emailing people, the file will keep the email addresses available so the next time you type the first letter of the email similar names come up to choose instead of remembering and typing out the full email. Very convenient. BUT this is not your address book, although some address's might be in your address book.

Heres what we do to get the file back for the user after upgrading Outlook:

We locate the file usually in
C:\Users\*USER PROFILE*\AppData\Local\Microsoft\Outlook\RoamCache

You will see many other files in this folder, but you will be working with Stream_Autocomplete.

Depending on office version, we'v seen this in My Documents\Outlook folder in the current user profile.

If all is well, after the upgrade you may have (2) Stream_AutoComplete files.

The smaller or "0" file size is the new one which was created when Outlook was opened after the upgrade with no names (email addresses) in the cache.

The larger one is the older cache file with all the email addresses.

Copy the name of the larger Stream file including the hash numbers up to the DOT and paste it on top of the smaller stream file, reopen outlook and your stream file should be back.

If you see only one Stream_Autocomplete and the file is not being picked up by Outlook you need to perform the following to regenerate a new Stream_Autocomplete file.

Send out a few emails to different people. This will create a new Stream_Autocomplete file

Go back to the RoamCache folder and perform the copy, rename steps as shown above.

And that is the story of the Nk2 also known as the Stream_Autocomplete file.

Democratic National Committee (DNC) email servers hacked. What Email does the DNC use?

In this wild and crazy 2016 presidential election its very interesting the DNC email servers got hacked and documents were released just before the DNC convention.

Well, we did some investigation into what email system the DNC is actually using.
They seem to use two domains DEMOCRATS.ORG and DNC.ORG which we found being used in this WikiLeaks doc along with Donna Brazile's personal .me email.

Running email (MX) record testing on DNC.ORG returns the following which seems like a private hosted exchange server at APPRIVER.   The domain was registered at ENOM and is registered with the Democratic National Committee, but no website shows up for dnc.org

Although, AppRiver does blow this security trumpet on their website "AppRiver's award-winning SecureTide email protection is included with every Hosted Exchange account, so you also have the best security in the business built in." So much for SecureTide.

Running email (MX) record testing on the domain DEMOCRATS.ORG the MX info came back with the following info:

GOOGLE APPS The business class version of GMAIL.

Now, does this mean Google Apps or AppRiver sucks at security. Not really. It's more likely means that someone at the DNC was careless in opening an email therefore infecting their PC and or the entire network.

Lastly the Dems have a website http://www.democraticnationalcommittee.org 

Doing a mail server lookup for this domain brings up GoDaddy purchased domain and Godaddys  free and low cost POP email servers. 

Most likely the DNC is not using this domain for email (hopefully). In fact clicking on the only contact link forwards you to the following email: info@maf.democrat which is also using the same GoDaddy free and POP email servers. Its possible these are just mail forwarding accounts.

As we always say here, practice good email security prevention as discussed in a previous blog post at BLOG.MPECSINC.ca

Remember, when Sony Entertainment got hacked, the Sony email system of choice was our personal favorite Office365.