If you manage a Lync 2013 server, you probably have looked through event viewer to find this little bugger; Event 21054.
You’ll notice this event is generated whenever the address book is updated with Update-CsAddressBook cmdlet or after the maintenacne that is run every day.
The following is a sample of the event log information details:
Users are not indexed in the database that should be.
Expected indexed user count: 0
Actual indexed user count: 136
Cause: User replication issue.
Run Update-CsAddressBook to synchronize all accounts.
How lovely, it didn’t resolve the issue. All googling will state run “debug-csaddressbookreplication” and if not indexed objects and Abandonded objects are 0 then…..
You guessed it! MS favorite quote “You can safely ignore it.”
Better yet MS fix this already!
Jan 2018 Update
I have no clue if this is still a problem, I generally don’t look in event viewer unless somethings broken. However if you are running Zenos, PRTG or some other monitoring software that ties into some windows servers event viewer, you’d have to filter it there.
I am the worst at writing blogs. I seldem get excited enough to write anything. But today…. TODAY! I feel like this is going to be a good blog.
A fanastic blog… anyway, so I moved into a new place, but have my server still running at my old place I run a very lightwheight server from there.
pssssst, it’s really just a router but perfect for hosting a network shares, torrents, web servers (
cough this page), ssh and smb ( cough this as well)
If you haven’t heard about DDWRT, I’d suggest you check it out here
Anyway, while i use SSH tunnel to manage this router via CLI, I can always tunnel its web management interface port, to my local machine and manage it that way too.
Yes most changes does cause it do it a soft reboot and breaks the connnection, a simple reconnect after a couple minutes useally all it takes.
I figured I’d just forward the servers SMB port just like I do most of my other ports… to my dismay it didn’t work… so I decided to GOOGLE!
As it turns out, there is more tweaking required to do this that I first thought, like disabling the SMB service at start-up, and using a loopback interface..
If you have a Windows share server (SMB) at home and happened to have SSH for management also available, then check this link out!
Bye for now….
Jan 2018 Update
These are always neat tricks to keep in the back of your head, even if your playing around just for fun. I wouldn’t see the real world use for this type of hack today as everything is pretty much OpenVPN or some other VPN solution. Still love my SSH though.
Lucky the link is still active otherwise this post would be as useless as tits on a bull.
Usually the issue is one or a combination of the following things below:
1) In certificate template Subject tab wasn’t switched to Supply in request.
2) The enrollment permissions on the certificate are incorrect.
3) The Template was created for a 2008 R2 CA, but the forest level is still on 2003. A 2008 Cert Template can only be selected if the CA is on a 2008 R2 Server, AND the forest level is at 2008 R2.
4) IE was not opened with elevated creds, even if logged in as a domain admin account, right click IE > run as Admin.
5) Last but not least, You have to add the template to the CA to allow it to be issued.
Open Certification Authority MMC snap-in, select Certificate Templates node. In the Action menu, select New and Certificate Template To Issue.
Enjoy signing certificates on your enterprise CA!
Jan 2018 Update
Even I’m not sure what the heck this post was about, but if my memory serves me correctly, it’s when you attempt to use a particular Certificate template in either the MMC snap-in or the CA’s web portal and find the certificate is not available from the drop down menu to be selected.
Kinda wish i would have referenced some of these claims, but I’ll take my own word for it. Haha 🙂
As an Windows Server administrator, you may find yourself wanting to run some commands or do some tasks on an end users system.
Theres an awesome tool package on MS site called sysinternals, developed by an awesome guy named Mark.
However, I was having issues accessing UNC paths until I provided the options for the admin creds,
even though the cmd prompt that was running the psexec command was already elevated with the same creds.
Then I was having issues accesses local system files until I discovered the -h option.
To have full CMD on remote systems:
“psexec \\remotesystem -u domain/adminaccount -p passowrd -h cmd”
The -h is important as it pushes for an elevated token on Vista+ systems.
XCopy source destination /e /i /h (Copy all hidden and system files for profile use)
/e copy directories and subdirectories, including empty ones
/i assums directory on destination if copy more than one file and does not exist
/h copy hidden and system files
Now you can move all your Firefox settings, IE settings, and more remotely!
Jan 2018 Update
Use Robocopy, or better yet; PowerShell, instead of xcopy.