/etc/udev/rules.d/70-persistent-net.rules

Select the language option that you want to upgrade.

Previously I installed from the DVD so I only updated the DVD languages. Then press the Install Microsoft Exchange Server Upgrade to start the upgrade process.

Press Next to get started.

The system will then do some readiness checks.

If not, you will get an error like this.

Press the Upgrade button once all the checks have passed.

Exchange will then go off upgrading the system automatically.

The upgrade process is done.

It’s pretty straight forward.  I have my test environment broken up, so in this upgrade I only updated the Mailbox role which took about 8 minutes.  Your times will vary depending on how your servers are configured.  For a fairly basic setup, it was simple painless and straight forward.

emerge -v app-emulation/open-vm-tools

As an update to this, I had some problems getting this working since the last few updates (As of December 10th, 2009). Have found a way to get it to work again though.

Emerge the additional modules that are needed with:

emerge -v app-emulation/vmware-modules

Then rename (or delete) the *.la files in the following directory:

cd /etc/vmware-tools/plugins/common
ls -l *.la
-rwxr-xr-x 1 root root 1093 Dec  9 11:17 libhgfsServer.la
-rwxr-xr-x 1 root root 1108 Dec  9 11:17 libvix.la

This last part I found is a bug for right now so hopefully it should be addressed in the future.

1. First remove the troubled server from your servers list.  Becareful to Remove from Inventory and not Delete from disk.
2. SSH into your VMware server and go to the /vmfs/volumes directory and then into the path where your troubled VMDK is residing.
3. I like to have the directory name the same as my machine name, so I move the directory to a different name before readding the system otherwise /vmfs/volumes/<storename>/domainad readded will become /vmfs/volumes/<storename>/domainad_1 or something weird like that.
4. Start by adding a new virtual machine and select custom.
5. Type in the machine name.  Again I like to keep things clean so I use the previous system name.
   

   machinename

6. Select the datastore where the problem system resides.
   

   Select datastore where troubled system is.

7. From here on you need to make sure that you select the same settings as you had before otherwise the system will not start up.
   

   Machine Version Type

   

   OS Type

   

   CPU Count

   

   Memory Amount

   

   NIC Card

   Selecting the disk type is really important.  I picked the wrong one initially and the OS would crash as soon as it started loading what I assume was the disk drivers.

   

   Disk Controller Type

8. From here it is important that you select the Use an existing virtual disk option to restore your system back to working order.
   

   Use an exisiting virtual disk

   

   Select the original VMDK from the datastore

9. Complete the configuration and go back to the terminal window.  Again in keeping everything clean, you need to move the VMDK that you just reconfigured to the proper directory.  Otherwise you will have a system taking up two directories.
10. From the old directory, you only need to move the <servername>.vmdk and the <servername-(type)>.vmdk to the newly created directory.
11. After moving the virtual disks over, edit the <servername>.vmx file and change the (depending on disk count) scsi0:0.fileName from the oldpath to the newpath.
12. Save the changes and exit out of the terminal.
13. With luck, you can start up your server again and should have no problems getting it to start.

I initially got the idea from the VMware KB article located here.

It can be found in the Microsoft KB246153 article.  It is fairly straight forward, even a little too much as after installing it I couldn’t tell if it installed correctly.  After you run it, start or restart outlook and then to start using it, all you need to do is right click on the folder and run the “Deleted Items Recovery” either from right clicking or going to Tools > Deleted Items Recovery.
Should you need to be trying to recover mails that were hard deleted you might heave a chance to get them back here before the server wipes them permanently.  It also save the hassle if having to go to archive or backup to try and retrieve the missing file.

Probably the best thing to do, as per Symantec’s website is to backup all the pertinent information.  Which can be found here.  However, sometimes this isn’t even enough.  One thing to do first after trying to reinstall the system, is to change the DomainID.  Do this by:

1. Opening the Symantec Endpoint Protection Manager Console
2. Click on Admin
3. Click on Add Domain
4. Enter the domain name (use default2 or something and rename to default when deleting the new “old” default)
5. Company and contact list are optional.
6. Most important enter the previous Domain ID that you were using before reinstalling the SEPM services.

Symantec Endpoint Manager

Hopefully if all goes well, then you should see all your clients in the Clients area and everything should return back to normal.

However, for me that wasn’t the case.  For some reason my database became corrupt and wouldn’t let me revert back to the old ID.  So I had to install a new database with the previous DomainID.  But my clients would not join after doing this.  Of course as its a new database and everything is empty, only the DomainID was the same.   Which means you need to replace the sylink.xml file on every computer that was connecting to the managing server.  The appropriate sylink.xml file can be found in the following directory:

x64 machine – C:\Program Files (x86)\Symantec\sepm\data\outbox\agent

x86 machine – C:\Program Files\Symantec\sepm\data\outbox\agent

There will be directories with a long string of numbers and random letters.  You need to go into each one and view the Profile.xml and the very top of the file will be the <GroupInfo Description=”<yournamehere>”…>  After finding the appropriate folder/group that you want to reset to the clients, use the sylink.xml file in this directory to replace on that computer.  If you are in the same room, you can go to each computer, load an Admistrator level command prompt and go to the directory:

%PROGRAMFILESDIR%\Symantec\Symantec Endpoint Protection

To replace the sylink.xml  However, if the SEP client is running you cannot just copy the file here.  You will get an access violation error telling you that the file is in use.

Sylink.xml Copy Error

To successfully change the file, At the command prompt where SEP resides run:

smc -stop

copy over the sylink.xml file

smc -reload

smc -start

Almost immediately, you should see the green dot appear that the client is connected again to the server.  Problem solved.

However, doing this for more than a hand few of machines is less than ideal.  You can use the Symantec “Syslink Replacer” to do this remotely.  (This is a support tool from them, so actually the the link has no file you need to ask Symantec as it might get taken down.)  There is a PDF description also included with this.  So, I won’t go to much into the basics on how to use it.  But it does what you just did above automatically and remotely.  What I can say, is that you need to make sure that you have all the proper remote ports open (Port TCP139&445). Also, the “Remote Registry Service” also needs to be initiated as well for this tool to work properly.  Otherwise the client will fail and the sylink.xml file will not be replaced.  By default, it starts automatically in XP, but in Vista and Win7 it does not.  I am sure there are lots of ways to do this, but for this time I just started the service remotely by using RCF+ windows gadget.  A small desktop gadget for Vista/Win7 that will let you do lots of things from your desktop over your AD network.

Hope this might help anyone who has ever had a SEPM go south on them.

Port Number Port Type Initiated by Listening Process Description 80, 8014 TCP SEP Clients svchost.exe (IIS) Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older). 443 TCP SEP Clients svchost.exe (IIS) Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers. 1433 TCP SEPM manager sqlservr.exe Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers. 1812 UDP Enforcer w3wp.exe RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer. 2638 TCP SEPM manager dbsrv9.exe Communication between the Embedded Database and the SEPM manager. 8443 TCP Remote Java or web console SemSvc.exe HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port. 9090 TCP Remote web console SemSvc.exe Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only). 8005 TCP SEPM manager SemSvc.exe The SEPM manager listens on the Tomcat default port. 39999 UDP Enforcer Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer. 2967 TCP SEP Clients Smc.exe The Group Update Provider (GUP) proxy functionality of SEP client listens on this port. The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 – Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS. Client-Server Communication: For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812. Remote Console: 9090 is used by the remote console to download .jar files and display the help pages. 8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data. Client-Enforcer Authentication: The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.

You can find the original link here.

Axiotron Modbook

You can read more on their comparison page.  I thought this would be something neat to get until I looked a bit closer.  As Apple really doesn’t like people selling Mac clones, at all, I wondered how this works.  Basically you’re modding your current MacBook that you have/buy modified.  Hence the name ModBook.  So, I suppose Apple doesn’t mind as you already bought their hardware.  I thought it was quite interesting as well, until I saw that it was just a modified MacBook.  The fact that it’s almost ~3cm (~1in+) tall and that it weights 2.4kg (5.3lbs) is a bit of a downer though.  I wanted to try out something like this.  It seems a bit too thick and heavy to carry around to wield easily for a tablet PC.   Still would like to give out a test though.

But the best part is, among from what i said earlier is that you can buy it now.  No need to wait.  You can see the distributor page on their website as well to order one online.  How about that?

Exchange 2010 went RTM about a month back and now it is finally out for download and use.

Also at the same time, it seems that Microsoft also took this chance to release their beta of upcoming Office 2010 as well.

Take a look at the Microsoft TechNet site for more information and a free trial download.

Configuring the Windows Time service to use an external time source

To configure an internal time server to synchronize with an external time source, follow these steps:

1. Change the server type to NTP. To do this, follow these steps:
   1. Click Start, click Run, type regedit, and then click OK.
   2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

      

      Change type to NTP

   3. In the right pane, right-click Type, and then click Modify.
   4. In Edit Value, type NTP in the Value data box, and then click OK.
   5. Your modified value should look as such:
      

      Changed to NTP Type

2. Set AnnounceFlags to 5. To do this, follow these steps:
   1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

      

      Change the AnnounceFlags Value

   2. In the right pane, right-click AnnounceFlags, and then click Modify.
   3. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
   4. The modified value should look as such:
      

      Changed AnnouncedFlags Value

3. Enable NTPServer. To do this, follow these steps:
   1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

      

      Enable the NTP Server

   2. In the right pane, right-click Enabled, and then click Modify.
   3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
   4. Your changed value should look as such:
      

      Enabled NTP Server

4. Specify the time sources. To do this, follow these steps:
   1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
   2. In the right pane, right-click NtpServer, and then click Modify.
   3. In Edit Value, type Peers in the Value data box, and then click OK.
      

      Modifying the NTP Servers List

      Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0×1 to the end of each DNS name. If you do not append ,0×1 to the end of each DNS name, the changes made in step 5 will not take effect.  You can add additional NTP servers with a single character “space” between the ‘,0×1′ and the next server.  Look at my screenshot below for a visual explanation.  I recommend setting three as this is usually the standard for NTP.  You can go to the NTP Pool website here to find what servers work best for you.  Closer to you is always better.  In my case, I used the Japan pool.

      

      Modified NTP Server Source List

5. Select the poll interval. To do this, follow these steps:
   1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
   2. In the right pane, right-click SpecialPollInterval, and then click Modify.
   3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
      

      Change the default polling period

      Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.  This will tell your domain controller to communicate with the NTP pool servers that you just set to make sure that it is within the correct time boundaries.

      

      Modified Poll Interval Time

6. Configure the time correction settings. To do this, follow these steps:
   1. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
   2. In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
   3. In Edit DWORD Value, click to select Decimal in the Base box.
   4. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.

      Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

   5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
   6. In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
   7. In Edit DWORD Value, click to select Decimal in the Base box.
   8. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
      

      Modify the Correction Time

      Note TimeInSeconds is a placeholder for a reasonable value, I usually use double what I set the poll interval to.  In this case 30 minutes or 1800 seconds. The value that you select will depend upon the poll interval, network condition, and external time source.

      

      Modified Phase Correction Time

7. Quit the registry editor.
8. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
   net stop w32time && net start w32time

   

   Restart the Time Services

9. The time then almost immediately updated to the correct time as you can see in the next two pictures of the corrected time and also in the event log (eventvwr.msc)
   

   Updated to correct time

   

   Event Log of Time Services

I hope that this helps anyone who is trying to setup an authoritative time server in their Windows Domain network.  It’s not really hard.  Just make sure if you are changing multiple machines that the time you are modifying isn’t terribly huge.  (ie. half a day or something.)  If you change one AD machine and the clock jumps forward or back half a day (probably due to a time zone setting) the other servers will loose trust between the other machines.  Authentication processes will stop working and whatever else is based on those servers trusting each other.  A snowball of problems so just might want to keep that in mind.

This process was taken from the Microsoft article source KB816042.