IT-NotesSite for IT Enthusiasts

Time 2020-11-22 17:08:06

Web Name: IT-NotesSite for IT Enthusiasts

WebSite: http://www.itnotes.eu

ID:123992

Keywords:

NotesSite,IT,Enthusiasts,

Description:

Remote Desktop Services has taken too long to load the user configuration from server – Event ID 20499I use mRemote to log onto my servers and noticed I repeatedly recieved the following error when logging on:Please note that I’m actually not experiencing slow log on in any shape or form, I’m just bothered by the warning in my eventviewer.Remote Desktop Services has taken too long to load the user configuration from server  SERVER for user USERNAME Here for your issue providing some workaround, might this helpful.Add a new DWORD (32-bit) Value in registry, name it as “DisableTaskOffload” and set value data to 1 on below mention path.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ParametersSet DWORDResult:Also you can try “Get-NetOffloadGlobalSetting “command, which includes Receive Side Scaling, Receive Segment Coalescing, task offload, and NetworkDirect.Apart from that refer “Troubleshooting Slow Logons” article.Source:http://social.technet.microsoft.com/Forums/windowsserver/en-US/0dd2c0db-4eab-4e66-801d-76aeca59367a/remote-desktop-services-has-taken-too-long-to-load-the-user-configuration-from-server-event-id-20499?forum=winserverTS Note: Please note that this page is still a “draft”. I just published it due to public demand.The Draft part is just a lack of expansive explanations and descriptions, but I hope you find it usefull.In this PostHere we start preparing our Exchange 2013 server environment to work as a Multi Tenancy setup, meaning we can have multiple firms or Groups of persons with their own Address Lists etc.During this series, we will setup our environment to accomodate a new Tenant named Tenant0001 with with the mail-domain domain.new, create an Address Book Policy and enable Address Book Policies routing agent (Is not described in this Part1) on our Exchange 2013 server.The Tenants and users will be filtered by using the CustomAttribute1 and using Address Book Policies.In this post we will keep it simple and just use one CustomAttribute and one Address Book Policy pr tenant. It is possible to use multiple Custom Attributes and use AND when configuring policies. You can also use multioke Policies to generate different views of the entire organization. Say one for Development, one for research and so on, and one for accounting that encompass all of them.How, why and what is an Address Book Policy?At default there is 1 Global Address List (GAL) which contains ALL mailusers (and most mail objects) in your organization.You can make seperate “Groups” of people by using the Address Book Policies.Each policy will as a bare minimum need 1 GAL, 1 Address Book, 1 Rooms list and 1 OAB.We are going to filter these by using Custom attribute(s). You can also filter by OU and other paramenters, and a combinations of these.If you create a new policy and assign it to 10 people. These people can only see the people in the Gal defined by the policy.All other people in the organization can see the above mentioned 10 people due to the default GAL.Best option is not to hide the 10 people, but to create a new policy for the rest instead.Or more likely: several policies.You can make nested address books as normal.Contents on this page:Create AD STructure and UPN SuffixSetting up Exchange server for new TenantAdd a new domain for the new TenantGlobal Address List (GAL) for Tenant0001All Rooms Address ListAll Users Address ListAll Contacts Address ListAll Groups Address ListOffline Address Book1) Creating AD structure and UPN suffix.We need a container to hold all of our data, created at the root of Active DirectoryOn your A/D server, via PowerShell:New-ADOrganizationalUnit -Name CustomersFirst, create an Organization Unit (OU) to hold the tenant data, I am using the word Tenant with a 5 digit sequence number in my examples. Specifically I am going to use Tenant00001!Note: In the example you will need to replace domain.dmz with your mailserver/local domain.On your A/D server, via PowerShell:New-ADOrganizationalUnit -Name Tenant00001 -Path "OU=Customers,DC=domain,DC=dmz"Now we need to User Principal Name (UPN) suffixes for later. In this example our customers domain is domain.newSet-ADForest -Identity domain.dmz -UPNSuffixes @{add="domain.new"}If you are working remote against the Exchange server then you need to create a connection to EMS as the rest of the configuration is now with Exchange directly instead of A/D.2) Setting up Exchange server for new Tenant.Add a new domain for the new tenant.New-AcceptedDomain -Name "Tenant00001" -DomainName domain.new -DomainType:AuthoritativeGlobal Address List (GAL) for Tenant00001New-GlobalAddressList -Name "Tenant00001 – GAL" -ConditionalCustomAttribute1 "Tenant00001" -IncludedRecipients MailboxUsers -RecipientContainer "domain.dmz/Customers/Tenant00001"All Rooms Address ListNew-AddressList -Name "Tenant00001 – All Rooms" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (RecipientDisplayType -eq 'ConferenceRoomMailbox')" -RecipientContainer "domain.dmz/Customers/Tenant00001"All Users Address ListNew-AddressList -Name "Tenant00001 – All Users" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'User')" -RecipientContainer "domain.dmz/Customers/Tenant00001"All Contacts Address ListNew-AddressList -Name "Tenant00001 – All Contacts" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'Contact')" -RecipientContainer "domain.dmz/Customers/Tenant00001"All Groups Address ListNew-AddressList -Name "Tenant00001 – All Groups" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'Group')" -RecipientContainer "domain.dmz/Customers/Tenant00001"Offline Address BookNew-OfflineAddressBook -Name "Tenant00001" -AddressLists "Tenant00001 – GAL"3) Email Address PolicyYou’ll also need to create an Email Address Policy. This example also includes first.last@domain email aliasing, or you can set the primary email address to first.last@domain by using the -EnabledPrimarySMTPAddressTemplate “SMTP:%g.%s@domain.new” attribute and data.Note: strictly speaking, you don’t need to create an email address policy.New-EmailAddressPolicy -Name "Tenant00001 – EAP" -RecipientContainer "domain.dmz/Customers/Tenant00001" -IncludedRecipients "AllRecipients" -ConditionalCustomAttribute1 "Tenant00001" -EnabledEmailAddressTemplates "SMTP:%g.%s@domain.new","smtp:%m@domain.new" -EnabledPrimarySMTPAddressTemplate "SMTP:%g.%s@domain.new"Set-EmailAddressPolicy -Identity "Tenant00002 - EAP" -EnabledPrimarySMTPAddressTemplate "SMTP:%g.%s@domain.new"4) Address Book PolicyThe Address Book Policy is what ties everything together. Here we create a policy cointaining all the different Address Lists and Books we created in Step 2. This Address Book Policy can then be assigned to individual users.New-AddressBookPolicy -Name "Tenant00001" -AddressLists "Tenant00001 – All Users", "Tenant00001 – All Contacts", "Tenant00001 – All Groups" -GlobalAddressList "Tenant00001 – GAL" -OfflineAddressBook "Tenant00001" -RoomList "Tenant00001 – All Rooms"5) Ressource management by creating a Room Mailbox.This step is not needed, but you might need it for your setup.Here we create a new Room Mailbox for ressources. Note how the Adress Book Policy is assigned to the new mailbox using the -AddressBookPolicy parameter.New-Mailbox -Name 'Tenant00001 Conference Room 1' -Alias 'Tenant00001_conf1' -OrganizationalUnit 'domain.new/Customers/Tenant00001' -UserPrincipalName 'confroom1@domain.new' -SamAccountName 'Tenant00001_conf1' -FirstName 'Conference' -LastName 'Room 1' -AddressBookPolicy 'Tenant00001' -RoomIt is vital that we set a Custom Attribute for the mailbox, or it will not be included by the Address Book Policy we just created.Set-Mailbox Tenant00001_conf1 -CustomAttribute1 'Tenant00001'Here we set up how requests for our ressources are processed.Set-CalendarProcessing -Identity Tenant00001_conf1 -AutomateProcessing AutoAccept -DeleteComments $true -AddOrganizerToSubject $true -AllowConflicts $false6) Creating a new user for our Tenant0001In creating the new User with a mailbox, we specify location location in AD and assign the Address Book Policy we created.The password is entered using the popup that shows using the first line $c = Get-CredentialFor the ‘username’ field you can type anything you want as it is the password attribute we want for the mailbox being created.$c = Get-CredentialNew-Mailbox -Name 'Morten Nielsen' -Alias 'tenant00001_morten' -OrganizationalUnit 'domain.dmz/Customers/Tenant00001' -UserPrincipalName 'morten@domain.new' -SamAccountName 'tenant00001_morten' -FirstName 'Morten' -LastName 'Nielsen' -Password $c.password -ResetPasswordOnNextLogon $false -AddressBookPolicy 'Tenant00001'As with a room mailbox we need to also set a custom attribute to the tenant. This step cannot be performened in the same step as when you create the mailbox.Set-Mailbox morten@domain.new -CustomAttribute1 "Tenant00001" Making this post as a reminder for other people. I actually have an existing certificate on my Mailcleaner, but it happens to have just expired, so I need to create a new one. Instead of just creating a certificate internally in Mailcleaner, I am going to use www.startssl.com to generate a valid 3rd party free certificate. Certificates are free, as long as you do not need to create wild-card certificates.Contents:Generating the Private Key, RSA Key and Certificate Request (CSR)Generate the Prviate Key and RSA KeyGenerate the Certificate Request (CSR)1) Generating the Private Key, RSA Key and Certificate Request (CSR)First I log into my mailcleaner using an SSH client like putty or xshell.1.1) Generate the Private Key and RSA KeyWhen standing in root@mailcleaner:~# type the following line, and enter passwords as needed to create the Private Key file.openssl genrsa -des3 -out 2014key-mailcleaner.key 2048We have now generated a Private Key in a file named 2014key-mailcleaner.keyNow we need to create the matching RSA key.Enter the following line and enter the password from above:openssl rsa -in 2014key-mailcleaner.key -out 2014-mailcleaner.keyWe now have created an RSA key file named 2014-mailcleaner.key1.2) Generate the Certificate Request (CSR)Now we generate the Certificate Request (CSR) which we submit to Startssl.com.Specifically we use the RSA Key file 2014-mailcleaner.key to generate the CSR request file 2014-mailcleaner.csropenssl req -new -key 2014-mailcleaner.key -out 2014-mailcleaner.csrHere you will be asked for a number of inputs, where you have to pay special attention to Common Name. For some reason it is listed as YOUR name, but this is wrong!Instead the Common Name = FQDN of your web server, ie: mailedge.mailcleaner.com2) Submit CSR and recieve SSL .crt fileNow we open our CSR request file 2014-mailcleaner.csr using nano like so:nano 2014-mailcleaner.csrCopy/paste the contents of the file to a new file on your local computer for backup purposes.It is important you use Notepad on your computer and get the entire contents of the file from and including —–BEGIN CERTIFICATE REQUEST—– to and including —–END CERTIFICATE REQUEST—–Paste the same CSR contents into the 3rd party certificate request form and follow through the guide.At the end of 3rd party guide you should get the matching SSL certificate, Copy the contents and save it to a local SSL Cert file named 2014-mailcleaner-sslcert.crt3) Enter information into MailcleanerLog into MailCleaner’s web interface (as an admin) and navigate to Configuration– Services– Web Interfaces.  Enable SSL (HTTPS)3.1) In the first box, Encoded SSL CertificatePaste the new certificate that was issued to you by the CA.Use Notepad to open the certificate file named 2014-mailcleaner-sslcert.crt, copy and paste it exactly as it was. Do not put in any trailing or leading spaces.3.2) In the second box, Encoded SSL Private KeyGo back to your MailCleaner SSH connection.Open the RSA Key file 2014-mailcleaner.key we created using:nano 2014-mailcleaner.key4) Restart Mailcleaner services.Now, to finish it up, you need to go to Monitoring - Status, click Advanced and restart the necessary services like Web Access. Also restart the Firewall although it might not be listed as in need of a restart.

TAGS:NotesSite IT Enthusiasts 

<<< Thank you for your visit >>>

This site consists of notes, small guides and other snippets of information found usefull. The information is split into the menus as listed above.

Hot Websites