Real record of a disaster recovery
This article is possible to publish other media, in order to avoid copyright issues, please contact me.
Keyword: Disaster Recovery / Exchange Server / Windows 2000 Server
Real record of a disaster recovery
Hu Hao MCSA / MCSE / MCDBA / CCNA / CSTAR / MVP
First, Alarm! Disaster is Fall ...
Worse things always appear when people don't want it. On this day, the 4400 server, I suddenly died ...
According to the colleagues in the scene, the server suddenly slowed down and stopped network services until all responses were stopped.
To restore services, they only restart the server. After the server is enforced, the Blue Screen, the system reports stop: 0x0000007B error, INACcessable_boot_device. At first I thought just MBR is broken or NTLDR and NTDetect.com are broken, then I just need to use fixmbr and fixboot inside the fault recovery station. Since the server uses the hardware RAID, you can only use the F6 to load the RAID startup when the disc will start, and then enter the fault recovery table to see if you can access the system partition. After entering, you can see the system partition with DiskPart, but the system partition is no longer read, and the DIR command cannot enumerate any files and directories.
Speaking here, let me introduce the environment of the server. This Windows 2000 Advanced Server is the first Domain Controller in this domain (named Domian.com), five operating host roles (FSMO) are above. Limited to the conditions, the Exchange Server 2000 is run above, which is also used as File Server / Printer Server. There is also DHCP / WINS / DNS. The backup tape, the capacity is not enough to complete the full backup ..., so, the server's exit service is a real disaster. If there is no other Domain Controller, we have to be busy with a long time. It is because there are other Domain Controller, we still have a hope!
Second, missions Impossible? Impossible is nothing!
0, use other servers to replace network services
The impact of customers must minimize. Since the network is used to allocate addresses and providing network information in the network, we must first resolve the problem of client DHCP lease expiration updates.
I originally only this DHCP server, and now it's broken. So we installed DHCP on additional Server, the divided address range was 20%. The reason for this is that the client that expires the lease is not a lot, of course, can also be adjusted according to the length of the lease time and the number of clients, the faster update, the more addresses.
At the same time, we have installed WINS and DNS, and add the area and records originally set up for DNS.
1. Restore the domain controller
Active Directory is the cornerstone based on a Windows 2000 network environment. There are too many information saved here. With Active Directory, we can recover considerable server configuration information, such as DNS configuration. So we must first consider, that is, to restore the host role.
By the way, introduce the host role. Active Directory defines five operating host roles (FSMO):
Architecture host Schema Master
Domain name host Domain Naming Master
Relative identification number (RID) host RID MASTER main domain controller simulator PDCE
Infrastructure master Infrastructure MASTER
The architecture host is a unique domain controller that can update the directory architecture. The architecture update will be copied from the architecture host to all other domain controllers in the Active Directory Forest. There is only a unique architecture host in the entire forest.
The domain name host is the only domain controller that can perform the following tasks: add or delete the domain, add or delete the cross-reference object that describes the external directory in the forest.
The relative identification number (RID) host is a unique server responsible to allocating the RID pool to other domain controllers. When creating a security body (such as user, group or computer, you can understand an account), you need to combine the unique security identifier (SID) in combination with the identifier within the domain. Each domain controller receives the RID pool for creating an object (default is 512). The RID host ensures that these IDs are unique on each domain controller by assigning different pools. Through the RID host, you can also move the object between different domains in the same forest.
The domain named host is based on the forest, only one domain named host in the entire forest. The relative identification number (RID) host is domain-based, and each domain in the forest has its own relative identification number (RID) host.
The Main Dome Controller Simulator (PDCE) is primarily implemented backward compatible low-level clients and servers, that is, allowing the Windows NT Backup Domain Controller (BDC) to be used in Windows 2000 domain. The password change will forward the password change to the PDCE in the Windows 2000 environment. After the domain controller verifies the password, contact PDCE to check if the password can be verified. Because the changes may have not been copied to the currently verified domain controller that is currently verified. PDCE in the forests in the forest will synchronize with PDCE in the roots of the forest. PDCE is domain-based, each domain in the forest has its own PDCE.
The infrastructure host ensures consistency of all domain operating objects. This reference includes the global unique identifier (GUID), security identifier (SID), and distinguished name (DN) of the object. If the referenced object is moved, the domain controller in which the structural host role in the domain will be responsible for updating the SID and DN in the cross-domain object reference in this domain. The infrastructure host is domain-based, and each domain in the catalog has its own infrastructure host.
By default, these five FSMOs exist on the first domain controller (main domain controller) of the forest root, while the relative identification number (RID) host, PDCE, and infrastructure host in the subdomain exists in subdomains. The first domain controller.
[1] Clear information from the original Domain Controller
Because this server is no longer available, we must reinstall, so you need to remove the data of the original server from the Active Directory.
Complete this goal, you need to use NTDSUTIL. (For ease of reading, these commands have been folded, the crude body is input)
C: /> NTDSUTIL
NTDSUTIL: Metadata Cleanup Metadata Cleanup: SELECT OPERATION TARGET
SELECT OPERATION TARGET: Connections
Server Connections: Connect to Domain Domain.com
Select Operation Target: List Sites
Found 1 Site (s) 0 - cn = default-first-site-name, cn = sites, cn = configuration, dc = domain, dc = COM SELECT OPERATION TARGET: SELECT Site 0Site - CN = Default-first-site-name , CN = SITES, CN = Configuration, DC = Domain, DC = COM NO CURRENT DOMAIN No Current Server No Current Naming Context SELECT OPERATION TARGET: List Domains in Site
Found 1 Domain (s) 0 - DC = Domain, DC = COM SELECT OPERATION TARGET: SELECT DOMAIN 0
Site - cn = default-first-site-name, cn = sites, cn = configuration, dc = domain, dc = COM DOMAIN - DC = Domain, DC = COM No Current Server No current Naming Context SELECT OPERATION TARGET: LIST Servers for Domain in Site
Found 2 Server (s) 0 - CN = DC1, CN = Servers, CN = Default-first-site-name, CN = Sites, CN = Configuration, DC = DOMAIN, DC = COM 1 - CN = DC2, CN = Servers , Cn = default-first-site-name, cn = sites, cn = configuration, DC = Domain, DC = COM SELECT OPERAIN: SELECT Server 0
Select Operation Target: quit
Metadata Cleanup: Remove SELECTED Server
The dialog box appears, ask if you are sure to delete the DC. Press "OK" to delete the DC1 master server.
Metadata Cleanup: Quit NTDSUTIL: QUIT
Delete DC1 server objects in Domain Controllers from Active Directory Users and Computers, you can use the ADSI Edit tool. Adsi Edit is a tool in Windows 2000 Support Tools, and you need to install Windows 2000 Support Tool, the installer under the Support / Tools directory in the Windows 2000 CD. Open the ADSI Edit tool on DC2, expand Domain NC [DC2.Domain.com], expand OU = Domain Controllers, right-click CN = DC1, then select Delete, delete the DC1 server object.
Delete the DC1 server object in Active Directory Sites and Service, you can open the Active Directory Sites and Service in Administrative Tools, expand Sites, expand Default-first-site-name, expand servers, right-click DC1, select Delete, click "to confirm "Button confirmation.
[2] Seize five FMSOs to capture five FMSOs on the additional domain controller (for easy reading, these commands have been folded, the crude body is input)
C: /> NTDSUTIL
NTDSUTIL: ROLES FSMO Maintenance: SELECT OPERATION TARGET
SELECT OPERATION TARGET: Connections
Server Connections: Connect to Domain Domain.com
Select Operation Target: List Sites
Found 1 Site (s) 0 - cn = default-first-site-name, cn = sites, cn = configuration, dc = domain, DC = COM Select Operation Target: SELECT SITE 0
Site - cn = default-first-site-name, cn = sites, cn = configuration, dc = domain, dc = com no current domain no current server no current naming context select operation target: list Domains in Site
Found 1 Domain (s) 0 - DC = Domain, DC = COM SELECT OPERATION TARGET: SELECT DOMAIN 0 Site - CN = Default-first-site-name, CN = Sites, CN = Configuration, DC = Domain, DC = COM Domain - DC = Domain, DC = COM No Current Server No Current Naming Context Select Operation Target: List Servers for Domain in Site
Found 1 Server (s) 0 - CN = DC2, CN = Servers, CN = Default-first-site-name, cn = sites, cn = configuration, DC = Domain, DC = COM SELECT OPERATION TARGET: SELECT Server 0
SELECT OPERATION TARGET: Quit Fsmo Maintenance: Seize Domain Naming Master
The dialog box appears, press "OK"
FSMO Maintenance: SEIZE INFRASTRUCTURE MASTER
The dialog box appears, press "OK"
FSMO MAINTENANCE: SEIZE PDC
The dialog box appears, press "OK"
FSMO MAINTENANACE: SEIZE RID MASTER
The dialog box appears, press "OK"
FSMO Maintenance: Seize Schema Master
The dialog box appears, press "OK"
FSMO MAINTENANCE: quit
NTDSUTIL: QUIT
(Note: SEIZE is used to operate when the original FSMO is not online, if the original FSMO is online, you need to use the Transfer action)
[3] Set additional control (dc2.domain.com) is GC (global catalog)
Open the Active Directory Sites and Services in Administrative Tools, expand Sites, expand Default-first-site-name, expand servers, expand DC2.Domain.com (additional controller), right-click NTDS Settings to select Properties, then in "Global Catalog "The front tick, click the" OK "button, and then restart the server. [4] Reinstall and restore damaged main domain controllers
After fixing DC1.Domain.com, reinstall Windows 2000 Server on the DC1.Domain.com server. Basically, install the components in accordance with the original server, but do not install "certificate service" (installation "certificate service", it is not possible to perform an operation on the rename and domain. After installing Windows 2000 Server, run the DCPROMO to upgrade to an additional domain controller; if you need DC1.Domain.com to serve as the five FMSO roles, use the Transfer operation (Note: At this time, DC2 is online, no With SEIZE, you can only use Transfer. After completing, install "Certificate Service".
Set DC1.Domain.com to GC through Active Directory Sites and Services, and cancel the GC of DC2.Domain.com. At this point, fix the Active Directory section.
(Note: It is recommended that Domain Naming Master must be used as GC, not with Rid Master uses the same Domain Controller.
2. Restore the mail server
Since Exchange Server expands Active Directory's schema, save the configuration information in Active Directory, so we don't simply reinstall the event. Such a previous configuration information, including the address book structure, and other non-mail storage data. Let's try to repair step by step.
[1] Install Exchange Server
In order to adapt to the installation of the disaster recovery environment, Exchange Server, and the installation files of the following Exchange Server Service Pack provide / disasterRecovery parameters to implement system repair in disaster recovery environments.
We need to restore the system to the status of the crash. If SP and Patch are installed, the new system is also installed the same SP and PATCH.
The choice of installation components is also important, and must be consistent with the components installed at the time of the crash. Therefore, the installation configuration of the record software in everyday maintenance is also a very important job.
In this example, after installing the mail server, install the SP3 in turn, there is rollout, and restore the software installation before the crash.
[2] Repair mail storage
When the Exchange Server 2000 is corrupted, the information store is one of the components that are most susceptible to affected. In fact, many of the WINDOWS families are designed for databases that always work online, use the Exchange database engine. Information storage consists of the following four database files:
Priv1.edb
Priv1.stm
Pub1.edb
Pub1.stm
The Priv1.edb database file contains a Simple Mail Transfer Protocol (SMTP) message, which includes messages that are being transmitted and messages stored on the server. The Priv1.stm database file contains non-SMTP messages that are being transmitted and stored. The Pub1.edb database file contains a public folder store for SMTP format information. Pub1.stm contains a shared folder store for non-SMTP format data. Our mail server is Stand Alone, no site connector, and no key management is installed. So, we chose the recovery process of KB313184.
Since our database is abnormal exit, you need to confirm the consistency of the database. If the database is consistent, all log files have been submitted to the information storage. If the database is inconsistent, the database may not be damaged. Instead, the log file may be lost, damaged or not submitted to the database.
We run the following eseutil commands to check the consistency of public and dedicated databases (for easy reading, these commands have been folded, and the crude body is input).
C: / Program Files / ExchsrVR / BIN> Eseutil / MH "C: / Program Files / Exchsrvr
/Mdbdata/priv1.edb"c:/program files / exchsrvr / bin> Eseutil / MH "C: / Program Files / Exchsrvr
/Mdbdata/pub1.edb "
Note: This assumes that the program is running from the Program Files / ExchSRVR / BIN folder on the C disc, and the .edb file is in the Program Files / ExchsrVR / MDBData folder, if the upgrade is performed, these database files may be in C: / Exchsrvr / mdbdata folder. If the database is optimized, these files may be on another drive and can be replaced according to the actual situation.
To verify that the .edb file is consistent, check the output line labeled "State". In order to facilitate viewing of "> mypriv.txt" and "> mypub.txt" after the previous command line, two text files are generated. Or use the "|" parameter to output it by screen.
In our example, the database State on the server is "dirty shutdown", so you need to quickly fail to save your database to check if you store a copy of the log file in the MDBData folder.
Note: The following steps are not arranged in the order of operation, nor, every step must be executed, fix mail storage, you need to choose a step or several execution according to the actual situation!
(a) Save storage recovery with log files
When performing soft fault recovery, all uncommitted log files will be submitted to the information storage database. Open the folder residual in the database and log file, and then type the following on the command prompt (for easy reading, these commands have been folded, the crude body is input):
C: / Program Files / ExchsrVR / MDBData> "C: / Program Files / Exchsr /BIN/eseutil.exe" / R E00
Click Yes to run a fix. The utility will display the following message:
Microsoft (R) Exchange Server (TM) Database Utilities Version 6.0 Copyright (C) Microsoft Corporation 1991-2000. All Right Reserved.
Initiating Recovery Mode ... Logfile Base: E00 Log Files: (CURRENT DIRECTORY) SYSTEM FILES: (CURRENT DIRECTORY) Performing Soft Recovery ...
After completing the soft fault recovery, the program will display the following message:
Operation completed successfully in x.xxx seconds.
The eseutil / MH command can be run again. If the state of public information storage and dedicated information stored is changed to "consistency", it indicates that the database has been fixed.
(b) Storage recovery without log files or log files
If the eSEUTIL / R command does not recover the database to a consistent state, use the hard fault recovery (forced status recovery) command. (Note: This command may lose some Exchange 2000 data, including the message contained in the log file that has not been submitted to the information storage database. Microsoft suggests that public information storage or dedicated information storage is still not available after performing soft fault recovery This command is used when it is restored to a consistent state.)
At the command prompt, type the following command (for easy reading, these commands have been folded, the crude body is input):
Restore the priv1.edb file to a consistent status:
C: / Program Files / ExchsrVR / MDBData> "C: / Program Files / ExchsrVR / BIN / ESEUTIL" / P Priv1.edb
Restore the pub1.edb file to a consistent state:
C: / Program Files / ExchsrVR / MDBData> "C: / Program Files / ExchsrVR / BIN / ESEUTIL" / P Pub1.edb
Click Yes to run a fix. The utility will display the following message:
Microsoft (R) Exchange Server (TM) Database Utilities
Version 6.0
Copyright (c) Microsoft Corporation 1991-2000. All Right Reserved.
Initiating Repair Mode ...
Database: priv1.edb
Street File: priv1.stm
Temp.Database: Temprepair1820.edb
Checking database integrity.
Scanning status (% completion)
0 10 20 30 40 50 60 70 80 90 100
| ---- | ---- | ---- | ---- | ---- | ---------------- - |
................................................ .
The .stm file will be automatically included during the repair process. After completing this process, the program will display the following message:
INTEGRITY CHECK SUCCESSFUL.
(c) offline debris for mail storage
It is recommended to perform fragmentation of the repair database file. Especially when the disk space is insufficient. Such offline debris can be performed on another machine. If you run a soft fault recovery process for the Pub1.edb file and the priv1.edb file, run the following fragmentation commands for these two files (for easy reading, these commands have been folded, the crude body is input).
Debris for Priv1.edb:
C: / Program Files / ExchsrVR / BIN> Eseutil / d C: / Program Files / ExchsrVR / MDBDATA / Priv1.edb fragmentation of Pub1.edb:
C: / Program Files / ExchsrVR / BIN> Eseutil / D C: / Program Files / ExchsRVR / MDBDATA / PUB1.EDB
Note: If the stored database is large, it takes a while. If prompted disk space, copy the Program File / ExchsrVR / BIN folder to a larger disk, and then try to run this command from this location.
Delete all the .log files in the MDBData folder, .chk file, then delete the temp.edb file (if there is). Turn off all the service-sent services to avoid accessing the mail store during the repair process. Use the database once and then uninstall it (dismount).
It is recommended to perform fragmentation of the repair database file. Especially when the disk space is insufficient. Such offline debris can be performed on another machine. If you run a soft fault recovery process for the Pub1.edb file and the priv1.edb file, run the following fragmentation commands for these two files (for easy reading, these commands have been folded, the crude body is input).
Debris for Priv1.edb:
C: / Program Files / ExchsrVR / BIN> Eseutil / D C: / Program Files / ExchsrVR / MDBDATA / Priv1.edb
Fragmentation of Pub1.edb:
C: / Program Files / ExchsrVR / BIN> Eseutil / D C: / Program Files / ExchsRVR / MDBDATA / PUB1.EDB
Note: If the stored database is large, it takes a while. If prompted disk space, copy the Program File / ExchsrVR / BIN folder to a larger disk, and then try to run this command from this location.
Use the Isinteg.exe utility to run tests for all regions of the Pub1.edb database and the Priv1.edb database, and report the test results, and try to repair any problems encountered. (For ease of reading, these commands have been folded, the crude body is input):
C: / Program files / ExchsrVR / BIN> Isinteg -s (ServerName) -fix -Test AllTests
The system will prompt you to select the database you want to check.
Index Status Database-Name Storage Group Name: First Storage Group 1 Offline Mailbox Store (servername) 2 Offline Public Folder Store (servername) Enter a number to select a database or press Return to exit.
Note: Exchange 2000 is no longer in conjunction with the -patch option to implement the ISINTEG utility. The fix will be automatically executed by Store.exe when the information store is started.
You can only check the database marked as "offline". After selecting a database, the following message will appear, prompt to confirm our choice:
"You Have SELECTED First Storage Group / Mailbox Store
Repeat the repair process until the warning, error, or repair information is not reported, the report content is similar to the following:
Test Reference Table Construction Result: 0 Error (s); 0 Warning (s); 0 fix (ES); 0 row (s); Time: 0H:
0M
: 0S Test Folder Result: 0 Error (s); 0 Warning (s); 0 fix (es); 101 row (s); Time: 0H:
0M
: 0S
NOW IN TEST 3 (Reference Count Verification) of Total 3 Tests; 100% Complete.
If the same warnings, errors, or fixes appear three consecutive times, it can be ignored. These errors may be due to damaged email attachments or similar situations that do not prevent startup information stores.
(d) Use Exmerge Mobile Mail to New Mail Storage
If you still report the same errors and warnings after running Isinteg.exe, the storage service can be started normally. We can export all user mailboxes as a .pst file. Then merge these .pst files into new Priv1.edb files. If you use an offline storage (.OST file), you must first move the .ost file to the .pst file.
Limit: You must run the storage service. Exmerge can only move user mailboxes, cannot move specific Exchange 2000 configuration properties, such as connector settings, Outlook settings, or client rules. You cannot also move a list of messages, a member or public folder in a list of distribution groups. The public folder content can be moved to the user's personal folder to include public folder information in the merged .pst file. If you try this process, you must manually reconfigure or reconfigure the distribution list.
Make sure there is no user being accessing the server mailbox and runs Exmerge.
Use the first step in two steps and enter all users. When the Exmerge process is complete, stop Exchange 2000 Information Storage Services, find and open the ExchsrVR / MDBDATA folder, and rename the Pub1.edb and Priv1.edb files. Delete all other files in this folder. Be sure to delete the renamed Pub1.edb and Priv1.edb files before confirming the successful completion of the merger. Restart the Exchange 2000 Information Storage Service. Start Outlook on the client, then send an e-mail to all users in the Exchange 2000 Global Address Book. (Note: If this step is not completed, the second step in the Exmerge two-step merge will not display any mailbox for restore.)
Use the second step in two steps to run Exmerge and enter all users. After completing this process, the email stored in the .pst file will be moved to the Exchange 2000 mailbox, and we will get a new Priv1.edb file containing all email copies. (Note: If the user logs in to the empty mailbox, the account may not be connected to the newly created mailbox.)
To restore public folder storage, you need to copy the public folder to your personal folder on the client on the client (such as Outlook). Stop the information storage service and rename the existing Pub1.edb and Pub1.stm files. To create a new Pub1.edb, load a public folder database. Click "OK" to create a new Pub1.edb. Move the folder from the client back to the new public folder structure on the server. Next restart information storage.
(Note: All permissions on public storage must be restored. After you can access email and public folders, you should perform backups as soon as possible and verify that the backup is successful. This process will also delete a single instance of mail received by this time point. Store. Result, Exchange 2000 database may grow and require more disk space.)
[3] Use a consistent adjustment program
In Exchange 2000, the Mbconn.exe utility provides the same features. For more information, see "Mailbox Reconnect Help" file (MBCONN.CHM), which is located in the
[4] Use the Exchange 2000 Directory Service Integrity Check Program (E2kdsinteg)
The E2kdsinteg utility is initially included in Exchange 2000 SP2. After installing and running the Exchange 2000 or Exchange 2000 Active Directory Connector (ADC), this utility will report the operating status of Active Directory. The E2kdsinteg utility generates a simple report in the format of the text file, which records exceptions or suspicious objects. E2kdsinteg does not change any object in Active Directory. Depending on the number of objects and configuration objects that support mail in Active Directory, the object that handles the mail may require a considerable amount of time.
In our example, this step is slightly since the Exchange Server information in Active Directory is not damaged.
3, repair IIS and OWA
[1] repair DCOM error
The user's request is always taunt. Fortunately, Exchange Server provides us with a variety of email access methods.
We can use the Exchange client, you can also use Outlook to send and receive messages through RPC connections; you can use mail clients such as Outlook Express to send and receive emails through POP3 / SMTP / IMAP protocol; you can also use any support SSL Web clients such as Internet Explorer send and receive emails through OWA.
In this example, we have applied OWA to serve customers who cannot use Outlook clients or POP3 / SMTP clients. We reinstall OWA, but it doesn't work properly: you can't open any non-static pages at all. After investigation, each time we ask for access to the directory that needs to perform the script, you will leave the following log in the system log:
Event ID: 10004 Source: DCOM DCOM GOT Error "Logon Failure: UNKNOWN User Name OR Bad Password." And Was Unable to Logon ./iwam_myserver in Order to Run The Server: {3D14228D-FBE1-11D0-995D
-00C
04fd
919C
1}
Event ID: 36 Source: W3SVC The server failed to load application '/ LM / W3SVC / 1 / Root / Conferencing' The error was 'The server process could not be started because the configured identity is incorrect Check the username and password.'. . For additional information specificit the microsoft online support site locate at: http://www.microsoft.com/contentredirect.asp. This may have two reasons:
(a) Component Services
COM account information is stored in IIS Metabase, synchronized by Active Directory, but COM does not automatically update. If the Windows 2000 component service and the Internet Information Services (IIS) process are not synchronized, IWAM_
IIS provides synciwam.vbs script to synchronize IWAM_
Run SynciWam.vbs using CScript:
C: / inetpub / adminsscripts> CScript synciwam.vbs -v
You can see that the script is successfully executed.
Run SynciWam.vbs using WScript:
C: / inetpub / adminsscripts> WScript c: /inetpub/adminscripts/synciwam.vbs -v
You can see the script successfully executed under the interface of the graph.
(b) password of the account
IWam_
You can use the AdsUtil script to fix this problem.
C: / INETPUB / Adminscripts> AdsuTil Get W3SVC / WamuserNamewamusername: (String) "iWam_name"
The Name here is usually the server name of the server.
Open the MMC console of the component service, expand the "Component Services" folder, expand the "My Complicity" folder, find the "COM Applications" folder, right-click, select "Iis Out-of-Process Applications, confirm" Advanced "The" Disable Changes "selection box in the page is cleared, which makes sure the IWAM_
If IIS runs in a domain controller, open an "Active Directory user, and computer's MMC management console snap-in. If IIS runs in a member server, right-click My Computer, select" Manage ", expand system tools ", Expand" local users and groups ", select" User "folder.
In the right, find the IWAM account name we just queried by the Adsutil script, change the password of the account. Then use the script to modify the IWAM account password in IIS Metabase: C: / INETPUB / Adminscripts> Adsutil Set W3SVC / WamuserPass PasswordWamuserpass: (String) "Password"
It can be seen that the prompt is successful, then "Services", stop, then start the "IIS Admin" service through the current management console. You can also use the command line:
C: /> Net Stop Iisadmin / Y
C: /> NET START W3SVC
[2] certificate service
When using OWA's change password function, it is very dangerous because the password is used. In order to ensure the security of the account, we must enable SSL (Secure Socket Layer) encryption for this feature. In order to implement SSL, you need to use a certificate to verify the IIS service.
We have installed the certificate service in front, which is to provide a certificate for IIS and domain accounts. If you have a certificate issued by a business company (such as VeriSIGN, etc.), of course, you can also use them directly. Generate a server certificate for the IIS service and export. Install it to the "trusted enterprise root certificate" so that the certificate can be trusted with the user.
Open the "Internet Information Service" management console Snap-in, right-click the default web site (here we assume that only one site above IIS is ready to use OWA, if the situation is different, please modify itself), Select "Directory Security" in Default Site Properties, click Server Certificate in "Secure Communication" below, and use its wizard to install the server certificate we exported.
In order to modify the user's password through OWA, you need to create a virtual folder of "IisadMPWD" in the default site. This directory only allows you to read. "Application Name" there of "Application Settings" fills in IisadMPWD, and the execution license is pure script.
Open Internet Explorer, enter "http: //
4, repair network services
In front we have installed WINS on another server, we can now install WINS on newly installed servers to implement "push / pull" copy. You can also install DNS implementation area copy. DHCP, we can divide the address range of the region into 80% of the remaining area (20% of the anastomosis, of course, can be changed as needed).
This way, WINS / DNS / DHCP can continue to provide services.
Next, the service shared by the printer and file is provided in accordance with the original shared content. Don't forget patch and antivirus programs! The remaining software such as backups, I will no longer talk nonsense.
Third, missions, AccompLished.
I finalized the completion, confirmed that all the services were normal. While getting their gratitude, don't forget to make a complete backup of a system!
Finally, one sentence, all knowledge and information can be found in KB. If possible, usually we can collect information preparations for some disaster recovery. We can make imaginary exercises without affecting business. It is necessary to use it for a while to raise our troops.
