New Exchange 2007 Tools from U-BTech

I was showing a client the “Exchange Tasks 2007” tool from U-BTech website yesterday and noticed some new free tools for Exchange 2007 and Windows 2008.

• Certificate Manager for Exchange 2007 -Exchange 2007 enables SSL within IIS by default. Using PowerShell commands, certificate creation and management is quite confusing and often results with incorrect results due to the nature of the syntax. U-BTech Solutions is providing Certificate Manager for Exchange Server 2007 freely, to ease the process with a simple, easy to use GUI.http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
• SimplyPSO – Windows Server 2008 introduces a new feature to create separate password policies for different users or groups within the same Active Directory domain. In all previous versions of the Windows Server family of products, password policy has been configured on the domain level alone. The new feature is called fine grained password policy objects and is available when the domain functionality level is set to: Windows Server 2008 native. Unfortunately, there is no simple user interface to configure Password Settings Objects in the Windows Server 2008 environment and in order to configure PSOs, we need to dive deep into the ADSI editing tool. SimplyPSO is a graphical and useful tool that can be invoked directly from the Active Directory Users and Computers snap-in. http://www.u-btech.com/products/simplypso.htm
  
• ESIEMail Protector – ESIEMail Protector (pronounced EASY Mail Protector) is a product dedicated to one goal: “Securing your email communications”. By using ESIEMail Protector you can use Encryption, Digital Signature and IRM Permissions (Information Rights Management) to secure your messaging environment, hence the name. http://www.u-btech.com/products/esiemail-protector.html

Advertisement

VMware Site Recovery Manager Service Account

You are probably wondering what I am talking about because the VMware Site Recovery Manager Service in the Windows Services manager runs as “Local System”.

The service account I am talking about is the one that is used by the SRM service to pair the sites together and to connect to vCenter. This is the account used for Credential Based Authentication.

I stumbled upon this after the VMware Site Recovery Manager service wouldn’t start. I looked in the log file located in the C:\Documents and Settings\All Users\Application Data\VMware\VMware Site Recovery Manager\Logs” directory. I opened the latest vmware-dr-x.log file and found this.

Failed to login to VC:

Unexpected MethodFault (vim.fault.InvalidLogin) {

dynamicType = <unset>,

msg =
“Login failed due to a bad username or password.”

As soon as I saw that in the log file I new what had happened. The admin that had installed SRM had changed his password.

I looked in the “Site Recovery Manager Administration Guide” and found a command line tool called srm-config.exe on page 86. On page 86 there is a section called “Reinitializing credential-based authentication after a user ID or password change“.

I created a new local administrator on both SRM servers named SRMAdmin, gave the account vCenter Administrator permissions and SRM Administrator permissions.

I then ran this command to change the account in SRM.

C:\Program Files\VMware\VMware Site Recovery Manager\bin>srm-config.exe -cmd updateuser -cfg ..\config\vmware-dr.xml -u SRMAdmin

After I ran this on both SRM servers I was able to start the service.

I then had to reconfigure the connection between the two SRM servers.

There isn’t really any recomendation in the admin guide about a dedicated account for SRM. The only reference to the fact that it even uses an account is on page 34 when it is talking about using Credential Based Authentication and on page 86 in the srm-config.exe section.

VMware should add this to their guide.