Windows Firewall and non-secure FTP traffic

I was recently trying to setup an FTP server on server 2008 and could not get it to work properly. Turns out, even though the firewall had allowed the ftp service I needed to open port 21. I accomplished this by running the two simple commands.

Windows firewall can be configured from command line using netsh command.

1) Open port 21 on the firewall

netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21

2) Activate firewall application filter for FTP (aka Stateful FTP) that will dynamically open ports for data connections

netsh advfirewall set global StatefulFtp enable

Server 2003 System Volume Information folder filling up hard drive

So I have a VM with Microsoft Server 2003 running on it and the other day I noticed the hard drive only had 4gb of space left on it. So I went of to find what was going on. I found that the "System Volume Information" folder was being filled up by huge files which took 40gb of space! No wonder my backups were so big. So I searched and searched the internet and found this solution from the egghead cafe forum: Forum

There were other solutions I tried that did not work, one including turning off the system restore option which there is none in server 2003.

1. Open "My Computer".
2. Right click on the drive letter of the drive that is being filled, and click "Properties".
3. Open the "Shadow Copies" tab and click enable.
4. Then click Settings and set the use limit to something low like 300mb.
5. Now disable the setting. All of your files under the "System Volume Information" folder should be deleted.

Hope this helps someone! If you have any answers to why that folder might fill up in the first place and why enabling/disabling the Shadows Copies options deletes the files, please let me know.

Busy

For the past couple of months I have been busy with different things and have neglected to post anything on my blog.  I got maried a month ago tomorrow and have been settling in.  School has been keeping me really busy as well.  At work I have been working on creating a Silverlight 2.0 accordion control, similar to the asp.net ajax accordion control.  I'm still fairly new at programming and programming techniques so once I finish it I will post a tutorial on how to create the control.  

Till then, have a great Thanksgiving!!

Exchange Server 2007 Offline Address Book (OAB)

When I came into work today, I found I hadn't completely fixed the error with my Offline Address Book. While the previous post fixed a major issue, I still had problems. All the users kept getting a pop up authentication box saying they needed to log on to the OAB. When I ran the previous fix, every thing started working. However, after a period of time, no set time, the Outlook clients would start asking for a user name and password.

It seems now, every time I restart the Web Service, the authentication works properly. Well, I just created a new Self-Certificate for the web service because I noticed that autodiscover.domain.com was not one of the domains in the certificate. I changed that and everything seems to be working fine so far.

To add more than one domain name to a certificate, I used the following Exchange Management Shell command to create a certificate request: New-ExchangeCertificate -DomainName Myserver.domain.net, autodiscover.domain.net, autodiscover.domain.com -GenerateRequest:$True -privatekeyExportable:$true

After that, I created the certificate with the local server certificate website and completed the request with IIS.

I guess I'll see if this fixes this for good, though for some reason I have doubt that it will fix the problem.

EDIT: 9/26/08
Ok, so I finally figured out a solution to my problem. I found out that the OAB virtual directory was supposed to be set to not require SSL. But, whenever I would change it to not require SSL, then the clients could not download the OAB at all. It would return this error:

8:46:40 Microsoft Exchange offline address book
8:46:40 0X80190194

So I did a little more searching with that error and found another solution on Dgoldman's weblog. (http://blogs.msdn.com/dgoldman/archive/2006/11/27/Error-0x80190194-when-using-an-outlook-2007-client-to-download-a-web-distribution-enabled-oab.aspx). What I did not realize was that the system replicated the OAB files from C:\Program Files\Microsoft\Exchange Server\ExchangeOAB to c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\. So I checked the second folder, Client Access\OAB, and the files had replicated.

I figured it must be a permission problem since the files had been replicating. I created a new OAB to see what the permissions where and sure enough, they were different. On the original OAB the permissions had somehow gotten really messed up. The only permissions should be Administrators and System with full control. Once I fixed that, then the clients could sync perfectly without having to restart any services.

This is one more problem I can check off my list! I've been trying to fix this for over a month now so it will be a nice change to not worry about that.

EDIT: 9/26/08
Just kidding with the last. There is something seriously wrong here. The permissions were correct.

EDIT: 11/24/2008

I know it's been a while since I've updated this, but I actually fixed the problem a couple months ago.  I finally had to convert the OAB virtual directory in IIS to an application and then it worked correctly.  It still works today and I haven't had problems with the syncing anymore since then so I know this was a solution to my problem.

Offline address book Connecting to Microsoft Exchange

Since I upgraded our Exchange Server to 2007, I've been having trouble with the Offline address book. The problem was that anyone using Outlook 2007 (never tried outlook 2003), whenever they pressed send and receive, it would hang on downloading the OAB. I tried everything out the wazoo that I could possibly think of.

Finally today, the problem has been fixed. I found a solution on this forum -http://forums.microsoft.com/technet/showpost.aspx?postid=2295580&siteid=17&sb=0&d=1&at=7&ft=11&tf=0&pageid=1

The very last posting states that they set the Default Web Site directory with a HTTP redirect and it applied it on the sub-folders including the OAB virtual directory. To fix the issue, I removed the HTTP redirect and set the right permissions for the webconfig file under the OAB directory.

If you browse to https://servername/oab/[code]/oab.xml you will get an error 500.

To fix, browse to the physical location on the server where the webconfig (c:/exchange/ClientAccess/OAB), right click the file and click properties. In the security tab, set read permissions for everyone.

That is it. After a month of this issue, I finally found a solution.

EDIT: 11/24/2008

See the next post for a real solution.